Search in sources :

Example 46 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class DefaultSubjectProvider method get.

public Subject get(String subjectId, String spAcsUrl, SAML2Config saml2Config, SAML2SubjectConfirmation subjectConfirmation, Date assertionIssueInstant, ProofTokenState proofTokenState) throws TokenCreationException {
    try {
        Subject subject = AssertionFactory.getInstance().createSubject();
        setNameIdentifier(subject, subjectId, saml2Config.getNameIdFormat());
        SubjectConfirmation subConfirmation = AssertionFactory.getInstance().createSubjectConfirmation();
        switch(subjectConfirmation) {
            case BEARER:
                subConfirmation.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_BEARER);
                /*
                    see section 4.1.4.2 of http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf -
                    Recipient attribute of SubjectConfirmation element must be set to the Service Provider
                    ACS url.
                     */
                SubjectConfirmationData bearerConfirmationData = AssertionFactory.getInstance().createSubjectConfirmationData();
                bearerConfirmationData.setRecipient(spAcsUrl);
                /*
                    see section 4.1.4.2 of http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf - NotBefore cannot
                    be set, but NotOnOrAfter must be set.
                     */
                bearerConfirmationData.setNotOnOrAfter(new Date(assertionIssueInstant.getTime() + (saml2Config.getTokenLifetimeInSeconds() * 1000)));
                subConfirmation.setSubjectConfirmationData(bearerConfirmationData);
                break;
            case SENDER_VOUCHES:
                subConfirmation.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_SENDER_VOUCHES);
                break;
            case HOLDER_OF_KEY:
                subConfirmation.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_HOLDER_OF_KEY);
                subConfirmation.setSubjectConfirmationData(getHoKSubjectConfirmationData(proofTokenState.getX509Certificate()));
                break;
            default:
                throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Unexpected SubjectConfirmation value in DefaultSubjectProvider: " + subjectConfirmation);
        }
        List<SubjectConfirmation> subjectConfirmationList = new ArrayList<>();
        subjectConfirmationList.add(subConfirmation);
        subject.setSubjectConfirmation(subjectConfirmationList);
        return subject;
    } catch (SAML2Exception e) {
        throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught setting subject confirmation state in DefaultSubjectProvider: " + e, e);
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SAML2SubjectConfirmation(org.forgerock.openam.sts.token.SAML2SubjectConfirmation) SubjectConfirmation(com.sun.identity.saml2.assertion.SubjectConfirmation) ArrayList(java.util.ArrayList) SubjectConfirmationData(com.sun.identity.saml2.assertion.SubjectConfirmationData) TokenCreationException(org.forgerock.openam.sts.TokenCreationException) Subject(com.sun.identity.saml2.assertion.Subject) Date(java.util.Date)

Example 47 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class DefaultAttributeStatementsProviderTest method setup.

@BeforeTest
public void setup() throws TokenCreationException, SAML2Exception {
    attributeMap = new HashMap<>();
    attributeMap.put(ATTRIBUTE_NAME, "mail");
    mockAttributeMapper = mock(AttributeMapper.class);
    mockToken = mock(SSOToken.class);
    Attribute attribute = AssertionFactory.getInstance().createAttribute();
    attribute.setName(ATTRIBUTE_NAME);
    List<String> attributeValueList = new ArrayList<>();
    attributeValueList.add(ATTRIBUTE_VALUE);
    attribute.setAttributeValue(attributeValueList);
    attributeList = new ArrayList<>();
    attributeList.add(attribute);
    when(mockAttributeMapper.getAttributes(mockToken, attributeMap)).thenReturn(attributeList);
    saml2Config = createSAML2Config();
}
Also used : SSOToken(com.iplanet.sso.SSOToken) Attribute(com.sun.identity.saml2.assertion.Attribute) ArrayList(java.util.ArrayList) BeforeTest(org.testng.annotations.BeforeTest)

Example 48 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class SAML2Utils method getConfigAttributeMap.

/**
     * Returns the attribute map by parsing the configured map in hosted
     * provider configuration
     *
     * @param realm        realm name.
     * @param hostEntityID <code>EntityID</code> of the hosted provider.
     * @return a map of local attributes configuration map.
     * This map will have a key as the SAML attribute name and the value
     * is the local attribute.
     * @throws <code>SAML2Exception</code> if any failured.
     */
public static Map getConfigAttributeMap(String realm, String hostEntityID, String role) throws SAML2Exception {
    if (realm == null) {
        throw new SAML2Exception(bundle.getString("nullRealm"));
    }
    if (hostEntityID == null) {
        throw new SAML2Exception(bundle.getString("nullHostEntityID"));
    }
    if (debug.messageEnabled()) {
        debug.message("SAML2Utils.getConfigAttributeMap: DefaultAttrMapper: relam=" + realm + ", entity id=" + hostEntityID + ", role=" + role);
    }
    try {
        BaseConfigType config = null;
        if (role.equals(SAML2Constants.SP_ROLE)) {
            config = saml2MetaManager.getSPSSOConfig(realm, hostEntityID);
        } else if (role.equals(SAML2Constants.IDP_ROLE)) {
            config = saml2MetaManager.getIDPSSOConfig(realm, hostEntityID);
        }
        if (config == null) {
            if (debug.warningEnabled()) {
                debug.warning("SAML2Utils.getConfigAttributeMap: configuration is not defined.");
            }
            return Collections.EMPTY_MAP;
        }
        Map<String, List<String>> attributeConfig = SAML2MetaUtils.getAttributes(config);
        List<String> mappedAttributes = attributeConfig.get(SAML2Constants.ATTRIBUTE_MAP);
        if (mappedAttributes == null || mappedAttributes.isEmpty()) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils.getConfigAttributeMap:Attribute map is not defined for entity: " + hostEntityID);
            }
            return Collections.EMPTY_MAP;
        }
        return getMappedAttributes(mappedAttributes);
    } catch (SAML2MetaException sme) {
        debug.error("SAML2Utils.getConfigAttributeMap: ", sme);
        throw new SAML2Exception(sme.getMessage());
    }
}
Also used : BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType) ArrayList(java.util.ArrayList) List(java.util.List) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 49 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class SAML2Utils method getAllAttributeValueFromSSOConfig.

/**
     * Returns all values of specified attribute from SSOConfig.
     *
     * @param realm        realm of hosted entity.
     * @param hostEntityId name of hosted entity.
     * @param entityRole   role of hosted entity.
     * @param attrName     attribute name for the value.
     * @return value of specified attribute from SSOConfig.
     */
public static List<String> getAllAttributeValueFromSSOConfig(String realm, String hostEntityId, String entityRole, String attrName) {
    if (debug.messageEnabled()) {
        String method = "getAllAttributeValueFromSSOConfig : ";
        debug.message(method + "realm - " + realm);
        debug.message(method + "hostEntityId - " + hostEntityId);
        debug.message(method + "entityRole - " + entityRole);
        debug.message(method + "attrName - " + attrName);
    }
    try {
        BaseConfigType config = null;
        if (entityRole.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
            config = saml2MetaManager.getSPSSOConfig(realm, hostEntityId);
        } else if (entityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
            config = saml2MetaManager.getIDPSSOConfig(realm, hostEntityId);
        } else if (entityRole.equalsIgnoreCase(SAML2Constants.ATTR_AUTH_ROLE)) {
            config = saml2MetaManager.getAttributeAuthorityConfig(realm, hostEntityId);
        } else if (entityRole.equalsIgnoreCase(SAML2Constants.AUTHN_AUTH_ROLE)) {
            config = saml2MetaManager.getAuthnAuthorityConfig(realm, hostEntityId);
        } else if (entityRole.equalsIgnoreCase(SAML2Constants.ATTR_QUERY_ROLE)) {
            config = saml2MetaManager.getAttributeQueryConfig(realm, hostEntityId);
        }
        if (config == null) {
            return null;
        }
        Map attrs = SAML2MetaUtils.getAttributes(config);
        if (attrs == null) {
            return null;
        }
        return (List) attrs.get(attrName);
    } catch (SAML2MetaException e) {
        debug.message("get SSOConfig failed:", e);
    }
    return null;
}
Also used : BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType) ArrayList(java.util.ArrayList) List(java.util.List) Map(java.util.Map) HashMap(java.util.HashMap) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 50 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class AttributeImpl method toXMLString.

/**
     * Returns a String representation of the element.
     *
     * @param includeNS Determines whether or not the namespace qualifier is
     *                prepended to the Element when converted
     * @param declareNS Determines whether or not the namespace is declared
     *                within the Element.
     * @return A string containing the valid XML for this element
     * @throws SAML2Exception if the object does not conform to the schema.
     */
public String toXMLString(boolean includeNS, boolean declareNS) throws SAML2Exception {
    if (name == null || name.trim().length() == 0) {
        if (SAML2SDKUtils.debug.messageEnabled()) {
            SAML2SDKUtils.debug.message("AttributeImpl.toXMLString:" + " missing Attribute Name.");
        }
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missingAttribute"));
    }
    StringBuffer result = new StringBuffer(1000);
    String prefix = "";
    String uri = "";
    if (includeNS) {
        prefix = SAML2Constants.ASSERTION_PREFIX;
    }
    if (declareNS) {
        uri = SAML2Constants.ASSERTION_DECLARE_STR;
    }
    result.append("<").append(prefix).append("Attribute").append(uri).append(" Name=\"").append(name).append("\"");
    if (nameFormat != null && nameFormat.trim().length() != 0) {
        result.append(" NameFormat=\"").append(nameFormat).append("\"");
    }
    if (friendlyName != null && friendlyName.trim().length() != 0) {
        result.append(" FriendlyName=\"").append(friendlyName).append("\"");
    }
    if (anyMap != null) {
        Iterator keyIter = anyMap.keySet().iterator();
        while (keyIter.hasNext()) {
            String key = (String) keyIter.next();
            String value = (String) anyMap.get(key);
            if (value == null) {
                value = "";
            }
            result.append(" ").append(key).append("=\"").append(value).append("\"");
        }
    }
    result.append(">");
    if (attrValues != null) {
        Iterator iter = attrValues.iterator();
        while (iter.hasNext()) {
            result.append((String) iter.next());
        }
    }
    result.append("</").append(prefix).append("Attribute>");
    return result.toString();
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Iterator(java.util.Iterator)

Aggregations

ArrayList (java.util.ArrayList)57 List (java.util.List)46 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)40 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)37 Iterator (java.util.Iterator)24 Attribute (com.sun.identity.saml2.assertion.Attribute)22 SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)22 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)21 HashMap (java.util.HashMap)21 Map (java.util.Map)18 JAXBException (javax.xml.bind.JAXBException)13 EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)12 EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)12 Set (java.util.Set)11 BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)9 HashSet (java.util.HashSet)9 Issuer (com.sun.identity.saml2.assertion.Issuer)8 Date (java.util.Date)8 Node (org.w3c.dom.Node)8 DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)7