Search in sources :

Example 51 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method getPEPConfig.

/**
     * Returns a <code>Map</code> containing the extended metadata for the PEP.
     *
     * @param realm where entity exists.
     * @param entityName name of entity descriptor.
     * @param location if the entity is remote or hosted.
     * @return key-value pair Map of PEP config data.
     * @throws AMConsoleException if unable to retrieve the PEP
     *         extended metadata attribute
     */
public Map getPEPConfig(String realm, String entityName, String location) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "XACML PEP" };
    logEvent("ATTEMPT_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
    String role = EntityModel.POLICY_ENFORCEMENT_POINT_DESCRIPTOR;
    Map data = null;
    List configList = null;
    String metaAlias = null;
    try {
        SAML2MetaManager saml2Manager = getSAML2MetaManager();
        XACMLAuthzDecisionQueryConfigElement xacmlAuthzConfigElement = saml2Manager.getPolicyEnforcementPointConfig(realm, entityName);
        if (xacmlAuthzConfigElement != null) {
            data = new HashMap();
            configList = xacmlAuthzConfigElement.getAttribute();
            metaAlias = xacmlAuthzConfigElement.getMetaAlias();
            int size = configList.size();
            for (int i = 0; i < size; i++) {
                AttributeType atype = (AttributeType) configList.get(i);
                String name = atype.getName();
                java.util.List value = atype.getValue();
                data.put(atype.getName(), returnEmptySetIfValueIsNull(atype.getValue()));
            }
            data.put("metaAlias", metaAlias);
        } else {
            createExtendedObject(realm, entityName, location, role);
        }
        logEvent("SUCCEED_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
    } catch (JAXBException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "XACML PEP", strError };
        logEvent("FEDERATION_EXCEPTION_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", paramsEx);
        throw new AMConsoleException(strError);
    } catch (SAML2MetaException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "XACML PEP", strError };
        logEvent("FEDERATION_EXCEPTION_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", paramsEx);
        throw new AMConsoleException(strError);
    }
    return (data != null) ? data : Collections.EMPTY_MAP;
}
Also used : HashMap(java.util.HashMap) JAXBException(javax.xml.bind.JAXBException) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) List(java.util.List) AttributeType(com.sun.identity.saml2.jaxb.entityconfig.AttributeType) List(java.util.List) ArrayList(java.util.ArrayList) XACMLAuthzDecisionQueryConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) Map(java.util.Map) HashMap(java.util.HashMap) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 52 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method updatePDPDescriptor.

/**
     * Save standard metadata for PDP descriptor.
     *
     * @param realm realm of Entity.
     * @param entityName entity name of Entity Descriptor.
     * @param attrValues key-value pair Map of PDP standed data.
     * @throws AMConsoleException if fails to modify/save the PDP
     *         standard metadata attribute
     */
public void updatePDPDescriptor(String realm, String entityName, Map attrValues) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "XACML PDP" };
    logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
    try {
        SAML2MetaManager saml2Manager = getSAML2MetaManager();
        EntityDescriptorElement entityDescriptor = saml2Manager.getEntityDescriptor(realm, entityName);
        XACMLPDPDescriptorElement pdpDescriptor = saml2Manager.getPolicyDecisionPointDescriptor(realm, entityName);
        if (pdpDescriptor != null) {
            List authzServiceList = pdpDescriptor.getXACMLAuthzService();
            if (authzServiceList.size() != 0) {
                XACMLAuthzServiceElement authzService = (XACMLAuthzServiceElement) authzServiceList.get(0);
                authzService.setLocation((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_XACML_AUTHZ_SERVICE_LOCATION)));
            }
        }
        saml2Manager.setEntityDescriptor(realm, entityDescriptor);
        logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
    } catch (SAML2MetaException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "XACML PDP", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
        throw new AMConsoleException(strError);
    }
}
Also used : XACMLAuthzServiceElement(com.sun.identity.saml2.jaxb.metadata.XACMLAuthzServiceElement) XACMLPDPDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement) List(java.util.List) ArrayList(java.util.ArrayList) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 53 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method setStdAttributeAuthorityValues.

/**
     * Saves the standard attribute values for Attribute Authority.
     *
     * @param realm to which the entity belongs.
     * @param entityName is the entity id.
     * @param attrAuthValues Map which contains standard attribute auth values.
     * @throws AMConsoleException if saving of attribute value fails.
     */
public void setStdAttributeAuthorityValues(String realm, String entityName, Map attrAuthValues) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "AttribAuthority-Std" };
    com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact = new com.sun.identity.saml2.jaxb.metadata.ObjectFactory();
    logEvent("ATTEMPT_MODIFY_ATTR_AUTH_ATTR_VALUES", params);
    AttributeAuthorityDescriptorElement attrauthDescriptor = null;
    try {
        SAML2MetaManager samlManager = getSAML2MetaManager();
        EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
        attrauthDescriptor = samlManager.getAttributeAuthorityDescriptor(realm, entityName);
        if (attrauthDescriptor != null) {
            //save attribute Service
            String defLocation = getResult(attrAuthValues, ATTR_SEFVICE_DEFAULT_LOCATION);
            boolean is509 = setToBoolean(attrAuthValues, SUPPORTS_X509);
            String x509Location = getResult(attrAuthValues, ATTR_SEFVICE_LOCATION);
            AttributeServiceElement key1 = objFact.createAttributeServiceElement();
            AttributeServiceElement key2 = objFact.createAttributeServiceElement();
            key1.setBinding(soapBinding);
            key1.setLocation("");
            key2.setBinding(soapBinding);
            key2.setSupportsX509Query(false);
            key2.setLocation("");
            if (defLocation != null && defLocation.length() > 0) {
                key1.setLocation(defLocation);
            }
            if (x509Location != null && x509Location.length() > 0) {
                key2.setLocation(x509Location);
                key2.setSupportsX509Query(is509);
            }
            attrauthDescriptor.getAttributeService().clear();
            attrauthDescriptor.getAttributeService().add(key1);
            attrauthDescriptor.getAttributeService().add(key2);
            //save assertion ID request
            String soapLocation = getResult(attrAuthValues, ASSERTION_ID_SAOP_LOC);
            String uriLocation = getResult(attrAuthValues, ASSERTION_ID_URI_LOC);
            AssertionIDRequestServiceElement elem1 = objFact.createAssertionIDRequestServiceElement();
            AssertionIDRequestServiceElement elem2 = objFact.createAssertionIDRequestServiceElement();
            elem1.setBinding(soapBinding);
            elem2.setBinding(uriBinding);
            if (soapLocation != null) {
                elem1.setLocation(soapLocation);
            }
            if (uriLocation != null) {
                elem2.setLocation(uriLocation);
            }
            attrauthDescriptor.getAssertionIDRequestService().clear();
            attrauthDescriptor.getAssertionIDRequestService().add(elem1);
            attrauthDescriptor.getAssertionIDRequestService().add(elem2);
            //save attribute profile
            String attrProfile = getResult(attrAuthValues, ATTRIBUTE_PROFILE);
            List attrProfileList = attrauthDescriptor.getAttributeProfile();
            if (!attrProfileList.isEmpty()) {
                attrauthDescriptor.getAttributeProfile().clear();
            }
            attrauthDescriptor.getAttributeProfile().add(attrProfile);
            samlManager.setEntityDescriptor(realm, entityDescriptor);
        }
        logEvent("SUCCEED_MODIFY_ATTR_AUTH_ATTR_VALUES", params);
    } catch (SAML2MetaException e) {
        debug.warning("SAMLv2ModelImpl.setStdAttributeAuthorityValues:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "AttribAuthority-Std", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ATTR_AUTH_ATTR_VALUES", paramsEx);
        throw new AMConsoleException(strError);
    } catch (JAXBException e) {
        debug.warning("SAMLv2ModelImpl.setStdAttributeAuthorityValues:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "AttribAuthority-Std", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ATTR_AUTH_ATTR_VALUES", paramsEx);
    }
}
Also used : AttributeServiceElement(com.sun.identity.saml2.jaxb.metadata.AttributeServiceElement) AssertionIDRequestServiceElement(com.sun.identity.saml2.jaxb.metadata.AssertionIDRequestServiceElement) JAXBException(javax.xml.bind.JAXBException) AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement) ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory) List(java.util.List) ArrayList(java.util.ArrayList) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 54 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method updatePDPConfig.

/**
     * Save extended metadata for PDP Config.
     *
     * @param realm realm of Entity.
     * @param entityName entity name of Entity Descriptor.
     * @param location entity is remote or hosted.
     * @param attrValues key-value pair Map of PDP extended config.
     * @throws AMConsoleException if fails to modify/save the PDP
     *         extended metadata attribute
     */
public void updatePDPConfig(String realm, String entityName, String location, Map attrValues) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "XACML PDP" };
    logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
    String role = EntityModel.POLICY_DECISION_POINT_DESCRIPTOR;
    try {
        SAML2MetaManager saml2Manager = getSAML2MetaManager();
        //entityConfig is the extended entity configuration object
        EntityConfigElement entityConfig = saml2Manager.getEntityConfig(realm, entityName);
        if (entityConfig == null) {
            throw new AMConsoleException("invalid.xacml.configuration");
        }
        XACMLPDPConfigElement pdpEntityConfig = saml2Manager.getPolicyDecisionPointConfig(realm, entityName);
        if (pdpEntityConfig == null) {
            throw new AMConsoleException("invalid.xacml.configuration");
        } else {
            updateBaseConfig(pdpEntityConfig, attrValues, role);
        }
        //saves the attributes by passing the new entityConfig object
        saml2Manager.setEntityConfig(realm, entityConfig);
        logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
    } catch (SAML2MetaException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "XACML PDP", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
        throw new AMConsoleException(strError);
    } catch (JAXBException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "XACML PDP", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
        throw new AMConsoleException(strError);
    }
}
Also used : JAXBException(javax.xml.bind.JAXBException) XACMLPDPConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)

Example 55 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method getPDPDescriptor.

/**
     * Returns a Map of PDP descriptor data.(Standard Metadata)
     *
     * @param realm realm of Entity
     * @param entityName entity name of Entity Descriptor.
     * @return key-value pair Map of PDP descriptor data.
     * @throws AMConsoleException if unable to retrieve the PDP
     *         standard metadata attribute
     */
public Map getPDPDescriptor(String realm, String entityName) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "XACML PDP" };
    logEvent("ATTEMPT_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
    Map data = null;
    try {
        SAML2MetaManager saml2Manager = getSAML2MetaManager();
        XACMLPDPDescriptorElement xacmlPDPDescriptor = saml2Manager.getPolicyDecisionPointDescriptor(realm, entityName);
        if (xacmlPDPDescriptor != null) {
            data = new HashMap(10);
            //ProtocolSupportEnum
            data.put(ATTR_TXT_PROTOCOL_SUPPORT_ENUM, returnEmptySetIfValueIsNull(xacmlPDPDescriptor.getProtocolSupportEnumeration()));
            List authzServiceList = xacmlPDPDescriptor.getXACMLAuthzService();
            if (authzServiceList.size() != 0) {
                XACMLAuthzServiceElement authzService = (XACMLAuthzServiceElement) authzServiceList.get(0);
                data.put(ATTR_XACML_AUTHZ_SERVICE_BINDING, returnEmptySetIfValueIsNull(authzService.getBinding()));
                data.put(ATTR_XACML_AUTHZ_SERVICE_LOCATION, returnEmptySetIfValueIsNull(authzService.getLocation()));
            }
        }
        logEvent("SUCCEED_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
    } catch (SAML2MetaException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "XACML PDP", strError };
        logEvent("FEDERATION_EXCEPTION_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", paramsEx);
        throw new AMConsoleException(strError);
    }
    return (data != null) ? data : Collections.EMPTY_MAP;
}
Also used : XACMLAuthzServiceElement(com.sun.identity.saml2.jaxb.metadata.XACMLAuthzServiceElement) HashMap(java.util.HashMap) XACMLPDPDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement) List(java.util.List) ArrayList(java.util.ArrayList) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) Map(java.util.Map) HashMap(java.util.HashMap) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Aggregations

ArrayList (java.util.ArrayList)57 List (java.util.List)46 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)40 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)37 Iterator (java.util.Iterator)24 Attribute (com.sun.identity.saml2.assertion.Attribute)22 SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)22 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)21 HashMap (java.util.HashMap)21 Map (java.util.Map)18 JAXBException (javax.xml.bind.JAXBException)13 EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)12 EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)12 Set (java.util.Set)11 BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)9 HashSet (java.util.HashSet)9 Issuer (com.sun.identity.saml2.assertion.Issuer)8 Date (java.util.Date)8 Node (org.w3c.dom.Node)8 DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)7