Example 56 with Attribute
use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.
the class FMSubjectMapperTest method testMapToNativeSubject.
@Test(groups = { "xacml" })
public void testMapToNativeSubject() throws XACMLException, URISyntaxException {
FMSubjectMapper subjectMapper = new FMSubjectMapper();
Subject subject1 = ContextFactory.getInstance().createSubject();
//supported category for id
//urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
subject1.setSubjectCategory(new URI("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"));
Attribute attribute = ContextFactory.getInstance().createAttribute();
attribute.setIssuer("sampleIssuer1");
//key attribute id
//urn:oasis:names:tc:xacml:1.0:subject:subject-id
attribute.setAttributeId(new URI("urn:oasis:names:tc:xacml:1.0:subject:subject-id"));
//supported data type for id
//urn:oasis:names:tc:xacml:1.0:data-type:x500Name
//urn:sun:names:xacml:2.0:data-type:opensso-session-id
//urn:sun:names:xacml:2.0:data-type:openfm-sp-nameid
attribute.setDataType(new URI("urn:sun:names:xacml:2.0:data-type:opensso-session-id"));
List<String> valueList = new ArrayList<String>();
AuthContext lc = null;
String[] callbacks = { "amadmin", "admin123" };
SSOToken ssot = null;
try {
lc = new AuthContext("/");
AuthContext.IndexType indexType = AuthContext.IndexType.MODULE_INSTANCE;
String indexName = "DataStore";
log(Level.INFO, "testMapToNativeSubject():\n", " LDAPLogin: Obtained login context");
lc.login(indexType, indexName, callbacks);
if (lc.getStatus() == AuthContext.Status.SUCCESS) {
log(Level.INFO, "testMapToNativeSubject():\n", " Login success!!");
}
ssot = lc.getSSOToken();
} catch (Exception le) {
le.printStackTrace();
log(Level.INFO, "testMapToNativeSubject():\n", " Login failed!!");
}
String sid = ssot.getTokenID().toString();
log(Level.INFO, "testMapToNativeSubject():\n", " sid = " + sid);
valueList.add(sid);
attribute.setAttributeStringValues(valueList);
List<Attribute> attributeList = new ArrayList<Attribute>();
attributeList.add(attribute);
subject1.setAttributes(attributeList);
Subject[] subjects = { subject1 };
List<Subject> subjectsList = new ArrayList<Subject>();
subjectsList.add(subject1);
SSOToken retSSOToken = (SSOToken) subjectMapper.mapToNativeSubject(subjectsList);
String retSid = retSSOToken.getTokenID().toString();
log(Level.INFO, "testMapToNativeSubject():\n", " return sid = " + retSid);
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
Attribute(com.sun.identity.xacml.context.Attribute)
ArrayList(java.util.ArrayList)
AuthContext(com.sun.identity.authentication.AuthContext)
URI(java.net.URI)
Subject(com.sun.identity.xacml.context.Subject)
URISyntaxException(java.net.URISyntaxException)
XACMLException(com.sun.identity.xacml.common.XACMLException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Test(org.testng.annotations.Test)
Example 57 with Attribute
use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.
the class ActionImpl method parseElement.
// used by constructors
private void parseElement(Element element) throws SAML2Exception {
// make sure that the input xml block is not null
if (element == null) {
SAML2SDKUtils.debug.message("ActionImpl.parseElement:" + " Input is null.");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
}
// Make sure this is an Action.
String tag = null;
tag = element.getLocalName();
if ((tag == null) || (!tag.equals("Action"))) {
SAML2SDKUtils.debug.message("ActionImpl.parseElement: not Action.");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("wrongInput"));
}
// handle the attribute of <Action> element
NamedNodeMap atts = ((Node) element).getAttributes();
if (atts != null) {
Node att = atts.getNamedItem("Namespace");
if (att != null) {
namespace = ((Attr) att).getValue().trim();
}
}
if (namespace == null || namespace.length() == 0) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ActionImpl.parseElement: " + "Namespace is empty or missing.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missingAttribute"));
}
//handle the children elements of <Action>
NodeList nodes = element.getChildNodes();
int nodeCount = nodes.getLength();
if (nodeCount > 0) {
for (int i = 0; i < nodeCount; i++) {
Node currentNode = nodes.item(i);
if (currentNode.getNodeType() == Node.ELEMENT_NODE) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ActionImpl.parseElement: " + "Illegal value of the element.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("wrongInput"));
}
}
}
action = XMLUtils.getElementValue(element);
// check if the action is null.
if (action == null || action.trim().length() == 0) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ActionImpl.parseElement: " + "Action value is null or empty.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missingElementValue"));
}
mutable = false;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
NamedNodeMap(org.w3c.dom.NamedNodeMap)
Node(org.w3c.dom.Node)
NodeList(org.w3c.dom.NodeList)
Attr(org.w3c.dom.Attr)
Example 58 with Attribute
use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.
the class SAML2MetaUtils method getAttributes.
/**
* Gets attribute value pairs from <code>BaseConfigType</code> and
* put in a <code>Map</code>. The key is attribute name and the value is
* a <code>List</code> of attribute values;
* @param config the <code>BaseConfigType</code> object
* @return a attrbute value <code>Map</code>
*/
public static Map<String, List<String>> getAttributes(BaseConfigType config) {
Map<String, List<String>> attrMap = new HashMap<>();
List<AttributeType> list = config.getAttribute();
for (AttributeType avp : list) {
attrMap.put(avp.getName(), avp.getValue());
}
return attrMap;
}
Also used :
HashMap(java.util.HashMap)
AttributeType(com.sun.identity.saml2.jaxb.entityconfig.AttributeType)
NodeList(org.w3c.dom.NodeList)
List(java.util.List)
Example 59 with Attribute
use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.
the class DefaultAccountMapper method getAttribute.
/**
* Returns the attribute value configured in the given entity
* SP or IDP configuration.
* @param realm realm name.
* @param entityID hosted <code>EntityID</code>.
* @param attributeName name of the attribute.
*/
protected String getAttribute(String realm, String entityID, String attributeName) {
if (realm == null || entityID == null || attributeName == null) {
if (debug.messageEnabled()) {
debug.message("DefaultAccountMapper.getAttribute: " + "null input parameters.");
}
return null;
}
try {
BaseConfigType config = getSSOConfig(realm, entityID);
Map attributes = SAML2MetaUtils.getAttributes(config);
if (attributes == null || attributes.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("DefaultAccountMapper.getAttribute:" + " attribute configuration is not defined for " + "Entity " + entityID + " realm =" + realm + " role=" + role);
}
return null;
}
List list = (List) attributes.get(attributeName);
if (list != null && list.size() > 0) {
return (String) list.iterator().next();
}
if (debug.messageEnabled()) {
debug.message("DefaultSPAccountMapper.getAttribute: " + attributeName + " is not configured.");
}
return null;
} catch (SAML2MetaException sme) {
if (debug.warningEnabled()) {
debug.warning("DefaultSPAccountMapper.getAttribute:" + "Meta Exception", sme);
}
}
return null;
}
Also used :
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
List(java.util.List)
Map(java.util.Map)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 60 with Attribute
use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.
the class SAML2MetaSecurityUtils method verifySignature.
/**
* Verifies signatures in entity descriptor represented by the
* <code>Document</code>.
* @param doc The document.
* @throws SAML2MetaException if unable to verify the entity descriptor.
*/
public static void verifySignature(Document doc) throws SAML2MetaException {
NodeList sigElements = null;
try {
Element nscontext = org.apache.xml.security.utils.XMLUtils.createDSctx(doc, "ds", Constants.SignatureSpecNS);
sigElements = XPathAPI.selectNodeList(doc, "//ds:Signature", nscontext);
} catch (Exception ex) {
if (debug.messageEnabled()) {
debug.message("SAML2MetaSecurityUtils.verifySignature:", ex);
throw new SAML2MetaException(ex.getMessage());
}
}
int numSigs = sigElements.getLength();
if (debug.messageEnabled()) {
debug.message("SAML2MetaSecurityUtils.verifySignature:" + " # of signatures = " + numSigs);
}
if (numSigs == 0) {
return;
}
// If there are signatures then explicitly identify the ID Attribute, See comments section of
// http://bugs.java.com/bugdatabase/view_bug.do?bug_id=8017265
doc.getDocumentElement().setIdAttribute(SAML2Constants.ID, true);
initializeKeyStore();
for (int i = 0; i < numSigs; i++) {
Element sigElement = (Element) sigElements.item(i);
String sigParentName = sigElement.getParentNode().getLocalName();
Object[] objs = { sigParentName };
if (debug.messageEnabled()) {
debug.message("SAML2MetaSecurityUtils.verifySignature: " + "verifying signature under " + sigParentName);
}
try {
XMLSignature signature = new XMLSignature(sigElement, "");
signature.addResourceResolver(new com.sun.identity.saml.xmlsig.OfflineResolver());
KeyInfo ki = signature.getKeyInfo();
X509Certificate x509cert = null;
if (ki != null && ki.containsX509Data()) {
if (keyStore != null) {
StorageResolver sr = new StorageResolver(new KeyStoreResolver(keyStore));
ki.addStorageResolver(sr);
}
x509cert = ki.getX509Certificate();
}
if (x509cert == null) {
if (debug.messageEnabled()) {
debug.message("SAML2MetaSecurityUtils.verifySignature:" + " try to find cert in KeyDescriptor");
}
String xpath = "following-sibling::*[local-name()=\"" + TAG_KEY_DESCRIPTOR + "\" and namespace-uri()=\"" + NS_META + "\"]";
Node node = XPathAPI.selectSingleNode(sigElement, xpath);
if (node != null) {
Element kd = (Element) node;
String use = kd.getAttributeNS(null, ATTR_USE);
if ((use.length() == 0) || use.equals("signing")) {
NodeList nl = kd.getChildNodes();
for (int j = 0; j < nl.getLength(); j++) {
Node child = nl.item(j);
if (child.getNodeType() == Node.ELEMENT_NODE) {
String localName = child.getLocalName();
String ns = child.getNamespaceURI();
if (TAG_KEY_INFO.equals(localName) && NS_XMLSIG.equals(ns)) {
ki = new KeyInfo((Element) child, "");
if (ki.containsX509Data()) {
if (keyStore != null) {
KeyStoreResolver ksr = new KeyStoreResolver(keyStore);
StorageResolver sr = new StorageResolver(ksr);
ki.addStorageResolver(sr);
}
x509cert = ki.getX509Certificate();
}
}
break;
}
}
}
}
}
if (x509cert == null) {
throw new SAML2MetaException("verify_no_cert", objs);
}
if (checkCert && ((keyProvider == null) || (keyProvider.getCertificateAlias(x509cert) == null))) {
throw new SAML2MetaException("untrusted_cert", objs);
}
PublicKey pk = x509cert.getPublicKey();
if (!signature.checkSignatureValue(pk)) {
throw new SAML2MetaException("verify_fail", objs);
}
} catch (SAML2MetaException sme) {
throw sme;
} catch (Exception ex) {
debug.error("SAML2MetaSecurityUtils.verifySignature: ", ex);
throw new SAML2MetaException(Locale.getString(SAML2MetaUtils.resourceBundle, "verify_fail", objs) + "\n" + ex.getMessage());
}
}
}
Also used :
StorageResolver(org.apache.xml.security.keys.storage.StorageResolver)
PublicKey(java.security.PublicKey)
NodeList(org.w3c.dom.NodeList)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
Element(org.w3c.dom.Element)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
KeyDescriptorElement(com.sun.identity.saml2.jaxb.metadata.KeyDescriptorElement)
Node(org.w3c.dom.Node)
XMLSignatureException(com.sun.identity.saml.xmlsig.XMLSignatureException)
JAXBException(javax.xml.bind.JAXBException)
X509Certificate(java.security.cert.X509Certificate)
KeyStoreResolver(org.apache.xml.security.keys.storage.implementations.KeyStoreResolver)
KeyInfo(org.apache.xml.security.keys.KeyInfo)
XMLSignature(org.apache.xml.security.signature.XMLSignature)
Aggregations
ArrayList (java.util.ArrayList)57
List (java.util.List)46
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)40
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)37
Iterator (java.util.Iterator)24
Attribute (com.sun.identity.saml2.assertion.Attribute)22
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)22
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)21
HashMap (java.util.HashMap)21
Map (java.util.Map)18
JAXBException (javax.xml.bind.JAXBException)13
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)12
EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)12
Set (java.util.Set)11
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)9
HashSet (java.util.HashSet)9
Issuer (com.sun.identity.saml2.assertion.Issuer)8
Date (java.util.Date)8
Node (org.w3c.dom.Node)8
DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)7
