Search in sources :

Example 66 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class Saml2GrantTypeHandler method validAssertion.

private boolean validAssertion(Assertion assertion, String deploymentURL) throws SAML2Exception {
    //must contain issuer
    final Issuer issuer = assertion.getIssuer();
    if (issuer == null) {
        logger.error("Issuer does not exist");
        return false;
    }
    /**
         * The Assertion MUST contain <Conditions> element with an
         * <AudienceRestriction> element with an <Audience> element
         * containing a URI reference that identifies the authorization
         * server, or the service provider SAML entity of its controlling
         * domain, as an intended audience.  The token endpoint URL of the
         * authorization server MAY be used as an acceptable value for an
         *       <Audience> element.  The authorization server MUST verify that it
         * is an intended audience for the Assertion.
         *
         */
    final Conditions conditions = assertion.getConditions();
    if (conditions == null) {
        logger.error("Saml2BearerServerResource.validAssertion(): Conditions does not exist");
        return false;
    }
    final List<AudienceRestriction> audienceRestriction = conditions.getAudienceRestrictions();
    if (audienceRestriction == null || audienceRestriction.isEmpty()) {
        logger.error("Saml2BearerServerResource.validAssertion(): Audience Restriction does not exist");
        return false;
    }
    boolean found = false;
    logger.trace("Saml2BearerServerResource.validAssertion(): URL of authorization server: " + deploymentURL);
    for (final AudienceRestriction restriction : audienceRestriction) {
        final List<String> audiences = restriction.getAudience();
        if (audiences == null || audiences.isEmpty()) {
            continue;
        }
        for (final String audience : audiences) {
            String deployURL = deploymentURL;
            String aud = audience;
            //check for the url with and without trailing /
            if (deployURL.endsWith("/")) {
                deployURL = deploymentURL.substring(0, deployURL.length() - 1);
            }
            if (aud.endsWith("/")) {
                aud = aud.substring(0, aud.length() - 1);
            }
            if (aud.equalsIgnoreCase(deployURL)) {
                found = true;
            }
        }
    }
    if (found == false) {
        logger.error("Didn't find the oauth2 provider in audience restrictions");
        return false;
    }
    /**
         * The Assertion MUST contain a <Subject> element.  The subject MAY
         * identify the resource owner for whom the access token is being
         * requested.  For client authentication, the Subject MUST be the
         * "client_id" of the OAuth client.  When using an Assertion as an
         * authorization grant, the Subject SHOULD identify an authorized
         * accessor for whom the access token is being requested (typically
         * the resource owner, or an authorized delegate).  Additional
         * information identifying the subject/principal of the transaction
         * MAY be included in an <AttributeStatement>.
         */
    final Subject subject = assertion.getSubject();
    if (subject == null) {
        logger.error("Subject does not exist");
        return false;
    }
    final String resourceOwner = subject.getNameID().getValue();
    /**
         * The Assertion MUST have an expiry that limits the time window
         * during which it can be used.  The expiry can be expressed either
         * as the NotOnOrAfter attribute of the <Conditions> element or as
         * the NotOnOrAfter attribute of a suitable <SubjectConfirmationData>
         * element.
         */
    /**
         * The <Subject> element MUST contain at least one
         * <SubjectConfirmation> element that allows the authorization server
         * to confirm it as a Bearer Assertion.  Such a <SubjectConfirmation>
         * element MUST have a Method attribute with a value of
         * "urn:oasis:names:tc:SAML:2.0:cm:bearer".  The
         * <SubjectConfirmation> element MUST contain a
         * <SubjectConfirmationData> element, unless the Assertion has a
         * suitable NotOnOrAfter attribute on the <Conditions> element, in
         * which case the <SubjectConfirmationData> element MAY be omitted.
         * When present, the <SubjectConfirmationData> element MUST have a
         * Recipient attribute with a value indicating the token endpoint URL
         * of the authorization server (or an acceptable alias).  The
         * authorization server MUST verify that the value of the Recipient
         * attribute matches the token endpoint URL (or an acceptable alias)
         * to which the Assertion was delivered.  The
         * <SubjectConfirmationData> element MUST have a NotOnOrAfter
         * attribute that limits the window during which the Assertion can be
         * confirmed.  The <SubjectConfirmationData> element MAY also contain
         * an Address attribute limiting the client address from which the
         * Assertion can be delivered.  Verification of the Address is at the
         * discretion of the authorization server.
         */
    final List<SubjectConfirmation> subjectConfirmations = subject.getSubjectConfirmation();
    found = false;
    if (subjectConfirmations == null || subjectConfirmations.isEmpty()) {
        logger.error("Subject Confirmations does not exist");
        return false;
    }
    //if conditions is expired assertion is expired
    if (!assertion.isTimeValid()) {
        logger.error("Assertion expired");
        return false;
    } else {
        found = true;
    }
    for (final SubjectConfirmation subjectConfirmation : subjectConfirmations) {
        if (subjectConfirmation.getMethod() == null) {
            continue;
        }
        if (subjectConfirmation.getMethod().equalsIgnoreCase(OAuth2Constants.SAML20.SUBJECT_CONFIRMATION_METHOD)) {
            final SubjectConfirmationData subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData();
            if (subjectConfirmationData == null) {
                continue;
            } else if (subjectConfirmationData.getNotOnOrAfter().before(new Date()) && subjectConfirmationData.getRecipient().equalsIgnoreCase(deploymentURL)) {
                found = true;
            }
        //TODO check Client Address
        }
    }
    if (!found) {
        logger.error("Assertion expired or subject expired");
        return false;
    }
    if (!assertion.isSigned()) {
        logger.error("Assertion must be signed");
        return false;
    }
    if (!SAMLUtils.checkSignatureValid(assertion.toXMLString(), "ID", issuer.getValue())) {
        logger.error("Assertion signature verification failed");
        return false;
    }
    return true;
}
Also used : AudienceRestriction(com.sun.identity.saml2.assertion.AudienceRestriction) SubjectConfirmation(com.sun.identity.saml2.assertion.SubjectConfirmation) Issuer(com.sun.identity.saml2.assertion.Issuer) SubjectConfirmationData(com.sun.identity.saml2.assertion.SubjectConfirmationData) Conditions(com.sun.identity.saml2.assertion.Conditions) Subject(com.sun.identity.saml2.assertion.Subject) Date(java.util.Date)

Example 67 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method setIDPStdAttributeValues.

/**
     * Saves the standard attribute values for the Identiy Provider.
     *
     * @param realm to which the entity belongs.
     * @param entityName is the entity id.
     * @param idpStdValues Map which contains the standard attribute values.
     * @throws AMConsoleException if saving of attribute value fails.
     */
public void setIDPStdAttributeValues(String realm, String entityName, Map idpStdValues) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "IDP-Standard" };
    logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
    IDPSSODescriptorElement idpssoDescriptor = null;
    com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact = new com.sun.identity.saml2.jaxb.metadata.ObjectFactory();
    try {
        SAML2MetaManager samlManager = getSAML2MetaManager();
        EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
        idpssoDescriptor = samlManager.getIDPSSODescriptor(realm, entityName);
        if (idpssoDescriptor != null) {
            // save for WantAuthnRequestsSigned 
            if (idpStdValues.keySet().contains(WANT_AUTHN_REQ_SIGNED)) {
                boolean value = setToBoolean(idpStdValues, WANT_AUTHN_REQ_SIGNED);
                idpssoDescriptor.setWantAuthnRequestsSigned(value);
            }
            // save for Artifact Resolution Service
            if (idpStdValues.keySet().contains(ART_RES_LOCATION)) {
                String artLocation = getResult(idpStdValues, ART_RES_LOCATION);
                String indexValue = getResult(idpStdValues, ART_RES_INDEX);
                if (StringUtils.isEmpty(indexValue)) {
                    indexValue = "0";
                }
                boolean isDefault = setToBoolean(idpStdValues, ART_RES_ISDEFAULT);
                ArtifactResolutionServiceElement elem = null;
                List artList = idpssoDescriptor.getArtifactResolutionService();
                if (artList.isEmpty()) {
                    elem = objFact.createArtifactResolutionServiceElement();
                    elem.setBinding(soapBinding);
                    elem.setLocation("");
                    elem.setIndex(0);
                    elem.setIsDefault(false);
                    idpssoDescriptor.getArtifactResolutionService().add(elem);
                    artList = idpssoDescriptor.getArtifactResolutionService();
                }
                elem = (ArtifactResolutionServiceElement) artList.get(0);
                elem.setLocation(artLocation);
                elem.setIndex(Integer.parseInt(indexValue));
                elem.setIsDefault(isDefault);
                idpssoDescriptor.getArtifactResolutionService().clear();
                idpssoDescriptor.getArtifactResolutionService().add(elem);
            }
            // save for Single Logout Service - Http-Redirect
            if (idpStdValues.keySet().contains(SINGLE_LOGOUT_HTTP_LOCATION)) {
                String lohttpLocation = getResult(idpStdValues, SINGLE_LOGOUT_HTTP_LOCATION);
                String lohttpRespLocation = getResult(idpStdValues, SINGLE_LOGOUT_HTTP_RESP_LOCATION);
                String postLocation = getResult(idpStdValues, SLO_POST_LOC);
                String postRespLocation = getResult(idpStdValues, SLO_POST_RESPLOC);
                String losoapLocation = getResult(idpStdValues, SINGLE_LOGOUT_SOAP_LOCATION);
                String priority = getResult(idpStdValues, SINGLE_LOGOUT_DEFAULT);
                if (priority.contains("none")) {
                    if (lohttpLocation != null) {
                        priority = httpRedirectBinding;
                    } else if (postLocation != null) {
                        priority = httpPostBinding;
                    } else if (losoapLocation != null) {
                        priority = soapBinding;
                    }
                }
                List logList = idpssoDescriptor.getSingleLogoutService();
                if (!logList.isEmpty()) {
                    logList.clear();
                }
                if (priority != null && priority.contains("HTTP-Redirect")) {
                    savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
                    savepostLogout(postLocation, postRespLocation, logList, objFact);
                    savesoapLogout(losoapLocation, logList, objFact);
                } else if (priority != null && priority.contains("HTTP-POST")) {
                    savepostLogout(postLocation, postRespLocation, logList, objFact);
                    savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
                    savesoapLogout(losoapLocation, logList, objFact);
                } else if (priority != null && priority.contains("SOAP")) {
                    savesoapLogout(losoapLocation, logList, objFact);
                    savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
                    savepostLogout(postLocation, postRespLocation, logList, objFact);
                }
            }
            // save for Manage Name ID Service
            if (idpStdValues.keySet().contains(MANAGE_NAMEID_HTTP_LOCATION)) {
                String mnihttpLocation = getResult(idpStdValues, MANAGE_NAMEID_HTTP_LOCATION);
                String mnihttpRespLocation = getResult(idpStdValues, MANAGE_NAMEID_HTTP_RESP_LOCATION);
                String mnipostLocation = getResult(idpStdValues, MNI_POST_LOC);
                String mnipostRespLocation = getResult(idpStdValues, MNI_POST_RESPLOC);
                String mnisoapLocation = getResult(idpStdValues, MANAGE_NAMEID_SOAP_LOCATION);
                String priority = getResult(idpStdValues, SINGLE_MANAGE_NAMEID_DEFAULT);
                if (priority.contains("none")) {
                    if (mnihttpLocation != null) {
                        priority = httpRedirectBinding;
                    } else if (mnipostLocation != null) {
                        priority = httpPostBinding;
                    } else if (mnisoapLocation != null) {
                        priority = soapBinding;
                    }
                }
                List manageNameIdList = idpssoDescriptor.getManageNameIDService();
                if (!manageNameIdList.isEmpty()) {
                    manageNameIdList.clear();
                }
                if (priority != null && priority.contains("HTTP-Redirect")) {
                    savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
                    savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
                    savesoapMni(mnisoapLocation, manageNameIdList, objFact);
                } else if (priority != null && priority.contains("HTTP-POST")) {
                    savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
                    savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
                    savesoapMni(mnisoapLocation, manageNameIdList, objFact);
                } else if (priority != null && priority.contains("SOAP")) {
                    savesoapMni(mnisoapLocation, manageNameIdList, objFact);
                    savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
                    savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
                }
            }
            //save nameid mapping
            if (idpStdValues.keySet().contains(NAME_ID_MAPPPING)) {
                String nameIDmappingloc = getResult(idpStdValues, NAME_ID_MAPPPING);
                NameIDMappingServiceElement namidElem1 = null;
                List nameIDmappingList = idpssoDescriptor.getNameIDMappingService();
                if (nameIDmappingList.isEmpty()) {
                    namidElem1 = objFact.createNameIDMappingServiceElement();
                    namidElem1.setBinding(soapBinding);
                    idpssoDescriptor.getNameIDMappingService().add(namidElem1);
                    nameIDmappingList = idpssoDescriptor.getNameIDMappingService();
                }
                namidElem1 = (NameIDMappingServiceElement) nameIDmappingList.get(0);
                namidElem1.setLocation(nameIDmappingloc);
                idpssoDescriptor.getNameIDMappingService().clear();
                idpssoDescriptor.getNameIDMappingService().add(namidElem1);
            }
            //save nameid format                
            if (idpStdValues.keySet().contains(NAMEID_FORMAT)) {
                saveNameIdFormat(idpssoDescriptor, idpStdValues);
            }
            //save for SingleSignOnService
            if (idpStdValues.keySet().contains(SINGLE_SIGNON_HTTP_LOCATION)) {
                String ssohttpLocation = getResult(idpStdValues, SINGLE_SIGNON_HTTP_LOCATION);
                String ssopostLocation = getResult(idpStdValues, SINGLE_SIGNON_SOAP_LOCATION);
                String ssoSoapLocation = getResult(idpStdValues, SSO_SOAPS_LOC);
                List signonList = idpssoDescriptor.getSingleSignOnService();
                if (!signonList.isEmpty()) {
                    signonList.clear();
                }
                if (ssohttpLocation != null && ssohttpLocation.length() > 0) {
                    SingleSignOnServiceElement slsElemRed = objFact.createSingleSignOnServiceElement();
                    slsElemRed.setBinding(httpRedirectBinding);
                    slsElemRed.setLocation(ssohttpLocation);
                    signonList.add(slsElemRed);
                }
                if (ssopostLocation != null && ssopostLocation.length() > 0) {
                    SingleSignOnServiceElement slsElemPost = objFact.createSingleSignOnServiceElement();
                    slsElemPost.setBinding(httpPostBinding);
                    slsElemPost.setLocation(ssopostLocation);
                    signonList.add(slsElemPost);
                }
                if (ssoSoapLocation != null && ssoSoapLocation.length() > 0) {
                    SingleSignOnServiceElement slsElemSoap = objFact.createSingleSignOnServiceElement();
                    slsElemSoap.setBinding(soapBinding);
                    slsElemSoap.setLocation(ssoSoapLocation);
                    signonList.add(slsElemSoap);
                }
            }
            samlManager.setEntityDescriptor(realm, entityDescriptor);
        }
        logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
    } catch (SAML2MetaException e) {
        debug.warning("SAMLv2ModelImpl.setIDPStdAttributeValues:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "IDP-Standard", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
        throw new AMConsoleException(strError);
    } catch (JAXBException e) {
        debug.warning("SAMLv2ModelImpl.setIDPStdAttributeValues:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "IDP-Standard", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
    }
}
Also used : JAXBException(javax.xml.bind.JAXBException) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement) SingleSignOnServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleSignOnServiceElement) ArtifactResolutionServiceElement(com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement) NameIDMappingServiceElement(com.sun.identity.saml2.jaxb.metadata.NameIDMappingServiceElement) ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory) List(java.util.List) ArrayList(java.util.ArrayList) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)

Example 68 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method setStdAuthnAuthorityValues.

/**
     * Saves the standard attribute values for Authn Authority.
     *
     * @param realm to which the entity belongs.
     * @param entityName is the entity id.
     * @param authnAuthValues Map which contains standard authn authority values.
     * @throws AMConsoleException if saving of attribute value fails.
     */
public void setStdAuthnAuthorityValues(String realm, String entityName, Map authnAuthValues) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "AuthnAuthority-Std" };
    logEvent("ATTEMPT_MODIFY_AUTHN_AUTH_ATTR_VALUES", params);
    com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact = new com.sun.identity.saml2.jaxb.metadata.ObjectFactory();
    AuthnAuthorityDescriptorElement authnauthDescriptor = null;
    try {
        SAML2MetaManager samlManager = getSAML2MetaManager();
        EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
        authnauthDescriptor = samlManager.getAuthnAuthorityDescriptor(realm, entityName);
        if (authnauthDescriptor != null) {
            String queryService = getResult(authnAuthValues, AUTHN_QUERY_SERVICE);
            //save query service
            List authQueryServiceList = authnauthDescriptor.getAuthnQueryService();
            if (!authQueryServiceList.isEmpty()) {
                authnauthDescriptor.getAuthnQueryService().clear();
            }
            AuthnQueryServiceElement key = objFact.createAuthnQueryServiceElement();
            key.setBinding(soapBinding);
            key.setLocation(queryService);
            authnauthDescriptor.getAuthnQueryService().add(key);
            //save assertion ID request
            String soapLocation = getResult(authnAuthValues, ASSERTION_ID_SAOP_LOC);
            String uriLocation = getResult(authnAuthValues, ASSERTION_ID_URI_LOC);
            List assertionIDReqList = authnauthDescriptor.getAssertionIDRequestService();
            if (!assertionIDReqList.isEmpty()) {
                assertionIDReqList.clear();
            }
            AssertionIDRequestServiceElement elem1 = objFact.createAssertionIDRequestServiceElement();
            elem1.setBinding(soapBinding);
            AssertionIDRequestServiceElement elem2 = objFact.createAssertionIDRequestServiceElement();
            elem2.setBinding(uriBinding);
            if (soapLocation != null) {
                elem1.setLocation(soapLocation);
            }
            if (uriLocation != null) {
                elem2.setLocation(uriLocation);
            }
            authnauthDescriptor.getAssertionIDRequestService().add(elem1);
            authnauthDescriptor.getAssertionIDRequestService().add(elem2);
            samlManager.setEntityDescriptor(realm, entityDescriptor);
        }
        logEvent("SUCCEED_MODIFY_AUTHN_AUTH_ATTR_VALUES", params);
    } catch (SAML2MetaException e) {
        debug.warning("SAMLv2ModelImpl.setStdAuthnAuthorityValues:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "AuthnAuthority-Std", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_AUTHN_AUTH_ATTR_VALUES", paramsEx);
        throw new AMConsoleException(strError);
    } catch (JAXBException e) {
        debug.warning("SAMLv2ModelImpl.setStdAttributeAuthorityValues:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "AttribAuthority-Std", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_AUTHN_AUTH_ATTR_VALUES", paramsEx);
    }
}
Also used : AuthnAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement) AssertionIDRequestServiceElement(com.sun.identity.saml2.jaxb.metadata.AssertionIDRequestServiceElement) JAXBException(javax.xml.bind.JAXBException) AuthnQueryServiceElement(com.sun.identity.saml2.jaxb.metadata.AuthnQueryServiceElement) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement) ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory) List(java.util.List) ArrayList(java.util.ArrayList) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 69 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method setSPExtAttributeValues.

/**
     * Saves the extended attribute values for the Service Provider.
     *
     * @param realm to which the entity belongs.
     * @param entityName is the entity id.
     * @param spExtValues Map which contains the standard attribute values.
     * @param location has the information whether remote or hosted.
     * @throws AMConsoleException if saving of attribute value fails.
     */
public void setSPExtAttributeValues(String realm, String entityName, Map spExtValues, String location) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "SP-Extended" };
    logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
    String role = EntityModel.SERVICE_PROVIDER;
    try {
        SAML2MetaManager samlManager = getSAML2MetaManager();
        //entityConfig is the extended entity configuration object
        EntityConfigElement entityConfig = samlManager.getEntityConfig(realm, entityName);
        //for remote cases
        if (entityConfig == null) {
            createExtendedObject(realm, entityName, location, role);
            entityConfig = samlManager.getEntityConfig(realm, entityName);
        }
        SPSSOConfigElement spssoConfig = samlManager.getSPSSOConfig(realm, entityName);
        if (spssoConfig != null) {
            updateBaseConfig(spssoConfig, spExtValues, role);
        }
        //saves the attributes by passing the new entityConfig object
        samlManager.setEntityConfig(realm, entityConfig);
        logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
    } catch (SAML2MetaException e) {
        debug.error("SAMLv2ModelImpl.setSPExtAttributeValues:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "SP Ext", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
    } catch (JAXBException e) {
        debug.error("SAMLv2ModelImpl.setSPExtAttributeValues:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "SP Ext", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
    } catch (AMConsoleException e) {
        debug.error("SAMLv2ModelImpl.setSPExtAttributeValues:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "SP Ext", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
    }
}
Also used : JAXBException(javax.xml.bind.JAXBException) SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)

Example 70 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method updateKeyinfo.

/**
     * Saves the signing and encryption values for the entity.
     *
     * @param realm to which the entity belongs.
     * @param entityName is the entity id.
     * @param extValues Map which contains the extended attribute values.
     * @param stdValues Map which contains the standard attribute values.
     * @param isIDP has information whether entity is an idp or sp.
     * @throws AMConsoleException if saving of attribute value fails.
     */
public void updateKeyinfo(String realm, String entityName, Map<String, Set<String>> extValues, Map<String, Set<String>> stdValues, boolean isIDP) throws AMConsoleException {
    String keysize = getResult(stdValues, TF_KEY_NAME);
    String algorithm = getResult(stdValues, TF_ALGORITHM);
    Set<String> signingCertAliases;
    Set<String> encryptionCertAliases;
    if (isIDP) {
        encryptionCertAliases = extValues.get(IDP_ENCRYPT_CERT_ALIAS);
        signingCertAliases = extValues.get(IDP_SIGN_CERT_ALIAS);
    } else {
        encryptionCertAliases = extValues.get(SP_ENCRYPT_CERT_ALIAS);
        signingCertAliases = extValues.get(SP_SIGN_CERT_ALIAS);
    }
    int keysi = !StringUtils.isEmpty(keysize) ? Integer.parseInt(keysize) : 128;
    String alg = StringUtils.isEmpty(algorithm) ? XMLCipher.AES_128 : algorithm;
    try {
        SAML2MetaSecurityUtils.updateProviderKeyInfo(realm, entityName, signingCertAliases, true, isIDP, alg, keysi);
        SAML2MetaSecurityUtils.updateProviderKeyInfo(realm, entityName, encryptionCertAliases, false, isIDP, alg, keysi);
    } catch (SAML2MetaException e) {
        debug.warning("SAMLv2ModelImpl.updateKeyinfo:", e);
        throw new AMConsoleException(getErrorString(e));
    }
}
Also used : AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Aggregations

ArrayList (java.util.ArrayList)57 List (java.util.List)46 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)40 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)37 Iterator (java.util.Iterator)24 Attribute (com.sun.identity.saml2.assertion.Attribute)22 SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)22 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)21 HashMap (java.util.HashMap)21 Map (java.util.Map)18 JAXBException (javax.xml.bind.JAXBException)13 EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)12 EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)12 Set (java.util.Set)11 BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)9 HashSet (java.util.HashSet)9 Issuer (com.sun.identity.saml2.assertion.Issuer)8 Date (java.util.Date)8 Node (org.w3c.dom.Node)8 DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)7