Search in sources :

Example 76 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method setStdAttributeAuthorityValues.

/**
     * Saves the standard attribute values for Attribute Authority.
     *
     * @param realm to which the entity belongs.
     * @param entityName is the entity id.
     * @param attrAuthValues Map which contains standard attribute auth values.
     * @throws AMConsoleException if saving of attribute value fails.
     */
public void setStdAttributeAuthorityValues(String realm, String entityName, Map attrAuthValues) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "AttribAuthority-Std" };
    com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact = new com.sun.identity.saml2.jaxb.metadata.ObjectFactory();
    logEvent("ATTEMPT_MODIFY_ATTR_AUTH_ATTR_VALUES", params);
    AttributeAuthorityDescriptorElement attrauthDescriptor = null;
    try {
        SAML2MetaManager samlManager = getSAML2MetaManager();
        EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
        attrauthDescriptor = samlManager.getAttributeAuthorityDescriptor(realm, entityName);
        if (attrauthDescriptor != null) {
            //save attribute Service
            String defLocation = getResult(attrAuthValues, ATTR_SEFVICE_DEFAULT_LOCATION);
            boolean is509 = setToBoolean(attrAuthValues, SUPPORTS_X509);
            String x509Location = getResult(attrAuthValues, ATTR_SEFVICE_LOCATION);
            AttributeServiceElement key1 = objFact.createAttributeServiceElement();
            AttributeServiceElement key2 = objFact.createAttributeServiceElement();
            key1.setBinding(soapBinding);
            key1.setLocation("");
            key2.setBinding(soapBinding);
            key2.setSupportsX509Query(false);
            key2.setLocation("");
            if (defLocation != null && defLocation.length() > 0) {
                key1.setLocation(defLocation);
            }
            if (x509Location != null && x509Location.length() > 0) {
                key2.setLocation(x509Location);
                key2.setSupportsX509Query(is509);
            }
            attrauthDescriptor.getAttributeService().clear();
            attrauthDescriptor.getAttributeService().add(key1);
            attrauthDescriptor.getAttributeService().add(key2);
            //save assertion ID request
            String soapLocation = getResult(attrAuthValues, ASSERTION_ID_SAOP_LOC);
            String uriLocation = getResult(attrAuthValues, ASSERTION_ID_URI_LOC);
            AssertionIDRequestServiceElement elem1 = objFact.createAssertionIDRequestServiceElement();
            AssertionIDRequestServiceElement elem2 = objFact.createAssertionIDRequestServiceElement();
            elem1.setBinding(soapBinding);
            elem2.setBinding(uriBinding);
            if (soapLocation != null) {
                elem1.setLocation(soapLocation);
            }
            if (uriLocation != null) {
                elem2.setLocation(uriLocation);
            }
            attrauthDescriptor.getAssertionIDRequestService().clear();
            attrauthDescriptor.getAssertionIDRequestService().add(elem1);
            attrauthDescriptor.getAssertionIDRequestService().add(elem2);
            //save attribute profile
            String attrProfile = getResult(attrAuthValues, ATTRIBUTE_PROFILE);
            List attrProfileList = attrauthDescriptor.getAttributeProfile();
            if (!attrProfileList.isEmpty()) {
                attrauthDescriptor.getAttributeProfile().clear();
            }
            attrauthDescriptor.getAttributeProfile().add(attrProfile);
            samlManager.setEntityDescriptor(realm, entityDescriptor);
        }
        logEvent("SUCCEED_MODIFY_ATTR_AUTH_ATTR_VALUES", params);
    } catch (SAML2MetaException e) {
        debug.warning("SAMLv2ModelImpl.setStdAttributeAuthorityValues:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "AttribAuthority-Std", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ATTR_AUTH_ATTR_VALUES", paramsEx);
        throw new AMConsoleException(strError);
    } catch (JAXBException e) {
        debug.warning("SAMLv2ModelImpl.setStdAttributeAuthorityValues:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "AttribAuthority-Std", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ATTR_AUTH_ATTR_VALUES", paramsEx);
    }
}
Also used : AttributeServiceElement(com.sun.identity.saml2.jaxb.metadata.AttributeServiceElement) AssertionIDRequestServiceElement(com.sun.identity.saml2.jaxb.metadata.AssertionIDRequestServiceElement) JAXBException(javax.xml.bind.JAXBException) AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement) ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory) List(java.util.List) ArrayList(java.util.ArrayList) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 77 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method updatePDPConfig.

/**
     * Save extended metadata for PDP Config.
     *
     * @param realm realm of Entity.
     * @param entityName entity name of Entity Descriptor.
     * @param location entity is remote or hosted.
     * @param attrValues key-value pair Map of PDP extended config.
     * @throws AMConsoleException if fails to modify/save the PDP
     *         extended metadata attribute
     */
public void updatePDPConfig(String realm, String entityName, String location, Map attrValues) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "XACML PDP" };
    logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
    String role = EntityModel.POLICY_DECISION_POINT_DESCRIPTOR;
    try {
        SAML2MetaManager saml2Manager = getSAML2MetaManager();
        //entityConfig is the extended entity configuration object
        EntityConfigElement entityConfig = saml2Manager.getEntityConfig(realm, entityName);
        if (entityConfig == null) {
            throw new AMConsoleException("invalid.xacml.configuration");
        }
        XACMLPDPConfigElement pdpEntityConfig = saml2Manager.getPolicyDecisionPointConfig(realm, entityName);
        if (pdpEntityConfig == null) {
            throw new AMConsoleException("invalid.xacml.configuration");
        } else {
            updateBaseConfig(pdpEntityConfig, attrValues, role);
        }
        //saves the attributes by passing the new entityConfig object
        saml2Manager.setEntityConfig(realm, entityConfig);
        logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
    } catch (SAML2MetaException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "XACML PDP", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
        throw new AMConsoleException(strError);
    } catch (JAXBException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "XACML PDP", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
        throw new AMConsoleException(strError);
    }
}
Also used : JAXBException(javax.xml.bind.JAXBException) XACMLPDPConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)

Example 78 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method getPDPDescriptor.

/**
     * Returns a Map of PDP descriptor data.(Standard Metadata)
     *
     * @param realm realm of Entity
     * @param entityName entity name of Entity Descriptor.
     * @return key-value pair Map of PDP descriptor data.
     * @throws AMConsoleException if unable to retrieve the PDP
     *         standard metadata attribute
     */
public Map getPDPDescriptor(String realm, String entityName) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "XACML PDP" };
    logEvent("ATTEMPT_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
    Map data = null;
    try {
        SAML2MetaManager saml2Manager = getSAML2MetaManager();
        XACMLPDPDescriptorElement xacmlPDPDescriptor = saml2Manager.getPolicyDecisionPointDescriptor(realm, entityName);
        if (xacmlPDPDescriptor != null) {
            data = new HashMap(10);
            //ProtocolSupportEnum
            data.put(ATTR_TXT_PROTOCOL_SUPPORT_ENUM, returnEmptySetIfValueIsNull(xacmlPDPDescriptor.getProtocolSupportEnumeration()));
            List authzServiceList = xacmlPDPDescriptor.getXACMLAuthzService();
            if (authzServiceList.size() != 0) {
                XACMLAuthzServiceElement authzService = (XACMLAuthzServiceElement) authzServiceList.get(0);
                data.put(ATTR_XACML_AUTHZ_SERVICE_BINDING, returnEmptySetIfValueIsNull(authzService.getBinding()));
                data.put(ATTR_XACML_AUTHZ_SERVICE_LOCATION, returnEmptySetIfValueIsNull(authzService.getLocation()));
            }
        }
        logEvent("SUCCEED_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
    } catch (SAML2MetaException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "XACML PDP", strError };
        logEvent("FEDERATION_EXCEPTION_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", paramsEx);
        throw new AMConsoleException(strError);
    }
    return (data != null) ? data : Collections.EMPTY_MAP;
}
Also used : XACMLAuthzServiceElement(com.sun.identity.saml2.jaxb.metadata.XACMLAuthzServiceElement) HashMap(java.util.HashMap) XACMLPDPDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement) List(java.util.List) ArrayList(java.util.ArrayList) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) Map(java.util.Map) HashMap(java.util.HashMap) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 79 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class FMSubjectMapperTest method testMapToNativeSubject.

@Test(groups = { "xacml" })
public void testMapToNativeSubject() throws XACMLException, URISyntaxException {
    FMSubjectMapper subjectMapper = new FMSubjectMapper();
    Subject subject1 = ContextFactory.getInstance().createSubject();
    //supported category for id
    //urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
    subject1.setSubjectCategory(new URI("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"));
    Attribute attribute = ContextFactory.getInstance().createAttribute();
    attribute.setIssuer("sampleIssuer1");
    //key attribute id
    //urn:oasis:names:tc:xacml:1.0:subject:subject-id
    attribute.setAttributeId(new URI("urn:oasis:names:tc:xacml:1.0:subject:subject-id"));
    //supported data type for id
    //urn:oasis:names:tc:xacml:1.0:data-type:x500Name
    //urn:sun:names:xacml:2.0:data-type:opensso-session-id
    //urn:sun:names:xacml:2.0:data-type:openfm-sp-nameid
    attribute.setDataType(new URI("urn:sun:names:xacml:2.0:data-type:opensso-session-id"));
    List<String> valueList = new ArrayList<String>();
    AuthContext lc = null;
    String[] callbacks = { "amadmin", "admin123" };
    SSOToken ssot = null;
    try {
        lc = new AuthContext("/");
        AuthContext.IndexType indexType = AuthContext.IndexType.MODULE_INSTANCE;
        String indexName = "DataStore";
        log(Level.INFO, "testMapToNativeSubject():\n", " LDAPLogin: Obtained login context");
        lc.login(indexType, indexName, callbacks);
        if (lc.getStatus() == AuthContext.Status.SUCCESS) {
            log(Level.INFO, "testMapToNativeSubject():\n", " Login success!!");
        }
        ssot = lc.getSSOToken();
    } catch (Exception le) {
        le.printStackTrace();
        log(Level.INFO, "testMapToNativeSubject():\n", " Login failed!!");
    }
    String sid = ssot.getTokenID().toString();
    log(Level.INFO, "testMapToNativeSubject():\n", " sid = " + sid);
    valueList.add(sid);
    attribute.setAttributeStringValues(valueList);
    List<Attribute> attributeList = new ArrayList<Attribute>();
    attributeList.add(attribute);
    subject1.setAttributes(attributeList);
    Subject[] subjects = { subject1 };
    List<Subject> subjectsList = new ArrayList<Subject>();
    subjectsList.add(subject1);
    SSOToken retSSOToken = (SSOToken) subjectMapper.mapToNativeSubject(subjectsList);
    String retSid = retSSOToken.getTokenID().toString();
    log(Level.INFO, "testMapToNativeSubject():\n", " return sid = " + retSid);
}
Also used : SSOToken(com.iplanet.sso.SSOToken) Attribute(com.sun.identity.xacml.context.Attribute) ArrayList(java.util.ArrayList) AuthContext(com.sun.identity.authentication.AuthContext) URI(java.net.URI) Subject(com.sun.identity.xacml.context.Subject) URISyntaxException(java.net.URISyntaxException) XACMLException(com.sun.identity.xacml.common.XACMLException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) SSOException(com.iplanet.sso.SSOException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Test(org.testng.annotations.Test)

Example 80 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class ActionImpl method parseElement.

// used by constructors
private void parseElement(Element element) throws SAML2Exception {
    // make sure that the input xml block is not null
    if (element == null) {
        SAML2SDKUtils.debug.message("ActionImpl.parseElement:" + " Input is null.");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
    }
    // Make sure this is an Action.
    String tag = null;
    tag = element.getLocalName();
    if ((tag == null) || (!tag.equals("Action"))) {
        SAML2SDKUtils.debug.message("ActionImpl.parseElement: not Action.");
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("wrongInput"));
    }
    // handle the attribute of <Action> element
    NamedNodeMap atts = ((Node) element).getAttributes();
    if (atts != null) {
        Node att = atts.getNamedItem("Namespace");
        if (att != null) {
            namespace = ((Attr) att).getValue().trim();
        }
    }
    if (namespace == null || namespace.length() == 0) {
        if (SAML2SDKUtils.debug.messageEnabled()) {
            SAML2SDKUtils.debug.message("ActionImpl.parseElement: " + "Namespace is empty or missing.");
        }
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missingAttribute"));
    }
    //handle the children elements of <Action>
    NodeList nodes = element.getChildNodes();
    int nodeCount = nodes.getLength();
    if (nodeCount > 0) {
        for (int i = 0; i < nodeCount; i++) {
            Node currentNode = nodes.item(i);
            if (currentNode.getNodeType() == Node.ELEMENT_NODE) {
                if (SAML2SDKUtils.debug.messageEnabled()) {
                    SAML2SDKUtils.debug.message("ActionImpl.parseElement: " + "Illegal value of the element.");
                }
                throw new SAML2Exception(SAML2SDKUtils.bundle.getString("wrongInput"));
            }
        }
    }
    action = XMLUtils.getElementValue(element);
    // check if the action is null.
    if (action == null || action.trim().length() == 0) {
        if (SAML2SDKUtils.debug.messageEnabled()) {
            SAML2SDKUtils.debug.message("ActionImpl.parseElement: " + "Action value is null or empty.");
        }
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missingElementValue"));
    }
    mutable = false;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) NamedNodeMap(org.w3c.dom.NamedNodeMap) Node(org.w3c.dom.Node) NodeList(org.w3c.dom.NodeList) Attr(org.w3c.dom.Attr)

Aggregations

ArrayList (java.util.ArrayList)57 List (java.util.List)46 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)40 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)37 Iterator (java.util.Iterator)24 Attribute (com.sun.identity.saml2.assertion.Attribute)22 SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)22 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)21 HashMap (java.util.HashMap)21 Map (java.util.Map)18 JAXBException (javax.xml.bind.JAXBException)13 EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)12 EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)12 Set (java.util.Set)11 BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)9 HashSet (java.util.HashSet)9 Issuer (com.sun.identity.saml2.assertion.Issuer)8 Date (java.util.Date)8 Node (org.w3c.dom.Node)8 DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)7