Example 76 with Attribute
use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method setStdAttributeAuthorityValues.
/**
* Saves the standard attribute values for Attribute Authority.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @param attrAuthValues Map which contains standard attribute auth values.
* @throws AMConsoleException if saving of attribute value fails.
*/
public void setStdAttributeAuthorityValues(String realm, String entityName, Map attrAuthValues) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "AttribAuthority-Std" };
com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact = new com.sun.identity.saml2.jaxb.metadata.ObjectFactory();
logEvent("ATTEMPT_MODIFY_ATTR_AUTH_ATTR_VALUES", params);
AttributeAuthorityDescriptorElement attrauthDescriptor = null;
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
attrauthDescriptor = samlManager.getAttributeAuthorityDescriptor(realm, entityName);
if (attrauthDescriptor != null) {
//save attribute Service
String defLocation = getResult(attrAuthValues, ATTR_SEFVICE_DEFAULT_LOCATION);
boolean is509 = setToBoolean(attrAuthValues, SUPPORTS_X509);
String x509Location = getResult(attrAuthValues, ATTR_SEFVICE_LOCATION);
AttributeServiceElement key1 = objFact.createAttributeServiceElement();
AttributeServiceElement key2 = objFact.createAttributeServiceElement();
key1.setBinding(soapBinding);
key1.setLocation("");
key2.setBinding(soapBinding);
key2.setSupportsX509Query(false);
key2.setLocation("");
if (defLocation != null && defLocation.length() > 0) {
key1.setLocation(defLocation);
}
if (x509Location != null && x509Location.length() > 0) {
key2.setLocation(x509Location);
key2.setSupportsX509Query(is509);
}
attrauthDescriptor.getAttributeService().clear();
attrauthDescriptor.getAttributeService().add(key1);
attrauthDescriptor.getAttributeService().add(key2);
//save assertion ID request
String soapLocation = getResult(attrAuthValues, ASSERTION_ID_SAOP_LOC);
String uriLocation = getResult(attrAuthValues, ASSERTION_ID_URI_LOC);
AssertionIDRequestServiceElement elem1 = objFact.createAssertionIDRequestServiceElement();
AssertionIDRequestServiceElement elem2 = objFact.createAssertionIDRequestServiceElement();
elem1.setBinding(soapBinding);
elem2.setBinding(uriBinding);
if (soapLocation != null) {
elem1.setLocation(soapLocation);
}
if (uriLocation != null) {
elem2.setLocation(uriLocation);
}
attrauthDescriptor.getAssertionIDRequestService().clear();
attrauthDescriptor.getAssertionIDRequestService().add(elem1);
attrauthDescriptor.getAssertionIDRequestService().add(elem2);
//save attribute profile
String attrProfile = getResult(attrAuthValues, ATTRIBUTE_PROFILE);
List attrProfileList = attrauthDescriptor.getAttributeProfile();
if (!attrProfileList.isEmpty()) {
attrauthDescriptor.getAttributeProfile().clear();
}
attrauthDescriptor.getAttributeProfile().add(attrProfile);
samlManager.setEntityDescriptor(realm, entityDescriptor);
}
logEvent("SUCCEED_MODIFY_ATTR_AUTH_ATTR_VALUES", params);
} catch (SAML2MetaException e) {
debug.warning("SAMLv2ModelImpl.setStdAttributeAuthorityValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "AttribAuthority-Std", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ATTR_AUTH_ATTR_VALUES", paramsEx);
throw new AMConsoleException(strError);
} catch (JAXBException e) {
debug.warning("SAMLv2ModelImpl.setStdAttributeAuthorityValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "AttribAuthority-Std", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ATTR_AUTH_ATTR_VALUES", paramsEx);
}
}
Also used :
AttributeServiceElement(com.sun.identity.saml2.jaxb.metadata.AttributeServiceElement)
AssertionIDRequestServiceElement(com.sun.identity.saml2.jaxb.metadata.AssertionIDRequestServiceElement)
JAXBException(javax.xml.bind.JAXBException)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)
List(java.util.List)
ArrayList(java.util.ArrayList)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 77 with Attribute
use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method updatePDPConfig.
/**
* Save extended metadata for PDP Config.
*
* @param realm realm of Entity.
* @param entityName entity name of Entity Descriptor.
* @param location entity is remote or hosted.
* @param attrValues key-value pair Map of PDP extended config.
* @throws AMConsoleException if fails to modify/save the PDP
* extended metadata attribute
*/
public void updatePDPConfig(String realm, String entityName, String location, Map attrValues) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "XACML PDP" };
logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
String role = EntityModel.POLICY_DECISION_POINT_DESCRIPTOR;
try {
SAML2MetaManager saml2Manager = getSAML2MetaManager();
//entityConfig is the extended entity configuration object
EntityConfigElement entityConfig = saml2Manager.getEntityConfig(realm, entityName);
if (entityConfig == null) {
throw new AMConsoleException("invalid.xacml.configuration");
}
XACMLPDPConfigElement pdpEntityConfig = saml2Manager.getPolicyDecisionPointConfig(realm, entityName);
if (pdpEntityConfig == null) {
throw new AMConsoleException("invalid.xacml.configuration");
} else {
updateBaseConfig(pdpEntityConfig, attrValues, role);
}
//saves the attributes by passing the new entityConfig object
saml2Manager.setEntityConfig(realm, entityConfig);
logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
} catch (SAML2MetaException e) {
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "XACML PDP", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(strError);
} catch (JAXBException e) {
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "XACML PDP", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(strError);
}
}
Also used :
JAXBException(javax.xml.bind.JAXBException)
XACMLPDPConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
Example 78 with Attribute
use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method getPDPDescriptor.
/**
* Returns a Map of PDP descriptor data.(Standard Metadata)
*
* @param realm realm of Entity
* @param entityName entity name of Entity Descriptor.
* @return key-value pair Map of PDP descriptor data.
* @throws AMConsoleException if unable to retrieve the PDP
* standard metadata attribute
*/
public Map getPDPDescriptor(String realm, String entityName) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "XACML PDP" };
logEvent("ATTEMPT_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
Map data = null;
try {
SAML2MetaManager saml2Manager = getSAML2MetaManager();
XACMLPDPDescriptorElement xacmlPDPDescriptor = saml2Manager.getPolicyDecisionPointDescriptor(realm, entityName);
if (xacmlPDPDescriptor != null) {
data = new HashMap(10);
//ProtocolSupportEnum
data.put(ATTR_TXT_PROTOCOL_SUPPORT_ENUM, returnEmptySetIfValueIsNull(xacmlPDPDescriptor.getProtocolSupportEnumeration()));
List authzServiceList = xacmlPDPDescriptor.getXACMLAuthzService();
if (authzServiceList.size() != 0) {
XACMLAuthzServiceElement authzService = (XACMLAuthzServiceElement) authzServiceList.get(0);
data.put(ATTR_XACML_AUTHZ_SERVICE_BINDING, returnEmptySetIfValueIsNull(authzService.getBinding()));
data.put(ATTR_XACML_AUTHZ_SERVICE_LOCATION, returnEmptySetIfValueIsNull(authzService.getLocation()));
}
}
logEvent("SUCCEED_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
} catch (SAML2MetaException e) {
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "XACML PDP", strError };
logEvent("FEDERATION_EXCEPTION_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", paramsEx);
throw new AMConsoleException(strError);
}
return (data != null) ? data : Collections.EMPTY_MAP;
}
Also used :
XACMLAuthzServiceElement(com.sun.identity.saml2.jaxb.metadata.XACMLAuthzServiceElement)
HashMap(java.util.HashMap)
XACMLPDPDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement)
List(java.util.List)
ArrayList(java.util.ArrayList)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Map(java.util.Map)
HashMap(java.util.HashMap)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 79 with Attribute
use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.
the class FMSubjectMapperTest method testMapToNativeSubject.
@Test(groups = { "xacml" })
public void testMapToNativeSubject() throws XACMLException, URISyntaxException {
FMSubjectMapper subjectMapper = new FMSubjectMapper();
Subject subject1 = ContextFactory.getInstance().createSubject();
//supported category for id
//urn:oasis:names:tc:xacml:1.0:subject-category:access-subject
subject1.setSubjectCategory(new URI("urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"));
Attribute attribute = ContextFactory.getInstance().createAttribute();
attribute.setIssuer("sampleIssuer1");
//key attribute id
//urn:oasis:names:tc:xacml:1.0:subject:subject-id
attribute.setAttributeId(new URI("urn:oasis:names:tc:xacml:1.0:subject:subject-id"));
//supported data type for id
//urn:oasis:names:tc:xacml:1.0:data-type:x500Name
//urn:sun:names:xacml:2.0:data-type:opensso-session-id
//urn:sun:names:xacml:2.0:data-type:openfm-sp-nameid
attribute.setDataType(new URI("urn:sun:names:xacml:2.0:data-type:opensso-session-id"));
List<String> valueList = new ArrayList<String>();
AuthContext lc = null;
String[] callbacks = { "amadmin", "admin123" };
SSOToken ssot = null;
try {
lc = new AuthContext("/");
AuthContext.IndexType indexType = AuthContext.IndexType.MODULE_INSTANCE;
String indexName = "DataStore";
log(Level.INFO, "testMapToNativeSubject():\n", " LDAPLogin: Obtained login context");
lc.login(indexType, indexName, callbacks);
if (lc.getStatus() == AuthContext.Status.SUCCESS) {
log(Level.INFO, "testMapToNativeSubject():\n", " Login success!!");
}
ssot = lc.getSSOToken();
} catch (Exception le) {
le.printStackTrace();
log(Level.INFO, "testMapToNativeSubject():\n", " Login failed!!");
}
String sid = ssot.getTokenID().toString();
log(Level.INFO, "testMapToNativeSubject():\n", " sid = " + sid);
valueList.add(sid);
attribute.setAttributeStringValues(valueList);
List<Attribute> attributeList = new ArrayList<Attribute>();
attributeList.add(attribute);
subject1.setAttributes(attributeList);
Subject[] subjects = { subject1 };
List<Subject> subjectsList = new ArrayList<Subject>();
subjectsList.add(subject1);
SSOToken retSSOToken = (SSOToken) subjectMapper.mapToNativeSubject(subjectsList);
String retSid = retSSOToken.getTokenID().toString();
log(Level.INFO, "testMapToNativeSubject():\n", " return sid = " + retSid);
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
Attribute(com.sun.identity.xacml.context.Attribute)
ArrayList(java.util.ArrayList)
AuthContext(com.sun.identity.authentication.AuthContext)
URI(java.net.URI)
Subject(com.sun.identity.xacml.context.Subject)
URISyntaxException(java.net.URISyntaxException)
XACMLException(com.sun.identity.xacml.common.XACMLException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Test(org.testng.annotations.Test)
Example 80 with Attribute
use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.
the class ActionImpl method parseElement.
// used by constructors
private void parseElement(Element element) throws SAML2Exception {
// make sure that the input xml block is not null
if (element == null) {
SAML2SDKUtils.debug.message("ActionImpl.parseElement:" + " Input is null.");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
}
// Make sure this is an Action.
String tag = null;
tag = element.getLocalName();
if ((tag == null) || (!tag.equals("Action"))) {
SAML2SDKUtils.debug.message("ActionImpl.parseElement: not Action.");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("wrongInput"));
}
// handle the attribute of <Action> element
NamedNodeMap atts = ((Node) element).getAttributes();
if (atts != null) {
Node att = atts.getNamedItem("Namespace");
if (att != null) {
namespace = ((Attr) att).getValue().trim();
}
}
if (namespace == null || namespace.length() == 0) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ActionImpl.parseElement: " + "Namespace is empty or missing.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missingAttribute"));
}
//handle the children elements of <Action>
NodeList nodes = element.getChildNodes();
int nodeCount = nodes.getLength();
if (nodeCount > 0) {
for (int i = 0; i < nodeCount; i++) {
Node currentNode = nodes.item(i);
if (currentNode.getNodeType() == Node.ELEMENT_NODE) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ActionImpl.parseElement: " + "Illegal value of the element.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("wrongInput"));
}
}
}
action = XMLUtils.getElementValue(element);
// check if the action is null.
if (action == null || action.trim().length() == 0) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ActionImpl.parseElement: " + "Action value is null or empty.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missingElementValue"));
}
mutable = false;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
NamedNodeMap(org.w3c.dom.NamedNodeMap)
Node(org.w3c.dom.Node)
NodeList(org.w3c.dom.NodeList)
Attr(org.w3c.dom.Attr)
Aggregations
ArrayList (java.util.ArrayList)57
List (java.util.List)46
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)40
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)37
Iterator (java.util.Iterator)24
Attribute (com.sun.identity.saml2.assertion.Attribute)22
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)22
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)21
HashMap (java.util.HashMap)21
Map (java.util.Map)18
JAXBException (javax.xml.bind.JAXBException)13
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)12
EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)12
Set (java.util.Set)11
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)9
HashSet (java.util.HashSet)9
Issuer (com.sun.identity.saml2.assertion.Issuer)8
Date (java.util.Date)8
Node (org.w3c.dom.Node)8
DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)7
