Search in sources :

Example 6 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class SPSingleLogout method processLogoutRequest.

/**
     * Gets and processes the Single <code>LogoutRequest</code> from IDP
     * and return <code>LogoutResponse</code>.
     *
     * @param logoutReq <code>LogoutRequest</code> from IDP
     * @param spEntityID name of host entity ID.
     * @param realm name of host entity.
     * @param request HTTP servlet request.
     * @param response HTTP servlet response.
     * @param isLBReq true if the request is for load balancing.
     * @param binding value of <code>SAML2Constants.HTTP_REDIRECT</code> or
     *        <code>SAML2Constants.SOAP</code>.
     * @param isVerified true if the request is verified already.
     * @return LogoutResponse the target URL on successful
     * <code>LogoutRequest</code>.
     */
public static LogoutResponse processLogoutRequest(LogoutRequest logoutReq, String spEntityID, String realm, HttpServletRequest request, HttpServletResponse response, boolean isLBReq, boolean destroySession, String binding, boolean isVerified) {
    final String method = "processLogoutRequest : ";
    NameID nameID = null;
    Status status = null;
    Issuer issuer = null;
    String idpEntity = logoutReq.getIssuer().getValue();
    String userId = null;
    try {
        do {
            // TODO: check the NotOnOrAfter attribute of LogoutRequest
            issuer = logoutReq.getIssuer();
            String requestId = logoutReq.getID();
            SAML2Utils.verifyRequestIssuer(realm, spEntityID, issuer, requestId);
            issuer = SAML2Utils.createIssuer(spEntityID);
            // get SessionIndex and NameID form LogoutRequest
            List siList = logoutReq.getSessionIndex();
            int numSI = 0;
            if (siList != null) {
                numSI = siList.size();
                if (debug.messageEnabled()) {
                    debug.message(method + "Number of session indices in the logout request is " + numSI);
                }
            }
            nameID = LogoutUtil.getNameIDFromSLORequest(logoutReq, realm, spEntityID, SAML2Constants.SP_ROLE);
            if (nameID == null) {
                debug.error(method + "LogoutRequest does not contain Name ID");
                status = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, SAML2Utils.bundle.getString("missing_name_identifier"));
                break;
            }
            String infoKeyString = null;
            infoKeyString = (new NameIDInfoKey(nameID.getValue(), spEntityID, idpEntity)).toValueString();
            if (debug.messageEnabled()) {
                debug.message(method + "infokey=" + infoKeyString);
            }
            if (SPCache.isFedlet) {
                // verify request
                if (!isVerified && !LogoutUtil.verifySLORequest(logoutReq, realm, idpEntity, spEntityID, SAML2Constants.SP_ROLE)) {
                    throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInRequest"));
                }
                // obtain fedlet adapter
                FedletAdapter fedletAdapter = SAML2Utils.getFedletAdapterClass(spEntityID, realm);
                boolean result = false;
                if (fedletAdapter != null) {
                    // call adapter to do real logout
                    result = fedletAdapter.doFedletSLO(request, response, logoutReq, spEntityID, idpEntity, siList, nameID.getValue(), binding);
                }
                if (result) {
                    status = SUCCESS_STATUS;
                } else {
                    status = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, SAML2Utils.bundle.getString("appLogoutFailed"));
                }
                break;
            }
            List list = (List) SPCache.fedSessionListsByNameIDInfoKey.get(infoKeyString);
            if (debug.messageEnabled()) {
                debug.message(method + "SPFedsessions=" + list);
            }
            if ((list == null) || list.isEmpty()) {
                String spQ = nameID.getSPNameQualifier();
                if ((spQ == null) || (spQ.length() == 0)) {
                    infoKeyString = (new NameIDInfoKey(nameID.getValue(), spEntityID, nameID.getNameQualifier())).toValueString();
                    list = (List) SPCache.fedSessionListsByNameIDInfoKey.get(infoKeyString);
                }
            }
            boolean foundPeer = false;
            List remoteServiceURLs = null;
            if (isLBReq) {
                remoteServiceURLs = FSUtils.getRemoteServiceURLs(request);
                foundPeer = remoteServiceURLs != null && !remoteServiceURLs.isEmpty();
            }
            if (debug.messageEnabled()) {
                debug.message(method + "isLBReq = " + isLBReq + ", foundPeer = " + foundPeer);
            }
            if (list == null || list.isEmpty()) {
                if (foundPeer) {
                    boolean peerError = false;
                    for (Iterator iter = remoteServiceURLs.iterator(); iter.hasNext(); ) {
                        String remoteLogoutURL = getRemoteLogoutURL((String) iter.next(), request);
                        LogoutResponse logoutRes = LogoutUtil.forwardToRemoteServer(logoutReq, remoteLogoutURL);
                        if ((logoutRes != null) && !isNameNotFound(logoutRes)) {
                            if (isSuccess(logoutRes)) {
                                if (numSI > 0) {
                                    siList = LogoutUtil.getSessionIndex(logoutRes);
                                    if (siList == null || siList.isEmpty()) {
                                        peerError = false;
                                        break;
                                    }
                                }
                            } else {
                                peerError = true;
                            }
                        }
                    }
                    if (peerError || (siList != null && siList.size() > 0)) {
                        status = PARTIAL_LOGOUT_STATUS;
                    } else {
                        status = SUCCESS_STATUS;
                    }
                } else {
                    debug.error(method + "invalid Name ID received");
                    status = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, SAML2Utils.bundle.getString("invalid_name_identifier"));
                }
                break;
            } else {
                // find the session, do signature validation
                if (!isVerified && !LogoutUtil.verifySLORequest(logoutReq, realm, logoutReq.getIssuer().getValue(), spEntityID, SAML2Constants.SP_ROLE)) {
                    throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInRequest"));
                }
                // invoke SPAdapter for preSingleLogoutProcess
                try {
                    String tokenId = ((SPFedSession) list.iterator().next()).spTokenID;
                    Object token = sessionProvider.getSession(tokenId);
                    userId = sessionProvider.getPrincipalName(token);
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("SPSingleLogout." + "processLogoutRequest, user = " + userId);
                    }
                } catch (SessionException ex) {
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("SPSingleLogout." + "processLogoutRequest", ex);
                    }
                }
                userId = preSingleLogoutProcess(spEntityID, realm, request, response, userId, logoutReq, null, binding);
            }
            // get application logout URL 
            BaseConfigType spConfig = SAML2Utils.getSAML2MetaManager().getSPSSOConfig(realm, spEntityID);
            List appLogoutURL = (List) SAML2MetaUtils.getAttributes(spConfig).get(SAML2Constants.APP_LOGOUT_URL);
            if (debug.messageEnabled()) {
                debug.message("IDPLogoutUtil.processLogoutRequest: " + "external app logout URL= " + appLogoutURL);
            }
            if (numSI == 0) {
                // logout all fed sessions for this user
                // between this SP and the IDP
                List tokenIDsToBeDestroyed = new ArrayList();
                synchronized (list) {
                    Iterator iter = list.listIterator();
                    while (iter.hasNext()) {
                        SPFedSession fedSession = (SPFedSession) iter.next();
                        tokenIDsToBeDestroyed.add(fedSession.spTokenID);
                        iter.remove();
                        if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
                            saml2Svc.setFedSessionCount((long) SPCache.fedSessionListsByNameIDInfoKey.size());
                        }
                    }
                }
                for (Iterator iter = tokenIDsToBeDestroyed.listIterator(); iter.hasNext(); ) {
                    String tokenID = (String) iter.next();
                    Object token = null;
                    try {
                        token = sessionProvider.getSession(tokenID);
                    } catch (SessionException se) {
                        debug.error(method + "Could not create session from token ID = " + tokenID);
                        continue;
                    }
                    if (debug.messageEnabled()) {
                        debug.message(method + "destroy token " + tokenID);
                    }
                    // handle external application logout if configured
                    if ((appLogoutURL != null) && (appLogoutURL.size() != 0)) {
                        SAML2Utils.postToAppLogout(request, (String) appLogoutURL.get(0), token);
                    }
                    if (destroySession) {
                        sessionProvider.invalidateSession(token, request, response);
                    }
                }
                if (foundPeer) {
                    boolean peerError = false;
                    for (Iterator iter = remoteServiceURLs.iterator(); iter.hasNext(); ) {
                        String remoteLogoutURL = getRemoteLogoutURL((String) iter.next(), request);
                        LogoutResponse logoutRes = LogoutUtil.forwardToRemoteServer(logoutReq, remoteLogoutURL);
                        if ((logoutRes == null) || !(isSuccess(logoutRes) || isNameNotFound(logoutRes))) {
                            peerError = true;
                        }
                    }
                    if (peerError) {
                        status = PARTIAL_LOGOUT_STATUS;
                    } else {
                        status = SUCCESS_STATUS;
                    }
                }
            } else {
                // logout only those fed sessions specified
                // in logout request session list
                String sessionIndex = null;
                List siNotFound = new ArrayList();
                for (int i = 0; i < numSI; i++) {
                    sessionIndex = (String) siList.get(i);
                    String tokenIDToBeDestroyed = null;
                    synchronized (list) {
                        Iterator iter = list.listIterator();
                        while (iter.hasNext()) {
                            SPFedSession fedSession = (SPFedSession) iter.next();
                            if (sessionIndex.equals(fedSession.idpSessionIndex)) {
                                if (debug.messageEnabled()) {
                                    debug.message(method + " found si + " + sessionIndex);
                                }
                                tokenIDToBeDestroyed = fedSession.spTokenID;
                                iter.remove();
                                if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
                                    saml2Svc.setFedSessionCount((long) SPCache.fedSessionListsByNameIDInfoKey.size());
                                }
                                break;
                            }
                        }
                    }
                    if (tokenIDToBeDestroyed != null) {
                        try {
                            Object token = sessionProvider.getSession(tokenIDToBeDestroyed);
                            if (debug.messageEnabled()) {
                                debug.message(method + "destroy token (2) " + tokenIDToBeDestroyed);
                            }
                            // handle external application logout 
                            if ((appLogoutURL != null) && (appLogoutURL.size() != 0)) {
                                SAML2Utils.postToAppLogout(request, (String) appLogoutURL.get(0), token);
                            }
                            if (destroySession) {
                                sessionProvider.invalidateSession(token, request, response);
                            }
                        } catch (SessionException se) {
                            debug.error(method + "Could not create " + "session from token ID = " + tokenIDToBeDestroyed);
                        }
                    } else {
                        siNotFound.add(sessionIndex);
                    }
                }
                if (isLBReq) {
                    if (foundPeer && !siNotFound.isEmpty()) {
                        boolean peerError = false;
                        LogoutRequest lReq = copyAndMakeMutable(logoutReq);
                        for (Iterator iter = remoteServiceURLs.iterator(); iter.hasNext(); ) {
                            lReq.setSessionIndex(siNotFound);
                            String remoteLogoutURL = getRemoteLogoutURL((String) iter.next(), request);
                            LogoutResponse logoutRes = LogoutUtil.forwardToRemoteServer(lReq, remoteLogoutURL);
                            if ((logoutRes != null) && !isNameNotFound(logoutRes)) {
                                if (isSuccess(logoutRes)) {
                                    siNotFound = LogoutUtil.getSessionIndex(logoutRes);
                                } else {
                                    peerError = true;
                                }
                            }
                            if (debug.messageEnabled()) {
                                debug.message(method + "siNotFound = " + siNotFound);
                            }
                            if (siNotFound == null || siNotFound.isEmpty()) {
                                peerError = false;
                                break;
                            }
                        }
                        if (peerError || (siNotFound != null && !siNotFound.isEmpty())) {
                            status = PARTIAL_LOGOUT_STATUS;
                        } else {
                            status = SUCCESS_STATUS;
                        }
                    } else {
                        status = SUCCESS_STATUS;
                    }
                } else {
                    if (siNotFound.isEmpty()) {
                        status = SUCCESS_STATUS;
                    } else {
                        status = SAML2Utils.generateStatus(SAML2Constants.SUCCESS, SAML2Utils.bundle.getString("requestSuccess"));
                        LogoutUtil.setSessionIndex(status, siNotFound);
                    }
                }
            }
        } while (false);
    } catch (SessionException se) {
        debug.error("processLogoutRequest: ", se);
        status = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, se.toString());
    } catch (SAML2Exception e) {
        debug.error("processLogoutRequest: " + "failed to create response", e);
        status = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, e.toString());
    }
    // create LogoutResponse
    if (spEntityID == null) {
        spEntityID = nameID.getSPNameQualifier();
    }
    LogoutResponse logResponse = LogoutUtil.generateResponse(status, logoutReq.getID(), issuer, realm, SAML2Constants.SP_ROLE, idpEntity);
    if (isSuccess(logResponse)) {
        // invoke SPAdapter for postSingleLogoutSuccess
        postSingleLogoutSuccess(spEntityID, realm, request, response, userId, logoutReq, logResponse, binding);
    }
    return logResponse;
}
Also used : Status(com.sun.identity.saml2.protocol.Status) LogoutResponse(com.sun.identity.saml2.protocol.LogoutResponse) NameID(com.sun.identity.saml2.assertion.NameID) Issuer(com.sun.identity.saml2.assertion.Issuer) ArrayList(java.util.ArrayList) SessionException(com.sun.identity.plugin.session.SessionException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType) FedletAdapter(com.sun.identity.saml2.plugins.FedletAdapter) ListIterator(java.util.ListIterator) Iterator(java.util.Iterator) List(java.util.List) ArrayList(java.util.ArrayList) LogoutRequest(com.sun.identity.saml2.protocol.LogoutRequest) NameIDInfoKey(com.sun.identity.saml2.common.NameIDInfoKey)

Example 7 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class AttributeQueryUtil method getAttributeAuthorityMapper.

/** 
     * Returns an <code>AttributeAuthorityMapper</code>
     *
     * @param realm the realm name
     * @param attrAuthorityEntityID the entity id of the attribute authority
     * @param attrQueryProfileAlias attribute profile alias
     *
     * @return the <code>AttributeAuthorityMapper</code>
     * @exception SAML2Exception if the operation is not successful
     */
static AttributeAuthorityMapper getAttributeAuthorityMapper(String realm, String attrAuthorityEntityID, String attrQueryProfileAlias) throws SAML2Exception {
    String attrAuthorityMapperName = null;
    AttributeAuthorityMapper attrAuthorityMapper = null;
    try {
        attrAuthorityMapperName = getAttributeValueFromAttrAuthorityConfig(realm, attrAuthorityEntityID, attrQueryProfileAlias + "_" + SAML2Constants.ATTRIBUTE_AUTHORITY_MAPPER);
        if (attrAuthorityMapperName == null) {
            attrAuthorityMapperName = SAML2Constants.DEFAULT_ATTRIBUTE_AUTHORITY_MAPPER_CLASS;
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("AttributeQueryUtil.getAttributeAuthorityMapper: use " + attrAuthorityMapperName);
            }
        }
        attrAuthorityMapper = (AttributeAuthorityMapper) attrAuthorityMapperCache.get(attrAuthorityMapperName);
        if (attrAuthorityMapper == null) {
            attrAuthorityMapper = (AttributeAuthorityMapper) Class.forName(attrAuthorityMapperName).newInstance();
            attrAuthorityMapperCache.put(attrAuthorityMapperName, attrAuthorityMapper);
        } else {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("AttributeQueryUtil.getAttributeAuthorityMapper: " + "got the AttributeAuthorityMapper from cache");
            }
        }
    } catch (Exception ex) {
        SAML2Utils.debug.error("AttributeQueryUtil.getAttributeAuthorityMapper: " + "Unable to get IDP Attribute Mapper.", ex);
        throw new SAML2Exception(ex);
    }
    return attrAuthorityMapper;
}
Also used : AttributeAuthorityMapper(com.sun.identity.saml2.plugins.AttributeAuthorityMapper) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SOAPException(javax.xml.soap.SOAPException) DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)

Example 8 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class AttributeQueryUtil method constructAttrQueryForFedlet.

/**
     * Constructs the Attribute Query used by the Fedlet to retrieve the 
     * values from IDP
     *
     * @param samlResp saml response
     *
     * @exception SAML2Exception if the operation is not successful
     *
     * @supported.api
     */
private static AttributeQuery constructAttrQueryForFedlet(String spEntityID, String idpEntityID, String nameIDValue, List<String> attrsList, String attrqMetaAlias, String attrProfileNameAlias, String subjectDN, boolean wantNameIDEncrypted) throws SAML2Exception {
    String attrqEntityID = SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(attrqMetaAlias);
    ProtocolFactory protocolFactory = ProtocolFactory.getInstance();
    AssertionFactory assertionFactory = AssertionFactory.getInstance();
    AttributeQuery attrQuery = protocolFactory.createAttributeQuery();
    Issuer issuer = assertionFactory.createIssuer();
    issuer.setValue(attrqEntityID);
    attrQuery.setIssuer(issuer);
    attrQuery.setID(SAML2Utils.generateID());
    attrQuery.setVersion(SAML2Constants.VERSION_2_0);
    attrQuery.setIssueInstant(new Date());
    List attrs = new ArrayList();
    for (String attributeName : attrsList) {
        Attribute attr = assertionFactory.createAttribute();
        attr.setName(attributeName);
        attr.setNameFormat(SAML2Constants.BASIC_NAME_FORMAT);
        attrs.add(attr);
    }
    attrQuery.setAttributes(attrs);
    Subject subject = assertionFactory.createSubject();
    NameID nameID = assertionFactory.createNameID();
    nameID.setNameQualifier(idpEntityID);
    nameID.setSPNameQualifier(spEntityID);
    if (attrProfileNameAlias.equals(SAML2Constants.DEFAULT_ATTR_QUERY_PROFILE_ALIAS)) {
        nameID.setFormat(SAML2Constants.NAMEID_TRANSIENT_FORMAT);
        nameID.setValue(nameIDValue);
    }
    if (attrProfileNameAlias.equals(SAML2Constants.X509_SUBJECT_ATTR_QUERY_PROFILE_ALIAS)) {
        nameID.setFormat(SAML2Constants.X509_SUBJECT_NAME);
        nameID.setValue(subjectDN);
    }
    if (!wantNameIDEncrypted) {
        subject.setNameID(nameID);
    } else {
        AttributeAuthorityDescriptorElement aad = metaManager.getAttributeAuthorityDescriptor("/", idpEntityID);
        EncInfo encInfo = KeyUtil.getEncInfo(aad, idpEntityID, SAML2Constants.ATTR_AUTH_ROLE);
        EncryptedID encryptedID = nameID.encrypt(encInfo.getWrappingKey(), encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength(), idpEntityID);
        subject.setEncryptedID(encryptedID);
    }
    attrQuery.setSubject(subject);
    return attrQuery;
}
Also used : Issuer(com.sun.identity.saml2.assertion.Issuer) Attribute(com.sun.identity.saml2.assertion.Attribute) NameID(com.sun.identity.saml2.assertion.NameID) ArrayList(java.util.ArrayList) AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement) EncryptedID(com.sun.identity.saml2.assertion.EncryptedID) Date(java.util.Date) Subject(com.sun.identity.saml2.assertion.Subject) ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory) EncInfo(com.sun.identity.saml2.key.EncInfo) AssertionFactory(com.sun.identity.saml2.assertion.AssertionFactory) AttributeQuery(com.sun.identity.saml2.protocol.AttributeQuery) List(java.util.List) ArrayList(java.util.ArrayList)

Example 9 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class AttributeQueryUtil method isValueValid.

private static boolean isValueValid(Attribute desiredAttr, AttributeElement supportedAttr) {
    List valuesD = desiredAttr.getAttributeValueString();
    if ((valuesD == null) || (valuesD.isEmpty())) {
        return true;
    }
    List attrValuesS = supportedAttr.getAttributeValue();
    if ((attrValuesS == null) || (attrValuesS.isEmpty())) {
        return true;
    }
    List valuesS = new ArrayList();
    for (Iterator iter = attrValuesS.iterator(); iter.hasNext(); ) {
        AttributeValueElement attrValueElem = (AttributeValueElement) iter.next();
        valuesS.addAll(attrValueElem.getContent());
    }
    try {
        return valuesS.containsAll(valuesD);
    } catch (Exception ex) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AttributeQueryUtil.isValueValid:", ex);
        }
        return false;
    }
}
Also used : ArrayList(java.util.ArrayList) Iterator(java.util.Iterator) List(java.util.List) ArrayList(java.util.ArrayList) AttributeValueElement(com.sun.identity.saml2.jaxb.assertion.AttributeValueElement) SOAPException(javax.xml.soap.SOAPException) DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)

Example 10 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class AttributeQueryUtil method sendAttributeQuery.

/**
     * Sends the <code>AttributeQuery</code> to specified
     * attribute authority and returns <code>Response</code> coming
     * from the attribute authority.
     *
     * @param attrQuery the <code>AttributeQuery</code> object
     * @param request the HTTP Request
     * @param  response the HTTP Response
     * @param attrAuthorityEntityID entity ID of attribute authority
     * @param realm the realm of hosted entity
     * @param attrQueryProfile the attribute query profile or null to ignore
     * @param attrProfile the attribute profile
     * @param binding the binding
     *
     * @exception SAML2Exception if the operation is not successful
     *
     * @supported.api
     */
public static void sendAttributeQuery(AttributeQuery attrQuery, HttpServletRequest request, HttpServletResponse response, String attrAuthorityEntityID, String realm, String attrQueryProfile, String attrProfile, String binding) throws SAML2Exception {
    AttributeAuthorityDescriptorElement aad = null;
    try {
        aad = metaManager.getAttributeAuthorityDescriptor(realm, attrAuthorityEntityID);
    } catch (SAML2MetaException sme) {
        SAML2Utils.debug.error("AttributeQueryUtil.sendAttributeQuery:", sme);
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    }
    if (aad == null) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("attrAuthorityNotFound"));
    }
    if (binding == null) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
    }
    String location = findLocation(aad, binding, attrQueryProfile, attrProfile);
    if (location == null) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("attrAuthorityNotFound"));
    }
    if (binding.equalsIgnoreCase(SAML2Constants.HTTP_POST)) {
        signAttributeQuery(attrQuery, realm, false);
        String encodedReqMsg = SAML2Utils.encodeForPOST(attrQuery.toXMLString(true, true));
        SAML2Utils.postToTarget(request, response, "SAMLRequest", encodedReqMsg, null, null, location);
    } else {
        throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Aggregations

ArrayList (java.util.ArrayList)57 List (java.util.List)46 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)40 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)37 Iterator (java.util.Iterator)24 Attribute (com.sun.identity.saml2.assertion.Attribute)22 SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)22 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)21 HashMap (java.util.HashMap)21 Map (java.util.Map)18 JAXBException (javax.xml.bind.JAXBException)13 EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)12 EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)12 Set (java.util.Set)11 BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)9 HashSet (java.util.HashSet)9 Issuer (com.sun.identity.saml2.assertion.Issuer)8 Date (java.util.Date)8 Node (org.w3c.dom.Node)8 DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)7