Example 16 with Attribute
use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.
the class AttributeQueryUtil method verifyAttrQuerySignature.
/**
* Checks if the attribute query signature is valid.
*
* @param attrQuery attribute query
* @param attrAuthorityEntityID entity ID of attribute authority
* @param realm the realm of hosted entity
*
* @exception SAML2Exception if the attribute query signature is not valid.
*/
public static void verifyAttrQuerySignature(AttributeQuery attrQuery, String attrAuthorityEntityID, String realm) throws SAML2Exception {
if (!attrQuery.isSigned()) {
throw new SAML2Exception(SAML2Utils.bundle.getString("attrQueryNotSigned"));
}
String requestedEntityID = attrQuery.getIssuer().getValue();
AttributeQueryDescriptorElement attrqDesc = metaManager.getAttributeQueryDescriptor(realm, requestedEntityID);
if (attrqDesc == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("attrQueryIssuerNotFound"));
}
Set<X509Certificate> signingCerts = KeyUtil.getVerificationCerts(attrqDesc, requestedEntityID, SAML2Constants.ATTR_QUERY_ROLE);
if (!signingCerts.isEmpty()) {
boolean valid = attrQuery.isSignatureValid(signingCerts);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.verifyAttributeQuery: " + "Signature validity is : " + valid);
}
if (!valid) {
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignatureAttrQuery"));
}
} else {
throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
AttributeQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement)
X509Certificate(java.security.cert.X509Certificate)
Example 17 with Attribute
use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.
the class AttributeQueryUtil method filterAttributeValues.
private static Attribute filterAttributeValues(Attribute attr, Attribute desiredAttr) {
List valuesD = desiredAttr.getAttributeValueString();
if ((valuesD == null) || (valuesD.isEmpty())) {
return attr;
}
List values = attr.getAttributeValueString();
if ((values == null) || (values.isEmpty())) {
return null;
}
List newValuesD = new ArrayList();
for (Iterator iter = valuesD.iterator(); iter.hasNext(); ) {
String valueD = (String) iter.next();
if (values.contains(valueD)) {
newValuesD.add(valueD);
}
}
if (newValuesD.isEmpty()) {
return null;
}
if (newValuesD.size() == valuesD.size()) {
return desiredAttr;
}
try {
Attribute newAttr = AssertionFactory.getInstance().createAttribute();
newAttr.setName(desiredAttr.getName());
newAttr.setNameFormat(desiredAttr.getNameFormat());
newAttr.setFriendlyName(desiredAttr.getFriendlyName());
newAttr.setAnyAttribute(desiredAttr.getAnyAttribute());
newAttr.setAttributeValueString(newValuesD);
return newAttr;
} catch (SAML2Exception se) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.filterAttributeValues:", se);
}
return null;
}
}Example 18 with Attribute
use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.
the class DefaultSPAuthnContextMapper method getAuthLevelFromAdvice.
/**
* Returns the auth level from advice.
* The advice is passed in through paramsMap as follows:
* Key: Value:
* sunamcompositeadvice URLEncoded XML blob that specifies auth level
* advice. Here is an example of the xml blob:
* <Advice>
* <AttributeValuePair>
* <Attribute name="AuthLevelConditionAdvice"/>
* <Value>/:1</Value>
* </AttributeValuePair>
* </Advice>
*
* In this advice, the requested auth level is 1.
* Note: The ":" before auth level 1 is a must.
*/
private Integer getAuthLevelFromAdvice(Map paramsMap) {
Integer level = null;
List advices = (List) paramsMap.get(SAML2Constants.AUTH_LEVEL_ADVICE);
if (advices != null && !advices.isEmpty()) {
String adviceXML = URLEncDec.decode((String) advices.iterator().next());
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("DefaultSPAuthnContextMapper:adviceXML=" + adviceXML);
}
Set authLevelvalues = null;
// parse xml
Document document = XMLUtils.toDOMDocument(adviceXML, SAML2Utils.debug);
if (document != null) {
Node adviceNode = XMLUtils.getRootNode(document, "Advices");
if (adviceNode != null) {
Map advicePair = XMLUtils.parseAttributeValuePairTags(adviceNode);
authLevelvalues = (Set) advicePair.get("AuthLevelConditionAdvice");
}
}
if ((authLevelvalues != null) && (!authLevelvalues.isEmpty())) {
// get the lowest auth level from the given set
Iterator iter = authLevelvalues.iterator();
while (iter.hasNext()) {
String authLevelvalue = (String) iter.next();
if (authLevelvalue != null && authLevelvalue.length() != 0) {
int index = authLevelvalue.indexOf(":");
String authLevelStr = null;
if (index != -1) {
authLevelStr = authLevelvalue.substring(index + 1).trim();
} else {
authLevelStr = authLevelvalue;
}
try {
Integer authLevel = new Integer(authLevelStr);
if (level == null || level.compareTo(authLevel) > 0) {
level = authLevel;
}
} catch (Exception nex) {
continue;
}
}
}
}
}
return level;
}
Also used :
Set(java.util.Set)
Node(org.w3c.dom.Node)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
Document(org.w3c.dom.Document)
HashMap(java.util.HashMap)
LinkedHashMap(java.util.LinkedHashMap)
Map(java.util.Map)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Example 19 with Attribute
use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.
the class AttributeQueryImpl method getXMLString.
protected void getXMLString(Set namespaces, StringBuffer attrs, StringBuffer childElements, boolean includeNSPrefix, boolean declareNS) throws SAML2Exception {
if (declareNS) {
namespaces.add(SAML2Constants.PROTOCOL_DECLARE_STR.trim());
namespaces.add(SAML2Constants.ASSERTION_DECLARE_STR.trim());
}
super.getXMLString(namespaces, attrs, childElements, includeNSPrefix, declareNS);
if ((attributes != null) && (!attributes.isEmpty())) {
for (Iterator iter = attributes.iterator(); iter.hasNext(); ) {
Attribute attribute = (Attribute) iter.next();
childElements.append(attribute.toXMLString(includeNSPrefix, declareNS)).append(SAML2Constants.NEWLINE);
}
}
}
Also used :
Attribute(com.sun.identity.saml2.assertion.Attribute)
Iterator(java.util.Iterator)
ListIterator(java.util.ListIterator)
Example 20 with Attribute
use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.
the class SAML2 method linkAttributeValues.
/**
* Performs the functions of linking attribute values that have been received from the assertion
* by building them into appropriate strings and asking the auth service to migrate them into session
* properties once authentication is completed.
*/
private void linkAttributeValues(Assertion assertion, String userName) throws AuthLoginException, SAML2Exception {
final String spName = metaManager.getEntityByMetaAlias(metaAlias);
final SPSSOConfigElement spssoconfig = metaManager.getSPSSOConfig(realm, spName);
final String assertionEncryptedAttr = SAML2Utils.getAttributeValueFromSPSSOConfig(spssoconfig, SAML2Constants.WANT_ASSERTION_ENCRYPTED);
final boolean needAttributeEncrypted = SPACSUtils.getNeedAttributeEncrypted(assertionEncryptedAttr, spssoconfig);
final Set<PrivateKey> decryptionKeys = KeyUtil.getDecryptionKeys(spssoconfig);
final List<Attribute> attrs = SPACSUtils.getAttrs(assertion, needAttributeEncrypted, decryptionKeys);
final SPAttributeMapper attrMapper = SAML2Utils.getSPAttributeMapper(realm, spName);
final Map<String, Set<String>> attrMap;
try {
attrMap = attrMapper.getAttributes(attrs, userName, spName, entityName, realm);
} catch (SAML2Exception se) {
//no attributes
return;
}
setUserAttributes(attrMap);
if (assertion.getAdvice() != null) {
List<String> creds = assertion.getAdvice().getAdditionalInfo();
attrMap.put(SAML2Constants.DISCOVERY_BOOTSTRAP_CREDENTIALS, new HashSet<>(creds));
}
for (String name : attrMap.keySet()) {
Set<String> value = attrMap.get(name);
StringBuilder toStore = new StringBuilder();
// | is defined as the property value delimiter, cf FMSessionProvider#setProperty
for (String toAdd : value) {
toStore.append(com.sun.identity.shared.StringUtils.getEscapedValue(toAdd)).append(PROPERTY_VALUES_SEPARATOR);
}
toStore.deleteCharAt(toStore.length() - 1);
setUserSessionProperty(name, toStore.toString());
}
}
Also used :
PrivateKey(java.security.PrivateKey)
Set(java.util.Set)
HashSet(java.util.HashSet)
Attribute(com.sun.identity.saml2.assertion.Attribute)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
SPAttributeMapper(com.sun.identity.saml2.plugins.SPAttributeMapper)
Aggregations
ArrayList (java.util.ArrayList)57
List (java.util.List)46
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)40
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)37
Iterator (java.util.Iterator)24
Attribute (com.sun.identity.saml2.assertion.Attribute)22
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)22
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)21
HashMap (java.util.HashMap)21
Map (java.util.Map)18
JAXBException (javax.xml.bind.JAXBException)13
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)12
EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)12
Set (java.util.Set)11
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)9
HashSet (java.util.HashSet)9
Issuer (com.sun.identity.saml2.assertion.Issuer)8
Date (java.util.Date)8
Node (org.w3c.dom.Node)8
DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)7
