Search in sources :

Example 41 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class SPACSUtils method processResponseForFedlet.

/**
     * Processes response from Identity Provider to Fedlet (SP).
     * This will do all required protocol processing, include signature,
     * issuer and audience validation etc. A map containing processing
     * result will be returned. <br>
     * Here is a list of keys and values for the returned map: <br>
     * SAML2Constants.ATTRIBUTE_MAP -- Attribute map containing all attributes
     *                                 passed down from IDP inside the 
     *                                 Assertion. The value is a 
     *                                 <code>java.util.Map</code> whose keys 
     *                                 are attribute names and values are 
     *                                 <code>java.util.Set</code> of string 
     *                                 values for the attributes. <br>
     * SAML2Constants.RELAY_STATE -- Relay state, value is a string <br>
     * SAML2Constants.IDPENTITYID -- IDP entity ID, value is a string<br>
     * SAML2Constants.RESPONSE    -- Response object, value is an instance of 
     *                               com.sun.identity.saml2.protocol.Response
     * SAML2Constants.ASSERTION   -- Assertion object, value is an instance of 
     *                               com.sun.identity.saml2.assertion.Assertion
     * SAML2Constants.SUBJECT     -- Subject object, value is an instance of 
     *                               com.sun.identity.saml2.assertion.Subject
     * SAML2Constants.NAMEID      -- NameID object, value is an instance of 
     *                               com.sun.identity.saml2.assertion.NameID
     *
     * @param request HTTP Servlet request
     * @param response HTTP Servlet response.
     * @param out the print writer for writing out presentation
     *
     * @return <code>Map</code> which holds result of the processing.
     * @throws SAML2Exception if the processing failed due to server error.
     * @throws IOException if the processing failed due to IO error.
     * @throws SessionException if the processing failed due to session error.
     * @throws ServletException if the processing failed due to request error.
     *
     * @supported.api
     */
public static Map processResponseForFedlet(HttpServletRequest request, HttpServletResponse response, PrintWriter out) throws SAML2Exception, IOException, SessionException, ServletException {
    if ((request == null) || (response == null)) {
        throw new ServletException(SAML2SDKUtils.bundle.getString("nullInput"));
    }
    String requestURL = request.getRequestURL().toString();
    SAML2MetaManager metaManager = new SAML2MetaManager();
    if (metaManager == null) {
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("errorMetaManager"));
    }
    String metaAlias = SAML2MetaUtils.getMetaAliasByUri(requestURL);
    if ((metaAlias == null) || (metaAlias.length() == 0)) {
        // Check in case metaAlias has been supplied as a parameter
        metaAlias = request.getParameter(SAML2MetaManager.NAME_META_ALIAS_IN_URI);
        if (metaAlias == null || metaAlias.length() == 0) {
            // pick the first available one
            List spMetaAliases = metaManager.getAllHostedServiceProviderMetaAliases("/");
            if ((spMetaAliases != null) && !spMetaAliases.isEmpty()) {
                // get first one
                metaAlias = (String) spMetaAliases.get(0);
            }
            if ((metaAlias == null) || (metaAlias.length() == 0)) {
                throw new ServletException(SAML2SDKUtils.bundle.getString("nullSPEntityID"));
            }
        }
    }
    String hostEntityId = null;
    try {
        hostEntityId = metaManager.getEntityByMetaAlias(metaAlias);
    } catch (SAML2MetaException sme) {
        SAML2SDKUtils.debug.error("SPACSUtils.processResponseForFedlet", sme);
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("metaDataError"));
    }
    if (hostEntityId == null) {
        // logging?
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("metaDataError"));
    }
    // organization is always root org
    String orgName = "/";
    String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
    SessionProvider sessionProvider = null;
    ResponseInfo respInfo = null;
    try {
        sessionProvider = SessionManager.getProvider();
    } catch (SessionException se) {
        SAML2SDKUtils.debug.error("SPACSUtils.processResponseForFedlet", se);
        throw new SAML2Exception(se);
    }
    respInfo = SPACSUtils.getResponse(request, response, orgName, hostEntityId, metaManager);
    Object newSession = null;
    // Throws a SAML2Exception if the response cannot be validated
    // or contains a non-Success StatusCode, invoking the SPAdapter SPI
    // for taking action on the failed validation.
    // The resulting exception has its redirectionDone flag set if
    // the SPAdapter issued a HTTP redirect.
    newSession = SPACSUtils.processResponse(request, response, out, metaAlias, null, respInfo, orgName, hostEntityId, metaManager, null);
    SAML2SDKUtils.debug.message("SSO SUCCESS");
    String[] redirected = sessionProvider.getProperty(newSession, SAML2Constants.RESPONSE_REDIRECTED);
    if ((redirected != null) && (redirected.length != 0) && redirected[0].equals("true")) {
        SAML2SDKUtils.debug.message("Already redirected in SPAdapter.");
        // response redirected already in SPAdapter
        return createMapForFedlet(respInfo, null, hostEntityId);
    }
    // redirect to relay state
    String finalUrl = SPACSUtils.getRelayState(relayState, orgName, hostEntityId, metaManager);
    String realFinalUrl = finalUrl;
    if (finalUrl != null && finalUrl.length() != 0) {
        try {
            realFinalUrl = sessionProvider.rewriteURL(newSession, finalUrl);
        } catch (SessionException se) {
            SAML2SDKUtils.debug.message("SPACSUtils.processRespForFedlet", se);
            realFinalUrl = finalUrl;
        }
    }
    String redirectUrl = SPACSUtils.getIntermediateURL(orgName, hostEntityId, metaManager);
    String realRedirectUrl = null;
    if (redirectUrl != null && redirectUrl.length() != 0) {
        if (realFinalUrl != null && realFinalUrl.length() != 0) {
            if (redirectUrl.indexOf("?") != -1) {
                redirectUrl += "&goto=";
            } else {
                redirectUrl += "?goto=";
            }
            redirectUrl += URLEncDec.encode(realFinalUrl);
            try {
                realRedirectUrl = sessionProvider.rewriteURL(newSession, redirectUrl);
            } catch (SessionException se) {
                SAML2SDKUtils.debug.message("SPACSUtils.processRespForFedlet: rewriting failed.", se);
                realRedirectUrl = redirectUrl;
            }
        } else {
            realRedirectUrl = redirectUrl;
        }
    } else {
        realRedirectUrl = finalUrl;
    }
    return createMapForFedlet(respInfo, realRedirectUrl, hostEntityId);
}
Also used : ServletException(javax.servlet.ServletException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SessionException(com.sun.identity.plugin.session.SessionException) List(java.util.List) ArrayList(java.util.ArrayList) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 42 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class SPSingleLogout method processLogoutRequest.

/**
     * Gets and processes the Single <code>LogoutRequest</code> from IDP
     * and return <code>LogoutResponse</code>.
     *
     * @param logoutReq <code>LogoutRequest</code> from IDP
     * @param spEntityID name of host entity ID.
     * @param realm name of host entity.
     * @param request HTTP servlet request.
     * @param response HTTP servlet response.
     * @param isLBReq true if the request is for load balancing.
     * @param binding value of <code>SAML2Constants.HTTP_REDIRECT</code> or
     *        <code>SAML2Constants.SOAP</code>.
     * @param isVerified true if the request is verified already.
     * @return LogoutResponse the target URL on successful
     * <code>LogoutRequest</code>.
     */
public static LogoutResponse processLogoutRequest(LogoutRequest logoutReq, String spEntityID, String realm, HttpServletRequest request, HttpServletResponse response, boolean isLBReq, boolean destroySession, String binding, boolean isVerified) {
    final String method = "processLogoutRequest : ";
    NameID nameID = null;
    Status status = null;
    Issuer issuer = null;
    String idpEntity = logoutReq.getIssuer().getValue();
    String userId = null;
    try {
        do {
            // TODO: check the NotOnOrAfter attribute of LogoutRequest
            issuer = logoutReq.getIssuer();
            String requestId = logoutReq.getID();
            SAML2Utils.verifyRequestIssuer(realm, spEntityID, issuer, requestId);
            issuer = SAML2Utils.createIssuer(spEntityID);
            // get SessionIndex and NameID form LogoutRequest
            List siList = logoutReq.getSessionIndex();
            int numSI = 0;
            if (siList != null) {
                numSI = siList.size();
                if (debug.messageEnabled()) {
                    debug.message(method + "Number of session indices in the logout request is " + numSI);
                }
            }
            nameID = LogoutUtil.getNameIDFromSLORequest(logoutReq, realm, spEntityID, SAML2Constants.SP_ROLE);
            if (nameID == null) {
                debug.error(method + "LogoutRequest does not contain Name ID");
                status = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, SAML2Utils.bundle.getString("missing_name_identifier"));
                break;
            }
            String infoKeyString = null;
            infoKeyString = (new NameIDInfoKey(nameID.getValue(), spEntityID, idpEntity)).toValueString();
            if (debug.messageEnabled()) {
                debug.message(method + "infokey=" + infoKeyString);
            }
            if (SPCache.isFedlet) {
                // verify request
                if (!isVerified && !LogoutUtil.verifySLORequest(logoutReq, realm, idpEntity, spEntityID, SAML2Constants.SP_ROLE)) {
                    throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInRequest"));
                }
                // obtain fedlet adapter
                FedletAdapter fedletAdapter = SAML2Utils.getFedletAdapterClass(spEntityID, realm);
                boolean result = false;
                if (fedletAdapter != null) {
                    // call adapter to do real logout
                    result = fedletAdapter.doFedletSLO(request, response, logoutReq, spEntityID, idpEntity, siList, nameID.getValue(), binding);
                }
                if (result) {
                    status = SUCCESS_STATUS;
                } else {
                    status = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, SAML2Utils.bundle.getString("appLogoutFailed"));
                }
                break;
            }
            List list = (List) SPCache.fedSessionListsByNameIDInfoKey.get(infoKeyString);
            if (debug.messageEnabled()) {
                debug.message(method + "SPFedsessions=" + list);
            }
            if ((list == null) || list.isEmpty()) {
                String spQ = nameID.getSPNameQualifier();
                if ((spQ == null) || (spQ.length() == 0)) {
                    infoKeyString = (new NameIDInfoKey(nameID.getValue(), spEntityID, nameID.getNameQualifier())).toValueString();
                    list = (List) SPCache.fedSessionListsByNameIDInfoKey.get(infoKeyString);
                }
            }
            boolean foundPeer = false;
            List remoteServiceURLs = null;
            if (isLBReq) {
                remoteServiceURLs = FSUtils.getRemoteServiceURLs(request);
                foundPeer = remoteServiceURLs != null && !remoteServiceURLs.isEmpty();
            }
            if (debug.messageEnabled()) {
                debug.message(method + "isLBReq = " + isLBReq + ", foundPeer = " + foundPeer);
            }
            if (list == null || list.isEmpty()) {
                if (foundPeer) {
                    boolean peerError = false;
                    for (Iterator iter = remoteServiceURLs.iterator(); iter.hasNext(); ) {
                        String remoteLogoutURL = getRemoteLogoutURL((String) iter.next(), request);
                        LogoutResponse logoutRes = LogoutUtil.forwardToRemoteServer(logoutReq, remoteLogoutURL);
                        if ((logoutRes != null) && !isNameNotFound(logoutRes)) {
                            if (isSuccess(logoutRes)) {
                                if (numSI > 0) {
                                    siList = LogoutUtil.getSessionIndex(logoutRes);
                                    if (siList == null || siList.isEmpty()) {
                                        peerError = false;
                                        break;
                                    }
                                }
                            } else {
                                peerError = true;
                            }
                        }
                    }
                    if (peerError || (siList != null && siList.size() > 0)) {
                        status = PARTIAL_LOGOUT_STATUS;
                    } else {
                        status = SUCCESS_STATUS;
                    }
                } else {
                    debug.error(method + "invalid Name ID received");
                    status = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, SAML2Utils.bundle.getString("invalid_name_identifier"));
                }
                break;
            } else {
                // find the session, do signature validation
                if (!isVerified && !LogoutUtil.verifySLORequest(logoutReq, realm, logoutReq.getIssuer().getValue(), spEntityID, SAML2Constants.SP_ROLE)) {
                    throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInRequest"));
                }
                // invoke SPAdapter for preSingleLogoutProcess
                try {
                    String tokenId = ((SPFedSession) list.iterator().next()).spTokenID;
                    Object token = sessionProvider.getSession(tokenId);
                    userId = sessionProvider.getPrincipalName(token);
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("SPSingleLogout." + "processLogoutRequest, user = " + userId);
                    }
                } catch (SessionException ex) {
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("SPSingleLogout." + "processLogoutRequest", ex);
                    }
                }
                userId = preSingleLogoutProcess(spEntityID, realm, request, response, userId, logoutReq, null, binding);
            }
            // get application logout URL 
            BaseConfigType spConfig = SAML2Utils.getSAML2MetaManager().getSPSSOConfig(realm, spEntityID);
            List appLogoutURL = (List) SAML2MetaUtils.getAttributes(spConfig).get(SAML2Constants.APP_LOGOUT_URL);
            if (debug.messageEnabled()) {
                debug.message("IDPLogoutUtil.processLogoutRequest: " + "external app logout URL= " + appLogoutURL);
            }
            if (numSI == 0) {
                // logout all fed sessions for this user
                // between this SP and the IDP
                List tokenIDsToBeDestroyed = new ArrayList();
                synchronized (list) {
                    Iterator iter = list.listIterator();
                    while (iter.hasNext()) {
                        SPFedSession fedSession = (SPFedSession) iter.next();
                        tokenIDsToBeDestroyed.add(fedSession.spTokenID);
                        iter.remove();
                        if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
                            saml2Svc.setFedSessionCount((long) SPCache.fedSessionListsByNameIDInfoKey.size());
                        }
                    }
                }
                for (Iterator iter = tokenIDsToBeDestroyed.listIterator(); iter.hasNext(); ) {
                    String tokenID = (String) iter.next();
                    Object token = null;
                    try {
                        token = sessionProvider.getSession(tokenID);
                    } catch (SessionException se) {
                        debug.error(method + "Could not create session from token ID = " + tokenID);
                        continue;
                    }
                    if (debug.messageEnabled()) {
                        debug.message(method + "destroy token " + tokenID);
                    }
                    // handle external application logout if configured
                    if ((appLogoutURL != null) && (appLogoutURL.size() != 0)) {
                        SAML2Utils.postToAppLogout(request, (String) appLogoutURL.get(0), token);
                    }
                    if (destroySession) {
                        sessionProvider.invalidateSession(token, request, response);
                    }
                }
                if (foundPeer) {
                    boolean peerError = false;
                    for (Iterator iter = remoteServiceURLs.iterator(); iter.hasNext(); ) {
                        String remoteLogoutURL = getRemoteLogoutURL((String) iter.next(), request);
                        LogoutResponse logoutRes = LogoutUtil.forwardToRemoteServer(logoutReq, remoteLogoutURL);
                        if ((logoutRes == null) || !(isSuccess(logoutRes) || isNameNotFound(logoutRes))) {
                            peerError = true;
                        }
                    }
                    if (peerError) {
                        status = PARTIAL_LOGOUT_STATUS;
                    } else {
                        status = SUCCESS_STATUS;
                    }
                }
            } else {
                // logout only those fed sessions specified
                // in logout request session list
                String sessionIndex = null;
                List siNotFound = new ArrayList();
                for (int i = 0; i < numSI; i++) {
                    sessionIndex = (String) siList.get(i);
                    String tokenIDToBeDestroyed = null;
                    synchronized (list) {
                        Iterator iter = list.listIterator();
                        while (iter.hasNext()) {
                            SPFedSession fedSession = (SPFedSession) iter.next();
                            if (sessionIndex.equals(fedSession.idpSessionIndex)) {
                                if (debug.messageEnabled()) {
                                    debug.message(method + " found si + " + sessionIndex);
                                }
                                tokenIDToBeDestroyed = fedSession.spTokenID;
                                iter.remove();
                                if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
                                    saml2Svc.setFedSessionCount((long) SPCache.fedSessionListsByNameIDInfoKey.size());
                                }
                                break;
                            }
                        }
                    }
                    if (tokenIDToBeDestroyed != null) {
                        try {
                            Object token = sessionProvider.getSession(tokenIDToBeDestroyed);
                            if (debug.messageEnabled()) {
                                debug.message(method + "destroy token (2) " + tokenIDToBeDestroyed);
                            }
                            // handle external application logout 
                            if ((appLogoutURL != null) && (appLogoutURL.size() != 0)) {
                                SAML2Utils.postToAppLogout(request, (String) appLogoutURL.get(0), token);
                            }
                            if (destroySession) {
                                sessionProvider.invalidateSession(token, request, response);
                            }
                        } catch (SessionException se) {
                            debug.error(method + "Could not create " + "session from token ID = " + tokenIDToBeDestroyed);
                        }
                    } else {
                        siNotFound.add(sessionIndex);
                    }
                }
                if (isLBReq) {
                    if (foundPeer && !siNotFound.isEmpty()) {
                        boolean peerError = false;
                        LogoutRequest lReq = copyAndMakeMutable(logoutReq);
                        for (Iterator iter = remoteServiceURLs.iterator(); iter.hasNext(); ) {
                            lReq.setSessionIndex(siNotFound);
                            String remoteLogoutURL = getRemoteLogoutURL((String) iter.next(), request);
                            LogoutResponse logoutRes = LogoutUtil.forwardToRemoteServer(lReq, remoteLogoutURL);
                            if ((logoutRes != null) && !isNameNotFound(logoutRes)) {
                                if (isSuccess(logoutRes)) {
                                    siNotFound = LogoutUtil.getSessionIndex(logoutRes);
                                } else {
                                    peerError = true;
                                }
                            }
                            if (debug.messageEnabled()) {
                                debug.message(method + "siNotFound = " + siNotFound);
                            }
                            if (siNotFound == null || siNotFound.isEmpty()) {
                                peerError = false;
                                break;
                            }
                        }
                        if (peerError || (siNotFound != null && !siNotFound.isEmpty())) {
                            status = PARTIAL_LOGOUT_STATUS;
                        } else {
                            status = SUCCESS_STATUS;
                        }
                    } else {
                        status = SUCCESS_STATUS;
                    }
                } else {
                    if (siNotFound.isEmpty()) {
                        status = SUCCESS_STATUS;
                    } else {
                        status = SAML2Utils.generateStatus(SAML2Constants.SUCCESS, SAML2Utils.bundle.getString("requestSuccess"));
                        LogoutUtil.setSessionIndex(status, siNotFound);
                    }
                }
            }
        } while (false);
    } catch (SessionException se) {
        debug.error("processLogoutRequest: ", se);
        status = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, se.toString());
    } catch (SAML2Exception e) {
        debug.error("processLogoutRequest: " + "failed to create response", e);
        status = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, e.toString());
    }
    // create LogoutResponse
    if (spEntityID == null) {
        spEntityID = nameID.getSPNameQualifier();
    }
    LogoutResponse logResponse = LogoutUtil.generateResponse(status, logoutReq.getID(), issuer, realm, SAML2Constants.SP_ROLE, idpEntity);
    if (isSuccess(logResponse)) {
        // invoke SPAdapter for postSingleLogoutSuccess
        postSingleLogoutSuccess(spEntityID, realm, request, response, userId, logoutReq, logResponse, binding);
    }
    return logResponse;
}
Also used : Status(com.sun.identity.saml2.protocol.Status) LogoutResponse(com.sun.identity.saml2.protocol.LogoutResponse) NameID(com.sun.identity.saml2.assertion.NameID) Issuer(com.sun.identity.saml2.assertion.Issuer) ArrayList(java.util.ArrayList) SessionException(com.sun.identity.plugin.session.SessionException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType) FedletAdapter(com.sun.identity.saml2.plugins.FedletAdapter) ListIterator(java.util.ListIterator) Iterator(java.util.Iterator) List(java.util.List) ArrayList(java.util.ArrayList) LogoutRequest(com.sun.identity.saml2.protocol.LogoutRequest) NameIDInfoKey(com.sun.identity.saml2.common.NameIDInfoKey)

Example 43 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class AttributeQueryImpl method getXMLString.

protected void getXMLString(Set namespaces, StringBuffer attrs, StringBuffer childElements, boolean includeNSPrefix, boolean declareNS) throws SAML2Exception {
    if (declareNS) {
        namespaces.add(SAML2Constants.PROTOCOL_DECLARE_STR.trim());
        namespaces.add(SAML2Constants.ASSERTION_DECLARE_STR.trim());
    }
    super.getXMLString(namespaces, attrs, childElements, includeNSPrefix, declareNS);
    if ((attributes != null) && (!attributes.isEmpty())) {
        for (Iterator iter = attributes.iterator(); iter.hasNext(); ) {
            Attribute attribute = (Attribute) iter.next();
            childElements.append(attribute.toXMLString(includeNSPrefix, declareNS)).append(SAML2Constants.NEWLINE);
        }
    }
}
Also used : Attribute(com.sun.identity.saml2.assertion.Attribute) Iterator(java.util.Iterator) ListIterator(java.util.ListIterator)

Example 44 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method setIDPStdAttributeValues.

/**
     * Saves the standard attribute values for the Identiy Provider.
     *
     * @param realm to which the entity belongs.
     * @param entityName is the entity id.
     * @param idpStdValues Map which contains the standard attribute values.
     * @throws AMConsoleException if saving of attribute value fails.
     */
public void setIDPStdAttributeValues(String realm, String entityName, Map idpStdValues) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "IDP-Standard" };
    logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
    IDPSSODescriptorElement idpssoDescriptor = null;
    com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact = new com.sun.identity.saml2.jaxb.metadata.ObjectFactory();
    try {
        SAML2MetaManager samlManager = getSAML2MetaManager();
        EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
        idpssoDescriptor = samlManager.getIDPSSODescriptor(realm, entityName);
        if (idpssoDescriptor != null) {
            // save for WantAuthnRequestsSigned 
            if (idpStdValues.keySet().contains(WANT_AUTHN_REQ_SIGNED)) {
                boolean value = setToBoolean(idpStdValues, WANT_AUTHN_REQ_SIGNED);
                idpssoDescriptor.setWantAuthnRequestsSigned(value);
            }
            // save for Artifact Resolution Service
            if (idpStdValues.keySet().contains(ART_RES_LOCATION)) {
                String artLocation = getResult(idpStdValues, ART_RES_LOCATION);
                String indexValue = getResult(idpStdValues, ART_RES_INDEX);
                if (StringUtils.isEmpty(indexValue)) {
                    indexValue = "0";
                }
                boolean isDefault = setToBoolean(idpStdValues, ART_RES_ISDEFAULT);
                ArtifactResolutionServiceElement elem = null;
                List artList = idpssoDescriptor.getArtifactResolutionService();
                if (artList.isEmpty()) {
                    elem = objFact.createArtifactResolutionServiceElement();
                    elem.setBinding(soapBinding);
                    elem.setLocation("");
                    elem.setIndex(0);
                    elem.setIsDefault(false);
                    idpssoDescriptor.getArtifactResolutionService().add(elem);
                    artList = idpssoDescriptor.getArtifactResolutionService();
                }
                elem = (ArtifactResolutionServiceElement) artList.get(0);
                elem.setLocation(artLocation);
                elem.setIndex(Integer.parseInt(indexValue));
                elem.setIsDefault(isDefault);
                idpssoDescriptor.getArtifactResolutionService().clear();
                idpssoDescriptor.getArtifactResolutionService().add(elem);
            }
            // save for Single Logout Service - Http-Redirect
            if (idpStdValues.keySet().contains(SINGLE_LOGOUT_HTTP_LOCATION)) {
                String lohttpLocation = getResult(idpStdValues, SINGLE_LOGOUT_HTTP_LOCATION);
                String lohttpRespLocation = getResult(idpStdValues, SINGLE_LOGOUT_HTTP_RESP_LOCATION);
                String postLocation = getResult(idpStdValues, SLO_POST_LOC);
                String postRespLocation = getResult(idpStdValues, SLO_POST_RESPLOC);
                String losoapLocation = getResult(idpStdValues, SINGLE_LOGOUT_SOAP_LOCATION);
                String priority = getResult(idpStdValues, SINGLE_LOGOUT_DEFAULT);
                if (priority.contains("none")) {
                    if (lohttpLocation != null) {
                        priority = httpRedirectBinding;
                    } else if (postLocation != null) {
                        priority = httpPostBinding;
                    } else if (losoapLocation != null) {
                        priority = soapBinding;
                    }
                }
                List logList = idpssoDescriptor.getSingleLogoutService();
                if (!logList.isEmpty()) {
                    logList.clear();
                }
                if (priority != null && priority.contains("HTTP-Redirect")) {
                    savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
                    savepostLogout(postLocation, postRespLocation, logList, objFact);
                    savesoapLogout(losoapLocation, logList, objFact);
                } else if (priority != null && priority.contains("HTTP-POST")) {
                    savepostLogout(postLocation, postRespLocation, logList, objFact);
                    savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
                    savesoapLogout(losoapLocation, logList, objFact);
                } else if (priority != null && priority.contains("SOAP")) {
                    savesoapLogout(losoapLocation, logList, objFact);
                    savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
                    savepostLogout(postLocation, postRespLocation, logList, objFact);
                }
            }
            // save for Manage Name ID Service
            if (idpStdValues.keySet().contains(MANAGE_NAMEID_HTTP_LOCATION)) {
                String mnihttpLocation = getResult(idpStdValues, MANAGE_NAMEID_HTTP_LOCATION);
                String mnihttpRespLocation = getResult(idpStdValues, MANAGE_NAMEID_HTTP_RESP_LOCATION);
                String mnipostLocation = getResult(idpStdValues, MNI_POST_LOC);
                String mnipostRespLocation = getResult(idpStdValues, MNI_POST_RESPLOC);
                String mnisoapLocation = getResult(idpStdValues, MANAGE_NAMEID_SOAP_LOCATION);
                String priority = getResult(idpStdValues, SINGLE_MANAGE_NAMEID_DEFAULT);
                if (priority.contains("none")) {
                    if (mnihttpLocation != null) {
                        priority = httpRedirectBinding;
                    } else if (mnipostLocation != null) {
                        priority = httpPostBinding;
                    } else if (mnisoapLocation != null) {
                        priority = soapBinding;
                    }
                }
                List manageNameIdList = idpssoDescriptor.getManageNameIDService();
                if (!manageNameIdList.isEmpty()) {
                    manageNameIdList.clear();
                }
                if (priority != null && priority.contains("HTTP-Redirect")) {
                    savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
                    savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
                    savesoapMni(mnisoapLocation, manageNameIdList, objFact);
                } else if (priority != null && priority.contains("HTTP-POST")) {
                    savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
                    savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
                    savesoapMni(mnisoapLocation, manageNameIdList, objFact);
                } else if (priority != null && priority.contains("SOAP")) {
                    savesoapMni(mnisoapLocation, manageNameIdList, objFact);
                    savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
                    savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
                }
            }
            //save nameid mapping
            if (idpStdValues.keySet().contains(NAME_ID_MAPPPING)) {
                String nameIDmappingloc = getResult(idpStdValues, NAME_ID_MAPPPING);
                NameIDMappingServiceElement namidElem1 = null;
                List nameIDmappingList = idpssoDescriptor.getNameIDMappingService();
                if (nameIDmappingList.isEmpty()) {
                    namidElem1 = objFact.createNameIDMappingServiceElement();
                    namidElem1.setBinding(soapBinding);
                    idpssoDescriptor.getNameIDMappingService().add(namidElem1);
                    nameIDmappingList = idpssoDescriptor.getNameIDMappingService();
                }
                namidElem1 = (NameIDMappingServiceElement) nameIDmappingList.get(0);
                namidElem1.setLocation(nameIDmappingloc);
                idpssoDescriptor.getNameIDMappingService().clear();
                idpssoDescriptor.getNameIDMappingService().add(namidElem1);
            }
            //save nameid format                
            if (idpStdValues.keySet().contains(NAMEID_FORMAT)) {
                saveNameIdFormat(idpssoDescriptor, idpStdValues);
            }
            //save for SingleSignOnService
            if (idpStdValues.keySet().contains(SINGLE_SIGNON_HTTP_LOCATION)) {
                String ssohttpLocation = getResult(idpStdValues, SINGLE_SIGNON_HTTP_LOCATION);
                String ssopostLocation = getResult(idpStdValues, SINGLE_SIGNON_SOAP_LOCATION);
                String ssoSoapLocation = getResult(idpStdValues, SSO_SOAPS_LOC);
                List signonList = idpssoDescriptor.getSingleSignOnService();
                if (!signonList.isEmpty()) {
                    signonList.clear();
                }
                if (ssohttpLocation != null && ssohttpLocation.length() > 0) {
                    SingleSignOnServiceElement slsElemRed = objFact.createSingleSignOnServiceElement();
                    slsElemRed.setBinding(httpRedirectBinding);
                    slsElemRed.setLocation(ssohttpLocation);
                    signonList.add(slsElemRed);
                }
                if (ssopostLocation != null && ssopostLocation.length() > 0) {
                    SingleSignOnServiceElement slsElemPost = objFact.createSingleSignOnServiceElement();
                    slsElemPost.setBinding(httpPostBinding);
                    slsElemPost.setLocation(ssopostLocation);
                    signonList.add(slsElemPost);
                }
                if (ssoSoapLocation != null && ssoSoapLocation.length() > 0) {
                    SingleSignOnServiceElement slsElemSoap = objFact.createSingleSignOnServiceElement();
                    slsElemSoap.setBinding(soapBinding);
                    slsElemSoap.setLocation(ssoSoapLocation);
                    signonList.add(slsElemSoap);
                }
            }
            samlManager.setEntityDescriptor(realm, entityDescriptor);
        }
        logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
    } catch (SAML2MetaException e) {
        debug.warning("SAMLv2ModelImpl.setIDPStdAttributeValues:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "IDP-Standard", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
        throw new AMConsoleException(strError);
    } catch (JAXBException e) {
        debug.warning("SAMLv2ModelImpl.setIDPStdAttributeValues:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "IDP-Standard", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
    }
}
Also used : JAXBException(javax.xml.bind.JAXBException) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement) SingleSignOnServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleSignOnServiceElement) ArtifactResolutionServiceElement(com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement) NameIDMappingServiceElement(com.sun.identity.saml2.jaxb.metadata.NameIDMappingServiceElement) ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory) List(java.util.List) ArrayList(java.util.ArrayList) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)

Example 45 with Attribute

use of com.sun.identity.saml2.assertion.Attribute in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method setStdAuthnAuthorityValues.

/**
     * Saves the standard attribute values for Authn Authority.
     *
     * @param realm to which the entity belongs.
     * @param entityName is the entity id.
     * @param authnAuthValues Map which contains standard authn authority values.
     * @throws AMConsoleException if saving of attribute value fails.
     */
public void setStdAuthnAuthorityValues(String realm, String entityName, Map authnAuthValues) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "AuthnAuthority-Std" };
    logEvent("ATTEMPT_MODIFY_AUTHN_AUTH_ATTR_VALUES", params);
    com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact = new com.sun.identity.saml2.jaxb.metadata.ObjectFactory();
    AuthnAuthorityDescriptorElement authnauthDescriptor = null;
    try {
        SAML2MetaManager samlManager = getSAML2MetaManager();
        EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
        authnauthDescriptor = samlManager.getAuthnAuthorityDescriptor(realm, entityName);
        if (authnauthDescriptor != null) {
            String queryService = getResult(authnAuthValues, AUTHN_QUERY_SERVICE);
            //save query service
            List authQueryServiceList = authnauthDescriptor.getAuthnQueryService();
            if (!authQueryServiceList.isEmpty()) {
                authnauthDescriptor.getAuthnQueryService().clear();
            }
            AuthnQueryServiceElement key = objFact.createAuthnQueryServiceElement();
            key.setBinding(soapBinding);
            key.setLocation(queryService);
            authnauthDescriptor.getAuthnQueryService().add(key);
            //save assertion ID request
            String soapLocation = getResult(authnAuthValues, ASSERTION_ID_SAOP_LOC);
            String uriLocation = getResult(authnAuthValues, ASSERTION_ID_URI_LOC);
            List assertionIDReqList = authnauthDescriptor.getAssertionIDRequestService();
            if (!assertionIDReqList.isEmpty()) {
                assertionIDReqList.clear();
            }
            AssertionIDRequestServiceElement elem1 = objFact.createAssertionIDRequestServiceElement();
            elem1.setBinding(soapBinding);
            AssertionIDRequestServiceElement elem2 = objFact.createAssertionIDRequestServiceElement();
            elem2.setBinding(uriBinding);
            if (soapLocation != null) {
                elem1.setLocation(soapLocation);
            }
            if (uriLocation != null) {
                elem2.setLocation(uriLocation);
            }
            authnauthDescriptor.getAssertionIDRequestService().add(elem1);
            authnauthDescriptor.getAssertionIDRequestService().add(elem2);
            samlManager.setEntityDescriptor(realm, entityDescriptor);
        }
        logEvent("SUCCEED_MODIFY_AUTHN_AUTH_ATTR_VALUES", params);
    } catch (SAML2MetaException e) {
        debug.warning("SAMLv2ModelImpl.setStdAuthnAuthorityValues:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "AuthnAuthority-Std", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_AUTHN_AUTH_ATTR_VALUES", paramsEx);
        throw new AMConsoleException(strError);
    } catch (JAXBException e) {
        debug.warning("SAMLv2ModelImpl.setStdAttributeAuthorityValues:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "AttribAuthority-Std", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_AUTHN_AUTH_ATTR_VALUES", paramsEx);
    }
}
Also used : AuthnAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement) AssertionIDRequestServiceElement(com.sun.identity.saml2.jaxb.metadata.AssertionIDRequestServiceElement) JAXBException(javax.xml.bind.JAXBException) AuthnQueryServiceElement(com.sun.identity.saml2.jaxb.metadata.AuthnQueryServiceElement) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement) ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory) List(java.util.List) ArrayList(java.util.ArrayList) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Aggregations

ArrayList (java.util.ArrayList)57 List (java.util.List)46 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)40 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)37 Iterator (java.util.Iterator)24 Attribute (com.sun.identity.saml2.assertion.Attribute)22 SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)22 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)21 HashMap (java.util.HashMap)21 Map (java.util.Map)18 JAXBException (javax.xml.bind.JAXBException)13 EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)12 EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)12 Set (java.util.Set)11 BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)9 HashSet (java.util.HashSet)9 Issuer (com.sun.identity.saml2.assertion.Issuer)8 Date (java.util.Date)8 Node (org.w3c.dom.Node)8 DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)7