Examples with EncryptedID com.sun.identity.saml2.assertion.EncryptedID used on opensource projects

Search in sources :

Example 21 with EncryptedID

use of com.sun.identity.saml2.assertion.EncryptedID in project OpenAM by OpenRock.

the class DefaultLibrarySPAccountMapper method getIdentity.

/**
     * Returns the user's distinguished name or the universal ID for the corresponding <code>SAML Assertion</code>. This
     * method will be invoked by the <code>SAML</code> framework while processing the <code>Assertion</code> and
     * retrieves the identity information.
     * The implementation of this method first checks if the NameID-Format is transient and returns the transient user.
     * Otherwise it checks for the user for the corresponding name identifier in the assertion.
     * If not found, then it will check if this is an auto federation case. 
     *
     * @param assertion <code>SAML Assertion</code> that needs to be mapped to the user.
     * @param hostEntityID <code>EntityID</code> of the hosted provider.
     * @param realm Realm or the organization name that may be used to find the user information.
     * @return User's distinguished name or the universal ID.
     * @throws SAML2Exception If there was any failure.
     */
@Override
public String getIdentity(Assertion assertion, String hostEntityID, String realm) throws SAML2Exception {
    if (assertion == null) {
        throw new SAML2Exception(bundle.getString("nullAssertion"));
    }
    if (hostEntityID == null) {
        throw new SAML2Exception(bundle.getString("nullHostEntityID"));
    }
    if (realm == null) {
        throw new SAML2Exception(bundle.getString("nullRealm"));
    }
    NameID nameID;
    EncryptedID encryptedID = assertion.getSubject().getEncryptedID();
    Set<PrivateKey> decryptionKeys = null;
    if (encryptedID != null) {
        decryptionKeys = KeyUtil.getDecryptionKeys(getSSOConfig(realm, hostEntityID));
        nameID = encryptedID.decrypt(decryptionKeys);
    } else {
        nameID = assertion.getSubject().getNameID();
    }
    String userID = null;
    String format = nameID.getFormat();
    boolean isTransient = SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(format);
    if (isTransient) {
        userID = getTransientUser(realm, hostEntityID);
    }
    if (StringUtils.isNotEmpty(userID)) {
        return userID;
    }
    // Check if this is an auto federation case.
    userID = getAutoFedUser(realm, hostEntityID, assertion, nameID.getValue(), decryptionKeys);
    if (StringUtils.isNotEmpty(userID)) {
        return userID;
    } else {
        if (useNameIDAsSPUserID(realm, hostEntityID) && !isAutoFedEnabled(realm, hostEntityID)) {
            if (debug.messageEnabled()) {
                debug.message("DefaultLibrarySPAccountMapper.getIdentity: use NameID value as userID: " + nameID.getValue());
            }
            return nameID.getValue();
        } else {
            return null;
        }
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) PrivateKey(java.security.PrivateKey) NameID(com.sun.identity.saml2.assertion.NameID) EncryptedID(com.sun.identity.saml2.assertion.EncryptedID)

Example 22 with EncryptedID

use of com.sun.identity.saml2.assertion.EncryptedID in project OpenAM by OpenRock.

the class AttributeQueryUtil method getIdentityFromDataStoreX509Subject.

public static String getIdentityFromDataStoreX509Subject(AttributeQuery attrQuery, String attrAuthorityEntityID, String realm) throws SAML2Exception {
    Subject subject = attrQuery.getSubject();
    NameID nameID = null;
    EncryptedID encryptedID = subject.getEncryptedID();
    if (encryptedID != null) {
        nameID = encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE));
    } else {
        nameID = subject.getNameID();
    }
    if (!SAML2Constants.X509_SUBJECT_NAME.equals(nameID.getFormat())) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedAttrQuerySubjectNameID"));
    }
    String mappingAttrName = getAttributeValueFromAttrAuthorityConfig(realm, attrAuthorityEntityID, SAML2Constants.X509_SUBJECT_DATA_STORE_ATTR_NAME);
    if ((mappingAttrName == null) || (mappingAttrName.length() == 0)) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("x509SubjectMappingNotConfigured"));
    }
    String x509SubjectDN = nameID.getValue();
    Map attrMap = new HashMap();
    Set values = new HashSet();
    values.add(x509SubjectDN);
    attrMap.put(mappingAttrName, values);
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message("AttributeQueryUtil.getIdentityFromDataStoreX509Subject: " + "mappingAttrName = " + mappingAttrName + ", X509 subject DN = " + x509SubjectDN);
    }
    try {
        return dsProvider.getUserID(realm, attrMap);
    } catch (DataStoreProviderException dse) {
        SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStoreX509Subject:", dse);
        throw new SAML2Exception(dse.getMessage());
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) Set(java.util.Set) HashSet(java.util.HashSet) NameID(com.sun.identity.saml2.assertion.NameID) HashMap(java.util.HashMap) EncryptedID(com.sun.identity.saml2.assertion.EncryptedID) Map(java.util.Map) HashMap(java.util.HashMap) Subject(com.sun.identity.saml2.assertion.Subject) HashSet(java.util.HashSet)

Example 23 with EncryptedID

use of com.sun.identity.saml2.assertion.EncryptedID in project OpenAM by OpenRock.

the class AttributeQueryUtil method getIdentity.

public static String getIdentity(AttributeQuery attrQuery, String attrAuthorityEntityID, String realm) throws SAML2Exception {
    Subject subject = attrQuery.getSubject();
    NameID nameID = null;
    EncryptedID encryptedID = subject.getEncryptedID();
    if (encryptedID != null) {
        nameID = encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE));
    } else {
        nameID = subject.getNameID();
    }
    String nameIDFormat = nameID.getFormat();
    // NameIDFormat is "transient"
    if (SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(nameIDFormat)) {
        return (String) IDPCache.userIDByTransientNameIDValue.get(nameID.getValue());
    } else // NameIDFormat is "unspecified"
    if (SAML2Constants.UNSPECIFIED.equals(nameIDFormat)) {
        Map userIDsSearchMap = new HashMap();
        Set userIDValuesSet = new HashSet();
        userIDValuesSet.add(nameID.getValue());
        String userId = "uid";
        IDPSSOConfigElement config = SAML2Utils.getSAML2MetaManager().getIDPSSOConfig(realm, attrAuthorityEntityID);
        Map attrs = SAML2MetaUtils.getAttributes(config);
        List nimAttrs = (List) attrs.get(SAML2Constants.NAME_ID_FORMAT_MAP);
        for (Iterator i = nimAttrs.iterator(); i.hasNext(); ) {
            String attrName = (String) i.next();
            if (attrName != null && attrName.length() > 2 && attrName.startsWith(nameIDFormat)) {
                int eqPos = attrName.indexOf('=');
                if (eqPos != -1 && eqPos < attrName.length() - 2) {
                    userId = attrName.substring(eqPos + 1);
                    SAML2Utils.debug.message("AttributeQueryUtil.getIdentity: NameID attribute from map: " + userId);
                    break;
                }
            }
        }
        userIDsSearchMap.put(userId, userIDValuesSet);
        try {
            return dsProvider.getUserID(realm, userIDsSearchMap);
        } catch (DataStoreProviderException dse) {
            SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStore1:", dse);
            throw new SAML2Exception(dse.getMessage());
        }
    } else {
        String requestedEntityID = attrQuery.getIssuer().getValue();
        try {
            return dsProvider.getUserID(realm, SAML2Utils.getNameIDKeyMap(nameID, attrAuthorityEntityID, requestedEntityID, realm, SAML2Constants.IDP_ROLE));
        } catch (DataStoreProviderException dse) {
            SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStore:", dse);
            throw new SAML2Exception(dse.getMessage());
        }
    }
}
Also used : DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) Set(java.util.Set) HashSet(java.util.HashSet) NameID(com.sun.identity.saml2.assertion.NameID) HashMap(java.util.HashMap) IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement) EncryptedID(com.sun.identity.saml2.assertion.EncryptedID) Subject(com.sun.identity.saml2.assertion.Subject) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Iterator(java.util.Iterator) List(java.util.List) ArrayList(java.util.ArrayList) Map(java.util.Map) HashMap(java.util.HashMap) HashSet(java.util.HashSet)

Example 24 with EncryptedID

use of com.sun.identity.saml2.assertion.EncryptedID in project OpenAM by OpenRock.

the class LogoutUtil method setNameIDForSLORequest.

public static void setNameIDForSLORequest(LogoutRequest request, NameID nameID, String realm, String hostEntity, String hostEntityRole, String remoteEntity) throws SAML2Exception, SessionException {
    String method = "setNameIDForSLORequest: ";
    boolean needEncryptIt = false;
    if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
        needEncryptIt = SAML2Utils.getWantNameIDEncrypted(realm, remoteEntity, SAML2Constants.SP_ROLE);
    } else {
        needEncryptIt = SAML2Utils.getWantNameIDEncrypted(realm, remoteEntity, SAML2Constants.IDP_ROLE);
    }
    if (needEncryptIt == false) {
        if (debug.messageEnabled()) {
            debug.message(method + "NamID doesn't need to be encrypted.");
        }
        request.setNameID(nameID);
        return;
    }
    EncInfo encryptInfo = null;
    KeyDescriptorType keyDescriptor = null;
    if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
        SPSSODescriptorElement spSSODesc = metaManager.getSPSSODescriptor(realm, remoteEntity);
        keyDescriptor = KeyUtil.getKeyDescriptor(spSSODesc, "encryption");
        encryptInfo = KeyUtil.getEncInfo(spSSODesc, remoteEntity, SAML2Constants.SP_ROLE);
    } else {
        IDPSSODescriptorElement idpSSODesc = metaManager.getIDPSSODescriptor(realm, remoteEntity);
        keyDescriptor = KeyUtil.getKeyDescriptor(idpSSODesc, "encryption");
        encryptInfo = KeyUtil.getEncInfo(idpSSODesc, remoteEntity, SAML2Constants.IDP_ROLE);
    }
    if (debug.messageEnabled()) {
        debug.message(method + "realm is : " + realm);
        debug.message(method + "hostEntity is : " + hostEntity);
        debug.message(method + "Host Entity role is : " + hostEntityRole);
        debug.message(method + "remoteEntity is : " + remoteEntity);
    }
    if (encryptInfo == null) {
        debug.error("NO meta data for encrypt Info.");
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    }
    X509Certificate certificate = KeyUtil.getCert(keyDescriptor);
    PublicKey recipientPublicKey = certificate.getPublicKey();
    EncryptedID encryptedID = nameID.encrypt(recipientPublicKey, encryptInfo.getDataEncAlgorithm(), encryptInfo.getDataEncStrength(), remoteEntity);
    request.setEncryptedID(encryptedID);
}
Also used : EncInfo(com.sun.identity.saml2.key.EncInfo) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) PublicKey(java.security.PublicKey) KeyDescriptorType(com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType) EncryptedID(com.sun.identity.saml2.assertion.EncryptedID) X509Certificate(java.security.cert.X509Certificate) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)

Example 25 with EncryptedID

use of com.sun.identity.saml2.assertion.EncryptedID in project OpenAM by OpenRock.

the class NameIDMapping method setNameIDForNIMRequest.

private static void setNameIDForNIMRequest(NameIDMappingRequest nimRequest, String realm, String spEntityID, String idpEntityID, String targetSPEntityID, String targetNameIDFormat, String userID) throws SAML2Exception {
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message("NameIDMapping.setNameIDForNIMRequest: " + "user ID = " + userID);
    }
    NameID nameID = AssertionFactory.getInstance().createNameID();
    NameIDInfo info = AccountUtils.getAccountFederation(userID, spEntityID, idpEntityID);
    nameID.setValue(info.getNameIDValue());
    nameID.setFormat(info.getFormat());
    nameID.setNameQualifier(idpEntityID);
    nameID.setSPNameQualifier(spEntityID);
    NameIDPolicy nameIDPolicy = ProtocolFactory.getInstance().createNameIDPolicy();
    nameIDPolicy.setSPNameQualifier(targetSPEntityID);
    nameIDPolicy.setFormat(targetNameIDFormat);
    nimRequest.setNameIDPolicy(nameIDPolicy);
    boolean needEncryptIt = SAML2Utils.getWantNameIDEncrypted(realm, idpEntityID, SAML2Constants.IDP_ROLE);
    if (!needEncryptIt) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("NameIDMapping.setNameIDForNIMRequest: " + "NamID doesn't need to be encrypted.");
        }
        nimRequest.setNameID(nameID);
        return;
    }
    EncryptedID encryptedID = getEncryptedID(nameID, realm, idpEntityID, SAML2Constants.IDP_ROLE);
    nimRequest.setEncryptedID(encryptedID);
}
Also used : NameIDInfo(com.sun.identity.saml2.common.NameIDInfo) NameID(com.sun.identity.saml2.assertion.NameID) NameIDPolicy(com.sun.identity.saml2.protocol.NameIDPolicy) EncryptedID(com.sun.identity.saml2.assertion.EncryptedID)

Aggregations

EncryptedID (com.sun.identity.saml2.assertion.EncryptedID)19 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)19 NameID (com.sun.identity.saml2.assertion.NameID)13 ArrayList (java.util.ArrayList)7 Element (org.w3c.dom.Element)7 Subject (com.sun.identity.saml2.assertion.Subject)6 EncInfo (com.sun.identity.saml2.key.EncInfo)6 List (java.util.List)6 DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)5 AssertionFactory (com.sun.identity.saml2.assertion.AssertionFactory)5 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)5 ProtocolFactory (com.sun.identity.saml2.protocol.ProtocolFactory)5 Node (org.w3c.dom.Node)5 NodeList (org.w3c.dom.NodeList)5 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)4 NewEncryptedID (com.sun.identity.saml2.protocol.NewEncryptedID)4 PrivateKey (java.security.PrivateKey)4 Assertion (com.sun.identity.saml2.assertion.Assertion)3 IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)3 SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial