Examples with NameID com.sun.identity.saml2.assertion.NameID used on opensource projects

Example 51 with NameID

use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.

the class NameIDMapping method processNameIDMappingRequest.

public static NameIDMappingResponse processNameIDMappingRequest(NameIDMappingRequest nimRequest, String realm, String idpEntityID) throws SAML2Exception {
    NameIDMappingResponse nimResponse = null;
    String spEntityID = nimRequest.getIssuer().getValue();
    if (spEntityID == null) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("nullSPEntityID"));
    }
    String responseID = SAML2Utils.generateID();
    if (responseID == null) {
        SAML2Utils.debug.error(SAML2Utils.bundle.getString("failedToGenResponseID"));
    }
    nimResponse = pf.createNameIDMappingResponse();
    nimResponse.setID(responseID);
    nimResponse.setInResponseTo(nimRequest.getID());
    nimResponse.setVersion(SAML2Constants.VERSION_2_0);
    nimResponse.setIssueInstant(new Date());
    nimResponse.setIssuer(SAML2Utils.createIssuer(idpEntityID));
    SAML2Utils.verifyRequestIssuer(realm, idpEntityID, nimRequest.getIssuer(), nimRequest.getID());
    NameIDPolicy nameIDPolicy = nimRequest.getNameIDPolicy();
    String targetSPEntityID = nameIDPolicy.getSPNameQualifier();
    String format = nameIDPolicy.getFormat();
    Status status = null;
    if ((format != null) && (format.length() != 0) && (!format.equals(SAML2Constants.PERSISTENT)) && (!format.equals(SAML2Constants.UNSPECIFIED))) {
        nimResponse.setNameID(nimRequest.getNameID());
        nimResponse.setEncryptedID(nimRequest.getEncryptedID());
        status = SAML2Utils.generateStatus(SAML2Constants.INVALID_NAME_ID_POLICY, SAML2Utils.bundle.getString("targetNameIDFormatUnsupported"));
    } else if ((targetSPEntityID == null) || (targetSPEntityID.length() == 0) || targetSPEntityID.equals(spEntityID)) {
        nimResponse.setNameID(nimRequest.getNameID());
        nimResponse.setEncryptedID(nimRequest.getEncryptedID());
        status = SAML2Utils.generateStatus(SAML2Constants.INVALID_NAME_ID_POLICY, SAML2Utils.bundle.getString("targetNameIDNoChange"));
    } else {
        // check if source SP has account fed
        // if yes then get nameid of targetSP
        IDPAccountMapper idpAcctMapper = SAML2Utils.getIDPAccountMapper(realm, idpEntityID);
        NameID nameID = getNameID(nimRequest, realm, idpEntityID);
        String userID = idpAcctMapper.getIdentity(nameID, idpEntityID, spEntityID, realm);
        NameIDInfo targetNameIDInfo = null;
        if (userID != null) {
            targetNameIDInfo = AccountUtils.getAccountFederation(userID, idpEntityID, targetSPEntityID);
        }
        if (targetNameIDInfo == null) {
            nimResponse.setNameID(nimRequest.getNameID());
            nimResponse.setEncryptedID(nimRequest.getEncryptedID());
            status = SAML2Utils.generateStatus(SAML2Constants.INVALID_NAME_ID_POLICY, SAML2Utils.bundle.getString("targetNameIDNotFound"));
        } else {
            NameID targetSPNameID = targetNameIDInfo.getNameID();
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("NameIDMapping.processNameIDMappingRequest: " + "User ID = " + userID + ", name ID = " + targetSPNameID.toXMLString(true, true));
            }
            nimResponse.setEncryptedID(getEncryptedID(targetSPNameID, realm, spEntityID, SAML2Constants.SP_ROLE));
            status = SAML2Utils.generateStatus(SAML2Constants.SUCCESS, null);
        }
    }
    nimResponse.setStatus(status);
    signNIMResponse(nimResponse, realm, idpEntityID, false);
    return nimResponse;
}

Example 52 with NameID

use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.

the class NameIDMapping method getNameID.

private static NameID getNameID(NameIDMappingRequest nimRequest, String realm, String idpEntityID) {
    NameID nameID = nimRequest.getNameID();
    if (nameID == null) {
        EncryptedID encryptedID = nimRequest.getEncryptedID();
        try {
            final IDPSSOConfigElement idpSsoConfig = metaManager.getIDPSSOConfig(realm, idpEntityID);
            nameID = encryptedID.decrypt(KeyUtil.getDecryptionKeys(idpSsoConfig));
        } catch (SAML2Exception ex) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("NameIDMapping.getNameID:", ex);
            }
            return null;
        }
    }
    if (!SAML2Utils.isPersistentNameID(nameID)) {
        return null;
    }
    return nameID;
}

Example 53 with NameID

use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.

the class LogoutUtil method getNameIDFromSLORequest.

static NameID getNameIDFromSLORequest(LogoutRequest request, String realm, String hostEntity, String hostEntityRole) throws SAML2Exception {
    String method = "getNameIDFromSLORequest: ";
    boolean needDecryptIt = SAML2Utils.getWantNameIDEncrypted(realm, hostEntity, hostEntityRole);
    if (needDecryptIt == false) {
        if (debug.messageEnabled()) {
            debug.message(method + "NamID doesn't need to be decrypted.");
        }
        return request.getNameID();
    }
    if (debug.messageEnabled()) {
        debug.message(method + "realm is : " + realm);
        debug.message(method + "hostEntity is : " + hostEntity);
        debug.message(method + "Host Entity role is : " + hostEntityRole);
    }
    EncryptedID encryptedID = request.getEncryptedID();
    return encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, hostEntity, hostEntityRole));
}

Example 54 with NameID

use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.

the class SubjectImpl method toXMLString.

/**
    * Returns a String representation
    * @param includeNSPrefix Determines whether or not the namespace 
    *        qualifier is prepended to the Element when converted
    * @param declareNS Determines whether or not the namespace is 
    *        declared within the Element.
    * @return A String representation
    * @exception SAML2Exception if something is wrong during conversion
    */
public String toXMLString(boolean includeNSPrefix, boolean declareNS) throws SAML2Exception {
    StringBuffer sb = new StringBuffer(2000);
    String NS = "";
    String appendNS = "";
    if (declareNS) {
        NS = SAML2Constants.ASSERTION_DECLARE_STR;
    }
    if (includeNSPrefix) {
        appendNS = SAML2Constants.ASSERTION_PREFIX;
    }
    sb.append("<").append(appendNS).append(SUBJECT_ELEMENT).append(NS).append(">\n");
    boolean idFound = false;
    if (baseId != null) {
        sb.append(baseId.toXMLString(includeNSPrefix, false));
        idFound = true;
    }
    if (nameId != null) {
        if (idFound) {
            SAML2SDKUtils.debug.error("SubjectImpl.toXMLString(): " + "more than one types of id specified");
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("too_many_ids_specified"));
        } else {
            sb.append(nameId.toXMLString(includeNSPrefix, false));
            idFound = true;
        }
    }
    if (encryptedId != null) {
        if (idFound) {
            SAML2SDKUtils.debug.error("SubjectImpl.toXMLString(): " + "more than one types of id specified");
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("too_many_ids_specified"));
        } else {
            sb.append(encryptedId.toXMLString(includeNSPrefix, false));
            idFound = true;
        }
    }
    int length = subjectConfirmations.size();
    if (length == 0) {
        if (!idFound) {
            SAML2SDKUtils.debug.error("SubjectImpl.toXMLString(): Need at " + "least one id or one subject confirmation in a subject");
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("need_at_least_one_id_or_on_SubjectConfirmation"));
        }
    } else {
        for (int i = 0; i < length; i++) {
            SubjectConfirmation sc = (SubjectConfirmation) subjectConfirmations.get(i);
            sb.append(sc.toXMLString(includeNSPrefix, false));
        }
    }
    sb.append("</").append(appendNS).append(SUBJECT_ELEMENT).append(">");
    return sb.toString();
}

Example 55 with NameID

use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.

the class NameIDInfo method parse.

/** 
     * Returns the <code>NameIDInfo</code> by parsing the string value.
     * @return the <code>NameIDInfo</code>
     * @exception SAML2Exception if the parsing fails.
     */
public static NameIDInfo parse(String info) throws SAML2Exception {
    if (info == null) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("nullNameIDInfo"));
    }
    StringTokenizer st = new StringTokenizer(info, DELIM);
    if (st.countTokens() != 9) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("inValidNameIDInfo"));
    }
    String hostEntityID = st.nextToken();
    String remoteEntityID = st.nextToken();
    String nameIDValue = st.nextToken();
    String nameQualifier = st.nextToken();
    String format = st.nextToken();
    String spNameIDValue = st.nextToken();
    String spNameQualifier = st.nextToken();
    String role = st.nextToken();
    boolean isAffiliation = Boolean.valueOf(st.nextToken()).booleanValue();
    NameID nameID = AssertionFactory.getInstance().createNameID();
    nameID.setValue(nameIDValue);
    if (nameQualifier != null && !NULL.equals(nameQualifier)) {
        nameID.setNameQualifier(nameQualifier);
    }
    if (spNameIDValue != null && !NULL.equals(spNameIDValue)) {
        nameID.setSPProvidedID(spNameIDValue);
    }
    if (spNameQualifier != null && !NULL.equals(spNameQualifier)) {
        nameID.setSPNameQualifier(spNameQualifier);
    }
    if (format != null && !NULL.equals(format)) {
        nameID.setFormat(format);
    }
    return new NameIDInfo(hostEntityID, remoteEntityID, nameID, role, isAffiliation);
}