Examples with NameID com.sun.identity.saml2.assertion.NameID used on opensource projects

Example 56 with NameID

use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.

the class AssertionGen method getSubject.

/**
 *Add subject to the SAML assertion
 *
 */
private Subject getSubject(String SPEntityID, String SPBaseUrl, String IDPEntutyID) {
    Subject subject = AssertionFactory.getInstance().createSubject();
    try {
        NameID nameID = AssertionFactory.getInstance().createNameID();
        SubjectConfirmation sc = AssertionFactory.getInstance().createSubjectConfirmation();
        List SubjectConformationList = new ArrayList();
        nameID.setFormat(SAML2Constants.NAMEID_TRANSIENT_FORMAT);
        nameID.setNameQualifier(IDPEntutyID);
        nameID.setSPNameQualifier(SPEntityID);
        nameID.setValue("nameidvalue");
        subject.setNameID(nameID);
        sc.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_BEARER);
        int effectiveTime = SAML2Constants.ASSERTION_EFFECTIVE_TIME;
        Date date = new Date();
        date.setTime(date.getTime() + effectiveTime * 1000);
        SubjectConfirmationData scd = AssertionFactory.getInstance().createSubjectConfirmationData();
        scd.setRecipient(SPBaseUrl);
        scd.setNotOnOrAfter(date);
        sc.setSubjectConfirmationData(scd);
        SubjectConformationList.add(sc);
        subject.setSubjectConfirmation(SubjectConformationList);
        return subject;
    } catch (SAML2Exception ex) {
        Logger.getLogger(AssertionGen.class.getName()).log(Level.SEVERE, null, ex);
    }
    return subject;
}

Example 57 with NameID

use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.

the class DefaultAccountMapper method getIdentity.

/**
     * Returns the user's disntinguished name or the universal ID for the 
     * corresponding  <code>SAML</code> <code>ManageNameIDRequest</code>.
     * This method will be invoked by the <code>SAML</code> framework for
     * retrieving the user identity while processing the
     * <code>ManageIDRequest</code>. 
     * @param manageNameIDRequest <code>SAML</code> 
     *     <code>ManageNameIDRequest</code> that needs to be mapped to the user.
     * @param hostEntityID <code>EntityID</code> of the hosted provider.
     * @param realm realm or the organization name that may be used to find
     *        the user information.
     * @return user's disntinguished name or the universal ID.
     * @exception SAML2Exception if any failure.
     */
public String getIdentity(ManageNameIDRequest manageNameIDRequest, String hostEntityID, String realm) throws SAML2Exception {
    if (manageNameIDRequest == null) {
        throw new SAML2Exception(bundle.getString("nullManageIDRequest"));
    }
    if (hostEntityID == null) {
        throw new SAML2Exception(bundle.getString("nullHostEntityID"));
    }
    if (realm == null) {
        throw new SAML2Exception(bundle.getString("nullRealm"));
    }
    NameID nameID = null;
    EncryptedID encryptedID = manageNameIDRequest.getEncryptedID();
    if (encryptedID != null) {
        try {
            final Set<PrivateKey> decryptionKeys = KeyUtil.getDecryptionKeys(getSSOConfig(realm, hostEntityID));
            nameID = encryptedID.decrypt(decryptionKeys);
        } catch (SAML2MetaException sme) {
            debug.error("Unable to retrieve SAML entity config for entity: " + hostEntityID, sme);
        }
    } else {
        nameID = manageNameIDRequest.getNameID();
    }
    String remoteEntityID = manageNameIDRequest.getIssuer().getValue();
    if (debug.messageEnabled()) {
        debug.message("DefaultAccountMapper.getIdentity(ManageNameIDReq)" + " realm = " + realm + " hostEntityID = " + hostEntityID);
    }
    try {
        return dsProvider.getUserID(realm, SAML2Utils.getNameIDKeyMap(nameID, hostEntityID, remoteEntityID, realm, role));
    } catch (DataStoreProviderException dse) {
        debug.error("DefaultAccountMapper.getIdentity(MNIRequest,):" + " DataStoreProviderException", dse);
        throw new SAML2Exception(dse.getMessage());
    }
}

Example 58 with NameID

use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.

the class DefaultLibrarySPAccountMapper method getIdentity.

/**
     * Returns the user's distinguished name or the universal ID for the corresponding <code>SAML Assertion</code>. This
     * method will be invoked by the <code>SAML</code> framework while processing the <code>Assertion</code> and
     * retrieves the identity information.
     * The implementation of this method first checks if the NameID-Format is transient and returns the transient user.
     * Otherwise it checks for the user for the corresponding name identifier in the assertion.
     * If not found, then it will check if this is an auto federation case. 
     *
     * @param assertion <code>SAML Assertion</code> that needs to be mapped to the user.
     * @param hostEntityID <code>EntityID</code> of the hosted provider.
     * @param realm Realm or the organization name that may be used to find the user information.
     * @return User's distinguished name or the universal ID.
     * @throws SAML2Exception If there was any failure.
     */
@Override
public String getIdentity(Assertion assertion, String hostEntityID, String realm) throws SAML2Exception {
    if (assertion == null) {
        throw new SAML2Exception(bundle.getString("nullAssertion"));
    }
    if (hostEntityID == null) {
        throw new SAML2Exception(bundle.getString("nullHostEntityID"));
    }
    if (realm == null) {
        throw new SAML2Exception(bundle.getString("nullRealm"));
    }
    NameID nameID;
    EncryptedID encryptedID = assertion.getSubject().getEncryptedID();
    Set<PrivateKey> decryptionKeys = null;
    if (encryptedID != null) {
        decryptionKeys = KeyUtil.getDecryptionKeys(getSSOConfig(realm, hostEntityID));
        nameID = encryptedID.decrypt(decryptionKeys);
    } else {
        nameID = assertion.getSubject().getNameID();
    }
    String userID = null;
    String format = nameID.getFormat();
    boolean isTransient = SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(format);
    if (isTransient) {
        userID = getTransientUser(realm, hostEntityID);
    }
    if (StringUtils.isNotEmpty(userID)) {
        return userID;
    }
    // Check if this is an auto federation case.
    userID = getAutoFedUser(realm, hostEntityID, assertion, nameID.getValue(), decryptionKeys);
    if (StringUtils.isNotEmpty(userID)) {
        return userID;
    } else {
        if (useNameIDAsSPUserID(realm, hostEntityID) && !isAutoFedEnabled(realm, hostEntityID)) {
            if (debug.messageEnabled()) {
                debug.message("DefaultLibrarySPAccountMapper.getIdentity: use NameID value as userID: " + nameID.getValue());
            }
            return nameID.getValue();
        } else {
            return null;
        }
    }
}

Example 59 with NameID

use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.

the class AttributeQueryUtil method getIdentityFromDataStoreX509Subject.

public static String getIdentityFromDataStoreX509Subject(AttributeQuery attrQuery, String attrAuthorityEntityID, String realm) throws SAML2Exception {
    Subject subject = attrQuery.getSubject();
    NameID nameID = null;
    EncryptedID encryptedID = subject.getEncryptedID();
    if (encryptedID != null) {
        nameID = encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE));
    } else {
        nameID = subject.getNameID();
    }
    if (!SAML2Constants.X509_SUBJECT_NAME.equals(nameID.getFormat())) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedAttrQuerySubjectNameID"));
    }
    String mappingAttrName = getAttributeValueFromAttrAuthorityConfig(realm, attrAuthorityEntityID, SAML2Constants.X509_SUBJECT_DATA_STORE_ATTR_NAME);
    if ((mappingAttrName == null) || (mappingAttrName.length() == 0)) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("x509SubjectMappingNotConfigured"));
    }
    String x509SubjectDN = nameID.getValue();
    Map attrMap = new HashMap();
    Set values = new HashSet();
    values.add(x509SubjectDN);
    attrMap.put(mappingAttrName, values);
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message("AttributeQueryUtil.getIdentityFromDataStoreX509Subject: " + "mappingAttrName = " + mappingAttrName + ", X509 subject DN = " + x509SubjectDN);
    }
    try {
        return dsProvider.getUserID(realm, attrMap);
    } catch (DataStoreProviderException dse) {
        SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStoreX509Subject:", dse);
        throw new SAML2Exception(dse.getMessage());
    }
}

Example 60 with NameID

use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.

the class AttributeQueryUtil method getIdentity.

public static String getIdentity(AttributeQuery attrQuery, String attrAuthorityEntityID, String realm) throws SAML2Exception {
    Subject subject = attrQuery.getSubject();
    NameID nameID = null;
    EncryptedID encryptedID = subject.getEncryptedID();
    if (encryptedID != null) {
        nameID = encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE));
    } else {
        nameID = subject.getNameID();
    }
    String nameIDFormat = nameID.getFormat();
    // NameIDFormat is "transient"
    if (SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(nameIDFormat)) {
        return (String) IDPCache.userIDByTransientNameIDValue.get(nameID.getValue());
    } else // NameIDFormat is "unspecified"
    if (SAML2Constants.UNSPECIFIED.equals(nameIDFormat)) {
        Map userIDsSearchMap = new HashMap();
        Set userIDValuesSet = new HashSet();
        userIDValuesSet.add(nameID.getValue());
        String userId = "uid";
        IDPSSOConfigElement config = SAML2Utils.getSAML2MetaManager().getIDPSSOConfig(realm, attrAuthorityEntityID);
        Map attrs = SAML2MetaUtils.getAttributes(config);
        List nimAttrs = (List) attrs.get(SAML2Constants.NAME_ID_FORMAT_MAP);
        for (Iterator i = nimAttrs.iterator(); i.hasNext(); ) {
            String attrName = (String) i.next();
            if (attrName != null && attrName.length() > 2 && attrName.startsWith(nameIDFormat)) {
                int eqPos = attrName.indexOf('=');
                if (eqPos != -1 && eqPos < attrName.length() - 2) {
                    userId = attrName.substring(eqPos + 1);
                    SAML2Utils.debug.message("AttributeQueryUtil.getIdentity: NameID attribute from map: " + userId);
                    break;
                }
            }
        }
        userIDsSearchMap.put(userId, userIDValuesSet);
        try {
            return dsProvider.getUserID(realm, userIDsSearchMap);
        } catch (DataStoreProviderException dse) {
            SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStore1:", dse);
            throw new SAML2Exception(dse.getMessage());
        }
    } else {
        String requestedEntityID = attrQuery.getIssuer().getValue();
        try {
            return dsProvider.getUserID(realm, SAML2Utils.getNameIDKeyMap(nameID, attrAuthorityEntityID, requestedEntityID, realm, SAML2Constants.IDP_ROLE));
        } catch (DataStoreProviderException dse) {
            SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStore:", dse);
            throw new SAML2Exception(dse.getMessage());
        }
    }
}