use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class AssertionGen method getSubject.
/**
*Add subject to the SAML assertion
*
*/
private Subject getSubject(String SPEntityID, String SPBaseUrl, String IDPEntutyID) {
Subject subject = AssertionFactory.getInstance().createSubject();
try {
NameID nameID = AssertionFactory.getInstance().createNameID();
SubjectConfirmation sc = AssertionFactory.getInstance().createSubjectConfirmation();
List SubjectConformationList = new ArrayList();
nameID.setFormat(SAML2Constants.NAMEID_TRANSIENT_FORMAT);
nameID.setNameQualifier(IDPEntutyID);
nameID.setSPNameQualifier(SPEntityID);
nameID.setValue("nameidvalue");
subject.setNameID(nameID);
sc.setMethod(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_BEARER);
int effectiveTime = SAML2Constants.ASSERTION_EFFECTIVE_TIME;
Date date = new Date();
date.setTime(date.getTime() + effectiveTime * 1000);
SubjectConfirmationData scd = AssertionFactory.getInstance().createSubjectConfirmationData();
scd.setRecipient(SPBaseUrl);
scd.setNotOnOrAfter(date);
sc.setSubjectConfirmationData(scd);
SubjectConformationList.add(sc);
subject.setSubjectConfirmation(SubjectConformationList);
return subject;
} catch (SAML2Exception ex) {
Logger.getLogger(AssertionGen.class.getName()).log(Level.SEVERE, null, ex);
}
return subject;
}
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class DefaultAccountMapper method getIdentity.
/**
* Returns the user's disntinguished name or the universal ID for the
* corresponding <code>SAML</code> <code>ManageNameIDRequest</code>.
* This method will be invoked by the <code>SAML</code> framework for
* retrieving the user identity while processing the
* <code>ManageIDRequest</code>.
* @param manageNameIDRequest <code>SAML</code>
* <code>ManageNameIDRequest</code> that needs to be mapped to the user.
* @param hostEntityID <code>EntityID</code> of the hosted provider.
* @param realm realm or the organization name that may be used to find
* the user information.
* @return user's disntinguished name or the universal ID.
* @exception SAML2Exception if any failure.
*/
public String getIdentity(ManageNameIDRequest manageNameIDRequest, String hostEntityID, String realm) throws SAML2Exception {
if (manageNameIDRequest == null) {
throw new SAML2Exception(bundle.getString("nullManageIDRequest"));
}
if (hostEntityID == null) {
throw new SAML2Exception(bundle.getString("nullHostEntityID"));
}
if (realm == null) {
throw new SAML2Exception(bundle.getString("nullRealm"));
}
NameID nameID = null;
EncryptedID encryptedID = manageNameIDRequest.getEncryptedID();
if (encryptedID != null) {
try {
final Set<PrivateKey> decryptionKeys = KeyUtil.getDecryptionKeys(getSSOConfig(realm, hostEntityID));
nameID = encryptedID.decrypt(decryptionKeys);
} catch (SAML2MetaException sme) {
debug.error("Unable to retrieve SAML entity config for entity: " + hostEntityID, sme);
}
} else {
nameID = manageNameIDRequest.getNameID();
}
String remoteEntityID = manageNameIDRequest.getIssuer().getValue();
if (debug.messageEnabled()) {
debug.message("DefaultAccountMapper.getIdentity(ManageNameIDReq)" + " realm = " + realm + " hostEntityID = " + hostEntityID);
}
try {
return dsProvider.getUserID(realm, SAML2Utils.getNameIDKeyMap(nameID, hostEntityID, remoteEntityID, realm, role));
} catch (DataStoreProviderException dse) {
debug.error("DefaultAccountMapper.getIdentity(MNIRequest,):" + " DataStoreProviderException", dse);
throw new SAML2Exception(dse.getMessage());
}
}
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class DefaultLibrarySPAccountMapper method getIdentity.
/**
* Returns the user's distinguished name or the universal ID for the corresponding <code>SAML Assertion</code>. This
* method will be invoked by the <code>SAML</code> framework while processing the <code>Assertion</code> and
* retrieves the identity information.
* The implementation of this method first checks if the NameID-Format is transient and returns the transient user.
* Otherwise it checks for the user for the corresponding name identifier in the assertion.
* If not found, then it will check if this is an auto federation case.
*
* @param assertion <code>SAML Assertion</code> that needs to be mapped to the user.
* @param hostEntityID <code>EntityID</code> of the hosted provider.
* @param realm Realm or the organization name that may be used to find the user information.
* @return User's distinguished name or the universal ID.
* @throws SAML2Exception If there was any failure.
*/
@Override
public String getIdentity(Assertion assertion, String hostEntityID, String realm) throws SAML2Exception {
if (assertion == null) {
throw new SAML2Exception(bundle.getString("nullAssertion"));
}
if (hostEntityID == null) {
throw new SAML2Exception(bundle.getString("nullHostEntityID"));
}
if (realm == null) {
throw new SAML2Exception(bundle.getString("nullRealm"));
}
NameID nameID;
EncryptedID encryptedID = assertion.getSubject().getEncryptedID();
Set<PrivateKey> decryptionKeys = null;
if (encryptedID != null) {
decryptionKeys = KeyUtil.getDecryptionKeys(getSSOConfig(realm, hostEntityID));
nameID = encryptedID.decrypt(decryptionKeys);
} else {
nameID = assertion.getSubject().getNameID();
}
String userID = null;
String format = nameID.getFormat();
boolean isTransient = SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(format);
if (isTransient) {
userID = getTransientUser(realm, hostEntityID);
}
if (StringUtils.isNotEmpty(userID)) {
return userID;
}
// Check if this is an auto federation case.
userID = getAutoFedUser(realm, hostEntityID, assertion, nameID.getValue(), decryptionKeys);
if (StringUtils.isNotEmpty(userID)) {
return userID;
} else {
if (useNameIDAsSPUserID(realm, hostEntityID) && !isAutoFedEnabled(realm, hostEntityID)) {
if (debug.messageEnabled()) {
debug.message("DefaultLibrarySPAccountMapper.getIdentity: use NameID value as userID: " + nameID.getValue());
}
return nameID.getValue();
} else {
return null;
}
}
}
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class AttributeQueryUtil method getIdentityFromDataStoreX509Subject.
public static String getIdentityFromDataStoreX509Subject(AttributeQuery attrQuery, String attrAuthorityEntityID, String realm) throws SAML2Exception {
Subject subject = attrQuery.getSubject();
NameID nameID = null;
EncryptedID encryptedID = subject.getEncryptedID();
if (encryptedID != null) {
nameID = encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE));
} else {
nameID = subject.getNameID();
}
if (!SAML2Constants.X509_SUBJECT_NAME.equals(nameID.getFormat())) {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedAttrQuerySubjectNameID"));
}
String mappingAttrName = getAttributeValueFromAttrAuthorityConfig(realm, attrAuthorityEntityID, SAML2Constants.X509_SUBJECT_DATA_STORE_ATTR_NAME);
if ((mappingAttrName == null) || (mappingAttrName.length() == 0)) {
throw new SAML2Exception(SAML2Utils.bundle.getString("x509SubjectMappingNotConfigured"));
}
String x509SubjectDN = nameID.getValue();
Map attrMap = new HashMap();
Set values = new HashSet();
values.add(x509SubjectDN);
attrMap.put(mappingAttrName, values);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.getIdentityFromDataStoreX509Subject: " + "mappingAttrName = " + mappingAttrName + ", X509 subject DN = " + x509SubjectDN);
}
try {
return dsProvider.getUserID(realm, attrMap);
} catch (DataStoreProviderException dse) {
SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStoreX509Subject:", dse);
throw new SAML2Exception(dse.getMessage());
}
}
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class AttributeQueryUtil method getIdentity.
public static String getIdentity(AttributeQuery attrQuery, String attrAuthorityEntityID, String realm) throws SAML2Exception {
Subject subject = attrQuery.getSubject();
NameID nameID = null;
EncryptedID encryptedID = subject.getEncryptedID();
if (encryptedID != null) {
nameID = encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE));
} else {
nameID = subject.getNameID();
}
String nameIDFormat = nameID.getFormat();
// NameIDFormat is "transient"
if (SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(nameIDFormat)) {
return (String) IDPCache.userIDByTransientNameIDValue.get(nameID.getValue());
} else // NameIDFormat is "unspecified"
if (SAML2Constants.UNSPECIFIED.equals(nameIDFormat)) {
Map userIDsSearchMap = new HashMap();
Set userIDValuesSet = new HashSet();
userIDValuesSet.add(nameID.getValue());
String userId = "uid";
IDPSSOConfigElement config = SAML2Utils.getSAML2MetaManager().getIDPSSOConfig(realm, attrAuthorityEntityID);
Map attrs = SAML2MetaUtils.getAttributes(config);
List nimAttrs = (List) attrs.get(SAML2Constants.NAME_ID_FORMAT_MAP);
for (Iterator i = nimAttrs.iterator(); i.hasNext(); ) {
String attrName = (String) i.next();
if (attrName != null && attrName.length() > 2 && attrName.startsWith(nameIDFormat)) {
int eqPos = attrName.indexOf('=');
if (eqPos != -1 && eqPos < attrName.length() - 2) {
userId = attrName.substring(eqPos + 1);
SAML2Utils.debug.message("AttributeQueryUtil.getIdentity: NameID attribute from map: " + userId);
break;
}
}
}
userIDsSearchMap.put(userId, userIDValuesSet);
try {
return dsProvider.getUserID(realm, userIDsSearchMap);
} catch (DataStoreProviderException dse) {
SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStore1:", dse);
throw new SAML2Exception(dse.getMessage());
}
} else {
String requestedEntityID = attrQuery.getIssuer().getValue();
try {
return dsProvider.getUserID(realm, SAML2Utils.getNameIDKeyMap(nameID, attrAuthorityEntityID, requestedEntityID, realm, SAML2Constants.IDP_ROLE));
} catch (DataStoreProviderException dse) {
SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStore:", dse);
throw new SAML2Exception(dse.getMessage());
}
}
}
Aggregations