Examples with NameID com.sun.identity.saml2.assertion.NameID used on opensource projects

Example 66 with NameID

use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.

the class NameIDMapping method getNameID.

private static NameID getNameID(NameIDMappingRequest nimRequest, String realm, String idpEntityID) {
    NameID nameID = nimRequest.getNameID();
    if (nameID == null) {
        EncryptedID encryptedID = nimRequest.getEncryptedID();
        try {
            final IDPSSOConfigElement idpSsoConfig = metaManager.getIDPSSOConfig(realm, idpEntityID);
            nameID = encryptedID.decrypt(KeyUtil.getDecryptionKeys(idpSsoConfig));
        } catch (SAML2Exception ex) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("NameIDMapping.getNameID:", ex);
            }
            return null;
        }
    }
    if (!SAML2Utils.isPersistentNameID(nameID)) {
        return null;
    }
    return nameID;
}

Example 67 with NameID

use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.

the class LogoutUtil method getNameIDFromSLORequest.

static NameID getNameIDFromSLORequest(LogoutRequest request, String realm, String hostEntity, String hostEntityRole) throws SAML2Exception {
    String method = "getNameIDFromSLORequest: ";
    boolean needDecryptIt = SAML2Utils.getWantNameIDEncrypted(realm, hostEntity, hostEntityRole);
    if (needDecryptIt == false) {
        if (debug.messageEnabled()) {
            debug.message(method + "NamID doesn't need to be decrypted.");
        }
        return request.getNameID();
    }
    if (debug.messageEnabled()) {
        debug.message(method + "realm is : " + realm);
        debug.message(method + "hostEntity is : " + hostEntity);
        debug.message(method + "Host Entity role is : " + hostEntityRole);
    }
    EncryptedID encryptedID = request.getEncryptedID();
    return encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, hostEntity, hostEntityRole));
}

Example 68 with NameID

use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.

the class ImportBulkFederationData method saml2FederateUser.

private void saml2FederateUser(String userId, String nameIdValue) throws CLIException {
    try {
        AMIdentity amid = IdUtils.getIdentity(getAdminSSOToken(), userId);
        NameID nameId = AssertionFactory.getInstance().createNameID();
        nameId.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
        if (isIDP) {
            nameId.setNameQualifier(localEntityId);
            nameId.setSPNameQualifier(remoteEntityId);
        } else {
            nameId.setNameQualifier(remoteEntityId);
            nameId.setSPNameQualifier(localEntityId);
        }
        nameId.setValue(nameIdValue);
        String role = (isIDP) ? SAML2Constants.IDP_ROLE : SAML2Constants.SP_ROLE;
        NameIDInfoKey key = new NameIDInfoKey(nameIdValue, localEntityId, remoteEntityId);
        NameIDInfo info = new NameIDInfo(localEntityId, remoteEntityId, nameId, role, true);
        Map attributes = amid.getAttributes(BulkFederation.saml2UserAttributesFed);
        Set setInfoKey = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_KEY_ATTR);
        if ((setInfoKey == null) || setInfoKey.isEmpty()) {
            setInfoKey = new HashSet(2);
            attributes.put(SAML2Constants.NAMEID_INFO_KEY, setInfoKey);
        }
        setInfoKey.add(key.toValueString());
        Set setInfo = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_ATTR);
        if ((setInfo == null) || setInfo.isEmpty()) {
            setInfo = new HashSet(2);
            attributes.put(SAML2Constants.NAMEID_INFO, setInfo);
        }
        setInfo.add(info.toValueString());
        amid.setAttributes(attributes);
        amid.store();
    } catch (SAML2Exception e) {
        debugError("ImportBulkFederationData.idffFederateUser", e);
        Object[] param = { userId };
        throw new CLIException(MessageFormat.format(getResourceString("import-bulk-federation-data-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (IdRepoException e) {
        debugError("ImportBulkFederationData.idffFederateUser", e);
        IOutput outputWriter = getOutputWriter();
        outputWriter.printlnError(e.getMessage());
    } catch (SSOException e) {
        debugError("ImportBulkFederationData.idffFederateUser", e);
        IOutput outputWriter = getOutputWriter();
        outputWriter.printlnError(e.getMessage());
    }
}

Example 69 with NameID

use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.

the class SAML2 method linkAccount.

/**
     * Links SAML2 accounts once all local auth steps have completed and we have a local principalId,
     * sets the local principal to a new SAML2Pricipal with that ID.
     */
private void linkAccount(final String principalId, final NameID nameId) throws SAML2MetaException, AuthenticationException {
    final String spEntityId = metaManager.getEntityByMetaAlias(metaAlias);
    try {
        NameIDInfo info = new NameIDInfo(spEntityId, entityName, nameId, SAML2Constants.SP_ROLE, false);
        DEBUG.message("SAML2 :: Local User {} Linked to Federation Account - {}", principalId, nameId.getValue());
        if (shouldPersistNameID(spEntityId)) {
            AccountUtils.setAccountFederation(info, principalId);
        }
        principal = new SAML2Principal(principalId);
    } catch (SAML2Exception e) {
        // exception logged later
        throw new AuthenticationException(BUNDLE_NAME, "localLinkError", new Object[0]);
    }
}

Example 70 with NameID

use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.

the class SAML2PostAuthenticationPlugin method onLoginSuccess.

/**
     * If enabled, performs the first-stage of SLO - by recording the currently logged in user.
     * The information relating to a remote user is stored alongside their local information, and upon
     * active-logout is used to trigger a call to the IdP requesting their logout.
     *
     * @param requestParamsMap map containing <code>HttpServletRequest</code>
     *        parameters
     * @param request <code>HttpServletRequest</code> object.
     * @param response <code>HttpServletResponse</code> object.
     * @param ssoToken authenticated user's single sign token.
     */
@Override
public void onLoginSuccess(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) {
    try {
        final String metaAlias = ssoToken.getProperty(SAML2Constants.METAALIAS);
        final String sessionIndex = ssoToken.getProperty(SAML2Constants.SESSION_INDEX);
        final String spEntityId = ssoToken.getProperty(SAML2Constants.SPENTITYID);
        final String idpEntityId = ssoToken.getProperty(SAML2Constants.IDPENTITYID);
        final String nameIdXML = ssoToken.getProperty(SAML2Constants.NAMEID);
        final NameID nameId = new NameIDImplWithoutSPNameQualifier(nameIdXML);
        final boolean isTransient = Boolean.parseBoolean(ssoToken.getProperty(Constants.IS_TRANSIENT));
        final String requestId = ssoToken.getProperty(Constants.REQUEST_ID);
        final SessionProvider sessionProvider = SessionManager.getProvider();
        final NameIDInfo info = new NameIDInfo(spEntityId, idpEntityId, nameId, SAML2Constants.SP_ROLE, false);
        final String ssOutEnabled = ssoToken.getProperty(SAML2Constants.SINGLE_LOGOUT);
        final String cacheKey = ssoToken.getProperty(Constants.CACHE_KEY);
        final String realm = DNMapper.orgNameToRealmName(ssoToken.getProperty(com.sun.identity.shared.Constants.ORGANIZATION));
        SAML2ResponseData data = (SAML2ResponseData) SAML2Store.getTokenFromStore(cacheKey);
        if (data == null && SAML2FailoverUtils.isSAML2FailoverEnabled()) {
            data = (SAML2ResponseData) SAML2FailoverUtils.retrieveSAML2Token(cacheKey);
        }
        if (data == null) {
            throw new SAML2Exception("Unable to retrieve response map from data cache.");
        }
        if (Boolean.parseBoolean(ssOutEnabled)) {
            setupSingleLogOut(ssoToken, metaAlias, sessionIndex, spEntityId, idpEntityId, nameId);
        }
        configureIdpInitSLO(sessionProvider, ssoToken, sessionIndex, metaAlias, info, isTransient, requestId);
        configurePostSSO(spEntityId, realm, request, response, ssoToken, sessionProvider, data.getResponseInfo(), cacheKey);
        clearSession(ssoToken);
    } catch (SAML2Exception | SessionException | SSOException | SAML2TokenRepositoryException e) {
        //debug warning and fall through
        DEBUG.warning("Error saving SAML assertion information in memory. SLO not configured for this session.", e);
    }
}