use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class NameIDMapping method getNameID.
private static NameID getNameID(NameIDMappingRequest nimRequest, String realm, String idpEntityID) {
NameID nameID = nimRequest.getNameID();
if (nameID == null) {
EncryptedID encryptedID = nimRequest.getEncryptedID();
try {
final IDPSSOConfigElement idpSsoConfig = metaManager.getIDPSSOConfig(realm, idpEntityID);
nameID = encryptedID.decrypt(KeyUtil.getDecryptionKeys(idpSsoConfig));
} catch (SAML2Exception ex) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("NameIDMapping.getNameID:", ex);
}
return null;
}
}
if (!SAML2Utils.isPersistentNameID(nameID)) {
return null;
}
return nameID;
}
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class LogoutUtil method getNameIDFromSLORequest.
static NameID getNameIDFromSLORequest(LogoutRequest request, String realm, String hostEntity, String hostEntityRole) throws SAML2Exception {
String method = "getNameIDFromSLORequest: ";
boolean needDecryptIt = SAML2Utils.getWantNameIDEncrypted(realm, hostEntity, hostEntityRole);
if (needDecryptIt == false) {
if (debug.messageEnabled()) {
debug.message(method + "NamID doesn't need to be decrypted.");
}
return request.getNameID();
}
if (debug.messageEnabled()) {
debug.message(method + "realm is : " + realm);
debug.message(method + "hostEntity is : " + hostEntity);
debug.message(method + "Host Entity role is : " + hostEntityRole);
}
EncryptedID encryptedID = request.getEncryptedID();
return encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, hostEntity, hostEntityRole));
}
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class ImportBulkFederationData method saml2FederateUser.
private void saml2FederateUser(String userId, String nameIdValue) throws CLIException {
try {
AMIdentity amid = IdUtils.getIdentity(getAdminSSOToken(), userId);
NameID nameId = AssertionFactory.getInstance().createNameID();
nameId.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
if (isIDP) {
nameId.setNameQualifier(localEntityId);
nameId.setSPNameQualifier(remoteEntityId);
} else {
nameId.setNameQualifier(remoteEntityId);
nameId.setSPNameQualifier(localEntityId);
}
nameId.setValue(nameIdValue);
String role = (isIDP) ? SAML2Constants.IDP_ROLE : SAML2Constants.SP_ROLE;
NameIDInfoKey key = new NameIDInfoKey(nameIdValue, localEntityId, remoteEntityId);
NameIDInfo info = new NameIDInfo(localEntityId, remoteEntityId, nameId, role, true);
Map attributes = amid.getAttributes(BulkFederation.saml2UserAttributesFed);
Set setInfoKey = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_KEY_ATTR);
if ((setInfoKey == null) || setInfoKey.isEmpty()) {
setInfoKey = new HashSet(2);
attributes.put(SAML2Constants.NAMEID_INFO_KEY, setInfoKey);
}
setInfoKey.add(key.toValueString());
Set setInfo = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_ATTR);
if ((setInfo == null) || setInfo.isEmpty()) {
setInfo = new HashSet(2);
attributes.put(SAML2Constants.NAMEID_INFO, setInfo);
}
setInfo.add(info.toValueString());
amid.setAttributes(attributes);
amid.store();
} catch (SAML2Exception e) {
debugError("ImportBulkFederationData.idffFederateUser", e);
Object[] param = { userId };
throw new CLIException(MessageFormat.format(getResourceString("import-bulk-federation-data-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IdRepoException e) {
debugError("ImportBulkFederationData.idffFederateUser", e);
IOutput outputWriter = getOutputWriter();
outputWriter.printlnError(e.getMessage());
} catch (SSOException e) {
debugError("ImportBulkFederationData.idffFederateUser", e);
IOutput outputWriter = getOutputWriter();
outputWriter.printlnError(e.getMessage());
}
}
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class SAML2 method linkAccount.
/**
* Links SAML2 accounts once all local auth steps have completed and we have a local principalId,
* sets the local principal to a new SAML2Pricipal with that ID.
*/
private void linkAccount(final String principalId, final NameID nameId) throws SAML2MetaException, AuthenticationException {
final String spEntityId = metaManager.getEntityByMetaAlias(metaAlias);
try {
NameIDInfo info = new NameIDInfo(spEntityId, entityName, nameId, SAML2Constants.SP_ROLE, false);
DEBUG.message("SAML2 :: Local User {} Linked to Federation Account - {}", principalId, nameId.getValue());
if (shouldPersistNameID(spEntityId)) {
AccountUtils.setAccountFederation(info, principalId);
}
principal = new SAML2Principal(principalId);
} catch (SAML2Exception e) {
// exception logged later
throw new AuthenticationException(BUNDLE_NAME, "localLinkError", new Object[0]);
}
}
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class SAML2PostAuthenticationPlugin method onLoginSuccess.
/**
* If enabled, performs the first-stage of SLO - by recording the currently logged in user.
* The information relating to a remote user is stored alongside their local information, and upon
* active-logout is used to trigger a call to the IdP requesting their logout.
*
* @param requestParamsMap map containing <code>HttpServletRequest</code>
* parameters
* @param request <code>HttpServletRequest</code> object.
* @param response <code>HttpServletResponse</code> object.
* @param ssoToken authenticated user's single sign token.
*/
@Override
public void onLoginSuccess(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) {
try {
final String metaAlias = ssoToken.getProperty(SAML2Constants.METAALIAS);
final String sessionIndex = ssoToken.getProperty(SAML2Constants.SESSION_INDEX);
final String spEntityId = ssoToken.getProperty(SAML2Constants.SPENTITYID);
final String idpEntityId = ssoToken.getProperty(SAML2Constants.IDPENTITYID);
final String nameIdXML = ssoToken.getProperty(SAML2Constants.NAMEID);
final NameID nameId = new NameIDImplWithoutSPNameQualifier(nameIdXML);
final boolean isTransient = Boolean.parseBoolean(ssoToken.getProperty(Constants.IS_TRANSIENT));
final String requestId = ssoToken.getProperty(Constants.REQUEST_ID);
final SessionProvider sessionProvider = SessionManager.getProvider();
final NameIDInfo info = new NameIDInfo(spEntityId, idpEntityId, nameId, SAML2Constants.SP_ROLE, false);
final String ssOutEnabled = ssoToken.getProperty(SAML2Constants.SINGLE_LOGOUT);
final String cacheKey = ssoToken.getProperty(Constants.CACHE_KEY);
final String realm = DNMapper.orgNameToRealmName(ssoToken.getProperty(com.sun.identity.shared.Constants.ORGANIZATION));
SAML2ResponseData data = (SAML2ResponseData) SAML2Store.getTokenFromStore(cacheKey);
if (data == null && SAML2FailoverUtils.isSAML2FailoverEnabled()) {
data = (SAML2ResponseData) SAML2FailoverUtils.retrieveSAML2Token(cacheKey);
}
if (data == null) {
throw new SAML2Exception("Unable to retrieve response map from data cache.");
}
if (Boolean.parseBoolean(ssOutEnabled)) {
setupSingleLogOut(ssoToken, metaAlias, sessionIndex, spEntityId, idpEntityId, nameId);
}
configureIdpInitSLO(sessionProvider, ssoToken, sessionIndex, metaAlias, info, isTransient, requestId);
configurePostSSO(spEntityId, realm, request, response, ssoToken, sessionProvider, data.getResponseInfo(), cacheKey);
clearSession(ssoToken);
} catch (SAML2Exception | SessionException | SSOException | SAML2TokenRepositoryException e) {
//debug warning and fall through
DEBUG.warning("Error saving SAML assertion information in memory. SLO not configured for this session.", e);
}
}
Aggregations