use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method setSPStdAttributeValues.
/**
* Saves the standard attribute values for the Service Provider.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @param spStdValues Map which contains the standard attribute values.
* @param assertionConsumer List with assertion consumer service values.
* @throws AMConsoleException if saving of attribute value fails.
*/
public void setSPStdAttributeValues(String realm, String entityName, Map spStdValues, List assertionConsumer) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "SP-Standard" };
logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
SPSSODescriptorElement spssoDescriptor = null;
com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact = new com.sun.identity.saml2.jaxb.metadata.ObjectFactory();
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
spssoDescriptor = samlManager.getSPSSODescriptor(realm, entityName);
if (spssoDescriptor != null) {
// save for Single Logout Service - Http-Redirect
if (spStdValues.keySet().contains(SP_SINGLE_LOGOUT_HTTP_LOCATION)) {
String lohttpLocation = getResult(spStdValues, SP_SINGLE_LOGOUT_HTTP_LOCATION);
String lohttpRespLocation = getResult(spStdValues, SP_SINGLE_LOGOUT_HTTP_RESP_LOCATION);
String lopostLocation = getResult(spStdValues, SP_SLO_POST_LOC);
String lopostRespLocation = getResult(spStdValues, SP_SLO_POST_RESPLOC);
String losoapLocation = getResult(spStdValues, SP_SINGLE_LOGOUT_SOAP_LOCATION);
String priority = getResult(spStdValues, SP_LOGOUT_DEFAULT);
if (priority.contains("none")) {
if (lohttpLocation != null) {
priority = httpRedirectBinding;
} else if (lopostLocation != null) {
priority = httpPostBinding;
} else if (losoapLocation != null) {
priority = soapBinding;
}
}
List logList = spssoDescriptor.getSingleLogoutService();
if (!logList.isEmpty()) {
logList.clear();
}
if (priority != null && priority.contains("HTTP-Redirect")) {
savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
savepostLogout(lopostLocation, lopostRespLocation, logList, objFact);
savesoapLogout(losoapLocation, logList, objFact);
} else if (priority != null && priority.contains("HTTP-POST")) {
savepostLogout(lopostLocation, lopostRespLocation, logList, objFact);
savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
savesoapLogout(losoapLocation, logList, objFact);
} else if (priority != null && priority.contains("SOAP")) {
savesoapLogout(losoapLocation, logList, objFact);
savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
savepostLogout(lopostLocation, lopostRespLocation, logList, objFact);
}
}
// save for Manage Name ID Service
if (spStdValues.keySet().contains(SP_MANAGE_NAMEID_HTTP_LOCATION)) {
String mnihttpLocation = getResult(spStdValues, SP_MANAGE_NAMEID_HTTP_LOCATION);
String mnihttpRespLocation = getResult(spStdValues, SP_MANAGE_NAMEID_HTTP_RESP_LOCATION);
String mnipostLocation = getResult(spStdValues, SP_MNI_POST_LOC);
String mnipostRespLocation = getResult(spStdValues, SP_MNI_POST_RESPLOC);
String mnisoapLocation = getResult(spStdValues, SP_MANAGE_NAMEID_SOAP_LOCATION);
String mnisoapResLocation = getResult(spStdValues, SP_MANAGE_NAMEID_SOAP_RESP_LOCATION);
String priority = getResult(spStdValues, SP_MNI_DEFAULT);
if (priority.contains("none")) {
if (mnihttpLocation != null) {
priority = httpRedirectBinding;
} else if (mnipostLocation != null) {
priority = httpPostBinding;
} else if (mnisoapLocation != null) {
priority = soapBinding;
}
}
List manageNameIdList = spssoDescriptor.getManageNameIDService();
if (!manageNameIdList.isEmpty()) {
manageNameIdList.clear();
}
if (priority != null && priority.contains("HTTP-Redirect")) {
savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
saveSPsoapMni(mnisoapLocation, mnisoapResLocation, manageNameIdList, objFact);
} else if (priority != null && priority.contains("HTTP-POST")) {
savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
saveSPsoapMni(mnisoapLocation, mnisoapResLocation, manageNameIdList, objFact);
} else if (priority != null && priority.contains("SOAP")) {
saveSPsoapMni(mnisoapLocation, mnisoapResLocation, manageNameIdList, objFact);
savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
}
}
//save for artifact, post and paos Assertion Consumer Service
if (!assertionConsumer.isEmpty() && assertionConsumer.size() > 0) {
List asconsServiceList = spssoDescriptor.getAssertionConsumerService();
if (!asconsServiceList.isEmpty()) {
asconsServiceList.clear();
}
asconsServiceList.addAll(assertionConsumer);
}
//save nameid format
if (spStdValues.keySet().contains(NAMEID_FORMAT)) {
saveNameIdFormat(spssoDescriptor, spStdValues);
}
//save AuthnRequestsSigned
if (spStdValues.keySet().contains(IS_AUTHN_REQ_SIGNED)) {
boolean authnValue = setToBoolean(spStdValues, IS_AUTHN_REQ_SIGNED);
spssoDescriptor.setAuthnRequestsSigned(authnValue);
}
//save WantAssertionsSigned
if (spStdValues.keySet().contains(WANT_ASSERTIONS_SIGNED)) {
boolean assertValue = setToBoolean(spStdValues, WANT_ASSERTIONS_SIGNED);
spssoDescriptor.setWantAssertionsSigned(assertValue);
}
samlManager.setEntityDescriptor(realm, entityDescriptor);
}
logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
} catch (SAML2MetaException e) {
debug.warning("SAMLv2ModelImpl.setSPStdAttributeValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "SP-Standard", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(strError);
} catch (JAXBException e) {
debug.error("SAMLv2ModelImpl.setSPStdAttributeValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "SP-Standard", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
}
}
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class BulkFederation method saml2FederateUser.
private void saml2FederateUser(String localUserId, String remoteUserId, BufferedWriter out) throws CLIException {
SSOToken adminSSOToken = getAdminSSOToken();
try {
AMIdentity amid = IdUtils.getIdentity(adminSSOToken, localUserId);
String nameIdValue = createNameIdentifier();
NameID nameId = AssertionFactory.getInstance().createNameID();
nameId.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
if (isIDP) {
nameId.setNameQualifier(localEntityId);
nameId.setSPNameQualifier(remoteEntityId);
} else {
nameId.setNameQualifier(remoteEntityId);
nameId.setSPNameQualifier(localEntityId);
}
nameId.setValue(nameIdValue);
String role = (isIDP) ? SAML2Constants.IDP_ROLE : SAML2Constants.SP_ROLE;
NameIDInfoKey key = new NameIDInfoKey(nameIdValue, localEntityId, remoteEntityId);
NameIDInfo info = new NameIDInfo(localEntityId, remoteEntityId, nameId, role, true);
Map attributes = amid.getAttributes(saml2UserAttributesFed);
Set setInfoKey = (Set) attributes.get(SAML2Constants.NAMEID_INFO_KEY);
if ((setInfoKey == null) || setInfoKey.isEmpty()) {
setInfoKey = new HashSet(2);
attributes.put(SAML2Constants.NAMEID_INFO_KEY, setInfoKey);
}
setInfoKey.add(key.toValueString());
Set setInfo = (Set) attributes.get(SAML2Constants.NAMEID_INFO);
if ((setInfo == null) || setInfo.isEmpty()) {
setInfo = new HashSet(2);
attributes.put(SAML2Constants.NAMEID_INFO, setInfo);
}
setInfo.add(info.toValueString());
amid.setAttributes(attributes);
amid.store();
out.write(remoteUserId + "|" + nameIdValue);
out.newLine();
} catch (SAML2Exception e) {
debugError("BulkFederation.saml2FederateUser", e);
Object[] param = { localUserId };
throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IOException e) {
debugError("BulkFederation.saml2FederateUser", e);
Object[] param = { localUserId };
throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IdRepoException e) {
debugError("BulkFederation.saml2FederateUser", e);
IOutput outputWriter = getOutputWriter();
outputWriter.printlnError(e.getMessage());
} catch (SSOException e) {
debugError("BulkFederation.saml2FederateUser", e);
IOutput outputWriter = getOutputWriter();
outputWriter.printlnError(e.getMessage());
}
}
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method getStandardIdentityProviderAttributes.
/**
* Returns a map with standard identity provider attributes and values.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @return Map with standard attribute values of Identity Provider.
* @throws AMConsoleException if unable to retrieve the Identity Provider
* attrubutes based on the realm and entityName passed.
*/
public Map getStandardIdentityProviderAttributes(String realm, String entityName) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "IDP-Standard" };
logEvent("ATTEMPT_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
Map map = new HashMap();
IDPSSODescriptorElement idpssoDescriptor = null;
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
idpssoDescriptor = samlManager.getIDPSSODescriptor(realm, entityName);
if (idpssoDescriptor != null) {
// retrieve WantAuthnRequestsSigned
map.put(WANT_AUTHN_REQ_SIGNED, returnEmptySetIfValueIsNull(idpssoDescriptor.isWantAuthnRequestsSigned()));
//retrieve ArtifactResolutionService
map.put(ART_RES_LOCATION, Collections.EMPTY_SET);
map.put(ART_RES_INDEX, Collections.EMPTY_SET);
map.put(ART_RES_ISDEFAULT, Collections.EMPTY_SET);
List artList = idpssoDescriptor.getArtifactResolutionService();
if (!artList.isEmpty()) {
ArtifactResolutionServiceElement key = (ArtifactResolutionServiceElement) artList.get(0);
map.put(ART_RES_LOCATION, returnEmptySetIfValueIsNull(key.getLocation()));
map.put(ART_RES_INDEX, returnEmptySetIfValueIsNull(Integer.toString(key.getIndex())));
map.put(ART_RES_ISDEFAULT, returnEmptySetIfValueIsNull(key.isIsDefault()));
}
//retrieve SingleLogoutService
map.put(SINGLE_LOGOUT_HTTP_LOCATION, Collections.EMPTY_SET);
map.put(SINGLE_LOGOUT_HTTP_RESP_LOCATION, Collections.EMPTY_SET);
map.put(SLO_POST_LOC, Collections.EMPTY_SET);
map.put(SLO_POST_RESPLOC, Collections.EMPTY_SET);
map.put(SINGLE_LOGOUT_SOAP_LOCATION, Collections.EMPTY_SET);
map.put(SINGLE_LOGOUT_DEFAULT, Collections.EMPTY_SET);
List logoutList = idpssoDescriptor.getSingleLogoutService();
for (int i = 0; i < logoutList.size(); i++) {
SingleLogoutServiceElement spslsElem = (SingleLogoutServiceElement) logoutList.get(i);
String tmp = spslsElem.getBinding();
if (i == 0) {
map.put(SINGLE_LOGOUT_DEFAULT, returnEmptySetIfValueIsNull(tmp));
}
if (tmp.contains(httpRedirect)) {
map.put(SINGLE_LOGOUT_HTTP_LOCATION, returnEmptySetIfValueIsNull(spslsElem.getLocation()));
map.put(SINGLE_LOGOUT_HTTP_RESP_LOCATION, returnEmptySetIfValueIsNull(spslsElem.getResponseLocation()));
} else if (tmp.contains(httpPost)) {
map.put(SLO_POST_LOC, returnEmptySetIfValueIsNull(spslsElem.getLocation()));
map.put(SLO_POST_RESPLOC, returnEmptySetIfValueIsNull(spslsElem.getResponseLocation()));
} else if (tmp.contains(soap)) {
map.put(SINGLE_LOGOUT_SOAP_LOCATION, returnEmptySetIfValueIsNull(spslsElem.getLocation()));
}
}
//retrieve ManageNameIDService
map.put(MANAGE_NAMEID_HTTP_LOCATION, Collections.EMPTY_SET);
map.put(MANAGE_NAMEID_HTTP_RESP_LOCATION, Collections.EMPTY_SET);
map.put(MNI_POST_LOC, Collections.EMPTY_SET);
map.put(MNI_POST_RESPLOC, Collections.EMPTY_SET);
map.put(MANAGE_NAMEID_SOAP_LOCATION, Collections.EMPTY_SET);
map.put(SINGLE_MANAGE_NAMEID_DEFAULT, Collections.EMPTY_SET);
List manageNameIdList = idpssoDescriptor.getManageNameIDService();
for (int i = 0; i < manageNameIdList.size(); i++) {
ManageNameIDServiceElement mniElem = (ManageNameIDServiceElement) manageNameIdList.get(i);
String tmp = mniElem.getBinding();
if (i == 0) {
map.put(SINGLE_MANAGE_NAMEID_DEFAULT, returnEmptySetIfValueIsNull(tmp));
}
if (tmp.contains(httpRedirect)) {
map.put(MANAGE_NAMEID_HTTP_LOCATION, returnEmptySetIfValueIsNull(mniElem.getLocation()));
map.put(MANAGE_NAMEID_HTTP_RESP_LOCATION, returnEmptySetIfValueIsNull(mniElem.getResponseLocation()));
} else if (tmp.contains(httpPost)) {
map.put(MNI_POST_LOC, returnEmptySetIfValueIsNull(mniElem.getLocation()));
map.put(MNI_POST_RESPLOC, returnEmptySetIfValueIsNull(mniElem.getResponseLocation()));
} else if (tmp.contains(soap)) {
map.put(MANAGE_NAMEID_SOAP_LOCATION, returnEmptySetIfValueIsNull(mniElem.getLocation()));
}
}
//retrieve nameid mapping service
map.put(NAME_ID_MAPPPING, Collections.EMPTY_SET);
List nameIDmappingList = idpssoDescriptor.getNameIDMappingService();
if (!nameIDmappingList.isEmpty()) {
NameIDMappingServiceElement namidElem1 = (NameIDMappingServiceElement) nameIDmappingList.get(0);
map.put(NAME_ID_MAPPPING, returnEmptySetIfValueIsNull(namidElem1.getLocation()));
}
//retrieve nameid format
map.put(NAMEID_FORMAT, (OrderedSet) convertListToSet(idpssoDescriptor.getNameIDFormat()));
//retrieve single sign on service
map.put(SINGLE_SIGNON_HTTP_LOCATION, Collections.EMPTY_SET);
map.put(SINGLE_SIGNON_SOAP_LOCATION, Collections.EMPTY_SET);
map.put(SSO_SOAPS_LOC, Collections.EMPTY_SET);
List signonList = idpssoDescriptor.getSingleSignOnService();
for (int i = 0; i < signonList.size(); i++) {
SingleSignOnServiceElement signElem = (SingleSignOnServiceElement) signonList.get(i);
String tmp = signElem.getBinding();
if (tmp.contains(httpRedirect)) {
map.put(SINGLE_SIGNON_HTTP_LOCATION, returnEmptySetIfValueIsNull(signElem.getLocation()));
} else if (tmp.contains(httpPost)) {
map.put(SINGLE_SIGNON_SOAP_LOCATION, returnEmptySetIfValueIsNull(signElem.getLocation()));
} else if (tmp.contains(soap)) {
map.put(SSO_SOAPS_LOC, returnEmptySetIfValueIsNull(signElem.getLocation()));
}
}
//retrieve key descriptor encryption details if present
map.put(TF_KEY_NAME, Collections.EMPTY_SET);
map.put(TF_ALGORITHM, Collections.EMPTY_SET);
if (idpssoDescriptor.getKeyDescriptor() != null) {
getKeyandAlgorithm(idpssoDescriptor, map);
}
}
logEvent("SUCCEED_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
} catch (SAML2MetaException e) {
debug.warning("SAMLv2ModelImpl.getIdentityProviderAttributes:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "IDP-Standard", strError };
logEvent("FEDERATION_EXCEPTION_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", paramsEx);
throw new AMConsoleException(strError);
}
return map;
}
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method setStdAttributeQueryValues.
/**
* Saves the standard attribute values for Attribute Query.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @param attrQueryValues Map which contains standard attribute query values.
* @throws AMConsoleException if saving of attribute value fails.
*/
public void setStdAttributeQueryValues(String realm, String entityName, Map attrQueryValues) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "AttribQuery-Std" };
logEvent("ATTEMPT_MODIFY_ATTR_QUERY_ATTR_VALUES", params);
AttributeQueryDescriptorElement attrQueryDescriptor = null;
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
attrQueryDescriptor = samlManager.getAttributeQueryDescriptor(realm, entityName);
if (attrQueryDescriptor != null) {
//save nameid format
List NameIdFormatList = attrQueryDescriptor.getNameIDFormat();
if (!NameIdFormatList.isEmpty()) {
attrQueryDescriptor.getNameIDFormat().clear();
}
List listtoSave = convertSetToList((Set) attrQueryValues.get(ATTR_NAMEID_FORMAT));
Iterator itt = listtoSave.listIterator();
while (itt.hasNext()) {
String name = (String) itt.next();
attrQueryDescriptor.getNameIDFormat().add(name);
}
samlManager.setEntityDescriptor(realm, entityDescriptor);
}
logEvent("SUCCEED_MODIFY_ATTR_QUERY_ATTR_VALUES", params);
} catch (SAML2MetaException e) {
debug.warning("SAMLv2ModelImpl.setStdAttributeQueryValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "AttribQuery-Std", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ATTR_QUERY_ATTR_VALUES", paramsEx);
throw new AMConsoleException(strError);
}
}
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class DefaultSubjectProvider method createNameIdentifier.
private NameID createNameIdentifier(String subjectId, String nameIdFormat) throws TokenCreationException {
NameID nameID = AssertionFactory.getInstance().createNameID();
try {
nameID.setValue(subjectId);
nameID.setFormat(nameIdFormat);
} catch (SAML2Exception e) {
throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught setting NameID state in DefaultSubjectProvider: " + e, e);
}
return nameID;
}
Aggregations