Example 36 with NameID
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class SubjectImpl method toXMLString.
/**
* Returns a String representation
* @param includeNSPrefix Determines whether or not the namespace
* qualifier is prepended to the Element when converted
* @param declareNS Determines whether or not the namespace is
* declared within the Element.
* @return A String representation
* @exception SAML2Exception if something is wrong during conversion
*/
public String toXMLString(boolean includeNSPrefix, boolean declareNS) throws SAML2Exception {
StringBuffer sb = new StringBuffer(2000);
String NS = "";
String appendNS = "";
if (declareNS) {
NS = SAML2Constants.ASSERTION_DECLARE_STR;
}
if (includeNSPrefix) {
appendNS = SAML2Constants.ASSERTION_PREFIX;
}
sb.append("<").append(appendNS).append(SUBJECT_ELEMENT).append(NS).append(">\n");
boolean idFound = false;
if (baseId != null) {
sb.append(baseId.toXMLString(includeNSPrefix, false));
idFound = true;
}
if (nameId != null) {
if (idFound) {
SAML2SDKUtils.debug.error("SubjectImpl.toXMLString(): " + "more than one types of id specified");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("too_many_ids_specified"));
} else {
sb.append(nameId.toXMLString(includeNSPrefix, false));
idFound = true;
}
}
if (encryptedId != null) {
if (idFound) {
SAML2SDKUtils.debug.error("SubjectImpl.toXMLString(): " + "more than one types of id specified");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("too_many_ids_specified"));
} else {
sb.append(encryptedId.toXMLString(includeNSPrefix, false));
idFound = true;
}
}
int length = subjectConfirmations.size();
if (length == 0) {
if (!idFound) {
SAML2SDKUtils.debug.error("SubjectImpl.toXMLString(): Need at " + "least one id or one subject confirmation in a subject");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("need_at_least_one_id_or_on_SubjectConfirmation"));
}
} else {
for (int i = 0; i < length; i++) {
SubjectConfirmation sc = (SubjectConfirmation) subjectConfirmations.get(i);
sb.append(sc.toXMLString(includeNSPrefix, false));
}
}
sb.append("</").append(appendNS).append(SUBJECT_ELEMENT).append(">");
return sb.toString();
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
SubjectConfirmation(com.sun.identity.saml2.assertion.SubjectConfirmation)
Example 37 with NameID
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class NameIDInfo method parse.
/**
* Returns the <code>NameIDInfo</code> by parsing the string value.
* @return the <code>NameIDInfo</code>
* @exception SAML2Exception if the parsing fails.
*/
public static NameIDInfo parse(String info) throws SAML2Exception {
if (info == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("nullNameIDInfo"));
}
StringTokenizer st = new StringTokenizer(info, DELIM);
if (st.countTokens() != 9) {
throw new SAML2Exception(SAML2Utils.bundle.getString("inValidNameIDInfo"));
}
String hostEntityID = st.nextToken();
String remoteEntityID = st.nextToken();
String nameIDValue = st.nextToken();
String nameQualifier = st.nextToken();
String format = st.nextToken();
String spNameIDValue = st.nextToken();
String spNameQualifier = st.nextToken();
String role = st.nextToken();
boolean isAffiliation = Boolean.valueOf(st.nextToken()).booleanValue();
NameID nameID = AssertionFactory.getInstance().createNameID();
nameID.setValue(nameIDValue);
if (nameQualifier != null && !NULL.equals(nameQualifier)) {
nameID.setNameQualifier(nameQualifier);
}
if (spNameIDValue != null && !NULL.equals(spNameIDValue)) {
nameID.setSPProvidedID(spNameIDValue);
}
if (spNameQualifier != null && !NULL.equals(spNameQualifier)) {
nameID.setSPNameQualifier(spNameQualifier);
}
if (format != null && !NULL.equals(format)) {
nameID.setFormat(format);
}
return new NameIDInfo(hostEntityID, remoteEntityID, nameID, role, isAffiliation);
}
Also used :
StringTokenizer(java.util.StringTokenizer)
NameID(com.sun.identity.saml2.assertion.NameID)
Example 38 with NameID
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class SAML2Utils method getNameIDKeyMap.
/**
* Returns the <code>NameIDInfoKey</code> key value pair that can
* be used for searching the user.
*
* @param nameID <code>NameID</code> object.
* @param hostEntityID hosted <code>EntityID</code>.
* @param remoteEntityID remote <code>EntityID</code>.
* @param hostEntityRole the role of hosted entity.
* @throws <code>SAML2Exception</code> if any failure.
*/
public static Map getNameIDKeyMap(final NameID nameID, final String hostEntityID, final String remoteEntityID, final String realm, final String hostEntityRole) throws SAML2Exception {
if (nameID == null) {
throw new SAML2Exception(bundle.getString("nullNameID"));
}
NameIDInfoKey infoKey = null;
String affiliationID = nameID.getSPNameQualifier();
if (affiliationID != null && !affiliationID.isEmpty()) {
AffiliationDescriptorType affiDesc = saml2MetaManager.getAffiliationDescriptor(realm, affiliationID);
if (affiDesc == null) {
infoKey = new NameIDInfoKey(nameID.getValue(), hostEntityID, remoteEntityID);
} else {
if (SAML2Constants.SP_ROLE.equals(hostEntityRole)) {
if (!affiDesc.getAffiliateMember().contains(hostEntityID)) {
throw new SAML2Exception(SAML2Utils.bundle.getString("spNotAffiliationMember"));
}
infoKey = new NameIDInfoKey(nameID.getValue(), affiliationID, remoteEntityID);
} else {
if (!affiDesc.getAffiliateMember().contains(remoteEntityID)) {
throw new SAML2Exception(SAML2Utils.bundle.getString("spNotAffiliationMember"));
}
infoKey = new NameIDInfoKey(nameID.getValue(), hostEntityID, affiliationID);
}
}
} else {
infoKey = new NameIDInfoKey(nameID.getValue(), hostEntityID, remoteEntityID);
}
HashSet set = new HashSet();
set.add(infoKey.toValueString());
Map keyMap = new HashMap();
keyMap.put(AccountUtils.getNameIDInfoKeyAttribute(), set);
if (debug.messageEnabled()) {
debug.message("SAML2Utils.getNameIDKeyMap: " + keyMap);
}
return keyMap;
}
Also used :
HashMap(java.util.HashMap)
AffiliationDescriptorType(com.sun.identity.saml2.jaxb.metadata.AffiliationDescriptorType)
Map(java.util.Map)
HashMap(java.util.HashMap)
HashSet(java.util.HashSet)
Example 39 with NameID
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class DoManageNameID method checkMNIResponse.
private static boolean checkMNIResponse(ManageNameIDResponse mniResponse, String realm, String hostEntityID, String hostRole, StringBuffer mniUserId) throws SAML2Exception, SessionException {
boolean success = false;
String remoteEntityID = mniResponse.getIssuer().getValue();
String requestID = mniResponse.getInResponseTo();
ManageNameIDRequestInfo reqInfo = getMNIRequestInfo(requestID, hostRole);
if (reqInfo == null) {
logError("invalidInResponseToInResponse", LogUtil.INVALID_MNI_RESPONSE, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidInResponseToInResponse"));
}
String retCode = mniResponse.getStatus().getStatusCode().getValue();
if (retCode.equalsIgnoreCase(SAML2Constants.SUCCESS)) {
Object session = reqInfo.getSession();
if (session == null) {
logError("nullSSOToken", LogUtil.INVALID_SSOTOKEN, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("nullSSOToken"));
}
String userID = sessionProvider.getPrincipalName(session);
mniUserId.append(userID);
ManageNameIDRequest origMniReq = reqInfo.getManageNameIDRequest();
NameID oldNameID = origMniReq.getNameID();
List spFedSessions = null;
NameIDInfo oldNameIDInfo = getNameIDInfo(userID, hostEntityID, remoteEntityID, hostRole, realm, oldNameID.getSPNameQualifier(), true);
if (oldNameIDInfo == null) {
debug.error("DoManageNameID.checkMNIResponse: NameIDInfo " + "not found.");
return false;
}
// Terminate
if (hostRole.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
String infoKeyStr = oldNameIDInfo.getNameIDInfoKey().toValueString();
spFedSessions = (List) SPCache.fedSessionListsByNameIDInfoKey.remove(infoKeyStr);
removeInfoKeyFromSession(session, infoKeyStr);
if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
saml2Svc.setFedSessionCount((long) SPCache.fedSessionListsByNameIDInfoKey.size());
}
} else {
removeIDPFedSession(remoteEntityID, oldNameID.getValue());
}
if (!AccountUtils.removeAccountFederation(oldNameIDInfo, userID)) {
// log termination failure
logError("unableToTerminate", LogUtil.UNABLE_TO_TERMINATE, userID);
return false;
}
if (origMniReq.getTerminate()) {
// log termination success
logAccess("requestSuccess", LogUtil.SUCCESS_FED_TERMINATION, userID);
return true;
}
// newID case
String newIDValue = origMniReq.getNewID().getValue();
boolean isAffiliation = oldNameIDInfo.isAffiliation();
String spNameQualifier = oldNameID.getSPNameQualifier();
if (hostRole.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
NameID newNameID = AssertionFactory.getInstance().createNameID();
newNameID.setValue(oldNameID.getValue());
newNameID.setFormat(oldNameID.getFormat());
newNameID.setSPProvidedID(newIDValue);
newNameID.setSPNameQualifier(spNameQualifier);
newNameID.setNameQualifier(oldNameID.getNameQualifier());
NameIDInfo newNameIDInfo = new NameIDInfo((isAffiliation ? spNameQualifier : hostEntityID), remoteEntityID, newNameID, hostRole, isAffiliation);
String newInfoKeyStr = newNameIDInfo.getNameIDInfoKey().toValueString();
if (spFedSessions != null) {
SPCache.fedSessionListsByNameIDInfoKey.put(newInfoKeyStr, spFedSessions);
if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
saml2Svc.setFedSessionCount((long) SPCache.fedSessionListsByNameIDInfoKey.size());
}
}
AccountUtils.setAccountFederation(newNameIDInfo, userID);
try {
String infoKeyAttribute = AccountUtils.getNameIDInfoKeyAttribute();
String[] fromToken = sessionProvider.getProperty(session, infoKeyAttribute);
if ((fromToken == null) || (fromToken.length == 0) || (fromToken[0] == null) || (fromToken[0].length() == 0)) {
String[] values = { newInfoKeyStr };
sessionProvider.setProperty(session, infoKeyAttribute, values);
} else {
if (fromToken[0].indexOf(newInfoKeyStr) == -1) {
String[] values = { fromToken[0] + SAML2Constants.SECOND_DELIM + newInfoKeyStr };
sessionProvider.setProperty(session, infoKeyAttribute, values);
}
}
} catch (Exception e) {
debug.message("DoManageNameID.checkMNIResponse:", e);
}
} else if (hostRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
NameID newNameID = AssertionFactory.getInstance().createNameID();
newNameID.setValue(newIDValue);
newNameID.setFormat(oldNameID.getFormat());
newNameID.setSPProvidedID(oldNameID.getSPProvidedID());
newNameID.setSPNameQualifier(spNameQualifier);
newNameID.setNameQualifier(hostEntityID);
NameIDInfo newNameIDInfo = new NameIDInfo(hostEntityID, (isAffiliation ? spNameQualifier : remoteEntityID), newNameID, SAML2Constants.IDP_ROLE, isAffiliation);
AccountUtils.setAccountFederation(newNameIDInfo, userID);
NameIDandSPpair pair = new NameIDandSPpair(newNameID, remoteEntityID);
IDPSession idpSession = (IDPSession) IDPCache.idpSessionsBySessionID.get(sessionProvider.getSessionID(session));
if (idpSession != null) {
synchronized (IDPCache.idpSessionsByIndices) {
List list = (List) idpSession.getNameIDandSPpairs();
list.add(pair);
}
}
}
// log manage name id success
logAccess("newNameIDSuccess", LogUtil.SUCCESS_NEW_NAMEID, userID);
success = true;
} else {
logError("mniFailed", LogUtil.INVALID_MNI_RESPONSE, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("mniFailed"));
}
return success;
}
Also used :
NameIDInfo(com.sun.identity.saml2.common.NameIDInfo)
ManageNameIDRequest(com.sun.identity.saml2.protocol.ManageNameIDRequest)
NameID(com.sun.identity.saml2.assertion.NameID)
ServletException(javax.servlet.ServletException)
SOAPException(javax.xml.soap.SOAPException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
IOException(java.io.IOException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
List(java.util.List)
Example 40 with NameID
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class DoManageNameID method getNameID.
private static NameID getNameID(String userID, String hostEntityID, String remoteEntityID, String hostEntityRole, String affiliationID, String realm) throws SAML2Exception {
NameIDInfo nameIDInfo = getNameIDInfo(userID, hostEntityID, remoteEntityID, hostEntityRole, realm, affiliationID, false);
NameID nameID = null;
if (nameIDInfo != null) {
nameID = nameIDInfo.getNameID();
if (debug.messageEnabled()) {
debug.message("DoManageNameID.getNameID: userID = " + userID + ", nameID = " + nameID.toXMLString());
}
} else {
debug.error("DoManageNameID.getNameID: " + SAML2Utils.bundle.getString("nullNameID"));
throw new SAML2Exception(SAML2Utils.bundle.getString("nullNameID"));
}
return nameID;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
NameIDInfo(com.sun.identity.saml2.common.NameIDInfo)
NameID(com.sun.identity.saml2.assertion.NameID)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)46
NameID (com.sun.identity.saml2.assertion.NameID)33
List (java.util.List)25
ArrayList (java.util.ArrayList)22
EncryptedID (com.sun.identity.saml2.assertion.EncryptedID)18
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)15
HashMap (java.util.HashMap)14
SessionException (com.sun.identity.plugin.session.SessionException)12
NameIDInfo (com.sun.identity.saml2.common.NameIDInfo)12
Map (java.util.Map)11
Subject (com.sun.identity.saml2.assertion.Subject)10
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)10
Element (org.w3c.dom.Element)10
Date (java.util.Date)9
Iterator (java.util.Iterator)9
AssertionFactory (com.sun.identity.saml2.assertion.AssertionFactory)8
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)8
Assertion (com.sun.identity.saml2.assertion.Assertion)7
Issuer (com.sun.identity.saml2.assertion.Issuer)7
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)7
