use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class SubjectImpl method toXMLString.
/**
* Returns a String representation
* @param includeNSPrefix Determines whether or not the namespace
* qualifier is prepended to the Element when converted
* @param declareNS Determines whether or not the namespace is
* declared within the Element.
* @return A String representation
* @exception SAML2Exception if something is wrong during conversion
*/
public String toXMLString(boolean includeNSPrefix, boolean declareNS) throws SAML2Exception {
StringBuffer sb = new StringBuffer(2000);
String NS = "";
String appendNS = "";
if (declareNS) {
NS = SAML2Constants.ASSERTION_DECLARE_STR;
}
if (includeNSPrefix) {
appendNS = SAML2Constants.ASSERTION_PREFIX;
}
sb.append("<").append(appendNS).append(SUBJECT_ELEMENT).append(NS).append(">\n");
boolean idFound = false;
if (baseId != null) {
sb.append(baseId.toXMLString(includeNSPrefix, false));
idFound = true;
}
if (nameId != null) {
if (idFound) {
SAML2SDKUtils.debug.error("SubjectImpl.toXMLString(): " + "more than one types of id specified");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("too_many_ids_specified"));
} else {
sb.append(nameId.toXMLString(includeNSPrefix, false));
idFound = true;
}
}
if (encryptedId != null) {
if (idFound) {
SAML2SDKUtils.debug.error("SubjectImpl.toXMLString(): " + "more than one types of id specified");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("too_many_ids_specified"));
} else {
sb.append(encryptedId.toXMLString(includeNSPrefix, false));
idFound = true;
}
}
int length = subjectConfirmations.size();
if (length == 0) {
if (!idFound) {
SAML2SDKUtils.debug.error("SubjectImpl.toXMLString(): Need at " + "least one id or one subject confirmation in a subject");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("need_at_least_one_id_or_on_SubjectConfirmation"));
}
} else {
for (int i = 0; i < length; i++) {
SubjectConfirmation sc = (SubjectConfirmation) subjectConfirmations.get(i);
sb.append(sc.toXMLString(includeNSPrefix, false));
}
}
sb.append("</").append(appendNS).append(SUBJECT_ELEMENT).append(">");
return sb.toString();
}
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class NameIDInfo method parse.
/**
* Returns the <code>NameIDInfo</code> by parsing the string value.
* @return the <code>NameIDInfo</code>
* @exception SAML2Exception if the parsing fails.
*/
public static NameIDInfo parse(String info) throws SAML2Exception {
if (info == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("nullNameIDInfo"));
}
StringTokenizer st = new StringTokenizer(info, DELIM);
if (st.countTokens() != 9) {
throw new SAML2Exception(SAML2Utils.bundle.getString("inValidNameIDInfo"));
}
String hostEntityID = st.nextToken();
String remoteEntityID = st.nextToken();
String nameIDValue = st.nextToken();
String nameQualifier = st.nextToken();
String format = st.nextToken();
String spNameIDValue = st.nextToken();
String spNameQualifier = st.nextToken();
String role = st.nextToken();
boolean isAffiliation = Boolean.valueOf(st.nextToken()).booleanValue();
NameID nameID = AssertionFactory.getInstance().createNameID();
nameID.setValue(nameIDValue);
if (nameQualifier != null && !NULL.equals(nameQualifier)) {
nameID.setNameQualifier(nameQualifier);
}
if (spNameIDValue != null && !NULL.equals(spNameIDValue)) {
nameID.setSPProvidedID(spNameIDValue);
}
if (spNameQualifier != null && !NULL.equals(spNameQualifier)) {
nameID.setSPNameQualifier(spNameQualifier);
}
if (format != null && !NULL.equals(format)) {
nameID.setFormat(format);
}
return new NameIDInfo(hostEntityID, remoteEntityID, nameID, role, isAffiliation);
}
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class SAML2Utils method getNameIDKeyMap.
/**
* Returns the <code>NameIDInfoKey</code> key value pair that can
* be used for searching the user.
*
* @param nameID <code>NameID</code> object.
* @param hostEntityID hosted <code>EntityID</code>.
* @param remoteEntityID remote <code>EntityID</code>.
* @param hostEntityRole the role of hosted entity.
* @throws <code>SAML2Exception</code> if any failure.
*/
public static Map getNameIDKeyMap(final NameID nameID, final String hostEntityID, final String remoteEntityID, final String realm, final String hostEntityRole) throws SAML2Exception {
if (nameID == null) {
throw new SAML2Exception(bundle.getString("nullNameID"));
}
NameIDInfoKey infoKey = null;
String affiliationID = nameID.getSPNameQualifier();
if (affiliationID != null && !affiliationID.isEmpty()) {
AffiliationDescriptorType affiDesc = saml2MetaManager.getAffiliationDescriptor(realm, affiliationID);
if (affiDesc == null) {
infoKey = new NameIDInfoKey(nameID.getValue(), hostEntityID, remoteEntityID);
} else {
if (SAML2Constants.SP_ROLE.equals(hostEntityRole)) {
if (!affiDesc.getAffiliateMember().contains(hostEntityID)) {
throw new SAML2Exception(SAML2Utils.bundle.getString("spNotAffiliationMember"));
}
infoKey = new NameIDInfoKey(nameID.getValue(), affiliationID, remoteEntityID);
} else {
if (!affiDesc.getAffiliateMember().contains(remoteEntityID)) {
throw new SAML2Exception(SAML2Utils.bundle.getString("spNotAffiliationMember"));
}
infoKey = new NameIDInfoKey(nameID.getValue(), hostEntityID, affiliationID);
}
}
} else {
infoKey = new NameIDInfoKey(nameID.getValue(), hostEntityID, remoteEntityID);
}
HashSet set = new HashSet();
set.add(infoKey.toValueString());
Map keyMap = new HashMap();
keyMap.put(AccountUtils.getNameIDInfoKeyAttribute(), set);
if (debug.messageEnabled()) {
debug.message("SAML2Utils.getNameIDKeyMap: " + keyMap);
}
return keyMap;
}
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class DoManageNameID method checkMNIResponse.
private static boolean checkMNIResponse(ManageNameIDResponse mniResponse, String realm, String hostEntityID, String hostRole, StringBuffer mniUserId) throws SAML2Exception, SessionException {
boolean success = false;
String remoteEntityID = mniResponse.getIssuer().getValue();
String requestID = mniResponse.getInResponseTo();
ManageNameIDRequestInfo reqInfo = getMNIRequestInfo(requestID, hostRole);
if (reqInfo == null) {
logError("invalidInResponseToInResponse", LogUtil.INVALID_MNI_RESPONSE, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidInResponseToInResponse"));
}
String retCode = mniResponse.getStatus().getStatusCode().getValue();
if (retCode.equalsIgnoreCase(SAML2Constants.SUCCESS)) {
Object session = reqInfo.getSession();
if (session == null) {
logError("nullSSOToken", LogUtil.INVALID_SSOTOKEN, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("nullSSOToken"));
}
String userID = sessionProvider.getPrincipalName(session);
mniUserId.append(userID);
ManageNameIDRequest origMniReq = reqInfo.getManageNameIDRequest();
NameID oldNameID = origMniReq.getNameID();
List spFedSessions = null;
NameIDInfo oldNameIDInfo = getNameIDInfo(userID, hostEntityID, remoteEntityID, hostRole, realm, oldNameID.getSPNameQualifier(), true);
if (oldNameIDInfo == null) {
debug.error("DoManageNameID.checkMNIResponse: NameIDInfo " + "not found.");
return false;
}
// Terminate
if (hostRole.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
String infoKeyStr = oldNameIDInfo.getNameIDInfoKey().toValueString();
spFedSessions = (List) SPCache.fedSessionListsByNameIDInfoKey.remove(infoKeyStr);
removeInfoKeyFromSession(session, infoKeyStr);
if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
saml2Svc.setFedSessionCount((long) SPCache.fedSessionListsByNameIDInfoKey.size());
}
} else {
removeIDPFedSession(remoteEntityID, oldNameID.getValue());
}
if (!AccountUtils.removeAccountFederation(oldNameIDInfo, userID)) {
// log termination failure
logError("unableToTerminate", LogUtil.UNABLE_TO_TERMINATE, userID);
return false;
}
if (origMniReq.getTerminate()) {
// log termination success
logAccess("requestSuccess", LogUtil.SUCCESS_FED_TERMINATION, userID);
return true;
}
// newID case
String newIDValue = origMniReq.getNewID().getValue();
boolean isAffiliation = oldNameIDInfo.isAffiliation();
String spNameQualifier = oldNameID.getSPNameQualifier();
if (hostRole.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
NameID newNameID = AssertionFactory.getInstance().createNameID();
newNameID.setValue(oldNameID.getValue());
newNameID.setFormat(oldNameID.getFormat());
newNameID.setSPProvidedID(newIDValue);
newNameID.setSPNameQualifier(spNameQualifier);
newNameID.setNameQualifier(oldNameID.getNameQualifier());
NameIDInfo newNameIDInfo = new NameIDInfo((isAffiliation ? spNameQualifier : hostEntityID), remoteEntityID, newNameID, hostRole, isAffiliation);
String newInfoKeyStr = newNameIDInfo.getNameIDInfoKey().toValueString();
if (spFedSessions != null) {
SPCache.fedSessionListsByNameIDInfoKey.put(newInfoKeyStr, spFedSessions);
if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
saml2Svc.setFedSessionCount((long) SPCache.fedSessionListsByNameIDInfoKey.size());
}
}
AccountUtils.setAccountFederation(newNameIDInfo, userID);
try {
String infoKeyAttribute = AccountUtils.getNameIDInfoKeyAttribute();
String[] fromToken = sessionProvider.getProperty(session, infoKeyAttribute);
if ((fromToken == null) || (fromToken.length == 0) || (fromToken[0] == null) || (fromToken[0].length() == 0)) {
String[] values = { newInfoKeyStr };
sessionProvider.setProperty(session, infoKeyAttribute, values);
} else {
if (fromToken[0].indexOf(newInfoKeyStr) == -1) {
String[] values = { fromToken[0] + SAML2Constants.SECOND_DELIM + newInfoKeyStr };
sessionProvider.setProperty(session, infoKeyAttribute, values);
}
}
} catch (Exception e) {
debug.message("DoManageNameID.checkMNIResponse:", e);
}
} else if (hostRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
NameID newNameID = AssertionFactory.getInstance().createNameID();
newNameID.setValue(newIDValue);
newNameID.setFormat(oldNameID.getFormat());
newNameID.setSPProvidedID(oldNameID.getSPProvidedID());
newNameID.setSPNameQualifier(spNameQualifier);
newNameID.setNameQualifier(hostEntityID);
NameIDInfo newNameIDInfo = new NameIDInfo(hostEntityID, (isAffiliation ? spNameQualifier : remoteEntityID), newNameID, SAML2Constants.IDP_ROLE, isAffiliation);
AccountUtils.setAccountFederation(newNameIDInfo, userID);
NameIDandSPpair pair = new NameIDandSPpair(newNameID, remoteEntityID);
IDPSession idpSession = (IDPSession) IDPCache.idpSessionsBySessionID.get(sessionProvider.getSessionID(session));
if (idpSession != null) {
synchronized (IDPCache.idpSessionsByIndices) {
List list = (List) idpSession.getNameIDandSPpairs();
list.add(pair);
}
}
}
// log manage name id success
logAccess("newNameIDSuccess", LogUtil.SUCCESS_NEW_NAMEID, userID);
success = true;
} else {
logError("mniFailed", LogUtil.INVALID_MNI_RESPONSE, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("mniFailed"));
}
return success;
}
use of com.sun.identity.saml2.assertion.NameID in project OpenAM by OpenRock.
the class DoManageNameID method getNameID.
private static NameID getNameID(String userID, String hostEntityID, String remoteEntityID, String hostEntityRole, String affiliationID, String realm) throws SAML2Exception {
NameIDInfo nameIDInfo = getNameIDInfo(userID, hostEntityID, remoteEntityID, hostEntityRole, realm, affiliationID, false);
NameID nameID = null;
if (nameIDInfo != null) {
nameID = nameIDInfo.getNameID();
if (debug.messageEnabled()) {
debug.message("DoManageNameID.getNameID: userID = " + userID + ", nameID = " + nameID.toXMLString());
}
} else {
debug.error("DoManageNameID.getNameID: " + SAML2Utils.bundle.getString("nullNameID"));
throw new SAML2Exception(SAML2Utils.bundle.getString("nullNameID"));
}
return nameID;
}
Aggregations