Example 16 with Subject
use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.
the class AssertionImpl method toXMLString.
/**
* Returns a String representation
* @param includeNSPrefix Determines whether or not the namespace
* qualifier is prepended to the Element when converted
* @param declareNS Determines whether or not the namespace is declared
* within the Element.
* @return A String representation
* @exception SAML2Exception if something is wrong during conversion
*/
@Override
public String toXMLString(boolean includeNSPrefix, boolean declareNS) throws SAML2Exception {
if ((signature != null) && (signedXMLString != null)) {
return signedXMLString;
}
StringBuffer sb = new StringBuffer(2000);
String NS = "";
String appendNS = "";
if (declareNS) {
NS = SAML2Constants.ASSERTION_DECLARE_STR;
}
if (includeNSPrefix) {
appendNS = SAML2Constants.ASSERTION_PREFIX;
}
sb.append("<").append(appendNS).append(ASSERTION_ELEMENT).append(NS);
if ((version == null) || (version.length() == 0)) {
SAML2SDKUtils.debug.error("AssertionImpl.toXMLString(): version missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_assertion_version"));
}
sb.append(" ").append(ASSERTION_VERSION_ATTR).append("=\"").append(version).append("\"");
if ((id == null) || (id.length() == 0)) {
SAML2SDKUtils.debug.error("AssertionImpl.toXMLString(): assertion id missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_assertion_id"));
}
sb.append(" ").append(ASSERTION_ID_ATTR).append("=\"").append(id).append("\"");
if (issueInstant == null) {
SAML2SDKUtils.debug.error("AssertionImpl.toXMLString(): issue instant missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_issue_instant"));
}
String instantStr = DateUtils.toUTCDateFormat(issueInstant);
sb.append(" ").append(ASSERTION_ISSUEINSTANT_ATTR).append("=\"").append(instantStr).append("\"").append(">\n");
if (issuer == null) {
SAML2SDKUtils.debug.error("AssertionImpl.toXMLString(): issuer missing");
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("missing_subelement_issuer"));
}
sb.append(issuer.toXMLString(includeNSPrefix, false));
if (signature != null) {
sb.append(signature);
}
if (subject != null) {
sb.append(subject.toXMLString(includeNSPrefix, false));
}
if (conditions != null) {
sb.append(conditions.toXMLString(includeNSPrefix, false));
}
if (advice != null) {
sb.append(advice.toXMLString(includeNSPrefix, false));
}
int length = 0;
if (statements != null) {
length = statements.size();
for (int i = 0; i < length; i++) {
String str = (String) statements.get(i);
sb.append(str);
}
}
if (authnStatements != null) {
length = authnStatements.size();
for (int i = 0; i < length; i++) {
AuthnStatement st = (AuthnStatement) authnStatements.get(i);
sb.append(st.toXMLString(includeNSPrefix, false));
}
}
if (authzDecisionStatements != null) {
length = authzDecisionStatements.size();
for (int i = 0; i < length; i++) {
AuthzDecisionStatement st = (AuthzDecisionStatement) authzDecisionStatements.get(i);
sb.append(st.toXMLString(includeNSPrefix, false));
}
}
if (attributeStatements != null) {
length = attributeStatements.size();
for (int i = 0; i < length; i++) {
AttributeStatement st = (AttributeStatement) attributeStatements.get(i);
sb.append(st.toXMLString(includeNSPrefix, false));
}
}
sb.append("</").append(appendNS).append(ASSERTION_ELEMENT).append(">\n");
//return SAML2Utils.removeNewLineChars(sb.toString());
return sb.toString();
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
AttributeStatement(com.sun.identity.saml2.assertion.AttributeStatement)
AuthzDecisionStatement(com.sun.identity.saml2.assertion.AuthzDecisionStatement)
AuthnStatement(com.sun.identity.saml2.assertion.AuthnStatement)
Example 17 with Subject
use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.
the class AttributeQueryUtil method getIdentityFromDataStoreX509Subject.
public static String getIdentityFromDataStoreX509Subject(AttributeQuery attrQuery, String attrAuthorityEntityID, String realm) throws SAML2Exception {
Subject subject = attrQuery.getSubject();
NameID nameID = null;
EncryptedID encryptedID = subject.getEncryptedID();
if (encryptedID != null) {
nameID = encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE));
} else {
nameID = subject.getNameID();
}
if (!SAML2Constants.X509_SUBJECT_NAME.equals(nameID.getFormat())) {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedAttrQuerySubjectNameID"));
}
String mappingAttrName = getAttributeValueFromAttrAuthorityConfig(realm, attrAuthorityEntityID, SAML2Constants.X509_SUBJECT_DATA_STORE_ATTR_NAME);
if ((mappingAttrName == null) || (mappingAttrName.length() == 0)) {
throw new SAML2Exception(SAML2Utils.bundle.getString("x509SubjectMappingNotConfigured"));
}
String x509SubjectDN = nameID.getValue();
Map attrMap = new HashMap();
Set values = new HashSet();
values.add(x509SubjectDN);
attrMap.put(mappingAttrName, values);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.getIdentityFromDataStoreX509Subject: " + "mappingAttrName = " + mappingAttrName + ", X509 subject DN = " + x509SubjectDN);
}
try {
return dsProvider.getUserID(realm, attrMap);
} catch (DataStoreProviderException dse) {
SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStoreX509Subject:", dse);
throw new SAML2Exception(dse.getMessage());
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
Set(java.util.Set)
HashSet(java.util.HashSet)
NameID(com.sun.identity.saml2.assertion.NameID)
HashMap(java.util.HashMap)
EncryptedID(com.sun.identity.saml2.assertion.EncryptedID)
Map(java.util.Map)
HashMap(java.util.HashMap)
Subject(com.sun.identity.saml2.assertion.Subject)
HashSet(java.util.HashSet)
Example 18 with Subject
use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.
the class AttributeQueryUtil method getIdentity.
public static String getIdentity(AttributeQuery attrQuery, String attrAuthorityEntityID, String realm) throws SAML2Exception {
Subject subject = attrQuery.getSubject();
NameID nameID = null;
EncryptedID encryptedID = subject.getEncryptedID();
if (encryptedID != null) {
nameID = encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE));
} else {
nameID = subject.getNameID();
}
String nameIDFormat = nameID.getFormat();
// NameIDFormat is "transient"
if (SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(nameIDFormat)) {
return (String) IDPCache.userIDByTransientNameIDValue.get(nameID.getValue());
} else // NameIDFormat is "unspecified"
if (SAML2Constants.UNSPECIFIED.equals(nameIDFormat)) {
Map userIDsSearchMap = new HashMap();
Set userIDValuesSet = new HashSet();
userIDValuesSet.add(nameID.getValue());
String userId = "uid";
IDPSSOConfigElement config = SAML2Utils.getSAML2MetaManager().getIDPSSOConfig(realm, attrAuthorityEntityID);
Map attrs = SAML2MetaUtils.getAttributes(config);
List nimAttrs = (List) attrs.get(SAML2Constants.NAME_ID_FORMAT_MAP);
for (Iterator i = nimAttrs.iterator(); i.hasNext(); ) {
String attrName = (String) i.next();
if (attrName != null && attrName.length() > 2 && attrName.startsWith(nameIDFormat)) {
int eqPos = attrName.indexOf('=');
if (eqPos != -1 && eqPos < attrName.length() - 2) {
userId = attrName.substring(eqPos + 1);
SAML2Utils.debug.message("AttributeQueryUtil.getIdentity: NameID attribute from map: " + userId);
break;
}
}
}
userIDsSearchMap.put(userId, userIDValuesSet);
try {
return dsProvider.getUserID(realm, userIDsSearchMap);
} catch (DataStoreProviderException dse) {
SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStore1:", dse);
throw new SAML2Exception(dse.getMessage());
}
} else {
String requestedEntityID = attrQuery.getIssuer().getValue();
try {
return dsProvider.getUserID(realm, SAML2Utils.getNameIDKeyMap(nameID, attrAuthorityEntityID, requestedEntityID, realm, SAML2Constants.IDP_ROLE));
} catch (DataStoreProviderException dse) {
SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStore:", dse);
throw new SAML2Exception(dse.getMessage());
}
}
}
Also used :
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
Set(java.util.Set)
HashSet(java.util.HashSet)
NameID(com.sun.identity.saml2.assertion.NameID)
HashMap(java.util.HashMap)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
EncryptedID(com.sun.identity.saml2.assertion.EncryptedID)
Subject(com.sun.identity.saml2.assertion.Subject)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Iterator(java.util.Iterator)
List(java.util.List)
ArrayList(java.util.ArrayList)
Map(java.util.Map)
HashMap(java.util.HashMap)
HashSet(java.util.HashSet)
Example 19 with Subject
use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.
the class SubjectQueryAbstractImpl method parseDOMChileElements.
/**
* Parses child elements of the Docuemnt Element for this object.
*
* @param iter the child elements iterator.
* @throws SAML2Exception if error parsing the Document Element.
*/
protected void parseDOMChileElements(ListIterator iter) throws SAML2Exception {
super.parseDOMChileElements(iter);
if (iter.hasNext()) {
Element childElement = (Element) iter.next();
String localName = childElement.getLocalName();
if (SAML2Constants.SUBJECT.equals(localName)) {
subject = AssertionFactory.getInstance().createSubject(childElement);
return;
}
}
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("SubjectQueryAbstractImpl." + "parseDOMChileElements: Subject is expected");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("schemaViolation"));
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Element(org.w3c.dom.Element)
Example 20 with Subject
use of com.sun.identity.saml2.assertion.Subject in project OpenAM by OpenRock.
the class XACMLRequestProcessor method processRequest.
/**
* Processes an XACML context Request and returns an XACML context
* Response.
*
* @param xacmlRequest XACML context Request. This describes the
* Resource(s), Subject(s), Action, Environment of the request
* and corresponds to XACML context schema element Request.
* One would contruct this Request object using XACML client SDK.
*
* @param pdpEntityId EntityID of PDP
* @param pepEntityId EntityID of PEP
* @return XACML context Response. This corresponds to
* XACML context schema element Response
* @exception XACMLException if request could not be processed
*/
public Response processRequest(Request xacmlRequest, String pdpEntityId, String pepEntityId) throws XACMLException, SAML2Exception {
if (XACMLSDKUtils.debug.messageEnabled()) {
XACMLSDKUtils.debug.message("XACMLRequestProcessor.processRequest(), entering" + ":pdpEntityId=" + pdpEntityId + ":pepEntityId=" + pepEntityId + ":xacmlRequest=\n" + xacmlRequest.toXMLString(true, true));
}
XACMLAuthzDecisionQuery samlpQuery = createXACMLAuthzDecisionQuery(xacmlRequest);
//set InputContextOnly
samlpQuery.setInputContextOnly(true);
//set ReturnContext
samlpQuery.setReturnContext(true);
if (XACMLSDKUtils.debug.messageEnabled()) {
XACMLSDKUtils.debug.message("XACMLRequestProcessor.processRequest()," + "samlpQuery=\n" + samlpQuery.toXMLString(true, true));
}
com.sun.identity.saml2.protocol.Response samlpResponse = QueryClient.processXACMLQuery(samlpQuery, pepEntityId, pdpEntityId);
if (XACMLSDKUtils.debug.messageEnabled()) {
XACMLSDKUtils.debug.message("XACMLRequestProcessor.processRequest()," + ":samlpResponse=\n" + samlpResponse.toXMLString(true, true));
}
Response xacmlResponse = null;
List assertions = samlpResponse.getAssertion();
if (assertions != null) {
Assertion assertion = (Assertion) (assertions.get(0));
if (assertion != null) {
List statements = assertion.getStatements();
if (statements.size() > 0) {
String statementString = (String) (statements.get(0));
if (statementString != null) {
XACMLAuthzDecisionStatement statement = ContextFactory.getInstance().createXACMLAuthzDecisionStatement(statementString);
if (XACMLSDKUtils.debug.messageEnabled()) {
XACMLSDKUtils.debug.message("XACMLRequestProcessor.processRequest()," + ":xacmlAuthzDecisionStatement=\n" + statement.toXMLString(true, true));
}
if (statement != null) {
xacmlResponse = statement.getResponse();
if (xacmlResponse != null) {
if (XACMLSDKUtils.debug.messageEnabled()) {
XACMLSDKUtils.debug.message("XACMLRequestProcessor.processRequest()" + ",returning :xacmlResponse=\n" + xacmlResponse.toXMLString(true, true));
}
return xacmlResponse;
}
}
}
}
}
}
return null;
}
Also used :
Response(com.sun.identity.xacml.context.Response)
XACMLAuthzDecisionStatement(com.sun.identity.xacml.saml2.XACMLAuthzDecisionStatement)
Assertion(com.sun.identity.saml2.assertion.Assertion)
XACMLAuthzDecisionQuery(com.sun.identity.xacml.saml2.XACMLAuthzDecisionQuery)
List(java.util.List)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)19
Subject (com.sun.identity.saml2.assertion.Subject)15
ArrayList (java.util.ArrayList)15
List (java.util.List)14
Date (java.util.Date)10
NameID (com.sun.identity.saml2.assertion.NameID)9
Assertion (com.sun.identity.saml2.assertion.Assertion)8
AttributeStatement (com.sun.identity.saml2.assertion.AttributeStatement)6
EncryptedAssertion (com.sun.identity.saml2.assertion.EncryptedAssertion)6
EncryptedID (com.sun.identity.saml2.assertion.EncryptedID)6
SubjectConfirmation (com.sun.identity.saml2.assertion.SubjectConfirmation)6
Map (java.util.Map)6
Issuer (com.sun.identity.saml2.assertion.Issuer)5
HashMap (java.util.HashMap)5
Element (org.w3c.dom.Element)5
AssertionFactory (com.sun.identity.saml2.assertion.AssertionFactory)4
AuthnStatement (com.sun.identity.saml2.assertion.AuthnStatement)4
SubjectConfirmationData (com.sun.identity.saml2.assertion.SubjectConfirmationData)4
Node (org.w3c.dom.Node)4
NodeList (org.w3c.dom.NodeList)4
