Example 6 with NameIDInfo
use of com.sun.identity.saml2.common.NameIDInfo in project OpenAM by OpenRock.
the class AccountUtils method setAccountFederation.
/**
* Sets the account federation information in the datastore for a user.
* @param info <code>NameIDInfo</code> object to be set.
* @param userID user identifier for which the account federation to be set.
* @exception WSFederationException if any failure.
*/
public static void setAccountFederation(NameIDInfo info, String userID) throws WSFederationException {
String classMethod = "AccountUtils.setAccountFederation: ";
WSFederationUtils.debug.message(classMethod);
if (info == null) {
throw new WSFederationException(WSFederationUtils.bundle.getString("nullNameIDInfo"));
}
if (userID == null) {
throw new WSFederationException(WSFederationUtils.bundle.getString("nullUserID"));
}
try {
NameIDInfoKey infoKey = new NameIDInfoKey(info.getNameIDValue(), info.getHostEntityID(), info.getRemoteEntityID());
if (WSFederationUtils.debug.messageEnabled()) {
WSFederationUtils.debug.message(classMethod + "info to be set:" + info.toValueString() + "," + "infoKey to be set:" + infoKey.toValueString());
}
String filter = info.getHostEntityID() + DELIM + info.getRemoteEntityID() + DELIM;
String nameIDInfoAttr = getNameIDInfoAttribute();
String nameIDInfoKeyAttr = getNameIDInfoKeyAttribute();
Set set = new HashSet();
set.add(nameIDInfoAttr);
set.add(nameIDInfoKeyAttr);
Map map = new HashMap();
Map existMap = WSFederationUtils.dsProvider.getAttributes(userID, set);
if (existMap == null || existMap.isEmpty()) {
Set set1 = new HashSet();
set1.add(infoKey.toValueString());
map.put(nameIDInfoKeyAttr, set1);
Set set2 = new HashSet();
set2.add(info.toValueString());
map.put(nameIDInfoAttr, set2);
} else {
Set set1 = (Set) existMap.get(nameIDInfoAttr);
if (set1 != null) {
for (Iterator iter1 = set1.iterator(); iter1.hasNext(); ) {
String value = (String) iter1.next();
if (value.startsWith(filter)) {
iter1.remove();
}
}
} else {
set1 = new HashSet();
}
set1.add(info.toValueString());
map.put(nameIDInfoAttr, set1);
Set set2 = (Set) existMap.get(nameIDInfoKeyAttr);
if (set2 != null) {
for (Iterator iter2 = set2.iterator(); iter2.hasNext(); ) {
String value = (String) iter2.next();
if (value.startsWith(filter)) {
iter2.remove();
}
}
} else {
set2 = new HashSet();
}
set2.add(infoKey.toValueString());
map.put(nameIDInfoKeyAttr, set2);
}
if (WSFederationUtils.debug.messageEnabled()) {
WSFederationUtils.debug.message(classMethod + " set fedinfo " + map + " userID = " + userID);
}
WSFederationUtils.dsProvider.setAttributes(userID, map);
} catch (DataStoreProviderException dse) {
WSFederationUtils.debug.error(classMethod + "DataStoreProviderException", dse);
throw new WSFederationException(dse);
} catch (SAML2Exception se) {
WSFederationUtils.debug.error(classMethod + "SAML2Exception", se);
throw new WSFederationException(se);
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
HashSet(java.util.HashSet)
Set(java.util.Set)
HashMap(java.util.HashMap)
Iterator(java.util.Iterator)
Map(java.util.Map)
HashMap(java.util.HashMap)
NameIDInfoKey(com.sun.identity.saml2.common.NameIDInfoKey)
HashSet(java.util.HashSet)
Example 7 with NameIDInfo
use of com.sun.identity.saml2.common.NameIDInfo in project OpenAM by OpenRock.
the class BulkFederation method saml2FederateUser.
private void saml2FederateUser(String localUserId, String remoteUserId, BufferedWriter out) throws CLIException {
SSOToken adminSSOToken = getAdminSSOToken();
try {
AMIdentity amid = IdUtils.getIdentity(adminSSOToken, localUserId);
String nameIdValue = createNameIdentifier();
NameID nameId = AssertionFactory.getInstance().createNameID();
nameId.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
if (isIDP) {
nameId.setNameQualifier(localEntityId);
nameId.setSPNameQualifier(remoteEntityId);
} else {
nameId.setNameQualifier(remoteEntityId);
nameId.setSPNameQualifier(localEntityId);
}
nameId.setValue(nameIdValue);
String role = (isIDP) ? SAML2Constants.IDP_ROLE : SAML2Constants.SP_ROLE;
NameIDInfoKey key = new NameIDInfoKey(nameIdValue, localEntityId, remoteEntityId);
NameIDInfo info = new NameIDInfo(localEntityId, remoteEntityId, nameId, role, true);
Map attributes = amid.getAttributes(saml2UserAttributesFed);
Set setInfoKey = (Set) attributes.get(SAML2Constants.NAMEID_INFO_KEY);
if ((setInfoKey == null) || setInfoKey.isEmpty()) {
setInfoKey = new HashSet(2);
attributes.put(SAML2Constants.NAMEID_INFO_KEY, setInfoKey);
}
setInfoKey.add(key.toValueString());
Set setInfo = (Set) attributes.get(SAML2Constants.NAMEID_INFO);
if ((setInfo == null) || setInfo.isEmpty()) {
setInfo = new HashSet(2);
attributes.put(SAML2Constants.NAMEID_INFO, setInfo);
}
setInfo.add(info.toValueString());
amid.setAttributes(attributes);
amid.store();
out.write(remoteUserId + "|" + nameIdValue);
out.newLine();
} catch (SAML2Exception e) {
debugError("BulkFederation.saml2FederateUser", e);
Object[] param = { localUserId };
throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IOException e) {
debugError("BulkFederation.saml2FederateUser", e);
Object[] param = { localUserId };
throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IdRepoException e) {
debugError("BulkFederation.saml2FederateUser", e);
IOutput outputWriter = getOutputWriter();
outputWriter.printlnError(e.getMessage());
} catch (SSOException e) {
debugError("BulkFederation.saml2FederateUser", e);
IOutput outputWriter = getOutputWriter();
outputWriter.printlnError(e.getMessage());
}
}
Also used :
NameIDInfo(com.sun.identity.saml2.common.NameIDInfo)
SSOToken(com.iplanet.sso.SSOToken)
HashSet(java.util.HashSet)
Set(java.util.Set)
NameID(com.sun.identity.saml2.assertion.NameID)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
IOException(java.io.IOException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
IOutput(com.sun.identity.cli.IOutput)
AMIdentity(com.sun.identity.idm.AMIdentity)
CLIException(com.sun.identity.cli.CLIException)
HashMap(java.util.HashMap)
Map(java.util.Map)
NameIDInfoKey(com.sun.identity.saml2.common.NameIDInfoKey)
HashSet(java.util.HashSet)
Example 8 with NameIDInfo
use of com.sun.identity.saml2.common.NameIDInfo in project OpenAM by OpenRock.
the class NameIDInfo method parse.
/**
* Returns the <code>NameIDInfo</code> by parsing the string value.
* @return the <code>NameIDInfo</code>
* @exception SAML2Exception if the parsing fails.
*/
public static NameIDInfo parse(String info) throws SAML2Exception {
if (info == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("nullNameIDInfo"));
}
StringTokenizer st = new StringTokenizer(info, DELIM);
if (st.countTokens() != 9) {
throw new SAML2Exception(SAML2Utils.bundle.getString("inValidNameIDInfo"));
}
String hostEntityID = st.nextToken();
String remoteEntityID = st.nextToken();
String nameIDValue = st.nextToken();
String nameQualifier = st.nextToken();
String format = st.nextToken();
String spNameIDValue = st.nextToken();
String spNameQualifier = st.nextToken();
String role = st.nextToken();
boolean isAffiliation = Boolean.valueOf(st.nextToken()).booleanValue();
NameID nameID = AssertionFactory.getInstance().createNameID();
nameID.setValue(nameIDValue);
if (nameQualifier != null && !NULL.equals(nameQualifier)) {
nameID.setNameQualifier(nameQualifier);
}
if (spNameIDValue != null && !NULL.equals(spNameIDValue)) {
nameID.setSPProvidedID(spNameIDValue);
}
if (spNameQualifier != null && !NULL.equals(spNameQualifier)) {
nameID.setSPNameQualifier(spNameQualifier);
}
if (format != null && !NULL.equals(format)) {
nameID.setFormat(format);
}
return new NameIDInfo(hostEntityID, remoteEntityID, nameID, role, isAffiliation);
}
Also used :
StringTokenizer(java.util.StringTokenizer)
NameID(com.sun.identity.saml2.assertion.NameID)
Example 9 with NameIDInfo
use of com.sun.identity.saml2.common.NameIDInfo in project OpenAM by OpenRock.
the class DoManageNameID method checkMNIResponse.
private static boolean checkMNIResponse(ManageNameIDResponse mniResponse, String realm, String hostEntityID, String hostRole, StringBuffer mniUserId) throws SAML2Exception, SessionException {
boolean success = false;
String remoteEntityID = mniResponse.getIssuer().getValue();
String requestID = mniResponse.getInResponseTo();
ManageNameIDRequestInfo reqInfo = getMNIRequestInfo(requestID, hostRole);
if (reqInfo == null) {
logError("invalidInResponseToInResponse", LogUtil.INVALID_MNI_RESPONSE, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidInResponseToInResponse"));
}
String retCode = mniResponse.getStatus().getStatusCode().getValue();
if (retCode.equalsIgnoreCase(SAML2Constants.SUCCESS)) {
Object session = reqInfo.getSession();
if (session == null) {
logError("nullSSOToken", LogUtil.INVALID_SSOTOKEN, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("nullSSOToken"));
}
String userID = sessionProvider.getPrincipalName(session);
mniUserId.append(userID);
ManageNameIDRequest origMniReq = reqInfo.getManageNameIDRequest();
NameID oldNameID = origMniReq.getNameID();
List spFedSessions = null;
NameIDInfo oldNameIDInfo = getNameIDInfo(userID, hostEntityID, remoteEntityID, hostRole, realm, oldNameID.getSPNameQualifier(), true);
if (oldNameIDInfo == null) {
debug.error("DoManageNameID.checkMNIResponse: NameIDInfo " + "not found.");
return false;
}
// Terminate
if (hostRole.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
String infoKeyStr = oldNameIDInfo.getNameIDInfoKey().toValueString();
spFedSessions = (List) SPCache.fedSessionListsByNameIDInfoKey.remove(infoKeyStr);
removeInfoKeyFromSession(session, infoKeyStr);
if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
saml2Svc.setFedSessionCount((long) SPCache.fedSessionListsByNameIDInfoKey.size());
}
} else {
removeIDPFedSession(remoteEntityID, oldNameID.getValue());
}
if (!AccountUtils.removeAccountFederation(oldNameIDInfo, userID)) {
// log termination failure
logError("unableToTerminate", LogUtil.UNABLE_TO_TERMINATE, userID);
return false;
}
if (origMniReq.getTerminate()) {
// log termination success
logAccess("requestSuccess", LogUtil.SUCCESS_FED_TERMINATION, userID);
return true;
}
// newID case
String newIDValue = origMniReq.getNewID().getValue();
boolean isAffiliation = oldNameIDInfo.isAffiliation();
String spNameQualifier = oldNameID.getSPNameQualifier();
if (hostRole.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
NameID newNameID = AssertionFactory.getInstance().createNameID();
newNameID.setValue(oldNameID.getValue());
newNameID.setFormat(oldNameID.getFormat());
newNameID.setSPProvidedID(newIDValue);
newNameID.setSPNameQualifier(spNameQualifier);
newNameID.setNameQualifier(oldNameID.getNameQualifier());
NameIDInfo newNameIDInfo = new NameIDInfo((isAffiliation ? spNameQualifier : hostEntityID), remoteEntityID, newNameID, hostRole, isAffiliation);
String newInfoKeyStr = newNameIDInfo.getNameIDInfoKey().toValueString();
if (spFedSessions != null) {
SPCache.fedSessionListsByNameIDInfoKey.put(newInfoKeyStr, spFedSessions);
if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
saml2Svc.setFedSessionCount((long) SPCache.fedSessionListsByNameIDInfoKey.size());
}
}
AccountUtils.setAccountFederation(newNameIDInfo, userID);
try {
String infoKeyAttribute = AccountUtils.getNameIDInfoKeyAttribute();
String[] fromToken = sessionProvider.getProperty(session, infoKeyAttribute);
if ((fromToken == null) || (fromToken.length == 0) || (fromToken[0] == null) || (fromToken[0].length() == 0)) {
String[] values = { newInfoKeyStr };
sessionProvider.setProperty(session, infoKeyAttribute, values);
} else {
if (fromToken[0].indexOf(newInfoKeyStr) == -1) {
String[] values = { fromToken[0] + SAML2Constants.SECOND_DELIM + newInfoKeyStr };
sessionProvider.setProperty(session, infoKeyAttribute, values);
}
}
} catch (Exception e) {
debug.message("DoManageNameID.checkMNIResponse:", e);
}
} else if (hostRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
NameID newNameID = AssertionFactory.getInstance().createNameID();
newNameID.setValue(newIDValue);
newNameID.setFormat(oldNameID.getFormat());
newNameID.setSPProvidedID(oldNameID.getSPProvidedID());
newNameID.setSPNameQualifier(spNameQualifier);
newNameID.setNameQualifier(hostEntityID);
NameIDInfo newNameIDInfo = new NameIDInfo(hostEntityID, (isAffiliation ? spNameQualifier : remoteEntityID), newNameID, SAML2Constants.IDP_ROLE, isAffiliation);
AccountUtils.setAccountFederation(newNameIDInfo, userID);
NameIDandSPpair pair = new NameIDandSPpair(newNameID, remoteEntityID);
IDPSession idpSession = (IDPSession) IDPCache.idpSessionsBySessionID.get(sessionProvider.getSessionID(session));
if (idpSession != null) {
synchronized (IDPCache.idpSessionsByIndices) {
List list = (List) idpSession.getNameIDandSPpairs();
list.add(pair);
}
}
}
// log manage name id success
logAccess("newNameIDSuccess", LogUtil.SUCCESS_NEW_NAMEID, userID);
success = true;
} else {
logError("mniFailed", LogUtil.INVALID_MNI_RESPONSE, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("mniFailed"));
}
return success;
}
Also used :
NameIDInfo(com.sun.identity.saml2.common.NameIDInfo)
ManageNameIDRequest(com.sun.identity.saml2.protocol.ManageNameIDRequest)
NameID(com.sun.identity.saml2.assertion.NameID)
ServletException(javax.servlet.ServletException)
SOAPException(javax.xml.soap.SOAPException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
IOException(java.io.IOException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
List(java.util.List)
Example 10 with NameIDInfo
use of com.sun.identity.saml2.common.NameIDInfo in project OpenAM by OpenRock.
the class DoManageNameID method getNameID.
private static NameID getNameID(String userID, String hostEntityID, String remoteEntityID, String hostEntityRole, String affiliationID, String realm) throws SAML2Exception {
NameIDInfo nameIDInfo = getNameIDInfo(userID, hostEntityID, remoteEntityID, hostEntityRole, realm, affiliationID, false);
NameID nameID = null;
if (nameIDInfo != null) {
nameID = nameIDInfo.getNameID();
if (debug.messageEnabled()) {
debug.message("DoManageNameID.getNameID: userID = " + userID + ", nameID = " + nameID.toXMLString());
}
} else {
debug.error("DoManageNameID.getNameID: " + SAML2Utils.bundle.getString("nullNameID"));
throw new SAML2Exception(SAML2Utils.bundle.getString("nullNameID"));
}
return nameID;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
NameIDInfo(com.sun.identity.saml2.common.NameIDInfo)
NameID(com.sun.identity.saml2.assertion.NameID)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)15
NameIDInfo (com.sun.identity.saml2.common.NameIDInfo)13
NameID (com.sun.identity.saml2.assertion.NameID)11
SessionException (com.sun.identity.plugin.session.SessionException)6
HashSet (java.util.HashSet)6
Set (java.util.Set)6
HashMap (java.util.HashMap)5
Iterator (java.util.Iterator)5
List (java.util.List)5
Map (java.util.Map)5
DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)4
NameIDInfoKey (com.sun.identity.saml2.common.NameIDInfoKey)4
SSOException (com.iplanet.sso.SSOException)3
AffiliationDescriptorType (com.sun.identity.saml2.jaxb.metadata.AffiliationDescriptorType)3
NameIDPolicy (com.sun.identity.saml2.protocol.NameIDPolicy)3
ArrayList (java.util.ArrayList)3
SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)3
CLIException (com.sun.identity.cli.CLIException)2
IOutput (com.sun.identity.cli.IOutput)2
AMIdentity (com.sun.identity.idm.AMIdentity)2
