Example 6 with NameIDInfoKey
use of com.sun.identity.saml2.common.NameIDInfoKey in project OpenAM by OpenRock.
the class BulkFederation method saml2FederateUser.
private void saml2FederateUser(String localUserId, String remoteUserId, BufferedWriter out) throws CLIException {
SSOToken adminSSOToken = getAdminSSOToken();
try {
AMIdentity amid = IdUtils.getIdentity(adminSSOToken, localUserId);
String nameIdValue = createNameIdentifier();
NameID nameId = AssertionFactory.getInstance().createNameID();
nameId.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
if (isIDP) {
nameId.setNameQualifier(localEntityId);
nameId.setSPNameQualifier(remoteEntityId);
} else {
nameId.setNameQualifier(remoteEntityId);
nameId.setSPNameQualifier(localEntityId);
}
nameId.setValue(nameIdValue);
String role = (isIDP) ? SAML2Constants.IDP_ROLE : SAML2Constants.SP_ROLE;
NameIDInfoKey key = new NameIDInfoKey(nameIdValue, localEntityId, remoteEntityId);
NameIDInfo info = new NameIDInfo(localEntityId, remoteEntityId, nameId, role, true);
Map attributes = amid.getAttributes(saml2UserAttributesFed);
Set setInfoKey = (Set) attributes.get(SAML2Constants.NAMEID_INFO_KEY);
if ((setInfoKey == null) || setInfoKey.isEmpty()) {
setInfoKey = new HashSet(2);
attributes.put(SAML2Constants.NAMEID_INFO_KEY, setInfoKey);
}
setInfoKey.add(key.toValueString());
Set setInfo = (Set) attributes.get(SAML2Constants.NAMEID_INFO);
if ((setInfo == null) || setInfo.isEmpty()) {
setInfo = new HashSet(2);
attributes.put(SAML2Constants.NAMEID_INFO, setInfo);
}
setInfo.add(info.toValueString());
amid.setAttributes(attributes);
amid.store();
out.write(remoteUserId + "|" + nameIdValue);
out.newLine();
} catch (SAML2Exception e) {
debugError("BulkFederation.saml2FederateUser", e);
Object[] param = { localUserId };
throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IOException e) {
debugError("BulkFederation.saml2FederateUser", e);
Object[] param = { localUserId };
throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IdRepoException e) {
debugError("BulkFederation.saml2FederateUser", e);
IOutput outputWriter = getOutputWriter();
outputWriter.printlnError(e.getMessage());
} catch (SSOException e) {
debugError("BulkFederation.saml2FederateUser", e);
IOutput outputWriter = getOutputWriter();
outputWriter.printlnError(e.getMessage());
}
}
Also used :
NameIDInfo(com.sun.identity.saml2.common.NameIDInfo)
SSOToken(com.iplanet.sso.SSOToken)
HashSet(java.util.HashSet)
Set(java.util.Set)
NameID(com.sun.identity.saml2.assertion.NameID)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
IOException(java.io.IOException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
IOutput(com.sun.identity.cli.IOutput)
AMIdentity(com.sun.identity.idm.AMIdentity)
CLIException(com.sun.identity.cli.CLIException)
HashMap(java.util.HashMap)
Map(java.util.Map)
NameIDInfoKey(com.sun.identity.saml2.common.NameIDInfoKey)
HashSet(java.util.HashSet)
Example 7 with NameIDInfoKey
use of com.sun.identity.saml2.common.NameIDInfoKey in project OpenAM by OpenRock.
the class SAML2Utils method getNameIDKeyMap.
/**
* Returns the <code>NameIDInfoKey</code> key value pair that can
* be used for searching the user.
*
* @param nameID <code>NameID</code> object.
* @param hostEntityID hosted <code>EntityID</code>.
* @param remoteEntityID remote <code>EntityID</code>.
* @param hostEntityRole the role of hosted entity.
* @throws <code>SAML2Exception</code> if any failure.
*/
public static Map getNameIDKeyMap(final NameID nameID, final String hostEntityID, final String remoteEntityID, final String realm, final String hostEntityRole) throws SAML2Exception {
if (nameID == null) {
throw new SAML2Exception(bundle.getString("nullNameID"));
}
NameIDInfoKey infoKey = null;
String affiliationID = nameID.getSPNameQualifier();
if (affiliationID != null && !affiliationID.isEmpty()) {
AffiliationDescriptorType affiDesc = saml2MetaManager.getAffiliationDescriptor(realm, affiliationID);
if (affiDesc == null) {
infoKey = new NameIDInfoKey(nameID.getValue(), hostEntityID, remoteEntityID);
} else {
if (SAML2Constants.SP_ROLE.equals(hostEntityRole)) {
if (!affiDesc.getAffiliateMember().contains(hostEntityID)) {
throw new SAML2Exception(SAML2Utils.bundle.getString("spNotAffiliationMember"));
}
infoKey = new NameIDInfoKey(nameID.getValue(), affiliationID, remoteEntityID);
} else {
if (!affiDesc.getAffiliateMember().contains(remoteEntityID)) {
throw new SAML2Exception(SAML2Utils.bundle.getString("spNotAffiliationMember"));
}
infoKey = new NameIDInfoKey(nameID.getValue(), hostEntityID, affiliationID);
}
}
} else {
infoKey = new NameIDInfoKey(nameID.getValue(), hostEntityID, remoteEntityID);
}
HashSet set = new HashSet();
set.add(infoKey.toValueString());
Map keyMap = new HashMap();
keyMap.put(AccountUtils.getNameIDInfoKeyAttribute(), set);
if (debug.messageEnabled()) {
debug.message("SAML2Utils.getNameIDKeyMap: " + keyMap);
}
return keyMap;
}
Also used :
HashMap(java.util.HashMap)
AffiliationDescriptorType(com.sun.identity.saml2.jaxb.metadata.AffiliationDescriptorType)
Map(java.util.Map)
HashMap(java.util.HashMap)
HashSet(java.util.HashSet)
Example 8 with NameIDInfoKey
use of com.sun.identity.saml2.common.NameIDInfoKey in project OpenAM by OpenRock.
the class SPSessionListener method initiateSPSingleLogout.
/**
* Performs an SP initiated SLO against the remote IdP using SOAP binding.
*
* @param metaAlias SP meta alias
* @param realm Realm
* @param binding Binding used
* @param nameIdInfoKey the nameIdInfoKey
* @param fedSession SP Federated session
* @param paramsMap parameters map
* @throws SAML2MetaException If there was an error while retrieving the metadata.
* @throws SAML2Exception If there was an error while initiating SLO.
* @throws SessionException If there was a problem with the session.
*/
private static void initiateSPSingleLogout(String metaAlias, String realm, String binding, NameIDInfoKey nameIdInfoKey, SPFedSession fedSession, Map paramsMap) throws SAML2MetaException, SAML2Exception, SessionException {
IDPSSODescriptorElement idpsso = sm.getIDPSSODescriptor(realm, nameIdInfoKey.getRemoteEntityID());
if (idpsso == null) {
String[] data = { nameIdInfoKey.getRemoteEntityID() };
LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, data, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
List<EndpointType> slosList = idpsso.getSingleLogoutService();
String location = LogoutUtil.getSLOServiceLocation(slosList, SAML2Constants.SOAP);
if (location == null) {
if (debug.warningEnabled()) {
debug.warning("SPSessionListener.initiateSPSingleLogout(): Unable to synchronize sessions with IdP \"" + nameIdInfoKey.getRemoteEntityID() + "\" since the IdP does not have SOAP SLO endpoint " + "specified in its metadata, possibly this is a misconfiguration of the hosted SP");
}
return;
}
IDPSSOConfigElement idpConfig = sm.getIDPSSOConfig(realm, nameIdInfoKey.getRemoteEntityID());
LogoutUtil.doLogout(metaAlias, nameIdInfoKey.getRemoteEntityID(), slosList, null, binding, null, fedSession.idpSessionIndex, fedSession.info.getNameID(), null, null, paramsMap, idpConfig);
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
EndpointType(com.sun.identity.saml2.jaxb.metadata.EndpointType)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Example 9 with NameIDInfoKey
use of com.sun.identity.saml2.common.NameIDInfoKey in project OpenAM by OpenRock.
the class SPSingleLogout method initiateLogoutRequest.
/**
* Parses the request parameters and initiates the Logout
* Request to be sent to the IDP.
*
* @param request the HttpServletRequest.
* @param response the HttpServletResponse.
* @param out The print writer for writing out presentation.
* @param binding binding used for this request.
* @param paramsMap Map of all other parameters.
* Following parameters names with their respective
* String values are allowed in this paramsMap.
* "RelayState" - the target URL on successful Single Logout
* "Destination" - A URI Reference indicating the address to
* which the request has been sent.
* "Consent" - Specifies a URI a SAML defined identifier
* known as Consent Identifiers.
* "Extension" - Specifies a list of Extensions as list of
* String objects.
* @param origLogoutRequest original LogoutRequest
* @param msg SOAPMessage
* @param newSession Session object for IDP Proxy
* @param audit the auditor for logging SAML2 Events - may be null
* @throws SAML2Exception if error initiating request to IDP.
*/
public static void initiateLogoutRequest(HttpServletRequest request, HttpServletResponse response, PrintWriter out, String binding, Map paramsMap, LogoutRequest origLogoutRequest, SOAPMessage msg, Object newSession, SAML2EventLogger audit) throws SAML2Exception {
if (debug.messageEnabled()) {
debug.message("SPSingleLogout:initiateLogoutRequest");
debug.message("binding : " + binding);
debug.message("paramsMap : " + paramsMap);
}
String metaAlias = (String) paramsMap.get(SAML2Constants.SP_METAALIAS);
try {
Object session = null;
if (newSession != null) {
session = newSession;
} else {
session = sessionProvider.getSession(request);
}
if (null != audit) {
audit.setSSOTokenId(session);
}
if (!SPCache.isFedlet) {
if (session == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("nullSSOToken"));
}
}
if (metaAlias == null) {
if (!SPCache.isFedlet) {
String[] values = sessionProvider.getProperty(session, SAML2Constants.SP_METAALIAS);
if (values != null && values.length > 0) {
metaAlias = values[0];
}
} else {
List spMetaAliases = sm.getAllHostedServiceProviderMetaAliases("/");
if ((spMetaAliases != null) && !spMetaAliases.isEmpty()) {
// get first one
metaAlias = (String) spMetaAliases.get(0);
}
}
}
if (metaAlias == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("nullSPMetaAlias"));
}
paramsMap.put(SAML2Constants.METAALIAS, metaAlias);
String realm = SAML2Utils.getRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAlias));
debug.message("realm : " + realm);
String spEntityID = sm.getEntityByMetaAlias(metaAlias);
if (spEntityID == null) {
debug.error("Service Provider ID is missing");
String[] data = { spEntityID };
LogUtil.error(Level.INFO, LogUtil.INVALID_SP, data, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("nullSPEntityID"));
}
debug.message("spEntityID : " + spEntityID);
// clean up session index
String tokenID = sessionProvider.getSessionID(session);
String infoKeyString = null;
if (SPCache.isFedlet) {
infoKeyString = SAML2Utils.getParameter(paramsMap, SAML2Constants.INFO_KEY);
} else {
try {
String[] values = sessionProvider.getProperty(session, AccountUtils.getNameIDInfoKeyAttribute());
if (values != null && values.length > 0) {
infoKeyString = values[0];
}
} catch (SessionException se) {
debug.error("Unable to get infoKeyString from " + "session.", se);
throw new SAML2Exception(SAML2Utils.bundle.getString("errorInfoKeyString"));
}
}
if (debug.messageEnabled()) {
debug.message("tokenID : " + tokenID);
debug.message("infoKeyString : " + infoKeyString);
}
// get SPSSODescriptor
SPSSODescriptorElement spsso = sm.getSPSSODescriptor(realm, spEntityID);
if (spsso == null) {
String[] data = { spEntityID };
LogUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, data, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
List extensionsList = LogoutUtil.getExtensionsList(paramsMap);
String relayState = SAML2Utils.getParameter(paramsMap, SAML2Constants.RELAY_STATE);
if (relayState == null || relayState.equals("")) {
relayState = SAML2Utils.getAttributeValueFromSSOConfig(realm, spEntityID, SAML2Constants.SP_ROLE, SAML2Constants.DEFAULT_RELAY_STATE);
}
// Validate the RelayState URL.
SAML2Utils.validateRelayStateURL(realm, spEntityID, relayState, SAML2Constants.SP_ROLE);
if (infoKeyString == null) {
// termination case, do local logout only and send to
// relay state if any
debug.warning("SPSingleLogout.initiateLogoutRequest : Unable to get infoKeyString from session.");
sessionProvider.invalidateSession(session, request, response);
if ((relayState != null) && !relayState.equals("")) {
try {
response.sendRedirect(relayState);
} catch (IOException e) {
debug.error("SPSingleLogout.initiateLogoutRequest: " + "Error in send redirect to " + relayState, e);
}
} else {
RequestDispatcher dispatcher = request.getRequestDispatcher("saml2/jsp/default.jsp?message=spSloSuccess");
try {
dispatcher.forward(request, response);
} catch (IOException e) {
debug.error("SPSingleLogout.initiateLogoutRequest: " + "Error in forwarding to default.jsp", e);
} catch (ServletException e) {
debug.error("SPSingleLogout.initiateLogoutRequest: " + "Error in forwarding to default.jsp", e);
}
}
return;
}
StringTokenizer st = new StringTokenizer(infoKeyString, SAML2Constants.SECOND_DELIM);
String requestID = null;
while (st.hasMoreTokens()) {
String tmpInfoKeyString = st.nextToken();
NameIDInfoKey nameIdInfoKey = NameIDInfoKey.parse(tmpInfoKeyString);
//logout request to the other SP instance, invalidating the session for both SPs.
if (nameIdInfoKey.getHostEntityID().equals(spEntityID)) {
requestID = prepareForLogout(realm, tokenID, metaAlias, extensionsList, binding, relayState, request, response, paramsMap, tmpInfoKeyString, origLogoutRequest, msg);
}
}
// IDP Proxy
SOAPMessage soapMsg = (SOAPMessage) IDPCache.SOAPMessageByLogoutRequestID.get(requestID);
if (soapMsg != null) {
IDPProxyUtil.sendProxyLogoutResponseBySOAP(soapMsg, response, out);
}
// when SAML Response reached the SP side.
if (binding.equals(SAML2Constants.SOAP) || (requestID == null)) {
sessionProvider.invalidateSession(session, request, response);
}
} catch (SAML2MetaException sme) {
debug.error("Error retreiving metadata", sme);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
} catch (SessionException ssoe) {
debug.error("Session exception: ", ssoe);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
}
Also used :
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
SessionException(com.sun.identity.plugin.session.SessionException)
IOException(java.io.IOException)
SOAPMessage(javax.xml.soap.SOAPMessage)
RequestDispatcher(javax.servlet.RequestDispatcher)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
ServletException(javax.servlet.ServletException)
StringTokenizer(java.util.StringTokenizer)
List(java.util.List)
ArrayList(java.util.ArrayList)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
NameIDInfoKey(com.sun.identity.saml2.common.NameIDInfoKey)
Example 10 with NameIDInfoKey
use of com.sun.identity.saml2.common.NameIDInfoKey in project OpenAM by OpenRock.
the class DefaultAccountMapper method getSearchParameters.
/**
* Returns the <code>NameIDInfoKey</code> key value pair that can
* be used for searching the user.
* @param nameID <code>NameID</code> object.
* @param hostEntityID hosted <code>EntityID</code>.
* @param remoteEntityID remote <code>EntityID</code>.
* @exception <code>WSFederationException</code> if any failure.
*/
protected Map getSearchParameters(NameIdentifier nameID, String realm, String hostEntityID, String remoteEntityID) throws WSFederationException {
if (nameID == null) {
throw new WSFederationException(bundle.getString("nullNameID"));
}
NameIDInfoKey infoKey = null;
try {
infoKey = new NameIDInfoKey(nameID.getName(), hostEntityID, remoteEntityID);
} catch (SAML2Exception se) {
throw new WSFederationException(se);
}
HashSet set = new HashSet();
set.add(infoKey.toValueString());
Map keyMap = new HashMap();
keyMap.put(AccountUtils.getNameIDInfoKeyAttribute(), set);
if (debug.messageEnabled()) {
debug.message("DefaultAccountMapper.getNameIDKeyMap: " + keyMap);
}
return keyMap;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
WSFederationException(com.sun.identity.wsfederation.common.WSFederationException)
HashMap(java.util.HashMap)
HashMap(java.util.HashMap)
Map(java.util.Map)
NameIDInfoKey(com.sun.identity.saml2.common.NameIDInfoKey)
HashSet(java.util.HashSet)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)10
NameIDInfoKey (com.sun.identity.saml2.common.NameIDInfoKey)9
HashMap (java.util.HashMap)6
HashSet (java.util.HashSet)6
List (java.util.List)5
Map (java.util.Map)5
SessionException (com.sun.identity.plugin.session.SessionException)4
NameID (com.sun.identity.saml2.assertion.NameID)4
ArrayList (java.util.ArrayList)4
Iterator (java.util.Iterator)4
Set (java.util.Set)4
SSOException (com.iplanet.sso.SSOException)2
CLIException (com.sun.identity.cli.CLIException)2
IOutput (com.sun.identity.cli.IOutput)2
AMIdentity (com.sun.identity.idm.AMIdentity)2
IdRepoException (com.sun.identity.idm.IdRepoException)2
NameIDInfo (com.sun.identity.saml2.common.NameIDInfo)2
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)2
IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)2
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)2
