Example 46 with SAML2Exception
use of com.sun.identity.saml2.common.SAML2Exception in project OpenAM by OpenRock.
the class AttributeQueryUtil method getAttributeAuthorityMapper.
/**
* Returns an <code>AttributeAuthorityMapper</code>
*
* @param realm the realm name
* @param attrAuthorityEntityID the entity id of the attribute authority
* @param attrQueryProfileAlias attribute profile alias
*
* @return the <code>AttributeAuthorityMapper</code>
* @exception SAML2Exception if the operation is not successful
*/
static AttributeAuthorityMapper getAttributeAuthorityMapper(String realm, String attrAuthorityEntityID, String attrQueryProfileAlias) throws SAML2Exception {
String attrAuthorityMapperName = null;
AttributeAuthorityMapper attrAuthorityMapper = null;
try {
attrAuthorityMapperName = getAttributeValueFromAttrAuthorityConfig(realm, attrAuthorityEntityID, attrQueryProfileAlias + "_" + SAML2Constants.ATTRIBUTE_AUTHORITY_MAPPER);
if (attrAuthorityMapperName == null) {
attrAuthorityMapperName = SAML2Constants.DEFAULT_ATTRIBUTE_AUTHORITY_MAPPER_CLASS;
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.getAttributeAuthorityMapper: use " + attrAuthorityMapperName);
}
}
attrAuthorityMapper = (AttributeAuthorityMapper) attrAuthorityMapperCache.get(attrAuthorityMapperName);
if (attrAuthorityMapper == null) {
attrAuthorityMapper = (AttributeAuthorityMapper) Class.forName(attrAuthorityMapperName).newInstance();
attrAuthorityMapperCache.put(attrAuthorityMapperName, attrAuthorityMapper);
} else {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.getAttributeAuthorityMapper: " + "got the AttributeAuthorityMapper from cache");
}
}
} catch (Exception ex) {
SAML2Utils.debug.error("AttributeQueryUtil.getAttributeAuthorityMapper: " + "Unable to get IDP Attribute Mapper.", ex);
throw new SAML2Exception(ex);
}
return attrAuthorityMapper;
}
Also used :
AttributeAuthorityMapper(com.sun.identity.saml2.plugins.AttributeAuthorityMapper)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
SOAPException(javax.xml.soap.SOAPException)
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Example 47 with SAML2Exception
use of com.sun.identity.saml2.common.SAML2Exception in project OpenAM by OpenRock.
the class AttributeQueryUtil method constructAttrQueryForFedlet.
/**
* Constructs the Attribute Query used by the Fedlet to retrieve the
* values from IDP
*
* @param samlResp saml response
*
* @exception SAML2Exception if the operation is not successful
*
* @supported.api
*/
private static AttributeQuery constructAttrQueryForFedlet(String spEntityID, String idpEntityID, String nameIDValue, List<String> attrsList, String attrqMetaAlias, String attrProfileNameAlias, String subjectDN, boolean wantNameIDEncrypted) throws SAML2Exception {
String attrqEntityID = SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(attrqMetaAlias);
ProtocolFactory protocolFactory = ProtocolFactory.getInstance();
AssertionFactory assertionFactory = AssertionFactory.getInstance();
AttributeQuery attrQuery = protocolFactory.createAttributeQuery();
Issuer issuer = assertionFactory.createIssuer();
issuer.setValue(attrqEntityID);
attrQuery.setIssuer(issuer);
attrQuery.setID(SAML2Utils.generateID());
attrQuery.setVersion(SAML2Constants.VERSION_2_0);
attrQuery.setIssueInstant(new Date());
List attrs = new ArrayList();
for (String attributeName : attrsList) {
Attribute attr = assertionFactory.createAttribute();
attr.setName(attributeName);
attr.setNameFormat(SAML2Constants.BASIC_NAME_FORMAT);
attrs.add(attr);
}
attrQuery.setAttributes(attrs);
Subject subject = assertionFactory.createSubject();
NameID nameID = assertionFactory.createNameID();
nameID.setNameQualifier(idpEntityID);
nameID.setSPNameQualifier(spEntityID);
if (attrProfileNameAlias.equals(SAML2Constants.DEFAULT_ATTR_QUERY_PROFILE_ALIAS)) {
nameID.setFormat(SAML2Constants.NAMEID_TRANSIENT_FORMAT);
nameID.setValue(nameIDValue);
}
if (attrProfileNameAlias.equals(SAML2Constants.X509_SUBJECT_ATTR_QUERY_PROFILE_ALIAS)) {
nameID.setFormat(SAML2Constants.X509_SUBJECT_NAME);
nameID.setValue(subjectDN);
}
if (!wantNameIDEncrypted) {
subject.setNameID(nameID);
} else {
AttributeAuthorityDescriptorElement aad = metaManager.getAttributeAuthorityDescriptor("/", idpEntityID);
EncInfo encInfo = KeyUtil.getEncInfo(aad, idpEntityID, SAML2Constants.ATTR_AUTH_ROLE);
EncryptedID encryptedID = nameID.encrypt(encInfo.getWrappingKey(), encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength(), idpEntityID);
subject.setEncryptedID(encryptedID);
}
attrQuery.setSubject(subject);
return attrQuery;
}
Also used :
Issuer(com.sun.identity.saml2.assertion.Issuer)
Attribute(com.sun.identity.saml2.assertion.Attribute)
NameID(com.sun.identity.saml2.assertion.NameID)
ArrayList(java.util.ArrayList)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
EncryptedID(com.sun.identity.saml2.assertion.EncryptedID)
Date(java.util.Date)
Subject(com.sun.identity.saml2.assertion.Subject)
ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory)
EncInfo(com.sun.identity.saml2.key.EncInfo)
AssertionFactory(com.sun.identity.saml2.assertion.AssertionFactory)
AttributeQuery(com.sun.identity.saml2.protocol.AttributeQuery)
List(java.util.List)
ArrayList(java.util.ArrayList)
Example 48 with SAML2Exception
use of com.sun.identity.saml2.common.SAML2Exception in project OpenAM by OpenRock.
the class AttributeQueryUtil method encryptAssertion.
private static EncryptedAssertion encryptAssertion(Assertion assertion, EncryptedID encryptedID, String attrAuthorityEntityID, String requesterEntityID, String realm, String attrQueryProfileAlias) throws SAML2Exception {
SecretKey secretKey = EncManager.getEncInstance().getSecretKey(encryptedID.toXMLString(true, true), KeyUtil.getDecryptionKeys(realm, attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE));
AttributeQueryDescriptorElement aqd = metaManager.getAttributeQueryDescriptor(realm, requesterEntityID);
EncInfo encInfo = KeyUtil.getEncInfo(aqd, requesterEntityID, SAML2Constants.ATTR_QUERY_ROLE);
Element el = EncManager.getEncInstance().encrypt(assertion.toXMLString(true, true), encInfo.getWrappingKey(), secretKey, encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength(), requesterEntityID, "EncryptedAssertion");
return AssertionFactory.getInstance().createEncryptedAssertion(el);
}
Also used :
EncInfo(com.sun.identity.saml2.key.EncInfo)
SecretKey(javax.crypto.SecretKey)
AttributeServiceElement(com.sun.identity.saml2.jaxb.metadata.AttributeServiceElement)
AttributeValueElement(com.sun.identity.saml2.jaxb.assertion.AttributeValueElement)
AttributeElement(com.sun.identity.saml2.jaxb.assertion.AttributeElement)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
AttributeAuthorityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.AttributeAuthorityConfigElement)
AttributeQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
Element(org.w3c.dom.Element)
AttributeQueryConfigElement(com.sun.identity.saml2.jaxb.entityconfig.AttributeQueryConfigElement)
AttributeQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement)
Example 49 with SAML2Exception
use of com.sun.identity.saml2.common.SAML2Exception in project OpenAM by OpenRock.
the class AttributeQueryUtil method sendAttributeQuery.
/**
* Sends the <code>AttributeQuery</code> to specified
* attribute authority and returns <code>Response</code> coming
* from the attribute authority.
*
* @param attrQuery the <code>AttributeQuery</code> object
* @param request the HTTP Request
* @param response the HTTP Response
* @param attrAuthorityEntityID entity ID of attribute authority
* @param realm the realm of hosted entity
* @param attrQueryProfile the attribute query profile or null to ignore
* @param attrProfile the attribute profile
* @param binding the binding
*
* @exception SAML2Exception if the operation is not successful
*
* @supported.api
*/
public static void sendAttributeQuery(AttributeQuery attrQuery, HttpServletRequest request, HttpServletResponse response, String attrAuthorityEntityID, String realm, String attrQueryProfile, String attrProfile, String binding) throws SAML2Exception {
AttributeAuthorityDescriptorElement aad = null;
try {
aad = metaManager.getAttributeAuthorityDescriptor(realm, attrAuthorityEntityID);
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error("AttributeQueryUtil.sendAttributeQuery:", sme);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
if (aad == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("attrAuthorityNotFound"));
}
if (binding == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
String location = findLocation(aad, binding, attrQueryProfile, attrProfile);
if (location == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("attrAuthorityNotFound"));
}
if (binding.equalsIgnoreCase(SAML2Constants.HTTP_POST)) {
signAttributeQuery(attrQuery, realm, false);
String encodedReqMsg = SAML2Utils.encodeForPOST(attrQuery.toXMLString(true, true));
SAML2Utils.postToTarget(request, response, "SAMLRequest", encodedReqMsg, null, null, location);
} else {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 50 with SAML2Exception
use of com.sun.identity.saml2.common.SAML2Exception in project OpenAM by OpenRock.
the class AttributeQueryUtil method sendAttributeQuery.
/**
* Sends the <code>AttributeQuery</code> to specified
* attribute authority and returns <code>Response</code> coming
* from the attribute authority.
*
* @param attrQuery the <code>AttributeQuery</code> object
* @param attrAuthorityEntityID entity ID of attribute authority
* @param realm the realm of hosted entity
* @param attrQueryProfile the attribute query profile or null to ignore
* @param attrProfile the attribute profile
* @param binding the binding
*
* @return the <code>Response</code> object
* @exception SAML2Exception if the operation is not successful
*
* @supported.api
*/
public static Response sendAttributeQuery(AttributeQuery attrQuery, String attrAuthorityEntityID, String realm, String attrQueryProfile, String attrProfile, String binding) throws SAML2Exception {
AttributeAuthorityDescriptorElement aad = null;
try {
aad = metaManager.getAttributeAuthorityDescriptor(realm, attrAuthorityEntityID);
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error("AttributeQueryUtil.sendAttributeQuery:", sme);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
if (aad == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("attrAuthorityNotFound"));
}
if (binding == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
String location = findLocation(aad, binding, attrQueryProfile, attrProfile);
if (location == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("attrAuthorityNotFound"));
}
if (binding.equalsIgnoreCase(SAML2Constants.SOAP)) {
signAttributeQuery(attrQuery, realm, false);
return sendAttributeQuerySOAP(attrQuery, location, attrAuthorityEntityID, aad);
} else {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)275
ArrayList (java.util.ArrayList)92
List (java.util.List)86
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)72
Element (org.w3c.dom.Element)64
SessionException (com.sun.identity.plugin.session.SessionException)56
IOException (java.io.IOException)51
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)44
Map (java.util.Map)44
HashMap (java.util.HashMap)43
Iterator (java.util.Iterator)43
Issuer (com.sun.identity.saml2.assertion.Issuer)42
Date (java.util.Date)40
SOAPException (javax.xml.soap.SOAPException)39
SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)39
X509Certificate (java.security.cert.X509Certificate)36
NodeList (org.w3c.dom.NodeList)36
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)35
Node (org.w3c.dom.Node)34
Response (com.sun.identity.saml2.protocol.Response)30
