Search in sources :

Example 1 with BaseConfigType

use of com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.

the class GetCircleOfTrusts method getRealmFromExtData.

private String getRealmFromExtData(String xml) throws WorkflowException {
    String realm = null;
    try {
        Object obj = SAML2MetaUtils.convertStringToJAXB(xml);
        EntityConfigElement configElt = (obj instanceof EntityConfigElement) ? (EntityConfigElement) obj : null;
        if (configElt != null && configElt.isHosted()) {
            List config = configElt.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
            if (!config.isEmpty()) {
                BaseConfigType bConfig = (BaseConfigType) config.iterator().next();
                realm = SAML2MetaUtils.getRealmByMetaAlias(bConfig.getMetaAlias());
            }
        }
    } catch (JAXBException e) {
        throw new WorkflowException("invalid-extended-data-cot", null);
    }
    return realm;
}
Also used : BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType) JAXBException(javax.xml.bind.JAXBException) List(java.util.List) EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)

Example 2 with BaseConfigType

use of com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.

the class SAML2COTUtils method updateEntityConfig.

/**
     * Updates the entity config to add the circle of turst name to the
     * <code>cotlist</code> attribute. The Service Provider and Identity
     * Provider Configuration are updated.
     *
     * @param realm the realm name where the entity configuration is.
     * @param name the circle of trust name.
     * @param entityId the name of the Entity identifier.
     * @throws SAML2MetaException if there is a configuration error when
     *         updating the configuration.
     * @throws JAXBException is there is an error updating the entity
     *          configuration.
     */
public void updateEntityConfig(String realm, String name, String entityId) throws SAML2MetaException, JAXBException {
    String classMethod = "SAML2COTUtils.updateEntityConfig: ";
    SAML2MetaManager metaManager = null;
    if (callerSession == null) {
        metaManager = new SAML2MetaManager();
    } else {
        metaManager = new SAML2MetaManager(callerSession);
    }
    ObjectFactory objFactory = new ObjectFactory();
    // Check whether the entity id existed in the DS
    EntityDescriptorElement edes = metaManager.getEntityDescriptor(realm, entityId);
    if (edes == null) {
        debug.error(classMethod + "No such entity: " + entityId);
        String[] data = { realm, entityId };
        throw new SAML2MetaException("entityid_invalid", data);
    }
    boolean isAffiliation = false;
    if (metaManager.getAffiliationDescriptor(realm, entityId) != null) {
        isAffiliation = true;
    }
    if (debug.messageEnabled()) {
        debug.message(classMethod + "is " + entityId + " in realm " + realm + " an affiliation? " + isAffiliation);
    }
    EntityConfigElement eConfig = metaManager.getEntityConfig(realm, entityId);
    if (eConfig == null) {
        BaseConfigType bctype = null;
        AttributeType atype = objFactory.createAttributeType();
        atype.setName(SAML2Constants.COT_LIST);
        atype.getValue().add(name);
        // add to eConfig
        EntityConfigElement ele = objFactory.createEntityConfigElement();
        ele.setEntityID(entityId);
        ele.setHosted(false);
        if (isAffiliation) {
            // handle affiliation case
            bctype = objFactory.createAffiliationConfigElement();
            bctype.getAttribute().add(atype);
            ele.setAffiliationConfig(bctype);
        } else {
            List ll = ele.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
            // Decide which role EntityDescriptorElement includes
            List list = edes.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
            for (Iterator iter = list.iterator(); iter.hasNext(); ) {
                Object obj = iter.next();
                if (obj instanceof SPSSODescriptorElement) {
                    bctype = objFactory.createSPSSOConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                } else if (obj instanceof IDPSSODescriptorElement) {
                    bctype = objFactory.createIDPSSOConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                } else if (obj instanceof XACMLPDPDescriptorElement) {
                    bctype = objFactory.createXACMLPDPConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                } else if (obj instanceof XACMLAuthzDecisionQueryDescriptorElement) {
                    bctype = objFactory.createXACMLAuthzDecisionQueryConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                } else if (obj instanceof AttributeAuthorityDescriptorElement) {
                    bctype = objFactory.createAttributeAuthorityConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                } else if (obj instanceof AttributeQueryDescriptorElement) {
                    bctype = objFactory.createAttributeQueryConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                } else if (obj instanceof AuthnAuthorityDescriptorElement) {
                    bctype = objFactory.createAuthnAuthorityConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                }
            }
        }
        metaManager.setEntityConfig(realm, ele);
    } else {
        boolean needToSave = true;
        List elist = null;
        if (isAffiliation) {
            AffiliationConfigElement affiliationCfgElm = metaManager.getAffiliationConfig(realm, entityId);
            elist = new ArrayList();
            elist.add(affiliationCfgElm);
        } else {
            elist = eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
        }
        for (Iterator iter = elist.iterator(); iter.hasNext(); ) {
            boolean foundCOT = false;
            BaseConfigType bConfig = (BaseConfigType) iter.next();
            List list = bConfig.getAttribute();
            for (Iterator iter2 = list.iterator(); iter2.hasNext(); ) {
                AttributeType avp = (AttributeType) iter2.next();
                if (avp.getName().trim().equalsIgnoreCase(SAML2Constants.COT_LIST)) {
                    foundCOT = true;
                    List avpl = avp.getValue();
                    if (avpl.isEmpty() || !containsValue(avpl, name)) {
                        avpl.add(name);
                        needToSave = true;
                        break;
                    }
                }
            }
            // no cot_list in the original entity config
            if (!foundCOT) {
                AttributeType atype = objFactory.createAttributeType();
                atype.setName(SAML2Constants.COT_LIST);
                atype.getValue().add(name);
                list.add(atype);
                needToSave = true;
            }
        }
        if (needToSave) {
            metaManager.setEntityConfig(realm, eConfig);
        }
    }
}
Also used : AuthnAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement) SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) XACMLPDPDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement) AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement) ArrayList(java.util.ArrayList) AttributeQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement) EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement) BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType) AffiliationConfigElement(com.sun.identity.saml2.jaxb.entityconfig.AffiliationConfigElement) ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory) AttributeType(com.sun.identity.saml2.jaxb.entityconfig.AttributeType) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) List(java.util.List) XACMLAuthzDecisionQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLAuthzDecisionQueryDescriptorElement) EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)

Example 3 with BaseConfigType

use of com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.

the class SAML2MetaManager method getAllHostedMetaAliasesByRealm.

/**
     * Returns all the hosted entity metaAliases for a realm.
     *
     * @param realm The given realm.
     * @return all the hosted entity metaAliases for a realm or an empty arrayList if not found.
     * @throws SAML2MetaException  if unable to retrieve the entity ids.
     */
public List<String> getAllHostedMetaAliasesByRealm(String realm) throws SAML2MetaException {
    List<String> metaAliases = new ArrayList<String>();
    try {
        Set<String> entityIds = configInst.getAllConfigurationNames(realm);
        if (entityIds == null || entityIds.isEmpty()) {
            return metaAliases;
        }
        for (String entityId : entityIds) {
            EntityConfigElement config = getEntityConfig(realm, entityId);
            if (config == null || !config.isHosted()) {
                continue;
            }
            List<BaseConfigType> configList = config.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
            for (BaseConfigType bConfigType : configList) {
                String curMetaAlias = bConfigType.getMetaAlias();
                if (curMetaAlias != null && !curMetaAlias.isEmpty()) {
                    metaAliases.add(curMetaAlias);
                }
            }
        }
    } catch (ConfigurationException e) {
        debug.error("SAML2MetaManager.getAllHostedMetaAliasesByRealm:", e);
        throw new SAML2MetaException(e);
    }
    return metaAliases;
}
Also used : BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType) ConfigurationException(com.sun.identity.plugin.configuration.ConfigurationException) ArrayList(java.util.ArrayList) EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)

Example 4 with BaseConfigType

use of com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.

the class SAML2MetaManager method removeFromCircleOfTrust.

private void removeFromCircleOfTrust(String realm, String entityId) {
    try {
        EntityConfigElement eConfig = getEntityConfig(realm, entityId);
        boolean isAffiliation = false;
        if (getAffiliationDescriptor(realm, entityId) != null) {
            isAffiliation = true;
        }
        if (debug.messageEnabled()) {
            debug.message("SAML2MetaManager.removeFromCircleOfTrust is " + entityId + " in realm " + realm + " an affiliation? " + isAffiliation);
        }
        if (eConfig != null) {
            List elist = null;
            if (isAffiliation) {
                AffiliationConfigElement affiliationCfgElm = getAffiliationConfig(realm, entityId);
                elist = new ArrayList();
                elist.add(affiliationCfgElm);
            } else {
                elist = eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
            }
            // use first one to delete the entity from COT
            BaseConfigType config = (BaseConfigType) elist.iterator().next();
            Map attr = SAML2MetaUtils.getAttributes(config);
            List cotAttr = (List) attr.get(SAML2Constants.COT_LIST);
            List cotList = new ArrayList(cotAttr);
            if ((cotList != null) && !cotList.isEmpty()) {
                for (Iterator iter = cotList.iterator(); iter.hasNext(); ) {
                    String cotName = ((String) iter.next()).trim();
                    if ((cotName != null) && (!cotName.equals(""))) {
                        cotm.removeCircleOfTrustMember(realm, cotName, COTConstants.SAML2, entityId, false);
                    }
                }
            }
        }
    } catch (Exception e) {
        debug.error("SAML2MetaManager.removeFromCircleOfTrust:" + "Error while removing entity" + entityId + "from COT.", e);
    }
}
Also used : BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType) AffiliationConfigElement(com.sun.identity.saml2.jaxb.entityconfig.AffiliationConfigElement) ArrayList(java.util.ArrayList) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) List(java.util.List) Map(java.util.Map) COTException(com.sun.identity.cot.COTException) ConfigurationException(com.sun.identity.plugin.configuration.ConfigurationException) JAXBException(javax.xml.bind.JAXBException) EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)

Example 5 with BaseConfigType

use of com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.

the class DefaultFedletAdapter method onFedletSLOSuccessOrFailure.

private void onFedletSLOSuccessOrFailure(HttpServletRequest request, HttpServletResponse response, LogoutRequest logoutReq, LogoutResponse logoutRes, String hostedEntityID, String idpEntityID, String binding, boolean isSuccess) throws SAML2Exception {
    String method = "DefaultFedletAdapter:onFedletSLOSuccessOrFailure:";
    try {
        if (logoutUrl == null) {
            BaseConfigType spConfig = SAML2Utils.getSAML2MetaManager().getSPSSOConfig("/", hostedEntityID);
            List appLogoutURL = (List) SAML2MetaUtils.getAttributes(spConfig).get(SAML2Constants.APP_LOGOUT_URL);
            if ((appLogoutURL != null) && !appLogoutURL.isEmpty()) {
                logoutUrl = (String) appLogoutURL.get(0);
            }
        }
        if (logoutUrl == null) {
            String deployuri = request.getRequestURI();
            int slashLoc = deployuri.indexOf("/", 1);
            if (slashLoc != -1) {
                deployuri = deployuri.substring(0, slashLoc);
            }
            if (deployuri != null) {
                String url = request.getRequestURL().toString();
                int loc = url.indexOf(deployuri + "/");
                if (loc != -1) {
                    logoutUrl = url.substring(0, loc + deployuri.length()) + "/logout";
                }
            }
        }
        if (logoutUrl == null) {
            return;
        }
        URL url = new URL(logoutUrl);
        HttpURLConnection conn = HttpURLConnectionManager.getConnection(url);
        conn.setDoOutput(true);
        conn.setRequestMethod("POST");
        conn.setFollowRedirects(false);
        conn.setInstanceFollowRedirects(false);
        // replay cookies
        String strCookies = SAML2Utils.getCookiesString(request);
        if (strCookies != null) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(method + "Sending cookies : " + strCookies);
            }
            conn.setRequestProperty("Cookie", strCookies);
        }
        conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
        conn.setRequestProperty("IDP", URLEncDec.encode(idpEntityID));
        conn.setRequestProperty("SP", URLEncDec.encode(hostedEntityID));
        if (logoutReq != null) {
            NameID nameID = logoutReq.getNameID();
            if (nameID != null) {
                conn.setRequestProperty("NameIDValue", URLEncDec.encode(nameID.getValue()));
            }
            List siList = logoutReq.getSessionIndex();
            if ((siList != null) && (!siList.isEmpty())) {
                conn.setRequestProperty("SessionIndex", URLEncDec.encode((String) siList.get(0)));
            }
        }
        conn.setRequestProperty("Binding", binding);
        if (isSuccess) {
            conn.setRequestProperty("SLOStatus", "Success");
        } else {
            conn.setRequestProperty("SLOStatus", "Failure");
        }
        OutputStream outputStream = conn.getOutputStream();
        // Write the request to the HTTP server.
        outputStream.write("".getBytes());
        outputStream.flush();
        outputStream.close();
        // Check response code
        if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(method + "Response code OK");
            }
        } else {
            SAML2Utils.debug.error(method + "Response code NOT OK: " + conn.getResponseCode());
        }
    } catch (Exception e) {
    }
    return;
}
Also used : BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType) HttpURLConnection(java.net.HttpURLConnection) NameID(com.sun.identity.saml2.assertion.NameID) OutputStream(java.io.OutputStream) List(java.util.List) URL(java.net.URL) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)

Aggregations

BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)36 List (java.util.List)31 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)25 ArrayList (java.util.ArrayList)17 SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)16 Iterator (java.util.Iterator)15 HashMap (java.util.HashMap)14 Map (java.util.Map)14 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)12 EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)11 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)10 SessionException (com.sun.identity.plugin.session.SessionException)7 AttributeType (com.sun.identity.saml2.jaxb.entityconfig.AttributeType)5 ConfigurationException (com.sun.identity.plugin.configuration.ConfigurationException)4 AffiliationConfigElement (com.sun.identity.saml2.jaxb.entityconfig.AffiliationConfigElement)4 IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)4 ObjectFactory (com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)4 EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)4 IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)4 SessionProvider (com.sun.identity.plugin.session.SessionProvider)3