Example 31 with BaseConfigType
use of com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method getMetaalias.
/**
* Returns the metaAlias of the entity.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @param role the Role of entity.
* @return the metaAlias of the entity.
* @throws AMConsoleException if unable to retrieve metaAlias.
*/
public String getMetaalias(String realm, String entityName, String role) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "Extended" };
logEvent("ATTEMPT_GET_METAALIAS", params);
String metaAlias = null;
IDPSSOConfigElement idpssoConfig = null;
SPSSOConfigElement spssoConfig = null;
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
if (role.equals(EntityModel.IDENTITY_PROVIDER)) {
idpssoConfig = samlManager.getIDPSSOConfig(realm, entityName);
if (idpssoConfig != null) {
BaseConfigType baseConfig = (BaseConfigType) idpssoConfig;
metaAlias = baseConfig.getMetaAlias();
}
} else if (role.equals(EntityModel.SERVICE_PROVIDER)) {
spssoConfig = samlManager.getSPSSOConfig(realm, entityName);
if (spssoConfig != null) {
BaseConfigType baseConfig = (BaseConfigType) spssoConfig;
metaAlias = baseConfig.getMetaAlias();
}
}
logEvent("SUCCEED_GET_METAALIAS", params);
} catch (SAML2MetaException e) {
debug.warning("SAMLv2ModelImpl.getMetaalias:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "Extended", strError };
logEvent("FEDERATION_EXCEPTION_GET_METAALIAS", paramsEx);
throw new AMConsoleException(strError);
}
return metaAlias;
}
Also used :
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 32 with BaseConfigType
use of com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class ImportMetaData method handleSAML2Request.
private void handleSAML2Request(RequestContext rc) throws CLIException {
try {
SAML2MetaManager metaManager = new SAML2MetaManager(ssoToken);
EntityConfigElement configElt = null;
List<String> newMetaAliases = null;
if (extendedData != null) {
configElt = geEntityConfigElement();
/*
* see note at the end of this class for how we decide
* the realm value
*/
if (configElt != null && configElt.isHosted()) {
List<BaseConfigType> config = configElt.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
if (!config.isEmpty()) {
BaseConfigType bConfig = (BaseConfigType) config.iterator().next();
realm = SAML2MetaUtils.getRealmByMetaAlias(bConfig.getMetaAlias());
newMetaAliases = getMetaAliases(config);
}
}
}
List<String> entityIds = null;
// Load the metadata if it has been provided
if (metadata != null) {
entityIds = importSAML2Metadata(metaManager);
}
// Load the extended metadata if it has been provided
if (configElt != null) {
if (null != newMetaAliases && !newMetaAliases.isEmpty()) {
metaManager.validateMetaAliasForNewEntity(realm, newMetaAliases);
}
metaManager.createEntityConfig(realm, configElt);
}
if (entityIds != null) {
String out = (webAccess) ? "web" : metadata;
Object[] objs = { out };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("import-entity-succeeded"), objs));
}
if (configElt != null) {
String out = (webAccess) ? "web" : extendedData;
Object[] objs = { out };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("import-entity-succeeded"), objs));
}
if ((cot != null) && (cot.length() > 0) && (entityIds != null) && (!entityIds.isEmpty())) {
CircleOfTrustManager cotManager = new CircleOfTrustManager(ssoToken);
for (String entityID : entityIds) {
if (!cotManager.isInCircleOfTrust(realm, cot, spec, entityID)) {
cotManager.addCircleOfTrustMember(realm, cot, spec, entityID);
}
}
}
} catch (COTException e) {
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SAML2MetaException e) {
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Also used :
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
CLIException(com.sun.identity.cli.CLIException)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
COTException(com.sun.identity.cot.COTException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
Example 33 with BaseConfigType
use of com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class SingleLogoutManager method sendLogoutResponse.
/**
* Sends logout response, this is for the case of HTTP binding
* There are two cases here:
* 1. IDP initiated HTTP Logout, just redirect user browser to original
* relaystate.
* 2. SP initiated HTTP logout, need to send LogoutResponse back to SP.
*/
void sendLogoutResponse(HttpServletRequest request, HttpServletResponse response, String relayState) throws IOException {
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutResponse: relaystate=" + relayState);
}
String logoutResponseXML = (String) sloResponseXMLMap.get(relayState);
if (logoutResponseXML == null) {
// first case, just redirect to original relayState
String origRelayState = (String) relayStateMap.get(relayState);
int logoutStatus = ((Integer) currentStatusMap.get(relayState)).intValue();
String statusString = MultiProtocolUtils.getLogoutStatus(logoutStatus);
if ((origRelayState == null) || (origRelayState.length() == 0)) {
// TODO : get default single logout URL for each protocol
response.getWriter().print("Logout DONE. Status = " + statusString);
} else {
// include logout status
if (origRelayState.indexOf("?") == -1) {
response.sendRedirect(origRelayState + "?" + SingleLogoutManager.STATUS_PARAM + "=" + statusString);
} else {
response.sendRedirect(origRelayState + "&" + SingleLogoutManager.STATUS_PARAM + "=" + statusString);
}
}
} else {
String protocol = (String) origProtocolMap.get(relayState);
String spEntityID = (String) spEntityIDMap.get(relayState);
String origRelayState = (String) relayStateMap.get(relayState);
String realm = (String) realmMap.get(relayState);
String idpEntityID = (String) idpEntityIDMap.get(relayState);
int currentStatus = ((Integer) currentStatusMap.get(relayState)).intValue();
if (protocol.equals(SingleLogoutManager.SAML2)) {
try {
LogoutResponse logResp = ProtocolFactory.getInstance().createLogoutResponse(logoutResponseXML);
String location = logResp.getDestination();
String statusVal = logResp.getStatus().getStatusCode().getValue();
String newVal = getNewStatusCode(currentStatus, statusVal);
if (!statusVal.equals(newVal)) {
logResp.getStatus().getStatusCode().setValue(statusVal);
}
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "(SAML2) location=" + location + " orig status=" + statusVal + ", new status=" + newVal + ", orig relay=" + origRelayState + ", realm=" + realm + ", idpEntityID=" + idpEntityID + ", spEntityID=" + spEntityID);
}
LogoutUtil.sendSLOResponse(response, logResp, location, origRelayState, realm, idpEntityID, SAML2Constants.IDP_ROLE, spEntityID);
} catch (SAML2Exception ex) {
debug.error("SingleLogoutManager.sendLogoutResponse:saml2", ex);
throw new IOException(ex.getMessage());
}
} else if (protocol.equals(SingleLogoutManager.IDFF)) {
boolean failed = false;
String logoutDoneURL = null;
try {
debug.message("SingleLogoutManager.sendLogoutResp: IDFF");
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
ProviderDescriptorType descriptor = metaManager.getSPDescriptor(realm, spEntityID);
String retURL = descriptor.getSingleLogoutServiceReturnURL();
Element elem = XMLUtils.toDOMDocument(logoutResponseXML, SingleLogoutManager.debug).getDocumentElement();
FSLogoutResponse responseLogout = new FSLogoutResponse(elem);
BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, idpEntityID);
logoutDoneURL = FSServiceUtils.getLogoutDonePageURL(request, hostedConfig, null);
Status status = responseLogout.getStatus();
String statusVal = status.getStatusCode().getValue();
String newVal = getNewStatusCode(currentStatus, statusVal);
if (!statusVal.equals(newVal)) {
com.sun.identity.saml.protocol.StatusCode statCode = new com.sun.identity.saml.protocol.StatusCode(newVal);
com.sun.identity.saml.protocol.Status stat = new com.sun.identity.saml.protocol.Status(statCode);
responseLogout.setStatus(stat);
}
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "(IDFF) orig status=" + statusVal + ", new status=" + newVal + ", orig relay=" + origRelayState + ", logout done URL=" + logoutDoneURL + ", realm=" + realm + ", idpEntityID=" + idpEntityID + ", spEntityID=" + spEntityID);
}
String urlEncodedResponse = responseLogout.toURLEncodedQueryString();
// Sign the request querystring
if (FSServiceUtils.isSigningOn()) {
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null || certAlias.length() == 0) {
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "signSAMLRequest couldn't obtain cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
} else {
urlEncodedResponse = FSSignatureUtil.signAndReturnQueryString(urlEncodedResponse, certAlias);
}
}
StringBuffer redirectURL = new StringBuffer();
redirectURL.append(retURL);
if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
redirectURL.append(IFSConstants.QUESTION_MARK);
} else {
redirectURL.append(IFSConstants.AMPERSAND);
}
redirectURL.append(urlEncodedResponse);
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendResponse " + "for IDFF, url = " + redirectURL.toString());
}
response.sendRedirect(redirectURL.toString());
} catch (FSMsgException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
} catch (SAMLException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
;
} catch (IDFFMetaException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
} catch (IOException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
}
if (failed) {
FSServiceUtils.returnLocallyAfterOperation(response, logoutDoneURL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
}
} else if (protocol.equals(SingleLogoutManager.WS_FED)) {
debug.message("SingleLogoutManager.sendLogoutResponse: WSFED");
if (origRelayState != null) {
response.sendRedirect(origRelayState);
} else {
response.getWriter().print("Logout DONE.");
}
} else {
// should never come here
debug.error("SingleLogoutManager.sendLogoutResponse: invalid" + " protocol : " + protocol);
}
}
cleanupParameters(relayState);
return;
}
Also used :
Element(org.w3c.dom.Element)
SAMLException(com.sun.identity.saml.common.SAMLException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
Status(com.sun.identity.saml.protocol.Status)
Status(com.sun.identity.saml.protocol.Status)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
LogoutResponse(com.sun.identity.saml2.protocol.LogoutResponse)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
IOException(java.io.IOException)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Example 34 with BaseConfigType
use of com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class SAML2MetaUtils method getAttributes.
/**
* Gets attribute value pairs from <code>BaseConfigType</code> and
* put in a <code>Map</code>. The key is attribute name and the value is
* a <code>List</code> of attribute values;
* @param config the <code>BaseConfigType</code> object
* @return a attrbute value <code>Map</code>
*/
public static Map<String, List<String>> getAttributes(BaseConfigType config) {
Map<String, List<String>> attrMap = new HashMap<>();
List<AttributeType> list = config.getAttribute();
for (AttributeType avp : list) {
attrMap.put(avp.getName(), avp.getValue());
}
return attrMap;
}
Also used :
HashMap(java.util.HashMap)
AttributeType(com.sun.identity.saml2.jaxb.entityconfig.AttributeType)
NodeList(org.w3c.dom.NodeList)
List(java.util.List)
Example 35 with BaseConfigType
use of com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class DefaultAccountMapper method getAttribute.
/**
* Returns the attribute value configured in the given entity
* SP or IDP configuration.
* @param realm realm name.
* @param entityID hosted <code>EntityID</code>.
* @param attributeName name of the attribute.
*/
protected String getAttribute(String realm, String entityID, String attributeName) {
if (realm == null || entityID == null || attributeName == null) {
if (debug.messageEnabled()) {
debug.message("DefaultAccountMapper.getAttribute: " + "null input parameters.");
}
return null;
}
try {
BaseConfigType config = getSSOConfig(realm, entityID);
Map attributes = SAML2MetaUtils.getAttributes(config);
if (attributes == null || attributes.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("DefaultAccountMapper.getAttribute:" + " attribute configuration is not defined for " + "Entity " + entityID + " realm =" + realm + " role=" + role);
}
return null;
}
List list = (List) attributes.get(attributeName);
if (list != null && list.size() > 0) {
return (String) list.iterator().next();
}
if (debug.messageEnabled()) {
debug.message("DefaultSPAccountMapper.getAttribute: " + attributeName + " is not configured.");
}
return null;
} catch (SAML2MetaException sme) {
if (debug.warningEnabled()) {
debug.warning("DefaultSPAccountMapper.getAttribute:" + "Meta Exception", sme);
}
}
return null;
}
Also used :
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
List(java.util.List)
Map(java.util.Map)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Aggregations
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)36
List (java.util.List)31
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)25
ArrayList (java.util.ArrayList)17
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)16
Iterator (java.util.Iterator)15
HashMap (java.util.HashMap)14
Map (java.util.Map)14
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)12
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)11
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)10
SessionException (com.sun.identity.plugin.session.SessionException)7
AttributeType (com.sun.identity.saml2.jaxb.entityconfig.AttributeType)5
ConfigurationException (com.sun.identity.plugin.configuration.ConfigurationException)4
AffiliationConfigElement (com.sun.identity.saml2.jaxb.entityconfig.AffiliationConfigElement)4
IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)4
ObjectFactory (com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)4
EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)4
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)4
SessionProvider (com.sun.identity.plugin.session.SessionProvider)3
