Example 36 with BaseConfigType
use of com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class SAML2MetaSecurityUtils method updateProviderKeyInfo.
/**
* Updates signing or encryption key info for SP or IDP.
* This will update both signing/encryption alias on extended metadata and
* certificates in standard metadata.
* @param realm Realm the entity resides.
* @param entityID ID of the entity to be updated.
* @param certAliases The set of certificate aliases to be set for the entity. If null or empty, existing key
* information will be removed from the SP or IDP.
* @param isSigning true if this is signing certificate alias, false if
* this is encryption certification alias.
* @param isIDP true if this is for IDP signing/encryption alias, false
* if this is for SP signing/encryption alias
* @param encAlgo Encryption algorithm URI, this is applicable for
* encryption cert only.
* @param keySize Encryption key size, this is applicable for
* encryption cert only.
* @throws SAML2MetaException if failed to update the certificate alias
* for the entity.
*/
public static void updateProviderKeyInfo(String realm, String entityID, Set<String> certAliases, boolean isSigning, boolean isIDP, String encAlgo, int keySize) throws SAML2MetaException {
SAML2MetaManager metaManager = new SAML2MetaManager();
EntityConfigElement config = metaManager.getEntityConfig(realm, entityID);
if (!config.isHosted()) {
String[] args = { entityID, realm };
throw new SAML2MetaException("entityNotHosted", args);
}
EntityDescriptorElement desp = metaManager.getEntityDescriptor(realm, entityID);
BaseConfigType baseConfig;
RoleDescriptorType descriptor;
if (isIDP) {
baseConfig = SAML2MetaUtils.getIDPSSOConfig(config);
descriptor = SAML2MetaUtils.getIDPSSODescriptor(desp);
if (baseConfig == null || descriptor == null) {
String[] args = { entityID, realm };
throw new SAML2MetaException("entityNotIDP", args);
}
} else {
baseConfig = SAML2MetaUtils.getSPSSOConfig(config);
descriptor = SAML2MetaUtils.getSPSSODescriptor(desp);
if (baseConfig == null || descriptor == null) {
String[] args = { entityID, realm };
throw new SAML2MetaException("entityNotSP", args);
}
}
// update standard metadata
if (CollectionUtils.isEmpty(certAliases)) {
// remove key info
removeKeyDescriptor(descriptor, isSigning);
if (isSigning) {
setExtendedAttributeValue(baseConfig, SAML2Constants.SIGNING_CERT_ALIAS, null);
} else {
setExtendedAttributeValue(baseConfig, SAML2Constants.ENCRYPTION_CERT_ALIAS, null);
}
} else {
Set<KeyDescriptorType> keyDescriptors = new LinkedHashSet<>(certAliases.size());
for (String certAlias : certAliases) {
keyDescriptors.add(getKeyDescriptor(certAlias, isSigning, encAlgo, keySize));
}
updateKeyDescriptor(descriptor, keyDescriptors);
// update extended metadata
if (isSigning) {
setExtendedAttributeValue(baseConfig, SAML2Constants.SIGNING_CERT_ALIAS, certAliases);
} else {
setExtendedAttributeValue(baseConfig, SAML2Constants.ENCRYPTION_CERT_ALIAS, certAliases);
}
}
metaManager.setEntityDescriptor(realm, desp);
metaManager.setEntityConfig(realm, config);
}
Also used :
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
LinkedHashSet(java.util.LinkedHashSet)
RoleDescriptorType(com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType)
KeyDescriptorType(com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
Example 37 with BaseConfigType
use of com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class SAML2MetaSecurityUtils method setExtendedAttributeValue.
private static void setExtendedAttributeValue(BaseConfigType config, String attrName, Set attrVal) throws SAML2MetaException {
try {
List attributes = config.getAttribute();
for (Iterator iter = attributes.iterator(); iter.hasNext(); ) {
AttributeType avp = (AttributeType) iter.next();
if (avp.getName().trim().equalsIgnoreCase(attrName)) {
iter.remove();
}
}
if (attrVal != null) {
ObjectFactory factory = new ObjectFactory();
AttributeType atype = factory.createAttributeType();
atype.setName(attrName);
atype.getValue().addAll(attrVal);
config.getAttribute().add(atype);
}
} catch (JAXBException e) {
throw new SAML2MetaException(e);
}
}
Also used :
ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)
AttributeType(com.sun.identity.saml2.jaxb.entityconfig.AttributeType)
JAXBException(javax.xml.bind.JAXBException)
Iterator(java.util.Iterator)
NodeList(org.w3c.dom.NodeList)
List(java.util.List)
Example 38 with BaseConfigType
use of com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class IDPSessionListener method sessionInvalidated.
/**
* Callback for SessionListener.
* It is used for cleaning up the IDP session cache.
*
* @param session The session object
*/
public void sessionInvalidated(Object session) {
String classMethod = "IDPSessionListener.sessionInvalidated: ";
HashMap paramsMap = new HashMap();
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "Entering ...");
}
if (session == null) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "Session is null.");
}
return;
}
try {
SessionProvider sessionProvider = SessionManager.getProvider();
String[] values = sessionProvider.getProperty(session, SAML2Constants.IDP_SESSION_INDEX);
if (values == null || values.length == 0) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "No sessionIndex stored in session.");
}
return;
}
String sessionIndex = values[0];
if (sessionIndex == null || sessionIndex.length() == 0) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "No sessionIndex stored in session.");
}
return;
}
IDPSession idpSession = (IDPSession) IDPCache.idpSessionsByIndices.get(sessionIndex);
if (idpSession != null) {
paramsMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE);
String metaAlias = idpSession.getMetaAlias();
String realm = SAML2Utils.getRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAlias));
String idpEntityID = sm.getEntityByMetaAlias(metaAlias);
try {
List list = (List) idpSession.getNameIDandSPpairs();
for (Iterator iter = list.iterator(); iter.hasNext(); ) {
NameIDandSPpair pair = (NameIDandSPpair) iter.next();
String spEntityID = pair.getSPEntityID();
NameID nameID = pair.getNameID();
BaseConfigType idpConfig = sm.getIDPSSOConfig(realm, idpEntityID);
if (idpConfig != null) {
List idpSessionSyncList = (List) SAML2MetaUtils.getAttributes(idpConfig).get(SAML2Constants.IDP_SESSION_SYNC_ENABLED);
if ((idpEntityID != null && spEntityID != null && idpSessionSyncList != null && idpSessionSyncList.size() != 0)) {
boolean idpSessionSyncEnabled = ((String) idpSessionSyncList.get(0)).equals(SAML2Constants.TRUE) ? true : false;
// Sync flag is enabled
if (idpSessionSyncEnabled) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "IDP Session Synchronization flag " + "is enabled, initiating SLO to SP");
}
initiateIDPSingleLogout(sessionIndex, metaAlias, realm, SAML2Constants.SOAP, nameID, spEntityID, paramsMap);
}
}
} else {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "Unable to retrieve the IDP " + "config data, idpConfig is null");
}
}
}
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error("IDPSessionListener.sessionInvalidated:", sme);
} catch (SAML2Exception se) {
SAML2Utils.debug.error("IDPSessionListener.sessionInvalidated:", se);
} catch (SessionException s) {
SAML2Utils.debug.error("IDPSessionListener.sessionInvalidated:", s);
}
synchronized (IDPCache.idpSessionsByIndices) {
List list = (List) idpSession.getNameIDandSPpairs();
for (Iterator iter = list.iterator(); iter.hasNext(); ) {
NameIDandSPpair pair = (NameIDandSPpair) iter.next();
NameID nameID = pair.getNameID();
if (SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(nameID.getFormat())) {
IDPCache.userIDByTransientNameIDValue.remove(nameID.getValue());
}
}
}
} else {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "IDP Session with session index " + sessionIndex + " already removed.");
}
}
IDPCache.idpSessionsByIndices.remove(sessionIndex);
IDPCache.authnContextCache.remove(sessionIndex);
String sessID = sessionProvider.getSessionID(session);
if (IDPCache.idpSessionsBySessionID.get(sessID) != null) {
IDPCache.idpSessionsBySessionID.remove(sessID);
if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
saml2Svc.setIdpSessionCount((long) IDPCache.idpSessionsBySessionID.size());
}
}
if (IDPCache.spSessionPartnerBySessionID.get(sessID) != null) {
IDPCache.spSessionPartnerBySessionID.remove(sessID);
}
// This failing should not cause the whole process to fail
try {
if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
SAML2FailoverUtils.deleteSAML2Token(sessionIndex);
}
} catch (SAML2TokenRepositoryException se) {
SAML2Utils.debug.error(classMethod + "SAML2 Token Repository error, sessionIndex:" + sessionIndex, se);
}
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "cleaned up the IDP session cache for a session expiring or being destroyed: sessionIndex=" + sessionIndex);
}
} catch (SessionException e) {
if (SAML2Utils.debug.warningEnabled()) {
SAML2Utils.debug.warning(classMethod + "invalid or expired session.", e);
}
} catch (SAML2MetaException samlme) {
if (SAML2Utils.debug.warningEnabled()) {
SAML2Utils.debug.warning(classMethod + "unable to retrieve idp entity id.", samlme);
}
}
}
Also used :
HashMap(java.util.HashMap)
NameID(com.sun.identity.saml2.assertion.NameID)
SessionException(com.sun.identity.plugin.session.SessionException)
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Iterator(java.util.Iterator)
List(java.util.List)
SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 39 with BaseConfigType
use of com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class ImportSAML2MetaData method importData.
/**
* Imports meta and extended metadata.
*
* @param realm Realm of the entity.
* @param metadata Meta data.
* @param extended extended data.
* @return realm and entity ID.
*/
public static String[] importData(String realm, String metadata, String extended) throws WorkflowException {
String entityID = null;
try {
SAML2MetaManager metaManager = new SAML2MetaManager();
EntityConfigElement configElt = null;
if (extended != null) {
Object obj = SAML2MetaUtils.convertStringToJAXB(extended);
configElt = (obj instanceof EntityConfigElement) ? (EntityConfigElement) obj : null;
if (configElt != null && configElt.isHosted()) {
List config = configElt.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
if (!config.isEmpty()) {
BaseConfigType bConfig = (BaseConfigType) config.iterator().next();
realm = SAML2MetaUtils.getRealmByMetaAlias(bConfig.getMetaAlias());
}
}
}
// Load the metadata if it has been provided
if (metadata != null) {
entityID = importSAML2MetaData(metaManager, realm, metadata);
}
// Load the extended metadata if it has been provided
if (configElt != null) {
metaManager.createEntityConfig(realm, configElt);
}
} catch (SAML2MetaException e) {
DEBUG.error("An error occurred while importing the SAML metadata", e);
throw new WorkflowException(e.getMessage());
} catch (JAXBException e) {
DEBUG.error("An error occurred while importing the SAML metadata", e);
throw new WorkflowException(e.getMessage());
}
String[] results = { realm, entityID };
return results;
}
Also used :
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
JAXBException(javax.xml.bind.JAXBException)
List(java.util.List)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
Example 40 with BaseConfigType
use of com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class SAML2Utils method getConfigAttributeMap.
/**
* Returns the attribute map by parsing the configured map in hosted
* provider configuration
*
* @param realm realm name.
* @param hostEntityID <code>EntityID</code> of the hosted provider.
* @return a map of local attributes configuration map.
* This map will have a key as the SAML attribute name and the value
* is the local attribute.
* @throws <code>SAML2Exception</code> if any failured.
*/
public static Map getConfigAttributeMap(String realm, String hostEntityID, String role) throws SAML2Exception {
if (realm == null) {
throw new SAML2Exception(bundle.getString("nullRealm"));
}
if (hostEntityID == null) {
throw new SAML2Exception(bundle.getString("nullHostEntityID"));
}
if (debug.messageEnabled()) {
debug.message("SAML2Utils.getConfigAttributeMap: DefaultAttrMapper: relam=" + realm + ", entity id=" + hostEntityID + ", role=" + role);
}
try {
BaseConfigType config = null;
if (role.equals(SAML2Constants.SP_ROLE)) {
config = saml2MetaManager.getSPSSOConfig(realm, hostEntityID);
} else if (role.equals(SAML2Constants.IDP_ROLE)) {
config = saml2MetaManager.getIDPSSOConfig(realm, hostEntityID);
}
if (config == null) {
if (debug.warningEnabled()) {
debug.warning("SAML2Utils.getConfigAttributeMap: configuration is not defined.");
}
return Collections.EMPTY_MAP;
}
Map<String, List<String>> attributeConfig = SAML2MetaUtils.getAttributes(config);
List<String> mappedAttributes = attributeConfig.get(SAML2Constants.ATTRIBUTE_MAP);
if (mappedAttributes == null || mappedAttributes.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("SAML2Utils.getConfigAttributeMap:Attribute map is not defined for entity: " + hostEntityID);
}
return Collections.EMPTY_MAP;
}
return getMappedAttributes(mappedAttributes);
} catch (SAML2MetaException sme) {
debug.error("SAML2Utils.getConfigAttributeMap: ", sme);
throw new SAML2Exception(sme.getMessage());
}
}
Also used :
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
ArrayList(java.util.ArrayList)
List(java.util.List)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Aggregations
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)36
List (java.util.List)31
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)25
ArrayList (java.util.ArrayList)17
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)16
Iterator (java.util.Iterator)15
HashMap (java.util.HashMap)14
Map (java.util.Map)14
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)12
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)11
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)10
SessionException (com.sun.identity.plugin.session.SessionException)7
AttributeType (com.sun.identity.saml2.jaxb.entityconfig.AttributeType)5
ConfigurationException (com.sun.identity.plugin.configuration.ConfigurationException)4
AffiliationConfigElement (com.sun.identity.saml2.jaxb.entityconfig.AffiliationConfigElement)4
IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)4
ObjectFactory (com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)4
EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)4
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)4
SessionProvider (com.sun.identity.plugin.session.SessionProvider)3
