Examples with IDPSSOConfigElement com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement used on opensource projects

Search in sources :

Example 6 with IDPSSOConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.

the class SAML2MetaManager method isTrustedProvider.

/**
     * Determines whether two entities are in the same circle of trust
     * under the realm.
     * @param realm The realm under which the entity resides.
     * @param entityId The ID of the entity
     * @param trustedEntityId The ID of the entity 
     * @throws SAML2MetaException if unable to determine the trusted
     *         relationship.
     */
public boolean isTrustedProvider(String realm, String entityId, String trustedEntityId) throws SAML2MetaException {
    boolean result = false;
    SPSSOConfigElement spconfig = getSPSSOConfig(realm, entityId);
    if (spconfig != null) {
        result = isSameCircleOfTrust(spconfig, realm, trustedEntityId);
    }
    if (result) {
        return true;
    }
    IDPSSOConfigElement idpconfig = getIDPSSOConfig(realm, entityId);
    if (idpconfig != null) {
        return (isSameCircleOfTrust(idpconfig, realm, trustedEntityId));
    }
    return false;
}
Also used : SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)

Example 7 with IDPSSOConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.

the class SPACSUtils method getResponseFromArtifact.

// Retrieves response using artifact profile.
private static Response getResponseFromArtifact(String samlArt, String hostEntityId, HttpServletRequest request, HttpServletResponse response, String orgName, SAML2MetaManager sm) throws SAML2Exception, IOException {
    // decide which IDP and which artifact resolution service
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message("SPACSUtils.getResponseFromArtifact: " + "samlArt = " + samlArt);
    }
    Artifact art = null;
    try {
        art = ProtocolFactory.getInstance().createArtifact(samlArt.trim());
        String[] data = { samlArt.trim() };
        LogUtil.access(Level.INFO, LogUtil.RECEIVED_ARTIFACT, data, null);
    } catch (SAML2Exception se) {
        SAML2Utils.debug.error("SPACSUtils.getResponseFromArtifact: " + "Unable to decode and parse artifact string:" + samlArt);
        SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "errorObtainArtifact", SAML2Utils.bundle.getString("errorObtainArtifact"));
        throw se;
    }
    String idpEntityID = getIDPEntityID(art, request, response, orgName, sm);
    IDPSSODescriptorElement idp = null;
    try {
        idp = sm.getIDPSSODescriptor(orgName, idpEntityID);
    } catch (SAML2MetaException se) {
        String[] data = { orgName, idpEntityID };
        LogUtil.error(Level.INFO, LogUtil.IDP_META_NOT_FOUND, data, null);
        SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "failedToGetIDPSSODescriptor", se.getMessage());
        throw se;
    }
    String location = getIDPArtifactResolutionServiceUrl(art.getEndpointIndex(), idpEntityID, idp, request, response);
    // create ArtifactResolve message
    ArtifactResolve resolve = null;
    SOAPMessage resMsg = null;
    try {
        resolve = ProtocolFactory.getInstance().createArtifactResolve();
        resolve.setID(SAML2Utils.generateID());
        resolve.setVersion(SAML2Constants.VERSION_2_0);
        resolve.setIssueInstant(new Date());
        resolve.setArtifact(art);
        resolve.setDestination(XMLUtils.escapeSpecialCharacters(location));
        Issuer issuer = AssertionFactory.getInstance().createIssuer();
        issuer.setValue(hostEntityId);
        resolve.setIssuer(issuer);
        String needArtiResolveSigned = SAML2Utils.getAttributeValueFromSSOConfig(orgName, idpEntityID, SAML2Constants.IDP_ROLE, SAML2Constants.WANT_ARTIFACT_RESOLVE_SIGNED);
        if (needArtiResolveSigned != null && needArtiResolveSigned.equals("true")) {
            // or save it somewhere?
            String signAlias = getAttributeValueFromSPSSOConfig(orgName, hostEntityId, sm, SAML2Constants.SIGNING_CERT_ALIAS);
            if (signAlias == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
            }
            KeyProvider kp = KeyUtil.getKeyProviderInstance();
            if (kp == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("nullKeyProvider"));
            }
            resolve.sign(kp.getPrivateKey(signAlias), kp.getX509Certificate(signAlias));
        }
        String resolveString = resolve.toXMLString(true, true);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPACSUtils.getResponseFromArtifact: " + "ArtifactResolve=" + resolveString);
        }
        SOAPConnection con = SOAPCommunicator.getInstance().openSOAPConnection();
        SOAPMessage msg = SOAPCommunicator.getInstance().createSOAPMessage(resolveString, true);
        IDPSSOConfigElement config = null;
        config = sm.getIDPSSOConfig(orgName, idpEntityID);
        location = SAML2Utils.fillInBasicAuthInfo(config, location);
        resMsg = con.call(msg, location);
    } catch (SAML2Exception s2e) {
        SAML2Utils.debug.error("SPACSUtils.getResponseFromArtifact: " + "couldn't create ArtifactResolve:", s2e);
        String[] data = { hostEntityId, art.getArtifactValue() };
        LogUtil.error(Level.INFO, LogUtil.CANNOT_CREATE_ARTIFACT_RESOLVE, data, null);
        SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "errorCreateArtifactResolve", SAML2Utils.bundle.getString("errorCreateArtifactResolve"));
        throw s2e;
    } catch (SOAPException se) {
        SAML2Utils.debug.error("SPACSUtils.getResponseFromGet: " + "couldn't get ArtifactResponse. SOAP error:", se);
        String[] data = { hostEntityId, location };
        LogUtil.error(Level.INFO, LogUtil.CANNOT_GET_SOAP_RESPONSE, data, null);
        SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "errorInSOAPCommunication", SAML2Utils.bundle.getString("errorInSOAPCommunication"));
        throw new SAML2Exception(se.getMessage());
    }
    Response result = getResponseFromSOAP(resMsg, resolve, request, response, idpEntityID, idp, orgName, hostEntityId, sm);
    String[] data = { hostEntityId, idpEntityID, art.getArtifactValue(), "" };
    if (LogUtil.isAccessLoggable(Level.FINE)) {
        data[3] = result.toXMLString();
    }
    LogUtil.access(Level.INFO, LogUtil.GOT_RESPONSE_FROM_ARTIFACT, data, null);
    return result;
}
Also used : KeyProvider(com.sun.identity.saml.xmlsig.KeyProvider) Issuer(com.sun.identity.saml2.assertion.Issuer) SOAPConnection(javax.xml.soap.SOAPConnection) IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement) SOAPMessage(javax.xml.soap.SOAPMessage) Artifact(com.sun.identity.saml2.protocol.Artifact) Date(java.util.Date) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Response(com.sun.identity.saml2.protocol.Response) ArtifactResponse(com.sun.identity.saml2.protocol.ArtifactResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) ArtifactResolve(com.sun.identity.saml2.protocol.ArtifactResolve) SOAPException(javax.xml.soap.SOAPException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)

Example 8 with IDPSSOConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.

the class SPSingleLogout method prepareForLogout.

private static String prepareForLogout(String realm, String tokenID, String metaAlias, List extensionsList, String binding, String relayState, HttpServletRequest request, HttpServletResponse response, Map paramsMap, String infoKeyString, LogoutRequest origLogoutRequest, SOAPMessage msg) throws SAML2Exception, SessionException {
    NameIDInfoKey nameIdInfoKey = NameIDInfoKey.parse(infoKeyString);
    String sessionIndex = null;
    NameID nameID = null;
    if (SPCache.isFedlet) {
        sessionIndex = SAML2Utils.getParameter(paramsMap, SAML2Constants.SESSION_INDEX);
        nameID = AssertionFactory.getInstance().createNameID();
        nameID.setValue(nameIdInfoKey.getNameIDValue());
        nameID.setFormat(SAML2Constants.NAMEID_TRANSIENT_FORMAT);
        nameID.setNameQualifier(nameIdInfoKey.getRemoteEntityID());
        nameID.setSPNameQualifier(nameIdInfoKey.getHostEntityID());
    } else {
        SPFedSession fedSession = null;
        List list = (List) SPCache.fedSessionListsByNameIDInfoKey.get(infoKeyString);
        if (list != null) {
            synchronized (list) {
                ListIterator iter = list.listIterator();
                while (iter.hasNext()) {
                    fedSession = (SPFedSession) iter.next();
                    if (tokenID.equals(fedSession.spTokenID)) {
                        iter.remove();
                        if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
                            saml2Svc.setFedSessionCount((long) SPCache.fedSessionListsByNameIDInfoKey.size());
                        }
                        if (list.size() == 0) {
                            SPCache.fedSessionListsByNameIDInfoKey.remove(infoKeyString);
                        }
                        break;
                    }
                    fedSession = null;
                }
            }
        }
        if (fedSession == null) {
            // just do local logout
            if (debug.messageEnabled()) {
                debug.message("No session partner, just do local logout.");
            }
            return null;
        }
        sessionIndex = fedSession.idpSessionIndex;
        nameID = fedSession.info.getNameID();
    }
    // get IDPSSODescriptor
    IDPSSODescriptorElement idpsso = sm.getIDPSSODescriptor(realm, nameIdInfoKey.getRemoteEntityID());
    if (idpsso == null) {
        String[] data = { nameIdInfoKey.getRemoteEntityID() };
        LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, data, null);
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    }
    List slosList = idpsso.getSingleLogoutService();
    if (slosList == null) {
        String[] data = { nameIdInfoKey.getRemoteEntityID() };
        LogUtil.error(Level.INFO, LogUtil.SLO_NOT_FOUND, data, null);
        throw new SAML2Exception(SAML2Utils.bundle.getString("sloServiceListNotfound"));
    }
    // get IDP entity config in case of SOAP, for basic auth info
    IDPSSOConfigElement idpConfig = null;
    if (binding.equals(SAML2Constants.SOAP)) {
        idpConfig = sm.getIDPSSOConfig(realm, nameIdInfoKey.getRemoteEntityID());
    }
    StringBuffer requestID = LogoutUtil.doLogout(metaAlias, nameIdInfoKey.getRemoteEntityID(), slosList, extensionsList, binding, relayState, sessionIndex, nameID, request, response, paramsMap, idpConfig);
    String requestIDStr = requestID.toString();
    if (debug.messageEnabled()) {
        debug.message("\nSPSLO.requestIDStr = " + requestIDStr + "\nbinding = " + binding);
    }
    if ((requestIDStr != null) && (requestIDStr.length() != 0) && (binding.equals(SAML2Constants.HTTP_REDIRECT) || binding.equals(SAML2Constants.HTTP_POST)) && (origLogoutRequest != null)) {
        IDPCache.proxySPLogoutReqCache.put(requestIDStr, origLogoutRequest);
    } else if ((requestIDStr != null) && (requestIDStr.length() != 0) && binding.equals(SAML2Constants.SOAP) && (msg != null)) {
        IDPCache.SOAPMessageByLogoutRequestID.put(requestIDStr, msg);
    }
    return requestIDStr;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) NameID(com.sun.identity.saml2.assertion.NameID) List(java.util.List) ArrayList(java.util.ArrayList) IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement) ListIterator(java.util.ListIterator) NameIDInfoKey(com.sun.identity.saml2.common.NameIDInfoKey) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)

Example 9 with IDPSSOConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.

the class ConfigureGoogleApps method updateIDPMeta.

private void updateIDPMeta(String realm, String entityId) throws WorkflowException {
    try {
        SAML2MetaManager samlManager = new SAML2MetaManager();
        EntityConfigElement entityConfig = samlManager.getEntityConfig(realm, entityId);
        IDPSSOConfigElement idpssoConfig = samlManager.getIDPSSOConfig(realm, entityId);
        List attrList = idpssoConfig.getAttribute();
        if (idpssoConfig != null) {
            for (Iterator it = attrList.iterator(); it.hasNext(); ) {
                AttributeElement avpnew = (AttributeElement) it.next();
                String name = avpnew.getName();
                if (name.equals("nameIDFormatMap")) {
                    for (Iterator itt = avpnew.getValue().listIterator(); itt.hasNext(); ) {
                        String temp = (String) itt.next();
                        if (temp.contains("unspecified")) {
                            itt.remove();
                        }
                    }
                    avpnew.getValue().add(0, nameidMapping);
                }
            }
        }
        samlManager.setEntityConfig(realm, entityConfig);
    } catch (SAML2MetaException e) {
        throw new WorkflowException(e.getMessage());
    }
}
Also used : Iterator(java.util.Iterator) IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement) List(java.util.List) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) AttributeElement(com.sun.identity.saml2.jaxb.entityconfig.AttributeElement) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)

Example 10 with IDPSSOConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.

the class CreateHostedIDP method execute.

/**
     * Creates hosted identity provider.
     *
     * @param locale Locale of the Request
     * @param params Map of creation parameters.
     */
public String execute(Locale locale, Map params) throws WorkflowException {
    validateParameters(params);
    String metadataFile = getString(params, ParameterKeys.P_META_DATA);
    boolean hasMetaData = (metadataFile != null) && (metadataFile.trim().length() > 0);
    String metadata = null;
    String extendedData = null;
    if (hasMetaData) {
        String extendedDataFile = getString(params, ParameterKeys.P_EXTENDED_DATA);
        metadata = getContent(metadataFile, locale);
        extendedData = getContent(extendedDataFile, locale);
    } else {
        String entityId = getString(params, ParameterKeys.P_ENTITY_ID);
        String metaAlias = generateMetaAliasForIDP(getString(params, ParameterKeys.P_REALM));
        Map map = new HashMap();
        map.put(MetaTemplateParameters.P_IDP, metaAlias);
        map.put(MetaTemplateParameters.P_IDP_E_CERT, getString(params, ParameterKeys.P_IDP_E_CERT));
        map.put(MetaTemplateParameters.P_IDP_S_CERT, getString(params, ParameterKeys.P_IDP_S_CERT));
        try {
            metadata = CreateSAML2HostedProviderTemplate.buildMetaDataTemplate(entityId, map, getRequestURL(params));
            extendedData = CreateSAML2HostedProviderTemplate.createExtendedDataTemplate(entityId, map, getRequestURL(params));
        } catch (SAML2MetaException e) {
            return e.getMessage();
        }
    }
    String[] results = ImportSAML2MetaData.importData(null, metadata, extendedData);
    String realm = results[0];
    String entityId = results[1];
    String cot = getString(params, ParameterKeys.P_COT);
    if ((cot != null) && (cot.length() > 0)) {
        try {
            AddProviderToCOT.addToCOT(realm, cot, entityId);
        } catch (COTException e) {
            throw new WorkflowException(e.getMessage());
        }
    }
    try {
        List attrMapping = getAttributeMapping(params);
        if (!attrMapping.isEmpty()) {
            SAML2MetaManager manager = new SAML2MetaManager();
            EntityConfigElement config = manager.getEntityConfig(realm, entityId);
            IDPSSOConfigElement ssoConfig = manager.getIDPSSOConfig(realm, entityId);
            Map attribConfig = SAML2MetaUtils.getAttributes(ssoConfig);
            List mappedAttributes = (List) attribConfig.get(SAML2Constants.ATTRIBUTE_MAP);
            mappedAttributes.addAll(attrMapping);
            manager.setEntityConfig(realm, config);
        }
    } catch (SAML2MetaException e) {
        throw new WorkflowException(e.getMessage());
    }
    try {
        return getMessage("idp.configured", locale) + "|||realm=" + realm + "&entityId=" + URLEncoder.encode(entityId, "UTF-8");
    } catch (UnsupportedEncodingException e) {
        throw new WorkflowException(e.getMessage());
    }
}
Also used : HashMap(java.util.HashMap) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement) COTException(com.sun.identity.cot.COTException) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)

Aggregations

IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)27 List (java.util.List)17 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)16 SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)11 ArrayList (java.util.ArrayList)11 HashMap (java.util.HashMap)9 Map (java.util.Map)9 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)7 SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)7 IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)7 Iterator (java.util.Iterator)7 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)6 EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)5 BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)4 COTException (com.sun.identity.cot.COTException)3 SessionException (com.sun.identity.plugin.session.SessionException)3 NameID (com.sun.identity.saml2.assertion.NameID)3 DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)2 EncryptedID (com.sun.identity.saml2.assertion.EncryptedID)2 XACMLAuthzDecisionQueryConfigElement (com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial