Examples with IDPSSOConfigElement com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement used on opensource projects

Example 11 with IDPSSOConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method getExtendedIdentityProviderAttributes.

/**
     * Returns a map with extended identity provider attributes and values.
     *
     * @param realm to which the entity belongs.
     * @param entityName is the entity id.
     * @return Map with extended attribute values of Identity Provider.
     * @throws AMConsoleException if unable to retrieve the Identity Provider
     *     attrubutes based on the realm and entityName passed.
     */
public Map<String, List<String>> getExtendedIdentityProviderAttributes(String realm, String entityName) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "IDP-Extended" };
    logEvent("ATTEMPT_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
    Map<String, List<String>> map = null;
    IDPSSOConfigElement idpssoConfig = null;
    try {
        SAML2MetaManager samlManager = getSAML2MetaManager();
        idpssoConfig = samlManager.getIDPSSOConfig(realm, entityName);
        if (idpssoConfig != null) {
            BaseConfigType baseConfig = (BaseConfigType) idpssoConfig;
            map = SAML2MetaUtils.getAttributes(baseConfig);
        }
        logEvent("SUCCEED_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
    } catch (SAML2MetaException e) {
        debug.warning("SAMLv2ModelImpl.getExtIdentityProviderAttributes:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "IDP-Extended", strError };
        logEvent("FEDERATION_EXCEPTION_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", paramsEx);
        throw new AMConsoleException(strError);
    }
    return (map != null) ? map : Collections.EMPTY_MAP;
}

Example 12 with IDPSSOConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method getMetaalias.

/**
     * Returns the metaAlias of the entity.
     *
     * @param realm to which the entity belongs.
     * @param entityName is the entity id.
     * @param role the Role of entity.
     * @return the metaAlias of the entity.
     * @throws AMConsoleException if unable to retrieve metaAlias.
     */
public String getMetaalias(String realm, String entityName, String role) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "Extended" };
    logEvent("ATTEMPT_GET_METAALIAS", params);
    String metaAlias = null;
    IDPSSOConfigElement idpssoConfig = null;
    SPSSOConfigElement spssoConfig = null;
    try {
        SAML2MetaManager samlManager = getSAML2MetaManager();
        if (role.equals(EntityModel.IDENTITY_PROVIDER)) {
            idpssoConfig = samlManager.getIDPSSOConfig(realm, entityName);
            if (idpssoConfig != null) {
                BaseConfigType baseConfig = (BaseConfigType) idpssoConfig;
                metaAlias = baseConfig.getMetaAlias();
            }
        } else if (role.equals(EntityModel.SERVICE_PROVIDER)) {
            spssoConfig = samlManager.getSPSSOConfig(realm, entityName);
            if (spssoConfig != null) {
                BaseConfigType baseConfig = (BaseConfigType) spssoConfig;
                metaAlias = baseConfig.getMetaAlias();
            }
        }
        logEvent("SUCCEED_GET_METAALIAS", params);
    } catch (SAML2MetaException e) {
        debug.warning("SAMLv2ModelImpl.getMetaalias:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "Extended", strError };
        logEvent("FEDERATION_EXCEPTION_GET_METAALIAS", paramsEx);
        throw new AMConsoleException(strError);
    }
    return metaAlias;
}

Example 13 with IDPSSOConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method updateIDPAuthenticationContexts.

/**
     * update IDP Authentication Contexts
     *
     * @param realm Realm of Entity
     * @param entityName Name of Entity Descriptor.
     * @param cxt SAMLv2AuthContexts object contains IDP
     *        Authentication Contexts values
     * @throws AMConsoleException if fails to update IDP
     *         Authentication Contexts.
     */
public void updateIDPAuthenticationContexts(String realm, String entityName, SAMLv2AuthContexts cxt) throws AMConsoleException {
    List list = cxt.toIDPAuthContextInfo();
    String[] params = { realm, entityName, "SAMLv2", "IDP-updateIDPAuthenticationContexts" };
    logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
    try {
        SAML2MetaManager saml2MetaManager = getSAML2MetaManager();
        EntityConfigElement entityConfig = saml2MetaManager.getEntityConfig(realm, entityName);
        if (entityConfig == null) {
            throw new AMConsoleException("invalid.entity.name");
        }
        IDPSSOConfigElement idpDecConfigElement = saml2MetaManager.getIDPSSOConfig(realm, entityName);
        if (idpDecConfigElement == null) {
            throw new AMConsoleException("invalid.config.element");
        } else {
            updateBaseConfig(idpDecConfigElement, IDP_AUTHN_CONTEXT_CLASS_REF_MAPPING, list);
        }
        //saves the attributes by passing the new entityConfig object
        saml2MetaManager.setEntityConfig(realm, entityConfig);
        logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
    } catch (SAML2MetaException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "IDP-updateIDPAuthenticationContexts", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
        throw new AMConsoleException(strError);
    }
    return;
}

Example 14 with IDPSSOConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.

the class SAML2SingleLogoutHandler method findIDPMetaAlias.

/**
     * Returns the SAML2 IDP metaAlis which is in the same COT as the initiation
     * IDP and SP. Return null if such SAML2 IDP does not exist or exception
     * occurs.
     */
private String findIDPMetaAlias(String idpEntityID, String spEntityID, String realm, String protocol, SAML2MetaManager saml2Manager) {
    try {
        List hostedIdps = saml2Manager.getAllHostedIdentityProviderEntities(realm);
        if (debug.messageEnabled()) {
            debug.message("SAML2SingleLogoutHandler.findIDPMetaAlias: " + " all hosted SAML2 IDPs = " + hostedIdps);
        }
        if ((hostedIdps == null) || hostedIdps.isEmpty()) {
            return null;
        }
        CircleOfTrustManager cotManager = new CircleOfTrustManager();
        Set cots = cotManager.getAllActiveCirclesOfTrust(realm);
        int num = hostedIdps.size();
        for (int i = 0; i < num; i++) {
            String idpId = (String) hostedIdps.get(i);
            Iterator it = cots.iterator();
            while (it.hasNext()) {
                String cotName = (String) it.next();
                if (debug.messageEnabled()) {
                    debug.message("SAML2SLOHandler.findIDPMetaAlias: " + " check COT = " + cotName);
                }
                // check if this cot contains all entities
                Set providers = cotManager.listCircleOfTrustMember(realm, cotName, SingleLogoutManager.SAML2);
                if ((providers == null) || !providers.contains(idpId)) {
                    continue;
                }
                providers = cotManager.listCircleOfTrustMember(realm, cotName, protocol);
                if ((providers == null) || !providers.contains(idpEntityID)) {
                    continue;
                }
                if ((spEntityID != null) && (spEntityID.length() != 0) && !providers.contains(spEntityID)) {
                    continue;
                }
                // but just stop here right now.
                if (SingleLogoutManager.debug.messageEnabled()) {
                    SingleLogoutManager.debug.message("SAML2SingleLogoutHandler.findIDPMetaAlias : " + "found IDP " + idpId + " in COT " + cotName);
                }
                IDPSSOConfigElement config = saml2Manager.getIDPSSOConfig(realm, idpId);
                return config.getMetaAlias();
            }
        }
    } catch (Exception e) {
        SingleLogoutManager.debug.error("SAML2SingleLogoutHandler." + "findIDPMetaAlias", e);
    }
    return null;
}

Example 15 with IDPSSOConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.

the class AttributeQueryUtil method getIdentity.

public static String getIdentity(AttributeQuery attrQuery, String attrAuthorityEntityID, String realm) throws SAML2Exception {
    Subject subject = attrQuery.getSubject();
    NameID nameID = null;
    EncryptedID encryptedID = subject.getEncryptedID();
    if (encryptedID != null) {
        nameID = encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE));
    } else {
        nameID = subject.getNameID();
    }
    String nameIDFormat = nameID.getFormat();
    // NameIDFormat is "transient"
    if (SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(nameIDFormat)) {
        return (String) IDPCache.userIDByTransientNameIDValue.get(nameID.getValue());
    } else // NameIDFormat is "unspecified"
    if (SAML2Constants.UNSPECIFIED.equals(nameIDFormat)) {
        Map userIDsSearchMap = new HashMap();
        Set userIDValuesSet = new HashSet();
        userIDValuesSet.add(nameID.getValue());
        String userId = "uid";
        IDPSSOConfigElement config = SAML2Utils.getSAML2MetaManager().getIDPSSOConfig(realm, attrAuthorityEntityID);
        Map attrs = SAML2MetaUtils.getAttributes(config);
        List nimAttrs = (List) attrs.get(SAML2Constants.NAME_ID_FORMAT_MAP);
        for (Iterator i = nimAttrs.iterator(); i.hasNext(); ) {
            String attrName = (String) i.next();
            if (attrName != null && attrName.length() > 2 && attrName.startsWith(nameIDFormat)) {
                int eqPos = attrName.indexOf('=');
                if (eqPos != -1 && eqPos < attrName.length() - 2) {
                    userId = attrName.substring(eqPos + 1);
                    SAML2Utils.debug.message("AttributeQueryUtil.getIdentity: NameID attribute from map: " + userId);
                    break;
                }
            }
        }
        userIDsSearchMap.put(userId, userIDValuesSet);
        try {
            return dsProvider.getUserID(realm, userIDsSearchMap);
        } catch (DataStoreProviderException dse) {
            SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStore1:", dse);
            throw new SAML2Exception(dse.getMessage());
        }
    } else {
        String requestedEntityID = attrQuery.getIssuer().getValue();
        try {
            return dsProvider.getUserID(realm, SAML2Utils.getNameIDKeyMap(nameID, attrAuthorityEntityID, requestedEntityID, realm, SAML2Constants.IDP_ROLE));
        } catch (DataStoreProviderException dse) {
            SAML2Utils.debug.error("AttributeQueryUtil.getIdentityFromDataStore:", dse);
            throw new SAML2Exception(dse.getMessage());
        }
    }
}