Example 21 with IDPSSOConfigElement
use of com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.
the class ValidateSAML2 method validateIDP.
private void validateIDP() throws WorkflowException {
try {
SAML2MetaManager mm = SAML2Utils.getSAML2MetaManager();
IDPSSODescriptorElement elt = mm.getIDPSSODescriptor(realm, idpEntityId);
if (elt == null) {
Object[] param = { idpEntityId };
throw new WorkflowException("cannot.locate.idp", param);
}
if (idpMetaAlias != null) {
IDPSSOConfigElement idpConfig = mm.getIDPSSOConfig(realm, idpEntityId);
if (idpConfig == null) {
Object[] param = { idpEntityId };
throw new WorkflowException("cannot.locate.idp", param);
} else {
if (!idpConfig.getMetaAlias().equals(idpMetaAlias)) {
Object[] param = { idpEntityId };
throw new WorkflowException("cannot.locate.idp", param);
}
}
}
List ssoServiceList = elt.getSingleSignOnService();
idpBaseURL = getIDPBaseURL(ssoServiceList);
if (idpBaseURL == null) {
Object[] param = { idpEntityId };
throw new WorkflowException("cannot.locate.idp.loginURL", param);
}
validateURL(idpBaseURL);
} catch (SAML2MetaException ex) {
debug.error("ValidateSAML2: Error while validating IdP", ex);
Object[] param = { idpEntityId };
throw new WorkflowException("cannot.locate.idp", param);
}
}
Also used :
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
List(java.util.List)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Example 22 with IDPSSOConfigElement
use of com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.
the class SAML2Utils method getSAEAttrs.
/**
* Retrieves SAE related attributes from exended metadata.
*
* @param realm realm the FM provider is in
* @param entityId the entity ID of the FM provider
* @param role Role of the FM provider
* @param appUrl application url
* @return Map containing SAE parameters or null in case of error.
*/
public static Map getSAEAttrs(String realm, String entityId, String role, String appUrl) {
if (appUrl == null || appUrl.length() == 0) {
return null;
}
try {
IDPSSOConfigElement idpConfig = null;
SPSSOConfigElement spConfig = null;
Map attrs = null;
if (role.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
spConfig = saml2MetaManager.getSPSSOConfig(realm, entityId);
if (spConfig == null) {
return null;
}
attrs = SAML2MetaUtils.getAttributes(spConfig);
} else {
idpConfig = saml2MetaManager.getIDPSSOConfig(realm, entityId);
if (idpConfig == null) {
debug.message("SAML2Utils.getSAEAttrs: idpconfig is null");
return null;
}
attrs = SAML2MetaUtils.getAttributes(idpConfig);
}
if (attrs == null) {
debug.message("SAML2Utils.getSAEAttrs: no extended attrs");
return null;
}
List values = (List) attrs.get(SAML2Constants.SAE_APP_SECRET_LIST);
if (values != null && values.size() != 0) {
Iterator iter = values.iterator();
while (iter.hasNext()) {
String value = (String) iter.next();
if (debug.messageEnabled()) {
debug.message("SAML2Utils.getSAEAttrs: value=" + value);
}
StringTokenizer st = new StringTokenizer(value, "|");
HashMap hp = null;
while (st.hasMoreTokens()) {
String tok = st.nextToken();
int idx = tok.indexOf("=");
String name = tok.substring(0, idx);
String val = tok.substring(idx + 1, tok.length());
if (debug.messageEnabled()) {
debug.message("SAML2Utils.getSAEAttrs: tok:name=" + name + " val=" + val);
}
if (SAML2Constants.SAE_XMETA_URL.equals(name)) {
if (appUrl.startsWith(val)) {
hp = new HashMap();
} else {
break;
}
} else if (SAML2Constants.SAE_XMETA_SECRET.equals(name)) {
val = SAMLUtilsCommon.decodePassword(val);
}
hp.put(name, val);
}
if (hp != null) {
String alias = SAML2Utils.getSigningCertAlias(realm, entityId, role);
if (alias != null)
hp.put(SAML2Constants.SAE_XMETA_PKEY_ALIAS, alias);
if (debug.messageEnabled()) {
debug.message("SAML2Utils.getSAEAttrs: PKEY=" + alias + ":");
}
return hp;
}
}
}
} catch (SAML2MetaException e) {
debug.message("get SSOConfig failed:", e);
}
return null;
}
Also used :
StringTokenizer(java.util.StringTokenizer)
HashMap(java.util.HashMap)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
Iterator(java.util.Iterator)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
ArrayList(java.util.ArrayList)
List(java.util.List)
Map(java.util.Map)
HashMap(java.util.HashMap)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 23 with IDPSSOConfigElement
use of com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.
the class SAML2Utils method isDualRole.
/**
* Returns true if this entity is acting as both SP and IDP.
*
* @param hostEntityId entity ID of the hosted entity.
* @param realm the realm the entity resides.
* @return true if this entity is acting as both SP and IDP,
* false otherwise.
*/
public static boolean isDualRole(String hostEntityId, String realm) {
try {
SPSSOConfigElement spConfig = saml2MetaManager.getSPSSOConfig(realm, hostEntityId);
if (spConfig == null) {
return false;
}
IDPSSOConfigElement idpConfig = saml2MetaManager.getIDPSSOConfig(realm, hostEntityId);
return idpConfig != null;
} catch (Exception e) {
return false;
}
}
Also used :
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
IOException(java.io.IOException)
ServletException(javax.servlet.ServletException)
SessionException(com.sun.identity.plugin.session.SessionException)
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
COTException(com.sun.identity.cot.COTException)
SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)
Example 24 with IDPSSOConfigElement
use of com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.
the class SAML2MetaManager method getRoleByMetaAlias.
/**
* Returns role of an entity based on its metaAlias.
*
* @param metaAlias Meta alias of the entity.
* @return role of an entity either <code>SAML2Constants.IDP_ROLE</code>; or
* <code>SAML2Constants.SP_ROLE</code> or
* <code>SAML2Constants.UNKNOWN_ROLE</code>
* @throws SAML2MetaException if there are issues in getting the entity
* profile from the meta alias.
*/
public String getRoleByMetaAlias(String metaAlias) throws SAML2MetaException {
String role = SAML2Constants.UNKNOWN_ROLE;
String entityId = getEntityByMetaAlias(metaAlias);
if (entityId != null) {
String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
IDPSSOConfigElement idpConfig = getIDPSSOConfig(realm, entityId);
SPSSOConfigElement spConfig = getSPSSOConfig(realm, entityId);
XACMLPDPConfigElement pdpConfig = getPolicyDecisionPointConfig(realm, entityId);
XACMLAuthzDecisionQueryConfigElement pepConfig = getPolicyEnforcementPointConfig(realm, entityId);
if (idpConfig != null) {
String m = idpConfig.getMetaAlias();
if ((m != null) && m.equals(metaAlias)) {
role = SAML2Constants.IDP_ROLE;
}
} else if (spConfig != null) {
String m = spConfig.getMetaAlias();
if ((m != null) && m.equals(metaAlias)) {
role = SAML2Constants.SP_ROLE;
}
} else if (pdpConfig != null) {
String m = pdpConfig.getMetaAlias();
if ((m != null) && m.equals(metaAlias)) {
role = SAML2Constants.PDP_ROLE;
}
} else if (pepConfig != null) {
String m = pepConfig.getMetaAlias();
if ((m != null) && m.equals(metaAlias)) {
role = SAML2Constants.PEP_ROLE;
}
}
}
return role;
}
Also used :
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
XACMLPDPConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
XACMLAuthzDecisionQueryConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement)
Example 25 with IDPSSOConfigElement
use of com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.
the class IDPProxyUtil method sendIDPInitProxyLogoutRequest.
public static void sendIDPInitProxyLogoutRequest(HttpServletRequest request, HttpServletResponse response, PrintWriter out, LogoutResponse logoutResponse, String location, String spEntityID, String idpEntityID, String binding, String realm) throws SAML2Exception {
String logoutAll = request.getParameter(SAML2Constants.LOGOUT_ALL);
HashMap paramsMap = new HashMap();
IDPSSOConfigElement config = sm.getIDPSSOConfig(realm, spEntityID);
paramsMap.put("metaAlias", config.getMetaAlias());
paramsMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE);
paramsMap.put(SAML2Constants.BINDING, SAML2Constants.HTTP_REDIRECT);
paramsMap.put("Destination", request.getParameter("Destination"));
paramsMap.put("Consent", request.getParameter("Consent"));
paramsMap.put("Extension", request.getParameter("Extension"));
Map logoutResponseMap = new HashMap();
if (logoutResponse != null) {
logoutResponseMap.put("LogoutResponse", logoutResponse);
}
if (location != null && !location.equals("")) {
logoutResponseMap.put("Location", location);
}
if (spEntityID != null && !spEntityID.equals("")) {
logoutResponseMap.put("spEntityID", spEntityID);
}
if (idpEntityID != null && !idpEntityID.equals("")) {
logoutResponseMap.put("idpEntityID", idpEntityID);
}
paramsMap.put("LogoutMap", logoutResponseMap);
if (logoutAll != null) {
paramsMap.put(SAML2Constants.LOGOUT_ALL, logoutAll);
}
IDPSingleLogout.initiateLogoutRequest(request, response, out, binding, paramsMap);
/*TODO:
if (binding.equalsIgnoreCase(SAML2Constants.SOAP)) {
if (RelayState != null) {
response.sendRedirect(RelayState);
} else {
%>
<jsp:forward
page="/saml2/jsp/default.jsp?message=idpSloSuccess" />
<%
}
}
*/
}
Also used :
HashMap(java.util.HashMap)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
Map(java.util.Map)
HashMap(java.util.HashMap)
Aggregations
IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)27
List (java.util.List)17
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)16
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)11
ArrayList (java.util.ArrayList)11
HashMap (java.util.HashMap)9
Map (java.util.Map)9
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)7
SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)7
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)7
Iterator (java.util.Iterator)7
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)6
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)5
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)4
COTException (com.sun.identity.cot.COTException)3
SessionException (com.sun.identity.plugin.session.SessionException)3
NameID (com.sun.identity.saml2.assertion.NameID)3
DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)2
EncryptedID (com.sun.identity.saml2.assertion.EncryptedID)2
XACMLAuthzDecisionQueryConfigElement (com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement)2
