use of com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement in project OpenAM by OpenRock.
the class ValidateSAML2 method validateSP.
private void validateSP() throws WorkflowException {
try {
SAML2MetaManager mm = SAML2Utils.getSAML2MetaManager();
SPSSODescriptorElement elt = mm.getSPSSODescriptor(realm, spEntityId);
if (elt == null) {
Object[] param = { spEntityId };
throw new WorkflowException("cannot.locate.sp", param);
}
if (spMetaAlias != null) {
SPSSOConfigElement spConfig = mm.getSPSSOConfig(realm, spEntityId);
if (spConfig == null) {
Object[] param = { spEntityId };
throw new WorkflowException("cannot.locate.sp", param);
} else {
if (!spConfig.getMetaAlias().equals(spMetaAlias)) {
Object[] param = { spEntityId };
throw new WorkflowException("cannot.locate.sp", param);
}
}
}
List sloServiceList = elt.getSingleLogoutService();
spBaseURL = getSPBaseURL(sloServiceList);
if (spBaseURL == null) {
bFedlet = true;
} else {
validateURL(spBaseURL);
}
} catch (SAML2MetaException ex) {
debug.error("ValidateSAML2: Error while validating SP", ex);
Object[] param = { spEntityId };
throw new WorkflowException("cannot.locate.sp", param);
}
}
use of com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement in project OpenAM by OpenRock.
the class SAML2Utils method getSAEAttrs.
/**
* Retrieves SAE related attributes from exended metadata.
*
* @param realm realm the FM provider is in
* @param entityId the entity ID of the FM provider
* @param role Role of the FM provider
* @param appUrl application url
* @return Map containing SAE parameters or null in case of error.
*/
public static Map getSAEAttrs(String realm, String entityId, String role, String appUrl) {
if (appUrl == null || appUrl.length() == 0) {
return null;
}
try {
IDPSSOConfigElement idpConfig = null;
SPSSOConfigElement spConfig = null;
Map attrs = null;
if (role.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
spConfig = saml2MetaManager.getSPSSOConfig(realm, entityId);
if (spConfig == null) {
return null;
}
attrs = SAML2MetaUtils.getAttributes(spConfig);
} else {
idpConfig = saml2MetaManager.getIDPSSOConfig(realm, entityId);
if (idpConfig == null) {
debug.message("SAML2Utils.getSAEAttrs: idpconfig is null");
return null;
}
attrs = SAML2MetaUtils.getAttributes(idpConfig);
}
if (attrs == null) {
debug.message("SAML2Utils.getSAEAttrs: no extended attrs");
return null;
}
List values = (List) attrs.get(SAML2Constants.SAE_APP_SECRET_LIST);
if (values != null && values.size() != 0) {
Iterator iter = values.iterator();
while (iter.hasNext()) {
String value = (String) iter.next();
if (debug.messageEnabled()) {
debug.message("SAML2Utils.getSAEAttrs: value=" + value);
}
StringTokenizer st = new StringTokenizer(value, "|");
HashMap hp = null;
while (st.hasMoreTokens()) {
String tok = st.nextToken();
int idx = tok.indexOf("=");
String name = tok.substring(0, idx);
String val = tok.substring(idx + 1, tok.length());
if (debug.messageEnabled()) {
debug.message("SAML2Utils.getSAEAttrs: tok:name=" + name + " val=" + val);
}
if (SAML2Constants.SAE_XMETA_URL.equals(name)) {
if (appUrl.startsWith(val)) {
hp = new HashMap();
} else {
break;
}
} else if (SAML2Constants.SAE_XMETA_SECRET.equals(name)) {
val = SAMLUtilsCommon.decodePassword(val);
}
hp.put(name, val);
}
if (hp != null) {
String alias = SAML2Utils.getSigningCertAlias(realm, entityId, role);
if (alias != null)
hp.put(SAML2Constants.SAE_XMETA_PKEY_ALIAS, alias);
if (debug.messageEnabled()) {
debug.message("SAML2Utils.getSAEAttrs: PKEY=" + alias + ":");
}
return hp;
}
}
}
} catch (SAML2MetaException e) {
debug.message("get SSOConfig failed:", e);
}
return null;
}
use of com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement in project OpenAM by OpenRock.
the class SAML2Utils method isDualRole.
/**
* Returns true if this entity is acting as both SP and IDP.
*
* @param hostEntityId entity ID of the hosted entity.
* @param realm the realm the entity resides.
* @return true if this entity is acting as both SP and IDP,
* false otherwise.
*/
public static boolean isDualRole(String hostEntityId, String realm) {
try {
SPSSOConfigElement spConfig = saml2MetaManager.getSPSSOConfig(realm, hostEntityId);
if (spConfig == null) {
return false;
}
IDPSSOConfigElement idpConfig = saml2MetaManager.getIDPSSOConfig(realm, hostEntityId);
return idpConfig != null;
} catch (Exception e) {
return false;
}
}
use of com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement in project OpenAM by OpenRock.
the class SAML2Utils method getReaderURL.
public static String getReaderURL(String spMetaAlias) {
// get spExtended
String classMethod = "SAML2Utils:getReaderURL:";
String readerURL = null;
try {
String realm = SAML2MetaUtils.getRealmByMetaAlias(spMetaAlias);
String spEntityID = saml2MetaManager.getEntityByMetaAlias(spMetaAlias);
if (debug.messageEnabled()) {
debug.message(classMethod + "metaAlias is :" + spMetaAlias);
debug.message(classMethod + "Realm is :" + realm);
debug.message(classMethod + "spEntityID is :" + spEntityID);
}
SPSSOConfigElement spEntityCfg = saml2MetaManager.getSPSSOConfig(realm, spEntityID);
Map spConfigAttrsMap = null;
if (spEntityCfg != null) {
spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg);
List cotList = (List) spConfigAttrsMap.get("cotlist");
String cotListStr = (String) cotList.iterator().next();
CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, cotListStr);
readerURL = cotDesc.getSAML2ReaderServiceURL();
}
} catch (COTException ce) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Error retreiving circle of trust", ce);
}
} catch (SAML2Exception s2e) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Error getting reader URL : ", s2e);
}
} catch (Exception e) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Error getting reader URL : ", e);
}
}
return readerURL;
}
use of com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement in project OpenAM by OpenRock.
the class SAML2MetaManager method getRoleByMetaAlias.
/**
* Returns role of an entity based on its metaAlias.
*
* @param metaAlias Meta alias of the entity.
* @return role of an entity either <code>SAML2Constants.IDP_ROLE</code>; or
* <code>SAML2Constants.SP_ROLE</code> or
* <code>SAML2Constants.UNKNOWN_ROLE</code>
* @throws SAML2MetaException if there are issues in getting the entity
* profile from the meta alias.
*/
public String getRoleByMetaAlias(String metaAlias) throws SAML2MetaException {
String role = SAML2Constants.UNKNOWN_ROLE;
String entityId = getEntityByMetaAlias(metaAlias);
if (entityId != null) {
String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
IDPSSOConfigElement idpConfig = getIDPSSOConfig(realm, entityId);
SPSSOConfigElement spConfig = getSPSSOConfig(realm, entityId);
XACMLPDPConfigElement pdpConfig = getPolicyDecisionPointConfig(realm, entityId);
XACMLAuthzDecisionQueryConfigElement pepConfig = getPolicyEnforcementPointConfig(realm, entityId);
if (idpConfig != null) {
String m = idpConfig.getMetaAlias();
if ((m != null) && m.equals(metaAlias)) {
role = SAML2Constants.IDP_ROLE;
}
} else if (spConfig != null) {
String m = spConfig.getMetaAlias();
if ((m != null) && m.equals(metaAlias)) {
role = SAML2Constants.SP_ROLE;
}
} else if (pdpConfig != null) {
String m = pdpConfig.getMetaAlias();
if ((m != null) && m.equals(metaAlias)) {
role = SAML2Constants.PDP_ROLE;
}
} else if (pepConfig != null) {
String m = pepConfig.getMetaAlias();
if ((m != null) && m.equals(metaAlias)) {
role = SAML2Constants.PEP_ROLE;
}
}
}
return role;
}
Aggregations