Example 21 with SPSSOConfigElement
use of com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement in project OpenAM by OpenRock.
the class ValidateSAML2 method validateSP.
private void validateSP() throws WorkflowException {
try {
SAML2MetaManager mm = SAML2Utils.getSAML2MetaManager();
SPSSODescriptorElement elt = mm.getSPSSODescriptor(realm, spEntityId);
if (elt == null) {
Object[] param = { spEntityId };
throw new WorkflowException("cannot.locate.sp", param);
}
if (spMetaAlias != null) {
SPSSOConfigElement spConfig = mm.getSPSSOConfig(realm, spEntityId);
if (spConfig == null) {
Object[] param = { spEntityId };
throw new WorkflowException("cannot.locate.sp", param);
} else {
if (!spConfig.getMetaAlias().equals(spMetaAlias)) {
Object[] param = { spEntityId };
throw new WorkflowException("cannot.locate.sp", param);
}
}
}
List sloServiceList = elt.getSingleLogoutService();
spBaseURL = getSPBaseURL(sloServiceList);
if (spBaseURL == null) {
bFedlet = true;
} else {
validateURL(spBaseURL);
}
} catch (SAML2MetaException ex) {
debug.error("ValidateSAML2: Error while validating SP", ex);
Object[] param = { spEntityId };
throw new WorkflowException("cannot.locate.sp", param);
}
}
Also used :
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
List(java.util.List)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 22 with SPSSOConfigElement
use of com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement in project OpenAM by OpenRock.
the class SAML2Utils method getSAEAttrs.
/**
* Retrieves SAE related attributes from exended metadata.
*
* @param realm realm the FM provider is in
* @param entityId the entity ID of the FM provider
* @param role Role of the FM provider
* @param appUrl application url
* @return Map containing SAE parameters or null in case of error.
*/
public static Map getSAEAttrs(String realm, String entityId, String role, String appUrl) {
if (appUrl == null || appUrl.length() == 0) {
return null;
}
try {
IDPSSOConfigElement idpConfig = null;
SPSSOConfigElement spConfig = null;
Map attrs = null;
if (role.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
spConfig = saml2MetaManager.getSPSSOConfig(realm, entityId);
if (spConfig == null) {
return null;
}
attrs = SAML2MetaUtils.getAttributes(spConfig);
} else {
idpConfig = saml2MetaManager.getIDPSSOConfig(realm, entityId);
if (idpConfig == null) {
debug.message("SAML2Utils.getSAEAttrs: idpconfig is null");
return null;
}
attrs = SAML2MetaUtils.getAttributes(idpConfig);
}
if (attrs == null) {
debug.message("SAML2Utils.getSAEAttrs: no extended attrs");
return null;
}
List values = (List) attrs.get(SAML2Constants.SAE_APP_SECRET_LIST);
if (values != null && values.size() != 0) {
Iterator iter = values.iterator();
while (iter.hasNext()) {
String value = (String) iter.next();
if (debug.messageEnabled()) {
debug.message("SAML2Utils.getSAEAttrs: value=" + value);
}
StringTokenizer st = new StringTokenizer(value, "|");
HashMap hp = null;
while (st.hasMoreTokens()) {
String tok = st.nextToken();
int idx = tok.indexOf("=");
String name = tok.substring(0, idx);
String val = tok.substring(idx + 1, tok.length());
if (debug.messageEnabled()) {
debug.message("SAML2Utils.getSAEAttrs: tok:name=" + name + " val=" + val);
}
if (SAML2Constants.SAE_XMETA_URL.equals(name)) {
if (appUrl.startsWith(val)) {
hp = new HashMap();
} else {
break;
}
} else if (SAML2Constants.SAE_XMETA_SECRET.equals(name)) {
val = SAMLUtilsCommon.decodePassword(val);
}
hp.put(name, val);
}
if (hp != null) {
String alias = SAML2Utils.getSigningCertAlias(realm, entityId, role);
if (alias != null)
hp.put(SAML2Constants.SAE_XMETA_PKEY_ALIAS, alias);
if (debug.messageEnabled()) {
debug.message("SAML2Utils.getSAEAttrs: PKEY=" + alias + ":");
}
return hp;
}
}
}
} catch (SAML2MetaException e) {
debug.message("get SSOConfig failed:", e);
}
return null;
}
Also used :
StringTokenizer(java.util.StringTokenizer)
HashMap(java.util.HashMap)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
Iterator(java.util.Iterator)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
ArrayList(java.util.ArrayList)
List(java.util.List)
Map(java.util.Map)
HashMap(java.util.HashMap)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 23 with SPSSOConfigElement
use of com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement in project OpenAM by OpenRock.
the class SAML2Utils method isDualRole.
/**
* Returns true if this entity is acting as both SP and IDP.
*
* @param hostEntityId entity ID of the hosted entity.
* @param realm the realm the entity resides.
* @return true if this entity is acting as both SP and IDP,
* false otherwise.
*/
public static boolean isDualRole(String hostEntityId, String realm) {
try {
SPSSOConfigElement spConfig = saml2MetaManager.getSPSSOConfig(realm, hostEntityId);
if (spConfig == null) {
return false;
}
IDPSSOConfigElement idpConfig = saml2MetaManager.getIDPSSOConfig(realm, hostEntityId);
return idpConfig != null;
} catch (Exception e) {
return false;
}
}
Also used :
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
IOException(java.io.IOException)
ServletException(javax.servlet.ServletException)
SessionException(com.sun.identity.plugin.session.SessionException)
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
COTException(com.sun.identity.cot.COTException)
SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)
Example 24 with SPSSOConfigElement
use of com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement in project OpenAM by OpenRock.
the class SAML2Utils method getReaderURL.
public static String getReaderURL(String spMetaAlias) {
// get spExtended
String classMethod = "SAML2Utils:getReaderURL:";
String readerURL = null;
try {
String realm = SAML2MetaUtils.getRealmByMetaAlias(spMetaAlias);
String spEntityID = saml2MetaManager.getEntityByMetaAlias(spMetaAlias);
if (debug.messageEnabled()) {
debug.message(classMethod + "metaAlias is :" + spMetaAlias);
debug.message(classMethod + "Realm is :" + realm);
debug.message(classMethod + "spEntityID is :" + spEntityID);
}
SPSSOConfigElement spEntityCfg = saml2MetaManager.getSPSSOConfig(realm, spEntityID);
Map spConfigAttrsMap = null;
if (spEntityCfg != null) {
spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg);
List cotList = (List) spConfigAttrsMap.get("cotlist");
String cotListStr = (String) cotList.iterator().next();
CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, cotListStr);
readerURL = cotDesc.getSAML2ReaderServiceURL();
}
} catch (COTException ce) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Error retreiving circle of trust", ce);
}
} catch (SAML2Exception s2e) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Error getting reader URL : ", s2e);
}
} catch (Exception e) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Error getting reader URL : ", e);
}
}
return readerURL;
}
Also used :
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
ArrayList(java.util.ArrayList)
List(java.util.List)
CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor)
COTException(com.sun.identity.cot.COTException)
Map(java.util.Map)
HashMap(java.util.HashMap)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
IOException(java.io.IOException)
ServletException(javax.servlet.ServletException)
SessionException(com.sun.identity.plugin.session.SessionException)
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
COTException(com.sun.identity.cot.COTException)
SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)
Example 25 with SPSSOConfigElement
use of com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement in project OpenAM by OpenRock.
the class SAML2MetaManager method getRoleByMetaAlias.
/**
* Returns role of an entity based on its metaAlias.
*
* @param metaAlias Meta alias of the entity.
* @return role of an entity either <code>SAML2Constants.IDP_ROLE</code>; or
* <code>SAML2Constants.SP_ROLE</code> or
* <code>SAML2Constants.UNKNOWN_ROLE</code>
* @throws SAML2MetaException if there are issues in getting the entity
* profile from the meta alias.
*/
public String getRoleByMetaAlias(String metaAlias) throws SAML2MetaException {
String role = SAML2Constants.UNKNOWN_ROLE;
String entityId = getEntityByMetaAlias(metaAlias);
if (entityId != null) {
String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
IDPSSOConfigElement idpConfig = getIDPSSOConfig(realm, entityId);
SPSSOConfigElement spConfig = getSPSSOConfig(realm, entityId);
XACMLPDPConfigElement pdpConfig = getPolicyDecisionPointConfig(realm, entityId);
XACMLAuthzDecisionQueryConfigElement pepConfig = getPolicyEnforcementPointConfig(realm, entityId);
if (idpConfig != null) {
String m = idpConfig.getMetaAlias();
if ((m != null) && m.equals(metaAlias)) {
role = SAML2Constants.IDP_ROLE;
}
} else if (spConfig != null) {
String m = spConfig.getMetaAlias();
if ((m != null) && m.equals(metaAlias)) {
role = SAML2Constants.SP_ROLE;
}
} else if (pdpConfig != null) {
String m = pdpConfig.getMetaAlias();
if ((m != null) && m.equals(metaAlias)) {
role = SAML2Constants.PDP_ROLE;
}
} else if (pepConfig != null) {
String m = pepConfig.getMetaAlias();
if ((m != null) && m.equals(metaAlias)) {
role = SAML2Constants.PEP_ROLE;
}
}
}
return role;
}
Also used :
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
XACMLPDPConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
XACMLAuthzDecisionQueryConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement)
Aggregations
SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)38
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)25
List (java.util.List)24
Map (java.util.Map)20
HashMap (java.util.HashMap)18
ArrayList (java.util.ArrayList)16
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)14
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)13
SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)11
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)10
COTException (com.sun.identity.cot.COTException)8
Iterator (java.util.Iterator)8
SessionException (com.sun.identity.plugin.session.SessionException)7
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)6
IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)6
IOException (java.io.IOException)6
PrivateKey (java.security.PrivateKey)6
AuthnRequest (com.sun.identity.saml2.protocol.AuthnRequest)5
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)4
CircleOfTrustDescriptor (com.sun.identity.cot.CircleOfTrustDescriptor)4
