Search in sources :

Example 21 with SPSSOConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement in project OpenAM by OpenRock.

the class ValidateSAML2 method validateSP.

private void validateSP() throws WorkflowException {
    try {
        SAML2MetaManager mm = SAML2Utils.getSAML2MetaManager();
        SPSSODescriptorElement elt = mm.getSPSSODescriptor(realm, spEntityId);
        if (elt == null) {
            Object[] param = { spEntityId };
            throw new WorkflowException("cannot.locate.sp", param);
        }
        if (spMetaAlias != null) {
            SPSSOConfigElement spConfig = mm.getSPSSOConfig(realm, spEntityId);
            if (spConfig == null) {
                Object[] param = { spEntityId };
                throw new WorkflowException("cannot.locate.sp", param);
            } else {
                if (!spConfig.getMetaAlias().equals(spMetaAlias)) {
                    Object[] param = { spEntityId };
                    throw new WorkflowException("cannot.locate.sp", param);
                }
            }
        }
        List sloServiceList = elt.getSingleLogoutService();
        spBaseURL = getSPBaseURL(sloServiceList);
        if (spBaseURL == null) {
            bFedlet = true;
        } else {
            validateURL(spBaseURL);
        }
    } catch (SAML2MetaException ex) {
        debug.error("ValidateSAML2: Error while validating SP", ex);
        Object[] param = { spEntityId };
        throw new WorkflowException("cannot.locate.sp", param);
    }
}
Also used : SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) List(java.util.List) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 22 with SPSSOConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement in project OpenAM by OpenRock.

the class SAML2Utils method getSAEAttrs.

/**
     * Retrieves SAE related attributes from exended metadata.
     *
     * @param realm    realm the FM provider is in
     * @param entityId the entity ID of the FM provider
     * @param role     Role of the FM provider
     * @param appUrl   application url
     * @return Map containing SAE parameters or null in case of error.
     */
public static Map getSAEAttrs(String realm, String entityId, String role, String appUrl) {
    if (appUrl == null || appUrl.length() == 0) {
        return null;
    }
    try {
        IDPSSOConfigElement idpConfig = null;
        SPSSOConfigElement spConfig = null;
        Map attrs = null;
        if (role.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
            spConfig = saml2MetaManager.getSPSSOConfig(realm, entityId);
            if (spConfig == null) {
                return null;
            }
            attrs = SAML2MetaUtils.getAttributes(spConfig);
        } else {
            idpConfig = saml2MetaManager.getIDPSSOConfig(realm, entityId);
            if (idpConfig == null) {
                debug.message("SAML2Utils.getSAEAttrs: idpconfig is null");
                return null;
            }
            attrs = SAML2MetaUtils.getAttributes(idpConfig);
        }
        if (attrs == null) {
            debug.message("SAML2Utils.getSAEAttrs: no extended attrs");
            return null;
        }
        List values = (List) attrs.get(SAML2Constants.SAE_APP_SECRET_LIST);
        if (values != null && values.size() != 0) {
            Iterator iter = values.iterator();
            while (iter.hasNext()) {
                String value = (String) iter.next();
                if (debug.messageEnabled()) {
                    debug.message("SAML2Utils.getSAEAttrs: value=" + value);
                }
                StringTokenizer st = new StringTokenizer(value, "|");
                HashMap hp = null;
                while (st.hasMoreTokens()) {
                    String tok = st.nextToken();
                    int idx = tok.indexOf("=");
                    String name = tok.substring(0, idx);
                    String val = tok.substring(idx + 1, tok.length());
                    if (debug.messageEnabled()) {
                        debug.message("SAML2Utils.getSAEAttrs: tok:name=" + name + " val=" + val);
                    }
                    if (SAML2Constants.SAE_XMETA_URL.equals(name)) {
                        if (appUrl.startsWith(val)) {
                            hp = new HashMap();
                        } else {
                            break;
                        }
                    } else if (SAML2Constants.SAE_XMETA_SECRET.equals(name)) {
                        val = SAMLUtilsCommon.decodePassword(val);
                    }
                    hp.put(name, val);
                }
                if (hp != null) {
                    String alias = SAML2Utils.getSigningCertAlias(realm, entityId, role);
                    if (alias != null)
                        hp.put(SAML2Constants.SAE_XMETA_PKEY_ALIAS, alias);
                    if (debug.messageEnabled()) {
                        debug.message("SAML2Utils.getSAEAttrs: PKEY=" + alias + ":");
                    }
                    return hp;
                }
            }
        }
    } catch (SAML2MetaException e) {
        debug.message("get SSOConfig failed:", e);
    }
    return null;
}
Also used : StringTokenizer(java.util.StringTokenizer) HashMap(java.util.HashMap) SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) Iterator(java.util.Iterator) IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement) ArrayList(java.util.ArrayList) List(java.util.List) Map(java.util.Map) HashMap(java.util.HashMap) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 23 with SPSSOConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement in project OpenAM by OpenRock.

the class SAML2Utils method isDualRole.

/**
     * Returns true if this entity is acting as both SP and IDP.
     *
     * @param hostEntityId entity ID of the hosted entity.
     * @param realm        the realm the entity resides.
     * @return true if this entity is acting as both SP and IDP,
     * false otherwise.
     */
public static boolean isDualRole(String hostEntityId, String realm) {
    try {
        SPSSOConfigElement spConfig = saml2MetaManager.getSPSSOConfig(realm, hostEntityId);
        if (spConfig == null) {
            return false;
        }
        IDPSSOConfigElement idpConfig = saml2MetaManager.getIDPSSOConfig(realm, hostEntityId);
        return idpConfig != null;
    } catch (Exception e) {
        return false;
    }
}
Also used : SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement) SystemConfigurationException(com.sun.identity.common.SystemConfigurationException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) IOException(java.io.IOException) ServletException(javax.servlet.ServletException) SessionException(com.sun.identity.plugin.session.SessionException) DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) COTException(com.sun.identity.cot.COTException) SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)

Example 24 with SPSSOConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement in project OpenAM by OpenRock.

the class SAML2Utils method getReaderURL.

public static String getReaderURL(String spMetaAlias) {
    // get spExtended
    String classMethod = "SAML2Utils:getReaderURL:";
    String readerURL = null;
    try {
        String realm = SAML2MetaUtils.getRealmByMetaAlias(spMetaAlias);
        String spEntityID = saml2MetaManager.getEntityByMetaAlias(spMetaAlias);
        if (debug.messageEnabled()) {
            debug.message(classMethod + "metaAlias is :" + spMetaAlias);
            debug.message(classMethod + "Realm is :" + realm);
            debug.message(classMethod + "spEntityID is :" + spEntityID);
        }
        SPSSOConfigElement spEntityCfg = saml2MetaManager.getSPSSOConfig(realm, spEntityID);
        Map spConfigAttrsMap = null;
        if (spEntityCfg != null) {
            spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg);
            List cotList = (List) spConfigAttrsMap.get("cotlist");
            String cotListStr = (String) cotList.iterator().next();
            CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, cotListStr);
            readerURL = cotDesc.getSAML2ReaderServiceURL();
        }
    } catch (COTException ce) {
        if (debug.messageEnabled()) {
            debug.message(classMethod + "Error retreiving circle of trust", ce);
        }
    } catch (SAML2Exception s2e) {
        if (debug.messageEnabled()) {
            debug.message(classMethod + "Error getting reader URL : ", s2e);
        }
    } catch (Exception e) {
        if (debug.messageEnabled()) {
            debug.message(classMethod + "Error getting reader URL : ", e);
        }
    }
    return readerURL;
}
Also used : SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) ArrayList(java.util.ArrayList) List(java.util.List) CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor) COTException(com.sun.identity.cot.COTException) Map(java.util.Map) HashMap(java.util.HashMap) SystemConfigurationException(com.sun.identity.common.SystemConfigurationException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) IOException(java.io.IOException) ServletException(javax.servlet.ServletException) SessionException(com.sun.identity.plugin.session.SessionException) DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) COTException(com.sun.identity.cot.COTException) SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)

Example 25 with SPSSOConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement in project OpenAM by OpenRock.

the class SAML2MetaManager method getRoleByMetaAlias.

/**
     * Returns role of an entity based on its metaAlias.
     *
     * @param metaAlias Meta alias of the entity.
     * @return role of an entity either <code>SAML2Constants.IDP_ROLE</code>; or
     *         <code>SAML2Constants.SP_ROLE</code> or 
     *         <code>SAML2Constants.UNKNOWN_ROLE</code>
     * @throws SAML2MetaException if there are issues in getting the entity
     *         profile from the meta alias.
     */
public String getRoleByMetaAlias(String metaAlias) throws SAML2MetaException {
    String role = SAML2Constants.UNKNOWN_ROLE;
    String entityId = getEntityByMetaAlias(metaAlias);
    if (entityId != null) {
        String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
        IDPSSOConfigElement idpConfig = getIDPSSOConfig(realm, entityId);
        SPSSOConfigElement spConfig = getSPSSOConfig(realm, entityId);
        XACMLPDPConfigElement pdpConfig = getPolicyDecisionPointConfig(realm, entityId);
        XACMLAuthzDecisionQueryConfigElement pepConfig = getPolicyEnforcementPointConfig(realm, entityId);
        if (idpConfig != null) {
            String m = idpConfig.getMetaAlias();
            if ((m != null) && m.equals(metaAlias)) {
                role = SAML2Constants.IDP_ROLE;
            }
        } else if (spConfig != null) {
            String m = spConfig.getMetaAlias();
            if ((m != null) && m.equals(metaAlias)) {
                role = SAML2Constants.SP_ROLE;
            }
        } else if (pdpConfig != null) {
            String m = pdpConfig.getMetaAlias();
            if ((m != null) && m.equals(metaAlias)) {
                role = SAML2Constants.PDP_ROLE;
            }
        } else if (pepConfig != null) {
            String m = pepConfig.getMetaAlias();
            if ((m != null) && m.equals(metaAlias)) {
                role = SAML2Constants.PEP_ROLE;
            }
        }
    }
    return role;
}
Also used : SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) XACMLPDPConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement) IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement) XACMLAuthzDecisionQueryConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement)

Aggregations

SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)38 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)25 List (java.util.List)24 Map (java.util.Map)20 HashMap (java.util.HashMap)18 ArrayList (java.util.ArrayList)16 SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)14 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)13 SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)11 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)10 COTException (com.sun.identity.cot.COTException)8 Iterator (java.util.Iterator)8 SessionException (com.sun.identity.plugin.session.SessionException)7 EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)6 IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)6 IOException (java.io.IOException)6 PrivateKey (java.security.PrivateKey)6 AuthnRequest (com.sun.identity.saml2.protocol.AuthnRequest)5 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)4 CircleOfTrustDescriptor (com.sun.identity.cot.CircleOfTrustDescriptor)4