Search in sources :

Example 31 with SPSSOConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method getMetaalias.

/**
     * Returns the metaAlias of the entity.
     *
     * @param realm to which the entity belongs.
     * @param entityName is the entity id.
     * @param role the Role of entity.
     * @return the metaAlias of the entity.
     * @throws AMConsoleException if unable to retrieve metaAlias.
     */
public String getMetaalias(String realm, String entityName, String role) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "Extended" };
    logEvent("ATTEMPT_GET_METAALIAS", params);
    String metaAlias = null;
    IDPSSOConfigElement idpssoConfig = null;
    SPSSOConfigElement spssoConfig = null;
    try {
        SAML2MetaManager samlManager = getSAML2MetaManager();
        if (role.equals(EntityModel.IDENTITY_PROVIDER)) {
            idpssoConfig = samlManager.getIDPSSOConfig(realm, entityName);
            if (idpssoConfig != null) {
                BaseConfigType baseConfig = (BaseConfigType) idpssoConfig;
                metaAlias = baseConfig.getMetaAlias();
            }
        } else if (role.equals(EntityModel.SERVICE_PROVIDER)) {
            spssoConfig = samlManager.getSPSSOConfig(realm, entityName);
            if (spssoConfig != null) {
                BaseConfigType baseConfig = (BaseConfigType) spssoConfig;
                metaAlias = baseConfig.getMetaAlias();
            }
        }
        logEvent("SUCCEED_GET_METAALIAS", params);
    } catch (SAML2MetaException e) {
        debug.warning("SAMLv2ModelImpl.getMetaalias:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "Extended", strError };
        logEvent("FEDERATION_EXCEPTION_GET_METAALIAS", paramsEx);
        throw new AMConsoleException(strError);
    }
    return metaAlias;
}
Also used : BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType) SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 32 with SPSSOConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method updateSPAuthenticationContexts.

/**
     * update SP Authentication Contexts
     *
     * @param realm Realm of Entity
     * @param entityName Name of Entity Descriptor.
     * @param cxt SAMLv2AuthContexts object contains SP
     *        Authentication Contexts values
     * @throws AMConsoleException if fails to update SP
     *         Authentication Contexts.
     */
public void updateSPAuthenticationContexts(String realm, String entityName, SAMLv2AuthContexts cxt) throws AMConsoleException {
    List list = cxt.toSPAuthContextInfo();
    String[] params = { realm, entityName, "SAMLv2", "SP-updateSPAuthenticationContexts" };
    logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
    try {
        SAML2MetaManager saml2MetaManager = getSAML2MetaManager();
        EntityConfigElement entityConfig = saml2MetaManager.getEntityConfig(realm, entityName);
        if (entityConfig == null) {
            throw new AMConsoleException("invalid.entity.name");
        }
        SPSSOConfigElement spDecConfigElement = saml2MetaManager.getSPSSOConfig(realm, entityName);
        if (spDecConfigElement == null) {
            throw new AMConsoleException("invalid.config.element");
        } else {
            // update sp entity config
            updateBaseConfig(spDecConfigElement, SP_AUTHN_CONTEXT_CLASS_REF_MAPPING, list);
        }
        //saves the attributes by passing the new entityConfig object
        saml2MetaManager.setEntityConfig(realm, entityConfig);
        logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
    } catch (SAML2MetaException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "SP-updateSPAuthenticationContexts", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
        throw new AMConsoleException(strError);
    }
    return;
}
Also used : SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) List(java.util.List) ArrayList(java.util.ArrayList) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)

Example 33 with SPSSOConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement in project OpenAM by OpenRock.

the class MetaDataParser method getCOT.

/**
 *get a COT 
 *
 */
public String getCOT() {
    List spCOTList = null;
    try {
        SAML2MetaManager manager = new SAML2MetaManager();
        SPSSOConfigElement spEntityCfg = manager.getSPSSOConfig("/", getSPEntityID());
        Map spConfigAttrsMap = null;
        if (spEntityCfg != null) {
            spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg);
        }
        spCOTList = (List) spConfigAttrsMap.get(SAML2Constants.COT_LIST);
        return (String) spCOTList.get(0);
    } catch (SAML2MetaException ex) {
        Logger.getLogger(MetaDataParser.class.getName()).log(Level.SEVERE, null, ex);
    }
    return (String) spCOTList.get(0);
}
Also used : SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) List(java.util.List) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) Map(java.util.Map) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 34 with SPSSOConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement in project OpenAM by OpenRock.

the class SAML2SingleLogoutHandler method handleSOAPInitiatedSingleLogout.

private int handleSOAPInitiatedSingleLogout(Set userSession, String userID, HttpServletRequest request, HttpServletResponse response, String realm, String idpMetaAlias, String idpEntityId, String relayState, SAML2MetaManager saml2Manager) throws SAML2Exception, SessionException {
    debug.message("SAML2SingleLogoutHanlder: handleSOAPInitiatedSLO");
    // TODO : verify this works under LB        
    Object session = null;
    SessionProvider provider = SessionManager.getProvider();
    if ((userSession != null) && !userSession.isEmpty()) {
        // TODO : handle multiple SSO token case
        session = (Object) userSession.iterator().next();
        if (!provider.isValid(session)) {
            return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
        }
    } else {
        return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
    }
    if (debug.messageEnabled()) {
        debug.message("SAML2SLOHandler.handleSOAPSLO: " + "handler session " + session + " for user " + userID);
    }
    // get IDP session index from session
    String[] sessIndex = provider.getProperty(session, SAML2Constants.IDP_SESSION_INDEX);
    if (debug.messageEnabled()) {
        debug.message("SAML2SLOHandler.handleSOAPSLO: " + "session index = " + sessIndex);
    }
    if ((sessIndex == null) || (sessIndex.length == 0)) {
        if (debug.warningEnabled()) {
            debug.warning("SAML2SLOHandler.handleSOAPSLO: " + "Null session index for " + session);
        }
        return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
    }
    IDPSession idpSession = (IDPSession) IDPCache.idpSessionsByIndices.get(sessIndex[0]);
    if (idpSession == null) {
        debug.error("SAML2SLOHanlder.handleSOAPSLO: " + "IDP no longer has this session index " + sessIndex[0]);
        return SingleLogoutManager.LOGOUT_FAILED_STATUS;
    }
    List list = (List) idpSession.getNameIDandSPpairs();
    int n = list.size();
    if (debug.messageEnabled()) {
        debug.message("SAML2SLOHanlder.handleSOAPSLO: " + "NameIDandSPpair for " + sessIndex[0] + " is " + list + ", size=" + n);
    }
    NameIDandSPpair pair = null;
    int soapFailCount = 0;
    for (int i = 0; i < n; i++) {
        pair = (NameIDandSPpair) list.get(i);
        String spEntityID = pair.getSPEntityID();
        if (debug.messageEnabled()) {
            debug.message("SAML2SLOHanlder.handleSOAPSLO: " + "SP for " + sessIndex[0] + " is " + spEntityID);
        }
        SPSSODescriptorElement sp = null;
        sp = SAML2Utils.getSAML2MetaManager().getSPSSODescriptor(realm, spEntityID);
        List slosList = sp.getSingleLogoutService();
        // get IDP entity config for basic auth info
        SPSSOConfigElement spConfig = SAML2Utils.getSAML2MetaManager().getSPSSOConfig(realm, spEntityID);
        HashMap paramsMap = new HashMap();
        paramsMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE);
        try {
            LogoutUtil.doLogout(idpMetaAlias, spEntityID, slosList, null, SAML2Constants.SOAP, relayState, sessIndex[0], pair.getNameID(), request, response, paramsMap, spConfig);
        } catch (SAML2Exception ex) {
            debug.error("SAML2SLOHandler:handleSOAPSLO.doLogout", ex);
            soapFailCount++;
            continue;
        }
    }
    int retStatus = SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS;
    if (soapFailCount == n) {
        retStatus = SingleLogoutManager.LOGOUT_FAILED_STATUS;
    } else if (soapFailCount > 0) {
        retStatus = SingleLogoutManager.LOGOUT_PARTIAL_STATUS;
    }
    //  invaidate session
    MultiProtocolUtils.invalidateSession(session, request, response, SingleLogoutManager.SAML2);
    IDPCache.idpSessionsByIndices.remove(sessIndex[0]);
    IDPCache.authnContextCache.remove(sessIndex[0]);
    if (debug.messageEnabled()) {
        debug.message("SAML2SLOHandler.doSOAPSLO: return status for " + session + " is " + retStatus);
    }
    return retStatus;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) NameIDandSPpair(com.sun.identity.saml2.profile.NameIDandSPpair) IDPSession(com.sun.identity.saml2.profile.IDPSession) HashMap(java.util.HashMap) SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) List(java.util.List) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 35 with SPSSOConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement in project OpenAM by OpenRock.

the class SAML2IDPProxyFRImpl method getPreferredIDP.

/**
     * Returns a list of preferred IDP providerIDs.
     * @param authnRequest original authnrequest
     * @param hostProviderID ProxyIDP providerID.
     * @param realm Realm
     * @param request HttpServletRequest
     * @param response HttpServletResponse
     * @return a list of providerID's of the authenticating providers to be
     *     proxied or <code>null</code> to disable the proxying and continue
     *     for the localauthenticating provider.
     * @exception SAML2Exception if error occurs.
     */
public List getPreferredIDP(AuthnRequest authnRequest, String hostProviderID, String realm, HttpServletRequest request, HttpServletResponse response) throws SAML2Exception {
    // Entering the class and method
    String methodName = "getPreferredIDP";
    String classMethod = className + methodName + ":";
    debugMessage(methodName, "Entering.");
    Boolean isIdpFinderForAllSPsEnabled = isIDPFinderForAllSPs(realm, hostProviderID);
    // Start the logic to obtain the list of preferred IdPs
    try {
        // Inititate the metadata manager
        SAML2MetaManager sm = new SAML2MetaManager();
        if (sm == null) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorMetaManager"));
        }
        // Obtain the SP configuration
        try {
            spSSODescriptor = IDPSSOUtil.metaManager.getSPSSODescriptor(realm, authnRequest.getIssuer().getValue().toString());
        } catch (SAML2MetaException sme) {
            SAML2Utils.debug.error(classMethod, sme);
            spSSODescriptor = null;
        }
        // Get the relay state from the request, if exists
        relayState = request.getParameter(SAML2Constants.RELAY_STATE);
        binding = SAML2Constants.HTTP_REDIRECT;
        if (request.getMethod().equals("POST")) {
            binding = SAML2Constants.HTTP_POST;
        }
        // Read the local metadata of the SP that made the request
        SPSSOConfigElement spEntityCfg = sm.getSPSSOConfig(realm, authnRequest.getIssuer().getValue());
        Map spConfigAttrsMap = null;
        if (spEntityCfg != null) {
            spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg);
        }
        // Check if the local configuration of the remote SP wants to use
        // the Introduction Cookie
        Boolean isIntroductionForProxyingEnabled = false;
        String useIntroductionForProxying = SPSSOFederate.getParameter(spConfigAttrsMap, SAML2Constants.USE_INTRODUCTION_FOR_IDP_PROXY);
        if (useIntroductionForProxying != null)
            isIntroductionForProxyingEnabled = useIntroductionForProxying.equalsIgnoreCase("true");
        // Check if the local configuration of the remote SP wants to use
        // the IDP Finder
        Boolean isIdPFinderEnabled = false;
        String idpFinderEnabled = SPSSOFederate.getParameter(spConfigAttrsMap, IDP_FINDER_ENABLED_IN_SP);
        if (idpFinderEnabled != null)
            isIdPFinderEnabled = idpFinderEnabled.equalsIgnoreCase("true");
        String idpFinderJSP = getIDPFinderJSP(realm, hostProviderID);
        // providerIDs will contain the list of IdPs to return from this method
        List providerIDs = new ArrayList();
        // extended metadata
        if (!isIntroductionForProxyingEnabled && !isIdPFinderEnabled && !isIdpFinderForAllSPsEnabled) {
            debugMessage(methodName, " idpFinder wil use the static list of the SP");
            List<String> proxyIDPs = null;
            if (spConfigAttrsMap != null && !spConfigAttrsMap.isEmpty()) {
                proxyIDPs = (List<String>) spConfigAttrsMap.get(SAML2Constants.IDP_PROXY_LIST);
            }
            debugMessage(methodName, " List from the configuration: " + proxyIDPs);
            if (proxyIDPs == null || proxyIDPs.isEmpty()) {
                SAML2Utils.debug.error("SAML2IDPProxyImpl.getPrefferedIDP:" + "Preferred IDPs are null.");
                return null;
            }
            // give the user the chance to select one interactively
            if (proxyIDPs.size() > 1) {
                String idpListSt = selectIDPBasedOnLOA(proxyIDPs, realm, authnRequest);
                // Construct the IDPFinder URL to redirect to
                String idpFinder = getRedirect(request, idpFinderJSP);
                // Generate the requestID
                String requestID = SAML2Utils.generateID();
                // Store the important stuff and the session parameters so the
                // idpFinderImplemenatation can read them and process them
                storeSessionParamsAndCache(request, idpListSt, authnRequest, hostProviderID, realm, requestID);
                debugMessage(methodName, ": Redirect url = " + idpFinder);
                response.sendRedirect(idpFinder);
                // return something different than null
                providerIDs.add(requestID);
                debugMessage(methodName, " Redirected successfully");
                return providerIDs;
            }
            providerIDs.add(proxyIDPs.iterator().next());
            return providerIDs;
        }
        // and it does not want to use the introduction cookie
        if (!isIntroductionForProxyingEnabled && (isIdPFinderEnabled || isIdpFinderForAllSPsEnabled)) {
            debugMessage(methodName, "SP wants to use IdP Finder");
            String idpListSt = idpList(authnRequest, realm);
            if (!idpListSt.trim().isEmpty()) {
                // Construct the IDPFinder URL to redirect to
                String idpFinder = getRedirect(request, idpFinderJSP);
                // Generate the requestID
                String requestID = SAML2Utils.generateID();
                // Store the important stuff and the session parameters so the
                // idpFinderImplemenatation can read them and process them
                storeSessionParamsAndCache(request, idpListSt, authnRequest, hostProviderID, realm, requestID);
                debugMessage(methodName, ": Redirect url = " + idpFinder);
                response.sendRedirect(idpFinder);
                // return something different than null
                providerIDs.add(requestID);
                debugMessage(methodName, " Redirected successfully");
                return providerIDs;
            } else {
                return null;
            }
        } else {
            // IDP Proxy with introduction cookie
            List cotList = (List) spConfigAttrsMap.get("cotlist");
            String cotListStr = (String) cotList.iterator().next();
            CircleOfTrustManager cotManager = new CircleOfTrustManager();
            CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, cotListStr);
            String readerURL = cotDesc.getSAML2ReaderServiceURL();
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(classMethod + "SAMLv2 idp" + "discovery reader URL = " + readerURL);
            }
            if (readerURL != null && (!readerURL.equals(""))) {
                String rID = SAML2Utils.generateID();
                String redirectURL = SAML2Utils.getRedirectURL(readerURL, rID, request);
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.error(classMethod + "Redirect url = " + redirectURL);
                }
                if (redirectURL != null) {
                    response.sendRedirect(redirectURL);
                    Map aMap = new HashMap();
                    SPCache.reqParamHash.put(rID, aMap);
                    providerIDs.add(rID);
                    return providerIDs;
                }
            }
        }
        return null;
    } catch (SAML2MetaException ex) {
        SAML2Utils.debug.error(classMethod + "meta Exception in retrieving the preferred IDP", ex);
        return null;
    } catch (COTException sme) {
        SAML2Utils.debug.error(classMethod + "Error retreiving COT ", sme);
        return null;
    } catch (Exception e) {
        SAML2Utils.debug.error(classMethod + "Exception in retrieving the preferred IDP", e);
        return null;
    }
}
Also used : CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager) HashMap(java.util.HashMap) SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) ArrayList(java.util.ArrayList) CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) COTException(com.sun.identity.cot.COTException) COTException(com.sun.identity.cot.COTException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) ArrayList(java.util.ArrayList) List(java.util.List) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) HashMap(java.util.HashMap) Map(java.util.Map)

Aggregations

SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)38 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)25 List (java.util.List)24 Map (java.util.Map)20 HashMap (java.util.HashMap)18 ArrayList (java.util.ArrayList)16 SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)14 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)13 SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)11 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)10 COTException (com.sun.identity.cot.COTException)8 Iterator (java.util.Iterator)8 SessionException (com.sun.identity.plugin.session.SessionException)7 EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)6 IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)6 IOException (java.io.IOException)6 PrivateKey (java.security.PrivateKey)6 AuthnRequest (com.sun.identity.saml2.protocol.AuthnRequest)5 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)4 CircleOfTrustDescriptor (com.sun.identity.cot.CircleOfTrustDescriptor)4