Examples with XACMLAuthzDecisionQueryConfigElement com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement used on opensource projects

Search in sources :

Example 6 with XACMLAuthzDecisionQueryConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement in project OpenAM by OpenRock.

the class SAML2Test method importEntity.

@Test(groups = { "samlv2", "samlv2op" }, dependsOnMethods = { "createMetaTemplate" })
public void importEntity() throws CLIException, SAML2MetaException {
    entering("importEntity", null);
    String[] args = { "import-entity", CLIConstants.PREFIX_ARGUMENT_LONG + FedCLIConstants.ARGUMENT_METADATA, "meta", CLIConstants.PREFIX_ARGUMENT_LONG + FedCLIConstants.ARGUMENT_EXTENDED_DATA, "extended", CLIConstants.PREFIX_ARGUMENT_LONG + FedCLIConstants.ARGUMENT_COT, NAME_COT, CLIConstants.PREFIX_ARGUMENT_LONG + FedCLIConstants.SPECIFICATION_VERSION, FedCLIConstants.SAML2_SPECIFICATION };
    CLIRequest req = new CLIRequest(null, args, getAdminSSOToken());
    cmdManager.addToRequestQueue(req);
    cmdManager.serviceRequestQueue();
    SAML2MetaManager mgr = new SAML2MetaManager();
    EntityDescriptorElement entity = mgr.getEntityDescriptor("/", NAME_IDP);
    assert (entity != null);
    SPSSODescriptorElement spElt = mgr.getSPSSODescriptor("/", NAME_IDP);
    assert (spElt != null);
    IDPSSODescriptorElement idpElt = mgr.getIDPSSODescriptor("/", NAME_IDP);
    assert (idpElt != null);
    XACMLPDPDescriptorElement pdpElt = mgr.getPolicyDecisionPointDescriptor("/", NAME_IDP);
    assert (pdpElt != null);
    XACMLAuthzDecisionQueryDescriptorElement pepElt = mgr.getPolicyEnforcementPointDescriptor("/", NAME_IDP);
    assert (pepElt != null);
    IDPSSOConfigElement idpConfig = mgr.getIDPSSOConfig("/", NAME_IDP);
    assert (idpConfig != null);
    SPSSOConfigElement spConfig = mgr.getSPSSOConfig("/", NAME_IDP);
    assert (spConfig != null);
    XACMLPDPConfigElement pdpConfig = mgr.getPolicyDecisionPointConfig("/", NAME_IDP);
    assert (pdpConfig != null);
    XACMLAuthzDecisionQueryConfigElement pepConfig = mgr.getPolicyEnforcementPointConfig("/", NAME_IDP);
    assert (pepConfig != null);
    exiting("importEntity");
}
Also used : SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) XACMLPDPDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement) SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) CLIRequest(com.sun.identity.cli.CLIRequest) XACMLPDPConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement) IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement) XACMLAuthzDecisionQueryConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement) XACMLAuthzDecisionQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLAuthzDecisionQueryDescriptorElement) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 7 with XACMLAuthzDecisionQueryConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement in project OpenAM by OpenRock.

the class SAML2MetaManager method getRoleByMetaAlias.

/**
     * Returns role of an entity based on its metaAlias.
     *
     * @param metaAlias Meta alias of the entity.
     * @return role of an entity either <code>SAML2Constants.IDP_ROLE</code>; or
     *         <code>SAML2Constants.SP_ROLE</code> or 
     *         <code>SAML2Constants.UNKNOWN_ROLE</code>
     * @throws SAML2MetaException if there are issues in getting the entity
     *         profile from the meta alias.
     */
public String getRoleByMetaAlias(String metaAlias) throws SAML2MetaException {
    String role = SAML2Constants.UNKNOWN_ROLE;
    String entityId = getEntityByMetaAlias(metaAlias);
    if (entityId != null) {
        String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
        IDPSSOConfigElement idpConfig = getIDPSSOConfig(realm, entityId);
        SPSSOConfigElement spConfig = getSPSSOConfig(realm, entityId);
        XACMLPDPConfigElement pdpConfig = getPolicyDecisionPointConfig(realm, entityId);
        XACMLAuthzDecisionQueryConfigElement pepConfig = getPolicyEnforcementPointConfig(realm, entityId);
        if (idpConfig != null) {
            String m = idpConfig.getMetaAlias();
            if ((m != null) && m.equals(metaAlias)) {
                role = SAML2Constants.IDP_ROLE;
            }
        } else if (spConfig != null) {
            String m = spConfig.getMetaAlias();
            if ((m != null) && m.equals(metaAlias)) {
                role = SAML2Constants.SP_ROLE;
            }
        } else if (pdpConfig != null) {
            String m = pdpConfig.getMetaAlias();
            if ((m != null) && m.equals(metaAlias)) {
                role = SAML2Constants.PDP_ROLE;
            }
        } else if (pepConfig != null) {
            String m = pepConfig.getMetaAlias();
            if ((m != null) && m.equals(metaAlias)) {
                role = SAML2Constants.PEP_ROLE;
            }
        }
    }
    return role;
}
Also used : SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) XACMLPDPConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement) IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement) XACMLAuthzDecisionQueryConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement)

Example 8 with XACMLAuthzDecisionQueryConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method updatePEPConfig.

/**
     * Save the extended metadata for PEP Config.
     *
     * @param realm realm of Entity
     * @param entityName entity name of Entity Descriptor.
     * @param location entity is remote or hosted
     * @param attrValues key-value pair Map of PEP extended config.
     * @throws AMConsoleException if fails to modify/save the PEP
     *         extended metadata attributes
     */
public void updatePEPConfig(String realm, String entityName, String location, Map attrValues) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "XACML PEP" };
    logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
    String role = EntityModel.POLICY_ENFORCEMENT_POINT_DESCRIPTOR;
    try {
        SAML2MetaManager saml2Manager = getSAML2MetaManager();
        //entityConfig is the extended entity configuration object
        EntityConfigElement entityConfig = saml2Manager.getEntityConfig(realm, entityName);
        if (entityConfig == null) {
            throw new AMConsoleException("invalid.xacml.configuration");
        }
        XACMLAuthzDecisionQueryConfigElement pepEntityConfig = saml2Manager.getPolicyEnforcementPointConfig(realm, entityName);
        if (pepEntityConfig == null) {
            throw new AMConsoleException("invalid.xacml.configuration");
        } else {
            updateBaseConfig(pepEntityConfig, attrValues, role);
        }
        //saves the attributes by passing the new entityConfig object
        saml2Manager.setEntityConfig(realm, entityConfig);
        logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
    } catch (SAML2MetaException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "XACML PEP", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
        throw new AMConsoleException(strError);
    } catch (JAXBException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "XACML PEP", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
        throw new AMConsoleException(strError);
    }
}
Also used : JAXBException(javax.xml.bind.JAXBException) XACMLAuthzDecisionQueryConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)

Example 9 with XACMLAuthzDecisionQueryConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method getPEPConfig.

/**
     * Returns a <code>Map</code> containing the extended metadata for the PEP.
     *
     * @param realm where entity exists.
     * @param entityName name of entity descriptor.
     * @param location if the entity is remote or hosted.
     * @return key-value pair Map of PEP config data.
     * @throws AMConsoleException if unable to retrieve the PEP
     *         extended metadata attribute
     */
public Map getPEPConfig(String realm, String entityName, String location) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "XACML PEP" };
    logEvent("ATTEMPT_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
    String role = EntityModel.POLICY_ENFORCEMENT_POINT_DESCRIPTOR;
    Map data = null;
    List configList = null;
    String metaAlias = null;
    try {
        SAML2MetaManager saml2Manager = getSAML2MetaManager();
        XACMLAuthzDecisionQueryConfigElement xacmlAuthzConfigElement = saml2Manager.getPolicyEnforcementPointConfig(realm, entityName);
        if (xacmlAuthzConfigElement != null) {
            data = new HashMap();
            configList = xacmlAuthzConfigElement.getAttribute();
            metaAlias = xacmlAuthzConfigElement.getMetaAlias();
            int size = configList.size();
            for (int i = 0; i < size; i++) {
                AttributeType atype = (AttributeType) configList.get(i);
                String name = atype.getName();
                java.util.List value = atype.getValue();
                data.put(atype.getName(), returnEmptySetIfValueIsNull(atype.getValue()));
            }
            data.put("metaAlias", metaAlias);
        } else {
            createExtendedObject(realm, entityName, location, role);
        }
        logEvent("SUCCEED_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
    } catch (JAXBException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "XACML PEP", strError };
        logEvent("FEDERATION_EXCEPTION_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", paramsEx);
        throw new AMConsoleException(strError);
    } catch (SAML2MetaException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "XACML PEP", strError };
        logEvent("FEDERATION_EXCEPTION_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", paramsEx);
        throw new AMConsoleException(strError);
    }
    return (data != null) ? data : Collections.EMPTY_MAP;
}
Also used : HashMap(java.util.HashMap) JAXBException(javax.xml.bind.JAXBException) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) List(java.util.List) AttributeType(com.sun.identity.saml2.jaxb.entityconfig.AttributeType) List(java.util.List) ArrayList(java.util.ArrayList) XACMLAuthzDecisionQueryConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) Map(java.util.Map) HashMap(java.util.HashMap) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 10 with XACMLAuthzDecisionQueryConfigElement

use of com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement in project OpenAM by OpenRock.

the class QueryClient method verifySignedResponse.

/**
     * Verify the signature in <code>Response</code>.
     *
     * @param pepEntityID entity identifier of PEP.
     * @param pdpEntityID entity identifier of PDP.
     * @param response <code>Response</code> to be verified
     * @return true if signature is valid.
     * @throws <code>SAML2Exception</code> if error in verifying
     *         the signature.
     */
public static boolean verifySignedResponse(String pepEntityID, String pdpEntityID, Response response) throws SAML2Exception {
    String classMethod = "QueryClient:verifySignedResponse: ";
    String realm = "/";
    XACMLAuthzDecisionQueryConfigElement pepConfig = getPEPConfig(realm, pepEntityID);
    String wantResponseSigned = getAttributeValueFromPEPConfig(pepConfig, "wantXACMLAuthzDecisionResponseSigned");
    boolean valid;
    if (wantResponseSigned != null && wantResponseSigned.equalsIgnoreCase("true")) {
        XACMLPDPDescriptorElement pdpDescriptor = saml2MetaManager.getPolicyDecisionPointDescriptor(null, pdpEntityID);
        Set<X509Certificate> signingCerts = KeyUtil.getPDPVerificationCerts(pdpDescriptor, pdpEntityID);
        if (!signingCerts.isEmpty()) {
            valid = response.isSignatureValid(signingCerts);
            if (debug.messageEnabled()) {
                debug.message(classMethod + "Signature is valid :" + valid);
            }
        } else {
            debug.error(classMethod + "Incorrect configuration for Signing Certificate.");
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("metaDataError"));
        }
    } else {
        if (debug.messageEnabled()) {
            debug.message(classMethod + "Response doesn't need to be verified.");
        }
        valid = true;
    }
    return valid;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) XACMLPDPDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement) XACMLAuthzDecisionQueryConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement) X509Certificate(java.security.cert.X509Certificate)

Aggregations

XACMLAuthzDecisionQueryConfigElement (com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement)12 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)6 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)5 ArrayList (java.util.ArrayList)5 List (java.util.List)5 XACMLPDPConfigElement (com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement)4 XACMLPDPDescriptorElement (com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement)3 SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)3 X509Certificate (java.security.cert.X509Certificate)3 Iterator (java.util.Iterator)3 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)2 Issuer (com.sun.identity.saml2.assertion.Issuer)2 EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)2 IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)2 SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)2 Response (com.sun.identity.saml2.protocol.Response)2 PrivateKey (java.security.PrivateKey)2 HashMap (java.util.HashMap)2 Map (java.util.Map)2 JAXBException (javax.xml.bind.JAXBException)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial