Example 6 with XACMLPDPConfigElement
use of com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement in project OpenAM by OpenRock.
the class SAML2MetaManager method getAllHostedPolicyDecisionPointMetaAliases.
/**
* Returns meta aliases of all hosted policy decision point under the realm.
* @param realm The realm under which the policy decision point resides.
* @return list of meta aliases
* @throws SAML2MetaException if unable to retrieve meta aliases.
*/
public List getAllHostedPolicyDecisionPointMetaAliases(String realm) throws SAML2MetaException {
List metaAliases = new ArrayList();
List hostedEntityIds = getAllHostedPolicyDecisionPointEntities(realm);
for (Iterator i = hostedEntityIds.iterator(); i.hasNext(); ) {
String entityId = (String) i.next();
XACMLPDPConfigElement elm = getPolicyDecisionPointConfig(realm, entityId);
if (elm != null) {
metaAliases.add(elm.getMetaAlias());
}
}
return metaAliases;
}
Also used :
ArrayList(java.util.ArrayList)
Iterator(java.util.Iterator)
XACMLPDPConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 7 with XACMLPDPConfigElement
use of com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement in project OpenAM by OpenRock.
the class SAML2MetaManager method getRoleByMetaAlias.
/**
* Returns role of an entity based on its metaAlias.
*
* @param metaAlias Meta alias of the entity.
* @return role of an entity either <code>SAML2Constants.IDP_ROLE</code>; or
* <code>SAML2Constants.SP_ROLE</code> or
* <code>SAML2Constants.UNKNOWN_ROLE</code>
* @throws SAML2MetaException if there are issues in getting the entity
* profile from the meta alias.
*/
public String getRoleByMetaAlias(String metaAlias) throws SAML2MetaException {
String role = SAML2Constants.UNKNOWN_ROLE;
String entityId = getEntityByMetaAlias(metaAlias);
if (entityId != null) {
String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
IDPSSOConfigElement idpConfig = getIDPSSOConfig(realm, entityId);
SPSSOConfigElement spConfig = getSPSSOConfig(realm, entityId);
XACMLPDPConfigElement pdpConfig = getPolicyDecisionPointConfig(realm, entityId);
XACMLAuthzDecisionQueryConfigElement pepConfig = getPolicyEnforcementPointConfig(realm, entityId);
if (idpConfig != null) {
String m = idpConfig.getMetaAlias();
if ((m != null) && m.equals(metaAlias)) {
role = SAML2Constants.IDP_ROLE;
}
} else if (spConfig != null) {
String m = spConfig.getMetaAlias();
if ((m != null) && m.equals(metaAlias)) {
role = SAML2Constants.SP_ROLE;
}
} else if (pdpConfig != null) {
String m = pdpConfig.getMetaAlias();
if ((m != null) && m.equals(metaAlias)) {
role = SAML2Constants.PDP_ROLE;
}
} else if (pepConfig != null) {
String m = pepConfig.getMetaAlias();
if ((m != null) && m.equals(metaAlias)) {
role = SAML2Constants.PEP_ROLE;
}
}
}
return role;
}
Also used :
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
XACMLPDPConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
XACMLAuthzDecisionQueryConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement)
Example 8 with XACMLPDPConfigElement
use of com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method updatePDPConfig.
/**
* Save extended metadata for PDP Config.
*
* @param realm realm of Entity.
* @param entityName entity name of Entity Descriptor.
* @param location entity is remote or hosted.
* @param attrValues key-value pair Map of PDP extended config.
* @throws AMConsoleException if fails to modify/save the PDP
* extended metadata attribute
*/
public void updatePDPConfig(String realm, String entityName, String location, Map attrValues) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "XACML PDP" };
logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
String role = EntityModel.POLICY_DECISION_POINT_DESCRIPTOR;
try {
SAML2MetaManager saml2Manager = getSAML2MetaManager();
//entityConfig is the extended entity configuration object
EntityConfigElement entityConfig = saml2Manager.getEntityConfig(realm, entityName);
if (entityConfig == null) {
throw new AMConsoleException("invalid.xacml.configuration");
}
XACMLPDPConfigElement pdpEntityConfig = saml2Manager.getPolicyDecisionPointConfig(realm, entityName);
if (pdpEntityConfig == null) {
throw new AMConsoleException("invalid.xacml.configuration");
} else {
updateBaseConfig(pdpEntityConfig, attrValues, role);
}
//saves the attributes by passing the new entityConfig object
saml2Manager.setEntityConfig(realm, entityConfig);
logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
} catch (SAML2MetaException e) {
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "XACML PDP", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(strError);
} catch (JAXBException e) {
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "XACML PDP", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(strError);
}
}
Also used :
JAXBException(javax.xml.bind.JAXBException)
XACMLPDPConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
Example 9 with XACMLPDPConfigElement
use of com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement in project OpenAM by OpenRock.
the class QueryClient method processXACMLQuery.
/**
* Returns SAMLv2 <code>Response</code>.
* SAMLv2 request is sent enclosed in the body of a SOAP Message
* to a SOAP endpoint.
* Prior to sending the request query, attributes required for completeness
* of the SAMLv2 Request will be set (eg. Issuer) if not already set.
* Message will be signed if signing is enabled.
* SAMLv2 Query Request will be enclosed in the SOAP Body to create a SOAP
* message to send to the server.
*
* @param request the SAMLv2 <code>RequestAbstract</code> object.
* @param pepEntityID entity identifier of the hosted query requester.
* @param pdpEntityID entity identifier of the remote server.
* @return SAMLv2 <code>Response</code> received from the
* Query Responder.
* @throws SAML2Exception if there is an error processing the query.
*/
public static Response processXACMLQuery(RequestAbstract request, String pepEntityID, String pdpEntityID) throws SAML2Exception {
String classMethod = "QueryClient:processXACMLQuery";
String realm = "/";
Response samlResponse = null;
Response response = null;
// retreive pepEntityID metadata
if (pepEntityID == null || pepEntityID.length() == 0) {
debug.error(classMethod + "PEP Identifier is null");
String[] data = { pepEntityID };
LogUtil.error(Level.INFO, LogUtil.INVALID_PEP_ID, data);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullPEP"));
}
// retreive pdpEntityID metadata
if (pdpEntityID == null || pdpEntityID.length() == 0) {
debug.error(classMethod + "PDP Identifier is null");
String[] data = { pdpEntityID };
LogUtil.error(Level.INFO, LogUtil.INVALID_PDP_ID, data);
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullPDP"));
}
if (request != null) {
// set properties in the request.
XACMLAuthzDecisionQuery xacmlQuery = (XACMLAuthzDecisionQuery) request;
if (xacmlQuery != null) {
// set Issuer
Issuer issuer = createIssuer(pepEntityID);
xacmlQuery.setIssuer(issuer);
//generate ID
String requestID = SAML2SDKUtils.generateID();
xacmlQuery.setID(requestID);
xacmlQuery.setVersion(SAML2Constants.VERSION_2_0);
xacmlQuery.setIssueInstant(new Date());
XACMLPDPConfigElement pdpConfig = getPDPConfig(realm, pdpEntityID);
if (pdpConfig != null) {
String wantQuerySigned = getAttributeValueFromPDPConfig(pdpConfig, "wantXACMLAuthzDecisionQuerySigned");
if (wantQuerySigned != null && wantQuerySigned.equals("true")) {
signAttributeQuery(xacmlQuery, realm, pepEntityID, false);
}
}
String xmlString = xacmlQuery.toXMLString(true, true);
if (debug.messageEnabled()) {
debug.message(classMethod + "XACML Query XML String :" + xmlString);
}
// retrieve endpoint from meta data
String endPoint = null;
XACMLAuthzDecisionQueryConfigElement pepConfig = getPEPConfig(realm, pepEntityID);
endPoint = getPDPEndPoint(pdpEntityID);
if (debug.messageEnabled()) {
debug.message(classMethod + " ResponseLocation is :" + endPoint);
}
// create SOAP message
try {
String soapMessage = SAML2SDKUtils.createSOAPMessageString(xmlString);
endPoint = SAML2SDKUtils.fillInBasicAuthInfo(pepConfig, endPoint);
String[] urls = { endPoint };
SOAPClient soapClient = new SOAPClient(urls);
if (debug.messageEnabled()) {
debug.message(classMethod + "soapMessage :" + soapMessage);
}
InputStream soapIn = soapClient.call(soapMessage, null, null);
StringBuffer reply = new StringBuffer();
String line;
BufferedReader reader = new BufferedReader(new InputStreamReader(soapIn, "UTF-8"));
while ((line = reader.readLine()) != null) {
reply.append(line).append("\n");
}
// check the SOAP message for any SOAP related errors
// before passing control to SAML processor
xmlString = reply.toString();
if (debug.messageEnabled()) {
debug.message("Response Message:\n" + xmlString);
}
samlResponse = getSAMLResponse(xmlString);
issuer = samlResponse.getIssuer();
String issuerID = null;
if (issuer != null) {
issuerID = issuer.getValue().trim();
}
boolean isTrusted = verifyResponseIssuer(realm, pepEntityID, issuerID);
if (!isTrusted) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Issuer in Request is not valid.");
}
String[] args = { realm, pepEntityID, pdpEntityID };
LogUtil.error(Level.INFO, LogUtil.INVALID_ISSUER_IN_PEP_REQUEST, args);
throw new SAML2Exception("invalidIssuerInRequest");
}
if (samlResponse != null) {
xmlString = samlResponse.toXMLString(true, true);
if (debug.messageEnabled()) {
debug.message(classMethod + "Response: " + xmlString);
}
response = verifyResponse(realm, pepEntityID, samlResponse);
if (debug.messageEnabled()) {
debug.message(classMethod + "Response with decrypted Assertion: " + response.toXMLString(true, true));
}
}
} catch (SOAPException soae) {
if (debug.messageEnabled()) {
debug.message(classMethod + "SOAPException :", soae);
}
throw new SAML2Exception(soae.getMessage());
} catch (Exception e) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Exception ", e);
}
throw new SAML2Exception(e.getMessage());
}
}
}
return response;
}
Also used :
InputStreamReader(java.io.InputStreamReader)
Issuer(com.sun.identity.saml2.assertion.Issuer)
InputStream(java.io.InputStream)
XACMLPDPConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement)
Date(java.util.Date)
SOAPException(javax.xml.soap.SOAPException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
IOException(java.io.IOException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Response(com.sun.identity.saml2.protocol.Response)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
SOAPClient(com.sun.identity.shared.jaxrpc.SOAPClient)
SOAPException(javax.xml.soap.SOAPException)
BufferedReader(java.io.BufferedReader)
XACMLAuthzDecisionQuery(com.sun.identity.xacml.saml2.XACMLAuthzDecisionQuery)
XACMLAuthzDecisionQueryConfigElement(com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement)
Aggregations
XACMLPDPConfigElement (com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement)9
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)5
XACMLAuthzDecisionQueryConfigElement (com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement)4
ArrayList (java.util.ArrayList)4
List (java.util.List)4
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)3
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)2
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)2
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)2
IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)2
SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)2
HashMap (java.util.HashMap)2
Iterator (java.util.Iterator)2
Map (java.util.Map)2
JAXBException (javax.xml.bind.JAXBException)2
CLIRequest (com.sun.identity.cli.CLIRequest)1
Issuer (com.sun.identity.saml2.assertion.Issuer)1
AttributeType (com.sun.identity.saml2.jaxb.entityconfig.AttributeType)1
EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)1
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)1
