Search in sources :

Example 1 with ArtifactResolutionServiceElement

use of com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method getStandardIdentityProviderAttributes.

/**
     * Returns a map with standard identity provider attributes and values.
     *
     * @param realm to which the entity belongs.
     * @param entityName is the entity id.
     * @return Map with standard attribute values of Identity Provider.
     * @throws AMConsoleException if unable to retrieve the Identity Provider
     *     attrubutes based on the realm and entityName passed.
     */
public Map getStandardIdentityProviderAttributes(String realm, String entityName) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "IDP-Standard" };
    logEvent("ATTEMPT_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
    Map map = new HashMap();
    IDPSSODescriptorElement idpssoDescriptor = null;
    try {
        SAML2MetaManager samlManager = getSAML2MetaManager();
        idpssoDescriptor = samlManager.getIDPSSODescriptor(realm, entityName);
        if (idpssoDescriptor != null) {
            // retrieve WantAuthnRequestsSigned
            map.put(WANT_AUTHN_REQ_SIGNED, returnEmptySetIfValueIsNull(idpssoDescriptor.isWantAuthnRequestsSigned()));
            //retrieve ArtifactResolutionService
            map.put(ART_RES_LOCATION, Collections.EMPTY_SET);
            map.put(ART_RES_INDEX, Collections.EMPTY_SET);
            map.put(ART_RES_ISDEFAULT, Collections.EMPTY_SET);
            List artList = idpssoDescriptor.getArtifactResolutionService();
            if (!artList.isEmpty()) {
                ArtifactResolutionServiceElement key = (ArtifactResolutionServiceElement) artList.get(0);
                map.put(ART_RES_LOCATION, returnEmptySetIfValueIsNull(key.getLocation()));
                map.put(ART_RES_INDEX, returnEmptySetIfValueIsNull(Integer.toString(key.getIndex())));
                map.put(ART_RES_ISDEFAULT, returnEmptySetIfValueIsNull(key.isIsDefault()));
            }
            //retrieve SingleLogoutService
            map.put(SINGLE_LOGOUT_HTTP_LOCATION, Collections.EMPTY_SET);
            map.put(SINGLE_LOGOUT_HTTP_RESP_LOCATION, Collections.EMPTY_SET);
            map.put(SLO_POST_LOC, Collections.EMPTY_SET);
            map.put(SLO_POST_RESPLOC, Collections.EMPTY_SET);
            map.put(SINGLE_LOGOUT_SOAP_LOCATION, Collections.EMPTY_SET);
            map.put(SINGLE_LOGOUT_DEFAULT, Collections.EMPTY_SET);
            List logoutList = idpssoDescriptor.getSingleLogoutService();
            for (int i = 0; i < logoutList.size(); i++) {
                SingleLogoutServiceElement spslsElem = (SingleLogoutServiceElement) logoutList.get(i);
                String tmp = spslsElem.getBinding();
                if (i == 0) {
                    map.put(SINGLE_LOGOUT_DEFAULT, returnEmptySetIfValueIsNull(tmp));
                }
                if (tmp.contains(httpRedirect)) {
                    map.put(SINGLE_LOGOUT_HTTP_LOCATION, returnEmptySetIfValueIsNull(spslsElem.getLocation()));
                    map.put(SINGLE_LOGOUT_HTTP_RESP_LOCATION, returnEmptySetIfValueIsNull(spslsElem.getResponseLocation()));
                } else if (tmp.contains(httpPost)) {
                    map.put(SLO_POST_LOC, returnEmptySetIfValueIsNull(spslsElem.getLocation()));
                    map.put(SLO_POST_RESPLOC, returnEmptySetIfValueIsNull(spslsElem.getResponseLocation()));
                } else if (tmp.contains(soap)) {
                    map.put(SINGLE_LOGOUT_SOAP_LOCATION, returnEmptySetIfValueIsNull(spslsElem.getLocation()));
                }
            }
            //retrieve ManageNameIDService
            map.put(MANAGE_NAMEID_HTTP_LOCATION, Collections.EMPTY_SET);
            map.put(MANAGE_NAMEID_HTTP_RESP_LOCATION, Collections.EMPTY_SET);
            map.put(MNI_POST_LOC, Collections.EMPTY_SET);
            map.put(MNI_POST_RESPLOC, Collections.EMPTY_SET);
            map.put(MANAGE_NAMEID_SOAP_LOCATION, Collections.EMPTY_SET);
            map.put(SINGLE_MANAGE_NAMEID_DEFAULT, Collections.EMPTY_SET);
            List manageNameIdList = idpssoDescriptor.getManageNameIDService();
            for (int i = 0; i < manageNameIdList.size(); i++) {
                ManageNameIDServiceElement mniElem = (ManageNameIDServiceElement) manageNameIdList.get(i);
                String tmp = mniElem.getBinding();
                if (i == 0) {
                    map.put(SINGLE_MANAGE_NAMEID_DEFAULT, returnEmptySetIfValueIsNull(tmp));
                }
                if (tmp.contains(httpRedirect)) {
                    map.put(MANAGE_NAMEID_HTTP_LOCATION, returnEmptySetIfValueIsNull(mniElem.getLocation()));
                    map.put(MANAGE_NAMEID_HTTP_RESP_LOCATION, returnEmptySetIfValueIsNull(mniElem.getResponseLocation()));
                } else if (tmp.contains(httpPost)) {
                    map.put(MNI_POST_LOC, returnEmptySetIfValueIsNull(mniElem.getLocation()));
                    map.put(MNI_POST_RESPLOC, returnEmptySetIfValueIsNull(mniElem.getResponseLocation()));
                } else if (tmp.contains(soap)) {
                    map.put(MANAGE_NAMEID_SOAP_LOCATION, returnEmptySetIfValueIsNull(mniElem.getLocation()));
                }
            }
            //retrieve nameid mapping service
            map.put(NAME_ID_MAPPPING, Collections.EMPTY_SET);
            List nameIDmappingList = idpssoDescriptor.getNameIDMappingService();
            if (!nameIDmappingList.isEmpty()) {
                NameIDMappingServiceElement namidElem1 = (NameIDMappingServiceElement) nameIDmappingList.get(0);
                map.put(NAME_ID_MAPPPING, returnEmptySetIfValueIsNull(namidElem1.getLocation()));
            }
            //retrieve nameid format
            map.put(NAMEID_FORMAT, (OrderedSet) convertListToSet(idpssoDescriptor.getNameIDFormat()));
            //retrieve single sign on service
            map.put(SINGLE_SIGNON_HTTP_LOCATION, Collections.EMPTY_SET);
            map.put(SINGLE_SIGNON_SOAP_LOCATION, Collections.EMPTY_SET);
            map.put(SSO_SOAPS_LOC, Collections.EMPTY_SET);
            List signonList = idpssoDescriptor.getSingleSignOnService();
            for (int i = 0; i < signonList.size(); i++) {
                SingleSignOnServiceElement signElem = (SingleSignOnServiceElement) signonList.get(i);
                String tmp = signElem.getBinding();
                if (tmp.contains(httpRedirect)) {
                    map.put(SINGLE_SIGNON_HTTP_LOCATION, returnEmptySetIfValueIsNull(signElem.getLocation()));
                } else if (tmp.contains(httpPost)) {
                    map.put(SINGLE_SIGNON_SOAP_LOCATION, returnEmptySetIfValueIsNull(signElem.getLocation()));
                } else if (tmp.contains(soap)) {
                    map.put(SSO_SOAPS_LOC, returnEmptySetIfValueIsNull(signElem.getLocation()));
                }
            }
            //retrieve key descriptor encryption details if present
            map.put(TF_KEY_NAME, Collections.EMPTY_SET);
            map.put(TF_ALGORITHM, Collections.EMPTY_SET);
            if (idpssoDescriptor.getKeyDescriptor() != null) {
                getKeyandAlgorithm(idpssoDescriptor, map);
            }
        }
        logEvent("SUCCEED_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
    } catch (SAML2MetaException e) {
        debug.warning("SAMLv2ModelImpl.getIdentityProviderAttributes:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "IDP-Standard", strError };
        logEvent("FEDERATION_EXCEPTION_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", paramsEx);
        throw new AMConsoleException(strError);
    }
    return map;
}
Also used : ManageNameIDServiceElement(com.sun.identity.saml2.jaxb.metadata.ManageNameIDServiceElement) HashMap(java.util.HashMap) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) SingleSignOnServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleSignOnServiceElement) ArtifactResolutionServiceElement(com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement) NameIDMappingServiceElement(com.sun.identity.saml2.jaxb.metadata.NameIDMappingServiceElement) SingleLogoutServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement) List(java.util.List) ArrayList(java.util.ArrayList) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) Map(java.util.Map) HashMap(java.util.HashMap) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)

Example 2 with ArtifactResolutionServiceElement

use of com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement in project OpenAM by OpenRock.

the class IDPSSOUtil method sendResponseArtifact.

/**
     * This method opens a URL connection to the target specified and
     * sends artifact response to it using the
     * <code>HttpServletResponse</code> object.
     *
     * @param response    the <code>HttpServletResponse</code> object
     * @param idpEntityID the entity id of the identity provider
     * @param realm       the realm name of the identity provider
     * @param acsURL      the assertion consumer service <code>URL</code>
     * @param relayState  the value of the <code>RelayState</code>
     * @param res         the <code>SAML Response</code> object
     * @param session     user session
     * @param props       property map including nameIDString for logging
     * @throws SAML2Exception if the operation is not successful
     */
public static void sendResponseArtifact(HttpServletRequest request, HttpServletResponse response, String idpEntityID, String spEntityID, String realm, String acsURL, String relayState, Response res, Object session, Map props) throws SAML2Exception {
    String classMethod = "IDPSSOUtil.sendResponseArtifact: ";
    IDPSSODescriptorElement idpSSODescriptorElement = null;
    try {
        idpSSODescriptorElement = metaManager.getIDPSSODescriptor(realm, idpEntityID);
        if (idpSSODescriptorElement == null) {
            SAML2Utils.debug.error(classMethod + "Unable to get IDP SSO Descriptor from meta.");
            String[] data = { idpEntityID };
            LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, data, session, props);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
    } catch (SAML2MetaException sme) {
        SAML2Utils.debug.error(classMethod + "Unable to get IDP SSO Descriptor from meta.");
        String[] data = { idpEntityID };
        LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, data, session, props);
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    }
    ArtifactResolutionServiceElement ars = (ArtifactResolutionServiceElement) idpSSODescriptorElement.getArtifactResolutionService().get(0);
    if (ars == null) {
        SAML2Utils.debug.error(classMethod + "Unable to get ArtifactResolutionServiceElement from meta.");
        String[] data = { idpEntityID };
        LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, data, session, props);
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    }
    Artifact art = null;
    try {
        art = ProtocolFactory.getInstance().createArtifact(null, ars.getIndex(), SAML2Utils.generateSourceID(idpEntityID), SAML2Utils.generateMessageHandleWithServerID());
    } catch (SAML2Exception se) {
        SAML2Utils.debug.error(classMethod + "Unable to create artifact: ", se);
        String[] data = { idpEntityID };
        LogUtil.error(Level.INFO, LogUtil.CANNOT_CREATE_ARTIFACT, data, session, props);
        SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "errorCreateArtifact", SAML2Utils.bundle.getString("errorCreateArtifact"));
        return;
    }
    String artStr = art.getArtifactValue();
    try {
        IDPCache.responsesByArtifacts.put(artStr, res);
        if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
            try {
                long expireTime = getValidTimeofResponse(realm, idpEntityID, res) / 1000;
                SAML2FailoverUtils.saveSAML2TokenWithoutSecondaryKey(artStr, res.toXMLString(true, true), expireTime);
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message(classMethod + "Saved Response to SAML2 Token Repository using key " + artStr);
                }
            } catch (SAML2TokenRepositoryException se) {
                SAML2Utils.debug.error(classMethod + "Unable to save Response to the SAML2 Token Repository", se);
            }
        }
        String messageEncoding = SAML2Utils.getAttributeValueFromSSOConfig(realm, spEntityID, SAML2Constants.SP_ROLE, SAML2Constants.RESPONSE_ARTIFACT_MESSAGE_ENCODING);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(classMethod + "messageEncoding = " + messageEncoding);
            SAML2Utils.debug.message(classMethod + "artStr = " + artStr);
        }
        if ((messageEncoding != null) && (messageEncoding.equals(SAML2Constants.FORM_ENCODING))) {
            String[] logdata = { idpEntityID, realm, acsURL };
            LogUtil.access(Level.INFO, LogUtil.SEND_ARTIFACT, logdata, session, props);
            SAML2Utils.postToTarget(request, response, SAML2Constants.SAML_ART, artStr, "RelayState", relayState, acsURL);
        } else {
            String redirectURL = acsURL + (acsURL.contains("?") ? "&" : "?") + "SAMLart=" + URLEncDec.encode(artStr);
            if ((relayState != null) && (relayState.trim().length() != 0)) {
                redirectURL += "&RelayState=" + URLEncDec.encode(relayState);
            }
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(classMethod + "Redirect URL = " + redirectURL);
            }
            String[] logdata = { idpEntityID, realm, redirectURL };
            LogUtil.access(Level.INFO, LogUtil.SEND_ARTIFACT, logdata, session, props);
            response.sendRedirect(redirectURL);
        }
    } catch (IOException ioe) {
        SAML2Utils.debug.error(classMethod + "Unable to send redirect: ", ioe);
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException) IOException(java.io.IOException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) ArtifactResolutionServiceElement(com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement) Artifact(com.sun.identity.saml2.protocol.Artifact) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)

Example 3 with ArtifactResolutionServiceElement

use of com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method setIDPStdAttributeValues.

/**
     * Saves the standard attribute values for the Identiy Provider.
     *
     * @param realm to which the entity belongs.
     * @param entityName is the entity id.
     * @param idpStdValues Map which contains the standard attribute values.
     * @throws AMConsoleException if saving of attribute value fails.
     */
public void setIDPStdAttributeValues(String realm, String entityName, Map idpStdValues) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "IDP-Standard" };
    logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
    IDPSSODescriptorElement idpssoDescriptor = null;
    com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact = new com.sun.identity.saml2.jaxb.metadata.ObjectFactory();
    try {
        SAML2MetaManager samlManager = getSAML2MetaManager();
        EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
        idpssoDescriptor = samlManager.getIDPSSODescriptor(realm, entityName);
        if (idpssoDescriptor != null) {
            // save for WantAuthnRequestsSigned 
            if (idpStdValues.keySet().contains(WANT_AUTHN_REQ_SIGNED)) {
                boolean value = setToBoolean(idpStdValues, WANT_AUTHN_REQ_SIGNED);
                idpssoDescriptor.setWantAuthnRequestsSigned(value);
            }
            // save for Artifact Resolution Service
            if (idpStdValues.keySet().contains(ART_RES_LOCATION)) {
                String artLocation = getResult(idpStdValues, ART_RES_LOCATION);
                String indexValue = getResult(idpStdValues, ART_RES_INDEX);
                if (StringUtils.isEmpty(indexValue)) {
                    indexValue = "0";
                }
                boolean isDefault = setToBoolean(idpStdValues, ART_RES_ISDEFAULT);
                ArtifactResolutionServiceElement elem = null;
                List artList = idpssoDescriptor.getArtifactResolutionService();
                if (artList.isEmpty()) {
                    elem = objFact.createArtifactResolutionServiceElement();
                    elem.setBinding(soapBinding);
                    elem.setLocation("");
                    elem.setIndex(0);
                    elem.setIsDefault(false);
                    idpssoDescriptor.getArtifactResolutionService().add(elem);
                    artList = idpssoDescriptor.getArtifactResolutionService();
                }
                elem = (ArtifactResolutionServiceElement) artList.get(0);
                elem.setLocation(artLocation);
                elem.setIndex(Integer.parseInt(indexValue));
                elem.setIsDefault(isDefault);
                idpssoDescriptor.getArtifactResolutionService().clear();
                idpssoDescriptor.getArtifactResolutionService().add(elem);
            }
            // save for Single Logout Service - Http-Redirect
            if (idpStdValues.keySet().contains(SINGLE_LOGOUT_HTTP_LOCATION)) {
                String lohttpLocation = getResult(idpStdValues, SINGLE_LOGOUT_HTTP_LOCATION);
                String lohttpRespLocation = getResult(idpStdValues, SINGLE_LOGOUT_HTTP_RESP_LOCATION);
                String postLocation = getResult(idpStdValues, SLO_POST_LOC);
                String postRespLocation = getResult(idpStdValues, SLO_POST_RESPLOC);
                String losoapLocation = getResult(idpStdValues, SINGLE_LOGOUT_SOAP_LOCATION);
                String priority = getResult(idpStdValues, SINGLE_LOGOUT_DEFAULT);
                if (priority.contains("none")) {
                    if (lohttpLocation != null) {
                        priority = httpRedirectBinding;
                    } else if (postLocation != null) {
                        priority = httpPostBinding;
                    } else if (losoapLocation != null) {
                        priority = soapBinding;
                    }
                }
                List logList = idpssoDescriptor.getSingleLogoutService();
                if (!logList.isEmpty()) {
                    logList.clear();
                }
                if (priority != null && priority.contains("HTTP-Redirect")) {
                    savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
                    savepostLogout(postLocation, postRespLocation, logList, objFact);
                    savesoapLogout(losoapLocation, logList, objFact);
                } else if (priority != null && priority.contains("HTTP-POST")) {
                    savepostLogout(postLocation, postRespLocation, logList, objFact);
                    savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
                    savesoapLogout(losoapLocation, logList, objFact);
                } else if (priority != null && priority.contains("SOAP")) {
                    savesoapLogout(losoapLocation, logList, objFact);
                    savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
                    savepostLogout(postLocation, postRespLocation, logList, objFact);
                }
            }
            // save for Manage Name ID Service
            if (idpStdValues.keySet().contains(MANAGE_NAMEID_HTTP_LOCATION)) {
                String mnihttpLocation = getResult(idpStdValues, MANAGE_NAMEID_HTTP_LOCATION);
                String mnihttpRespLocation = getResult(idpStdValues, MANAGE_NAMEID_HTTP_RESP_LOCATION);
                String mnipostLocation = getResult(idpStdValues, MNI_POST_LOC);
                String mnipostRespLocation = getResult(idpStdValues, MNI_POST_RESPLOC);
                String mnisoapLocation = getResult(idpStdValues, MANAGE_NAMEID_SOAP_LOCATION);
                String priority = getResult(idpStdValues, SINGLE_MANAGE_NAMEID_DEFAULT);
                if (priority.contains("none")) {
                    if (mnihttpLocation != null) {
                        priority = httpRedirectBinding;
                    } else if (mnipostLocation != null) {
                        priority = httpPostBinding;
                    } else if (mnisoapLocation != null) {
                        priority = soapBinding;
                    }
                }
                List manageNameIdList = idpssoDescriptor.getManageNameIDService();
                if (!manageNameIdList.isEmpty()) {
                    manageNameIdList.clear();
                }
                if (priority != null && priority.contains("HTTP-Redirect")) {
                    savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
                    savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
                    savesoapMni(mnisoapLocation, manageNameIdList, objFact);
                } else if (priority != null && priority.contains("HTTP-POST")) {
                    savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
                    savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
                    savesoapMni(mnisoapLocation, manageNameIdList, objFact);
                } else if (priority != null && priority.contains("SOAP")) {
                    savesoapMni(mnisoapLocation, manageNameIdList, objFact);
                    savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
                    savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
                }
            }
            //save nameid mapping
            if (idpStdValues.keySet().contains(NAME_ID_MAPPPING)) {
                String nameIDmappingloc = getResult(idpStdValues, NAME_ID_MAPPPING);
                NameIDMappingServiceElement namidElem1 = null;
                List nameIDmappingList = idpssoDescriptor.getNameIDMappingService();
                if (nameIDmappingList.isEmpty()) {
                    namidElem1 = objFact.createNameIDMappingServiceElement();
                    namidElem1.setBinding(soapBinding);
                    idpssoDescriptor.getNameIDMappingService().add(namidElem1);
                    nameIDmappingList = idpssoDescriptor.getNameIDMappingService();
                }
                namidElem1 = (NameIDMappingServiceElement) nameIDmappingList.get(0);
                namidElem1.setLocation(nameIDmappingloc);
                idpssoDescriptor.getNameIDMappingService().clear();
                idpssoDescriptor.getNameIDMappingService().add(namidElem1);
            }
            //save nameid format                
            if (idpStdValues.keySet().contains(NAMEID_FORMAT)) {
                saveNameIdFormat(idpssoDescriptor, idpStdValues);
            }
            //save for SingleSignOnService
            if (idpStdValues.keySet().contains(SINGLE_SIGNON_HTTP_LOCATION)) {
                String ssohttpLocation = getResult(idpStdValues, SINGLE_SIGNON_HTTP_LOCATION);
                String ssopostLocation = getResult(idpStdValues, SINGLE_SIGNON_SOAP_LOCATION);
                String ssoSoapLocation = getResult(idpStdValues, SSO_SOAPS_LOC);
                List signonList = idpssoDescriptor.getSingleSignOnService();
                if (!signonList.isEmpty()) {
                    signonList.clear();
                }
                if (ssohttpLocation != null && ssohttpLocation.length() > 0) {
                    SingleSignOnServiceElement slsElemRed = objFact.createSingleSignOnServiceElement();
                    slsElemRed.setBinding(httpRedirectBinding);
                    slsElemRed.setLocation(ssohttpLocation);
                    signonList.add(slsElemRed);
                }
                if (ssopostLocation != null && ssopostLocation.length() > 0) {
                    SingleSignOnServiceElement slsElemPost = objFact.createSingleSignOnServiceElement();
                    slsElemPost.setBinding(httpPostBinding);
                    slsElemPost.setLocation(ssopostLocation);
                    signonList.add(slsElemPost);
                }
                if (ssoSoapLocation != null && ssoSoapLocation.length() > 0) {
                    SingleSignOnServiceElement slsElemSoap = objFact.createSingleSignOnServiceElement();
                    slsElemSoap.setBinding(soapBinding);
                    slsElemSoap.setLocation(ssoSoapLocation);
                    signonList.add(slsElemSoap);
                }
            }
            samlManager.setEntityDescriptor(realm, entityDescriptor);
        }
        logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
    } catch (SAML2MetaException e) {
        debug.warning("SAMLv2ModelImpl.setIDPStdAttributeValues:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "IDP-Standard", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
        throw new AMConsoleException(strError);
    } catch (JAXBException e) {
        debug.warning("SAMLv2ModelImpl.setIDPStdAttributeValues:", e);
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "IDP-Standard", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
    }
}
Also used : JAXBException(javax.xml.bind.JAXBException) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement) SingleSignOnServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleSignOnServiceElement) ArtifactResolutionServiceElement(com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement) NameIDMappingServiceElement(com.sun.identity.saml2.jaxb.metadata.NameIDMappingServiceElement) ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory) List(java.util.List) ArrayList(java.util.ArrayList) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)

Example 4 with ArtifactResolutionServiceElement

use of com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement in project OpenAM by OpenRock.

the class SPACSUtils method getIDPArtifactResolutionServiceUrl.

// Retrieves the ArtifactResolutionServiceURL for an IDP.
private static String getIDPArtifactResolutionServiceUrl(int endpointIndex, String idpEntityID, IDPSSODescriptorElement idp, HttpServletRequest request, HttpServletResponse response) throws SAML2Exception, IOException {
    // find the artifact resolution service url
    List arsList = idp.getArtifactResolutionService();
    ArtifactResolutionServiceElement ars = null;
    String location = null;
    String defaultLocation = null;
    String firstLocation = null;
    int index;
    boolean isDefault = false;
    for (int i = 0; i < arsList.size(); i++) {
        ars = (ArtifactResolutionServiceElement) arsList.get(i);
        location = ars.getLocation();
        //String binding = ars.getBinding();
        index = ars.getIndex();
        isDefault = ars.isIsDefault();
        if (index == endpointIndex) {
            break;
        }
        if (isDefault) {
            defaultLocation = location;
        }
        if (i == 0) {
            firstLocation = location;
        }
        location = null;
    }
    if (location == null || location.length() == 0) {
        location = defaultLocation;
        if (location == null || location.length() == 0) {
            location = firstLocation;
            if (location == null || location.length() == 0) {
                SAML2Utils.debug.error("SPACSUtils: Unable to get the " + "location of artifact resolution service for " + idpEntityID);
                String[] data = { idpEntityID };
                LogUtil.error(Level.INFO, LogUtil.ARTIFACT_RESOLUTION_URL_NOT_FOUND, data, null);
                SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "cannotFindArtifactResolutionUrl", SAML2Utils.bundle.getString("cannotFindArtifactResolutionUrl"));
                throw new SAML2Exception(SAML2Utils.bundle.getString("cannotFindArtifactResolutionUrl"));
            }
        }
    }
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message("SPACSUtils: IDP artifact resolution " + "service url =" + location);
    }
    return location;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) List(java.util.List) ArrayList(java.util.ArrayList) ArtifactResolutionServiceElement(com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement)

Aggregations

ArtifactResolutionServiceElement (com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement)4 IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)3 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)3 ArrayList (java.util.ArrayList)3 List (java.util.List)3 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)2 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)2 NameIDMappingServiceElement (com.sun.identity.saml2.jaxb.metadata.NameIDMappingServiceElement)2 SingleSignOnServiceElement (com.sun.identity.saml2.jaxb.metadata.SingleSignOnServiceElement)2 SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)2 ObjectFactory (com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)1 EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)1 ManageNameIDServiceElement (com.sun.identity.saml2.jaxb.metadata.ManageNameIDServiceElement)1 SingleLogoutServiceElement (com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement)1 Artifact (com.sun.identity.saml2.protocol.Artifact)1 IOException (java.io.IOException)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 JAXBException (javax.xml.bind.JAXBException)1 SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)1