Example 1 with ArtifactResolutionServiceElement
use of com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method getStandardIdentityProviderAttributes.
/**
* Returns a map with standard identity provider attributes and values.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @return Map with standard attribute values of Identity Provider.
* @throws AMConsoleException if unable to retrieve the Identity Provider
* attrubutes based on the realm and entityName passed.
*/
public Map getStandardIdentityProviderAttributes(String realm, String entityName) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "IDP-Standard" };
logEvent("ATTEMPT_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
Map map = new HashMap();
IDPSSODescriptorElement idpssoDescriptor = null;
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
idpssoDescriptor = samlManager.getIDPSSODescriptor(realm, entityName);
if (idpssoDescriptor != null) {
// retrieve WantAuthnRequestsSigned
map.put(WANT_AUTHN_REQ_SIGNED, returnEmptySetIfValueIsNull(idpssoDescriptor.isWantAuthnRequestsSigned()));
//retrieve ArtifactResolutionService
map.put(ART_RES_LOCATION, Collections.EMPTY_SET);
map.put(ART_RES_INDEX, Collections.EMPTY_SET);
map.put(ART_RES_ISDEFAULT, Collections.EMPTY_SET);
List artList = idpssoDescriptor.getArtifactResolutionService();
if (!artList.isEmpty()) {
ArtifactResolutionServiceElement key = (ArtifactResolutionServiceElement) artList.get(0);
map.put(ART_RES_LOCATION, returnEmptySetIfValueIsNull(key.getLocation()));
map.put(ART_RES_INDEX, returnEmptySetIfValueIsNull(Integer.toString(key.getIndex())));
map.put(ART_RES_ISDEFAULT, returnEmptySetIfValueIsNull(key.isIsDefault()));
}
//retrieve SingleLogoutService
map.put(SINGLE_LOGOUT_HTTP_LOCATION, Collections.EMPTY_SET);
map.put(SINGLE_LOGOUT_HTTP_RESP_LOCATION, Collections.EMPTY_SET);
map.put(SLO_POST_LOC, Collections.EMPTY_SET);
map.put(SLO_POST_RESPLOC, Collections.EMPTY_SET);
map.put(SINGLE_LOGOUT_SOAP_LOCATION, Collections.EMPTY_SET);
map.put(SINGLE_LOGOUT_DEFAULT, Collections.EMPTY_SET);
List logoutList = idpssoDescriptor.getSingleLogoutService();
for (int i = 0; i < logoutList.size(); i++) {
SingleLogoutServiceElement spslsElem = (SingleLogoutServiceElement) logoutList.get(i);
String tmp = spslsElem.getBinding();
if (i == 0) {
map.put(SINGLE_LOGOUT_DEFAULT, returnEmptySetIfValueIsNull(tmp));
}
if (tmp.contains(httpRedirect)) {
map.put(SINGLE_LOGOUT_HTTP_LOCATION, returnEmptySetIfValueIsNull(spslsElem.getLocation()));
map.put(SINGLE_LOGOUT_HTTP_RESP_LOCATION, returnEmptySetIfValueIsNull(spslsElem.getResponseLocation()));
} else if (tmp.contains(httpPost)) {
map.put(SLO_POST_LOC, returnEmptySetIfValueIsNull(spslsElem.getLocation()));
map.put(SLO_POST_RESPLOC, returnEmptySetIfValueIsNull(spslsElem.getResponseLocation()));
} else if (tmp.contains(soap)) {
map.put(SINGLE_LOGOUT_SOAP_LOCATION, returnEmptySetIfValueIsNull(spslsElem.getLocation()));
}
}
//retrieve ManageNameIDService
map.put(MANAGE_NAMEID_HTTP_LOCATION, Collections.EMPTY_SET);
map.put(MANAGE_NAMEID_HTTP_RESP_LOCATION, Collections.EMPTY_SET);
map.put(MNI_POST_LOC, Collections.EMPTY_SET);
map.put(MNI_POST_RESPLOC, Collections.EMPTY_SET);
map.put(MANAGE_NAMEID_SOAP_LOCATION, Collections.EMPTY_SET);
map.put(SINGLE_MANAGE_NAMEID_DEFAULT, Collections.EMPTY_SET);
List manageNameIdList = idpssoDescriptor.getManageNameIDService();
for (int i = 0; i < manageNameIdList.size(); i++) {
ManageNameIDServiceElement mniElem = (ManageNameIDServiceElement) manageNameIdList.get(i);
String tmp = mniElem.getBinding();
if (i == 0) {
map.put(SINGLE_MANAGE_NAMEID_DEFAULT, returnEmptySetIfValueIsNull(tmp));
}
if (tmp.contains(httpRedirect)) {
map.put(MANAGE_NAMEID_HTTP_LOCATION, returnEmptySetIfValueIsNull(mniElem.getLocation()));
map.put(MANAGE_NAMEID_HTTP_RESP_LOCATION, returnEmptySetIfValueIsNull(mniElem.getResponseLocation()));
} else if (tmp.contains(httpPost)) {
map.put(MNI_POST_LOC, returnEmptySetIfValueIsNull(mniElem.getLocation()));
map.put(MNI_POST_RESPLOC, returnEmptySetIfValueIsNull(mniElem.getResponseLocation()));
} else if (tmp.contains(soap)) {
map.put(MANAGE_NAMEID_SOAP_LOCATION, returnEmptySetIfValueIsNull(mniElem.getLocation()));
}
}
//retrieve nameid mapping service
map.put(NAME_ID_MAPPPING, Collections.EMPTY_SET);
List nameIDmappingList = idpssoDescriptor.getNameIDMappingService();
if (!nameIDmappingList.isEmpty()) {
NameIDMappingServiceElement namidElem1 = (NameIDMappingServiceElement) nameIDmappingList.get(0);
map.put(NAME_ID_MAPPPING, returnEmptySetIfValueIsNull(namidElem1.getLocation()));
}
//retrieve nameid format
map.put(NAMEID_FORMAT, (OrderedSet) convertListToSet(idpssoDescriptor.getNameIDFormat()));
//retrieve single sign on service
map.put(SINGLE_SIGNON_HTTP_LOCATION, Collections.EMPTY_SET);
map.put(SINGLE_SIGNON_SOAP_LOCATION, Collections.EMPTY_SET);
map.put(SSO_SOAPS_LOC, Collections.EMPTY_SET);
List signonList = idpssoDescriptor.getSingleSignOnService();
for (int i = 0; i < signonList.size(); i++) {
SingleSignOnServiceElement signElem = (SingleSignOnServiceElement) signonList.get(i);
String tmp = signElem.getBinding();
if (tmp.contains(httpRedirect)) {
map.put(SINGLE_SIGNON_HTTP_LOCATION, returnEmptySetIfValueIsNull(signElem.getLocation()));
} else if (tmp.contains(httpPost)) {
map.put(SINGLE_SIGNON_SOAP_LOCATION, returnEmptySetIfValueIsNull(signElem.getLocation()));
} else if (tmp.contains(soap)) {
map.put(SSO_SOAPS_LOC, returnEmptySetIfValueIsNull(signElem.getLocation()));
}
}
//retrieve key descriptor encryption details if present
map.put(TF_KEY_NAME, Collections.EMPTY_SET);
map.put(TF_ALGORITHM, Collections.EMPTY_SET);
if (idpssoDescriptor.getKeyDescriptor() != null) {
getKeyandAlgorithm(idpssoDescriptor, map);
}
}
logEvent("SUCCEED_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
} catch (SAML2MetaException e) {
debug.warning("SAMLv2ModelImpl.getIdentityProviderAttributes:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "IDP-Standard", strError };
logEvent("FEDERATION_EXCEPTION_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", paramsEx);
throw new AMConsoleException(strError);
}
return map;
}
Also used :
ManageNameIDServiceElement(com.sun.identity.saml2.jaxb.metadata.ManageNameIDServiceElement)
HashMap(java.util.HashMap)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
SingleSignOnServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleSignOnServiceElement)
ArtifactResolutionServiceElement(com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement)
NameIDMappingServiceElement(com.sun.identity.saml2.jaxb.metadata.NameIDMappingServiceElement)
SingleLogoutServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement)
List(java.util.List)
ArrayList(java.util.ArrayList)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Map(java.util.Map)
HashMap(java.util.HashMap)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Example 2 with ArtifactResolutionServiceElement
use of com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement in project OpenAM by OpenRock.
the class IDPSSOUtil method sendResponseArtifact.
/**
* This method opens a URL connection to the target specified and
* sends artifact response to it using the
* <code>HttpServletResponse</code> object.
*
* @param response the <code>HttpServletResponse</code> object
* @param idpEntityID the entity id of the identity provider
* @param realm the realm name of the identity provider
* @param acsURL the assertion consumer service <code>URL</code>
* @param relayState the value of the <code>RelayState</code>
* @param res the <code>SAML Response</code> object
* @param session user session
* @param props property map including nameIDString for logging
* @throws SAML2Exception if the operation is not successful
*/
public static void sendResponseArtifact(HttpServletRequest request, HttpServletResponse response, String idpEntityID, String spEntityID, String realm, String acsURL, String relayState, Response res, Object session, Map props) throws SAML2Exception {
String classMethod = "IDPSSOUtil.sendResponseArtifact: ";
IDPSSODescriptorElement idpSSODescriptorElement = null;
try {
idpSSODescriptorElement = metaManager.getIDPSSODescriptor(realm, idpEntityID);
if (idpSSODescriptorElement == null) {
SAML2Utils.debug.error(classMethod + "Unable to get IDP SSO Descriptor from meta.");
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, data, session, props);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error(classMethod + "Unable to get IDP SSO Descriptor from meta.");
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, data, session, props);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
ArtifactResolutionServiceElement ars = (ArtifactResolutionServiceElement) idpSSODescriptorElement.getArtifactResolutionService().get(0);
if (ars == null) {
SAML2Utils.debug.error(classMethod + "Unable to get ArtifactResolutionServiceElement from meta.");
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, data, session, props);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
Artifact art = null;
try {
art = ProtocolFactory.getInstance().createArtifact(null, ars.getIndex(), SAML2Utils.generateSourceID(idpEntityID), SAML2Utils.generateMessageHandleWithServerID());
} catch (SAML2Exception se) {
SAML2Utils.debug.error(classMethod + "Unable to create artifact: ", se);
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.CANNOT_CREATE_ARTIFACT, data, session, props);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "errorCreateArtifact", SAML2Utils.bundle.getString("errorCreateArtifact"));
return;
}
String artStr = art.getArtifactValue();
try {
IDPCache.responsesByArtifacts.put(artStr, res);
if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
try {
long expireTime = getValidTimeofResponse(realm, idpEntityID, res) / 1000;
SAML2FailoverUtils.saveSAML2TokenWithoutSecondaryKey(artStr, res.toXMLString(true, true), expireTime);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "Saved Response to SAML2 Token Repository using key " + artStr);
}
} catch (SAML2TokenRepositoryException se) {
SAML2Utils.debug.error(classMethod + "Unable to save Response to the SAML2 Token Repository", se);
}
}
String messageEncoding = SAML2Utils.getAttributeValueFromSSOConfig(realm, spEntityID, SAML2Constants.SP_ROLE, SAML2Constants.RESPONSE_ARTIFACT_MESSAGE_ENCODING);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "messageEncoding = " + messageEncoding);
SAML2Utils.debug.message(classMethod + "artStr = " + artStr);
}
if ((messageEncoding != null) && (messageEncoding.equals(SAML2Constants.FORM_ENCODING))) {
String[] logdata = { idpEntityID, realm, acsURL };
LogUtil.access(Level.INFO, LogUtil.SEND_ARTIFACT, logdata, session, props);
SAML2Utils.postToTarget(request, response, SAML2Constants.SAML_ART, artStr, "RelayState", relayState, acsURL);
} else {
String redirectURL = acsURL + (acsURL.contains("?") ? "&" : "?") + "SAMLart=" + URLEncDec.encode(artStr);
if ((relayState != null) && (relayState.trim().length() != 0)) {
redirectURL += "&RelayState=" + URLEncDec.encode(relayState);
}
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "Redirect URL = " + redirectURL);
}
String[] logdata = { idpEntityID, realm, redirectURL };
LogUtil.access(Level.INFO, LogUtil.SEND_ARTIFACT, logdata, session, props);
response.sendRedirect(redirectURL);
}
} catch (IOException ioe) {
SAML2Utils.debug.error(classMethod + "Unable to send redirect: ", ioe);
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)
IOException(java.io.IOException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
ArtifactResolutionServiceElement(com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement)
Artifact(com.sun.identity.saml2.protocol.Artifact)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Example 3 with ArtifactResolutionServiceElement
use of com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method setIDPStdAttributeValues.
/**
* Saves the standard attribute values for the Identiy Provider.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @param idpStdValues Map which contains the standard attribute values.
* @throws AMConsoleException if saving of attribute value fails.
*/
public void setIDPStdAttributeValues(String realm, String entityName, Map idpStdValues) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "IDP-Standard" };
logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
IDPSSODescriptorElement idpssoDescriptor = null;
com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact = new com.sun.identity.saml2.jaxb.metadata.ObjectFactory();
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
idpssoDescriptor = samlManager.getIDPSSODescriptor(realm, entityName);
if (idpssoDescriptor != null) {
// save for WantAuthnRequestsSigned
if (idpStdValues.keySet().contains(WANT_AUTHN_REQ_SIGNED)) {
boolean value = setToBoolean(idpStdValues, WANT_AUTHN_REQ_SIGNED);
idpssoDescriptor.setWantAuthnRequestsSigned(value);
}
// save for Artifact Resolution Service
if (idpStdValues.keySet().contains(ART_RES_LOCATION)) {
String artLocation = getResult(idpStdValues, ART_RES_LOCATION);
String indexValue = getResult(idpStdValues, ART_RES_INDEX);
if (StringUtils.isEmpty(indexValue)) {
indexValue = "0";
}
boolean isDefault = setToBoolean(idpStdValues, ART_RES_ISDEFAULT);
ArtifactResolutionServiceElement elem = null;
List artList = idpssoDescriptor.getArtifactResolutionService();
if (artList.isEmpty()) {
elem = objFact.createArtifactResolutionServiceElement();
elem.setBinding(soapBinding);
elem.setLocation("");
elem.setIndex(0);
elem.setIsDefault(false);
idpssoDescriptor.getArtifactResolutionService().add(elem);
artList = idpssoDescriptor.getArtifactResolutionService();
}
elem = (ArtifactResolutionServiceElement) artList.get(0);
elem.setLocation(artLocation);
elem.setIndex(Integer.parseInt(indexValue));
elem.setIsDefault(isDefault);
idpssoDescriptor.getArtifactResolutionService().clear();
idpssoDescriptor.getArtifactResolutionService().add(elem);
}
// save for Single Logout Service - Http-Redirect
if (idpStdValues.keySet().contains(SINGLE_LOGOUT_HTTP_LOCATION)) {
String lohttpLocation = getResult(idpStdValues, SINGLE_LOGOUT_HTTP_LOCATION);
String lohttpRespLocation = getResult(idpStdValues, SINGLE_LOGOUT_HTTP_RESP_LOCATION);
String postLocation = getResult(idpStdValues, SLO_POST_LOC);
String postRespLocation = getResult(idpStdValues, SLO_POST_RESPLOC);
String losoapLocation = getResult(idpStdValues, SINGLE_LOGOUT_SOAP_LOCATION);
String priority = getResult(idpStdValues, SINGLE_LOGOUT_DEFAULT);
if (priority.contains("none")) {
if (lohttpLocation != null) {
priority = httpRedirectBinding;
} else if (postLocation != null) {
priority = httpPostBinding;
} else if (losoapLocation != null) {
priority = soapBinding;
}
}
List logList = idpssoDescriptor.getSingleLogoutService();
if (!logList.isEmpty()) {
logList.clear();
}
if (priority != null && priority.contains("HTTP-Redirect")) {
savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
savepostLogout(postLocation, postRespLocation, logList, objFact);
savesoapLogout(losoapLocation, logList, objFact);
} else if (priority != null && priority.contains("HTTP-POST")) {
savepostLogout(postLocation, postRespLocation, logList, objFact);
savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
savesoapLogout(losoapLocation, logList, objFact);
} else if (priority != null && priority.contains("SOAP")) {
savesoapLogout(losoapLocation, logList, objFact);
savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
savepostLogout(postLocation, postRespLocation, logList, objFact);
}
}
// save for Manage Name ID Service
if (idpStdValues.keySet().contains(MANAGE_NAMEID_HTTP_LOCATION)) {
String mnihttpLocation = getResult(idpStdValues, MANAGE_NAMEID_HTTP_LOCATION);
String mnihttpRespLocation = getResult(idpStdValues, MANAGE_NAMEID_HTTP_RESP_LOCATION);
String mnipostLocation = getResult(idpStdValues, MNI_POST_LOC);
String mnipostRespLocation = getResult(idpStdValues, MNI_POST_RESPLOC);
String mnisoapLocation = getResult(idpStdValues, MANAGE_NAMEID_SOAP_LOCATION);
String priority = getResult(idpStdValues, SINGLE_MANAGE_NAMEID_DEFAULT);
if (priority.contains("none")) {
if (mnihttpLocation != null) {
priority = httpRedirectBinding;
} else if (mnipostLocation != null) {
priority = httpPostBinding;
} else if (mnisoapLocation != null) {
priority = soapBinding;
}
}
List manageNameIdList = idpssoDescriptor.getManageNameIDService();
if (!manageNameIdList.isEmpty()) {
manageNameIdList.clear();
}
if (priority != null && priority.contains("HTTP-Redirect")) {
savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
savesoapMni(mnisoapLocation, manageNameIdList, objFact);
} else if (priority != null && priority.contains("HTTP-POST")) {
savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
savesoapMni(mnisoapLocation, manageNameIdList, objFact);
} else if (priority != null && priority.contains("SOAP")) {
savesoapMni(mnisoapLocation, manageNameIdList, objFact);
savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
}
}
//save nameid mapping
if (idpStdValues.keySet().contains(NAME_ID_MAPPPING)) {
String nameIDmappingloc = getResult(idpStdValues, NAME_ID_MAPPPING);
NameIDMappingServiceElement namidElem1 = null;
List nameIDmappingList = idpssoDescriptor.getNameIDMappingService();
if (nameIDmappingList.isEmpty()) {
namidElem1 = objFact.createNameIDMappingServiceElement();
namidElem1.setBinding(soapBinding);
idpssoDescriptor.getNameIDMappingService().add(namidElem1);
nameIDmappingList = idpssoDescriptor.getNameIDMappingService();
}
namidElem1 = (NameIDMappingServiceElement) nameIDmappingList.get(0);
namidElem1.setLocation(nameIDmappingloc);
idpssoDescriptor.getNameIDMappingService().clear();
idpssoDescriptor.getNameIDMappingService().add(namidElem1);
}
//save nameid format
if (idpStdValues.keySet().contains(NAMEID_FORMAT)) {
saveNameIdFormat(idpssoDescriptor, idpStdValues);
}
//save for SingleSignOnService
if (idpStdValues.keySet().contains(SINGLE_SIGNON_HTTP_LOCATION)) {
String ssohttpLocation = getResult(idpStdValues, SINGLE_SIGNON_HTTP_LOCATION);
String ssopostLocation = getResult(idpStdValues, SINGLE_SIGNON_SOAP_LOCATION);
String ssoSoapLocation = getResult(idpStdValues, SSO_SOAPS_LOC);
List signonList = idpssoDescriptor.getSingleSignOnService();
if (!signonList.isEmpty()) {
signonList.clear();
}
if (ssohttpLocation != null && ssohttpLocation.length() > 0) {
SingleSignOnServiceElement slsElemRed = objFact.createSingleSignOnServiceElement();
slsElemRed.setBinding(httpRedirectBinding);
slsElemRed.setLocation(ssohttpLocation);
signonList.add(slsElemRed);
}
if (ssopostLocation != null && ssopostLocation.length() > 0) {
SingleSignOnServiceElement slsElemPost = objFact.createSingleSignOnServiceElement();
slsElemPost.setBinding(httpPostBinding);
slsElemPost.setLocation(ssopostLocation);
signonList.add(slsElemPost);
}
if (ssoSoapLocation != null && ssoSoapLocation.length() > 0) {
SingleSignOnServiceElement slsElemSoap = objFact.createSingleSignOnServiceElement();
slsElemSoap.setBinding(soapBinding);
slsElemSoap.setLocation(ssoSoapLocation);
signonList.add(slsElemSoap);
}
}
samlManager.setEntityDescriptor(realm, entityDescriptor);
}
logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
} catch (SAML2MetaException e) {
debug.warning("SAMLv2ModelImpl.setIDPStdAttributeValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "IDP-Standard", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(strError);
} catch (JAXBException e) {
debug.warning("SAMLv2ModelImpl.setIDPStdAttributeValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "IDP-Standard", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
}
}
Also used :
JAXBException(javax.xml.bind.JAXBException)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
SingleSignOnServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleSignOnServiceElement)
ArtifactResolutionServiceElement(com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement)
NameIDMappingServiceElement(com.sun.identity.saml2.jaxb.metadata.NameIDMappingServiceElement)
ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)
List(java.util.List)
ArrayList(java.util.ArrayList)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Example 4 with ArtifactResolutionServiceElement
use of com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement in project OpenAM by OpenRock.
the class SPACSUtils method getIDPArtifactResolutionServiceUrl.
// Retrieves the ArtifactResolutionServiceURL for an IDP.
private static String getIDPArtifactResolutionServiceUrl(int endpointIndex, String idpEntityID, IDPSSODescriptorElement idp, HttpServletRequest request, HttpServletResponse response) throws SAML2Exception, IOException {
// find the artifact resolution service url
List arsList = idp.getArtifactResolutionService();
ArtifactResolutionServiceElement ars = null;
String location = null;
String defaultLocation = null;
String firstLocation = null;
int index;
boolean isDefault = false;
for (int i = 0; i < arsList.size(); i++) {
ars = (ArtifactResolutionServiceElement) arsList.get(i);
location = ars.getLocation();
//String binding = ars.getBinding();
index = ars.getIndex();
isDefault = ars.isIsDefault();
if (index == endpointIndex) {
break;
}
if (isDefault) {
defaultLocation = location;
}
if (i == 0) {
firstLocation = location;
}
location = null;
}
if (location == null || location.length() == 0) {
location = defaultLocation;
if (location == null || location.length() == 0) {
location = firstLocation;
if (location == null || location.length() == 0) {
SAML2Utils.debug.error("SPACSUtils: Unable to get the " + "location of artifact resolution service for " + idpEntityID);
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.ARTIFACT_RESOLUTION_URL_NOT_FOUND, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "cannotFindArtifactResolutionUrl", SAML2Utils.bundle.getString("cannotFindArtifactResolutionUrl"));
throw new SAML2Exception(SAML2Utils.bundle.getString("cannotFindArtifactResolutionUrl"));
}
}
}
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("SPACSUtils: IDP artifact resolution " + "service url =" + location);
}
return location;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
List(java.util.List)
ArrayList(java.util.ArrayList)
ArtifactResolutionServiceElement(com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement)
Aggregations
ArtifactResolutionServiceElement (com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement)4
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)3
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)3
ArrayList (java.util.ArrayList)3
List (java.util.List)3
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)2
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)2
NameIDMappingServiceElement (com.sun.identity.saml2.jaxb.metadata.NameIDMappingServiceElement)2
SingleSignOnServiceElement (com.sun.identity.saml2.jaxb.metadata.SingleSignOnServiceElement)2
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)2
ObjectFactory (com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)1
EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)1
ManageNameIDServiceElement (com.sun.identity.saml2.jaxb.metadata.ManageNameIDServiceElement)1
SingleLogoutServiceElement (com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement)1
Artifact (com.sun.identity.saml2.protocol.Artifact)1
IOException (java.io.IOException)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
JAXBException (javax.xml.bind.JAXBException)1
SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)1
