Example 1 with AttributeAuthorityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement in project OpenAM by OpenRock.
the class SAML2COTUtils method updateEntityConfig.
/**
* Updates the entity config to add the circle of turst name to the
* <code>cotlist</code> attribute. The Service Provider and Identity
* Provider Configuration are updated.
*
* @param realm the realm name where the entity configuration is.
* @param name the circle of trust name.
* @param entityId the name of the Entity identifier.
* @throws SAML2MetaException if there is a configuration error when
* updating the configuration.
* @throws JAXBException is there is an error updating the entity
* configuration.
*/
public void updateEntityConfig(String realm, String name, String entityId) throws SAML2MetaException, JAXBException {
String classMethod = "SAML2COTUtils.updateEntityConfig: ";
SAML2MetaManager metaManager = null;
if (callerSession == null) {
metaManager = new SAML2MetaManager();
} else {
metaManager = new SAML2MetaManager(callerSession);
}
ObjectFactory objFactory = new ObjectFactory();
// Check whether the entity id existed in the DS
EntityDescriptorElement edes = metaManager.getEntityDescriptor(realm, entityId);
if (edes == null) {
debug.error(classMethod + "No such entity: " + entityId);
String[] data = { realm, entityId };
throw new SAML2MetaException("entityid_invalid", data);
}
boolean isAffiliation = false;
if (metaManager.getAffiliationDescriptor(realm, entityId) != null) {
isAffiliation = true;
}
if (debug.messageEnabled()) {
debug.message(classMethod + "is " + entityId + " in realm " + realm + " an affiliation? " + isAffiliation);
}
EntityConfigElement eConfig = metaManager.getEntityConfig(realm, entityId);
if (eConfig == null) {
BaseConfigType bctype = null;
AttributeType atype = objFactory.createAttributeType();
atype.setName(SAML2Constants.COT_LIST);
atype.getValue().add(name);
// add to eConfig
EntityConfigElement ele = objFactory.createEntityConfigElement();
ele.setEntityID(entityId);
ele.setHosted(false);
if (isAffiliation) {
// handle affiliation case
bctype = objFactory.createAffiliationConfigElement();
bctype.getAttribute().add(atype);
ele.setAffiliationConfig(bctype);
} else {
List ll = ele.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
// Decide which role EntityDescriptorElement includes
List list = edes.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
for (Iterator iter = list.iterator(); iter.hasNext(); ) {
Object obj = iter.next();
if (obj instanceof SPSSODescriptorElement) {
bctype = objFactory.createSPSSOConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof IDPSSODescriptorElement) {
bctype = objFactory.createIDPSSOConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof XACMLPDPDescriptorElement) {
bctype = objFactory.createXACMLPDPConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof XACMLAuthzDecisionQueryDescriptorElement) {
bctype = objFactory.createXACMLAuthzDecisionQueryConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof AttributeAuthorityDescriptorElement) {
bctype = objFactory.createAttributeAuthorityConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof AttributeQueryDescriptorElement) {
bctype = objFactory.createAttributeQueryConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof AuthnAuthorityDescriptorElement) {
bctype = objFactory.createAuthnAuthorityConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
}
}
}
metaManager.setEntityConfig(realm, ele);
} else {
boolean needToSave = true;
List elist = null;
if (isAffiliation) {
AffiliationConfigElement affiliationCfgElm = metaManager.getAffiliationConfig(realm, entityId);
elist = new ArrayList();
elist.add(affiliationCfgElm);
} else {
elist = eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
}
for (Iterator iter = elist.iterator(); iter.hasNext(); ) {
boolean foundCOT = false;
BaseConfigType bConfig = (BaseConfigType) iter.next();
List list = bConfig.getAttribute();
for (Iterator iter2 = list.iterator(); iter2.hasNext(); ) {
AttributeType avp = (AttributeType) iter2.next();
if (avp.getName().trim().equalsIgnoreCase(SAML2Constants.COT_LIST)) {
foundCOT = true;
List avpl = avp.getValue();
if (avpl.isEmpty() || !containsValue(avpl, name)) {
avpl.add(name);
needToSave = true;
break;
}
}
}
// no cot_list in the original entity config
if (!foundCOT) {
AttributeType atype = objFactory.createAttributeType();
atype.setName(SAML2Constants.COT_LIST);
atype.getValue().add(name);
list.add(atype);
needToSave = true;
}
}
if (needToSave) {
metaManager.setEntityConfig(realm, eConfig);
}
}
}
Also used :
AuthnAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
XACMLPDPDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
ArrayList(java.util.ArrayList)
AttributeQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
AffiliationConfigElement(com.sun.identity.saml2.jaxb.entityconfig.AffiliationConfigElement)
ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)
AttributeType(com.sun.identity.saml2.jaxb.entityconfig.AttributeType)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
XACMLAuthzDecisionQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLAuthzDecisionQueryDescriptorElement)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Example 2 with AttributeAuthorityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement in project OpenAM by OpenRock.
the class AttributeQueryUtil method constructAttrQueryForFedlet.
/**
* Constructs the Attribute Query used by the Fedlet to retrieve the
* values from IDP
*
* @param samlResp saml response
*
* @exception SAML2Exception if the operation is not successful
*
* @supported.api
*/
private static AttributeQuery constructAttrQueryForFedlet(String spEntityID, String idpEntityID, String nameIDValue, List<String> attrsList, String attrqMetaAlias, String attrProfileNameAlias, String subjectDN, boolean wantNameIDEncrypted) throws SAML2Exception {
String attrqEntityID = SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(attrqMetaAlias);
ProtocolFactory protocolFactory = ProtocolFactory.getInstance();
AssertionFactory assertionFactory = AssertionFactory.getInstance();
AttributeQuery attrQuery = protocolFactory.createAttributeQuery();
Issuer issuer = assertionFactory.createIssuer();
issuer.setValue(attrqEntityID);
attrQuery.setIssuer(issuer);
attrQuery.setID(SAML2Utils.generateID());
attrQuery.setVersion(SAML2Constants.VERSION_2_0);
attrQuery.setIssueInstant(new Date());
List attrs = new ArrayList();
for (String attributeName : attrsList) {
Attribute attr = assertionFactory.createAttribute();
attr.setName(attributeName);
attr.setNameFormat(SAML2Constants.BASIC_NAME_FORMAT);
attrs.add(attr);
}
attrQuery.setAttributes(attrs);
Subject subject = assertionFactory.createSubject();
NameID nameID = assertionFactory.createNameID();
nameID.setNameQualifier(idpEntityID);
nameID.setSPNameQualifier(spEntityID);
if (attrProfileNameAlias.equals(SAML2Constants.DEFAULT_ATTR_QUERY_PROFILE_ALIAS)) {
nameID.setFormat(SAML2Constants.NAMEID_TRANSIENT_FORMAT);
nameID.setValue(nameIDValue);
}
if (attrProfileNameAlias.equals(SAML2Constants.X509_SUBJECT_ATTR_QUERY_PROFILE_ALIAS)) {
nameID.setFormat(SAML2Constants.X509_SUBJECT_NAME);
nameID.setValue(subjectDN);
}
if (!wantNameIDEncrypted) {
subject.setNameID(nameID);
} else {
AttributeAuthorityDescriptorElement aad = metaManager.getAttributeAuthorityDescriptor("/", idpEntityID);
EncInfo encInfo = KeyUtil.getEncInfo(aad, idpEntityID, SAML2Constants.ATTR_AUTH_ROLE);
EncryptedID encryptedID = nameID.encrypt(encInfo.getWrappingKey(), encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength(), idpEntityID);
subject.setEncryptedID(encryptedID);
}
attrQuery.setSubject(subject);
return attrQuery;
}
Also used :
Issuer(com.sun.identity.saml2.assertion.Issuer)
Attribute(com.sun.identity.saml2.assertion.Attribute)
NameID(com.sun.identity.saml2.assertion.NameID)
ArrayList(java.util.ArrayList)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
EncryptedID(com.sun.identity.saml2.assertion.EncryptedID)
Date(java.util.Date)
Subject(com.sun.identity.saml2.assertion.Subject)
ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory)
EncInfo(com.sun.identity.saml2.key.EncInfo)
AssertionFactory(com.sun.identity.saml2.assertion.AssertionFactory)
AttributeQuery(com.sun.identity.saml2.protocol.AttributeQuery)
List(java.util.List)
ArrayList(java.util.ArrayList)
Example 3 with AttributeAuthorityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement in project OpenAM by OpenRock.
the class AttributeQueryUtil method sendAttributeQuery.
/**
* Sends the <code>AttributeQuery</code> to specified
* attribute authority and returns <code>Response</code> coming
* from the attribute authority.
*
* @param attrQuery the <code>AttributeQuery</code> object
* @param request the HTTP Request
* @param response the HTTP Response
* @param attrAuthorityEntityID entity ID of attribute authority
* @param realm the realm of hosted entity
* @param attrQueryProfile the attribute query profile or null to ignore
* @param attrProfile the attribute profile
* @param binding the binding
*
* @exception SAML2Exception if the operation is not successful
*
* @supported.api
*/
public static void sendAttributeQuery(AttributeQuery attrQuery, HttpServletRequest request, HttpServletResponse response, String attrAuthorityEntityID, String realm, String attrQueryProfile, String attrProfile, String binding) throws SAML2Exception {
AttributeAuthorityDescriptorElement aad = null;
try {
aad = metaManager.getAttributeAuthorityDescriptor(realm, attrAuthorityEntityID);
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error("AttributeQueryUtil.sendAttributeQuery:", sme);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
if (aad == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("attrAuthorityNotFound"));
}
if (binding == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
String location = findLocation(aad, binding, attrQueryProfile, attrProfile);
if (location == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("attrAuthorityNotFound"));
}
if (binding.equalsIgnoreCase(SAML2Constants.HTTP_POST)) {
signAttributeQuery(attrQuery, realm, false);
String encodedReqMsg = SAML2Utils.encodeForPOST(attrQuery.toXMLString(true, true));
SAML2Utils.postToTarget(request, response, "SAMLRequest", encodedReqMsg, null, null, location);
} else {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 4 with AttributeAuthorityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement in project OpenAM by OpenRock.
the class AttributeQueryUtil method sendAttributeQuery.
/**
* Sends the <code>AttributeQuery</code> to specified
* attribute authority and returns <code>Response</code> coming
* from the attribute authority.
*
* @param attrQuery the <code>AttributeQuery</code> object
* @param attrAuthorityEntityID entity ID of attribute authority
* @param realm the realm of hosted entity
* @param attrQueryProfile the attribute query profile or null to ignore
* @param attrProfile the attribute profile
* @param binding the binding
*
* @return the <code>Response</code> object
* @exception SAML2Exception if the operation is not successful
*
* @supported.api
*/
public static Response sendAttributeQuery(AttributeQuery attrQuery, String attrAuthorityEntityID, String realm, String attrQueryProfile, String attrProfile, String binding) throws SAML2Exception {
AttributeAuthorityDescriptorElement aad = null;
try {
aad = metaManager.getAttributeAuthorityDescriptor(realm, attrAuthorityEntityID);
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error("AttributeQueryUtil.sendAttributeQuery:", sme);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
if (aad == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("attrAuthorityNotFound"));
}
if (binding == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
String location = findLocation(aad, binding, attrQueryProfile, attrProfile);
if (location == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("attrAuthorityNotFound"));
}
if (binding.equalsIgnoreCase(SAML2Constants.SOAP)) {
signAttributeQuery(attrQuery, realm, false);
return sendAttributeQuerySOAP(attrQuery, location, attrAuthorityEntityID, aad);
} else {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 5 with AttributeAuthorityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement in project OpenAM by OpenRock.
the class AssertionIDRequestUtil method getRoleDescriptorAndLocation.
private static RoleDescriptorType getRoleDescriptorAndLocation(String samlAuthorityEntityID, String role, String realm, String binding, StringBuffer location) throws SAML2Exception {
List aIDReqServices = null;
RoleDescriptorType roled = null;
try {
if (role == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedRole"));
} else if (role.equals(SAML2Constants.IDP_ROLE)) {
IDPSSODescriptorElement idpd = metaManager.getIDPSSODescriptor(realm, samlAuthorityEntityID);
if (idpd == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("idpNotFound"));
}
aIDReqServices = idpd.getAssertionIDRequestService();
roled = idpd;
} else if (role.equals(SAML2Constants.AUTHN_AUTH_ROLE)) {
AuthnAuthorityDescriptorElement attrd = metaManager.getAuthnAuthorityDescriptor(realm, samlAuthorityEntityID);
if (attrd == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("authnAuthorityNotFound"));
}
aIDReqServices = attrd.getAssertionIDRequestService();
roled = attrd;
} else if (role.equals(SAML2Constants.ATTR_AUTH_ROLE)) {
AttributeAuthorityDescriptorElement aad = metaManager.getAttributeAuthorityDescriptor(realm, samlAuthorityEntityID);
if (aad == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("attrAuthorityNotFound"));
}
aIDReqServices = aad.getAssertionIDRequestService();
roled = aad;
} else {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedRole"));
}
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error("AssertionIDRequest.getRoleDescriptorAndLocation:", sme);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
if (binding == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
if ((aIDReqServices == null) || (aIDReqServices.isEmpty())) {
throw new SAML2Exception(SAML2Utils.bundle.getString("aIDReqServiceNotFound"));
}
for (Iterator iter = aIDReqServices.iterator(); iter.hasNext(); ) {
AssertionIDRequestServiceElement aIDReqService = (AssertionIDRequestServiceElement) iter.next();
if (binding.equalsIgnoreCase(aIDReqService.getBinding())) {
location.append(aIDReqService.getLocation());
break;
}
}
if (location.length() == 0) {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
return roled;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
AuthnAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement)
AssertionIDRequestServiceElement(com.sun.identity.saml2.jaxb.metadata.AssertionIDRequestServiceElement)
RoleDescriptorType(com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
Iterator(java.util.Iterator)
List(java.util.List)
ArrayList(java.util.ArrayList)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Aggregations
AttributeAuthorityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)10
ArrayList (java.util.ArrayList)8
List (java.util.List)8
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)6
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)6
AttributeServiceElement (com.sun.identity.saml2.jaxb.metadata.AttributeServiceElement)4
Issuer (com.sun.identity.saml2.assertion.Issuer)3
ObjectFactory (com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)3
AssertionIDRequestServiceElement (com.sun.identity.saml2.jaxb.metadata.AssertionIDRequestServiceElement)3
AuthnAuthorityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement)3
EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)3
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)3
AttributeQueryDescriptorElement (com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement)3
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)3
Iterator (java.util.Iterator)3
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)2
EncryptedID (com.sun.identity.saml2.assertion.EncryptedID)2
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)2
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)2
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)2
