Example 6 with AttributeAuthorityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement in project OpenAM by OpenRock.
the class AttributeQueryUtil method sendAttributeQuerySOAP.
private static Response sendAttributeQuerySOAP(AttributeQuery attrQuery, String attributeServiceURL, String attrAuthorityEntityID, AttributeAuthorityDescriptorElement aad) throws SAML2Exception {
String attrQueryXMLString = attrQuery.toXMLString(true, true);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.sendAttributeQuerySOAP: " + "attrQueryXMLString = " + attrQueryXMLString);
SAML2Utils.debug.message("AttributeQueryUtil.sendAttributeQuerySOAP: " + "attributeServiceURL = " + attributeServiceURL);
}
SOAPMessage resMsg = null;
try {
resMsg = SOAPCommunicator.getInstance().sendSOAPMessage(attrQueryXMLString, attributeServiceURL, true);
} catch (SOAPException se) {
SAML2Utils.debug.error("AttributeQueryUtil.sendAttributeQuerySOAP: ", se);
throw new SAML2Exception(SAML2Utils.bundle.getString("errorSendingAttributeQuery"));
}
Element respElem = SOAPCommunicator.getInstance().getSamlpElement(resMsg, "Response");
Response response = ProtocolFactory.getInstance().createResponse(respElem);
Status status = response.getStatus();
if (!SAML2Constants.SUCCESS.equals(status.getStatusCode().getValue())) {
String message = status.getStatusMessage() == null ? "" : status.getStatusMessage();
String detail = status.getStatusDetail() == null ? "" : status.getStatusDetail().toXMLString();
SAML2Utils.debug.error("AttributeQueryUtil.sendAttributeQuerySOAP: " + "Non-Success status " + status.getStatusCode().getValue() + ", message: " + message + ", detail: " + detail);
Object[] args = { status.getStatusCode().getValue(), message, detail };
throw new SAML2Exception(SAML2Utils.BUNDLE_NAME, "failureStatusAttributeQuery", args);
}
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.sendAttributeQuerySOAP: " + "response = " + response.toXMLString(true, true));
}
verifyResponse(response, attrQuery, attrAuthorityEntityID, aad);
return response;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Response(com.sun.identity.saml2.protocol.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Status(com.sun.identity.saml2.protocol.Status)
SOAPException(javax.xml.soap.SOAPException)
AttributeServiceElement(com.sun.identity.saml2.jaxb.metadata.AttributeServiceElement)
AttributeValueElement(com.sun.identity.saml2.jaxb.assertion.AttributeValueElement)
AttributeElement(com.sun.identity.saml2.jaxb.assertion.AttributeElement)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
AttributeAuthorityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.AttributeAuthorityConfigElement)
AttributeQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
Element(org.w3c.dom.Element)
AttributeQueryConfigElement(com.sun.identity.saml2.jaxb.entityconfig.AttributeQueryConfigElement)
SOAPMessage(javax.xml.soap.SOAPMessage)
Example 7 with AttributeAuthorityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement in project OpenAM by OpenRock.
the class SAML2COTUtils method updateEntityConfig.
/**
* Updates the entity config to add the circle of turst name to the
* <code>cotlist</code> attribute. The Service Provider and Identity
* Provider Configuration are updated.
*
* @param realm the realm name where the entity configuration is.
* @param name the circle of trust name.
* @param entityId the name of the Entity identifier.
* @throws SAML2MetaException if there is a configuration error when
* updating the configuration.
* @throws JAXBException is there is an error updating the entity
* configuration.
*/
public void updateEntityConfig(String realm, String name, String entityId) throws SAML2MetaException, JAXBException {
String classMethod = "SAML2COTUtils.updateEntityConfig: ";
SAML2MetaManager metaManager = null;
if (callerSession == null) {
metaManager = new SAML2MetaManager();
} else {
metaManager = new SAML2MetaManager(callerSession);
}
ObjectFactory objFactory = new ObjectFactory();
// Check whether the entity id existed in the DS
EntityDescriptorElement edes = metaManager.getEntityDescriptor(realm, entityId);
if (edes == null) {
debug.error(classMethod + "No such entity: " + entityId);
String[] data = { realm, entityId };
throw new SAML2MetaException("entityid_invalid", data);
}
boolean isAffiliation = false;
if (metaManager.getAffiliationDescriptor(realm, entityId) != null) {
isAffiliation = true;
}
if (debug.messageEnabled()) {
debug.message(classMethod + "is " + entityId + " in realm " + realm + " an affiliation? " + isAffiliation);
}
EntityConfigElement eConfig = metaManager.getEntityConfig(realm, entityId);
if (eConfig == null) {
BaseConfigType bctype = null;
AttributeType atype = objFactory.createAttributeType();
atype.setName(SAML2Constants.COT_LIST);
atype.getValue().add(name);
// add to eConfig
EntityConfigElement ele = objFactory.createEntityConfigElement();
ele.setEntityID(entityId);
ele.setHosted(false);
if (isAffiliation) {
// handle affiliation case
bctype = objFactory.createAffiliationConfigElement();
bctype.getAttribute().add(atype);
ele.setAffiliationConfig(bctype);
} else {
List ll = ele.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
// Decide which role EntityDescriptorElement includes
List list = edes.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
for (Iterator iter = list.iterator(); iter.hasNext(); ) {
Object obj = iter.next();
if (obj instanceof SPSSODescriptorElement) {
bctype = objFactory.createSPSSOConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof IDPSSODescriptorElement) {
bctype = objFactory.createIDPSSOConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof XACMLPDPDescriptorElement) {
bctype = objFactory.createXACMLPDPConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof XACMLAuthzDecisionQueryDescriptorElement) {
bctype = objFactory.createXACMLAuthzDecisionQueryConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof AttributeAuthorityDescriptorElement) {
bctype = objFactory.createAttributeAuthorityConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof AttributeQueryDescriptorElement) {
bctype = objFactory.createAttributeQueryConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof AuthnAuthorityDescriptorElement) {
bctype = objFactory.createAuthnAuthorityConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
}
}
}
metaManager.setEntityConfig(realm, ele);
} else {
boolean needToSave = true;
List elist = null;
if (isAffiliation) {
AffiliationConfigElement affiliationCfgElm = metaManager.getAffiliationConfig(realm, entityId);
elist = new ArrayList();
elist.add(affiliationCfgElm);
} else {
elist = eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
}
for (Iterator iter = elist.iterator(); iter.hasNext(); ) {
boolean foundCOT = false;
BaseConfigType bConfig = (BaseConfigType) iter.next();
List list = bConfig.getAttribute();
for (Iterator iter2 = list.iterator(); iter2.hasNext(); ) {
AttributeType avp = (AttributeType) iter2.next();
if (avp.getName().trim().equalsIgnoreCase(SAML2Constants.COT_LIST)) {
foundCOT = true;
List avpl = avp.getValue();
if (avpl.isEmpty() || !containsValue(avpl, name)) {
avpl.add(name);
needToSave = true;
break;
}
}
}
// no cot_list in the original entity config
if (!foundCOT) {
AttributeType atype = objFactory.createAttributeType();
atype.setName(SAML2Constants.COT_LIST);
atype.getValue().add(name);
list.add(atype);
needToSave = true;
}
}
if (needToSave) {
metaManager.setEntityConfig(realm, eConfig);
}
}
}
Also used :
AuthnAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
XACMLPDPDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
ArrayList(java.util.ArrayList)
AttributeQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
AffiliationConfigElement(com.sun.identity.saml2.jaxb.entityconfig.AffiliationConfigElement)
ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)
AttributeType(com.sun.identity.saml2.jaxb.entityconfig.AttributeType)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
XACMLAuthzDecisionQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLAuthzDecisionQueryDescriptorElement)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Example 8 with AttributeAuthorityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method getStandardAttributeAuthorityAttributes.
/**
* Returns a map with standard AttributeAuthority attributes and values.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @return Map with AttributeAuthority values.
* @throws AMConsoleException if unable to retrieve std AttributeAuthority
* values based on the realm and entityName passed.
*/
public Map getStandardAttributeAuthorityAttributes(String realm, String entityName) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "AttribAuthority-Std" };
logEvent("ATTEMPT_GET_ATTR_AUTH_ATTR_VALUES", params);
Map map = new HashMap();
AttributeAuthorityDescriptorElement attrauthDescriptor = null;
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
attrauthDescriptor = samlManager.getAttributeAuthorityDescriptor(realm, entityName);
map.put(ATTR_SEFVICE_DEFAULT_LOCATION, Collections.EMPTY_SET);
map.put(SUPPORTS_X509, Collections.EMPTY_SET);
map.put(ATTR_SEFVICE_LOCATION, Collections.EMPTY_SET);
if (attrauthDescriptor != null) {
List artServiceList = attrauthDescriptor.getAttributeService();
for (int i = 0; i < artServiceList.size(); i++) {
AttributeServiceElement key = (AttributeServiceElement) artServiceList.get(i);
if ((key.getLocation() != null) && (key.isSupportsX509Query())) {
map.put(SUPPORTS_X509, returnEmptySetIfValueIsNull(key.isSupportsX509Query()));
map.put(ATTR_SEFVICE_LOCATION, returnEmptySetIfValueIsNull(key.getLocation()));
} else if ((key.getLocation() != null) && (key.getLocation().length() > 0)) {
map.put(ATTR_SEFVICE_DEFAULT_LOCATION, returnEmptySetIfValueIsNull(key.getLocation()));
}
}
map.put(ASSERTION_ID_SAOP_LOC, Collections.EMPTY_SET);
map.put(ASSERTION_ID_URI_LOC, Collections.EMPTY_SET);
List assertionIDReqList = attrauthDescriptor.getAssertionIDRequestService();
for (int i = 0; i < assertionIDReqList.size(); i++) {
AssertionIDRequestServiceElement elem1 = (AssertionIDRequestServiceElement) assertionIDReqList.get(i);
if (elem1.getBinding().contains("SOAP")) {
map.put(ASSERTION_ID_SAOP_LOC, returnEmptySetIfValueIsNull(elem1.getLocation()));
} else if (elem1.getBinding().contains("URI")) {
map.put(ASSERTION_ID_URI_LOC, returnEmptySetIfValueIsNull(elem1.getLocation()));
}
}
map.put(ATTRIBUTE_PROFILE, Collections.EMPTY_SET);
List attrProfileList = attrauthDescriptor.getAttributeProfile();
if (!attrProfileList.isEmpty()) {
String key = (String) attrProfileList.get(0);
map.put(ATTRIBUTE_PROFILE, returnEmptySetIfValueIsNull(key));
}
}
logEvent("SUCCEED_GET_ATTR_AUTH_ATTR_VALUES", params);
} catch (SAML2MetaException e) {
debug.warning("SAMLv2ModelImpl.getStandardAttributeAuthorityAttributes:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "AttribAuthority-Std", strError };
logEvent("FEDERATION_EXCEPTION_GET_ATTR_AUTH_ATTR_VALUES", paramsEx);
throw new AMConsoleException(strError);
}
return map;
}
Also used :
AttributeServiceElement(com.sun.identity.saml2.jaxb.metadata.AttributeServiceElement)
AssertionIDRequestServiceElement(com.sun.identity.saml2.jaxb.metadata.AssertionIDRequestServiceElement)
HashMap(java.util.HashMap)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
List(java.util.List)
ArrayList(java.util.ArrayList)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Map(java.util.Map)
HashMap(java.util.HashMap)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 9 with AttributeAuthorityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method setStdAttributeAuthorityValues.
/**
* Saves the standard attribute values for Attribute Authority.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @param attrAuthValues Map which contains standard attribute auth values.
* @throws AMConsoleException if saving of attribute value fails.
*/
public void setStdAttributeAuthorityValues(String realm, String entityName, Map attrAuthValues) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "AttribAuthority-Std" };
com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact = new com.sun.identity.saml2.jaxb.metadata.ObjectFactory();
logEvent("ATTEMPT_MODIFY_ATTR_AUTH_ATTR_VALUES", params);
AttributeAuthorityDescriptorElement attrauthDescriptor = null;
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
attrauthDescriptor = samlManager.getAttributeAuthorityDescriptor(realm, entityName);
if (attrauthDescriptor != null) {
//save attribute Service
String defLocation = getResult(attrAuthValues, ATTR_SEFVICE_DEFAULT_LOCATION);
boolean is509 = setToBoolean(attrAuthValues, SUPPORTS_X509);
String x509Location = getResult(attrAuthValues, ATTR_SEFVICE_LOCATION);
AttributeServiceElement key1 = objFact.createAttributeServiceElement();
AttributeServiceElement key2 = objFact.createAttributeServiceElement();
key1.setBinding(soapBinding);
key1.setLocation("");
key2.setBinding(soapBinding);
key2.setSupportsX509Query(false);
key2.setLocation("");
if (defLocation != null && defLocation.length() > 0) {
key1.setLocation(defLocation);
}
if (x509Location != null && x509Location.length() > 0) {
key2.setLocation(x509Location);
key2.setSupportsX509Query(is509);
}
attrauthDescriptor.getAttributeService().clear();
attrauthDescriptor.getAttributeService().add(key1);
attrauthDescriptor.getAttributeService().add(key2);
//save assertion ID request
String soapLocation = getResult(attrAuthValues, ASSERTION_ID_SAOP_LOC);
String uriLocation = getResult(attrAuthValues, ASSERTION_ID_URI_LOC);
AssertionIDRequestServiceElement elem1 = objFact.createAssertionIDRequestServiceElement();
AssertionIDRequestServiceElement elem2 = objFact.createAssertionIDRequestServiceElement();
elem1.setBinding(soapBinding);
elem2.setBinding(uriBinding);
if (soapLocation != null) {
elem1.setLocation(soapLocation);
}
if (uriLocation != null) {
elem2.setLocation(uriLocation);
}
attrauthDescriptor.getAssertionIDRequestService().clear();
attrauthDescriptor.getAssertionIDRequestService().add(elem1);
attrauthDescriptor.getAssertionIDRequestService().add(elem2);
//save attribute profile
String attrProfile = getResult(attrAuthValues, ATTRIBUTE_PROFILE);
List attrProfileList = attrauthDescriptor.getAttributeProfile();
if (!attrProfileList.isEmpty()) {
attrauthDescriptor.getAttributeProfile().clear();
}
attrauthDescriptor.getAttributeProfile().add(attrProfile);
samlManager.setEntityDescriptor(realm, entityDescriptor);
}
logEvent("SUCCEED_MODIFY_ATTR_AUTH_ATTR_VALUES", params);
} catch (SAML2MetaException e) {
debug.warning("SAMLv2ModelImpl.setStdAttributeAuthorityValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "AttribAuthority-Std", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ATTR_AUTH_ATTR_VALUES", paramsEx);
throw new AMConsoleException(strError);
} catch (JAXBException e) {
debug.warning("SAMLv2ModelImpl.setStdAttributeAuthorityValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "AttribAuthority-Std", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ATTR_AUTH_ATTR_VALUES", paramsEx);
}
}
Also used :
AttributeServiceElement(com.sun.identity.saml2.jaxb.metadata.AttributeServiceElement)
AssertionIDRequestServiceElement(com.sun.identity.saml2.jaxb.metadata.AssertionIDRequestServiceElement)
JAXBException(javax.xml.bind.JAXBException)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)
List(java.util.List)
ArrayList(java.util.ArrayList)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 10 with AttributeAuthorityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement in project OpenAM by OpenRock.
the class AttributeQueryUtil method verifyResponse.
private static void verifyResponse(Response response, AttributeQuery attrQuery, String attrAuthorityEntityID, AttributeAuthorityDescriptorElement aad) throws SAML2Exception {
String attrQueryID = attrQuery.getID();
if ((attrQueryID != null) && (!attrQueryID.equals(response.getInResponseTo()))) {
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidInResponseToAttrQuery"));
}
Issuer respIssuer = response.getIssuer();
if (respIssuer == null) {
return;
}
if (!attrAuthorityEntityID.equals(respIssuer.getValue())) {
throw new SAML2Exception(SAML2Utils.bundle.getString("responseIssuerMismatch"));
}
if (!response.isSigned()) {
throw new SAML2Exception(SAML2Utils.bundle.getString("responseNotSigned"));
}
Set<X509Certificate> signingCerts = KeyUtil.getVerificationCerts(aad, attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE);
if (!signingCerts.isEmpty()) {
boolean valid = response.isSignatureValid(signingCerts);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.verifyResponse: " + "Signature validity is : " + valid);
}
if (!valid) {
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignatureOnResponse"));
}
} else {
throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Issuer(com.sun.identity.saml2.assertion.Issuer)
X509Certificate(java.security.cert.X509Certificate)
Aggregations
AttributeAuthorityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)10
ArrayList (java.util.ArrayList)8
List (java.util.List)8
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)6
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)6
AttributeServiceElement (com.sun.identity.saml2.jaxb.metadata.AttributeServiceElement)4
Issuer (com.sun.identity.saml2.assertion.Issuer)3
ObjectFactory (com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)3
AssertionIDRequestServiceElement (com.sun.identity.saml2.jaxb.metadata.AssertionIDRequestServiceElement)3
AuthnAuthorityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement)3
EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)3
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)3
AttributeQueryDescriptorElement (com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement)3
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)3
Iterator (java.util.Iterator)3
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)2
EncryptedID (com.sun.identity.saml2.assertion.EncryptedID)2
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)2
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)2
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)2
