Example 11 with AttributeAuthorityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement in project OpenAM by OpenRock.
the class AttributeQueryUtil method processAttributeQuery.
/**
* Processes the <code>AttributeQuery</code> coming
* from a requester.
*
* @param attrQuery the <code>AttributeQuery</code> object
* @param request the <code>HttpServletRequest</code> object
* @param response the <code>HttpServletResponse</code> object
* @param attrAuthorityEntityID entity ID of attribute authority
* @param realm the realm of hosted entity
* @param attrQueryProfileAlias the attribute query profile alias
*
* @return the <code>Response</code> object
* @exception SAML2Exception if the operation is not successful
*/
public static Response processAttributeQuery(AttributeQuery attrQuery, HttpServletRequest request, HttpServletResponse response, String attrAuthorityEntityID, String realm, String attrQueryProfileAlias) throws SAML2Exception {
AttributeAuthorityMapper attrAuthorityMapper = getAttributeAuthorityMapper(realm, attrAuthorityEntityID, attrQueryProfileAlias);
String attrQueryProfile = AttributeQueryUtil.getAttributeQueryProfile(attrQueryProfileAlias);
try {
attrAuthorityMapper.authenticateRequester(request, response, attrQuery, attrAuthorityEntityID, realm);
} catch (SAML2Exception se) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil." + "processAttributeQuery: ", se);
}
return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.REQUESTER, null, se.getMessage(), null);
}
try {
attrAuthorityMapper.validateAttributeQuery(request, response, attrQuery, attrAuthorityEntityID, realm);
} catch (SAML2Exception se) {
SAML2Utils.debug.error("AttributeQueryUtil.processAttributeQuery:", se);
return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.REQUESTER, null, se.getMessage(), null);
}
Issuer issuer = attrQuery.getIssuer();
String requesterEntityID = issuer.getValue();
AttributeAuthorityDescriptorElement aad = null;
try {
aad = metaManager.getAttributeAuthorityDescriptor(realm, attrAuthorityEntityID);
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error("AttributeQueryUtil.processAttributeQuery:", sme);
return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.RESPONDER, null, SAML2Utils.bundle.getString("metaDataError"), null);
}
if (aad == null) {
return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.REQUESTER, null, SAML2Utils.bundle.getString("attrAuthorityNotFound"), null);
}
Object identity = null;
try {
identity = attrAuthorityMapper.getIdentity(request, response, attrQuery, attrAuthorityEntityID, realm);
} catch (SAML2Exception se) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil." + "processAttributeQuery: ", se);
}
return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.REQUESTER, SAML2Constants.UNKNOWN_PRINCIPAL, se.getMessage(), null);
}
if (identity == null) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil." + "processAttributeQuery: unable to find identity.");
}
return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.REQUESTER, SAML2Constants.UNKNOWN_PRINCIPAL, null, null);
}
// Addition to support changing of desired attributes list
List desiredAttrs = (List) request.getAttribute("AttributeQueryUtil-desiredAttrs");
if (desiredAttrs == null) {
desiredAttrs = attrQuery.getAttributes();
}
try {
desiredAttrs = verifyDesiredAttributes(aad.getAttribute(), desiredAttrs);
} catch (SAML2Exception se) {
return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.REQUESTER, SAML2Constants.INVALID_ATTR_NAME_OR_VALUE, null, null);
}
List attributes = attrAuthorityMapper.getAttributes(identity, attrQuery, attrAuthorityEntityID, realm);
if (request.getAttribute("AttributeQueryUtil-storeAllAttributes") != null) {
request.setAttribute("AttributeQueryUtil-allAttributes", attributes);
}
attributes = filterAttributes(attributes, desiredAttrs);
ProtocolFactory protocolFactory = ProtocolFactory.getInstance();
Response samlResp = protocolFactory.createResponse();
List assertionList = new ArrayList();
Assertion assertion = null;
try {
assertion = getAssertion(attrQuery, attrAuthorityEntityID, requesterEntityID, realm, attrQueryProfileAlias, attributes);
} catch (SAML2Exception se) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.processAttributeQuery:", se);
}
return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.RESPONDER, null, se.getMessage(), null);
}
EncryptedID encryptedID = attrQuery.getSubject().getEncryptedID();
if (encryptedID != null) {
EncryptedAssertion encryptedAssertion = null;
try {
signAssertion(assertion, realm, attrAuthorityEntityID, false);
encryptedAssertion = encryptAssertion(assertion, encryptedID, attrAuthorityEntityID, requesterEntityID, realm, attrQueryProfileAlias);
} catch (SAML2Exception se) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.processAttributeQuery:", se);
}
return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.RESPONDER, null, se.getMessage(), null);
}
assertionList.add(encryptedAssertion);
samlResp.setEncryptedAssertion(assertionList);
} else {
assertionList.add(assertion);
samlResp.setAssertion(assertionList);
}
samlResp.setID(SAML2Utils.generateID());
samlResp.setInResponseTo(attrQuery.getID());
samlResp.setVersion(SAML2Constants.VERSION_2_0);
samlResp.setIssueInstant(new Date());
Status status = protocolFactory.createStatus();
StatusCode statusCode = protocolFactory.createStatusCode();
statusCode.setValue(SAML2Constants.SUCCESS);
status.setStatusCode(statusCode);
samlResp.setStatus(status);
Issuer respIssuer = AssertionFactory.getInstance().createIssuer();
respIssuer.setValue(attrAuthorityEntityID);
samlResp.setIssuer(respIssuer);
signResponse(samlResp, attrAuthorityEntityID, realm, false);
return samlResp;
}
Also used :
Status(com.sun.identity.saml2.protocol.Status)
Issuer(com.sun.identity.saml2.assertion.Issuer)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
ArrayList(java.util.ArrayList)
EncryptedAssertion(com.sun.identity.saml2.assertion.EncryptedAssertion)
Assertion(com.sun.identity.saml2.assertion.Assertion)
EncryptedID(com.sun.identity.saml2.assertion.EncryptedID)
StatusCode(com.sun.identity.saml2.protocol.StatusCode)
Date(java.util.Date)
AttributeAuthorityMapper(com.sun.identity.saml2.plugins.AttributeAuthorityMapper)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory)
Response(com.sun.identity.saml2.protocol.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
EncryptedAssertion(com.sun.identity.saml2.assertion.EncryptedAssertion)
List(java.util.List)
ArrayList(java.util.ArrayList)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 12 with AttributeAuthorityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement in project OpenAM by OpenRock.
the class AttributeQueryUtil method findLocation.
private static String findLocation(AttributeAuthorityDescriptorElement aad, String binding, String attrQueryProfile, String attrProfile) {
SAML2Utils.debug.message("AttributeQueryUtil.findLocation entering...");
List attrProfiles = aad.getAttributeProfile();
if ((attrProfiles == null) || (attrProfiles.isEmpty())) {
SAML2Utils.debug.message("AttributeQueryUtil.findLocation: attrProfiles is null or empty");
if (attrProfile != null) {
SAML2Utils.debug.message("AttributeQueryUtil.findLocation: attrProfiles is null or empty and attrProfile is null");
return null;
}
} else if (!attrProfiles.contains(attrProfile)) {
SAML2Utils.debug.message("AttributeQueryUtil.findLocation: attrProfile not found in the attrProfiles");
return null;
}
SAML2Utils.debug.message("AttributeQueryUtil.findLocation: entering...");
List attrServices = aad.getAttributeService();
for (Iterator iter = attrServices.iterator(); iter.hasNext(); ) {
AttributeServiceElement attrService = (AttributeServiceElement) iter.next();
if (isValidAttributeService(binding, attrService, attrQueryProfile)) {
SAML2Utils.debug.message("AttributeQueryUtil.findLocation: found valid service");
return attrService.getLocation();
}
}
SAML2Utils.debug.message("AttributeQueryUtil.findLocation: nothing found, leaving last line with null");
return null;
}
Also used :
AttributeServiceElement(com.sun.identity.saml2.jaxb.metadata.AttributeServiceElement)
Iterator(java.util.Iterator)
List(java.util.List)
ArrayList(java.util.ArrayList)
Aggregations
AttributeAuthorityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)10
ArrayList (java.util.ArrayList)8
List (java.util.List)8
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)6
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)6
AttributeServiceElement (com.sun.identity.saml2.jaxb.metadata.AttributeServiceElement)4
Issuer (com.sun.identity.saml2.assertion.Issuer)3
ObjectFactory (com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)3
AssertionIDRequestServiceElement (com.sun.identity.saml2.jaxb.metadata.AssertionIDRequestServiceElement)3
AuthnAuthorityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement)3
EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)3
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)3
AttributeQueryDescriptorElement (com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement)3
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)3
Iterator (java.util.Iterator)3
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)2
EncryptedID (com.sun.identity.saml2.assertion.EncryptedID)2
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)2
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)2
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)2
