use of com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method createExtendedObject.
/**
* Creates the extended config object when it does not exist.
* @param realm the realm to which the entity belongs.
* @param entityName is the entity id.
* @param location indicates whether hosted or remote
* @param role can be SP, IDP or SP/IDP.
* @throws SAML2MetaException, JAXBException,
* AMConsoleException if saving of attribute value fails.
*/
private void createExtendedObject(String realm, String entityName, String location, String role) throws SAML2MetaException, JAXBException, AMConsoleException {
SAML2MetaManager samlManager = getSAML2MetaManager();
EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
ObjectFactory objFactory = new ObjectFactory();
EntityConfigElement entityConfigElement = objFactory.createEntityConfigElement();
entityConfigElement.setEntityID(entityName);
if (location.equals("remote")) {
entityConfigElement.setHosted(false);
} else {
entityConfigElement.setHosted(true);
}
List configList = entityConfigElement.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
BaseConfigType baseConfigIDP = null;
BaseConfigType baseConfigSP = null;
BaseConfigType baseConfigAuth = null;
AttributeAuthorityDescriptorElement attrauthDescriptor = samlManager.getAttributeAuthorityDescriptor(realm, entityName);
AuthnAuthorityDescriptorElement authnauthDescriptor = samlManager.getAuthnAuthorityDescriptor(realm, entityName);
AttributeQueryDescriptorElement attrQueryDescriptor = samlManager.getAttributeQueryDescriptor(realm, entityName);
IDPSSODescriptorElement idpssoDesc = samlManager.getIDPSSODescriptor(realm, entityName);
SPSSODescriptorElement spssoDesc = samlManager.getSPSSODescriptor(realm, entityName);
XACMLAuthzDecisionQueryDescriptorElement xacmlAuthzDescriptor = samlManager.getPolicyEnforcementPointDescriptor(realm, entityName);
XACMLPDPDescriptorElement xacmlPDPDescriptor = samlManager.getPolicyDecisionPointDescriptor(realm, entityName);
if (isDualRole(entityDescriptor)) {
baseConfigIDP = objFactory.createIDPSSOConfigElement();
baseConfigSP = objFactory.createSPSSOConfigElement();
baseConfigIDP = addAttributeType(extendedMetaIdpMap, baseConfigIDP);
baseConfigSP = addAttributeType(extendedMetaSpMap, baseConfigSP);
configList.add(baseConfigIDP);
configList.add(baseConfigSP);
} else if (role.equals(EntityModel.IDENTITY_PROVIDER) || (idpssoDesc != null)) {
baseConfigIDP = objFactory.createIDPSSOConfigElement();
baseConfigIDP = addAttributeType(extendedMetaIdpMap, baseConfigIDP);
configList.add(baseConfigIDP);
} else if (role.equals(EntityModel.SERVICE_PROVIDER) || (spssoDesc != null)) {
baseConfigSP = objFactory.createSPSSOConfigElement();
baseConfigSP = addAttributeType(extendedMetaSpMap, baseConfigSP);
configList.add(baseConfigSP);
}
if (role.equals(EntityModel.SAML_ATTRAUTHORITY) || (attrauthDescriptor != null)) {
baseConfigAuth = objFactory.createAttributeAuthorityConfigElement();
baseConfigAuth = addAttributeType(extAttrAuthMap, baseConfigAuth);
configList.add(baseConfigAuth);
}
if (role.equals(EntityModel.SAML_AUTHNAUTHORITY) || (authnauthDescriptor != null)) {
baseConfigAuth = objFactory.createAuthnAuthorityConfigElement();
baseConfigAuth = addAttributeType(extAuthnAuthMap, baseConfigAuth);
configList.add(baseConfigAuth);
}
if (role.equals(EntityModel.SAML_ATTRQUERY) || (attrQueryDescriptor != null)) {
baseConfigAuth = objFactory.createAttributeQueryConfigElement();
baseConfigAuth = addAttributeType(extattrQueryMap, baseConfigAuth);
configList.add(baseConfigAuth);
}
if (role.equals(EntityModel.POLICY_DECISION_POINT_DESCRIPTOR) || (xacmlPDPDescriptor != null)) {
baseConfigAuth = objFactory.createXACMLPDPConfigElement();
baseConfigAuth = addAttributeType(xacmlPDPExtendedMeta, baseConfigAuth);
configList.add(baseConfigAuth);
}
if (role.equals(EntityModel.POLICY_ENFORCEMENT_POINT_DESCRIPTOR) || (xacmlAuthzDescriptor != null)) {
baseConfigAuth = objFactory.createXACMLAuthzDecisionQueryConfigElement();
baseConfigAuth = addAttributeType(xacmlPEPExtendedMeta, baseConfigAuth);
configList.add(baseConfigAuth);
}
samlManager.setEntityConfig(realm, entityConfigElement);
}
use of com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method getStandardAuthnAuthorityAttributes.
/**
* Returns a map with standard AuthnAuthority attributes and values.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @return Map with AuthnAuthority values.
* @throws AMConsoleException if unable to retrieve std AuthnAuthority
* values based on the realm and entityName passed.
*/
public Map getStandardAuthnAuthorityAttributes(String realm, String entityName) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "AuthnAuthority-Std" };
logEvent("ATTEMPT_GET_AUTHN_AUTH_ATTR_VALUES", params);
Map map = new HashMap();
AuthnAuthorityDescriptorElement authnauthDescriptor = null;
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
authnauthDescriptor = samlManager.getAuthnAuthorityDescriptor(realm, entityName);
if (authnauthDescriptor != null) {
map.put(AUTHN_QUERY_SERVICE, Collections.EMPTY_SET);
List authQueryServiceList = authnauthDescriptor.getAuthnQueryService();
if (!authQueryServiceList.isEmpty()) {
AuthnQueryServiceElement key = (AuthnQueryServiceElement) authQueryServiceList.get(0);
map.put(AUTHN_QUERY_SERVICE, returnEmptySetIfValueIsNull(key.getLocation()));
}
map.put(ASSERTION_ID_SAOP_LOC, Collections.EMPTY_SET);
map.put(ASSERTION_ID_URI_LOC, Collections.EMPTY_SET);
List assertionIDReqList = authnauthDescriptor.getAssertionIDRequestService();
for (int i = 0; i < assertionIDReqList.size(); i++) {
AssertionIDRequestServiceElement elem1 = (AssertionIDRequestServiceElement) assertionIDReqList.get(i);
if (elem1.getBinding().contains("SOAP")) {
map.put(ASSERTION_ID_SAOP_LOC, returnEmptySetIfValueIsNull(elem1.getLocation()));
} else if (elem1.getBinding().contains("URI")) {
map.put(ASSERTION_ID_URI_LOC, returnEmptySetIfValueIsNull(elem1.getLocation()));
}
}
}
logEvent("SUCCEED_GET_AUTHN_AUTH_ATTR_VALUES", params);
} catch (SAML2MetaException e) {
debug.warning("SAMLv2ModelImpl.getStandardAuthnAuthorityAttributes:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "AuthnAuthority-Std", strError };
logEvent("FEDERATION_EXCEPTION_GET_AUTHN_AUTH_ATTR_VALUES", paramsEx);
throw new AMConsoleException(strError);
}
return map;
}
use of com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement in project OpenAM by OpenRock.
the class AuthnQueryUtil method processAuthnQuery.
/**
* This method processes the <code>AuthnQuery</code> coming
* from a requester.
*
* @param authnQuery the <code>AuthnQuery</code> object
* @param request the <code>HttpServletRequest</code> object
* @param response the <code>HttpServletResponse</code> object
* @param authnAuthorityEntityID entity ID of authentication authority
* @param realm the realm of hosted entity
*
* @return the <code>Response</code> object
* @exception SAML2Exception if the operation is not successful
*/
public static Response processAuthnQuery(AuthnQuery authnQuery, HttpServletRequest request, HttpServletResponse response, String authnAuthorityEntityID, String realm) throws SAML2Exception {
try {
verifyAuthnQuery(authnQuery, authnAuthorityEntityID, realm);
} catch (SAML2Exception se) {
SAML2Utils.debug.error("AuthnQueryUtil.processAuthnQuery:", se);
return SAML2Utils.getErrorResponse(authnQuery, SAML2Constants.REQUESTER, null, se.getMessage(), null);
}
Issuer issuer = authnQuery.getIssuer();
String spEntityID = issuer.getValue();
AuthnAuthorityDescriptorElement aad = null;
SAML2MetaManager metaManager = SAML2Utils.getSAML2MetaManager();
try {
aad = metaManager.getAuthnAuthorityDescriptor(realm, authnAuthorityEntityID);
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error("AuthnQueryUtil.processAuthnQuery:", sme);
return SAML2Utils.getErrorResponse(authnQuery, SAML2Constants.RESPONDER, null, SAML2Utils.bundle.getString("metaDataError"), null);
}
if (aad == null) {
return SAML2Utils.getErrorResponse(authnQuery, SAML2Constants.REQUESTER, null, SAML2Utils.bundle.getString("authnAuthorityNotFound"), null);
}
NameID nameID = getNameID(authnQuery.getSubject(), realm, authnAuthorityEntityID);
if (nameID == null) {
return SAML2Utils.getErrorResponse(authnQuery, SAML2Constants.REQUESTER, SAML2Constants.UNKNOWN_PRINCIPAL, null, null);
}
IDPAccountMapper idpAcctMapper = SAML2Utils.getIDPAccountMapper(realm, authnAuthorityEntityID);
String userID = idpAcctMapper.getIdentity(nameID, authnAuthorityEntityID, spEntityID, realm);
if (userID == null) {
return SAML2Utils.getErrorResponse(authnQuery, SAML2Constants.REQUESTER, SAML2Constants.UNKNOWN_PRINCIPAL, null, null);
}
IDPAuthnContextMapper idpAuthnContextMapper = IDPSSOUtil.getIDPAuthnContextMapper(realm, authnAuthorityEntityID);
// get assertion for matching authncontext using session
List returnAssertions = new ArrayList();
String qSessionIndex = authnQuery.getSessionIndex();
RequestedAuthnContext requestedAC = authnQuery.getRequestedAuthnContext();
List assertions = null;
String cacheKey = userID.toLowerCase();
AssertionFactory assertionFactory = AssertionFactory.getInstance();
if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AuthnQueryUtil.processAuthnQuery: " + "getting user assertions from DB. user = " + cacheKey);
}
List list = null;
try {
list = SAML2FailoverUtils.retrieveSAML2TokensWithSecondaryKey(cacheKey);
} catch (SAML2TokenRepositoryException se) {
SAML2Utils.debug.error("AuthnQueryUtil.processAuthnQuery: " + "Unable to obtain user assertions from CTS Repository. user = " + cacheKey, se);
}
if (list != null && !list.isEmpty()) {
assertions = new ArrayList();
for (Iterator iter = list.iterator(); iter.hasNext(); ) {
String assertionStr = (String) iter.next();
assertions.add(assertionFactory.createAssertion(assertionStr));
}
}
} else {
assertions = (List) IDPCache.assertionCache.get(cacheKey);
}
if ((assertions != null) && (!assertions.isEmpty())) {
synchronized (assertions) {
for (Iterator aIter = assertions.iterator(); aIter.hasNext(); ) {
Assertion assertion = (Assertion) aIter.next();
if (!assertion.isTimeValid()) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AuthnQueryUtil.processAuthnQuery: " + " assertion " + assertion.getID() + " expired.");
}
continue;
}
List authnStmts = assertion.getAuthnStatements();
for (Iterator asIter = authnStmts.iterator(); asIter.hasNext(); ) {
AuthnStatement authnStmt = (AuthnStatement) asIter.next();
AuthnContext authnStmtAC = authnStmt.getAuthnContext();
String sessionIndex = authnStmt.getSessionIndex();
String authnStmtACClassRef = authnStmtAC.getAuthnContextClassRef();
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AuthnQueryUtil.processAuthnQuery: " + "authnStmtACClassRef is " + authnStmtACClassRef + ", sessionIndex = " + sessionIndex);
}
if ((qSessionIndex != null) && (qSessionIndex.length() != 0) && (!qSessionIndex.equals(sessionIndex))) {
continue;
}
if (requestedAC != null) {
List requestedACClassRefs = requestedAC.getAuthnContextClassRef();
String comparison = requestedAC.getComparison();
if (idpAuthnContextMapper.isAuthnContextMatching(requestedACClassRefs, authnStmtACClassRef, comparison, realm, authnAuthorityEntityID)) {
returnAssertions.add(assertion);
break;
}
} else {
returnAssertions.add(assertion);
break;
}
}
}
}
// end assertion iterator while.
}
ProtocolFactory protocolFactory = ProtocolFactory.getInstance();
Response samlResp = protocolFactory.createResponse();
if (!returnAssertions.isEmpty()) {
samlResp.setAssertion(returnAssertions);
}
samlResp.setID(SAML2Utils.generateID());
samlResp.setInResponseTo(authnQuery.getID());
samlResp.setVersion(SAML2Constants.VERSION_2_0);
samlResp.setIssueInstant(new Date());
Status status = protocolFactory.createStatus();
StatusCode statusCode = protocolFactory.createStatusCode();
statusCode.setValue(SAML2Constants.SUCCESS);
status.setStatusCode(statusCode);
samlResp.setStatus(status);
Issuer respIssuer = assertionFactory.createIssuer();
respIssuer.setValue(authnAuthorityEntityID);
samlResp.setIssuer(respIssuer);
signResponse(samlResp, authnAuthorityEntityID, realm, false);
return samlResp;
}
use of com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method setStdAuthnAuthorityValues.
/**
* Saves the standard attribute values for Authn Authority.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @param authnAuthValues Map which contains standard authn authority values.
* @throws AMConsoleException if saving of attribute value fails.
*/
public void setStdAuthnAuthorityValues(String realm, String entityName, Map authnAuthValues) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "AuthnAuthority-Std" };
logEvent("ATTEMPT_MODIFY_AUTHN_AUTH_ATTR_VALUES", params);
com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact = new com.sun.identity.saml2.jaxb.metadata.ObjectFactory();
AuthnAuthorityDescriptorElement authnauthDescriptor = null;
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
authnauthDescriptor = samlManager.getAuthnAuthorityDescriptor(realm, entityName);
if (authnauthDescriptor != null) {
String queryService = getResult(authnAuthValues, AUTHN_QUERY_SERVICE);
//save query service
List authQueryServiceList = authnauthDescriptor.getAuthnQueryService();
if (!authQueryServiceList.isEmpty()) {
authnauthDescriptor.getAuthnQueryService().clear();
}
AuthnQueryServiceElement key = objFact.createAuthnQueryServiceElement();
key.setBinding(soapBinding);
key.setLocation(queryService);
authnauthDescriptor.getAuthnQueryService().add(key);
//save assertion ID request
String soapLocation = getResult(authnAuthValues, ASSERTION_ID_SAOP_LOC);
String uriLocation = getResult(authnAuthValues, ASSERTION_ID_URI_LOC);
List assertionIDReqList = authnauthDescriptor.getAssertionIDRequestService();
if (!assertionIDReqList.isEmpty()) {
assertionIDReqList.clear();
}
AssertionIDRequestServiceElement elem1 = objFact.createAssertionIDRequestServiceElement();
elem1.setBinding(soapBinding);
AssertionIDRequestServiceElement elem2 = objFact.createAssertionIDRequestServiceElement();
elem2.setBinding(uriBinding);
if (soapLocation != null) {
elem1.setLocation(soapLocation);
}
if (uriLocation != null) {
elem2.setLocation(uriLocation);
}
authnauthDescriptor.getAssertionIDRequestService().add(elem1);
authnauthDescriptor.getAssertionIDRequestService().add(elem2);
samlManager.setEntityDescriptor(realm, entityDescriptor);
}
logEvent("SUCCEED_MODIFY_AUTHN_AUTH_ATTR_VALUES", params);
} catch (SAML2MetaException e) {
debug.warning("SAMLv2ModelImpl.setStdAuthnAuthorityValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "AuthnAuthority-Std", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_AUTHN_AUTH_ATTR_VALUES", paramsEx);
throw new AMConsoleException(strError);
} catch (JAXBException e) {
debug.warning("SAMLv2ModelImpl.setStdAttributeAuthorityValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "AttribAuthority-Std", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_AUTHN_AUTH_ATTR_VALUES", paramsEx);
}
}
Aggregations