use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.
the class EntityModelImpl method getSAMLv2Roles.
/*
* This is used to determine what 'roles' a particular entity is
* acting as. It will producs a list of role names which can then
* be used by the calling routine for whatever purpose it needs.
*/
public List getSAMLv2Roles(String entity, String realm) {
List roles = new ArrayList();
try {
SAML2MetaManager samlManager = new SAML2MetaManager();
EntityDescriptorElement d = samlManager.getEntityDescriptor(realm, entity);
if (d != null) {
// find out what role this dude is playing
if (SAML2MetaUtils.getSPSSODescriptor(d) != null) {
roles.add(SERVICE_PROVIDER);
}
if (SAML2MetaUtils.getIDPSSODescriptor(d) != null) {
roles.add(IDENTITY_PROVIDER);
}
if (SAML2MetaUtils.getPolicyDecisionPointDescriptor(d) != null) {
roles.add(POLICY_DECISION_POINT_DESCRIPTOR);
}
if (SAML2MetaUtils.getPolicyEnforcementPointDescriptor(d) != null) {
roles.add(POLICY_ENFORCEMENT_POINT_DESCRIPTOR);
}
if (SAML2MetaUtils.getAttributeAuthorityDescriptor(d) != null) {
roles.add(SAML_ATTRAUTHORITY);
}
if (SAML2MetaUtils.getAuthnAuthorityDescriptor(d) != null) {
roles.add(SAML_AUTHNAUTHORITY);
}
if (SAML2MetaUtils.getAttributeQueryDescriptor(d) != null) {
roles.add(SAML_ATTRQUERY);
}
if (samlManager.getAffiliationDescriptor(realm, entity) != null) {
roles.add(AFFILIATE);
}
}
} catch (SAML2MetaException s) {
if (debug.warningEnabled()) {
debug.warning("EntityModel.getSAMLv2Roles() - " + "Couldn't get SAMLMetaManager");
}
}
return (roles != null) ? roles : Collections.EMPTY_LIST;
}
use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.
the class TaskModelImpl method getEntities.
private Set getEntities(String realm, String cotName, boolean bIDP, boolean hosted) throws AMConsoleException {
try {
SAML2MetaManager mgr = new SAML2MetaManager();
Set entities = getEntities(realm, cotName);
Set results = new HashSet();
for (Iterator i = entities.iterator(); i.hasNext(); ) {
String entityId = (String) i.next();
EntityConfigElement elm = mgr.getEntityConfig(realm, entityId);
// elm could be null due to OPENAM-269
if (elm != null && elm.isHosted() == hosted) {
EntityDescriptorElement desc = mgr.getEntityDescriptor(realm, entityId);
if (bIDP) {
if (SAML2MetaUtils.getIDPSSODescriptor(desc) != null) {
results.add(entityId);
}
} else {
if (SAML2MetaUtils.getSPSSODescriptor(desc) != null) {
results.add(entityId);
}
}
}
}
return results;
} catch (SAML2MetaException ex) {
throw new AMConsoleException(ex.getMessage());
}
}
use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.
the class TaskModelImpl method setAcsUrl.
/**
* Saves the Salesforce login url as the Assertion Consumer Service Location
* @param realm Realm
* @param entityId Entity Name
* @param acsUrl assertion consumer service location
* @throws AMConsoleException if value cannot be saved.
*/
public void setAcsUrl(String realm, String entityId, String acsUrl) throws AMConsoleException {
SPSSODescriptorElement spssoDescriptor = null;
try {
SAML2MetaManager samlManager = new SAML2MetaManager();
EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityId);
spssoDescriptor = samlManager.getSPSSODescriptor(realm, entityId);
if (spssoDescriptor != null) {
List asconsServiceList = spssoDescriptor.getAssertionConsumerService();
for (Iterator i = asconsServiceList.listIterator(); i.hasNext(); ) {
AssertionConsumerServiceElement acsElem = (AssertionConsumerServiceElement) i.next();
if (acsElem.getBinding().contains("HTTP-POST")) {
acsElem.setLocation(acsUrl);
}
}
samlManager.setEntityDescriptor(realm, entityDescriptor);
}
} catch (SAML2MetaException e) {
debug.warning("SAMLv2ModelImpl.setSPStdAttributeValues:", e);
}
}
use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.
the class GetHostedIDPs method execute.
public String execute(Locale locale, Map params) throws WorkflowException {
String realm = getString(params, ParameterKeys.P_REALM);
String cot = getString(params, ParameterKeys.P_COT);
try {
CircleOfTrustManager cotMgr = new CircleOfTrustManager();
Set entities = cotMgr.listCircleOfTrustMember(realm, cot, COTConstants.SAML2);
SAML2MetaManager mgr = new SAML2MetaManager();
StringBuffer buff = new StringBuffer();
boolean first = true;
for (Iterator i = entities.iterator(); i.hasNext(); ) {
String entityId = (String) i.next();
EntityConfigElement elm = mgr.getEntityConfig(realm, entityId);
// elm could be null due to OPENAM-269
if (elm != null && elm.isHosted()) {
EntityDescriptorElement desc = mgr.getEntityDescriptor(realm, entityId);
if (SAML2MetaUtils.getIDPSSODescriptor(desc) != null) {
if (first) {
first = false;
} else {
buff.append("|");
}
buff.append(entityId);
}
}
}
return buff.toString();
} catch (COTException e) {
throw new WorkflowException(e.getMessage(), null);
} catch (SAML2MetaException e) {
throw new WorkflowException(e.getMessage(), null);
}
}
use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.
the class SAML2COTUtils method updateEntityConfig.
/**
* Updates the entity config to add the circle of turst name to the
* <code>cotlist</code> attribute. The Service Provider and Identity
* Provider Configuration are updated.
*
* @param realm the realm name where the entity configuration is.
* @param name the circle of trust name.
* @param entityId the name of the Entity identifier.
* @throws SAML2MetaException if there is a configuration error when
* updating the configuration.
* @throws JAXBException is there is an error updating the entity
* configuration.
*/
public void updateEntityConfig(String realm, String name, String entityId) throws SAML2MetaException, JAXBException {
String classMethod = "SAML2COTUtils.updateEntityConfig: ";
SAML2MetaManager metaManager = null;
if (callerSession == null) {
metaManager = new SAML2MetaManager();
} else {
metaManager = new SAML2MetaManager(callerSession);
}
ObjectFactory objFactory = new ObjectFactory();
// Check whether the entity id existed in the DS
EntityDescriptorElement edes = metaManager.getEntityDescriptor(realm, entityId);
if (edes == null) {
debug.error(classMethod + "No such entity: " + entityId);
String[] data = { realm, entityId };
throw new SAML2MetaException("entityid_invalid", data);
}
boolean isAffiliation = false;
if (metaManager.getAffiliationDescriptor(realm, entityId) != null) {
isAffiliation = true;
}
if (debug.messageEnabled()) {
debug.message(classMethod + "is " + entityId + " in realm " + realm + " an affiliation? " + isAffiliation);
}
EntityConfigElement eConfig = metaManager.getEntityConfig(realm, entityId);
if (eConfig == null) {
BaseConfigType bctype = null;
AttributeType atype = objFactory.createAttributeType();
atype.setName(SAML2Constants.COT_LIST);
atype.getValue().add(name);
// add to eConfig
EntityConfigElement ele = objFactory.createEntityConfigElement();
ele.setEntityID(entityId);
ele.setHosted(false);
if (isAffiliation) {
// handle affiliation case
bctype = objFactory.createAffiliationConfigElement();
bctype.getAttribute().add(atype);
ele.setAffiliationConfig(bctype);
} else {
List ll = ele.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
// Decide which role EntityDescriptorElement includes
List list = edes.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
for (Iterator iter = list.iterator(); iter.hasNext(); ) {
Object obj = iter.next();
if (obj instanceof SPSSODescriptorElement) {
bctype = objFactory.createSPSSOConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof IDPSSODescriptorElement) {
bctype = objFactory.createIDPSSOConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof XACMLPDPDescriptorElement) {
bctype = objFactory.createXACMLPDPConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof XACMLAuthzDecisionQueryDescriptorElement) {
bctype = objFactory.createXACMLAuthzDecisionQueryConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof AttributeAuthorityDescriptorElement) {
bctype = objFactory.createAttributeAuthorityConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof AttributeQueryDescriptorElement) {
bctype = objFactory.createAttributeQueryConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof AuthnAuthorityDescriptorElement) {
bctype = objFactory.createAuthnAuthorityConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
}
}
}
metaManager.setEntityConfig(realm, ele);
} else {
boolean needToSave = true;
List elist = null;
if (isAffiliation) {
AffiliationConfigElement affiliationCfgElm = metaManager.getAffiliationConfig(realm, entityId);
elist = new ArrayList();
elist.add(affiliationCfgElm);
} else {
elist = eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
}
for (Iterator iter = elist.iterator(); iter.hasNext(); ) {
boolean foundCOT = false;
BaseConfigType bConfig = (BaseConfigType) iter.next();
List list = bConfig.getAttribute();
for (Iterator iter2 = list.iterator(); iter2.hasNext(); ) {
AttributeType avp = (AttributeType) iter2.next();
if (avp.getName().trim().equalsIgnoreCase(SAML2Constants.COT_LIST)) {
foundCOT = true;
List avpl = avp.getValue();
if (avpl.isEmpty() || !containsValue(avpl, name)) {
avpl.add(name);
needToSave = true;
break;
}
}
}
// no cot_list in the original entity config
if (!foundCOT) {
AttributeType atype = objFactory.createAttributeType();
atype.setName(SAML2Constants.COT_LIST);
atype.getValue().add(name);
list.add(atype);
needToSave = true;
}
}
if (needToSave) {
metaManager.setEntityConfig(realm, eConfig);
}
}
}
Aggregations