Search in sources :

Example 6 with EntityDescriptorElement

use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.

the class EntityModelImpl method getSAMLv2Roles.

/*
     * This is used to determine what 'roles' a particular entity is
     * acting as. It will producs a list of role names which can then
     * be used by the calling routine for whatever purpose it needs.
     */
public List getSAMLv2Roles(String entity, String realm) {
    List roles = new ArrayList();
    try {
        SAML2MetaManager samlManager = new SAML2MetaManager();
        EntityDescriptorElement d = samlManager.getEntityDescriptor(realm, entity);
        if (d != null) {
            // find out what role this dude is playing
            if (SAML2MetaUtils.getSPSSODescriptor(d) != null) {
                roles.add(SERVICE_PROVIDER);
            }
            if (SAML2MetaUtils.getIDPSSODescriptor(d) != null) {
                roles.add(IDENTITY_PROVIDER);
            }
            if (SAML2MetaUtils.getPolicyDecisionPointDescriptor(d) != null) {
                roles.add(POLICY_DECISION_POINT_DESCRIPTOR);
            }
            if (SAML2MetaUtils.getPolicyEnforcementPointDescriptor(d) != null) {
                roles.add(POLICY_ENFORCEMENT_POINT_DESCRIPTOR);
            }
            if (SAML2MetaUtils.getAttributeAuthorityDescriptor(d) != null) {
                roles.add(SAML_ATTRAUTHORITY);
            }
            if (SAML2MetaUtils.getAuthnAuthorityDescriptor(d) != null) {
                roles.add(SAML_AUTHNAUTHORITY);
            }
            if (SAML2MetaUtils.getAttributeQueryDescriptor(d) != null) {
                roles.add(SAML_ATTRQUERY);
            }
            if (samlManager.getAffiliationDescriptor(realm, entity) != null) {
                roles.add(AFFILIATE);
            }
        }
    } catch (SAML2MetaException s) {
        if (debug.warningEnabled()) {
            debug.warning("EntityModel.getSAMLv2Roles() - " + "Couldn't get SAMLMetaManager");
        }
    }
    return (roles != null) ? roles : Collections.EMPTY_LIST;
}
Also used : ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 7 with EntityDescriptorElement

use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.

the class TaskModelImpl method getEntities.

private Set getEntities(String realm, String cotName, boolean bIDP, boolean hosted) throws AMConsoleException {
    try {
        SAML2MetaManager mgr = new SAML2MetaManager();
        Set entities = getEntities(realm, cotName);
        Set results = new HashSet();
        for (Iterator i = entities.iterator(); i.hasNext(); ) {
            String entityId = (String) i.next();
            EntityConfigElement elm = mgr.getEntityConfig(realm, entityId);
            // elm could be null due to OPENAM-269
            if (elm != null && elm.isHosted() == hosted) {
                EntityDescriptorElement desc = mgr.getEntityDescriptor(realm, entityId);
                if (bIDP) {
                    if (SAML2MetaUtils.getIDPSSODescriptor(desc) != null) {
                        results.add(entityId);
                    }
                } else {
                    if (SAML2MetaUtils.getSPSSODescriptor(desc) != null) {
                        results.add(entityId);
                    }
                }
            }
        }
        return results;
    } catch (SAML2MetaException ex) {
        throw new AMConsoleException(ex.getMessage());
    }
}
Also used : TreeSet(java.util.TreeSet) HashSet(java.util.HashSet) Set(java.util.Set) Iterator(java.util.Iterator) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) HashSet(java.util.HashSet) EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)

Example 8 with EntityDescriptorElement

use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.

the class TaskModelImpl method setAcsUrl.

/**
     * Saves the Salesforce login url as the Assertion Consumer Service Location
     * @param realm Realm
     * @param entityId Entity Name
     * @param acsUrl assertion consumer service location
     * @throws AMConsoleException if value cannot be saved.
     */
public void setAcsUrl(String realm, String entityId, String acsUrl) throws AMConsoleException {
    SPSSODescriptorElement spssoDescriptor = null;
    try {
        SAML2MetaManager samlManager = new SAML2MetaManager();
        EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityId);
        spssoDescriptor = samlManager.getSPSSODescriptor(realm, entityId);
        if (spssoDescriptor != null) {
            List asconsServiceList = spssoDescriptor.getAssertionConsumerService();
            for (Iterator i = asconsServiceList.listIterator(); i.hasNext(); ) {
                AssertionConsumerServiceElement acsElem = (AssertionConsumerServiceElement) i.next();
                if (acsElem.getBinding().contains("HTTP-POST")) {
                    acsElem.setLocation(acsUrl);
                }
            }
            samlManager.setEntityDescriptor(realm, entityDescriptor);
        }
    } catch (SAML2MetaException e) {
        debug.warning("SAMLv2ModelImpl.setSPStdAttributeValues:", e);
    }
}
Also used : SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) Iterator(java.util.Iterator) AssertionConsumerServiceElement(com.sun.identity.saml2.jaxb.metadata.AssertionConsumerServiceElement) List(java.util.List) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 9 with EntityDescriptorElement

use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.

the class GetHostedIDPs method execute.

public String execute(Locale locale, Map params) throws WorkflowException {
    String realm = getString(params, ParameterKeys.P_REALM);
    String cot = getString(params, ParameterKeys.P_COT);
    try {
        CircleOfTrustManager cotMgr = new CircleOfTrustManager();
        Set entities = cotMgr.listCircleOfTrustMember(realm, cot, COTConstants.SAML2);
        SAML2MetaManager mgr = new SAML2MetaManager();
        StringBuffer buff = new StringBuffer();
        boolean first = true;
        for (Iterator i = entities.iterator(); i.hasNext(); ) {
            String entityId = (String) i.next();
            EntityConfigElement elm = mgr.getEntityConfig(realm, entityId);
            // elm could be null due to OPENAM-269
            if (elm != null && elm.isHosted()) {
                EntityDescriptorElement desc = mgr.getEntityDescriptor(realm, entityId);
                if (SAML2MetaUtils.getIDPSSODescriptor(desc) != null) {
                    if (first) {
                        first = false;
                    } else {
                        buff.append("|");
                    }
                    buff.append(entityId);
                }
            }
        }
        return buff.toString();
    } catch (COTException e) {
        throw new WorkflowException(e.getMessage(), null);
    } catch (SAML2MetaException e) {
        throw new WorkflowException(e.getMessage(), null);
    }
}
Also used : CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager) Set(java.util.Set) Iterator(java.util.Iterator) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) COTException(com.sun.identity.cot.COTException) EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)

Example 10 with EntityDescriptorElement

use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.

the class SAML2COTUtils method updateEntityConfig.

/**
     * Updates the entity config to add the circle of turst name to the
     * <code>cotlist</code> attribute. The Service Provider and Identity
     * Provider Configuration are updated.
     *
     * @param realm the realm name where the entity configuration is.
     * @param name the circle of trust name.
     * @param entityId the name of the Entity identifier.
     * @throws SAML2MetaException if there is a configuration error when
     *         updating the configuration.
     * @throws JAXBException is there is an error updating the entity
     *          configuration.
     */
public void updateEntityConfig(String realm, String name, String entityId) throws SAML2MetaException, JAXBException {
    String classMethod = "SAML2COTUtils.updateEntityConfig: ";
    SAML2MetaManager metaManager = null;
    if (callerSession == null) {
        metaManager = new SAML2MetaManager();
    } else {
        metaManager = new SAML2MetaManager(callerSession);
    }
    ObjectFactory objFactory = new ObjectFactory();
    // Check whether the entity id existed in the DS
    EntityDescriptorElement edes = metaManager.getEntityDescriptor(realm, entityId);
    if (edes == null) {
        debug.error(classMethod + "No such entity: " + entityId);
        String[] data = { realm, entityId };
        throw new SAML2MetaException("entityid_invalid", data);
    }
    boolean isAffiliation = false;
    if (metaManager.getAffiliationDescriptor(realm, entityId) != null) {
        isAffiliation = true;
    }
    if (debug.messageEnabled()) {
        debug.message(classMethod + "is " + entityId + " in realm " + realm + " an affiliation? " + isAffiliation);
    }
    EntityConfigElement eConfig = metaManager.getEntityConfig(realm, entityId);
    if (eConfig == null) {
        BaseConfigType bctype = null;
        AttributeType atype = objFactory.createAttributeType();
        atype.setName(SAML2Constants.COT_LIST);
        atype.getValue().add(name);
        // add to eConfig
        EntityConfigElement ele = objFactory.createEntityConfigElement();
        ele.setEntityID(entityId);
        ele.setHosted(false);
        if (isAffiliation) {
            // handle affiliation case
            bctype = objFactory.createAffiliationConfigElement();
            bctype.getAttribute().add(atype);
            ele.setAffiliationConfig(bctype);
        } else {
            List ll = ele.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
            // Decide which role EntityDescriptorElement includes
            List list = edes.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
            for (Iterator iter = list.iterator(); iter.hasNext(); ) {
                Object obj = iter.next();
                if (obj instanceof SPSSODescriptorElement) {
                    bctype = objFactory.createSPSSOConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                } else if (obj instanceof IDPSSODescriptorElement) {
                    bctype = objFactory.createIDPSSOConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                } else if (obj instanceof XACMLPDPDescriptorElement) {
                    bctype = objFactory.createXACMLPDPConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                } else if (obj instanceof XACMLAuthzDecisionQueryDescriptorElement) {
                    bctype = objFactory.createXACMLAuthzDecisionQueryConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                } else if (obj instanceof AttributeAuthorityDescriptorElement) {
                    bctype = objFactory.createAttributeAuthorityConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                } else if (obj instanceof AttributeQueryDescriptorElement) {
                    bctype = objFactory.createAttributeQueryConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                } else if (obj instanceof AuthnAuthorityDescriptorElement) {
                    bctype = objFactory.createAuthnAuthorityConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                }
            }
        }
        metaManager.setEntityConfig(realm, ele);
    } else {
        boolean needToSave = true;
        List elist = null;
        if (isAffiliation) {
            AffiliationConfigElement affiliationCfgElm = metaManager.getAffiliationConfig(realm, entityId);
            elist = new ArrayList();
            elist.add(affiliationCfgElm);
        } else {
            elist = eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
        }
        for (Iterator iter = elist.iterator(); iter.hasNext(); ) {
            boolean foundCOT = false;
            BaseConfigType bConfig = (BaseConfigType) iter.next();
            List list = bConfig.getAttribute();
            for (Iterator iter2 = list.iterator(); iter2.hasNext(); ) {
                AttributeType avp = (AttributeType) iter2.next();
                if (avp.getName().trim().equalsIgnoreCase(SAML2Constants.COT_LIST)) {
                    foundCOT = true;
                    List avpl = avp.getValue();
                    if (avpl.isEmpty() || !containsValue(avpl, name)) {
                        avpl.add(name);
                        needToSave = true;
                        break;
                    }
                }
            }
            // no cot_list in the original entity config
            if (!foundCOT) {
                AttributeType atype = objFactory.createAttributeType();
                atype.setName(SAML2Constants.COT_LIST);
                atype.getValue().add(name);
                list.add(atype);
                needToSave = true;
            }
        }
        if (needToSave) {
            metaManager.setEntityConfig(realm, eConfig);
        }
    }
}
Also used : AuthnAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement) SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) XACMLPDPDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement) AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement) ArrayList(java.util.ArrayList) AttributeQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement) EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement) BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType) AffiliationConfigElement(com.sun.identity.saml2.jaxb.entityconfig.AffiliationConfigElement) ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory) AttributeType(com.sun.identity.saml2.jaxb.entityconfig.AttributeType) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) List(java.util.List) XACMLAuthzDecisionQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLAuthzDecisionQueryDescriptorElement) EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)

Aggregations

EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)29 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)20 SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)20 List (java.util.List)18 ArrayList (java.util.ArrayList)16 EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)12 Iterator (java.util.Iterator)11 JAXBException (javax.xml.bind.JAXBException)11 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)8 ObjectFactory (com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)8 Set (java.util.Set)7 COTException (com.sun.identity.cot.COTException)6 HashSet (java.util.HashSet)5 AttributeType (com.sun.identity.saml2.jaxb.entityconfig.AttributeType)4 BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)4 SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)4 IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)4 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)4 XACMLPDPDescriptorElement (com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement)4 AttributeQueryDescriptorElement (com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement)4