Example 11 with EntityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.
the class SAML2MetaCache method getEntityDescriptor.
/**
* Returns the standard metadata entity descriptor under the realm from
* cache.
* @param realm The realm under which the entity resides.
* @param entityId ID of the entity to be retrieved.
* @return <code>EntityDescriptorElement</code> for the entity or null
* if not found.
*/
static EntityDescriptorElement getEntityDescriptor(String realm, String entityId) {
String cacheKey = buildCacheKey(realm, entityId);
EntityDescriptorElement descriptor = (EntityDescriptorElement) descriptorCache.get(cacheKey);
if (debug.messageEnabled()) {
debug.message("SAML2MetaCache.getEntityDescriptor: cacheKey = " + cacheKey + ", found = " + (descriptor != null));
}
return descriptor;
}
Also used :
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
Example 12 with EntityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.
the class SAML2MetaManager method createEntity.
/**
* Creates the standard and extended metadata under the realm.
* @param realm The realm under which the entity descriptor will be
* created.
* @param descriptor The standard entity descriptor object to be created.
* @param config The extended entity config object to be created.
* @throws SAML2MetaException if unable to create the entity.
*/
public void createEntity(String realm, EntityDescriptorElement descriptor, EntityConfigElement config) throws SAML2MetaException {
debug.message("SAML2MetaManager.createEntity: called.");
if ((descriptor == null) && (config == null)) {
debug.error("SAML2metaManager.createEntity: no meta to import.");
return;
}
String entityId = null;
if (descriptor != null) {
entityId = descriptor.getEntityID();
} else {
entityId = config.getEntityID();
}
if (realm == null) {
realm = "/";
}
if (entityId == null) {
debug.error("SAML2MetaManager.createEntity: entity ID is null");
String[] data = { realm };
LogUtil.error(Level.INFO, LogUtil.NO_ENTITY_ID_CREATE_ENTITY_DESCRIPTOR, data, null);
throw new SAML2MetaException("empty_entityid", null);
}
if (debug.messageEnabled()) {
debug.message("SAML2MetaManager.createEntity: realm=" + realm + ", entityId=" + entityId);
}
String[] objs = { entityId, realm };
try {
EntityDescriptorElement oldDescriptor = null;
EntityConfigElement oldConfig = null;
boolean isCreate = true;
Map newAttrs = null;
Map oldAttrs = configInst.getConfiguration(realm, entityId);
if (oldAttrs != null) {
// get the entity descriptor if any
Set values = (Set) oldAttrs.get(ATTR_METADATA);
if ((values != null) && !values.isEmpty()) {
String value = (String) values.iterator().next();
Object obj = SAML2MetaUtils.convertStringToJAXB(value);
if (obj instanceof EntityDescriptorElement) {
oldDescriptor = (EntityDescriptorElement) obj;
if (debug.messageEnabled()) {
debug.message("SAML2MetaManager.createEntity: " + "got descriptor from SMS " + entityId);
}
}
}
// get the entity config if any
values = (Set) oldAttrs.get(ATTR_ENTITY_CONFIG);
if ((values != null) && !values.isEmpty()) {
String value = (String) values.iterator().next();
Object obj = SAML2MetaUtils.convertStringToJAXB(value);
if (obj instanceof EntityConfigElement) {
oldConfig = (EntityConfigElement) obj;
if (debug.messageEnabled()) {
debug.message("SAML2MetaManager.createEntity: " + "got entity config from SMS " + entityId);
}
}
}
}
if (oldDescriptor != null) {
if (descriptor != null) {
List currentRoles = oldDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
Set currentRolesTypes = getEntityRolesTypes(currentRoles);
List newRoles = descriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
for (Iterator i = newRoles.iterator(); i.hasNext(); ) {
Object role = i.next();
if (currentRolesTypes.contains(role.getClass().getName())) {
debug.error("SAML2MetaManager.createEntity: current" + " descriptor contains role " + role.getClass().getName() + " already");
String[] data = { entityId, realm };
LogUtil.error(Level.INFO, LogUtil.SET_ENTITY_DESCRIPTOR, data, null);
String[] param = { entityId };
throw new SAML2MetaException("role_already_exists", param);
}
currentRoles.add(role);
}
Map attrs = SAML2MetaUtils.convertJAXBToAttrMap(ATTR_METADATA, oldDescriptor);
oldAttrs.put(ATTR_METADATA, attrs.get(ATTR_METADATA));
isCreate = false;
}
} else {
if (descriptor != null) {
newAttrs = SAML2MetaUtils.convertJAXBToAttrMap(ATTR_METADATA, descriptor);
}
}
if (config != null) {
if ((oldDescriptor == null) && (descriptor == null)) {
debug.error("SAML2MetaManager.createEntity: entity " + "descriptor is null: " + entityId);
LogUtil.error(Level.INFO, LogUtil.NO_ENTITY_DESCRIPTOR_CREATE_ENTITY_CONFIG, objs, null);
throw new SAML2MetaException("entity_descriptor_not_exist", objs);
}
if (oldConfig != null) {
List currentRoles = oldConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
Set currentRolesTypes = getEntityRolesTypes(currentRoles);
List newRoles = config.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
for (Iterator i = newRoles.iterator(); i.hasNext(); ) {
Object role = i.next();
if (currentRolesTypes.contains(role.getClass().getName())) {
debug.error("SAML2MetaManager.createEntity: current" + " entity config contains role " + role.getClass().getName() + " already");
String[] data = { entityId, realm };
LogUtil.error(Level.INFO, LogUtil.SET_ENTITY_CONFIG, data, null);
String[] param = { entityId };
throw new SAML2MetaException("role_already_exists", param);
}
currentRoles.add(role);
}
Map attrs = SAML2MetaUtils.convertJAXBToAttrMap(ATTR_ENTITY_CONFIG, oldConfig);
oldAttrs.put(ATTR_ENTITY_CONFIG, attrs.get(ATTR_ENTITY_CONFIG));
isCreate = false;
} else {
Map attrs = SAML2MetaUtils.convertJAXBToAttrMap(ATTR_ENTITY_CONFIG, config);
if (oldAttrs != null) {
oldAttrs.put(ATTR_ENTITY_CONFIG, attrs.get(ATTR_ENTITY_CONFIG));
isCreate = false;
} else if (newAttrs != null) {
newAttrs.put(ATTR_ENTITY_CONFIG, attrs.get(ATTR_ENTITY_CONFIG));
}
}
}
if (isCreate) {
configInst.createConfiguration(realm, entityId, newAttrs);
if (descriptor != null) {
SAML2MetaCache.putEntityDescriptor(realm, entityId, descriptor);
LogUtil.access(Level.INFO, LogUtil.ENTITY_DESCRIPTOR_CREATED, objs, null);
} else if (config != null) {
LogUtil.access(Level.INFO, LogUtil.ENTITY_CONFIG_CREATED, objs, null);
}
// Add the entity to cot
if (config != null) {
SAML2MetaCache.putEntityConfig(realm, entityId, config);
addToCircleOfTrust(realm, entityId, config);
}
} else {
configInst.setConfiguration(realm, entityId, oldAttrs);
if (descriptor != null) {
LogUtil.access(Level.INFO, LogUtil.SET_ENTITY_DESCRIPTOR, objs, null);
SAML2MetaCache.putEntityDescriptor(realm, entityId, oldDescriptor);
} else if (config != null) {
LogUtil.access(Level.INFO, LogUtil.SET_ENTITY_CONFIG, objs, null);
}
if (oldConfig != null) {
SAML2MetaCache.putEntityConfig(realm, entityId, oldConfig);
} else if (config != null) {
SAML2MetaCache.putEntityConfig(realm, entityId, config);
addToCircleOfTrust(realm, entityId, config);
}
}
} catch (ConfigurationException e) {
debug.error("SAML2MetaManager.createEntity:", e);
String[] data = { e.getMessage(), entityId, realm };
LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_CREATE_ENTITY_DESCRIPTOR, data, null);
throw new SAML2MetaException(e);
} catch (JAXBException jaxbe) {
debug.error("SAML2MetaManager.createEntity:", jaxbe);
LogUtil.error(Level.INFO, LogUtil.CREATE_INVALID_ENTITY_DESCRIPTOR, objs, null);
throw new SAML2MetaException("invalid_descriptor", objs);
}
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
JAXBException(javax.xml.bind.JAXBException)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
ConfigurationException(com.sun.identity.plugin.configuration.ConfigurationException)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
Map(java.util.Map)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
Example 13 with EntityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.
the class SAML2MetaManager method getEntityDescriptor.
/**
* Returns the standard metadata entity descriptor under the realm.
* @param realm The realm under which the entity resides.
* @param entityId ID of the entity to be retrieved.
* @return <code>EntityDescriptorElement</code> for the entity or null if
* not found.
* @throws SAML2MetaException if unable to retrieve the entity descriptor.
*/
public EntityDescriptorElement getEntityDescriptor(String realm, String entityId) throws SAML2MetaException {
if (entityId == null) {
return null;
}
if (realm == null) {
realm = "/";
}
String[] objs = { entityId, realm };
EntityDescriptorElement descriptor = null;
if (callerSession == null) {
descriptor = SAML2MetaCache.getEntityDescriptor(realm, entityId);
if (descriptor != null) {
if (debug.messageEnabled()) {
debug.message("SAML2MetaManager.getEntityDescriptor: got " + "descriptor from SAML2MetaCache " + entityId);
}
LogUtil.access(Level.FINE, LogUtil.GOT_ENTITY_DESCRIPTOR, objs, null);
return descriptor;
}
}
try {
Map attrs = configInst.getConfiguration(realm, entityId);
if (attrs == null) {
return null;
}
Set values = (Set) attrs.get(ATTR_METADATA);
if ((values == null) || values.isEmpty()) {
return null;
}
String value = (String) values.iterator().next();
Object obj = SAML2MetaUtils.convertStringToJAXB(value);
if (obj instanceof EntityDescriptorElement) {
descriptor = (EntityDescriptorElement) obj;
SAML2MetaCache.putEntityDescriptor(realm, entityId, descriptor);
if (debug.messageEnabled()) {
debug.message("SAML2MetaManager.getEntityDescriptor: got " + "descriptor from SMS " + entityId);
}
LogUtil.access(Level.FINE, LogUtil.GOT_ENTITY_DESCRIPTOR, objs, null);
return descriptor;
}
debug.error("SAML2MetaManager.getEntityDescriptor: invalid descriptor");
LogUtil.error(Level.INFO, LogUtil.GOT_INVALID_ENTITY_DESCRIPTOR, objs, null);
throw new SAML2MetaException("invalid_descriptor", objs);
} catch (ConfigurationException e) {
debug.error("SAML2MetaManager.getEntityDescriptor", e);
String[] data = { e.getMessage(), entityId, realm };
LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_GET_ENTITY_DESCRIPTOR, data, null);
throw new SAML2MetaException(e);
} catch (JAXBException jaxbe) {
debug.error("SAML2MetaManager.getEntityDescriptor", jaxbe);
LogUtil.error(Level.INFO, LogUtil.GOT_INVALID_ENTITY_DESCRIPTOR, objs, null);
throw new SAML2MetaException("invalid_descriptor", objs);
}
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
ConfigurationException(com.sun.identity.plugin.configuration.ConfigurationException)
JAXBException(javax.xml.bind.JAXBException)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
Map(java.util.Map)
Example 14 with EntityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.
the class SAML2MetaUtils method getEntityDescriptorElement.
/**
*
* @param metadata A string representing an EntityDescriptorElement XML document
* @return EntityDescriptorElement an EntityDescriptorElement from the passed metadata
* @throws SAML2MetaException If there was a problem with the parsed metadata
* @throws JAXBException If there was a problem parsing the metadata
*/
public static EntityDescriptorElement getEntityDescriptorElement(String metadata) throws SAML2MetaException, JAXBException {
Document doc = XMLUtils.toDOMDocument(metadata, debug);
if (doc == null) {
throw new SAML2MetaException("Null document");
}
Element docElem = doc.getDocumentElement();
if ((!SAML2MetaConstants.ENTITY_DESCRIPTOR.equals(docElem.getLocalName())) || (!SAML2MetaConstants.NS_METADATA.equals(docElem.getNamespaceURI()))) {
throw new SAML2MetaException("Invalid descriptor");
}
Object element = preProcessSAML2Document(doc);
return (element instanceof EntityDescriptorElement) ? (EntityDescriptorElement) element : null;
}
Also used :
AttributeQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
Element(org.w3c.dom.Element)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
Document(org.w3c.dom.Document)
Example 15 with EntityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.
the class ConfigureGoogleApps method updateSPMeta.
private void updateSPMeta(String realm, String cot, String domainId) throws WorkflowException {
String metadata = "<EntityDescriptor entityID=\"google.com/a/" + domainId + "\"" + " xmlns=\"urn" + ":oasis:names:tc:SAML:2.0:metadata\">" + "<SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:nam" + "es:tc:SAML:2.0:protocol\"> <NameIDFormat>urn:oasis:names:t" + "c:SAML:1.1:nameid-format:unspecified</NameIDFormat>" + "<AssertionConsumerService index=\"1\" Binding=\"urn:oasis:na" + "mes:tc:SAML:2.0:bindings:HTTP-POST\"" + " Location=\"https://www.google.com/a/" + domainId + "/acs\" />" + "</SPSSODescriptor></EntityDescriptor>";
String extendedMeta = null;
try {
EntityDescriptorElement e = SAML2MetaUtils.getEntityDescriptorElement(metadata);
String eId = e.getEntityID();
String metaAlias = generateMetaAliasForSP(realm);
Map map = new HashMap();
map.put(MetaTemplateParameters.P_SP, metaAlias);
extendedMeta = CreateSAML2HostedProviderTemplate.createExtendedDataTemplate(eId, map, null, false);
} catch (SAML2MetaException ex) {
throw new WorkflowException(ex.getMessage());
} catch (JAXBException ex) {
throw new WorkflowException(ex.getMessage());
}
String[] results = ImportSAML2MetaData.importData(realm, metadata, extendedMeta);
String entityId = results[1];
if ((cot != null) && (cot.length() > 0)) {
try {
AddProviderToCOT.addToCOT(realm, cot, entityId);
} catch (COTException e) {
throw new WorkflowException(e.getMessage());
}
}
}
Also used :
HashMap(java.util.HashMap)
JAXBException(javax.xml.bind.JAXBException)
COTException(com.sun.identity.cot.COTException)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
HashMap(java.util.HashMap)
Map(java.util.Map)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Aggregations
EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)29
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)20
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)20
List (java.util.List)18
ArrayList (java.util.ArrayList)16
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)12
Iterator (java.util.Iterator)11
JAXBException (javax.xml.bind.JAXBException)11
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)8
ObjectFactory (com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)8
Set (java.util.Set)7
COTException (com.sun.identity.cot.COTException)6
HashSet (java.util.HashSet)5
AttributeType (com.sun.identity.saml2.jaxb.entityconfig.AttributeType)4
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)4
SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)4
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)4
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)4
XACMLPDPDescriptorElement (com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement)4
AttributeQueryDescriptorElement (com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement)4
