Example 21 with EntityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method setStdAttributeAuthorityValues.
/**
* Saves the standard attribute values for Attribute Authority.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @param attrAuthValues Map which contains standard attribute auth values.
* @throws AMConsoleException if saving of attribute value fails.
*/
public void setStdAttributeAuthorityValues(String realm, String entityName, Map attrAuthValues) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "AttribAuthority-Std" };
com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact = new com.sun.identity.saml2.jaxb.metadata.ObjectFactory();
logEvent("ATTEMPT_MODIFY_ATTR_AUTH_ATTR_VALUES", params);
AttributeAuthorityDescriptorElement attrauthDescriptor = null;
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
attrauthDescriptor = samlManager.getAttributeAuthorityDescriptor(realm, entityName);
if (attrauthDescriptor != null) {
//save attribute Service
String defLocation = getResult(attrAuthValues, ATTR_SEFVICE_DEFAULT_LOCATION);
boolean is509 = setToBoolean(attrAuthValues, SUPPORTS_X509);
String x509Location = getResult(attrAuthValues, ATTR_SEFVICE_LOCATION);
AttributeServiceElement key1 = objFact.createAttributeServiceElement();
AttributeServiceElement key2 = objFact.createAttributeServiceElement();
key1.setBinding(soapBinding);
key1.setLocation("");
key2.setBinding(soapBinding);
key2.setSupportsX509Query(false);
key2.setLocation("");
if (defLocation != null && defLocation.length() > 0) {
key1.setLocation(defLocation);
}
if (x509Location != null && x509Location.length() > 0) {
key2.setLocation(x509Location);
key2.setSupportsX509Query(is509);
}
attrauthDescriptor.getAttributeService().clear();
attrauthDescriptor.getAttributeService().add(key1);
attrauthDescriptor.getAttributeService().add(key2);
//save assertion ID request
String soapLocation = getResult(attrAuthValues, ASSERTION_ID_SAOP_LOC);
String uriLocation = getResult(attrAuthValues, ASSERTION_ID_URI_LOC);
AssertionIDRequestServiceElement elem1 = objFact.createAssertionIDRequestServiceElement();
AssertionIDRequestServiceElement elem2 = objFact.createAssertionIDRequestServiceElement();
elem1.setBinding(soapBinding);
elem2.setBinding(uriBinding);
if (soapLocation != null) {
elem1.setLocation(soapLocation);
}
if (uriLocation != null) {
elem2.setLocation(uriLocation);
}
attrauthDescriptor.getAssertionIDRequestService().clear();
attrauthDescriptor.getAssertionIDRequestService().add(elem1);
attrauthDescriptor.getAssertionIDRequestService().add(elem2);
//save attribute profile
String attrProfile = getResult(attrAuthValues, ATTRIBUTE_PROFILE);
List attrProfileList = attrauthDescriptor.getAttributeProfile();
if (!attrProfileList.isEmpty()) {
attrauthDescriptor.getAttributeProfile().clear();
}
attrauthDescriptor.getAttributeProfile().add(attrProfile);
samlManager.setEntityDescriptor(realm, entityDescriptor);
}
logEvent("SUCCEED_MODIFY_ATTR_AUTH_ATTR_VALUES", params);
} catch (SAML2MetaException e) {
debug.warning("SAMLv2ModelImpl.setStdAttributeAuthorityValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "AttribAuthority-Std", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ATTR_AUTH_ATTR_VALUES", paramsEx);
throw new AMConsoleException(strError);
} catch (JAXBException e) {
debug.warning("SAMLv2ModelImpl.setStdAttributeAuthorityValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "AttribAuthority-Std", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ATTR_AUTH_ATTR_VALUES", paramsEx);
}
}
Also used :
AttributeServiceElement(com.sun.identity.saml2.jaxb.metadata.AttributeServiceElement)
AssertionIDRequestServiceElement(com.sun.identity.saml2.jaxb.metadata.AssertionIDRequestServiceElement)
JAXBException(javax.xml.bind.JAXBException)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)
List(java.util.List)
ArrayList(java.util.ArrayList)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 22 with EntityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.
the class ExportMetaData method runExportMeta.
private void runExportMeta() throws CLIException {
PrintWriter pw = null;
String out = (isWebBase) ? "web" : metadata;
Object[] objs = { out };
Object[] objs2 = { entityID, realm };
try {
SAML2MetaManager metaManager = new SAML2MetaManager(ssoToken);
EntityDescriptorElement descriptor = metaManager.getEntityDescriptor(realm, entityID);
if (descriptor == null) {
throw new CLIException(MessageFormat.format(getResourceString("export-entity-exception-entity-descriptor-not-exist"), objs2), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
String xmlstr = SAML2MetaUtils.convertJAXBToString(descriptor);
xmlstr = workaroundAbstractRoleDescriptor(xmlstr);
xmlstr = SAML2MetaSecurityUtils.formatBase64BinaryElement(xmlstr);
if (isWebBase) {
getOutputWriter().printlnMessage(xmlstr);
} else {
pw = new PrintWriter(new FileWriter(metadata));
pw.print(xmlstr);
}
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("export-entity-export-descriptor-succeeded"), objs));
} catch (SAML2MetaException e) {
debugError("ExportMetaData.runExportMeta", e);
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IOException e) {
debugError("ExportMetaData.runExportMeta", e);
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (JAXBException e) {
debugWarning("ExportMetaData.runExportMeta", e);
throw new CLIException(MessageFormat.format(getResourceString("export-entity-exception-invalid_descriptor"), objs2), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IllegalArgumentException e) {
debugWarning("ExportMetaData.runExportMeta", e);
throw new CLIException(MessageFormat.format(getResourceString("export-entity-exception-invalid_descriptor"), objs2), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} finally {
if (pw != null) {
pw.close();
}
}
}
Also used :
FileWriter(java.io.FileWriter)
JAXBException(javax.xml.bind.JAXBException)
CLIException(com.sun.identity.cli.CLIException)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
IOException(java.io.IOException)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
PrintWriter(java.io.PrintWriter)
Example 23 with EntityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.
the class SAML2MetaSecurityUtils method updateProviderKeyInfo.
/**
* Updates signing or encryption key info for SP or IDP.
* This will update both signing/encryption alias on extended metadata and
* certificates in standard metadata.
* @param realm Realm the entity resides.
* @param entityID ID of the entity to be updated.
* @param certAliases The set of certificate aliases to be set for the entity. If null or empty, existing key
* information will be removed from the SP or IDP.
* @param isSigning true if this is signing certificate alias, false if
* this is encryption certification alias.
* @param isIDP true if this is for IDP signing/encryption alias, false
* if this is for SP signing/encryption alias
* @param encAlgo Encryption algorithm URI, this is applicable for
* encryption cert only.
* @param keySize Encryption key size, this is applicable for
* encryption cert only.
* @throws SAML2MetaException if failed to update the certificate alias
* for the entity.
*/
public static void updateProviderKeyInfo(String realm, String entityID, Set<String> certAliases, boolean isSigning, boolean isIDP, String encAlgo, int keySize) throws SAML2MetaException {
SAML2MetaManager metaManager = new SAML2MetaManager();
EntityConfigElement config = metaManager.getEntityConfig(realm, entityID);
if (!config.isHosted()) {
String[] args = { entityID, realm };
throw new SAML2MetaException("entityNotHosted", args);
}
EntityDescriptorElement desp = metaManager.getEntityDescriptor(realm, entityID);
BaseConfigType baseConfig;
RoleDescriptorType descriptor;
if (isIDP) {
baseConfig = SAML2MetaUtils.getIDPSSOConfig(config);
descriptor = SAML2MetaUtils.getIDPSSODescriptor(desp);
if (baseConfig == null || descriptor == null) {
String[] args = { entityID, realm };
throw new SAML2MetaException("entityNotIDP", args);
}
} else {
baseConfig = SAML2MetaUtils.getSPSSOConfig(config);
descriptor = SAML2MetaUtils.getSPSSODescriptor(desp);
if (baseConfig == null || descriptor == null) {
String[] args = { entityID, realm };
throw new SAML2MetaException("entityNotSP", args);
}
}
// update standard metadata
if (CollectionUtils.isEmpty(certAliases)) {
// remove key info
removeKeyDescriptor(descriptor, isSigning);
if (isSigning) {
setExtendedAttributeValue(baseConfig, SAML2Constants.SIGNING_CERT_ALIAS, null);
} else {
setExtendedAttributeValue(baseConfig, SAML2Constants.ENCRYPTION_CERT_ALIAS, null);
}
} else {
Set<KeyDescriptorType> keyDescriptors = new LinkedHashSet<>(certAliases.size());
for (String certAlias : certAliases) {
keyDescriptors.add(getKeyDescriptor(certAlias, isSigning, encAlgo, keySize));
}
updateKeyDescriptor(descriptor, keyDescriptors);
// update extended metadata
if (isSigning) {
setExtendedAttributeValue(baseConfig, SAML2Constants.SIGNING_CERT_ALIAS, certAliases);
} else {
setExtendedAttributeValue(baseConfig, SAML2Constants.ENCRYPTION_CERT_ALIAS, certAliases);
}
}
metaManager.setEntityDescriptor(realm, desp);
metaManager.setEntityConfig(realm, config);
}
Also used :
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
LinkedHashSet(java.util.LinkedHashSet)
RoleDescriptorType(com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType)
KeyDescriptorType(com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
Example 24 with EntityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.
the class SAML2IDPProxyFRImpl method selectIDPBasedOnAuthContext.
private String selectIDPBasedOnAuthContext(List idpList, String realm, AuthnRequest authnRequest) {
String classMethod = "selectIdPBasedOnLOA";
EntityDescriptorElement idpDesc = null;
Set authnRequestContextSet = null;
String idps = "";
try {
List listOfAuthnContexts = authnRequest.getRequestedAuthnContext().getAuthnContextClassRef();
debugMessage(classMethod, "listofAuthnContexts: " + listOfAuthnContexts);
try {
authnRequestContextSet = new HashSet(listOfAuthnContexts);
} catch (Exception ex1) {
authnRequestContextSet = new HashSet();
}
if ((idpList != null) && (!idpList.isEmpty())) {
Iterator idpI = idpList.iterator();
while (idpI.hasNext()) {
String idp = (String) idpI.next();
debugMessage(classMethod, "IDP is: " + idp);
List supportedAuthnContextsbyIDP = getSupportedAuthnContextsByIDP(realm, idp);
if (supportedAuthnContextsbyIDP != null) {
debugMessage(classMethod, "Standard Authn Contexts found for idp: " + idp);
Set idpContextSet = trimmedListToSet(supportedAuthnContextsbyIDP);
debugMessage(classMethod, "idpContextSet = " + idpContextSet);
idpContextSet.retainAll(authnRequestContextSet);
if (idpContextSet != null && !idpContextSet.isEmpty()) {
idps = idp + " " + idps;
debugMessage(classMethod, "Standard Authn Contexts found for idp " + idp + ": " + idpContextSet);
}
} else {
debugMessage(classMethod, "The IdP" + idp + " has no standard authentication" + " contexts configured");
}
}
}
} catch (Exception me) {
SAML2Utils.debug.error(classMethod + "Error when trying to get the idp's by standard Authn Context: " + me);
}
debugMessage(classMethod, " IDPList returns: " + idps);
return idps.trim();
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
COTException(com.sun.identity.cot.COTException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
HashSet(java.util.HashSet)
Example 25 with EntityDescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement in project OpenAM by OpenRock.
the class SAML2IDPProxyFRImpl method selectIDPBasedOnLOA.
private String selectIDPBasedOnLOA(List<String> idpList, String realm, AuthnRequest authnRequest) {
String classMethod = "selectIdPBasedOnLOA";
EntityDescriptorElement idpDesc = null;
Set authnRequestContextSet = null;
String idps = "";
try {
RequestedAuthnContext requestedAuthnContext = authnRequest.getRequestedAuthnContext();
if (requestedAuthnContext == null) {
//In this case we just simply return all the IdPs as each one should support a default AuthnContext.
return StringUtils.join(idpList, " ");
}
List listOfAuthnContexts = requestedAuthnContext.getAuthnContextClassRef();
debugMessage(classMethod, "listofAuthnContexts: " + listOfAuthnContexts);
try {
authnRequestContextSet = new HashSet(listOfAuthnContexts);
} catch (Exception ex1) {
authnRequestContextSet = new HashSet();
}
if ((idpList != null) && (!idpList.isEmpty())) {
Iterator idpI = idpList.iterator();
while (idpI.hasNext()) {
String idp = (String) idpI.next();
debugMessage(classMethod, "IDP is: " + idp);
idpDesc = SAML2Utils.getSAML2MetaManager().getEntityDescriptor(realm, idp);
if (idpDesc != null) {
ExtensionsType et = idpDesc.getExtensions();
if (et != null) {
debugMessage(classMethod, "Extensions found for idp: " + idp);
List idpExtensions = et.getAny();
if (idpExtensions != null || !idpExtensions.isEmpty()) {
debugMessage(classMethod, "Extensions content found for idp: " + idp);
Iterator idpExtensionsI = idpExtensions.iterator();
while (idpExtensionsI.hasNext()) {
EntityAttributesElement eael = (EntityAttributesElement) idpExtensionsI.next();
if (eael != null) {
debugMessage(classMethod, "Entity Attributes found for idp: " + idp);
List attribL = eael.getAttributeOrAssertion();
if (attribL != null || !attribL.isEmpty()) {
Iterator attrI = attribL.iterator();
while (attrI.hasNext()) {
AttributeElement ae = (AttributeElement) attrI.next();
// TODO: Verify what type of element this is (Attribute or assertion)
// For validation purposes
List av = ae.getAttributeValue();
if (av != null || !av.isEmpty()) {
debugMessage(classMethod, "Attribute Values found for idp: " + idp);
Iterator avI = av.iterator();
while (avI.hasNext()) {
AttributeValueElement ave = (AttributeValueElement) avI.next();
if (ave != null) {
List contentL = ave.getContent();
debugMessage(classMethod, "Attribute Value Elements found for idp: " + idp + "-->" + contentL);
if (contentL != null || !contentL.isEmpty()) {
Set idpContextSet = trimmedListToSet(contentL);
debugMessage(classMethod, "idpContextSet = " + idpContextSet);
idpContextSet.retainAll(authnRequestContextSet);
if (idpContextSet != null && !idpContextSet.isEmpty()) {
idps = idp + " " + idps;
debugMessage(classMethod, "Extension Values found for idp " + idp + ": " + idpContextSet);
}
}
}
}
}
}
}
}
}
}
} else {
debugMessage(classMethod, " No extensions found for IdP " + idp);
}
} else {
debugMessage(classMethod, "Configuration for the idp " + idp + " was not found in this system");
}
}
}
} catch (SAML2MetaException me) {
debugMessage(classMethod, "SOmething went wrong: " + me);
}
debugMessage(classMethod, " IDPList returns: " + idps);
return idps.trim();
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
EntityAttributesElement(com.sun.identity.saml2.jaxb.metadataattr.EntityAttributesElement)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
COTException(com.sun.identity.cot.COTException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
RequestedAuthnContext(com.sun.identity.saml2.protocol.RequestedAuthnContext)
ExtensionsType(com.sun.identity.saml2.jaxb.metadata.ExtensionsType)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
AttributeValueElement(com.sun.identity.saml2.jaxb.assertion.AttributeValueElement)
AttributeElement(com.sun.identity.saml2.jaxb.assertion.AttributeElement)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
HashSet(java.util.HashSet)
Aggregations
EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)29
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)20
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)20
List (java.util.List)18
ArrayList (java.util.ArrayList)16
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)12
Iterator (java.util.Iterator)11
JAXBException (javax.xml.bind.JAXBException)11
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)8
ObjectFactory (com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)8
Set (java.util.Set)7
COTException (com.sun.identity.cot.COTException)6
HashSet (java.util.HashSet)5
AttributeType (com.sun.identity.saml2.jaxb.entityconfig.AttributeType)4
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)4
SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)4
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)4
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)4
XACMLPDPDescriptorElement (com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement)4
AttributeQueryDescriptorElement (com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement)4
