Examples with IDPSSODescriptorElement com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement used on opensource projects

Example 11 with IDPSSODescriptorElement

use of com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement in project OpenAM by OpenRock.

the class DoManageNameID method setNameIDForMNIRequest.

private static void setNameIDForMNIRequest(ManageNameIDRequest mniRequest, NameID nameID, boolean changeID, String realm, String hostEntity, String hostEntityRole, String remoteEntity) throws SAML2Exception {
    String method = "DoManageNameID.setNameIDForMNIRequest: ";
    boolean needEncryptIt = false;
    if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
        needEncryptIt = SAML2Utils.getWantNameIDEncrypted(realm, remoteEntity, SAML2Constants.SP_ROLE);
    } else {
        needEncryptIt = SAML2Utils.getWantNameIDEncrypted(realm, remoteEntity, SAML2Constants.IDP_ROLE);
    }
    NewID newID = null;
    if (changeID) {
        String newIDValue = SAML2Utils.createNameIdentifier();
        newID = ProtocolFactory.getInstance().createNewID(newIDValue);
        mniRequest.setNewID(newID);
    }
    mniRequest.setNameID(nameID);
    if (!needEncryptIt) {
        if (debug.messageEnabled()) {
            debug.message(method + "NamID doesn't need to be encrypted.");
        }
        return;
    }
    EncInfo encInfo = null;
    if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
        SPSSODescriptorElement spSSODesc = metaManager.getSPSSODescriptor(realm, remoteEntity);
        encInfo = KeyUtil.getEncInfo(spSSODesc, remoteEntity, SAML2Constants.SP_ROLE);
    } else {
        IDPSSODescriptorElement idpSSODesc = metaManager.getIDPSSODescriptor(realm, remoteEntity);
        encInfo = KeyUtil.getEncInfo(idpSSODesc, remoteEntity, SAML2Constants.IDP_ROLE);
    }
    if (debug.messageEnabled()) {
        debug.message(method + "realm is : " + realm);
        debug.message(method + "hostEntity is : " + hostEntity);
        debug.message(method + "Host Entity role is : " + hostEntityRole);
        debug.message(method + "remoteEntity is : " + remoteEntity);
    }
    if (encInfo == null) {
        logError("UnableToFindEncryptKeyInfo", LogUtil.METADATA_ERROR, null);
        throw new SAML2Exception(SAML2Utils.bundle.getString("UnableToFindEncryptKeyInfo"));
    }
    EncryptedID encryptedID = nameID.encrypt(encInfo.getWrappingKey(), encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength(), remoteEntity);
    // This non-encrypted NameID will be removed just 
    // after saveMNIRequestInfo and just before it send to 
    mniRequest.setEncryptedID(encryptedID);
    if (newID != null) {
        NewEncryptedID newEncID = newID.encrypt(encInfo.getWrappingKey(), encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength(), remoteEntity);
        // This non-encrypted newID will be removed just 
        // after saveMNIRequestInfo and just before it send to 
        mniRequest.setNewEncryptedID(newEncID);
    }
}

Example 12 with IDPSSODescriptorElement

use of com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement in project OpenAM by OpenRock.

the class AssertionIDRequestUtil method getRoleDescriptorAndLocation.

private static RoleDescriptorType getRoleDescriptorAndLocation(String samlAuthorityEntityID, String role, String realm, String binding, StringBuffer location) throws SAML2Exception {
    List aIDReqServices = null;
    RoleDescriptorType roled = null;
    try {
        if (role == null) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedRole"));
        } else if (role.equals(SAML2Constants.IDP_ROLE)) {
            IDPSSODescriptorElement idpd = metaManager.getIDPSSODescriptor(realm, samlAuthorityEntityID);
            if (idpd == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("idpNotFound"));
            }
            aIDReqServices = idpd.getAssertionIDRequestService();
            roled = idpd;
        } else if (role.equals(SAML2Constants.AUTHN_AUTH_ROLE)) {
            AuthnAuthorityDescriptorElement attrd = metaManager.getAuthnAuthorityDescriptor(realm, samlAuthorityEntityID);
            if (attrd == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("authnAuthorityNotFound"));
            }
            aIDReqServices = attrd.getAssertionIDRequestService();
            roled = attrd;
        } else if (role.equals(SAML2Constants.ATTR_AUTH_ROLE)) {
            AttributeAuthorityDescriptorElement aad = metaManager.getAttributeAuthorityDescriptor(realm, samlAuthorityEntityID);
            if (aad == null) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("attrAuthorityNotFound"));
            }
            aIDReqServices = aad.getAssertionIDRequestService();
            roled = aad;
        } else {
            throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedRole"));
        }
    } catch (SAML2MetaException sme) {
        SAML2Utils.debug.error("AssertionIDRequest.getRoleDescriptorAndLocation:", sme);
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    }
    if (binding == null) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
    }
    if ((aIDReqServices == null) || (aIDReqServices.isEmpty())) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("aIDReqServiceNotFound"));
    }
    for (Iterator iter = aIDReqServices.iterator(); iter.hasNext(); ) {
        AssertionIDRequestServiceElement aIDReqService = (AssertionIDRequestServiceElement) iter.next();
        if (binding.equalsIgnoreCase(aIDReqService.getBinding())) {
            location.append(aIDReqService.getLocation());
            break;
        }
    }
    if (location.length() == 0) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
    }
    return roled;
}

Example 13 with IDPSSODescriptorElement

use of com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement in project OpenAM by OpenRock.

the class SAML2PostAuthenticationPlugin method setupSingleLogOut.

private void setupSingleLogOut(SSOToken ssoToken, String metaAlias, String sessionIndex, String spEntityId, String idpEntityId, NameID nameId) throws SSOException, SAML2Exception, SessionException {
    final SAML2MetaManager sm = new SAML2MetaManager();
    final String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
    final String relayState = ssoToken.getProperty(SAML2Constants.RELAY_STATE);
    final String binding = SAML2Constants.HTTP_REDIRECT;
    final IDPSSODescriptorElement idpsso = sm.getIDPSSODescriptor(realm, idpEntityId);
    final List<EndpointType> slosList = idpsso.getSingleLogoutService();
    EndpointType logoutEndpoint = null;
    for (EndpointType endpoint : slosList) {
        if (binding.equals(endpoint.getBinding())) {
            logoutEndpoint = endpoint;
            break;
        }
    }
    if (logoutEndpoint == null) {
        DEBUG.warning("Unable to determine SLO endpoint. Aborting SLO attempt. Please note this PAP " + "only supports HTTP-Redirect as a valid binding.");
        return;
    }
    final LogoutRequest logoutReq = createLogoutRequest(metaAlias, realm, idpEntityId, logoutEndpoint, nameId, sessionIndex);
    //survival time is one hours
    //counted in seconds
    final long sessionExpireTime = System.currentTimeMillis() / 1000 + SPCache.interval;
    final String sloRequestXMLString = logoutReq.toXMLString(true, true);
    final String redirect = getRedirectURL(sloRequestXMLString, relayState, realm, idpEntityId, logoutEndpoint.getLocation(), spEntityId);
    if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
        try {
            SAML2FailoverUtils.saveSAML2TokenWithoutSecondaryKey(logoutReq.getID(), logoutReq, sessionExpireTime);
        } catch (SAML2TokenRepositoryException e) {
            DEBUG.warning("Unable to set SLO redirect location. Aborting SLO attempt.");
            return;
        }
    } else {
        SAML2Store.saveTokenWithKey(logoutReq.getID(), logoutReq);
    }
    ssoToken.setProperty(SLO_SESSION_LOCATION, logoutEndpoint.getLocation());
    ssoToken.setProperty(SLO_SESSION_REFERENCE, redirect);
}

Example 14 with IDPSSODescriptorElement

use of com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement in project OpenAM by OpenRock.

the class SAML2 method initiateSAMLLoginAtIDP.

/**
     * Performs similar to SPSSOFederate.initiateAuthnRequest by returning to the next auth stage
     * with a redirect (either GET or POST depending on the config) which triggers remote IdP authentication.
     */
private int initiateSAMLLoginAtIDP(final HttpServletResponse response, final HttpServletRequest request) throws SAML2Exception, AuthLoginException {
    if (reqBinding == null) {
        reqBinding = SAML2Constants.HTTP_REDIRECT;
    }
    final String spEntityID = SPSSOFederate.getSPEntityId(metaAlias);
    final IDPSSODescriptorElement idpsso = SPSSOFederate.getIDPSSOForAuthnReq(realm, entityName);
    final SPSSODescriptorElement spsso = SPSSOFederate.getSPSSOForAuthnReq(realm, spEntityID);
    if (idpsso == null || spsso == null) {
        return processError(bundle.getString("samlLocalConfigFailed"), "SAML2 :: initiateSAMLLoginAtIDP() : {}", bundle.getString("samlLocalConfigFailed"));
    }
    final String ssoURL = SPSSOFederate.getSSOURL(idpsso.getSingleSignOnService(), reqBinding);
    final List extensionsList = SPSSOFederate.getExtensionsList(spEntityID, realm);
    final Map<String, Collection<String>> spConfigAttrsMap = SPSSOFederate.getAttrsMapForAuthnReq(realm, spEntityID);
    authnRequest = SPSSOFederate.createAuthnRequest(realm, spEntityID, params, spConfigAttrsMap, extensionsList, spsso, idpsso, ssoURL, false);
    final AuthnRequestInfo reqInfo = new AuthnRequestInfo(request, response, realm, spEntityID, null, authnRequest, null, params);
    synchronized (SPCache.requestHash) {
        SPCache.requestHash.put(authnRequest.getID(), reqInfo);
    }
    saveAuthnRequest(authnRequest, reqInfo);
    final Callback[] nextCallbacks = getCallback(REDIRECT);
    final RedirectCallback redirectCallback = (RedirectCallback) nextCallbacks[0];
    setCookiesForRedirects(request, response);
    //we only handle Redirect and POST
    if (SAML2Constants.HTTP_POST.equals(reqBinding)) {
        final String postMsg = SPSSOFederate.getPostBindingMsg(idpsso, spsso, spConfigAttrsMap, authnRequest);
        configurePostRedirectCallback(postMsg, ssoURL, redirectCallback);
    } else {
        final String authReqXMLString = authnRequest.toXMLString(true, true);
        final String redirectUrl = SPSSOFederate.getRedirect(authReqXMLString, null, ssoURL, idpsso, spsso, spConfigAttrsMap);
        configureGetRedirectCallback(redirectUrl, redirectCallback);
    }
    return REDIRECT;
}

Example 15 with IDPSSODescriptorElement

use of com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement in project OpenAM by OpenRock.

the class TaskModelImpl method getConfigureGoogleAppsURLs.

public Map getConfigureGoogleAppsURLs(String realm, String entityId) throws AMConsoleException {
    Map map = new HashMap();
    IDPSSODescriptorElement idpssoDescriptor = null;
    try {
        SAML2MetaManager samlManager = new SAML2MetaManager();
        idpssoDescriptor = samlManager.getIDPSSODescriptor(realm, entityId);
        String signinPageURL = null;
        if (idpssoDescriptor != null) {
            List signonList = idpssoDescriptor.getSingleSignOnService();
            for (int i = 0; i < signonList.size(); i++) {
                SingleSignOnServiceElement signElem = (SingleSignOnServiceElement) signonList.get(i);
                String tmp = signElem.getBinding();
                if (tmp.contains("HTTP-Redirect")) {
                    signinPageURL = signElem.getLocation();
                    map.put("SigninPageURL", returnEmptySetIfValueIsNull(signinPageURL));
                }
            }
        }
        URL aURL = new URL(signinPageURL);
        String signoutPageURL = null;
        String protocol = aURL.getProtocol();
        String host = aURL.getHost();
        int port = aURL.getPort();
        if (port == -1) {
            port = (aURL.getProtocol().equals("https")) ? 443 : 80;
        }
        String deploymentURI = SystemPropertiesManager.get(Constants.AM_SERVICES_DEPLOYMENT_DESCRIPTOR);
        String url = protocol + "://" + host + ":" + port + deploymentURI;
        signoutPageURL = url + "/UI/Logout?goto=" + url;
        map.put("SignoutPageURL", returnEmptySetIfValueIsNull(signoutPageURL));
        map.put("ChangePasswordURL", returnEmptySetIfValueIsNull(url + "/idm/EndUser"));
        // get pubkey                 
        Map extValueMap = new HashMap();
        IDPSSOConfigElement idpssoConfig = samlManager.getIDPSSOConfig(realm, entityId);
        if (idpssoConfig != null) {
            BaseConfigType baseConfig = (BaseConfigType) idpssoConfig;
            extValueMap = SAML2MetaUtils.getAttributes(baseConfig);
        }
        List aList = (List) extValueMap.get("signingCertAlias");
        String signingCertAlias = null;
        if (aList != null) {
            signingCertAlias = (String) aList.get(0);
        }
        String publickey = SAML2MetaSecurityUtils.buildX509Certificate(signingCertAlias);
        String str = "-----BEGIN CERTIFICATE-----\n" + publickey + "-----END CERTIFICATE-----\n";
        map.put("PubKey", returnEmptySetIfValueIsNull(str));
    } catch (SAML2MetaException ex) {
        throw new AMConsoleException(ex.getMessage());
    } catch (MalformedURLException ex) {
        throw new AMConsoleException(ex.getMessage());
    }
    return map;
}