Examples with IDPSSODescriptorElement com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement used on opensource projects

Example 41 with IDPSSODescriptorElement

use of com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement in project OpenAM by OpenRock.

the class LogoutUtil method setNameIDForSLORequest.

public static void setNameIDForSLORequest(LogoutRequest request, NameID nameID, String realm, String hostEntity, String hostEntityRole, String remoteEntity) throws SAML2Exception, SessionException {
    String method = "setNameIDForSLORequest: ";
    boolean needEncryptIt = false;
    if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
        needEncryptIt = SAML2Utils.getWantNameIDEncrypted(realm, remoteEntity, SAML2Constants.SP_ROLE);
    } else {
        needEncryptIt = SAML2Utils.getWantNameIDEncrypted(realm, remoteEntity, SAML2Constants.IDP_ROLE);
    }
    if (needEncryptIt == false) {
        if (debug.messageEnabled()) {
            debug.message(method + "NamID doesn't need to be encrypted.");
        }
        request.setNameID(nameID);
        return;
    }
    EncInfo encryptInfo = null;
    KeyDescriptorType keyDescriptor = null;
    if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
        SPSSODescriptorElement spSSODesc = metaManager.getSPSSODescriptor(realm, remoteEntity);
        keyDescriptor = KeyUtil.getKeyDescriptor(spSSODesc, "encryption");
        encryptInfo = KeyUtil.getEncInfo(spSSODesc, remoteEntity, SAML2Constants.SP_ROLE);
    } else {
        IDPSSODescriptorElement idpSSODesc = metaManager.getIDPSSODescriptor(realm, remoteEntity);
        keyDescriptor = KeyUtil.getKeyDescriptor(idpSSODesc, "encryption");
        encryptInfo = KeyUtil.getEncInfo(idpSSODesc, remoteEntity, SAML2Constants.IDP_ROLE);
    }
    if (debug.messageEnabled()) {
        debug.message(method + "realm is : " + realm);
        debug.message(method + "hostEntity is : " + hostEntity);
        debug.message(method + "Host Entity role is : " + hostEntityRole);
        debug.message(method + "remoteEntity is : " + remoteEntity);
    }
    if (encryptInfo == null) {
        debug.error("NO meta data for encrypt Info.");
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    }
    X509Certificate certificate = KeyUtil.getCert(keyDescriptor);
    PublicKey recipientPublicKey = certificate.getPublicKey();
    EncryptedID encryptedID = nameID.encrypt(recipientPublicKey, encryptInfo.getDataEncAlgorithm(), encryptInfo.getDataEncStrength(), remoteEntity);
    request.setEncryptedID(encryptedID);
}

Example 42 with IDPSSODescriptorElement

use of com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement in project OpenAM by OpenRock.

the class NameIDMapping method getNameIDMappingService.

/**
     * Returns first NameIDMappingService matching specified binding in an
     * entity under the realm.
     *
     * @param realm The realm under which the entity resides.
     * @param entityId ID of the entity to be retrieved.
     * @param binding bind type need to has to be matched.
     * @return <code>ManageNameIDServiceElement</code> for the entity or null
     * @throws SAML2MetaException if unable to retrieve the first identity
     *     provider's SSO configuration.
     * @throws SessionException invalid or expired single-sign-on session
     */
public static NameIDMappingServiceElement getNameIDMappingService(String realm, String entityId, String binding) throws SAML2MetaException {
    IDPSSODescriptorElement idpSSODesc = metaManager.getIDPSSODescriptor(realm, entityId);
    if (idpSSODesc == null) {
        SAML2Utils.debug.error(SAML2Utils.bundle.getString("noIDPEntry"));
        return null;
    }
    List list = idpSSODesc.getNameIDMappingService();
    NameIDMappingServiceElement nimService = null;
    if ((list != null) && !list.isEmpty()) {
        if (binding == null) {
            return (NameIDMappingServiceElement) list.get(0);
        }
        Iterator it = list.iterator();
        while (it.hasNext()) {
            nimService = (NameIDMappingServiceElement) it.next();
            if (binding.equalsIgnoreCase(nimService.getBinding())) {
                return nimService;
            }
        }
    }
    return null;
}

Example 43 with IDPSSODescriptorElement

use of com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement in project OpenAM by OpenRock.

the class NameIDMapping method verifyNIMResponse.

private static boolean verifyNIMResponse(NameIDMappingResponse nimResponse, String realm, String idpEntityID) throws SAML2Exception {
    IDPSSODescriptorElement idpSSODesc = metaManager.getIDPSSODescriptor(realm, idpEntityID);
    Set<X509Certificate> signingCerts = KeyUtil.getVerificationCerts(idpSSODesc, idpEntityID, SAML2Constants.IDP_ROLE);
    if (!signingCerts.isEmpty()) {
        boolean valid = nimResponse.isSignatureValid(signingCerts);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("NameIDMapping.verifyNIMResponse: " + "Signature is : " + valid);
        }
        return valid;
    } else {
        throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
    }
}

Example 44 with IDPSSODescriptorElement

use of com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement in project OpenAM by OpenRock.

the class LogoutUtil method getIDPSLOConfig.

/**
     * Returns first SingleLogout configuration in an entity under
     * the realm.
     * @param realm The realm under which the entity resides.
     * @param entityId ID of the entity to be retrieved.
     * @param binding bind type need to has to be matched.
     * @return <code>SingleLogoutServiceElement</code> for the entity or null
     * @throws SAML2MetaException if unable to retrieve the first identity
     *                            provider's SSO configuration.
     * @throws SessionException invalid or expired single-sign-on session
     */
public static SingleLogoutServiceElement getIDPSLOConfig(String realm, String entityId, String binding) throws SAML2MetaException, SessionException {
    SingleLogoutServiceElement slo = null;
    IDPSSODescriptorElement idpSSODesc = metaManager.getIDPSSODescriptor(realm, entityId);
    if (idpSSODesc == null) {
        debug.error("Identity Provider SSO config is missing.");
        return null;
    }
    List list = idpSSODesc.getSingleLogoutService();
    if ((list != null) && !list.isEmpty()) {
        if (binding == null) {
            return (SingleLogoutServiceElement) list.get(0);
        }
        Iterator it = list.iterator();
        while (it.hasNext()) {
            slo = (SingleLogoutServiceElement) it.next();
            if (binding.equalsIgnoreCase(slo.getBinding())) {
                break;
            }
        }
    }
    return slo;
}

Example 45 with IDPSSODescriptorElement

use of com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement in project OpenAM by OpenRock.

the class SAML2 method shouldPersistNameID.

private boolean shouldPersistNameID(String spEntityId) throws SAML2Exception {
    final DefaultLibrarySPAccountMapper spAccountMapper = new DefaultLibrarySPAccountMapper();
    final String spEntityID = SPSSOFederate.getSPEntityId(metaAlias);
    final IDPSSODescriptorElement idpsso = SPSSOFederate.getIDPSSOForAuthnReq(realm, entityName);
    final SPSSODescriptorElement spsso = SPSSOFederate.getSPSSOForAuthnReq(realm, spEntityID);
    nameIDFormat = SAML2Utils.verifyNameIDFormat(nameIDFormat, spsso, idpsso);
    isTransient = SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(nameIDFormat);
    boolean isPersistent = SAML2Constants.PERSISTENT.equals(nameIDFormat);
    boolean ignoreProfile = SAML2PluginsUtils.isIgnoredProfile(realm);
    return isPersistent || (!isTransient && !ignoreProfile && spAccountMapper.shouldPersistNameIDFormat(realm, spEntityId, entityName, nameIDFormat));
}