Example 6 with RoleDescriptorType
use of com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType in project OpenAM by OpenRock.
the class AssertionIDRequestUtil method sendAssertionIDRequestBySOAP.
private static Response sendAssertionIDRequestBySOAP(AssertionIDRequest assertionIDRequest, String location, String realm, String samlAuthorityEntityID, String role, RoleDescriptorType roled) throws SAML2Exception {
String aIDReqStr = assertionIDRequest.toXMLString(true, true);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AssertionIDRequestUtil.sendAssertionIDRequestBySOAP: " + "assertionIDRequest = " + aIDReqStr);
SAML2Utils.debug.message("AssertionIDRequestUtil.sendAssertionIDRequestBySOAP: " + "location = " + location);
}
location = fillInBasicAuthInfo(location, realm, samlAuthorityEntityID, role);
SOAPMessage resMsg = null;
try {
resMsg = SOAPCommunicator.getInstance().sendSOAPMessage(aIDReqStr, location, true);
} catch (SOAPException se) {
SAML2Utils.debug.error("AssertionIDRequestUtil.sendAssertionIDRequestBySOAP:", se);
throw new SAML2Exception(SAML2Utils.bundle.getString("errorSendingAssertionIDRequest"));
}
Element respElem = SOAPCommunicator.getInstance().getSamlpElement(resMsg, "Response");
Response response = ProtocolFactory.getInstance().createResponse(respElem);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AssertionIDRequestUtil.sendAssertionIDRequestBySOAP: " + "response = " + response.toXMLString(true, true));
}
verifyResponse(response, assertionIDRequest, samlAuthorityEntityID, role, roled);
return response;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Response(com.sun.identity.saml2.protocol.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SOAPException(javax.xml.soap.SOAPException)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
AuthnAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
Element(org.w3c.dom.Element)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
AssertionIDRequestServiceElement(com.sun.identity.saml2.jaxb.metadata.AssertionIDRequestServiceElement)
SOAPMessage(javax.xml.soap.SOAPMessage)
Example 7 with RoleDescriptorType
use of com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType in project OpenAM by OpenRock.
the class AssertionIDRequestUtil method sendAssertionIDRequest.
/**
* Sends the <code>AssertionIDRequest</code> to specifiied Assertion ID
* Request Service and returns <code>Response</code> coming from the
* Assertion ID Request Service.
*
* @param assertionIDRequest the <code>AssertionIDRequest</code> object
* @param samlAuthorityEntityID entity ID of SAML authority
* @param role SAML authority role, for example,
* <code>SAML2Constants.ATTR_AUTH_ROLE</code>,
* <code>SAML2Constants.AUTHN_AUTH_ROLE</code> or
* <code>SAML2Constants.IDP_ROLE</code>
* @param realm the realm of hosted entity
* @param binding the binding
*
* @return the <code>Response</code> object
* @exception SAML2Exception if the operation is not successful
*
* @supported.api
*/
public static Response sendAssertionIDRequest(AssertionIDRequest assertionIDRequest, String samlAuthorityEntityID, String role, String realm, String binding) throws SAML2Exception {
StringBuffer location = new StringBuffer();
RoleDescriptorType roled = getRoleDescriptorAndLocation(samlAuthorityEntityID, role, realm, binding, location);
if (binding.equalsIgnoreCase(SAML2Constants.SOAP)) {
signAssertionIDRequest(assertionIDRequest, realm, false);
return sendAssertionIDRequestBySOAP(assertionIDRequest, location.toString(), realm, samlAuthorityEntityID, role, roled);
} else {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
RoleDescriptorType(com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType)
Example 8 with RoleDescriptorType
use of com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType in project OpenAM by OpenRock.
the class AssertionIDRequestUtil method processAssertionIDRequest.
/**
* This method processes the <code>AssertionIDRequest</code> coming
* from a requester.
*
* @param assertionIDRequest the <code>AssertionIDRequest</code> object
* @param request the <code>HttpServletRequest</code> object
* @param response the <code>HttpServletResponse</code> object
* @param samlAuthorityEntityID entity ID of SAML authority
* @param role the role of SAML authority
* @param realm the realm of SAML authority
* @return the <code>Response</code> object
* @exception SAML2Exception if the operation is not successful
*/
public static Response processAssertionIDRequest(AssertionIDRequest assertionIDRequest, HttpServletRequest request, HttpServletResponse response, String samlAuthorityEntityID, String role, String realm) throws SAML2Exception {
try {
verifyAssertionIDRequest(assertionIDRequest, samlAuthorityEntityID, role, realm);
} catch (SAML2Exception se) {
SAML2Utils.debug.error("AssertionIDRequestUtil." + "processAssertionIDRequest:", se);
return SAML2Utils.getErrorResponse(assertionIDRequest, SAML2Constants.REQUESTER, null, se.getMessage(), samlAuthorityEntityID);
}
Issuer issuer = assertionIDRequest.getIssuer();
String spEntityID = issuer.getValue();
RoleDescriptorType roled = null;
try {
if (SAML2Constants.IDP_ROLE.equals(role)) {
roled = metaManager.getIDPSSODescriptor(realm, samlAuthorityEntityID);
} else if (SAML2Constants.AUTHN_AUTH_ROLE.equals(role)) {
roled = metaManager.getAuthnAuthorityDescriptor(realm, samlAuthorityEntityID);
} else if (SAML2Constants.ATTR_AUTH_ROLE.equals(role)) {
roled = metaManager.getAttributeAuthorityDescriptor(realm, samlAuthorityEntityID);
}
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error("AssertionIDRequestUtil." + "processAssertionIDRequest:", sme);
return SAML2Utils.getErrorResponse(assertionIDRequest, SAML2Constants.RESPONDER, null, sme.getMessage(), samlAuthorityEntityID);
}
if (roled == null) {
return SAML2Utils.getErrorResponse(assertionIDRequest, SAML2Constants.REQUESTER, null, SAML2Utils.bundle.getString("samlAuthorityNotFound"), samlAuthorityEntityID);
}
List returnAssertions = null;
List assertionIDRefs = assertionIDRequest.getAssertionIDRefs();
for (Iterator iter = assertionIDRefs.iterator(); iter.hasNext(); ) {
AssertionIDRef assertionIDRef = (AssertionIDRef) iter.next();
String assertionID = assertionIDRef.getValue();
Assertion assertion = (Assertion) IDPCache.assertionByIDCache.get(assertionID);
if ((assertion == null) && (SAML2FailoverUtils.isSAML2FailoverEnabled())) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AssertionIDRequestUtil.processAssertionIDRequest: " + "reading assertion from the SAML2 Token Repository using assertionID:" + assertionID);
}
String assertionStr = null;
try {
assertionStr = (String) SAML2FailoverUtils.retrieveSAML2Token(assertionID);
} catch (SAML2TokenRepositoryException se) {
SAML2Utils.debug.error("AssertionIDRequestUtil.processAssertionIDRequest: " + "There was a problem reading assertion from the SAML2 Token Repository using assertionID:" + assertionID, se);
}
if (assertionStr != null) {
assertion = AssertionFactory.getInstance().createAssertion(assertionStr);
}
}
if ((assertion != null) && (assertion.isTimeValid())) {
if (returnAssertions == null) {
returnAssertions = new ArrayList();
}
returnAssertions.add(assertion);
}
}
ProtocolFactory protocolFactory = ProtocolFactory.getInstance();
Response samlResp = protocolFactory.createResponse();
samlResp.setAssertion(returnAssertions);
samlResp.setID(SAML2Utils.generateID());
samlResp.setInResponseTo(assertionIDRequest.getID());
samlResp.setVersion(SAML2Constants.VERSION_2_0);
samlResp.setIssueInstant(new Date());
Status status = protocolFactory.createStatus();
StatusCode statusCode = protocolFactory.createStatusCode();
statusCode.setValue(SAML2Constants.SUCCESS);
status.setStatusCode(statusCode);
samlResp.setStatus(status);
Issuer respIssuer = AssertionFactory.getInstance().createIssuer();
respIssuer.setValue(samlAuthorityEntityID);
samlResp.setIssuer(respIssuer);
signResponse(samlResp, samlAuthorityEntityID, role, realm, false);
return samlResp;
}
Also used :
Status(com.sun.identity.saml2.protocol.Status)
Issuer(com.sun.identity.saml2.assertion.Issuer)
AssertionIDRef(com.sun.identity.saml2.assertion.AssertionIDRef)
Assertion(com.sun.identity.saml2.assertion.Assertion)
ArrayList(java.util.ArrayList)
StatusCode(com.sun.identity.saml2.protocol.StatusCode)
Date(java.util.Date)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory)
Response(com.sun.identity.saml2.protocol.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
RoleDescriptorType(com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType)
Iterator(java.util.Iterator)
List(java.util.List)
ArrayList(java.util.ArrayList)
SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 9 with RoleDescriptorType
use of com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType in project OpenAM by OpenRock.
the class SAML2MetaSecurityUtils method updateProviderKeyInfo.
/**
* Updates signing or encryption key info for SP or IDP.
* This will update both signing/encryption alias on extended metadata and
* certificates in standard metadata.
* @param realm Realm the entity resides.
* @param entityID ID of the entity to be updated.
* @param certAliases The set of certificate aliases to be set for the entity. If null or empty, existing key
* information will be removed from the SP or IDP.
* @param isSigning true if this is signing certificate alias, false if
* this is encryption certification alias.
* @param isIDP true if this is for IDP signing/encryption alias, false
* if this is for SP signing/encryption alias
* @param encAlgo Encryption algorithm URI, this is applicable for
* encryption cert only.
* @param keySize Encryption key size, this is applicable for
* encryption cert only.
* @throws SAML2MetaException if failed to update the certificate alias
* for the entity.
*/
public static void updateProviderKeyInfo(String realm, String entityID, Set<String> certAliases, boolean isSigning, boolean isIDP, String encAlgo, int keySize) throws SAML2MetaException {
SAML2MetaManager metaManager = new SAML2MetaManager();
EntityConfigElement config = metaManager.getEntityConfig(realm, entityID);
if (!config.isHosted()) {
String[] args = { entityID, realm };
throw new SAML2MetaException("entityNotHosted", args);
}
EntityDescriptorElement desp = metaManager.getEntityDescriptor(realm, entityID);
BaseConfigType baseConfig;
RoleDescriptorType descriptor;
if (isIDP) {
baseConfig = SAML2MetaUtils.getIDPSSOConfig(config);
descriptor = SAML2MetaUtils.getIDPSSODescriptor(desp);
if (baseConfig == null || descriptor == null) {
String[] args = { entityID, realm };
throw new SAML2MetaException("entityNotIDP", args);
}
} else {
baseConfig = SAML2MetaUtils.getSPSSOConfig(config);
descriptor = SAML2MetaUtils.getSPSSODescriptor(desp);
if (baseConfig == null || descriptor == null) {
String[] args = { entityID, realm };
throw new SAML2MetaException("entityNotSP", args);
}
}
// update standard metadata
if (CollectionUtils.isEmpty(certAliases)) {
// remove key info
removeKeyDescriptor(descriptor, isSigning);
if (isSigning) {
setExtendedAttributeValue(baseConfig, SAML2Constants.SIGNING_CERT_ALIAS, null);
} else {
setExtendedAttributeValue(baseConfig, SAML2Constants.ENCRYPTION_CERT_ALIAS, null);
}
} else {
Set<KeyDescriptorType> keyDescriptors = new LinkedHashSet<>(certAliases.size());
for (String certAlias : certAliases) {
keyDescriptors.add(getKeyDescriptor(certAlias, isSigning, encAlgo, keySize));
}
updateKeyDescriptor(descriptor, keyDescriptors);
// update extended metadata
if (isSigning) {
setExtendedAttributeValue(baseConfig, SAML2Constants.SIGNING_CERT_ALIAS, certAliases);
} else {
setExtendedAttributeValue(baseConfig, SAML2Constants.ENCRYPTION_CERT_ALIAS, certAliases);
}
}
metaManager.setEntityDescriptor(realm, desp);
metaManager.setEntityConfig(realm, config);
}
Also used :
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
LinkedHashSet(java.util.LinkedHashSet)
RoleDescriptorType(com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType)
KeyDescriptorType(com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
Example 10 with RoleDescriptorType
use of com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType in project OpenAM by OpenRock.
the class SAML2MetaSecurityUtils method updateKeyDescriptor.
private static void updateKeyDescriptor(RoleDescriptorType desp, Set<KeyDescriptorType> keyDescriptors) {
String use = keyDescriptors.iterator().next().getUse();
List<KeyDescriptorType> keys = desp.getKeyDescriptor();
Iterator<KeyDescriptorType> iterator = keys.iterator();
while (iterator.hasNext()) {
final KeyDescriptorType keyDescriptor = iterator.next();
if (keyDescriptor.getUse().equalsIgnoreCase(use)) {
iterator.remove();
}
}
desp.getKeyDescriptor().addAll(keyDescriptors);
}
Also used :
KeyDescriptorType(com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)6
KeyDescriptorType (com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType)5
RoleDescriptorType (com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType)5
ArrayList (java.util.ArrayList)4
Iterator (java.util.Iterator)4
List (java.util.List)4
X509Certificate (java.security.cert.X509Certificate)3
Issuer (com.sun.identity.saml2.assertion.Issuer)2
AssertionIDRequestServiceElement (com.sun.identity.saml2.jaxb.metadata.AssertionIDRequestServiceElement)2
AttributeAuthorityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)2
AuthnAuthorityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement)2
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)2
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)2
Response (com.sun.identity.saml2.protocol.Response)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
Assertion (com.sun.identity.saml2.assertion.Assertion)1
AssertionIDRef (com.sun.identity.saml2.assertion.AssertionIDRef)1
EncryptedID (com.sun.identity.saml2.assertion.EncryptedID)1
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)1
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)1
