Example 1 with SPSSODescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method createExtendedObject.
/**
* Creates the extended config object when it does not exist.
* @param realm the realm to which the entity belongs.
* @param entityName is the entity id.
* @param location indicates whether hosted or remote
* @param role can be SP, IDP or SP/IDP.
* @throws SAML2MetaException, JAXBException,
* AMConsoleException if saving of attribute value fails.
*/
private void createExtendedObject(String realm, String entityName, String location, String role) throws SAML2MetaException, JAXBException, AMConsoleException {
SAML2MetaManager samlManager = getSAML2MetaManager();
EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
ObjectFactory objFactory = new ObjectFactory();
EntityConfigElement entityConfigElement = objFactory.createEntityConfigElement();
entityConfigElement.setEntityID(entityName);
if (location.equals("remote")) {
entityConfigElement.setHosted(false);
} else {
entityConfigElement.setHosted(true);
}
List configList = entityConfigElement.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
BaseConfigType baseConfigIDP = null;
BaseConfigType baseConfigSP = null;
BaseConfigType baseConfigAuth = null;
AttributeAuthorityDescriptorElement attrauthDescriptor = samlManager.getAttributeAuthorityDescriptor(realm, entityName);
AuthnAuthorityDescriptorElement authnauthDescriptor = samlManager.getAuthnAuthorityDescriptor(realm, entityName);
AttributeQueryDescriptorElement attrQueryDescriptor = samlManager.getAttributeQueryDescriptor(realm, entityName);
IDPSSODescriptorElement idpssoDesc = samlManager.getIDPSSODescriptor(realm, entityName);
SPSSODescriptorElement spssoDesc = samlManager.getSPSSODescriptor(realm, entityName);
XACMLAuthzDecisionQueryDescriptorElement xacmlAuthzDescriptor = samlManager.getPolicyEnforcementPointDescriptor(realm, entityName);
XACMLPDPDescriptorElement xacmlPDPDescriptor = samlManager.getPolicyDecisionPointDescriptor(realm, entityName);
if (isDualRole(entityDescriptor)) {
baseConfigIDP = objFactory.createIDPSSOConfigElement();
baseConfigSP = objFactory.createSPSSOConfigElement();
baseConfigIDP = addAttributeType(extendedMetaIdpMap, baseConfigIDP);
baseConfigSP = addAttributeType(extendedMetaSpMap, baseConfigSP);
configList.add(baseConfigIDP);
configList.add(baseConfigSP);
} else if (role.equals(EntityModel.IDENTITY_PROVIDER) || (idpssoDesc != null)) {
baseConfigIDP = objFactory.createIDPSSOConfigElement();
baseConfigIDP = addAttributeType(extendedMetaIdpMap, baseConfigIDP);
configList.add(baseConfigIDP);
} else if (role.equals(EntityModel.SERVICE_PROVIDER) || (spssoDesc != null)) {
baseConfigSP = objFactory.createSPSSOConfigElement();
baseConfigSP = addAttributeType(extendedMetaSpMap, baseConfigSP);
configList.add(baseConfigSP);
}
if (role.equals(EntityModel.SAML_ATTRAUTHORITY) || (attrauthDescriptor != null)) {
baseConfigAuth = objFactory.createAttributeAuthorityConfigElement();
baseConfigAuth = addAttributeType(extAttrAuthMap, baseConfigAuth);
configList.add(baseConfigAuth);
}
if (role.equals(EntityModel.SAML_AUTHNAUTHORITY) || (authnauthDescriptor != null)) {
baseConfigAuth = objFactory.createAuthnAuthorityConfigElement();
baseConfigAuth = addAttributeType(extAuthnAuthMap, baseConfigAuth);
configList.add(baseConfigAuth);
}
if (role.equals(EntityModel.SAML_ATTRQUERY) || (attrQueryDescriptor != null)) {
baseConfigAuth = objFactory.createAttributeQueryConfigElement();
baseConfigAuth = addAttributeType(extattrQueryMap, baseConfigAuth);
configList.add(baseConfigAuth);
}
if (role.equals(EntityModel.POLICY_DECISION_POINT_DESCRIPTOR) || (xacmlPDPDescriptor != null)) {
baseConfigAuth = objFactory.createXACMLPDPConfigElement();
baseConfigAuth = addAttributeType(xacmlPDPExtendedMeta, baseConfigAuth);
configList.add(baseConfigAuth);
}
if (role.equals(EntityModel.POLICY_ENFORCEMENT_POINT_DESCRIPTOR) || (xacmlAuthzDescriptor != null)) {
baseConfigAuth = objFactory.createXACMLAuthzDecisionQueryConfigElement();
baseConfigAuth = addAttributeType(xacmlPEPExtendedMeta, baseConfigAuth);
configList.add(baseConfigAuth);
}
samlManager.setEntityConfig(realm, entityConfigElement);
}
Also used :
AuthnAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
XACMLPDPDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement)
AttributeQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)
List(java.util.List)
ArrayList(java.util.ArrayList)
XACMLAuthzDecisionQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLAuthzDecisionQueryDescriptorElement)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Example 2 with SPSSODescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method getStandardServiceProviderAttributes.
/**
* Returns a map with standard service provider attributes and values.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @return Map with standard attribute values of Service Provider.
* @throws AMConsoleException if unable to retrieve the Service Provider
* attrubutes based on the realm and entityName passed.
*/
public Map getStandardServiceProviderAttributes(String realm, String entityName) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "SP-Standard" };
logEvent("ATTEMPT_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
Map map = new HashMap();
SPSSODescriptorElement spssoDescriptor = null;
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
spssoDescriptor = samlManager.getSPSSODescriptor(realm, entityName);
if (spssoDescriptor != null) {
// retrieve WantAuthnRequestsSigned
map.put(IS_AUTHN_REQ_SIGNED, returnEmptySetIfValueIsNull(spssoDescriptor.isAuthnRequestsSigned()));
map.put(WANT_ASSERTIONS_SIGNED, returnEmptySetIfValueIsNull(spssoDescriptor.isWantAssertionsSigned()));
//retrieve SingleLogoutService
map.put(SP_SINGLE_LOGOUT_HTTP_LOCATION, Collections.EMPTY_SET);
map.put(SP_SINGLE_LOGOUT_HTTP_RESP_LOCATION, Collections.EMPTY_SET);
map.put(SP_SLO_POST_LOC, Collections.EMPTY_SET);
map.put(SP_SLO_POST_RESPLOC, Collections.EMPTY_SET);
map.put(SP_SINGLE_LOGOUT_SOAP_LOCATION, Collections.EMPTY_SET);
map.put(SP_LOGOUT_DEFAULT, Collections.EMPTY_SET);
List splogoutList = spssoDescriptor.getSingleLogoutService();
for (int i = 0; i < splogoutList.size(); i++) {
SingleLogoutServiceElement spslsElem = (SingleLogoutServiceElement) splogoutList.get(i);
String tmp = spslsElem.getBinding();
if (i == 0) {
map.put(SP_LOGOUT_DEFAULT, returnEmptySetIfValueIsNull(tmp));
}
if (tmp.contains(httpRedirect)) {
map.put(SP_SINGLE_LOGOUT_HTTP_LOCATION, returnEmptySetIfValueIsNull(spslsElem.getLocation()));
map.put(SP_SINGLE_LOGOUT_HTTP_RESP_LOCATION, returnEmptySetIfValueIsNull(spslsElem.getResponseLocation()));
} else if (tmp.contains(httpPost)) {
map.put(SP_SLO_POST_LOC, returnEmptySetIfValueIsNull(spslsElem.getLocation()));
map.put(SP_SLO_POST_RESPLOC, returnEmptySetIfValueIsNull(spslsElem.getResponseLocation()));
} else if (tmp.contains(soap)) {
map.put(SP_SINGLE_LOGOUT_SOAP_LOCATION, returnEmptySetIfValueIsNull(spslsElem.getLocation()));
}
}
//retrieve ManageNameIDService
map.put(SP_MANAGE_NAMEID_HTTP_LOCATION, Collections.EMPTY_SET);
map.put(SP_MANAGE_NAMEID_HTTP_RESP_LOCATION, Collections.EMPTY_SET);
map.put(SP_MNI_POST_LOC, Collections.EMPTY_SET);
map.put(SP_MNI_POST_RESPLOC, Collections.EMPTY_SET);
map.put(SP_MANAGE_NAMEID_SOAP_LOCATION, Collections.EMPTY_SET);
map.put(SP_MANAGE_NAMEID_SOAP_RESP_LOCATION, Collections.EMPTY_SET);
map.put(SP_MNI_DEFAULT, Collections.EMPTY_SET);
List manageNameIdList = spssoDescriptor.getManageNameIDService();
for (int i = 0; i < manageNameIdList.size(); i++) {
ManageNameIDServiceElement mniElem = (ManageNameIDServiceElement) manageNameIdList.get(i);
String tmp = mniElem.getBinding();
if (i == 0) {
map.put(SP_MNI_DEFAULT, returnEmptySetIfValueIsNull(tmp));
}
if (tmp.contains(httpRedirect)) {
map.put(SP_MANAGE_NAMEID_HTTP_LOCATION, returnEmptySetIfValueIsNull(mniElem.getLocation()));
map.put(SP_MANAGE_NAMEID_HTTP_RESP_LOCATION, returnEmptySetIfValueIsNull(mniElem.getResponseLocation()));
} else if (tmp.contains(httpPost)) {
map.put(SP_MNI_POST_LOC, returnEmptySetIfValueIsNull(mniElem.getLocation()));
map.put(SP_MNI_POST_RESPLOC, returnEmptySetIfValueIsNull(mniElem.getResponseLocation()));
} else if (tmp.contains(soap)) {
map.put(SP_MANAGE_NAMEID_SOAP_LOCATION, returnEmptySetIfValueIsNull(mniElem.getLocation()));
map.put(SP_MANAGE_NAMEID_SOAP_RESP_LOCATION, returnEmptySetIfValueIsNull(mniElem.getResponseLocation()));
}
}
//retrieve nameid format
map.put(NAMEID_FORMAT, (OrderedSet) convertListToSet(spssoDescriptor.getNameIDFormat()));
//retrieve key descriptor encryption details if present
map.put(TF_KEY_NAME, Collections.EMPTY_SET);
map.put(TF_ALGORITHM, Collections.EMPTY_SET);
if (spssoDescriptor.getKeyDescriptor() != null) {
getKeyandAlgorithm(spssoDescriptor, map);
}
}
logEvent("SUCCEED_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
} catch (SAML2MetaException e) {
debug.warning("SAMLv2ModelImpl.getStandardServiceProviderAttribute:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "SP-Standard", strError };
logEvent("FEDERATION_EXCEPTION_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", paramsEx);
throw new AMConsoleException(strError);
}
return map;
}
Also used :
ManageNameIDServiceElement(com.sun.identity.saml2.jaxb.metadata.ManageNameIDServiceElement)
SingleLogoutServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement)
HashMap(java.util.HashMap)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
List(java.util.List)
ArrayList(java.util.ArrayList)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Map(java.util.Map)
HashMap(java.util.HashMap)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 3 with SPSSODescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method setSPStdAttributeValues.
/**
* Saves the standard attribute values for the Service Provider.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @param spStdValues Map which contains the standard attribute values.
* @param assertionConsumer List with assertion consumer service values.
* @throws AMConsoleException if saving of attribute value fails.
*/
public void setSPStdAttributeValues(String realm, String entityName, Map spStdValues, List assertionConsumer) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "SP-Standard" };
logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
SPSSODescriptorElement spssoDescriptor = null;
com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact = new com.sun.identity.saml2.jaxb.metadata.ObjectFactory();
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
spssoDescriptor = samlManager.getSPSSODescriptor(realm, entityName);
if (spssoDescriptor != null) {
// save for Single Logout Service - Http-Redirect
if (spStdValues.keySet().contains(SP_SINGLE_LOGOUT_HTTP_LOCATION)) {
String lohttpLocation = getResult(spStdValues, SP_SINGLE_LOGOUT_HTTP_LOCATION);
String lohttpRespLocation = getResult(spStdValues, SP_SINGLE_LOGOUT_HTTP_RESP_LOCATION);
String lopostLocation = getResult(spStdValues, SP_SLO_POST_LOC);
String lopostRespLocation = getResult(spStdValues, SP_SLO_POST_RESPLOC);
String losoapLocation = getResult(spStdValues, SP_SINGLE_LOGOUT_SOAP_LOCATION);
String priority = getResult(spStdValues, SP_LOGOUT_DEFAULT);
if (priority.contains("none")) {
if (lohttpLocation != null) {
priority = httpRedirectBinding;
} else if (lopostLocation != null) {
priority = httpPostBinding;
} else if (losoapLocation != null) {
priority = soapBinding;
}
}
List logList = spssoDescriptor.getSingleLogoutService();
if (!logList.isEmpty()) {
logList.clear();
}
if (priority != null && priority.contains("HTTP-Redirect")) {
savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
savepostLogout(lopostLocation, lopostRespLocation, logList, objFact);
savesoapLogout(losoapLocation, logList, objFact);
} else if (priority != null && priority.contains("HTTP-POST")) {
savepostLogout(lopostLocation, lopostRespLocation, logList, objFact);
savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
savesoapLogout(losoapLocation, logList, objFact);
} else if (priority != null && priority.contains("SOAP")) {
savesoapLogout(losoapLocation, logList, objFact);
savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
savepostLogout(lopostLocation, lopostRespLocation, logList, objFact);
}
}
// save for Manage Name ID Service
if (spStdValues.keySet().contains(SP_MANAGE_NAMEID_HTTP_LOCATION)) {
String mnihttpLocation = getResult(spStdValues, SP_MANAGE_NAMEID_HTTP_LOCATION);
String mnihttpRespLocation = getResult(spStdValues, SP_MANAGE_NAMEID_HTTP_RESP_LOCATION);
String mnipostLocation = getResult(spStdValues, SP_MNI_POST_LOC);
String mnipostRespLocation = getResult(spStdValues, SP_MNI_POST_RESPLOC);
String mnisoapLocation = getResult(spStdValues, SP_MANAGE_NAMEID_SOAP_LOCATION);
String mnisoapResLocation = getResult(spStdValues, SP_MANAGE_NAMEID_SOAP_RESP_LOCATION);
String priority = getResult(spStdValues, SP_MNI_DEFAULT);
if (priority.contains("none")) {
if (mnihttpLocation != null) {
priority = httpRedirectBinding;
} else if (mnipostLocation != null) {
priority = httpPostBinding;
} else if (mnisoapLocation != null) {
priority = soapBinding;
}
}
List manageNameIdList = spssoDescriptor.getManageNameIDService();
if (!manageNameIdList.isEmpty()) {
manageNameIdList.clear();
}
if (priority != null && priority.contains("HTTP-Redirect")) {
savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
saveSPsoapMni(mnisoapLocation, mnisoapResLocation, manageNameIdList, objFact);
} else if (priority != null && priority.contains("HTTP-POST")) {
savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
saveSPsoapMni(mnisoapLocation, mnisoapResLocation, manageNameIdList, objFact);
} else if (priority != null && priority.contains("SOAP")) {
saveSPsoapMni(mnisoapLocation, mnisoapResLocation, manageNameIdList, objFact);
savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
}
}
//save for artifact, post and paos Assertion Consumer Service
if (!assertionConsumer.isEmpty() && assertionConsumer.size() > 0) {
List asconsServiceList = spssoDescriptor.getAssertionConsumerService();
if (!asconsServiceList.isEmpty()) {
asconsServiceList.clear();
}
asconsServiceList.addAll(assertionConsumer);
}
//save nameid format
if (spStdValues.keySet().contains(NAMEID_FORMAT)) {
saveNameIdFormat(spssoDescriptor, spStdValues);
}
//save AuthnRequestsSigned
if (spStdValues.keySet().contains(IS_AUTHN_REQ_SIGNED)) {
boolean authnValue = setToBoolean(spStdValues, IS_AUTHN_REQ_SIGNED);
spssoDescriptor.setAuthnRequestsSigned(authnValue);
}
//save WantAssertionsSigned
if (spStdValues.keySet().contains(WANT_ASSERTIONS_SIGNED)) {
boolean assertValue = setToBoolean(spStdValues, WANT_ASSERTIONS_SIGNED);
spssoDescriptor.setWantAssertionsSigned(assertValue);
}
samlManager.setEntityDescriptor(realm, entityDescriptor);
}
logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
} catch (SAML2MetaException e) {
debug.warning("SAMLv2ModelImpl.setSPStdAttributeValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "SP-Standard", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(strError);
} catch (JAXBException e) {
debug.error("SAMLv2ModelImpl.setSPStdAttributeValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "SP-Standard", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
}
}
Also used :
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
JAXBException(javax.xml.bind.JAXBException)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)
List(java.util.List)
ArrayList(java.util.ArrayList)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 4 with SPSSODescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method getAssertionConsumerServices.
/**
* Returns a List with Assertion Consumer Service attributes and values.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @return List with Assertion Consumer values of Service Provider.
* @throws AMConsoleException if unable to retrieve the Service Provider
* Assertion Consumer values based on the realm and entityName passed.
*/
public List getAssertionConsumerServices(String realm, String entityName) throws AMConsoleException {
List asconsServiceList = null;
SPSSODescriptorElement spssoDescriptor = null;
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
spssoDescriptor = samlManager.getSPSSODescriptor(realm, entityName);
if (spssoDescriptor != null) {
asconsServiceList = spssoDescriptor.getAssertionConsumerService();
}
} catch (SAML2MetaException e) {
if (debug.warningEnabled()) {
debug.warning("SAMLv2ModelImpl.getAssertionConsumerService", e);
}
throw new AMConsoleException(getErrorString(e));
}
return asconsServiceList;
}
Also used :
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
List(java.util.List)
ArrayList(java.util.ArrayList)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 5 with SPSSODescriptorElement
use of com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement in project OpenAM by OpenRock.
the class SAML2 method initiateSAMLLoginAtIDP.
/**
* Performs similar to SPSSOFederate.initiateAuthnRequest by returning to the next auth stage
* with a redirect (either GET or POST depending on the config) which triggers remote IdP authentication.
*/
private int initiateSAMLLoginAtIDP(final HttpServletResponse response, final HttpServletRequest request) throws SAML2Exception, AuthLoginException {
if (reqBinding == null) {
reqBinding = SAML2Constants.HTTP_REDIRECT;
}
final String spEntityID = SPSSOFederate.getSPEntityId(metaAlias);
final IDPSSODescriptorElement idpsso = SPSSOFederate.getIDPSSOForAuthnReq(realm, entityName);
final SPSSODescriptorElement spsso = SPSSOFederate.getSPSSOForAuthnReq(realm, spEntityID);
if (idpsso == null || spsso == null) {
return processError(bundle.getString("samlLocalConfigFailed"), "SAML2 :: initiateSAMLLoginAtIDP() : {}", bundle.getString("samlLocalConfigFailed"));
}
final String ssoURL = SPSSOFederate.getSSOURL(idpsso.getSingleSignOnService(), reqBinding);
final List extensionsList = SPSSOFederate.getExtensionsList(spEntityID, realm);
final Map<String, Collection<String>> spConfigAttrsMap = SPSSOFederate.getAttrsMapForAuthnReq(realm, spEntityID);
authnRequest = SPSSOFederate.createAuthnRequest(realm, spEntityID, params, spConfigAttrsMap, extensionsList, spsso, idpsso, ssoURL, false);
final AuthnRequestInfo reqInfo = new AuthnRequestInfo(request, response, realm, spEntityID, null, authnRequest, null, params);
synchronized (SPCache.requestHash) {
SPCache.requestHash.put(authnRequest.getID(), reqInfo);
}
saveAuthnRequest(authnRequest, reqInfo);
final Callback[] nextCallbacks = getCallback(REDIRECT);
final RedirectCallback redirectCallback = (RedirectCallback) nextCallbacks[0];
setCookiesForRedirects(request, response);
//we only handle Redirect and POST
if (SAML2Constants.HTTP_POST.equals(reqBinding)) {
final String postMsg = SPSSOFederate.getPostBindingMsg(idpsso, spsso, spConfigAttrsMap, authnRequest);
configurePostRedirectCallback(postMsg, ssoURL, redirectCallback);
} else {
final String authReqXMLString = authnRequest.toXMLString(true, true);
final String redirectUrl = SPSSOFederate.getRedirect(authReqXMLString, null, ssoURL, idpsso, spsso, spConfigAttrsMap);
configureGetRedirectCallback(redirectUrl, redirectCallback);
}
return REDIRECT;
}
Also used :
RedirectCallback(com.sun.identity.authentication.spi.RedirectCallback)
Callback(javax.security.auth.callback.Callback)
PagePropertiesCallback(com.sun.identity.authentication.spi.PagePropertiesCallback)
RedirectCallback(com.sun.identity.authentication.spi.RedirectCallback)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
AuthnRequestInfo(com.sun.identity.saml2.profile.AuthnRequestInfo)
Collection(java.util.Collection)
List(java.util.List)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Aggregations
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)47
List (java.util.List)32
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)29
ArrayList (java.util.ArrayList)25
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)19
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)18
X509Certificate (java.security.cert.X509Certificate)11
SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)10
Iterator (java.util.Iterator)10
Map (java.util.Map)10
AssertionConsumerServiceElement (com.sun.identity.saml2.jaxb.metadata.AssertionConsumerServiceElement)9
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)9
SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)8
Issuer (com.sun.identity.saml2.assertion.Issuer)7
AuthnRequest (com.sun.identity.saml2.protocol.AuthnRequest)7
IOException (java.io.IOException)7
HashMap (java.util.HashMap)7
SessionException (com.sun.identity.plugin.session.SessionException)6
EncryptedID (com.sun.identity.saml2.assertion.EncryptedID)5
EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)5
