Examples with XACMLPDPDescriptorElement com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement used on opensource projects

Example 1 with XACMLPDPDescriptorElement

use of com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement in project OpenAM by OpenRock.

the class SAML2COTUtils method updateEntityConfig.

/**
     * Updates the entity config to add the circle of turst name to the
     * <code>cotlist</code> attribute. The Service Provider and Identity
     * Provider Configuration are updated.
     *
     * @param realm the realm name where the entity configuration is.
     * @param name the circle of trust name.
     * @param entityId the name of the Entity identifier.
     * @throws SAML2MetaException if there is a configuration error when
     *         updating the configuration.
     * @throws JAXBException is there is an error updating the entity
     *          configuration.
     */
public void updateEntityConfig(String realm, String name, String entityId) throws SAML2MetaException, JAXBException {
    String classMethod = "SAML2COTUtils.updateEntityConfig: ";
    SAML2MetaManager metaManager = null;
    if (callerSession == null) {
        metaManager = new SAML2MetaManager();
    } else {
        metaManager = new SAML2MetaManager(callerSession);
    }
    ObjectFactory objFactory = new ObjectFactory();
    // Check whether the entity id existed in the DS
    EntityDescriptorElement edes = metaManager.getEntityDescriptor(realm, entityId);
    if (edes == null) {
        debug.error(classMethod + "No such entity: " + entityId);
        String[] data = { realm, entityId };
        throw new SAML2MetaException("entityid_invalid", data);
    }
    boolean isAffiliation = false;
    if (metaManager.getAffiliationDescriptor(realm, entityId) != null) {
        isAffiliation = true;
    }
    if (debug.messageEnabled()) {
        debug.message(classMethod + "is " + entityId + " in realm " + realm + " an affiliation? " + isAffiliation);
    }
    EntityConfigElement eConfig = metaManager.getEntityConfig(realm, entityId);
    if (eConfig == null) {
        BaseConfigType bctype = null;
        AttributeType atype = objFactory.createAttributeType();
        atype.setName(SAML2Constants.COT_LIST);
        atype.getValue().add(name);
        // add to eConfig
        EntityConfigElement ele = objFactory.createEntityConfigElement();
        ele.setEntityID(entityId);
        ele.setHosted(false);
        if (isAffiliation) {
            // handle affiliation case
            bctype = objFactory.createAffiliationConfigElement();
            bctype.getAttribute().add(atype);
            ele.setAffiliationConfig(bctype);
        } else {
            List ll = ele.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
            // Decide which role EntityDescriptorElement includes
            List list = edes.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
            for (Iterator iter = list.iterator(); iter.hasNext(); ) {
                Object obj = iter.next();
                if (obj instanceof SPSSODescriptorElement) {
                    bctype = objFactory.createSPSSOConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                } else if (obj instanceof IDPSSODescriptorElement) {
                    bctype = objFactory.createIDPSSOConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                } else if (obj instanceof XACMLPDPDescriptorElement) {
                    bctype = objFactory.createXACMLPDPConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                } else if (obj instanceof XACMLAuthzDecisionQueryDescriptorElement) {
                    bctype = objFactory.createXACMLAuthzDecisionQueryConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                } else if (obj instanceof AttributeAuthorityDescriptorElement) {
                    bctype = objFactory.createAttributeAuthorityConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                } else if (obj instanceof AttributeQueryDescriptorElement) {
                    bctype = objFactory.createAttributeQueryConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                } else if (obj instanceof AuthnAuthorityDescriptorElement) {
                    bctype = objFactory.createAuthnAuthorityConfigElement();
                    bctype.getAttribute().add(atype);
                    ll.add(bctype);
                }
            }
        }
        metaManager.setEntityConfig(realm, ele);
    } else {
        boolean needToSave = true;
        List elist = null;
        if (isAffiliation) {
            AffiliationConfigElement affiliationCfgElm = metaManager.getAffiliationConfig(realm, entityId);
            elist = new ArrayList();
            elist.add(affiliationCfgElm);
        } else {
            elist = eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
        }
        for (Iterator iter = elist.iterator(); iter.hasNext(); ) {
            boolean foundCOT = false;
            BaseConfigType bConfig = (BaseConfigType) iter.next();
            List list = bConfig.getAttribute();
            for (Iterator iter2 = list.iterator(); iter2.hasNext(); ) {
                AttributeType avp = (AttributeType) iter2.next();
                if (avp.getName().trim().equalsIgnoreCase(SAML2Constants.COT_LIST)) {
                    foundCOT = true;
                    List avpl = avp.getValue();
                    if (avpl.isEmpty() || !containsValue(avpl, name)) {
                        avpl.add(name);
                        needToSave = true;
                        break;
                    }
                }
            }
            // no cot_list in the original entity config
            if (!foundCOT) {
                AttributeType atype = objFactory.createAttributeType();
                atype.setName(SAML2Constants.COT_LIST);
                atype.getValue().add(name);
                list.add(atype);
                needToSave = true;
            }
        }
        if (needToSave) {
            metaManager.setEntityConfig(realm, eConfig);
        }
    }
}

Example 2 with XACMLPDPDescriptorElement

use of com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method createExtendedObject.

/**
     * Creates the extended config object when it does not exist.
     * @param realm the realm to which the entity belongs.
     * @param entityName is the entity id.
     * @param location indicates whether hosted or remote
     * @param role can be SP, IDP or SP/IDP.
     * @throws SAML2MetaException, JAXBException,
     *     AMConsoleException if saving of attribute value fails.
     */
private void createExtendedObject(String realm, String entityName, String location, String role) throws SAML2MetaException, JAXBException, AMConsoleException {
    SAML2MetaManager samlManager = getSAML2MetaManager();
    EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
    ObjectFactory objFactory = new ObjectFactory();
    EntityConfigElement entityConfigElement = objFactory.createEntityConfigElement();
    entityConfigElement.setEntityID(entityName);
    if (location.equals("remote")) {
        entityConfigElement.setHosted(false);
    } else {
        entityConfigElement.setHosted(true);
    }
    List configList = entityConfigElement.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
    BaseConfigType baseConfigIDP = null;
    BaseConfigType baseConfigSP = null;
    BaseConfigType baseConfigAuth = null;
    AttributeAuthorityDescriptorElement attrauthDescriptor = samlManager.getAttributeAuthorityDescriptor(realm, entityName);
    AuthnAuthorityDescriptorElement authnauthDescriptor = samlManager.getAuthnAuthorityDescriptor(realm, entityName);
    AttributeQueryDescriptorElement attrQueryDescriptor = samlManager.getAttributeQueryDescriptor(realm, entityName);
    IDPSSODescriptorElement idpssoDesc = samlManager.getIDPSSODescriptor(realm, entityName);
    SPSSODescriptorElement spssoDesc = samlManager.getSPSSODescriptor(realm, entityName);
    XACMLAuthzDecisionQueryDescriptorElement xacmlAuthzDescriptor = samlManager.getPolicyEnforcementPointDescriptor(realm, entityName);
    XACMLPDPDescriptorElement xacmlPDPDescriptor = samlManager.getPolicyDecisionPointDescriptor(realm, entityName);
    if (isDualRole(entityDescriptor)) {
        baseConfigIDP = objFactory.createIDPSSOConfigElement();
        baseConfigSP = objFactory.createSPSSOConfigElement();
        baseConfigIDP = addAttributeType(extendedMetaIdpMap, baseConfigIDP);
        baseConfigSP = addAttributeType(extendedMetaSpMap, baseConfigSP);
        configList.add(baseConfigIDP);
        configList.add(baseConfigSP);
    } else if (role.equals(EntityModel.IDENTITY_PROVIDER) || (idpssoDesc != null)) {
        baseConfigIDP = objFactory.createIDPSSOConfigElement();
        baseConfigIDP = addAttributeType(extendedMetaIdpMap, baseConfigIDP);
        configList.add(baseConfigIDP);
    } else if (role.equals(EntityModel.SERVICE_PROVIDER) || (spssoDesc != null)) {
        baseConfigSP = objFactory.createSPSSOConfigElement();
        baseConfigSP = addAttributeType(extendedMetaSpMap, baseConfigSP);
        configList.add(baseConfigSP);
    }
    if (role.equals(EntityModel.SAML_ATTRAUTHORITY) || (attrauthDescriptor != null)) {
        baseConfigAuth = objFactory.createAttributeAuthorityConfigElement();
        baseConfigAuth = addAttributeType(extAttrAuthMap, baseConfigAuth);
        configList.add(baseConfigAuth);
    }
    if (role.equals(EntityModel.SAML_AUTHNAUTHORITY) || (authnauthDescriptor != null)) {
        baseConfigAuth = objFactory.createAuthnAuthorityConfigElement();
        baseConfigAuth = addAttributeType(extAuthnAuthMap, baseConfigAuth);
        configList.add(baseConfigAuth);
    }
    if (role.equals(EntityModel.SAML_ATTRQUERY) || (attrQueryDescriptor != null)) {
        baseConfigAuth = objFactory.createAttributeQueryConfigElement();
        baseConfigAuth = addAttributeType(extattrQueryMap, baseConfigAuth);
        configList.add(baseConfigAuth);
    }
    if (role.equals(EntityModel.POLICY_DECISION_POINT_DESCRIPTOR) || (xacmlPDPDescriptor != null)) {
        baseConfigAuth = objFactory.createXACMLPDPConfigElement();
        baseConfigAuth = addAttributeType(xacmlPDPExtendedMeta, baseConfigAuth);
        configList.add(baseConfigAuth);
    }
    if (role.equals(EntityModel.POLICY_ENFORCEMENT_POINT_DESCRIPTOR) || (xacmlAuthzDescriptor != null)) {
        baseConfigAuth = objFactory.createXACMLAuthzDecisionQueryConfigElement();
        baseConfigAuth = addAttributeType(xacmlPEPExtendedMeta, baseConfigAuth);
        configList.add(baseConfigAuth);
    }
    samlManager.setEntityConfig(realm, entityConfigElement);
}

Example 3 with XACMLPDPDescriptorElement

use of com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement in project OpenAM by OpenRock.

the class SAML2Test method importEntity.

@Test(groups = { "samlv2", "samlv2op" }, dependsOnMethods = { "createMetaTemplate" })
public void importEntity() throws CLIException, SAML2MetaException {
    entering("importEntity", null);
    String[] args = { "import-entity", CLIConstants.PREFIX_ARGUMENT_LONG + FedCLIConstants.ARGUMENT_METADATA, "meta", CLIConstants.PREFIX_ARGUMENT_LONG + FedCLIConstants.ARGUMENT_EXTENDED_DATA, "extended", CLIConstants.PREFIX_ARGUMENT_LONG + FedCLIConstants.ARGUMENT_COT, NAME_COT, CLIConstants.PREFIX_ARGUMENT_LONG + FedCLIConstants.SPECIFICATION_VERSION, FedCLIConstants.SAML2_SPECIFICATION };
    CLIRequest req = new CLIRequest(null, args, getAdminSSOToken());
    cmdManager.addToRequestQueue(req);
    cmdManager.serviceRequestQueue();
    SAML2MetaManager mgr = new SAML2MetaManager();
    EntityDescriptorElement entity = mgr.getEntityDescriptor("/", NAME_IDP);
    assert (entity != null);
    SPSSODescriptorElement spElt = mgr.getSPSSODescriptor("/", NAME_IDP);
    assert (spElt != null);
    IDPSSODescriptorElement idpElt = mgr.getIDPSSODescriptor("/", NAME_IDP);
    assert (idpElt != null);
    XACMLPDPDescriptorElement pdpElt = mgr.getPolicyDecisionPointDescriptor("/", NAME_IDP);
    assert (pdpElt != null);
    XACMLAuthzDecisionQueryDescriptorElement pepElt = mgr.getPolicyEnforcementPointDescriptor("/", NAME_IDP);
    assert (pepElt != null);
    IDPSSOConfigElement idpConfig = mgr.getIDPSSOConfig("/", NAME_IDP);
    assert (idpConfig != null);
    SPSSOConfigElement spConfig = mgr.getSPSSOConfig("/", NAME_IDP);
    assert (spConfig != null);
    XACMLPDPConfigElement pdpConfig = mgr.getPolicyDecisionPointConfig("/", NAME_IDP);
    assert (pdpConfig != null);
    XACMLAuthzDecisionQueryConfigElement pepConfig = mgr.getPolicyEnforcementPointConfig("/", NAME_IDP);
    assert (pepConfig != null);
    exiting("importEntity");
}

Example 4 with XACMLPDPDescriptorElement

use of com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method updatePDPDescriptor.

/**
     * Save standard metadata for PDP descriptor.
     *
     * @param realm realm of Entity.
     * @param entityName entity name of Entity Descriptor.
     * @param attrValues key-value pair Map of PDP standed data.
     * @throws AMConsoleException if fails to modify/save the PDP
     *         standard metadata attribute
     */
public void updatePDPDescriptor(String realm, String entityName, Map attrValues) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "XACML PDP" };
    logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
    try {
        SAML2MetaManager saml2Manager = getSAML2MetaManager();
        EntityDescriptorElement entityDescriptor = saml2Manager.getEntityDescriptor(realm, entityName);
        XACMLPDPDescriptorElement pdpDescriptor = saml2Manager.getPolicyDecisionPointDescriptor(realm, entityName);
        if (pdpDescriptor != null) {
            List authzServiceList = pdpDescriptor.getXACMLAuthzService();
            if (authzServiceList.size() != 0) {
                XACMLAuthzServiceElement authzService = (XACMLAuthzServiceElement) authzServiceList.get(0);
                authzService.setLocation((String) AMAdminUtils.getValue((Set) attrValues.get(ATTR_XACML_AUTHZ_SERVICE_LOCATION)));
            }
        }
        saml2Manager.setEntityDescriptor(realm, entityDescriptor);
        logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
    } catch (SAML2MetaException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "XACML PDP", strError };
        logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
        throw new AMConsoleException(strError);
    }
}

Example 5 with XACMLPDPDescriptorElement

use of com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method getPDPDescriptor.

/**
     * Returns a Map of PDP descriptor data.(Standard Metadata)
     *
     * @param realm realm of Entity
     * @param entityName entity name of Entity Descriptor.
     * @return key-value pair Map of PDP descriptor data.
     * @throws AMConsoleException if unable to retrieve the PDP
     *         standard metadata attribute
     */
public Map getPDPDescriptor(String realm, String entityName) throws AMConsoleException {
    String[] params = { realm, entityName, "SAMLv2", "XACML PDP" };
    logEvent("ATTEMPT_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
    Map data = null;
    try {
        SAML2MetaManager saml2Manager = getSAML2MetaManager();
        XACMLPDPDescriptorElement xacmlPDPDescriptor = saml2Manager.getPolicyDecisionPointDescriptor(realm, entityName);
        if (xacmlPDPDescriptor != null) {
            data = new HashMap(10);
            //ProtocolSupportEnum
            data.put(ATTR_TXT_PROTOCOL_SUPPORT_ENUM, returnEmptySetIfValueIsNull(xacmlPDPDescriptor.getProtocolSupportEnumeration()));
            List authzServiceList = xacmlPDPDescriptor.getXACMLAuthzService();
            if (authzServiceList.size() != 0) {
                XACMLAuthzServiceElement authzService = (XACMLAuthzServiceElement) authzServiceList.get(0);
                data.put(ATTR_XACML_AUTHZ_SERVICE_BINDING, returnEmptySetIfValueIsNull(authzService.getBinding()));
                data.put(ATTR_XACML_AUTHZ_SERVICE_LOCATION, returnEmptySetIfValueIsNull(authzService.getLocation()));
            }
        }
        logEvent("SUCCEED_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params);
    } catch (SAML2MetaException e) {
        String strError = getErrorString(e);
        String[] paramsEx = { realm, entityName, "SAMLv2", "XACML PDP", strError };
        logEvent("FEDERATION_EXCEPTION_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", paramsEx);
        throw new AMConsoleException(strError);
    }
    return (data != null) ? data : Collections.EMPTY_MAP;
}