use of com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement in project OpenAM by OpenRock.
the class SAML2COTUtils method updateEntityConfig.
/**
* Updates the entity config to add the circle of turst name to the
* <code>cotlist</code> attribute. The Service Provider and Identity
* Provider Configuration are updated.
*
* @param realm the realm name where the entity configuration is.
* @param name the circle of trust name.
* @param entityId the name of the Entity identifier.
* @throws SAML2MetaException if there is a configuration error when
* updating the configuration.
* @throws JAXBException is there is an error updating the entity
* configuration.
*/
public void updateEntityConfig(String realm, String name, String entityId) throws SAML2MetaException, JAXBException {
String classMethod = "SAML2COTUtils.updateEntityConfig: ";
SAML2MetaManager metaManager = null;
if (callerSession == null) {
metaManager = new SAML2MetaManager();
} else {
metaManager = new SAML2MetaManager(callerSession);
}
ObjectFactory objFactory = new ObjectFactory();
// Check whether the entity id existed in the DS
EntityDescriptorElement edes = metaManager.getEntityDescriptor(realm, entityId);
if (edes == null) {
debug.error(classMethod + "No such entity: " + entityId);
String[] data = { realm, entityId };
throw new SAML2MetaException("entityid_invalid", data);
}
boolean isAffiliation = false;
if (metaManager.getAffiliationDescriptor(realm, entityId) != null) {
isAffiliation = true;
}
if (debug.messageEnabled()) {
debug.message(classMethod + "is " + entityId + " in realm " + realm + " an affiliation? " + isAffiliation);
}
EntityConfigElement eConfig = metaManager.getEntityConfig(realm, entityId);
if (eConfig == null) {
BaseConfigType bctype = null;
AttributeType atype = objFactory.createAttributeType();
atype.setName(SAML2Constants.COT_LIST);
atype.getValue().add(name);
// add to eConfig
EntityConfigElement ele = objFactory.createEntityConfigElement();
ele.setEntityID(entityId);
ele.setHosted(false);
if (isAffiliation) {
// handle affiliation case
bctype = objFactory.createAffiliationConfigElement();
bctype.getAttribute().add(atype);
ele.setAffiliationConfig(bctype);
} else {
List ll = ele.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
// Decide which role EntityDescriptorElement includes
List list = edes.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
for (Iterator iter = list.iterator(); iter.hasNext(); ) {
Object obj = iter.next();
if (obj instanceof SPSSODescriptorElement) {
bctype = objFactory.createSPSSOConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof IDPSSODescriptorElement) {
bctype = objFactory.createIDPSSOConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof XACMLPDPDescriptorElement) {
bctype = objFactory.createXACMLPDPConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof XACMLAuthzDecisionQueryDescriptorElement) {
bctype = objFactory.createXACMLAuthzDecisionQueryConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof AttributeAuthorityDescriptorElement) {
bctype = objFactory.createAttributeAuthorityConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof AttributeQueryDescriptorElement) {
bctype = objFactory.createAttributeQueryConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof AuthnAuthorityDescriptorElement) {
bctype = objFactory.createAuthnAuthorityConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
}
}
}
metaManager.setEntityConfig(realm, ele);
} else {
boolean needToSave = true;
List elist = null;
if (isAffiliation) {
AffiliationConfigElement affiliationCfgElm = metaManager.getAffiliationConfig(realm, entityId);
elist = new ArrayList();
elist.add(affiliationCfgElm);
} else {
elist = eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
}
for (Iterator iter = elist.iterator(); iter.hasNext(); ) {
boolean foundCOT = false;
BaseConfigType bConfig = (BaseConfigType) iter.next();
List list = bConfig.getAttribute();
for (Iterator iter2 = list.iterator(); iter2.hasNext(); ) {
AttributeType avp = (AttributeType) iter2.next();
if (avp.getName().trim().equalsIgnoreCase(SAML2Constants.COT_LIST)) {
foundCOT = true;
List avpl = avp.getValue();
if (avpl.isEmpty() || !containsValue(avpl, name)) {
avpl.add(name);
needToSave = true;
break;
}
}
}
// no cot_list in the original entity config
if (!foundCOT) {
AttributeType atype = objFactory.createAttributeType();
atype.setName(SAML2Constants.COT_LIST);
atype.getValue().add(name);
list.add(atype);
needToSave = true;
}
}
if (needToSave) {
metaManager.setEntityConfig(realm, eConfig);
}
}
}
use of com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement in project OpenAM by OpenRock.
the class AttributeQueryUtil method encryptAssertion.
private static EncryptedAssertion encryptAssertion(Assertion assertion, EncryptedID encryptedID, String attrAuthorityEntityID, String requesterEntityID, String realm, String attrQueryProfileAlias) throws SAML2Exception {
SecretKey secretKey = EncManager.getEncInstance().getSecretKey(encryptedID.toXMLString(true, true), KeyUtil.getDecryptionKeys(realm, attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE));
AttributeQueryDescriptorElement aqd = metaManager.getAttributeQueryDescriptor(realm, requesterEntityID);
EncInfo encInfo = KeyUtil.getEncInfo(aqd, requesterEntityID, SAML2Constants.ATTR_QUERY_ROLE);
Element el = EncManager.getEncInstance().encrypt(assertion.toXMLString(true, true), encInfo.getWrappingKey(), secretKey, encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength(), requesterEntityID, "EncryptedAssertion");
return AssertionFactory.getInstance().createEncryptedAssertion(el);
}
use of com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement in project OpenAM by OpenRock.
the class AttributeQueryUtil method verifyAttrQuerySignature.
/**
* Checks if the attribute query signature is valid.
*
* @param attrQuery attribute query
* @param attrAuthorityEntityID entity ID of attribute authority
* @param realm the realm of hosted entity
*
* @exception SAML2Exception if the attribute query signature is not valid.
*/
public static void verifyAttrQuerySignature(AttributeQuery attrQuery, String attrAuthorityEntityID, String realm) throws SAML2Exception {
if (!attrQuery.isSigned()) {
throw new SAML2Exception(SAML2Utils.bundle.getString("attrQueryNotSigned"));
}
String requestedEntityID = attrQuery.getIssuer().getValue();
AttributeQueryDescriptorElement attrqDesc = metaManager.getAttributeQueryDescriptor(realm, requestedEntityID);
if (attrqDesc == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("attrQueryIssuerNotFound"));
}
Set<X509Certificate> signingCerts = KeyUtil.getVerificationCerts(attrqDesc, requestedEntityID, SAML2Constants.ATTR_QUERY_ROLE);
if (!signingCerts.isEmpty()) {
boolean valid = attrQuery.isSignatureValid(signingCerts);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.verifyAttributeQuery: " + "Signature validity is : " + valid);
}
if (!valid) {
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignatureAttrQuery"));
}
} else {
throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
}
}
use of com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method createExtendedObject.
/**
* Creates the extended config object when it does not exist.
* @param realm the realm to which the entity belongs.
* @param entityName is the entity id.
* @param location indicates whether hosted or remote
* @param role can be SP, IDP or SP/IDP.
* @throws SAML2MetaException, JAXBException,
* AMConsoleException if saving of attribute value fails.
*/
private void createExtendedObject(String realm, String entityName, String location, String role) throws SAML2MetaException, JAXBException, AMConsoleException {
SAML2MetaManager samlManager = getSAML2MetaManager();
EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
ObjectFactory objFactory = new ObjectFactory();
EntityConfigElement entityConfigElement = objFactory.createEntityConfigElement();
entityConfigElement.setEntityID(entityName);
if (location.equals("remote")) {
entityConfigElement.setHosted(false);
} else {
entityConfigElement.setHosted(true);
}
List configList = entityConfigElement.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
BaseConfigType baseConfigIDP = null;
BaseConfigType baseConfigSP = null;
BaseConfigType baseConfigAuth = null;
AttributeAuthorityDescriptorElement attrauthDescriptor = samlManager.getAttributeAuthorityDescriptor(realm, entityName);
AuthnAuthorityDescriptorElement authnauthDescriptor = samlManager.getAuthnAuthorityDescriptor(realm, entityName);
AttributeQueryDescriptorElement attrQueryDescriptor = samlManager.getAttributeQueryDescriptor(realm, entityName);
IDPSSODescriptorElement idpssoDesc = samlManager.getIDPSSODescriptor(realm, entityName);
SPSSODescriptorElement spssoDesc = samlManager.getSPSSODescriptor(realm, entityName);
XACMLAuthzDecisionQueryDescriptorElement xacmlAuthzDescriptor = samlManager.getPolicyEnforcementPointDescriptor(realm, entityName);
XACMLPDPDescriptorElement xacmlPDPDescriptor = samlManager.getPolicyDecisionPointDescriptor(realm, entityName);
if (isDualRole(entityDescriptor)) {
baseConfigIDP = objFactory.createIDPSSOConfigElement();
baseConfigSP = objFactory.createSPSSOConfigElement();
baseConfigIDP = addAttributeType(extendedMetaIdpMap, baseConfigIDP);
baseConfigSP = addAttributeType(extendedMetaSpMap, baseConfigSP);
configList.add(baseConfigIDP);
configList.add(baseConfigSP);
} else if (role.equals(EntityModel.IDENTITY_PROVIDER) || (idpssoDesc != null)) {
baseConfigIDP = objFactory.createIDPSSOConfigElement();
baseConfigIDP = addAttributeType(extendedMetaIdpMap, baseConfigIDP);
configList.add(baseConfigIDP);
} else if (role.equals(EntityModel.SERVICE_PROVIDER) || (spssoDesc != null)) {
baseConfigSP = objFactory.createSPSSOConfigElement();
baseConfigSP = addAttributeType(extendedMetaSpMap, baseConfigSP);
configList.add(baseConfigSP);
}
if (role.equals(EntityModel.SAML_ATTRAUTHORITY) || (attrauthDescriptor != null)) {
baseConfigAuth = objFactory.createAttributeAuthorityConfigElement();
baseConfigAuth = addAttributeType(extAttrAuthMap, baseConfigAuth);
configList.add(baseConfigAuth);
}
if (role.equals(EntityModel.SAML_AUTHNAUTHORITY) || (authnauthDescriptor != null)) {
baseConfigAuth = objFactory.createAuthnAuthorityConfigElement();
baseConfigAuth = addAttributeType(extAuthnAuthMap, baseConfigAuth);
configList.add(baseConfigAuth);
}
if (role.equals(EntityModel.SAML_ATTRQUERY) || (attrQueryDescriptor != null)) {
baseConfigAuth = objFactory.createAttributeQueryConfigElement();
baseConfigAuth = addAttributeType(extattrQueryMap, baseConfigAuth);
configList.add(baseConfigAuth);
}
if (role.equals(EntityModel.POLICY_DECISION_POINT_DESCRIPTOR) || (xacmlPDPDescriptor != null)) {
baseConfigAuth = objFactory.createXACMLPDPConfigElement();
baseConfigAuth = addAttributeType(xacmlPDPExtendedMeta, baseConfigAuth);
configList.add(baseConfigAuth);
}
if (role.equals(EntityModel.POLICY_ENFORCEMENT_POINT_DESCRIPTOR) || (xacmlAuthzDescriptor != null)) {
baseConfigAuth = objFactory.createXACMLAuthzDecisionQueryConfigElement();
baseConfigAuth = addAttributeType(xacmlPEPExtendedMeta, baseConfigAuth);
configList.add(baseConfigAuth);
}
samlManager.setEntityConfig(realm, entityConfigElement);
}
use of com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method setStdAttributeQueryValues.
/**
* Saves the standard attribute values for Attribute Query.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @param attrQueryValues Map which contains standard attribute query values.
* @throws AMConsoleException if saving of attribute value fails.
*/
public void setStdAttributeQueryValues(String realm, String entityName, Map attrQueryValues) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "AttribQuery-Std" };
logEvent("ATTEMPT_MODIFY_ATTR_QUERY_ATTR_VALUES", params);
AttributeQueryDescriptorElement attrQueryDescriptor = null;
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
attrQueryDescriptor = samlManager.getAttributeQueryDescriptor(realm, entityName);
if (attrQueryDescriptor != null) {
//save nameid format
List NameIdFormatList = attrQueryDescriptor.getNameIDFormat();
if (!NameIdFormatList.isEmpty()) {
attrQueryDescriptor.getNameIDFormat().clear();
}
List listtoSave = convertSetToList((Set) attrQueryValues.get(ATTR_NAMEID_FORMAT));
Iterator itt = listtoSave.listIterator();
while (itt.hasNext()) {
String name = (String) itt.next();
attrQueryDescriptor.getNameIDFormat().add(name);
}
samlManager.setEntityDescriptor(realm, entityDescriptor);
}
logEvent("SUCCEED_MODIFY_ATTR_QUERY_ATTR_VALUES", params);
} catch (SAML2MetaException e) {
debug.warning("SAMLv2ModelImpl.setStdAttributeQueryValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "AttribQuery-Std", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ATTR_QUERY_ATTR_VALUES", paramsEx);
throw new AMConsoleException(strError);
}
}
Aggregations