use of com.sun.identity.saml2.jaxb.xmlsig in project OpenAM by OpenRock.
the class UpdateMetadataKeyInfo method handleSAML2Request.
private void handleSAML2Request(RequestContext rc) throws CLIException {
try {
SAML2MetaManager metaManager = new SAML2MetaManager(ssoToken);
com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement descriptor = metaManager.getEntityDescriptor(realm, entityID);
if (descriptor == null) {
Object[] objs2 = { entityID, realm };
throw new CLIException(MessageFormat.format(getResourceString("update-meta-keyinfo-exception-entity-not-exist"), objs2), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
if (!isEmpty(spSigningAliases)) {
if (NULL_ALIAS.equals(getFirstItem(spSigningAliases))) {
SAML2MetaSecurityUtils.updateProviderKeyInfo(realm, entityID, null, true, false, null, 0);
} else {
SAML2MetaSecurityUtils.updateProviderKeyInfo(realm, entityID, new LinkedHashSet<>(spSigningAliases), true, false, null, 0);
}
}
if (!isEmpty(idpSigningAliases)) {
if (NULL_ALIAS.equals(getFirstItem(idpSigningAliases))) {
SAML2MetaSecurityUtils.updateProviderKeyInfo(realm, entityID, null, true, true, null, 0);
} else {
SAML2MetaSecurityUtils.updateProviderKeyInfo(realm, entityID, new LinkedHashSet<>(idpSigningAliases), true, true, null, 0);
}
}
if (!isEmpty(spEncryptionAliases)) {
if (NULL_ALIAS.equals(getFirstItem(spEncryptionAliases))) {
SAML2MetaSecurityUtils.updateProviderKeyInfo(realm, entityID, null, false, false, XMLCipher.AES_128, 128);
} else {
SAML2MetaSecurityUtils.updateProviderKeyInfo(realm, entityID, new LinkedHashSet<>(spEncryptionAliases), false, false, XMLCipher.AES_128, 128);
}
}
if (!isEmpty(idpEncryptionAliases)) {
if (NULL_ALIAS.equals(getFirstItem(idpEncryptionAliases))) {
SAML2MetaSecurityUtils.updateProviderKeyInfo(realm, entityID, null, false, true, XMLCipher.AES_128, 128);
} else {
SAML2MetaSecurityUtils.updateProviderKeyInfo(realm, entityID, new LinkedHashSet<>(idpEncryptionAliases), false, true, XMLCipher.AES_128, 128);
}
}
Object[] objs = { entityID };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("update-keyinfo-succeeded"), objs));
} catch (SAML2Exception e) {
SAML2MetaUtils.debug.error("UpdateMetaKey.handleSAML2Request", e);
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
use of com.sun.identity.saml2.jaxb.xmlsig in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method savesoapMni.
/**
* Saves the Soap ManageNameID Service.
*
* @param mnisoapLocation is the location url.
* @param manageNameIdList the live list to be updated.
* @param objFact the Object Factory class.
* @throws JAXBException if save fails.
*/
private void savesoapMni(String mnisoapLocation, List manageNameIdList, com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact) throws JAXBException {
if (mnisoapLocation != null && mnisoapLocation.length() > 0) {
ManageNameIDServiceElement slsElemSoap = objFact.createManageNameIDServiceElement();
slsElemSoap.setBinding(soapBinding);
slsElemSoap.setLocation(mnisoapLocation);
manageNameIdList.add(slsElemSoap);
}
}
use of com.sun.identity.saml2.jaxb.xmlsig in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method savesoapLogout.
/**
* Saves the Soap Single Logout Service.
*
* @param losoapLocation is the location url.
* @param logList the live list to be updated.
* @param objFact the Object Factory class.
* @throws JAXBException if save fails.
*/
private void savesoapLogout(String losoapLocation, List logList, com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact) throws JAXBException {
if (losoapLocation != null && losoapLocation.length() > 0) {
SingleLogoutServiceElement slsElemSoap = objFact.createSingleLogoutServiceElement();
slsElemSoap.setBinding(soapBinding);
slsElemSoap.setLocation(losoapLocation);
logList.add(slsElemSoap);
}
}
use of com.sun.identity.saml2.jaxb.xmlsig in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method savehttpRedMni.
/**
* Saves the Http-Redirect ManageNameID Service.
*
* @param mnihttpLocation is the location url.
* @param mnihttpRespLocation is the response location url.
* @param manageNameIdList the live list to be updated.
* @param objFact the Object Factory class.
* @throws JAXBException if save fails.
*/
private void savehttpRedMni(String mnihttpLocation, String mnihttpRespLocation, List manageNameIdList, com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact) throws JAXBException {
if (mnihttpLocation != null && mnihttpLocation.length() > 0) {
ManageNameIDServiceElement slsElemRed = objFact.createManageNameIDServiceElement();
slsElemRed.setBinding(httpRedirectBinding);
slsElemRed.setLocation(mnihttpLocation);
slsElemRed.setResponseLocation(mnihttpRespLocation);
manageNameIdList.add(slsElemRed);
}
}
use of com.sun.identity.saml2.jaxb.xmlsig in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method setSPStdAttributeValues.
/**
* Saves the standard attribute values for the Service Provider.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @param spStdValues Map which contains the standard attribute values.
* @param assertionConsumer List with assertion consumer service values.
* @throws AMConsoleException if saving of attribute value fails.
*/
public void setSPStdAttributeValues(String realm, String entityName, Map spStdValues, List assertionConsumer) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "SP-Standard" };
logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
SPSSODescriptorElement spssoDescriptor = null;
com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact = new com.sun.identity.saml2.jaxb.metadata.ObjectFactory();
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
spssoDescriptor = samlManager.getSPSSODescriptor(realm, entityName);
if (spssoDescriptor != null) {
// save for Single Logout Service - Http-Redirect
if (spStdValues.keySet().contains(SP_SINGLE_LOGOUT_HTTP_LOCATION)) {
String lohttpLocation = getResult(spStdValues, SP_SINGLE_LOGOUT_HTTP_LOCATION);
String lohttpRespLocation = getResult(spStdValues, SP_SINGLE_LOGOUT_HTTP_RESP_LOCATION);
String lopostLocation = getResult(spStdValues, SP_SLO_POST_LOC);
String lopostRespLocation = getResult(spStdValues, SP_SLO_POST_RESPLOC);
String losoapLocation = getResult(spStdValues, SP_SINGLE_LOGOUT_SOAP_LOCATION);
String priority = getResult(spStdValues, SP_LOGOUT_DEFAULT);
if (priority.contains("none")) {
if (lohttpLocation != null) {
priority = httpRedirectBinding;
} else if (lopostLocation != null) {
priority = httpPostBinding;
} else if (losoapLocation != null) {
priority = soapBinding;
}
}
List logList = spssoDescriptor.getSingleLogoutService();
if (!logList.isEmpty()) {
logList.clear();
}
if (priority != null && priority.contains("HTTP-Redirect")) {
savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
savepostLogout(lopostLocation, lopostRespLocation, logList, objFact);
savesoapLogout(losoapLocation, logList, objFact);
} else if (priority != null && priority.contains("HTTP-POST")) {
savepostLogout(lopostLocation, lopostRespLocation, logList, objFact);
savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
savesoapLogout(losoapLocation, logList, objFact);
} else if (priority != null && priority.contains("SOAP")) {
savesoapLogout(losoapLocation, logList, objFact);
savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
savepostLogout(lopostLocation, lopostRespLocation, logList, objFact);
}
}
// save for Manage Name ID Service
if (spStdValues.keySet().contains(SP_MANAGE_NAMEID_HTTP_LOCATION)) {
String mnihttpLocation = getResult(spStdValues, SP_MANAGE_NAMEID_HTTP_LOCATION);
String mnihttpRespLocation = getResult(spStdValues, SP_MANAGE_NAMEID_HTTP_RESP_LOCATION);
String mnipostLocation = getResult(spStdValues, SP_MNI_POST_LOC);
String mnipostRespLocation = getResult(spStdValues, SP_MNI_POST_RESPLOC);
String mnisoapLocation = getResult(spStdValues, SP_MANAGE_NAMEID_SOAP_LOCATION);
String mnisoapResLocation = getResult(spStdValues, SP_MANAGE_NAMEID_SOAP_RESP_LOCATION);
String priority = getResult(spStdValues, SP_MNI_DEFAULT);
if (priority.contains("none")) {
if (mnihttpLocation != null) {
priority = httpRedirectBinding;
} else if (mnipostLocation != null) {
priority = httpPostBinding;
} else if (mnisoapLocation != null) {
priority = soapBinding;
}
}
List manageNameIdList = spssoDescriptor.getManageNameIDService();
if (!manageNameIdList.isEmpty()) {
manageNameIdList.clear();
}
if (priority != null && priority.contains("HTTP-Redirect")) {
savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
saveSPsoapMni(mnisoapLocation, mnisoapResLocation, manageNameIdList, objFact);
} else if (priority != null && priority.contains("HTTP-POST")) {
savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
saveSPsoapMni(mnisoapLocation, mnisoapResLocation, manageNameIdList, objFact);
} else if (priority != null && priority.contains("SOAP")) {
saveSPsoapMni(mnisoapLocation, mnisoapResLocation, manageNameIdList, objFact);
savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
}
}
//save for artifact, post and paos Assertion Consumer Service
if (!assertionConsumer.isEmpty() && assertionConsumer.size() > 0) {
List asconsServiceList = spssoDescriptor.getAssertionConsumerService();
if (!asconsServiceList.isEmpty()) {
asconsServiceList.clear();
}
asconsServiceList.addAll(assertionConsumer);
}
//save nameid format
if (spStdValues.keySet().contains(NAMEID_FORMAT)) {
saveNameIdFormat(spssoDescriptor, spStdValues);
}
//save AuthnRequestsSigned
if (spStdValues.keySet().contains(IS_AUTHN_REQ_SIGNED)) {
boolean authnValue = setToBoolean(spStdValues, IS_AUTHN_REQ_SIGNED);
spssoDescriptor.setAuthnRequestsSigned(authnValue);
}
//save WantAssertionsSigned
if (spStdValues.keySet().contains(WANT_ASSERTIONS_SIGNED)) {
boolean assertValue = setToBoolean(spStdValues, WANT_ASSERTIONS_SIGNED);
spssoDescriptor.setWantAssertionsSigned(assertValue);
}
samlManager.setEntityDescriptor(realm, entityDescriptor);
}
logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
} catch (SAML2MetaException e) {
debug.warning("SAMLv2ModelImpl.setSPStdAttributeValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "SP-Standard", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(strError);
} catch (JAXBException e) {
debug.error("SAMLv2ModelImpl.setSPStdAttributeValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "SP-Standard", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
}
}
Aggregations