Example 66 with SAML2MetaException
use of com.sun.identity.saml2.meta.SAML2MetaException in project OpenAM by OpenRock.
the class CreateMetaDataModelImpl method createSAMLv2Provider.
/**
* Creates a SAMLv2 provider.
*
* @param realm Realm Name.
* @param entityId Entity Id.
* @param values Map of property name to values.
*
* @throws AMConsoleException if duplicate metaAliases provided or unable to create or import metadata.
*/
public void createSAMLv2Provider(String realm, String entityId, Map values) throws AMConsoleException {
try {
// validate hosted entities to check that metaAliases are unique
List<String> metaAliases = getFederationAlias(values, MetaTemplateParameters.P_SAML_ALIASES);
Set<String> duplicateCheck = new HashSet<String>(metaAliases);
if (duplicateCheck.size() < metaAliases.size()) {
throw new AMConsoleException(getLocalizedString("federation.create.provider.duplicate.metaAlias"));
}
SAML2MetaManager mgr = new SAML2MetaManager();
mgr.validateMetaAliasForNewEntity(realm, metaAliases);
String metadata = CreateSAML2HostedProviderTemplate.buildMetaDataTemplate(entityId, values, requestURL);
String extendedData = CreateSAML2HostedProviderTemplate.createExtendedDataTemplate(entityId, values, requestURL);
ImportSAML2MetaData.importData(realm, metadata, extendedData);
} catch (WorkflowException ex) {
throw new AMConsoleException(getErrorString(ex));
} catch (SAML2MetaException ex) {
throw new AMConsoleException(getErrorString(ex));
}
}
Also used :
WorkflowException(com.sun.identity.workflow.WorkflowException)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
HashSet(java.util.HashSet)
Example 67 with SAML2MetaException
use of com.sun.identity.saml2.meta.SAML2MetaException in project OpenAM by OpenRock.
the class EntityModelImpl method isAffiliate.
/**
* Returns true if entity descriptor is an affiliate.
*
* @param protocol the Protocol to which entity belongs.
* @param realm the realm in which the entity resides.
* @param name Name of entity descriptor.
* @return true if entity descriptor is an affiliate.
*/
public boolean isAffiliate(String protocol, String realm, String name) throws AMConsoleException {
boolean isAffiliate = false;
com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType idff_ad = null;
com.sun.identity.saml2.jaxb.metadata.AffiliationDescriptorType samlv2_sd = null;
try {
if (protocol.equals(IDFF)) {
IDFFMetaManager idffManager = new IDFFMetaManager(null);
idff_ad = (com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType) idffManager.getAffiliationDescriptor(realm, name);
} else if (protocol.equals(SAMLV2)) {
SAML2MetaManager samlManager = new SAML2MetaManager();
samlv2_sd = (com.sun.identity.saml2.jaxb.metadata.AffiliationDescriptorType) samlManager.getAffiliationDescriptor(realm, name);
}
if (idff_ad != null || samlv2_sd != null) {
isAffiliate = true;
}
} catch (IDFFMetaException e) {
if (debug.warningEnabled()) {
debug.warning("EntityModelImpl.isAffiliate", e);
}
throw new AMConsoleException(getErrorString(e));
} catch (SAML2MetaException s) {
if (debug.warningEnabled()) {
debug.warning("EntityModel.isAffiliate() - " + "Couldn't get SAMLMetaManager");
}
throw new AMConsoleException(getErrorString(s));
}
return isAffiliate;
}
Also used :
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
AffiliationDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
AffiliationDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 68 with SAML2MetaException
use of com.sun.identity.saml2.meta.SAML2MetaException in project OpenAM by OpenRock.
the class EntityModelImpl method getSAMLv2Roles.
/*
* This is used to determine what 'roles' a particular entity is
* acting as. It will producs a list of role names which can then
* be used by the calling routine for whatever purpose it needs.
*/
public List getSAMLv2Roles(String entity, String realm) {
List roles = new ArrayList();
try {
SAML2MetaManager samlManager = new SAML2MetaManager();
EntityDescriptorElement d = samlManager.getEntityDescriptor(realm, entity);
if (d != null) {
// find out what role this dude is playing
if (SAML2MetaUtils.getSPSSODescriptor(d) != null) {
roles.add(SERVICE_PROVIDER);
}
if (SAML2MetaUtils.getIDPSSODescriptor(d) != null) {
roles.add(IDENTITY_PROVIDER);
}
if (SAML2MetaUtils.getPolicyDecisionPointDescriptor(d) != null) {
roles.add(POLICY_DECISION_POINT_DESCRIPTOR);
}
if (SAML2MetaUtils.getPolicyEnforcementPointDescriptor(d) != null) {
roles.add(POLICY_ENFORCEMENT_POINT_DESCRIPTOR);
}
if (SAML2MetaUtils.getAttributeAuthorityDescriptor(d) != null) {
roles.add(SAML_ATTRAUTHORITY);
}
if (SAML2MetaUtils.getAuthnAuthorityDescriptor(d) != null) {
roles.add(SAML_AUTHNAUTHORITY);
}
if (SAML2MetaUtils.getAttributeQueryDescriptor(d) != null) {
roles.add(SAML_ATTRQUERY);
}
if (samlManager.getAffiliationDescriptor(realm, entity) != null) {
roles.add(AFFILIATE);
}
}
} catch (SAML2MetaException s) {
if (debug.warningEnabled()) {
debug.warning("EntityModel.getSAMLv2Roles() - " + "Couldn't get SAMLMetaManager");
}
}
return (roles != null) ? roles : Collections.EMPTY_LIST;
}
Also used :
ArrayList(java.util.ArrayList)
ArrayList(java.util.ArrayList)
List(java.util.List)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 69 with SAML2MetaException
use of com.sun.identity.saml2.meta.SAML2MetaException in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method createExtendedObject.
/**
* Creates the extended config object when it does not exist.
* @param realm the realm to which the entity belongs.
* @param entityName is the entity id.
* @param location indicates whether hosted or remote
* @param role can be SP, IDP or SP/IDP.
* @throws SAML2MetaException, JAXBException,
* AMConsoleException if saving of attribute value fails.
*/
private void createExtendedObject(String realm, String entityName, String location, String role) throws SAML2MetaException, JAXBException, AMConsoleException {
SAML2MetaManager samlManager = getSAML2MetaManager();
EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
ObjectFactory objFactory = new ObjectFactory();
EntityConfigElement entityConfigElement = objFactory.createEntityConfigElement();
entityConfigElement.setEntityID(entityName);
if (location.equals("remote")) {
entityConfigElement.setHosted(false);
} else {
entityConfigElement.setHosted(true);
}
List configList = entityConfigElement.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
BaseConfigType baseConfigIDP = null;
BaseConfigType baseConfigSP = null;
BaseConfigType baseConfigAuth = null;
AttributeAuthorityDescriptorElement attrauthDescriptor = samlManager.getAttributeAuthorityDescriptor(realm, entityName);
AuthnAuthorityDescriptorElement authnauthDescriptor = samlManager.getAuthnAuthorityDescriptor(realm, entityName);
AttributeQueryDescriptorElement attrQueryDescriptor = samlManager.getAttributeQueryDescriptor(realm, entityName);
IDPSSODescriptorElement idpssoDesc = samlManager.getIDPSSODescriptor(realm, entityName);
SPSSODescriptorElement spssoDesc = samlManager.getSPSSODescriptor(realm, entityName);
XACMLAuthzDecisionQueryDescriptorElement xacmlAuthzDescriptor = samlManager.getPolicyEnforcementPointDescriptor(realm, entityName);
XACMLPDPDescriptorElement xacmlPDPDescriptor = samlManager.getPolicyDecisionPointDescriptor(realm, entityName);
if (isDualRole(entityDescriptor)) {
baseConfigIDP = objFactory.createIDPSSOConfigElement();
baseConfigSP = objFactory.createSPSSOConfigElement();
baseConfigIDP = addAttributeType(extendedMetaIdpMap, baseConfigIDP);
baseConfigSP = addAttributeType(extendedMetaSpMap, baseConfigSP);
configList.add(baseConfigIDP);
configList.add(baseConfigSP);
} else if (role.equals(EntityModel.IDENTITY_PROVIDER) || (idpssoDesc != null)) {
baseConfigIDP = objFactory.createIDPSSOConfigElement();
baseConfigIDP = addAttributeType(extendedMetaIdpMap, baseConfigIDP);
configList.add(baseConfigIDP);
} else if (role.equals(EntityModel.SERVICE_PROVIDER) || (spssoDesc != null)) {
baseConfigSP = objFactory.createSPSSOConfigElement();
baseConfigSP = addAttributeType(extendedMetaSpMap, baseConfigSP);
configList.add(baseConfigSP);
}
if (role.equals(EntityModel.SAML_ATTRAUTHORITY) || (attrauthDescriptor != null)) {
baseConfigAuth = objFactory.createAttributeAuthorityConfigElement();
baseConfigAuth = addAttributeType(extAttrAuthMap, baseConfigAuth);
configList.add(baseConfigAuth);
}
if (role.equals(EntityModel.SAML_AUTHNAUTHORITY) || (authnauthDescriptor != null)) {
baseConfigAuth = objFactory.createAuthnAuthorityConfigElement();
baseConfigAuth = addAttributeType(extAuthnAuthMap, baseConfigAuth);
configList.add(baseConfigAuth);
}
if (role.equals(EntityModel.SAML_ATTRQUERY) || (attrQueryDescriptor != null)) {
baseConfigAuth = objFactory.createAttributeQueryConfigElement();
baseConfigAuth = addAttributeType(extattrQueryMap, baseConfigAuth);
configList.add(baseConfigAuth);
}
if (role.equals(EntityModel.POLICY_DECISION_POINT_DESCRIPTOR) || (xacmlPDPDescriptor != null)) {
baseConfigAuth = objFactory.createXACMLPDPConfigElement();
baseConfigAuth = addAttributeType(xacmlPDPExtendedMeta, baseConfigAuth);
configList.add(baseConfigAuth);
}
if (role.equals(EntityModel.POLICY_ENFORCEMENT_POINT_DESCRIPTOR) || (xacmlAuthzDescriptor != null)) {
baseConfigAuth = objFactory.createXACMLAuthzDecisionQueryConfigElement();
baseConfigAuth = addAttributeType(xacmlPEPExtendedMeta, baseConfigAuth);
configList.add(baseConfigAuth);
}
samlManager.setEntityConfig(realm, entityConfigElement);
}
Also used :
AuthnAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
XACMLPDPDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement)
AttributeQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)
List(java.util.List)
ArrayList(java.util.ArrayList)
XACMLAuthzDecisionQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLAuthzDecisionQueryDescriptorElement)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Example 70 with SAML2MetaException
use of com.sun.identity.saml2.meta.SAML2MetaException in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method getStandardAuthnAuthorityAttributes.
/**
* Returns a map with standard AuthnAuthority attributes and values.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @return Map with AuthnAuthority values.
* @throws AMConsoleException if unable to retrieve std AuthnAuthority
* values based on the realm and entityName passed.
*/
public Map getStandardAuthnAuthorityAttributes(String realm, String entityName) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "AuthnAuthority-Std" };
logEvent("ATTEMPT_GET_AUTHN_AUTH_ATTR_VALUES", params);
Map map = new HashMap();
AuthnAuthorityDescriptorElement authnauthDescriptor = null;
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
authnauthDescriptor = samlManager.getAuthnAuthorityDescriptor(realm, entityName);
if (authnauthDescriptor != null) {
map.put(AUTHN_QUERY_SERVICE, Collections.EMPTY_SET);
List authQueryServiceList = authnauthDescriptor.getAuthnQueryService();
if (!authQueryServiceList.isEmpty()) {
AuthnQueryServiceElement key = (AuthnQueryServiceElement) authQueryServiceList.get(0);
map.put(AUTHN_QUERY_SERVICE, returnEmptySetIfValueIsNull(key.getLocation()));
}
map.put(ASSERTION_ID_SAOP_LOC, Collections.EMPTY_SET);
map.put(ASSERTION_ID_URI_LOC, Collections.EMPTY_SET);
List assertionIDReqList = authnauthDescriptor.getAssertionIDRequestService();
for (int i = 0; i < assertionIDReqList.size(); i++) {
AssertionIDRequestServiceElement elem1 = (AssertionIDRequestServiceElement) assertionIDReqList.get(i);
if (elem1.getBinding().contains("SOAP")) {
map.put(ASSERTION_ID_SAOP_LOC, returnEmptySetIfValueIsNull(elem1.getLocation()));
} else if (elem1.getBinding().contains("URI")) {
map.put(ASSERTION_ID_URI_LOC, returnEmptySetIfValueIsNull(elem1.getLocation()));
}
}
}
logEvent("SUCCEED_GET_AUTHN_AUTH_ATTR_VALUES", params);
} catch (SAML2MetaException e) {
debug.warning("SAMLv2ModelImpl.getStandardAuthnAuthorityAttributes:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "AuthnAuthority-Std", strError };
logEvent("FEDERATION_EXCEPTION_GET_AUTHN_AUTH_ATTR_VALUES", paramsEx);
throw new AMConsoleException(strError);
}
return map;
}
Also used :
AuthnAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement)
AssertionIDRequestServiceElement(com.sun.identity.saml2.jaxb.metadata.AssertionIDRequestServiceElement)
HashMap(java.util.HashMap)
List(java.util.List)
ArrayList(java.util.ArrayList)
AuthnQueryServiceElement(com.sun.identity.saml2.jaxb.metadata.AuthnQueryServiceElement)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Map(java.util.Map)
HashMap(java.util.HashMap)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Aggregations
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)138
List (java.util.List)106
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)90
ArrayList (java.util.ArrayList)80
Iterator (java.util.Iterator)55
Map (java.util.Map)50
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)47
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)44
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)43
HashMap (java.util.HashMap)41
SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)30
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)29
EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)28
JAXBException (javax.xml.bind.JAXBException)28
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)26
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)24
IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)23
Set (java.util.Set)20
IOException (java.io.IOException)15
HashSet (java.util.HashSet)15
