Example 6 with SAML2MetaException
use of com.sun.identity.saml2.meta.SAML2MetaException in project OpenAM by OpenRock.
the class SAML2COTUtils method updateEntityConfig.
/**
* Updates the entity config to add the circle of turst name to the
* <code>cotlist</code> attribute. The Service Provider and Identity
* Provider Configuration are updated.
*
* @param realm the realm name where the entity configuration is.
* @param name the circle of trust name.
* @param entityId the name of the Entity identifier.
* @throws SAML2MetaException if there is a configuration error when
* updating the configuration.
* @throws JAXBException is there is an error updating the entity
* configuration.
*/
public void updateEntityConfig(String realm, String name, String entityId) throws SAML2MetaException, JAXBException {
String classMethod = "SAML2COTUtils.updateEntityConfig: ";
SAML2MetaManager metaManager = null;
if (callerSession == null) {
metaManager = new SAML2MetaManager();
} else {
metaManager = new SAML2MetaManager(callerSession);
}
ObjectFactory objFactory = new ObjectFactory();
// Check whether the entity id existed in the DS
EntityDescriptorElement edes = metaManager.getEntityDescriptor(realm, entityId);
if (edes == null) {
debug.error(classMethod + "No such entity: " + entityId);
String[] data = { realm, entityId };
throw new SAML2MetaException("entityid_invalid", data);
}
boolean isAffiliation = false;
if (metaManager.getAffiliationDescriptor(realm, entityId) != null) {
isAffiliation = true;
}
if (debug.messageEnabled()) {
debug.message(classMethod + "is " + entityId + " in realm " + realm + " an affiliation? " + isAffiliation);
}
EntityConfigElement eConfig = metaManager.getEntityConfig(realm, entityId);
if (eConfig == null) {
BaseConfigType bctype = null;
AttributeType atype = objFactory.createAttributeType();
atype.setName(SAML2Constants.COT_LIST);
atype.getValue().add(name);
// add to eConfig
EntityConfigElement ele = objFactory.createEntityConfigElement();
ele.setEntityID(entityId);
ele.setHosted(false);
if (isAffiliation) {
// handle affiliation case
bctype = objFactory.createAffiliationConfigElement();
bctype.getAttribute().add(atype);
ele.setAffiliationConfig(bctype);
} else {
List ll = ele.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
// Decide which role EntityDescriptorElement includes
List list = edes.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
for (Iterator iter = list.iterator(); iter.hasNext(); ) {
Object obj = iter.next();
if (obj instanceof SPSSODescriptorElement) {
bctype = objFactory.createSPSSOConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof IDPSSODescriptorElement) {
bctype = objFactory.createIDPSSOConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof XACMLPDPDescriptorElement) {
bctype = objFactory.createXACMLPDPConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof XACMLAuthzDecisionQueryDescriptorElement) {
bctype = objFactory.createXACMLAuthzDecisionQueryConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof AttributeAuthorityDescriptorElement) {
bctype = objFactory.createAttributeAuthorityConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof AttributeQueryDescriptorElement) {
bctype = objFactory.createAttributeQueryConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
} else if (obj instanceof AuthnAuthorityDescriptorElement) {
bctype = objFactory.createAuthnAuthorityConfigElement();
bctype.getAttribute().add(atype);
ll.add(bctype);
}
}
}
metaManager.setEntityConfig(realm, ele);
} else {
boolean needToSave = true;
List elist = null;
if (isAffiliation) {
AffiliationConfigElement affiliationCfgElm = metaManager.getAffiliationConfig(realm, entityId);
elist = new ArrayList();
elist.add(affiliationCfgElm);
} else {
elist = eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
}
for (Iterator iter = elist.iterator(); iter.hasNext(); ) {
boolean foundCOT = false;
BaseConfigType bConfig = (BaseConfigType) iter.next();
List list = bConfig.getAttribute();
for (Iterator iter2 = list.iterator(); iter2.hasNext(); ) {
AttributeType avp = (AttributeType) iter2.next();
if (avp.getName().trim().equalsIgnoreCase(SAML2Constants.COT_LIST)) {
foundCOT = true;
List avpl = avp.getValue();
if (avpl.isEmpty() || !containsValue(avpl, name)) {
avpl.add(name);
needToSave = true;
break;
}
}
}
// no cot_list in the original entity config
if (!foundCOT) {
AttributeType atype = objFactory.createAttributeType();
atype.setName(SAML2Constants.COT_LIST);
atype.getValue().add(name);
list.add(atype);
needToSave = true;
}
}
if (needToSave) {
metaManager.setEntityConfig(realm, eConfig);
}
}
}
Also used :
AuthnAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
XACMLPDPDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
ArrayList(java.util.ArrayList)
AttributeQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
AffiliationConfigElement(com.sun.identity.saml2.jaxb.entityconfig.AffiliationConfigElement)
ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)
AttributeType(com.sun.identity.saml2.jaxb.entityconfig.AttributeType)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
XACMLAuthzDecisionQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLAuthzDecisionQueryDescriptorElement)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Example 7 with SAML2MetaException
use of com.sun.identity.saml2.meta.SAML2MetaException in project OpenAM by OpenRock.
the class SAML2MetaManager method getAllHostedEntities.
/**
* Returns all hosted entities under the realm.
* @param realm The realm under which the hosted entities reside.
* @return a <code>List</code> of entity ID <code>String</code>.
* @throws SAML2MetaException if unable to retrieve the entity ids.
*/
public List getAllHostedEntities(String realm) throws SAML2MetaException {
List hostedEntityIds = new ArrayList();
try {
Set entityIds = configInst.getAllConfigurationNames(realm);
if (entityIds != null && !entityIds.isEmpty()) {
for (Iterator iter = entityIds.iterator(); iter.hasNext(); ) {
String entityId = (String) iter.next();
EntityConfigElement config = getEntityConfig(realm, entityId);
if (config != null && config.isHosted()) {
hostedEntityIds.add(entityId);
}
}
}
} catch (ConfigurationException e) {
debug.error("SAML2MetaManager.getAllHostedEntities:", e);
String[] data = { e.getMessage(), realm };
LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_GET_ALL_HOSTED_ENTITIES, data, null);
throw new SAML2MetaException(e);
}
String[] objs = { realm };
LogUtil.access(Level.FINE, LogUtil.GOT_ALL_HOSTED_ENTITIES, objs, null);
return hostedEntityIds;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
ConfigurationException(com.sun.identity.plugin.configuration.ConfigurationException)
ArrayList(java.util.ArrayList)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
Example 8 with SAML2MetaException
use of com.sun.identity.saml2.meta.SAML2MetaException in project OpenAM by OpenRock.
the class SAML2MetaManager method createEntity.
/**
* Creates the standard and extended metadata under the realm.
* @param realm The realm under which the entity descriptor will be
* created.
* @param descriptor The standard entity descriptor object to be created.
* @param config The extended entity config object to be created.
* @throws SAML2MetaException if unable to create the entity.
*/
public void createEntity(String realm, EntityDescriptorElement descriptor, EntityConfigElement config) throws SAML2MetaException {
debug.message("SAML2MetaManager.createEntity: called.");
if ((descriptor == null) && (config == null)) {
debug.error("SAML2metaManager.createEntity: no meta to import.");
return;
}
String entityId = null;
if (descriptor != null) {
entityId = descriptor.getEntityID();
} else {
entityId = config.getEntityID();
}
if (realm == null) {
realm = "/";
}
if (entityId == null) {
debug.error("SAML2MetaManager.createEntity: entity ID is null");
String[] data = { realm };
LogUtil.error(Level.INFO, LogUtil.NO_ENTITY_ID_CREATE_ENTITY_DESCRIPTOR, data, null);
throw new SAML2MetaException("empty_entityid", null);
}
if (debug.messageEnabled()) {
debug.message("SAML2MetaManager.createEntity: realm=" + realm + ", entityId=" + entityId);
}
String[] objs = { entityId, realm };
try {
EntityDescriptorElement oldDescriptor = null;
EntityConfigElement oldConfig = null;
boolean isCreate = true;
Map newAttrs = null;
Map oldAttrs = configInst.getConfiguration(realm, entityId);
if (oldAttrs != null) {
// get the entity descriptor if any
Set values = (Set) oldAttrs.get(ATTR_METADATA);
if ((values != null) && !values.isEmpty()) {
String value = (String) values.iterator().next();
Object obj = SAML2MetaUtils.convertStringToJAXB(value);
if (obj instanceof EntityDescriptorElement) {
oldDescriptor = (EntityDescriptorElement) obj;
if (debug.messageEnabled()) {
debug.message("SAML2MetaManager.createEntity: " + "got descriptor from SMS " + entityId);
}
}
}
// get the entity config if any
values = (Set) oldAttrs.get(ATTR_ENTITY_CONFIG);
if ((values != null) && !values.isEmpty()) {
String value = (String) values.iterator().next();
Object obj = SAML2MetaUtils.convertStringToJAXB(value);
if (obj instanceof EntityConfigElement) {
oldConfig = (EntityConfigElement) obj;
if (debug.messageEnabled()) {
debug.message("SAML2MetaManager.createEntity: " + "got entity config from SMS " + entityId);
}
}
}
}
if (oldDescriptor != null) {
if (descriptor != null) {
List currentRoles = oldDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
Set currentRolesTypes = getEntityRolesTypes(currentRoles);
List newRoles = descriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
for (Iterator i = newRoles.iterator(); i.hasNext(); ) {
Object role = i.next();
if (currentRolesTypes.contains(role.getClass().getName())) {
debug.error("SAML2MetaManager.createEntity: current" + " descriptor contains role " + role.getClass().getName() + " already");
String[] data = { entityId, realm };
LogUtil.error(Level.INFO, LogUtil.SET_ENTITY_DESCRIPTOR, data, null);
String[] param = { entityId };
throw new SAML2MetaException("role_already_exists", param);
}
currentRoles.add(role);
}
Map attrs = SAML2MetaUtils.convertJAXBToAttrMap(ATTR_METADATA, oldDescriptor);
oldAttrs.put(ATTR_METADATA, attrs.get(ATTR_METADATA));
isCreate = false;
}
} else {
if (descriptor != null) {
newAttrs = SAML2MetaUtils.convertJAXBToAttrMap(ATTR_METADATA, descriptor);
}
}
if (config != null) {
if ((oldDescriptor == null) && (descriptor == null)) {
debug.error("SAML2MetaManager.createEntity: entity " + "descriptor is null: " + entityId);
LogUtil.error(Level.INFO, LogUtil.NO_ENTITY_DESCRIPTOR_CREATE_ENTITY_CONFIG, objs, null);
throw new SAML2MetaException("entity_descriptor_not_exist", objs);
}
if (oldConfig != null) {
List currentRoles = oldConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
Set currentRolesTypes = getEntityRolesTypes(currentRoles);
List newRoles = config.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
for (Iterator i = newRoles.iterator(); i.hasNext(); ) {
Object role = i.next();
if (currentRolesTypes.contains(role.getClass().getName())) {
debug.error("SAML2MetaManager.createEntity: current" + " entity config contains role " + role.getClass().getName() + " already");
String[] data = { entityId, realm };
LogUtil.error(Level.INFO, LogUtil.SET_ENTITY_CONFIG, data, null);
String[] param = { entityId };
throw new SAML2MetaException("role_already_exists", param);
}
currentRoles.add(role);
}
Map attrs = SAML2MetaUtils.convertJAXBToAttrMap(ATTR_ENTITY_CONFIG, oldConfig);
oldAttrs.put(ATTR_ENTITY_CONFIG, attrs.get(ATTR_ENTITY_CONFIG));
isCreate = false;
} else {
Map attrs = SAML2MetaUtils.convertJAXBToAttrMap(ATTR_ENTITY_CONFIG, config);
if (oldAttrs != null) {
oldAttrs.put(ATTR_ENTITY_CONFIG, attrs.get(ATTR_ENTITY_CONFIG));
isCreate = false;
} else if (newAttrs != null) {
newAttrs.put(ATTR_ENTITY_CONFIG, attrs.get(ATTR_ENTITY_CONFIG));
}
}
}
if (isCreate) {
configInst.createConfiguration(realm, entityId, newAttrs);
if (descriptor != null) {
SAML2MetaCache.putEntityDescriptor(realm, entityId, descriptor);
LogUtil.access(Level.INFO, LogUtil.ENTITY_DESCRIPTOR_CREATED, objs, null);
} else if (config != null) {
LogUtil.access(Level.INFO, LogUtil.ENTITY_CONFIG_CREATED, objs, null);
}
// Add the entity to cot
if (config != null) {
SAML2MetaCache.putEntityConfig(realm, entityId, config);
addToCircleOfTrust(realm, entityId, config);
}
} else {
configInst.setConfiguration(realm, entityId, oldAttrs);
if (descriptor != null) {
LogUtil.access(Level.INFO, LogUtil.SET_ENTITY_DESCRIPTOR, objs, null);
SAML2MetaCache.putEntityDescriptor(realm, entityId, oldDescriptor);
} else if (config != null) {
LogUtil.access(Level.INFO, LogUtil.SET_ENTITY_CONFIG, objs, null);
}
if (oldConfig != null) {
SAML2MetaCache.putEntityConfig(realm, entityId, oldConfig);
} else if (config != null) {
SAML2MetaCache.putEntityConfig(realm, entityId, config);
addToCircleOfTrust(realm, entityId, config);
}
}
} catch (ConfigurationException e) {
debug.error("SAML2MetaManager.createEntity:", e);
String[] data = { e.getMessage(), entityId, realm };
LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_CREATE_ENTITY_DESCRIPTOR, data, null);
throw new SAML2MetaException(e);
} catch (JAXBException jaxbe) {
debug.error("SAML2MetaManager.createEntity:", jaxbe);
LogUtil.error(Level.INFO, LogUtil.CREATE_INVALID_ENTITY_DESCRIPTOR, objs, null);
throw new SAML2MetaException("invalid_descriptor", objs);
}
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
JAXBException(javax.xml.bind.JAXBException)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
ConfigurationException(com.sun.identity.plugin.configuration.ConfigurationException)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
Map(java.util.Map)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
Example 9 with SAML2MetaException
use of com.sun.identity.saml2.meta.SAML2MetaException in project OpenAM by OpenRock.
the class SAML2MetaManager method getAllHostedMetaAliasesByRealm.
/**
* Returns all the hosted entity metaAliases for a realm.
*
* @param realm The given realm.
* @return all the hosted entity metaAliases for a realm or an empty arrayList if not found.
* @throws SAML2MetaException if unable to retrieve the entity ids.
*/
public List<String> getAllHostedMetaAliasesByRealm(String realm) throws SAML2MetaException {
List<String> metaAliases = new ArrayList<String>();
try {
Set<String> entityIds = configInst.getAllConfigurationNames(realm);
if (entityIds == null || entityIds.isEmpty()) {
return metaAliases;
}
for (String entityId : entityIds) {
EntityConfigElement config = getEntityConfig(realm, entityId);
if (config == null || !config.isHosted()) {
continue;
}
List<BaseConfigType> configList = config.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
for (BaseConfigType bConfigType : configList) {
String curMetaAlias = bConfigType.getMetaAlias();
if (curMetaAlias != null && !curMetaAlias.isEmpty()) {
metaAliases.add(curMetaAlias);
}
}
}
} catch (ConfigurationException e) {
debug.error("SAML2MetaManager.getAllHostedMetaAliasesByRealm:", e);
throw new SAML2MetaException(e);
}
return metaAliases;
}
Also used :
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
ConfigurationException(com.sun.identity.plugin.configuration.ConfigurationException)
ArrayList(java.util.ArrayList)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
Example 10 with SAML2MetaException
use of com.sun.identity.saml2.meta.SAML2MetaException in project OpenAM by OpenRock.
the class SAML2MetaManager method getAllHostedIdentityProviderMetaAliases.
/**
* Returns metaAliases of all hosted identity providers under the realm.
* @param realm The realm under which the identity provider metaAliases
* reside.
* @return a <code>List</code> of metaAliases <code>String</code>.
* @throws SAML2MetaException if unable to retrieve meta aliases.
*/
public List getAllHostedIdentityProviderMetaAliases(String realm) throws SAML2MetaException {
List metaAliases = new ArrayList();
IDPSSOConfigElement idpConfig = null;
List hostedEntityIds = getAllHostedIdentityProviderEntities(realm);
for (Iterator iter = hostedEntityIds.iterator(); iter.hasNext(); ) {
String entityId = (String) iter.next();
if ((idpConfig = getIDPSSOConfig(realm, entityId)) != null) {
metaAliases.add(idpConfig.getMetaAlias());
}
}
return metaAliases;
}
Also used :
ArrayList(java.util.ArrayList)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
Aggregations
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)138
List (java.util.List)106
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)90
ArrayList (java.util.ArrayList)80
Iterator (java.util.Iterator)55
Map (java.util.Map)50
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)47
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)44
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)43
HashMap (java.util.HashMap)41
SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)30
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)29
EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)28
JAXBException (javax.xml.bind.JAXBException)28
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)26
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)24
IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)23
Set (java.util.Set)20
IOException (java.io.IOException)15
HashSet (java.util.HashSet)15
