Search in sources :

Example 41 with SAML2MetaException

use of com.sun.identity.saml2.meta.SAML2MetaException in project OpenAM by OpenRock.

the class ConfigureSalesForceApps method updateSPMeta.

private void updateSPMeta(String entityId, String realm, String cot, List attrMapping) throws WorkflowException {
    String extendedMeta = null;
    String localMetadata = null;
    try {
        localMetadata = METADATA.replace(ENTITY_ID_PLACEHOLDER, entityId);
        EntityDescriptorElement e = SAML2MetaUtils.getEntityDescriptorElement(localMetadata);
        String eId = e.getEntityID();
        String metaAlias = generateMetaAliasForSP(realm);
        Map map = new HashMap();
        map.put(MetaTemplateParameters.P_SP, metaAlias);
        extendedMeta = createExtendedDataTemplate(eId, false);
    } catch (SAML2MetaException ex) {
        throw new WorkflowException(ex.getMessage());
    } catch (JAXBException ex) {
        throw new WorkflowException(ex.getMessage());
    }
    String[] results = ImportSAML2MetaData.importData(realm, localMetadata, extendedMeta);
    String configuredEntityId = results[1];
    if ((cot != null) && (cot.length() > 0)) {
        try {
            AddProviderToCOT.addToCOT(realm, cot, configuredEntityId);
        } catch (COTException e) {
            throw new WorkflowException(e.getMessage());
        }
    }
    try {
        if (!attrMapping.isEmpty()) {
            SAML2MetaManager manager = new SAML2MetaManager();
            EntityConfigElement config = manager.getEntityConfig(realm, configuredEntityId);
            SPSSOConfigElement ssoConfig = manager.getSPSSOConfig(realm, configuredEntityId);
            if (ssoConfig != null) {
                ObjectFactory objFactory = new ObjectFactory();
                AttributeType avp = objFactory.createAttributeElement();
                String key = SAML2Constants.ATTRIBUTE_MAP;
                avp.setName(key);
                avp.getValue().addAll(attrMapping);
                ssoConfig.getAttribute().add(avp);
            }
            manager.setEntityConfig(realm, config);
        }
    } catch (SAML2MetaException e) {
        throw new WorkflowException(e.getMessage());
    } catch (JAXBException e) {
        throw new WorkflowException(e.getMessage());
    }
}
Also used : HashMap(java.util.HashMap) JAXBException(javax.xml.bind.JAXBException) SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) COTException(com.sun.identity.cot.COTException) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement) ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory) AttributeType(com.sun.identity.saml2.jaxb.entityconfig.AttributeType) HashMap(java.util.HashMap) Map(java.util.Map) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)

Example 42 with SAML2MetaException

use of com.sun.identity.saml2.meta.SAML2MetaException in project OpenAM by OpenRock.

the class CreateHostedIDP method execute.

/**
     * Creates hosted identity provider.
     *
     * @param locale Locale of the Request
     * @param params Map of creation parameters.
     */
public String execute(Locale locale, Map params) throws WorkflowException {
    validateParameters(params);
    String metadataFile = getString(params, ParameterKeys.P_META_DATA);
    boolean hasMetaData = (metadataFile != null) && (metadataFile.trim().length() > 0);
    String metadata = null;
    String extendedData = null;
    if (hasMetaData) {
        String extendedDataFile = getString(params, ParameterKeys.P_EXTENDED_DATA);
        metadata = getContent(metadataFile, locale);
        extendedData = getContent(extendedDataFile, locale);
    } else {
        String entityId = getString(params, ParameterKeys.P_ENTITY_ID);
        String metaAlias = generateMetaAliasForIDP(getString(params, ParameterKeys.P_REALM));
        Map map = new HashMap();
        map.put(MetaTemplateParameters.P_IDP, metaAlias);
        map.put(MetaTemplateParameters.P_IDP_E_CERT, getString(params, ParameterKeys.P_IDP_E_CERT));
        map.put(MetaTemplateParameters.P_IDP_S_CERT, getString(params, ParameterKeys.P_IDP_S_CERT));
        try {
            metadata = CreateSAML2HostedProviderTemplate.buildMetaDataTemplate(entityId, map, getRequestURL(params));
            extendedData = CreateSAML2HostedProviderTemplate.createExtendedDataTemplate(entityId, map, getRequestURL(params));
        } catch (SAML2MetaException e) {
            return e.getMessage();
        }
    }
    String[] results = ImportSAML2MetaData.importData(null, metadata, extendedData);
    String realm = results[0];
    String entityId = results[1];
    String cot = getString(params, ParameterKeys.P_COT);
    if ((cot != null) && (cot.length() > 0)) {
        try {
            AddProviderToCOT.addToCOT(realm, cot, entityId);
        } catch (COTException e) {
            throw new WorkflowException(e.getMessage());
        }
    }
    try {
        List attrMapping = getAttributeMapping(params);
        if (!attrMapping.isEmpty()) {
            SAML2MetaManager manager = new SAML2MetaManager();
            EntityConfigElement config = manager.getEntityConfig(realm, entityId);
            IDPSSOConfigElement ssoConfig = manager.getIDPSSOConfig(realm, entityId);
            Map attribConfig = SAML2MetaUtils.getAttributes(ssoConfig);
            List mappedAttributes = (List) attribConfig.get(SAML2Constants.ATTRIBUTE_MAP);
            mappedAttributes.addAll(attrMapping);
            manager.setEntityConfig(realm, config);
        }
    } catch (SAML2MetaException e) {
        throw new WorkflowException(e.getMessage());
    }
    try {
        return getMessage("idp.configured", locale) + "|||realm=" + realm + "&entityId=" + URLEncoder.encode(entityId, "UTF-8");
    } catch (UnsupportedEncodingException e) {
        throw new WorkflowException(e.getMessage());
    }
}
Also used : HashMap(java.util.HashMap) UnsupportedEncodingException(java.io.UnsupportedEncodingException) IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement) COTException(com.sun.identity.cot.COTException) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)

Example 43 with SAML2MetaException

use of com.sun.identity.saml2.meta.SAML2MetaException in project OpenAM by OpenRock.

the class CreateHostedSP method execute.

/**
     * Creates hosted service provider.
     *
     * @param locale Locale of the Request
     * @param params Map of creation parameters.
     */
public String execute(Locale locale, Map params) throws WorkflowException {
    validateParameters(params);
    String metadataFile = getString(params, ParameterKeys.P_META_DATA);
    String defAttrMappings = getString(params, ParameterKeys.P_DEF_ATTR_MAPPING);
    boolean hasMetaData = (metadataFile != null) && (metadataFile.trim().length() > 0);
    String metadata = null;
    String extendedData = null;
    if (hasMetaData) {
        String extendedDataFile = getString(params, ParameterKeys.P_EXTENDED_DATA);
        metadata = getContent(metadataFile, locale);
        extendedData = getContent(extendedDataFile, locale);
    } else {
        String entityId = getString(params, ParameterKeys.P_ENTITY_ID);
        String metaAlias = generateMetaAliasForSP(getString(params, ParameterKeys.P_REALM));
        Map map = new HashMap();
        map.put(MetaTemplateParameters.P_SP, metaAlias);
        map.put(MetaTemplateParameters.P_SP_E_CERT, getString(params, ParameterKeys.P_SP_E_CERT));
        try {
            metadata = CreateSAML2HostedProviderTemplate.buildMetaDataTemplate(entityId, map, getRequestURL(params));
            //metadata = enableSigning(metadata);
            extendedData = CreateSAML2HostedProviderTemplate.createExtendedDataTemplate(entityId, map, getRequestURL(params));
        } catch (SAML2MetaException e) {
            return e.getMessage();
        }
    }
    String[] results = ImportSAML2MetaData.importData(null, metadata, extendedData);
    String realm = results[0];
    String entityId = results[1];
    String cot = getString(params, ParameterKeys.P_COT);
    if ((cot != null) && (cot.length() > 0)) {
        try {
            AddProviderToCOT.addToCOT(realm, cot, entityId);
        } catch (COTException e) {
            throw new WorkflowException(e.getMessage());
        }
    }
    List attrMapping = null;
    if (defAttrMappings.equals("true")) {
        attrMapping = new ArrayList(1);
        attrMapping.add("*=*");
    } else {
        attrMapping = getAttributeMapping(params);
    }
    if (!attrMapping.isEmpty()) {
        try {
            SAML2MetaManager manager = new SAML2MetaManager();
            EntityConfigElement config = manager.getEntityConfig(realm, entityId);
            SPSSOConfigElement ssoConfig = manager.getSPSSOConfig(realm, entityId);
            Map attribConfig = SAML2MetaUtils.getAttributes(ssoConfig);
            List mappedAttributes = (List) attribConfig.get(SAML2Constants.ATTRIBUTE_MAP);
            mappedAttributes.addAll(attrMapping);
            manager.setEntityConfig(realm, config);
        } catch (SAML2MetaException e) {
            throw new WorkflowException(e.getMessage());
        }
    }
    return "done|||realm=" + realm;
}
Also used : HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) COTException(com.sun.identity.cot.COTException) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) List(java.util.List) ArrayList(java.util.ArrayList) Map(java.util.Map) HashMap(java.util.HashMap) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)

Example 44 with SAML2MetaException

use of com.sun.identity.saml2.meta.SAML2MetaException in project OpenAM by OpenRock.

the class CreateRemoteSP method execute.

/**
     * Creates remote service provider.
     *
     * @param locale Locale of the request.
     * @param params Map of creation parameters.
     */
@Override
public String execute(Locale locale, Map params) throws WorkflowException {
    validateParameters(params);
    String realm = getString(params, ParameterKeys.P_REALM);
    String metadataFile = getString(params, ParameterKeys.P_META_DATA);
    String metadata = getContent(metadataFile, locale);
    String extendedMeta = null;
    List attrMapping = getAttributeMapping(params);
    if (!attrMapping.isEmpty()) {
        try {
            EntityDescriptorElement e = SAML2MetaUtils.getEntityDescriptorElement(metadata);
            String eId = e.getEntityID();
            extendedMeta = createExtendedDataTemplate(eId, false);
        } catch (SAML2MetaException ex) {
            throw new WorkflowException(ex.getMessage());
        } catch (JAXBException ex) {
            throw new WorkflowException(ex.getMessage());
        }
    }
    String[] results = ImportSAML2MetaData.importData(realm, metadata, extendedMeta);
    String entityId = results[1];
    String cot = getString(params, ParameterKeys.P_COT);
    if ((cot != null) && (cot.length() > 0)) {
        try {
            AddProviderToCOT.addToCOT(realm, cot, entityId);
        } catch (COTException e) {
            throw new WorkflowException(e.getMessage());
        }
    }
    try {
        if (!attrMapping.isEmpty()) {
            SAML2MetaManager manager = new SAML2MetaManager();
            EntityConfigElement config = manager.getEntityConfig(realm, entityId);
            SPSSOConfigElement ssoConfig = manager.getSPSSOConfig(realm, entityId);
            if (ssoConfig != null) {
                ObjectFactory objFactory = new ObjectFactory();
                AttributeType avp = objFactory.createAttributeElement();
                String key = SAML2Constants.ATTRIBUTE_MAP;
                avp.setName(key);
                avp.getValue().addAll(attrMapping);
                ssoConfig.getAttribute().add(avp);
            }
            manager.setEntityConfig(realm, config);
        }
    } catch (SAML2MetaException e) {
        throw new WorkflowException(e.getMessage());
    } catch (JAXBException e) {
        throw new WorkflowException(e.getMessage());
    }
    return getMessage("sp.configured", locale);
}
Also used : JAXBException(javax.xml.bind.JAXBException) SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) COTException(com.sun.identity.cot.COTException) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement) ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory) AttributeType(com.sun.identity.saml2.jaxb.entityconfig.AttributeType) List(java.util.List) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)

Example 45 with SAML2MetaException

use of com.sun.identity.saml2.meta.SAML2MetaException in project OpenAM by OpenRock.

the class SAML2Proxy method getUrl.

private static String getUrl(HttpServletRequest request, HttpServletResponse response) throws IOException {
    if (request == null || response == null) {
        DEBUG.error("SAML2Proxy: Null request or response");
        return getUrlWithError(request, BAD_REQUEST);
    }
    try {
        SAMLUtils.checkHTTPContentLength(request);
    } catch (ServletException se) {
        DEBUG.error("SAML2Proxy: content length too large");
        return getUrlWithError(request, BAD_REQUEST);
    }
    if (FSUtils.needSetLBCookieAndRedirect(request, response, false)) {
        return getUrlWithError(request, MISSING_COOKIE);
    }
    // get entity id and orgName
    String requestURL = request.getRequestURL().toString();
    String metaAlias = SAML2MetaUtils.getMetaAliasByUri(requestURL);
    SAML2MetaManager metaManager = SAML2Utils.getSAML2MetaManager();
    String hostEntityId;
    if (metaManager == null) {
        DEBUG.error("SAML2Proxy: Unable to obtain metaManager");
        return getUrlWithError(request, MISSING_META_MANAGER);
    }
    try {
        hostEntityId = metaManager.getEntityByMetaAlias(metaAlias);
        if (hostEntityId == null) {
            throw new SAML2MetaException("Caught Instantly");
        }
    } catch (SAML2MetaException sme) {
        DEBUG.warning("SAML2Proxy: unable to find hosted entity with metaAlias: {} Exception: {}", metaAlias, sme.toString());
        return getUrlWithError(request, META_DATA_ERROR);
    }
    String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
    if (StringUtils.isEmpty(realm)) {
        realm = "/";
    }
    ResponseInfo respInfo;
    try {
        respInfo = SPACSUtils.getResponse(request, response, realm, hostEntityId, metaManager);
    } catch (SAML2Exception se) {
        DEBUG.error("SAML2Proxy: Unable to obtain SAML response", se);
        return getUrlWithError(request, SAML_GET_RESPONSE_ERROR, se.getL10NMessage(request.getLocale()));
    }
    Map smap;
    try {
        // check Response/Assertion and get back a Map of relevant data
        smap = SAML2Utils.verifyResponse(request, response, respInfo.getResponse(), realm, hostEntityId, respInfo.getProfileBinding());
    } catch (SAML2Exception se) {
        DEBUG.error("SAML2Proxy: An error occurred while verifying the SAML response", se);
        return getUrlWithError(request, SAML_VERIFY_RESPONSE_ERROR, se.getL10NMessage(request.getLocale()));
    }
    String key = generateKey();
    //survival time is one hour
    SAML2ResponseData data = new SAML2ResponseData((String) smap.get(SAML2Constants.SESSION_INDEX), (Subject) smap.get(SAML2Constants.SUBJECT), (Assertion) smap.get(SAML2Constants.POST_ASSERTION), respInfo);
    if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
        try {
            //counted in seconds
            long sessionExpireTime = System.currentTimeMillis() / 1000 + SPCache.interval;
            SAML2FailoverUtils.saveSAML2TokenWithoutSecondaryKey(key, data, sessionExpireTime);
        } catch (SAML2TokenRepositoryException e) {
            DEBUG.error("An error occurred while persisting the SAML token", e);
            return getUrlWithError(request, SAML_FAILOVER_DISABLED_ERROR);
        }
    } else {
        SAML2Store.saveTokenWithKey(key, data);
    }
    return getUrlWithKey(request, key);
}
Also used : ServletException(javax.servlet.ServletException) ResponseInfo(com.sun.identity.saml2.profile.ResponseInfo) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) Map(java.util.Map)

Aggregations

SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)138 List (java.util.List)106 SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)90 ArrayList (java.util.ArrayList)80 Iterator (java.util.Iterator)55 Map (java.util.Map)50 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)47 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)44 EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)43 HashMap (java.util.HashMap)41 SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)30 BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)29 EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)28 JAXBException (javax.xml.bind.JAXBException)28 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)26 IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)24 IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)23 Set (java.util.Set)20 IOException (java.io.IOException)15 HashSet (java.util.HashSet)15