Example 71 with SAML2MetaManager
use of com.sun.identity.saml2.meta.SAML2MetaManager in project OpenAM by OpenRock.
the class Task method generateMetaAliasForSP.
static String generateMetaAliasForSP(String realm) throws WorkflowException {
try {
Set metaAliases = new HashSet();
SAML2MetaManager mgr = new SAML2MetaManager();
metaAliases.addAll(mgr.getAllHostedIdentityProviderMetaAliases(realm));
metaAliases.addAll(mgr.getAllHostedServiceProviderMetaAliases(realm));
String metaAliasBase = (realm.equals("/")) ? "/sp" : realm + "/sp";
String metaAlias = metaAliasBase;
int counter = 1;
while (metaAliases.contains(metaAlias)) {
metaAlias = metaAliasBase + Integer.toString(counter);
counter++;
}
return metaAlias;
} catch (SAML2MetaException e) {
throw new WorkflowException(e.getMessage());
}
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
HashSet(java.util.HashSet)
Example 72 with SAML2MetaManager
use of com.sun.identity.saml2.meta.SAML2MetaManager in project OpenAM by OpenRock.
the class ValidateSAML2 method validateSP.
private void validateSP() throws WorkflowException {
try {
SAML2MetaManager mm = SAML2Utils.getSAML2MetaManager();
SPSSODescriptorElement elt = mm.getSPSSODescriptor(realm, spEntityId);
if (elt == null) {
Object[] param = { spEntityId };
throw new WorkflowException("cannot.locate.sp", param);
}
if (spMetaAlias != null) {
SPSSOConfigElement spConfig = mm.getSPSSOConfig(realm, spEntityId);
if (spConfig == null) {
Object[] param = { spEntityId };
throw new WorkflowException("cannot.locate.sp", param);
} else {
if (!spConfig.getMetaAlias().equals(spMetaAlias)) {
Object[] param = { spEntityId };
throw new WorkflowException("cannot.locate.sp", param);
}
}
}
List sloServiceList = elt.getSingleLogoutService();
spBaseURL = getSPBaseURL(sloServiceList);
if (spBaseURL == null) {
bFedlet = true;
} else {
validateURL(spBaseURL);
}
} catch (SAML2MetaException ex) {
debug.error("ValidateSAML2: Error while validating SP", ex);
Object[] param = { spEntityId };
throw new WorkflowException("cannot.locate.sp", param);
}
}
Also used :
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
List(java.util.List)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 73 with SAML2MetaManager
use of com.sun.identity.saml2.meta.SAML2MetaManager in project OpenAM by OpenRock.
the class ValidateSAML2 method validateIDP.
private void validateIDP() throws WorkflowException {
try {
SAML2MetaManager mm = SAML2Utils.getSAML2MetaManager();
IDPSSODescriptorElement elt = mm.getIDPSSODescriptor(realm, idpEntityId);
if (elt == null) {
Object[] param = { idpEntityId };
throw new WorkflowException("cannot.locate.idp", param);
}
if (idpMetaAlias != null) {
IDPSSOConfigElement idpConfig = mm.getIDPSSOConfig(realm, idpEntityId);
if (idpConfig == null) {
Object[] param = { idpEntityId };
throw new WorkflowException("cannot.locate.idp", param);
} else {
if (!idpConfig.getMetaAlias().equals(idpMetaAlias)) {
Object[] param = { idpEntityId };
throw new WorkflowException("cannot.locate.idp", param);
}
}
}
List ssoServiceList = elt.getSingleSignOnService();
idpBaseURL = getIDPBaseURL(ssoServiceList);
if (idpBaseURL == null) {
Object[] param = { idpEntityId };
throw new WorkflowException("cannot.locate.idp.loginURL", param);
}
validateURL(idpBaseURL);
} catch (SAML2MetaException ex) {
debug.error("ValidateSAML2: Error while validating IdP", ex);
Object[] param = { idpEntityId };
throw new WorkflowException("cannot.locate.idp", param);
}
}
Also used :
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
List(java.util.List)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Example 74 with SAML2MetaManager
use of com.sun.identity.saml2.meta.SAML2MetaManager in project OpenAM by OpenRock.
the class SAML2COTUtils method removeFromEntityConfig.
/**
* Removes the circle trust name passed from the <code>cotlist</code>
* attribute in the Entity Config. The Service Provider and Identity
* Provider Entity Configuration are updated.
*
* @param name the circle of trust name to be removed.
* @param entityId the entity identifier of the provider.
* @throws SAML2MetaException if there is an error updating the entity
* config.
* @throws JAXBException if there is an error updating the entity config.
*/
public void removeFromEntityConfig(String realm, String name, String entityId) throws SAML2MetaException, JAXBException {
String classMethod = "SAML2COTUtils.removeFromEntityConfig: ";
SAML2MetaManager metaManager = null;
if (callerSession == null) {
metaManager = new SAML2MetaManager();
} else {
metaManager = new SAML2MetaManager(callerSession);
}
// Check whether the entity id existed in the DS
EntityDescriptorElement edes = metaManager.getEntityDescriptor(realm, entityId);
if (edes == null) {
debug.error(classMethod + "No such entity: " + entityId);
String[] data = { realm, entityId };
throw new SAML2MetaException("entityid_invalid", data);
}
EntityConfigElement eConfig = metaManager.getEntityConfig(realm, entityId);
boolean isAffiliation = false;
if (metaManager.getAffiliationDescriptor(realm, entityId) != null) {
isAffiliation = true;
}
if (debug.messageEnabled()) {
debug.message(classMethod + "is " + entityId + " in realm " + realm + " an affiliation? " + isAffiliation);
}
if (eConfig != null) {
List elist = null;
if (isAffiliation) {
AffiliationConfigElement affiliationCfgElm = metaManager.getAffiliationConfig(realm, entityId);
elist = new ArrayList();
elist.add(affiliationCfgElm);
} else {
elist = eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
}
boolean needToSave = false;
for (Iterator iter = elist.iterator(); iter.hasNext(); ) {
BaseConfigType bConfig = (BaseConfigType) iter.next();
List list = bConfig.getAttribute();
for (Iterator iter2 = list.iterator(); iter2.hasNext(); ) {
AttributeType avp = (AttributeType) iter2.next();
if (avp.getName().trim().equalsIgnoreCase(SAML2Constants.COT_LIST)) {
List avpl = avp.getValue();
if (avpl != null && !avpl.isEmpty() && containsValue(avpl, name)) {
avpl.remove(name);
needToSave = true;
break;
}
}
}
}
if (needToSave) {
metaManager.setEntityConfig(realm, eConfig);
}
}
}
Also used :
ArrayList(java.util.ArrayList)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
AffiliationConfigElement(com.sun.identity.saml2.jaxb.entityconfig.AffiliationConfigElement)
AttributeType(com.sun.identity.saml2.jaxb.entityconfig.AttributeType)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
EntityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)
Example 75 with SAML2MetaManager
use of com.sun.identity.saml2.meta.SAML2MetaManager in project OpenAM by OpenRock.
the class AuthnQueryUtil method processAuthnQuery.
/**
* This method processes the <code>AuthnQuery</code> coming
* from a requester.
*
* @param authnQuery the <code>AuthnQuery</code> object
* @param request the <code>HttpServletRequest</code> object
* @param response the <code>HttpServletResponse</code> object
* @param authnAuthorityEntityID entity ID of authentication authority
* @param realm the realm of hosted entity
*
* @return the <code>Response</code> object
* @exception SAML2Exception if the operation is not successful
*/
public static Response processAuthnQuery(AuthnQuery authnQuery, HttpServletRequest request, HttpServletResponse response, String authnAuthorityEntityID, String realm) throws SAML2Exception {
try {
verifyAuthnQuery(authnQuery, authnAuthorityEntityID, realm);
} catch (SAML2Exception se) {
SAML2Utils.debug.error("AuthnQueryUtil.processAuthnQuery:", se);
return SAML2Utils.getErrorResponse(authnQuery, SAML2Constants.REQUESTER, null, se.getMessage(), null);
}
Issuer issuer = authnQuery.getIssuer();
String spEntityID = issuer.getValue();
AuthnAuthorityDescriptorElement aad = null;
SAML2MetaManager metaManager = SAML2Utils.getSAML2MetaManager();
try {
aad = metaManager.getAuthnAuthorityDescriptor(realm, authnAuthorityEntityID);
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error("AuthnQueryUtil.processAuthnQuery:", sme);
return SAML2Utils.getErrorResponse(authnQuery, SAML2Constants.RESPONDER, null, SAML2Utils.bundle.getString("metaDataError"), null);
}
if (aad == null) {
return SAML2Utils.getErrorResponse(authnQuery, SAML2Constants.REQUESTER, null, SAML2Utils.bundle.getString("authnAuthorityNotFound"), null);
}
NameID nameID = getNameID(authnQuery.getSubject(), realm, authnAuthorityEntityID);
if (nameID == null) {
return SAML2Utils.getErrorResponse(authnQuery, SAML2Constants.REQUESTER, SAML2Constants.UNKNOWN_PRINCIPAL, null, null);
}
IDPAccountMapper idpAcctMapper = SAML2Utils.getIDPAccountMapper(realm, authnAuthorityEntityID);
String userID = idpAcctMapper.getIdentity(nameID, authnAuthorityEntityID, spEntityID, realm);
if (userID == null) {
return SAML2Utils.getErrorResponse(authnQuery, SAML2Constants.REQUESTER, SAML2Constants.UNKNOWN_PRINCIPAL, null, null);
}
IDPAuthnContextMapper idpAuthnContextMapper = IDPSSOUtil.getIDPAuthnContextMapper(realm, authnAuthorityEntityID);
// get assertion for matching authncontext using session
List returnAssertions = new ArrayList();
String qSessionIndex = authnQuery.getSessionIndex();
RequestedAuthnContext requestedAC = authnQuery.getRequestedAuthnContext();
List assertions = null;
String cacheKey = userID.toLowerCase();
AssertionFactory assertionFactory = AssertionFactory.getInstance();
if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AuthnQueryUtil.processAuthnQuery: " + "getting user assertions from DB. user = " + cacheKey);
}
List list = null;
try {
list = SAML2FailoverUtils.retrieveSAML2TokensWithSecondaryKey(cacheKey);
} catch (SAML2TokenRepositoryException se) {
SAML2Utils.debug.error("AuthnQueryUtil.processAuthnQuery: " + "Unable to obtain user assertions from CTS Repository. user = " + cacheKey, se);
}
if (list != null && !list.isEmpty()) {
assertions = new ArrayList();
for (Iterator iter = list.iterator(); iter.hasNext(); ) {
String assertionStr = (String) iter.next();
assertions.add(assertionFactory.createAssertion(assertionStr));
}
}
} else {
assertions = (List) IDPCache.assertionCache.get(cacheKey);
}
if ((assertions != null) && (!assertions.isEmpty())) {
synchronized (assertions) {
for (Iterator aIter = assertions.iterator(); aIter.hasNext(); ) {
Assertion assertion = (Assertion) aIter.next();
if (!assertion.isTimeValid()) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AuthnQueryUtil.processAuthnQuery: " + " assertion " + assertion.getID() + " expired.");
}
continue;
}
List authnStmts = assertion.getAuthnStatements();
for (Iterator asIter = authnStmts.iterator(); asIter.hasNext(); ) {
AuthnStatement authnStmt = (AuthnStatement) asIter.next();
AuthnContext authnStmtAC = authnStmt.getAuthnContext();
String sessionIndex = authnStmt.getSessionIndex();
String authnStmtACClassRef = authnStmtAC.getAuthnContextClassRef();
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AuthnQueryUtil.processAuthnQuery: " + "authnStmtACClassRef is " + authnStmtACClassRef + ", sessionIndex = " + sessionIndex);
}
if ((qSessionIndex != null) && (qSessionIndex.length() != 0) && (!qSessionIndex.equals(sessionIndex))) {
continue;
}
if (requestedAC != null) {
List requestedACClassRefs = requestedAC.getAuthnContextClassRef();
String comparison = requestedAC.getComparison();
if (idpAuthnContextMapper.isAuthnContextMatching(requestedACClassRefs, authnStmtACClassRef, comparison, realm, authnAuthorityEntityID)) {
returnAssertions.add(assertion);
break;
}
} else {
returnAssertions.add(assertion);
break;
}
}
}
}
// end assertion iterator while.
}
ProtocolFactory protocolFactory = ProtocolFactory.getInstance();
Response samlResp = protocolFactory.createResponse();
if (!returnAssertions.isEmpty()) {
samlResp.setAssertion(returnAssertions);
}
samlResp.setID(SAML2Utils.generateID());
samlResp.setInResponseTo(authnQuery.getID());
samlResp.setVersion(SAML2Constants.VERSION_2_0);
samlResp.setIssueInstant(new Date());
Status status = protocolFactory.createStatus();
StatusCode statusCode = protocolFactory.createStatusCode();
statusCode.setValue(SAML2Constants.SUCCESS);
status.setStatusCode(statusCode);
samlResp.setStatus(status);
Issuer respIssuer = assertionFactory.createIssuer();
respIssuer.setValue(authnAuthorityEntityID);
samlResp.setIssuer(respIssuer);
signResponse(samlResp, authnAuthorityEntityID, realm, false);
return samlResp;
}
Also used :
Status(com.sun.identity.saml2.protocol.Status)
AuthnAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement)
IDPAccountMapper(com.sun.identity.saml2.plugins.IDPAccountMapper)
IDPAuthnContextMapper(com.sun.identity.saml2.plugins.IDPAuthnContextMapper)
Issuer(com.sun.identity.saml2.assertion.Issuer)
NameID(com.sun.identity.saml2.assertion.NameID)
ArrayList(java.util.ArrayList)
EncryptedAssertion(com.sun.identity.saml2.assertion.EncryptedAssertion)
Assertion(com.sun.identity.saml2.assertion.Assertion)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
StatusCode(com.sun.identity.saml2.protocol.StatusCode)
Date(java.util.Date)
RequestedAuthnContext(com.sun.identity.saml2.protocol.RequestedAuthnContext)
AuthnContext(com.sun.identity.saml2.assertion.AuthnContext)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory)
Response(com.sun.identity.saml2.protocol.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
RequestedAuthnContext(com.sun.identity.saml2.protocol.RequestedAuthnContext)
AssertionFactory(com.sun.identity.saml2.assertion.AssertionFactory)
Iterator(java.util.Iterator)
AuthnStatement(com.sun.identity.saml2.assertion.AuthnStatement)
ArrayList(java.util.ArrayList)
List(java.util.List)
SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Aggregations
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)100
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)93
List (java.util.List)67
ArrayList (java.util.ArrayList)48
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)46
Map (java.util.Map)33
HashMap (java.util.HashMap)31
Iterator (java.util.Iterator)28
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)27
EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)23
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)22
SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)21
JAXBException (javax.xml.bind.JAXBException)20
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)19
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)17
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)16
IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)15
Set (java.util.Set)10
CLIException (com.sun.identity.cli.CLIException)9
COTException (com.sun.identity.cot.COTException)9
