Search in sources :

Example 96 with SAML2MetaManager

use of com.sun.identity.saml2.meta.SAML2MetaManager in project OpenAM by OpenRock.

the class SPACSUtils method getAttributeValueFromSPSSOConfig.

/**
     * Retrieves attribute value for a given attribute name from 
     * <code>SPSSOConfig</code>.
     * @param orgName realm or organization name the service provider resides in
     * @param hostEntityId hosted service provider's Entity ID.
     * @param sm <code>SAML2MetaManager</code> instance to perform meta
     *                operations.
     * @param attrName name of the attribute whose value ot be retrived.
     * @return value of the attribute; or <code>null</code> if the attribute
     *                if not configured, or an error occured in the process.
     */
private static String getAttributeValueFromSPSSOConfig(String orgName, String hostEntityId, SAML2MetaManager sm, String attrName) {
    String result = null;
    try {
        SPSSOConfigElement config = sm.getSPSSOConfig(orgName, hostEntityId);
        if (config == null) {
            return null;
        }
        Map attrs = SAML2MetaUtils.getAttributes(config);
        List value = (List) attrs.get(attrName);
        if (value != null && value.size() != 0) {
            result = ((String) value.iterator().next()).trim();
        }
    } catch (SAML2MetaException sme) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPACSUtils.getAttributeValueFromSPSSO" + "Config:", sme);
        }
        result = null;
    }
    return result;
}
Also used : SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) List(java.util.List) ArrayList(java.util.ArrayList) Map(java.util.Map) HashMap(java.util.HashMap) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 97 with SAML2MetaManager

use of com.sun.identity.saml2.meta.SAML2MetaManager in project OpenAM by OpenRock.

the class QueryClient method getPDPEndPoint.

/**
     * Returns the Policy Decision Point End Point (PDP) URL.
     *
     * @param pdpEntityID entity Identifier of the PDP.
     * @return the PDP endpoint URL.
     * @exception if there is an error retreiving the endpoint from the
     *            configuration.
     */
private static String getPDPEndPoint(String pdpEntityID) throws SAML2Exception {
    String endPoint = null;
    String classMethod = "QueryClient:getPDPEndPoint";
    if (saml2MetaManager != null) {
        try {
            XACMLPDPDescriptorElement pdpDescriptor = saml2MetaManager.getPolicyDecisionPointDescriptor(null, pdpEntityID);
            if (pdpDescriptor != null) {
                List xacmlPDP = pdpDescriptor.getXACMLAuthzService();
                if (xacmlPDP != null) {
                    Iterator i = xacmlPDP.iterator();
                    while (i.hasNext()) {
                        Object o = (Object) i.next();
                        if (o instanceof XACMLAuthzServiceElement) {
                            XACMLAuthzServiceElement xType = (XACMLAuthzServiceElement) o;
                            endPoint = xType.getLocation();
                            if (debug.messageEnabled()) {
                                debug.message(classMethod + "EndPoint :" + endPoint);
                            }
                        }
                        break;
                    }
                }
            }
        } catch (SAML2MetaException sme) {
            if (debug.messageEnabled()) {
                debug.message(classMethod + "Error retreiving PDP Meta", sme);
            }
            String[] args = { pdpEntityID };
            LogUtil.error(Level.INFO, LogUtil.PDP_METADATA_ERROR, args);
            throw new SAML2Exception(SAML2SDKUtils.BUNDLE_NAME, "pdpMetaRetreivalError", args);
        }
    }
    return endPoint;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) XACMLAuthzServiceElement(com.sun.identity.saml2.jaxb.metadata.XACMLAuthzServiceElement) XACMLPDPDescriptorElement(com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) NodeList(org.w3c.dom.NodeList) List(java.util.List) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 98 with SAML2MetaManager

use of com.sun.identity.saml2.meta.SAML2MetaManager in project OpenAM by OpenRock.

the class ConfigFedMonitoring method getSAMLv2Roles.

/*
     * This is used to determine what 'roles' a particular entity is
     * acting as. It will producs a list of role names which can then
     * be used by the calling routine for whatever purpose it needs.
     */
private List getSAMLv2Roles(String entity, String realm) {
    List roles = new ArrayList();
    try {
        SAML2MetaManager samlManager = new SAML2MetaManager();
        EntityDescriptorElement d = samlManager.getEntityDescriptor(realm, entity);
        if (d != null) {
            // find out what role this dude is playing
            if (SAML2MetaUtils.getSPSSODescriptor(d) != null) {
                roles.add(SERVICE_PROVIDER);
            }
            if (SAML2MetaUtils.getIDPSSODescriptor(d) != null) {
                roles.add(IDENTITY_PROVIDER);
            }
            if (SAML2MetaUtils.getPolicyDecisionPointDescriptor(d) != null) {
                roles.add(POLICY_DECISION_POINT_DESCRIPTOR);
            }
            if (SAML2MetaUtils.getPolicyEnforcementPointDescriptor(d) != null) {
                roles.add(POLICY_ENFORCEMENT_POINT_DESCRIPTOR);
            }
            if (SAML2MetaUtils.getAttributeAuthorityDescriptor(d) != null) {
                roles.add(SAML_ATTRAUTHORITY);
            }
            if (SAML2MetaUtils.getAuthnAuthorityDescriptor(d) != null) {
                roles.add(SAML_AUTHNAUTHORITY);
            }
            if (SAML2MetaUtils.getAttributeQueryDescriptor(d) != null) {
                roles.add(SAML_ATTRQUERY);
            }
            if (samlManager.getAffiliationDescriptor(realm, entity) != null) {
                roles.add(AFFILIATE);
            }
        }
    } catch (SAML2MetaException s) {
        if (debug.warningEnabled()) {
            debug.warning("ConfigFedMonitoring.getSAMLv2Roles() - " + "Couldn't get SAMLMetaManager");
        }
    }
    return (roles != null) ? roles : Collections.EMPTY_LIST;
}
Also used : ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 99 with SAML2MetaManager

use of com.sun.identity.saml2.meta.SAML2MetaManager in project OpenAM by OpenRock.

the class ConfigFedMonitoring method getAllRealms.

private void getAllRealms(String startRealm) {
    String classMethod = "ConfigFedMonitoring.getAllRealms: ";
    // until IDPs/SPs per realm instrum
    boolean skipSAML2Entities = true;
    StringBuffer sb = new StringBuffer(classMethod);
    sb.append("orgnames starting from ").append(startRealm).append(":\n");
    sb.append("  ").append(startRealm).append("\n");
    List rList = getRealmsList(startRealm);
    try {
        CircleOfTrustManager cotmgr = new CircleOfTrustManager();
        SAML2MetaManager saml2Mgr = new SAML2MetaManager();
        IDFFMetaManager idffmgr = new IDFFMetaManager(ssoToken);
        for (Iterator it = rList.iterator(); it.hasNext(); ) {
            String thisRealm = (String) it.next();
            Set cots = getCOTs(thisRealm, cotmgr);
            Map s2Ents = null;
            if (!skipSAML2Entities) {
                s2Ents = getSAML2Entities(thisRealm, saml2Mgr);
            }
            Map wsEnts = getWSFedEntities(thisRealm);
            Map idffentMap = getIDFFEntities(thisRealm, idffmgr);
            /*
                 *  getCOTMembers(thisRealm, cot, cotmgr, cotsb)
                 *  can get the members of the COT, but there isn't
                 *  a (MIB) entry that right now.
                 */
            Map membMap = getCOTMembers(thisRealm, cots, cotmgr);
            SSOServerRealmFedInfo srfi = new SSOServerRealmFedInfo.SSOServerRealmFedInfoBuilder(thisRealm).cots(cots).samlv2Entities(s2Ents).wsEntities(wsEnts).idffEntities(idffentMap).membEntities(membMap).build();
            Agent.federationConfig(srfi);
        }
    } catch (SAML2MetaException e) {
        debug.error(classMethod + "SAML2 ex: " + e.getMessage());
    } catch (COTException e) {
        debug.error(classMethod + "COT ex: " + e.getMessage());
    } catch (IDFFMetaException e) {
        debug.error(classMethod + "IDFF ex: " + e.getMessage());
    }
}
Also used : CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager) Set(java.util.Set) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) COTException(com.sun.identity.cot.COTException) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) List(java.util.List) SSOServerRealmFedInfo(com.sun.identity.monitoring.SSOServerRealmFedInfo) HashMap(java.util.HashMap) Map(java.util.Map) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 100 with SAML2MetaManager

use of com.sun.identity.saml2.meta.SAML2MetaManager in project OpenAM by OpenRock.

the class ConfigFedMonitoring method getSAML2Entities.

private Map getSAML2Entities(String realm, SAML2MetaManager saml2Mgr) {
    String classMethod = "ConfigFedMonitoring.getSAML2Entities:";
    Set s2Ents = null;
    // s2entMap: entity name => Map of ("location", "roles") -> values
    // for the SAML2 entities
    Map s2entMap = new HashMap();
    try {
        s2Ents = saml2Mgr.getAllEntities(realm);
        List hosted = saml2Mgr.getAllHostedEntities(realm);
        for (Iterator it = s2Ents.iterator(); it.hasNext(); ) {
            Map wse = new HashMap();
            String entId = (String) it.next();
            if ((hosted != null) && hosted.contains(entId)) {
                wse.put("location", "hosted");
            } else {
                wse.put("location", "remote");
            }
            wse.put("roles", listToString(getSAMLv2Roles(entId, realm)));
            s2entMap.put(entId, wse);
        }
    } catch (SAML2MetaException e) {
        debug.error(classMethod + "getting SAML2 entity providers for realm " + realm + ": " + e.getMessage());
    }
    return s2entMap;
}
Also used : Set(java.util.Set) HashMap(java.util.HashMap) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Aggregations

SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)100 SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)93 List (java.util.List)67 ArrayList (java.util.ArrayList)48 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)46 Map (java.util.Map)33 HashMap (java.util.HashMap)31 Iterator (java.util.Iterator)28 EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)27 EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)23 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)22 SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)21 JAXBException (javax.xml.bind.JAXBException)20 BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)19 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)17 IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)16 IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)15 Set (java.util.Set)10 CLIException (com.sun.identity.cli.CLIException)9 COTException (com.sun.identity.cot.COTException)9