Example 26 with SAML2MetaManager
use of com.sun.identity.saml2.meta.SAML2MetaManager in project OpenAM by OpenRock.
the class TaskModelImpl method getConfigureGoogleAppsURLs.
public Map getConfigureGoogleAppsURLs(String realm, String entityId) throws AMConsoleException {
Map map = new HashMap();
IDPSSODescriptorElement idpssoDescriptor = null;
try {
SAML2MetaManager samlManager = new SAML2MetaManager();
idpssoDescriptor = samlManager.getIDPSSODescriptor(realm, entityId);
String signinPageURL = null;
if (idpssoDescriptor != null) {
List signonList = idpssoDescriptor.getSingleSignOnService();
for (int i = 0; i < signonList.size(); i++) {
SingleSignOnServiceElement signElem = (SingleSignOnServiceElement) signonList.get(i);
String tmp = signElem.getBinding();
if (tmp.contains("HTTP-Redirect")) {
signinPageURL = signElem.getLocation();
map.put("SigninPageURL", returnEmptySetIfValueIsNull(signinPageURL));
}
}
}
URL aURL = new URL(signinPageURL);
String signoutPageURL = null;
String protocol = aURL.getProtocol();
String host = aURL.getHost();
int port = aURL.getPort();
if (port == -1) {
port = (aURL.getProtocol().equals("https")) ? 443 : 80;
}
String deploymentURI = SystemPropertiesManager.get(Constants.AM_SERVICES_DEPLOYMENT_DESCRIPTOR);
String url = protocol + "://" + host + ":" + port + deploymentURI;
signoutPageURL = url + "/UI/Logout?goto=" + url;
map.put("SignoutPageURL", returnEmptySetIfValueIsNull(signoutPageURL));
map.put("ChangePasswordURL", returnEmptySetIfValueIsNull(url + "/idm/EndUser"));
// get pubkey
Map extValueMap = new HashMap();
IDPSSOConfigElement idpssoConfig = samlManager.getIDPSSOConfig(realm, entityId);
if (idpssoConfig != null) {
BaseConfigType baseConfig = (BaseConfigType) idpssoConfig;
extValueMap = SAML2MetaUtils.getAttributes(baseConfig);
}
List aList = (List) extValueMap.get("signingCertAlias");
String signingCertAlias = null;
if (aList != null) {
signingCertAlias = (String) aList.get(0);
}
String publickey = SAML2MetaSecurityUtils.buildX509Certificate(signingCertAlias);
String str = "-----BEGIN CERTIFICATE-----\n" + publickey + "-----END CERTIFICATE-----\n";
map.put("PubKey", returnEmptySetIfValueIsNull(str));
} catch (SAML2MetaException ex) {
throw new AMConsoleException(ex.getMessage());
} catch (MalformedURLException ex) {
throw new AMConsoleException(ex.getMessage());
}
return map;
}
Also used :
MalformedURLException(java.net.MalformedURLException)
HashMap(java.util.HashMap)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
SingleSignOnServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleSignOnServiceElement)
URL(java.net.URL)
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
List(java.util.List)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
HashMap(java.util.HashMap)
Map(java.util.Map)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Example 27 with SAML2MetaManager
use of com.sun.identity.saml2.meta.SAML2MetaManager in project OpenAM by OpenRock.
the class TaskModelImpl method getConfigureSalesForceAppsURLs.
public Map getConfigureSalesForceAppsURLs(String realm, String entityId, String attrMapping) throws AMConsoleException {
Map map = new HashMap();
String attributeNames = getAttributeNames(attrMapping);
IDPSSODescriptorElement idpssoDescriptor = null;
try {
SAML2MetaManager samlManager = new SAML2MetaManager();
idpssoDescriptor = samlManager.getIDPSSODescriptor(realm, entityId);
String signinPageURL = null;
// get pubkey
Map extValueMap = new HashMap();
IDPSSOConfigElement idpssoConfig = samlManager.getIDPSSOConfig(realm, entityId);
if (idpssoConfig != null) {
BaseConfigType baseConfig = (BaseConfigType) idpssoConfig;
extValueMap = SAML2MetaUtils.getAttributes(baseConfig);
}
List aList = (List) extValueMap.get("signingCertAlias");
String signingCertAlias = null;
if (aList != null) {
signingCertAlias = (String) aList.get(0);
}
String publickey = SAML2MetaSecurityUtils.buildX509Certificate(signingCertAlias);
String str = "-----BEGIN CERTIFICATE-----\n" + publickey + "\n-----END CERTIFICATE-----\n";
map.put("PubKey", returnEmptySetIfValueIsNull(str));
map.put("IssuerID", returnEmptySetIfValueIsNull(entityId));
map.put("AttributeName", returnEmptySetIfValueIsNull(attributeNames));
} catch (SAML2MetaException ex) {
throw new AMConsoleException(ex.getMessage());
}
return map;
}
Also used :
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
HashMap(java.util.HashMap)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
List(java.util.List)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
HashMap(java.util.HashMap)
Map(java.util.Map)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Example 28 with SAML2MetaManager
use of com.sun.identity.saml2.meta.SAML2MetaManager in project OpenAM by OpenRock.
the class SAML2Utils method verifyResponse.
/**
* Verifies single sign on <code>Response</code> and returns information
* to SAML2 auth module for further processing. This method is used by
* SAML2 auth module only.
*
* @param httpRequest HttpServletRequest
* @param httpResponse HttpServletResponse
* @param response Single Sign On <code>Response</code>.
* @param orgName name of the realm or organization the provider is in.
* @param hostEntityId Entity ID of the hosted provider.
* @param profileBinding Profile binding used.
* @return A Map of information extracted from the Response. The keys of
* map are:
* <code>SAML2Constants.SUBJECT</code>,
* <code>SAML2Constants.POST_ASSERTION</code>,
* <code>SAML2Constants.ASSERTIONS</code>,
* <code>SAML2Constants.SESSION_INDEX</code>,
* <code>SAML2Constants.AUTH_LEVEL</code>,
* <code>SAML2Constants.MAX_SESSION_TIME</code>.
* @throws SAML2Exception if the Response is not valid according to the
* processing rules.
*/
public static Map verifyResponse(final HttpServletRequest httpRequest, final HttpServletResponse httpResponse, final Response response, final String orgName, final String hostEntityId, final String profileBinding) throws SAML2Exception {
final String method = "SAML2Utils.verifyResponse:";
if (response == null || orgName == null || orgName.length() == 0) {
if (debug.messageEnabled()) {
debug.message(method + "response or orgName is null.");
}
throw new SAML2Exception(bundle.getString("nullInput"));
}
String respID = response.getID();
AuthnRequestInfo reqInfo = null;
String inRespToResp = response.getInResponseTo();
if (inRespToResp != null && inRespToResp.length() != 0) {
reqInfo = (AuthnRequestInfo) SPCache.requestHash.get(inRespToResp);
if (reqInfo == null) {
if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
// Attempt to read AuthnRequestInfoCopy from SAML2 repository
AuthnRequestInfoCopy reqInfoCopy = null;
try {
reqInfoCopy = (AuthnRequestInfoCopy) SAML2FailoverUtils.retrieveSAML2Token(inRespToResp);
} catch (SAML2TokenRepositoryException se) {
debug.error(method + "AuthnRequestInfoCopy" + " unable to retrieve from SAML2 repository for inResponseTo: " + inRespToResp);
}
if (reqInfoCopy != null) {
// Get back the AuthnRequestInfo
reqInfo = reqInfoCopy.getAuthnRequestInfo(httpRequest, httpResponse);
if (debug.messageEnabled()) {
debug.message(method + "AuthnRequestInfoCopy" + " retrieved from SAML2 repository for inResponseTo: " + inRespToResp);
}
} else {
debug.error(method + "InResponseTo attribute in Response" + " is invalid: " + inRespToResp + ", SAML2 failover is enabled");
String[] data = { respID };
LogUtil.error(Level.INFO, LogUtil.INVALID_INRESPONSETO_RESPONSE, data, null);
throw new SAML2Exception(bundle.getString("invalidInResponseToInResponse"));
}
} else {
AuthnRequestInfoCopy reqInfoCopy = (AuthnRequestInfoCopy) SAML2Store.getTokenFromStore(inRespToResp);
if (reqInfoCopy != null) {
// Get back the AuthnRequestInfo
reqInfo = reqInfoCopy.getAuthnRequestInfo(httpRequest, httpResponse);
if (debug.messageEnabled()) {
debug.message(method + "AuthnRequestInfoCopy" + " retrieved from SAML2 repository for inResponseTo: " + inRespToResp);
}
} else {
debug.error(method + "InResponseTo attribute in Response" + " is invalid: " + inRespToResp + ", SAML2 failover is enabled");
String[] data = { respID };
LogUtil.error(Level.INFO, LogUtil.INVALID_INRESPONSETO_RESPONSE, data, null);
throw new SAML2Exception(bundle.getString("invalidInResponseToInResponse"));
}
}
}
}
// reqInfo can remain null and will do for IDP initiated SSO requests
// invoke SP Adapter
SAML2ServiceProviderAdapter spAdapter = SAML2Utils.getSPAdapterClass(hostEntityId, orgName);
if (spAdapter != null) {
AuthnRequest authnRequest = null;
if (reqInfo != null) {
authnRequest = reqInfo.getAuthnRequest();
}
spAdapter.preSingleSignOnProcess(hostEntityId, orgName, httpRequest, httpResponse, authnRequest, response, profileBinding);
}
String idpEntityId = null;
Issuer respIssuer = response.getIssuer();
if (respIssuer != null) {
// optional
if (!isSourceSiteValid(respIssuer, orgName, hostEntityId)) {
if (debug.messageEnabled()) {
debug.message(method + "Issuer in Response is not valid.");
}
String[] data = { hostEntityId, orgName, respID };
LogUtil.error(Level.INFO, LogUtil.INVALID_ISSUER_RESPONSE, data, null);
throw new SAML2Exception(bundle.getString("invalidIssuerInResponse"));
} else {
idpEntityId = respIssuer.getValue();
}
}
Status status = response.getStatus();
if (status == null || !status.getStatusCode().getValue().equals(SAML2Constants.SUCCESS)) {
String statusCode = (status == null) ? "" : status.getStatusCode().getValue();
if (debug.messageEnabled()) {
debug.message(method + "Response's status code is not success: " + statusCode);
}
String[] data = { respID, "" };
if (LogUtil.isErrorLoggable(Level.FINE)) {
data[1] = statusCode;
}
LogUtil.error(Level.INFO, LogUtil.WRONG_STATUS_CODE, data, null);
if (SAML2Constants.RESPONDER.equals(statusCode)) {
//In case of passive authentication the NoPassive response will be sent using two StatusCode nodes:
//the outer StatusCode will be Responder and the inner StatusCode will contain the NoPassive URN
StatusCode secondLevelStatusCode = status.getStatusCode().getStatusCode();
if (secondLevelStatusCode != null && SAML2Constants.NOPASSIVE.equals(secondLevelStatusCode.getValue())) {
throw new SAML2Exception(SAML2Utils.BUNDLE_NAME, "noPassiveResponse", null);
}
} else if (SAML2Constants.REQUESTER.equals(statusCode)) {
// when is AllowCreate=false mode the auth module gets here with a
// statusCode of urn:oasis:names:tc:SAML:2.0:status:Requester
StatusCode secondLevelStatusCode = status.getStatusCode().getStatusCode();
if (secondLevelStatusCode != null && SAML2Constants.INVALID_NAME_ID_POLICY.equals(secondLevelStatusCode.getValue())) {
throw new SAML2Exception(SAML2Utils.BUNDLE_NAME, "nameIDMReqInvalidNameIDPolicy", null);
}
}
throw new SAML2Exception(bundle.getString("invalidStatusCodeInResponse"));
}
if (saml2MetaManager == null) {
throw new SAML2Exception(bundle.getString("nullMetaManager"));
}
SPSSOConfigElement spConfig = null;
SPSSODescriptorElement spDesc = null;
spConfig = saml2MetaManager.getSPSSOConfig(orgName, hostEntityId);
spDesc = saml2MetaManager.getSPSSODescriptor(orgName, hostEntityId);
if (debug.messageEnabled()) {
debug.message(method + "binding is :" + profileBinding);
}
// SAML spec processing
// 4.1.4.3 Verify any signatures present on the assertion(s) or the response
boolean responseIsSigned = false;
if (response.isSigned()) {
IDPSSODescriptorElement idpSSODescriptor = null;
try {
idpSSODescriptor = saml2MetaManager.getIDPSSODescriptor(orgName, idpEntityId);
} catch (SAML2MetaException sme) {
String[] data = { orgName, idpEntityId };
LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, data, null);
throw new SAML2Exception(sme);
}
if (idpSSODescriptor != null) {
Set<X509Certificate> verificationCerts = KeyUtil.getVerificationCerts(idpSSODescriptor, idpEntityId, SAML2Constants.IDP_ROLE);
if (CollectionUtils.isEmpty(verificationCerts) || !response.isSignatureValid(verificationCerts)) {
debug.error(method + "Response is not signed or signature is not valid.");
String[] data = { orgName, hostEntityId, idpEntityId };
LogUtil.error(Level.INFO, LogUtil.POST_RESPONSE_INVALID_SIGNATURE, data, null);
throw new SAML2Exception(bundle.getString("invalidSignInResponse"));
}
} else {
String[] data = { idpEntityId };
LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, data, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
responseIsSigned = true;
}
if (debug.messageEnabled()) {
debug.message(method + "responseIsSigned is :" + responseIsSigned);
}
// assertion encryption check
boolean needAssertionEncrypted = false;
String assertionEncryptedAttr = getAttributeValueFromSPSSOConfig(spConfig, SAML2Constants.WANT_ASSERTION_ENCRYPTED);
needAssertionEncrypted = Boolean.parseBoolean(assertionEncryptedAttr);
if (debug.messageEnabled()) {
debug.message(method + "NeedAssertionEncrypted is :" + needAssertionEncrypted);
}
List<Assertion> assertions = response.getAssertion();
if (needAssertionEncrypted && !CollectionUtils.isEmpty(assertions)) {
String[] data = { respID };
LogUtil.error(Level.INFO, LogUtil.ASSERTION_NOT_ENCRYPTED, data, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("assertionNotEncrypted"));
}
Set<PrivateKey> decryptionKeys;
List<EncryptedAssertion> encAssertions = response.getEncryptedAssertion();
if (encAssertions != null) {
decryptionKeys = KeyUtil.getDecryptionKeys(spConfig);
for (EncryptedAssertion encAssertion : encAssertions) {
Assertion assertion = encAssertion.decrypt(decryptionKeys);
if (assertions == null) {
assertions = new ArrayList<>();
}
assertions.add(assertion);
}
}
if (CollectionUtils.isEmpty(assertions)) {
if (debug.messageEnabled()) {
debug.message(method + "no assertion in the Response.");
}
String[] data = { respID };
LogUtil.error(Level.INFO, LogUtil.MISSING_ASSERTION, data, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("missingAssertion"));
}
boolean wantAssertionsSigned = spDesc.isWantAssertionsSigned();
if (debug.messageEnabled()) {
debug.message(method + "wantAssertionsSigned is :" + wantAssertionsSigned);
}
// validate the assertions
Map smap = null;
Map bearerMap = null;
IDPSSODescriptorElement idp = null;
Set<X509Certificate> verificationCerts = null;
boolean allAssertionsSigned = true;
for (Assertion assertion : assertions) {
String assertionID = assertion.getID();
Issuer issuer = assertion.getIssuer();
if (!isSourceSiteValid(issuer, orgName, hostEntityId)) {
debug.error("assertion's source site is not valid.");
String[] data = { assertionID };
LogUtil.error(Level.INFO, LogUtil.INVALID_ISSUER_ASSERTION, data, null);
throw new SAML2Exception(bundle.getString("invalidIssuerInAssertion"));
}
if (idpEntityId == null) {
idpEntityId = issuer.getValue();
} else {
if (!idpEntityId.equals(issuer.getValue())) {
if (debug.messageEnabled()) {
debug.message(method + "Issuer in Assertion doesn't " + "match the Issuer in Response or other " + "Assertions in the Response.");
}
String[] data = { assertionID };
LogUtil.error(Level.INFO, LogUtil.MISMATCH_ISSUER_ASSERTION, data, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("mismatchIssuer"));
}
}
if (assertion.isSigned()) {
if (verificationCerts == null) {
idp = saml2MetaManager.getIDPSSODescriptor(orgName, idpEntityId);
verificationCerts = KeyUtil.getVerificationCerts(idp, idpEntityId, SAML2Constants.IDP_ROLE);
}
if (CollectionUtils.isEmpty(verificationCerts) || !assertion.isSignatureValid(verificationCerts)) {
debug.error(method + "Assertion is not signed or signature is not valid.");
String[] data = { assertionID };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE_ASSERTION, data, null);
throw new SAML2Exception(bundle.getString("invalidSignatureOnAssertion"));
}
} else {
allAssertionsSigned = false;
}
List authnStmts = assertion.getAuthnStatements();
if (authnStmts != null && !authnStmts.isEmpty()) {
Subject subject = assertion.getSubject();
if (subject == null) {
continue;
}
List subjectConfirms = subject.getSubjectConfirmation();
if (subjectConfirms == null || subjectConfirms.isEmpty()) {
continue;
}
bearerMap = isBearerSubjectConfirmation(subjectConfirms, inRespToResp, spDesc, spConfig, assertionID);
if (!((Boolean) bearerMap.get(SAML2Constants.IS_BEARER))) {
continue;
}
boolean foundAssertion = false;
if ((SPCache.assertionByIDCache != null) && (SPCache.assertionByIDCache.containsKey(assertionID))) {
foundAssertion = true;
}
if ((!foundAssertion) && SAML2FailoverUtils.isSAML2FailoverEnabled()) {
try {
if (SAML2FailoverUtils.retrieveSAML2Token(assertionID) != null) {
foundAssertion = true;
}
} catch (SAML2TokenRepositoryException e) {
if (debug.messageEnabled()) {
debug.message("Session not found in AMTokenSAML2Repository.", e);
}
}
}
if (foundAssertion) {
debug.error("Bearer Assertion is one time use only!");
throw new SAML2Exception(bundle.getString("usedBearAssertion"));
}
checkAudience(assertion.getConditions(), hostEntityId, assertionID);
if (smap == null) {
smap = fillMap(authnStmts, subject, assertion, assertions, reqInfo, inRespToResp, orgName, hostEntityId, idpEntityId, spConfig, (Date) bearerMap.get(SAML2Constants.NOTONORAFTER));
}
}
// end of having authnStmt
}
if (smap == null) {
debug.error("No Authentication Assertion in Response.");
throw new SAML2Exception(bundle.getString("missingAuthnAssertion"));
}
// the enclosing element
if (wantAssertionsSigned && !(responseIsSigned || allAssertionsSigned)) {
debug.error(method + "WantAssertionsSigned is true and response or all assertions are not signed");
String[] data = { orgName, hostEntityId, idpEntityId };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE_ASSERTION, data, null);
throw new SAML2Exception(bundle.getString("assertionNotSigned"));
}
// signing each individual <Assertion> element or by signing the <Response> element.
if (profileBinding.equals(SAML2Constants.HTTP_POST)) {
boolean wantPostResponseSigned = SAML2Utils.wantPOSTResponseSigned(orgName, hostEntityId, SAML2Constants.SP_ROLE);
if (debug.messageEnabled()) {
debug.message(method + "wantPostResponseSigned is :" + wantPostResponseSigned);
}
if (wantPostResponseSigned && !responseIsSigned) {
debug.error(method + "wantPostResponseSigned is true but response is not signed");
String[] data = { orgName, hostEntityId, idpEntityId };
LogUtil.error(Level.INFO, LogUtil.POST_RESPONSE_INVALID_SIGNATURE, data, null);
throw new SAML2Exception(bundle.getString("responseNotSigned"));
}
if (!responseIsSigned && !allAssertionsSigned) {
debug.error(method + "WantAssertionsSigned is true but some or all assertions are not signed");
String[] data = { orgName, hostEntityId, idpEntityId };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE_ASSERTION, data, null);
throw new SAML2Exception(bundle.getString("assertionNotSigned"));
}
}
return smap;
}
Also used :
PrivateKey(java.security.PrivateKey)
Issuer(com.sun.identity.saml2.assertion.Issuer)
AuthnRequestInfo(com.sun.identity.saml2.profile.AuthnRequestInfo)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
StatusCode(com.sun.identity.saml2.protocol.StatusCode)
ArrayList(java.util.ArrayList)
List(java.util.List)
AuthnRequestInfoCopy(com.sun.identity.saml2.profile.AuthnRequestInfoCopy)
SAML2ServiceProviderAdapter(com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Status(com.sun.identity.saml2.protocol.Status)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
EncryptedAssertion(com.sun.identity.saml2.assertion.EncryptedAssertion)
Assertion(com.sun.identity.saml2.assertion.Assertion)
X509Certificate(java.security.cert.X509Certificate)
Subject(com.sun.identity.saml2.assertion.Subject)
Date(java.util.Date)
AuthnRequest(com.sun.identity.saml2.protocol.AuthnRequest)
EncryptedAssertion(com.sun.identity.saml2.assertion.EncryptedAssertion)
SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)
Map(java.util.Map)
HashMap(java.util.HashMap)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Example 29 with SAML2MetaManager
use of com.sun.identity.saml2.meta.SAML2MetaManager in project OpenAM by OpenRock.
the class SAML2Utils method isIDPProfileBindingSupported.
/**
* Checks if a profile binding is suppported by an IDP.
*
* @param realm Realm the IDP is in.
* @param idpEntityID IDP entity id.
* @param profile name of the profile/service
* @param binding binding to be checked on
* @return <code>true</code> if the binding is supported;
* <code>false</code> otherwise.
*/
public static boolean isIDPProfileBindingSupported(String realm, String idpEntityID, String profile, String binding) {
if ((saml2MetaManager == null) || (realm == null) || (idpEntityID == null) || (profile == null) || (binding == null)) {
return false;
}
try {
IDPSSODescriptorElement idpDescriptor = saml2MetaManager.getIDPSSODescriptor(realm, idpEntityID);
List services = null;
if (SAML2Constants.SSO_SERVICE.equals(profile)) {
services = idpDescriptor.getSingleSignOnService();
} else if (SAML2Constants.NAMEID_MAPPING_SERVICE.equals(profile)) {
services = idpDescriptor.getNameIDMappingService();
} else if (SAML2Constants.ASSERTION_ID_REQUEST_SERVICE.equals(profile)) {
services = saml2MetaManager.getAuthnAuthorityDescriptor(realm, idpEntityID).getAssertionIDRequestService();
} else if (SAML2Constants.ARTIFACT_RESOLUTION_SERVICE.equals(profile)) {
services = idpDescriptor.getArtifactResolutionService();
} else if (SAML2Constants.SLO_SERVICE.equals(profile)) {
services = idpDescriptor.getSingleLogoutService();
} else if (SAML2Constants.MNI_SERVICE.equals(profile)) {
services = idpDescriptor.getManageNameIDService();
}
if ((services != null) && (!services.isEmpty())) {
Iterator iter = services.iterator();
while (iter.hasNext()) {
EndpointType endpoint = (EndpointType) iter.next();
if (binding.equals(endpoint.getBinding())) {
return true;
}
}
}
} catch (SAML2MetaException me) {
debug.error("SAML2Utils.isIDPProfileBindingSupported:", me);
}
return false;
}
Also used :
Iterator(java.util.Iterator)
EndpointType(com.sun.identity.saml2.jaxb.metadata.EndpointType)
ArrayList(java.util.ArrayList)
List(java.util.List)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Example 30 with SAML2MetaManager
use of com.sun.identity.saml2.meta.SAML2MetaManager in project OpenAM by OpenRock.
the class SAML2Utils method isSPProfileBindingSupported.
/**
* Checks if a profile binding is suppported by a SP.
*
* @param realm Realm the SP is in.
* @param spEntityID SP entity id.
* @param profile name of the profile/service
* @param binding binding to be checked on
* @return <code>true</code> if the binding is supported;
* <code>false</code> otherwise.
*/
public static boolean isSPProfileBindingSupported(String realm, String spEntityID, String profile, String binding) {
if ((saml2MetaManager == null) || (realm == null) || (spEntityID == null) || (profile == null) || (binding == null)) {
return false;
}
try {
SPSSODescriptorElement spDescriptor = saml2MetaManager.getSPSSODescriptor(realm, spEntityID);
List services = null;
if (SAML2Constants.ACS_SERVICE.equals(profile)) {
services = spDescriptor.getAssertionConsumerService();
} else if (SAML2Constants.SLO_SERVICE.equals(profile)) {
services = spDescriptor.getSingleLogoutService();
} else if (SAML2Constants.MNI_SERVICE.equals(profile)) {
services = spDescriptor.getManageNameIDService();
}
if ((services != null) && (!services.isEmpty())) {
Iterator iter = services.iterator();
while (iter.hasNext()) {
EndpointType endpoint = (EndpointType) iter.next();
if (binding.equals(endpoint.getBinding())) {
return true;
}
}
}
} catch (SAML2MetaException me) {
debug.error("SAML2Utils.isSPProfileBindingSupported:", me);
}
return false;
}
Also used :
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
Iterator(java.util.Iterator)
EndpointType(com.sun.identity.saml2.jaxb.metadata.EndpointType)
ArrayList(java.util.ArrayList)
List(java.util.List)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Aggregations
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)100
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)93
List (java.util.List)67
ArrayList (java.util.ArrayList)48
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)46
Map (java.util.Map)33
HashMap (java.util.HashMap)31
Iterator (java.util.Iterator)28
EntityConfigElement (com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement)27
EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)23
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)22
SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)21
JAXBException (javax.xml.bind.JAXBException)20
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)19
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)17
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)16
IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)15
Set (java.util.Set)10
CLIException (com.sun.identity.cli.CLIException)9
COTException (com.sun.identity.cot.COTException)9
