Search in sources :

Example 1 with AttributeAuthorityMapper

use of com.sun.identity.saml2.plugins.AttributeAuthorityMapper in project OpenAM by OpenRock.

the class AttributeQueryUtil method getAttributeAuthorityMapper.

/** 
     * Returns an <code>AttributeAuthorityMapper</code>
     *
     * @param realm the realm name
     * @param attrAuthorityEntityID the entity id of the attribute authority
     * @param attrQueryProfileAlias attribute profile alias
     *
     * @return the <code>AttributeAuthorityMapper</code>
     * @exception SAML2Exception if the operation is not successful
     */
static AttributeAuthorityMapper getAttributeAuthorityMapper(String realm, String attrAuthorityEntityID, String attrQueryProfileAlias) throws SAML2Exception {
    String attrAuthorityMapperName = null;
    AttributeAuthorityMapper attrAuthorityMapper = null;
    try {
        attrAuthorityMapperName = getAttributeValueFromAttrAuthorityConfig(realm, attrAuthorityEntityID, attrQueryProfileAlias + "_" + SAML2Constants.ATTRIBUTE_AUTHORITY_MAPPER);
        if (attrAuthorityMapperName == null) {
            attrAuthorityMapperName = SAML2Constants.DEFAULT_ATTRIBUTE_AUTHORITY_MAPPER_CLASS;
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("AttributeQueryUtil.getAttributeAuthorityMapper: use " + attrAuthorityMapperName);
            }
        }
        attrAuthorityMapper = (AttributeAuthorityMapper) attrAuthorityMapperCache.get(attrAuthorityMapperName);
        if (attrAuthorityMapper == null) {
            attrAuthorityMapper = (AttributeAuthorityMapper) Class.forName(attrAuthorityMapperName).newInstance();
            attrAuthorityMapperCache.put(attrAuthorityMapperName, attrAuthorityMapper);
        } else {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("AttributeQueryUtil.getAttributeAuthorityMapper: " + "got the AttributeAuthorityMapper from cache");
            }
        }
    } catch (Exception ex) {
        SAML2Utils.debug.error("AttributeQueryUtil.getAttributeAuthorityMapper: " + "Unable to get IDP Attribute Mapper.", ex);
        throw new SAML2Exception(ex);
    }
    return attrAuthorityMapper;
}
Also used : AttributeAuthorityMapper(com.sun.identity.saml2.plugins.AttributeAuthorityMapper) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SOAPException(javax.xml.soap.SOAPException) DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)

Example 2 with AttributeAuthorityMapper

use of com.sun.identity.saml2.plugins.AttributeAuthorityMapper in project OpenAM by OpenRock.

the class AttributeQueryUtil method processAttributeQuery.

/**
     * Processes the <code>AttributeQuery</code> coming
     * from a requester.
     *
     * @param attrQuery the <code>AttributeQuery</code> object
     * @param request the <code>HttpServletRequest</code> object
     * @param response the <code>HttpServletResponse</code> object
     * @param attrAuthorityEntityID entity ID of attribute authority
     * @param realm the realm of hosted entity
     * @param attrQueryProfileAlias the attribute query profile alias
     *
     * @return the <code>Response</code> object
     * @exception SAML2Exception if the operation is not successful
     */
public static Response processAttributeQuery(AttributeQuery attrQuery, HttpServletRequest request, HttpServletResponse response, String attrAuthorityEntityID, String realm, String attrQueryProfileAlias) throws SAML2Exception {
    AttributeAuthorityMapper attrAuthorityMapper = getAttributeAuthorityMapper(realm, attrAuthorityEntityID, attrQueryProfileAlias);
    String attrQueryProfile = AttributeQueryUtil.getAttributeQueryProfile(attrQueryProfileAlias);
    try {
        attrAuthorityMapper.authenticateRequester(request, response, attrQuery, attrAuthorityEntityID, realm);
    } catch (SAML2Exception se) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AttributeQueryUtil." + "processAttributeQuery: ", se);
        }
        return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.REQUESTER, null, se.getMessage(), null);
    }
    try {
        attrAuthorityMapper.validateAttributeQuery(request, response, attrQuery, attrAuthorityEntityID, realm);
    } catch (SAML2Exception se) {
        SAML2Utils.debug.error("AttributeQueryUtil.processAttributeQuery:", se);
        return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.REQUESTER, null, se.getMessage(), null);
    }
    Issuer issuer = attrQuery.getIssuer();
    String requesterEntityID = issuer.getValue();
    AttributeAuthorityDescriptorElement aad = null;
    try {
        aad = metaManager.getAttributeAuthorityDescriptor(realm, attrAuthorityEntityID);
    } catch (SAML2MetaException sme) {
        SAML2Utils.debug.error("AttributeQueryUtil.processAttributeQuery:", sme);
        return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.RESPONDER, null, SAML2Utils.bundle.getString("metaDataError"), null);
    }
    if (aad == null) {
        return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.REQUESTER, null, SAML2Utils.bundle.getString("attrAuthorityNotFound"), null);
    }
    Object identity = null;
    try {
        identity = attrAuthorityMapper.getIdentity(request, response, attrQuery, attrAuthorityEntityID, realm);
    } catch (SAML2Exception se) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AttributeQueryUtil." + "processAttributeQuery: ", se);
        }
        return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.REQUESTER, SAML2Constants.UNKNOWN_PRINCIPAL, se.getMessage(), null);
    }
    if (identity == null) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AttributeQueryUtil." + "processAttributeQuery: unable to find identity.");
        }
        return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.REQUESTER, SAML2Constants.UNKNOWN_PRINCIPAL, null, null);
    }
    // Addition to support changing of desired attributes list
    List desiredAttrs = (List) request.getAttribute("AttributeQueryUtil-desiredAttrs");
    if (desiredAttrs == null) {
        desiredAttrs = attrQuery.getAttributes();
    }
    try {
        desiredAttrs = verifyDesiredAttributes(aad.getAttribute(), desiredAttrs);
    } catch (SAML2Exception se) {
        return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.REQUESTER, SAML2Constants.INVALID_ATTR_NAME_OR_VALUE, null, null);
    }
    List attributes = attrAuthorityMapper.getAttributes(identity, attrQuery, attrAuthorityEntityID, realm);
    if (request.getAttribute("AttributeQueryUtil-storeAllAttributes") != null) {
        request.setAttribute("AttributeQueryUtil-allAttributes", attributes);
    }
    attributes = filterAttributes(attributes, desiredAttrs);
    ProtocolFactory protocolFactory = ProtocolFactory.getInstance();
    Response samlResp = protocolFactory.createResponse();
    List assertionList = new ArrayList();
    Assertion assertion = null;
    try {
        assertion = getAssertion(attrQuery, attrAuthorityEntityID, requesterEntityID, realm, attrQueryProfileAlias, attributes);
    } catch (SAML2Exception se) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AttributeQueryUtil.processAttributeQuery:", se);
        }
        return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.RESPONDER, null, se.getMessage(), null);
    }
    EncryptedID encryptedID = attrQuery.getSubject().getEncryptedID();
    if (encryptedID != null) {
        EncryptedAssertion encryptedAssertion = null;
        try {
            signAssertion(assertion, realm, attrAuthorityEntityID, false);
            encryptedAssertion = encryptAssertion(assertion, encryptedID, attrAuthorityEntityID, requesterEntityID, realm, attrQueryProfileAlias);
        } catch (SAML2Exception se) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("AttributeQueryUtil.processAttributeQuery:", se);
            }
            return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.RESPONDER, null, se.getMessage(), null);
        }
        assertionList.add(encryptedAssertion);
        samlResp.setEncryptedAssertion(assertionList);
    } else {
        assertionList.add(assertion);
        samlResp.setAssertion(assertionList);
    }
    samlResp.setID(SAML2Utils.generateID());
    samlResp.setInResponseTo(attrQuery.getID());
    samlResp.setVersion(SAML2Constants.VERSION_2_0);
    samlResp.setIssueInstant(new Date());
    Status status = protocolFactory.createStatus();
    StatusCode statusCode = protocolFactory.createStatusCode();
    statusCode.setValue(SAML2Constants.SUCCESS);
    status.setStatusCode(statusCode);
    samlResp.setStatus(status);
    Issuer respIssuer = AssertionFactory.getInstance().createIssuer();
    respIssuer.setValue(attrAuthorityEntityID);
    samlResp.setIssuer(respIssuer);
    signResponse(samlResp, attrAuthorityEntityID, realm, false);
    return samlResp;
}
Also used : Status(com.sun.identity.saml2.protocol.Status) Issuer(com.sun.identity.saml2.assertion.Issuer) AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement) ArrayList(java.util.ArrayList) EncryptedAssertion(com.sun.identity.saml2.assertion.EncryptedAssertion) Assertion(com.sun.identity.saml2.assertion.Assertion) EncryptedID(com.sun.identity.saml2.assertion.EncryptedID) StatusCode(com.sun.identity.saml2.protocol.StatusCode) Date(java.util.Date) AttributeAuthorityMapper(com.sun.identity.saml2.plugins.AttributeAuthorityMapper) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory) Response(com.sun.identity.saml2.protocol.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) EncryptedAssertion(com.sun.identity.saml2.assertion.EncryptedAssertion) List(java.util.List) ArrayList(java.util.ArrayList) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Aggregations

SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)2 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)2 AttributeAuthorityMapper (com.sun.identity.saml2.plugins.AttributeAuthorityMapper)2 DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)1 Assertion (com.sun.identity.saml2.assertion.Assertion)1 EncryptedAssertion (com.sun.identity.saml2.assertion.EncryptedAssertion)1 EncryptedID (com.sun.identity.saml2.assertion.EncryptedID)1 Issuer (com.sun.identity.saml2.assertion.Issuer)1 AttributeAuthorityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)1 ProtocolFactory (com.sun.identity.saml2.protocol.ProtocolFactory)1 Response (com.sun.identity.saml2.protocol.Response)1 Status (com.sun.identity.saml2.protocol.Status)1 StatusCode (com.sun.identity.saml2.protocol.StatusCode)1 ArrayList (java.util.ArrayList)1 Date (java.util.Date)1 List (java.util.List)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 SOAPException (javax.xml.soap.SOAPException)1