use of com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper in project OpenAM by OpenRock.
the class DefaultSPAuthnContextMapper method getAuthnCtxFromSPConfig.
/* parses the AuthContext attribute to get the Class Reference and
* authlevel
*/
private static Map getAuthnCtxFromSPConfig(String realm, String hostEntityID) {
List authContextClassRefConfig = SAML2Utils.getAllAttributeValueFromSSOConfig(realm, hostEntityID, SAML2Constants.SP_ROLE, SAML2Constants.SP_AUTH_CONTEXT_CLASS_REF_ATTR);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("DefaultSPAuthnContextMapper: List:" + authContextClassRefConfig);
}
HashMap authRefMap = new LinkedHashMap();
if (authContextClassRefConfig != null && authContextClassRefConfig.size() != 0) {
Iterator i = authContextClassRefConfig.iterator();
while (i.hasNext()) {
boolean isDefault = false;
String authRefVal = (String) i.next();
if (authRefVal.endsWith("|" + DEFAULT)) {
authRefVal = authRefVal.substring(0, authRefVal.length() - DEFAULT.length());
isDefault = true;
}
StringTokenizer st = new StringTokenizer(authRefVal, "|");
String authClass = null;
try {
authClass = (String) st.nextToken();
} catch (Exception e) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AuthnContextClassRef " + "not found");
}
}
if (st.hasMoreTokens()) {
Integer authLevel = null;
try {
authLevel = new Integer(st.nextToken());
} catch (NumberFormatException nfe) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("DefaultSPAuthnContextMapper." + "getAuthnCtxFromSPConfig:", nfe);
}
}
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("DefaultSPAuthnContextMapper." + "getAuthnCtxFromSPConfig: AuthLevel is " + authLevel);
}
if (authLevel != null) {
if (isDefault && (!authRefMap.containsKey(DEFAULT))) {
authRefMap.put(DEFAULT, authLevel);
}
if (authClass != null) {
authRefMap.put(prefixIfRequired(authClass), authLevel);
}
}
}
if (isDefault && (authClass != null) && (!authRefMap.containsKey(DEFAULT_CLASS_REF))) {
authRefMap.put(DEFAULT_CLASS_REF, prefixIfRequired(authClass));
}
}
}
return Collections.unmodifiableMap(authRefMap);
}
use of com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper in project OpenAM by OpenRock.
the class DefaultSPAuthnContextMapper method getAuthRefMap.
/* returns a Map with key as the hostEntityID|realm and value the
* the SP Extended configuration attributes.
*/
private static Map getAuthRefMap(String realm, String hostEntityID) {
String key = hostEntityID + "|" + realm;
Map authRefMap = (Map) SPCache.authContextHash.get(key);
if (authRefMap == null) {
try {
authRefMap = (Map) getAuthnCtxFromSPConfig(realm, hostEntityID);
if ((authRefMap != null) && (!authRefMap.isEmpty())) {
SPCache.authContextHash.put(key, authRefMap);
}
} catch (Exception e) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("DefaultSPAuthnContextMapper." + "getAuthRefMap:", e);
}
}
}
return authRefMap;
}
use of com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper in project OpenAM by OpenRock.
the class SAML2Utils method getSPAuthnContextMapper.
/**
* Returns the Service Provider AuthnContext Mapper Object.
*
* @param authnCtxClassName Service Provider AuthnContext Mapper Class Name.
* @return SPAuthnContextMapper Object.
*/
public static SPAuthnContextMapper getSPAuthnContextMapper(String realm, String hostEntityID, String authnCtxClassName) {
SPAuthnContextMapper spAuthnCtx = (SPAuthnContextMapper) SPCache.authCtxObjHash.get(hostEntityID + "|" + realm);
if (debug.messageEnabled()) {
debug.message("AuthContext Class Name is :" + authnCtxClassName);
}
if ((spAuthnCtx == null) && ((authnCtxClassName != null) && (authnCtxClassName.length() != 0))) {
try {
spAuthnCtx = (SPAuthnContextMapper) Class.forName(authnCtxClassName).newInstance();
SPCache.authCtxObjHash.put(hostEntityID + "|" + realm, spAuthnCtx);
} catch (ClassNotFoundException ce) {
if (debug.messageEnabled()) {
debug.message("SAML2Utils: Mapper not configured" + " using Default AuthnContext Mapper");
}
} catch (InstantiationException ie) {
if (debug.messageEnabled()) {
debug.message("SAML2Utils: Instantiation ");
debug.message("SAML2Utils:Error instantiating : " + " using Default AuthnContext Mapper");
}
} catch (IllegalAccessException iae) {
if (debug.messageEnabled()) {
debug.message("SAML2Utils: illegalaccess");
debug.message("SAML2Utils:Error : " + " using Default AuthnContext Mapper");
}
} catch (Exception e) {
if (debug.messageEnabled()) {
debug.message("SAML2Utils:Error : " + " using Default AuthnContext Mapper");
}
}
}
if (spAuthnCtx == null) {
spAuthnCtx = new DefaultSPAuthnContextMapper();
SPCache.authCtxObjHash.put(hostEntityID + "|" + realm, spAuthnCtx);
}
return spAuthnCtx;
}
use of com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper in project OpenAM by OpenRock.
the class DefaultSPAuthnContextMapper method getRequestedAuthnContext.
/**
* Returns the <code>RequestedAuthnContext</code> object.
*
* The RequestedAuthContext is created based on the query parameters
* AuthnContextClassRef and AuthComparison in the request
* and authnContext attribute ,
* spAuthncontextClassrefMapping, and authComparison
* attribute, spAuthncontextComparisonType ,
* set in the Service Provider Extended Configuration.
* If the AuthnContext Class Reference cannot be determined then
* the default value
* urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTranstport
* will be used. AuthnComparsion defaults to "exact" if no value
* is specified.
*
* @param realm Realm or Organization of the Service Provider.
* @param hostEntityID Entity ID of the Service Provider.
* @param paramsMap Map containing key/value pairs of parameters.
* The key/value pairs are those accepted during SP SSO
* initiation.
* @throws SAML2Exception if an error occurs.
*/
public RequestedAuthnContext getRequestedAuthnContext(String realm, String hostEntityID, Map paramsMap) throws SAML2Exception {
// Read the AuthnContext Class Reference passed as query string
// to SP
List authContextClassRef = (List) paramsMap.get(SAML2Constants.AUTH_CONTEXT_CLASS_REF);
List authLevelList = ((List) paramsMap.get(SAML2Constants.AUTH_LEVEL));
Integer authLevel = null;
if (authLevelList != null && !authLevelList.isEmpty()) {
try {
authLevel = new Integer((String) authLevelList.iterator().next());
} catch (NumberFormatException nfe) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("not a valid integer", nfe);
}
} catch (Exception e) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("error getting " + "integer object", e);
}
}
}
if (authLevel == null) {
authLevel = getAuthLevelFromAdvice(paramsMap);
}
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("authLevel in Query:" + authLevel);
SAML2Utils.debug.message("authContextClassRef in Query:" + authContextClassRef);
}
// Retreived the cached AuthClass Ref / Auth Level Map
Map authRefMap = getAuthRefMap(realm, hostEntityID);
List authCtxList = new ArrayList();
// create a List of AuthnContext Class Reference
if (authContextClassRef != null && !authContextClassRef.isEmpty()) {
Iterator i = authContextClassRef.iterator();
while (i.hasNext()) {
String authClassRef = prefixIfRequired((String) i.next());
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("DefaultSPAuthnContextMapper: " + "authClassRef=" + authClassRef);
}
authCtxList.add(authClassRef);
}
}
if (authLevel != null) {
Set authCtxSet = authRefMap.keySet();
Iterator i = authCtxSet.iterator();
while (i.hasNext()) {
String className = (String) i.next();
if (DEFAULT.equals(className) || DEFAULT_CLASS_REF.equals(className)) {
continue;
}
Integer aLevel = (Integer) authRefMap.get(className);
if (aLevel != null && aLevel.intValue() >= authLevel.intValue()) {
authCtxList.add(className);
}
}
}
if ((authCtxList == null || authCtxList.isEmpty()) && (authRefMap != null && !authRefMap.isEmpty())) {
String defaultClassRef = (String) authRefMap.get(DEFAULT_CLASS_REF);
if (defaultClassRef != null) {
authCtxList.add(defaultClassRef);
} else {
Set authCtxSet = authRefMap.keySet();
Iterator i = authCtxSet.iterator();
while (i.hasNext()) {
String val = (String) i.next();
if (val != null && !val.equals(DEFAULT)) {
authCtxList.add(val);
}
}
}
}
// if list empty set the default
if (authCtxList.isEmpty()) {
authCtxList.add(SAML2Constants.CLASSREF_PASSWORD_PROTECTED_TRANSPORT);
}
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("SPCache.authContextHash is: " + SPCache.authContextHash);
SAML2Utils.debug.message("authCtxList is: " + authCtxList);
}
// Retrieve Auth Comparison from Query parameter
String authCtxComparison = SPSSOFederate.getParameter(paramsMap, SAML2Constants.SP_AUTHCONTEXT_COMPARISON);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AuthComparison in Query:" + authCtxComparison);
}
if ((authCtxComparison == null) || !isValidAuthComparison(authCtxComparison)) {
authCtxComparison = SAML2Utils.getAttributeValueFromSSOConfig(realm, hostEntityID, SAML2Constants.SP_ROLE, SAML2Constants.SP_AUTHCONTEXT_COMPARISON_TYPE);
if ((authCtxComparison != null) && (!isValidAuthComparison(authCtxComparison))) {
authCtxComparison = null;
}
}
RequestedAuthnContext reqCtx = ProtocolFactory.getInstance().createRequestedAuthnContext();
reqCtx.setAuthnContextClassRef(authCtxList);
reqCtx.setComparison(authCtxComparison);
return reqCtx;
}
Aggregations