Search in sources :

Example 1 with DefaultSPAuthnContextMapper

use of com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper in project OpenAM by OpenRock.

the class DefaultSPAuthnContextMapper method getAuthnCtxFromSPConfig.

/* parses the AuthContext attribute to get the Class Reference and
     * authlevel 
     */
private static Map getAuthnCtxFromSPConfig(String realm, String hostEntityID) {
    List authContextClassRefConfig = SAML2Utils.getAllAttributeValueFromSSOConfig(realm, hostEntityID, SAML2Constants.SP_ROLE, SAML2Constants.SP_AUTH_CONTEXT_CLASS_REF_ATTR);
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message("DefaultSPAuthnContextMapper: List:" + authContextClassRefConfig);
    }
    HashMap authRefMap = new LinkedHashMap();
    if (authContextClassRefConfig != null && authContextClassRefConfig.size() != 0) {
        Iterator i = authContextClassRefConfig.iterator();
        while (i.hasNext()) {
            boolean isDefault = false;
            String authRefVal = (String) i.next();
            if (authRefVal.endsWith("|" + DEFAULT)) {
                authRefVal = authRefVal.substring(0, authRefVal.length() - DEFAULT.length());
                isDefault = true;
            }
            StringTokenizer st = new StringTokenizer(authRefVal, "|");
            String authClass = null;
            try {
                authClass = (String) st.nextToken();
            } catch (Exception e) {
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("AuthnContextClassRef " + "not found");
                }
            }
            if (st.hasMoreTokens()) {
                Integer authLevel = null;
                try {
                    authLevel = new Integer(st.nextToken());
                } catch (NumberFormatException nfe) {
                    if (SAML2Utils.debug.messageEnabled()) {
                        SAML2Utils.debug.message("DefaultSPAuthnContextMapper." + "getAuthnCtxFromSPConfig:", nfe);
                    }
                }
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("DefaultSPAuthnContextMapper." + "getAuthnCtxFromSPConfig: AuthLevel is " + authLevel);
                }
                if (authLevel != null) {
                    if (isDefault && (!authRefMap.containsKey(DEFAULT))) {
                        authRefMap.put(DEFAULT, authLevel);
                    }
                    if (authClass != null) {
                        authRefMap.put(prefixIfRequired(authClass), authLevel);
                    }
                }
            }
            if (isDefault && (authClass != null) && (!authRefMap.containsKey(DEFAULT_CLASS_REF))) {
                authRefMap.put(DEFAULT_CLASS_REF, prefixIfRequired(authClass));
            }
        }
    }
    return Collections.unmodifiableMap(authRefMap);
}
Also used : StringTokenizer(java.util.StringTokenizer) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) List(java.util.List) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) LinkedHashMap(java.util.LinkedHashMap)

Example 2 with DefaultSPAuthnContextMapper

use of com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper in project OpenAM by OpenRock.

the class DefaultSPAuthnContextMapper method getAuthRefMap.

/* returns a Map with key as the hostEntityID|realm and value the
     * the SP Extended configuration attributes.
     */
private static Map getAuthRefMap(String realm, String hostEntityID) {
    String key = hostEntityID + "|" + realm;
    Map authRefMap = (Map) SPCache.authContextHash.get(key);
    if (authRefMap == null) {
        try {
            authRefMap = (Map) getAuthnCtxFromSPConfig(realm, hostEntityID);
            if ((authRefMap != null) && (!authRefMap.isEmpty())) {
                SPCache.authContextHash.put(key, authRefMap);
            }
        } catch (Exception e) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("DefaultSPAuthnContextMapper." + "getAuthRefMap:", e);
            }
        }
    }
    return authRefMap;
}
Also used : HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)

Example 3 with DefaultSPAuthnContextMapper

use of com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper in project OpenAM by OpenRock.

the class SAML2Utils method getSPAuthnContextMapper.

/**
     * Returns the Service Provider AuthnContext Mapper Object.
     *
     * @param authnCtxClassName Service Provider AuthnContext Mapper Class Name.
     * @return SPAuthnContextMapper Object.
     */
public static SPAuthnContextMapper getSPAuthnContextMapper(String realm, String hostEntityID, String authnCtxClassName) {
    SPAuthnContextMapper spAuthnCtx = (SPAuthnContextMapper) SPCache.authCtxObjHash.get(hostEntityID + "|" + realm);
    if (debug.messageEnabled()) {
        debug.message("AuthContext Class Name is :" + authnCtxClassName);
    }
    if ((spAuthnCtx == null) && ((authnCtxClassName != null) && (authnCtxClassName.length() != 0))) {
        try {
            spAuthnCtx = (SPAuthnContextMapper) Class.forName(authnCtxClassName).newInstance();
            SPCache.authCtxObjHash.put(hostEntityID + "|" + realm, spAuthnCtx);
        } catch (ClassNotFoundException ce) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils: Mapper not configured" + " using Default AuthnContext Mapper");
            }
        } catch (InstantiationException ie) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils: Instantiation ");
                debug.message("SAML2Utils:Error instantiating : " + " using Default AuthnContext Mapper");
            }
        } catch (IllegalAccessException iae) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils: illegalaccess");
                debug.message("SAML2Utils:Error : " + " using Default AuthnContext Mapper");
            }
        } catch (Exception e) {
            if (debug.messageEnabled()) {
                debug.message("SAML2Utils:Error : " + " using Default AuthnContext Mapper");
            }
        }
    }
    if (spAuthnCtx == null) {
        spAuthnCtx = new DefaultSPAuthnContextMapper();
        SPCache.authCtxObjHash.put(hostEntityID + "|" + realm, spAuthnCtx);
    }
    return spAuthnCtx;
}
Also used : DefaultSPAuthnContextMapper(com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper) SPAuthnContextMapper(com.sun.identity.saml2.plugins.SPAuthnContextMapper) DefaultSPAuthnContextMapper(com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper) SystemConfigurationException(com.sun.identity.common.SystemConfigurationException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) IOException(java.io.IOException) ServletException(javax.servlet.ServletException) SessionException(com.sun.identity.plugin.session.SessionException) DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) COTException(com.sun.identity.cot.COTException) SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)

Example 4 with DefaultSPAuthnContextMapper

use of com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper in project OpenAM by OpenRock.

the class DefaultSPAuthnContextMapper method getRequestedAuthnContext.

/**
     * Returns the <code>RequestedAuthnContext</code> object.
     *
     * The RequestedAuthContext is created based on the query parameters
     * AuthnContextClassRef and AuthComparison  in the request
     * and authnContext attribute ,
     * spAuthncontextClassrefMapping, and  authComparison
     * attribute, spAuthncontextComparisonType ,  
     * set in the Service Provider Extended Configuration.
     * If the AuthnContext Class Reference cannot be determined then
     * the default value
     * urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTranstport
     * will be used. AuthnComparsion defaults to "exact" if no value
     * is specified.
     *
     * @param realm  Realm or Organization of the Service Provider.
     * @param hostEntityID Entity ID of the Service Provider.
     * @param paramsMap Map containing key/value pairs of parameters.
     *        The key/value pairs are those accepted during SP SSO
     *        initiation.
     * @throws SAML2Exception if an error occurs.
     */
public RequestedAuthnContext getRequestedAuthnContext(String realm, String hostEntityID, Map paramsMap) throws SAML2Exception {
    // Read the AuthnContext Class Reference passed as query string
    // to SP 
    List authContextClassRef = (List) paramsMap.get(SAML2Constants.AUTH_CONTEXT_CLASS_REF);
    List authLevelList = ((List) paramsMap.get(SAML2Constants.AUTH_LEVEL));
    Integer authLevel = null;
    if (authLevelList != null && !authLevelList.isEmpty()) {
        try {
            authLevel = new Integer((String) authLevelList.iterator().next());
        } catch (NumberFormatException nfe) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("not a valid integer", nfe);
            }
        } catch (Exception e) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("error getting " + "integer object", e);
            }
        }
    }
    if (authLevel == null) {
        authLevel = getAuthLevelFromAdvice(paramsMap);
    }
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message("authLevel in Query:" + authLevel);
        SAML2Utils.debug.message("authContextClassRef in Query:" + authContextClassRef);
    }
    // Retreived the cached AuthClass Ref / Auth Level Map
    Map authRefMap = getAuthRefMap(realm, hostEntityID);
    List authCtxList = new ArrayList();
    // create a List of AuthnContext Class Reference
    if (authContextClassRef != null && !authContextClassRef.isEmpty()) {
        Iterator i = authContextClassRef.iterator();
        while (i.hasNext()) {
            String authClassRef = prefixIfRequired((String) i.next());
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("DefaultSPAuthnContextMapper: " + "authClassRef=" + authClassRef);
            }
            authCtxList.add(authClassRef);
        }
    }
    if (authLevel != null) {
        Set authCtxSet = authRefMap.keySet();
        Iterator i = authCtxSet.iterator();
        while (i.hasNext()) {
            String className = (String) i.next();
            if (DEFAULT.equals(className) || DEFAULT_CLASS_REF.equals(className)) {
                continue;
            }
            Integer aLevel = (Integer) authRefMap.get(className);
            if (aLevel != null && aLevel.intValue() >= authLevel.intValue()) {
                authCtxList.add(className);
            }
        }
    }
    if ((authCtxList == null || authCtxList.isEmpty()) && (authRefMap != null && !authRefMap.isEmpty())) {
        String defaultClassRef = (String) authRefMap.get(DEFAULT_CLASS_REF);
        if (defaultClassRef != null) {
            authCtxList.add(defaultClassRef);
        } else {
            Set authCtxSet = authRefMap.keySet();
            Iterator i = authCtxSet.iterator();
            while (i.hasNext()) {
                String val = (String) i.next();
                if (val != null && !val.equals(DEFAULT)) {
                    authCtxList.add(val);
                }
            }
        }
    }
    // if list empty set the default
    if (authCtxList.isEmpty()) {
        authCtxList.add(SAML2Constants.CLASSREF_PASSWORD_PROTECTED_TRANSPORT);
    }
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message("SPCache.authContextHash is: " + SPCache.authContextHash);
        SAML2Utils.debug.message("authCtxList is: " + authCtxList);
    }
    // Retrieve Auth Comparison from Query parameter
    String authCtxComparison = SPSSOFederate.getParameter(paramsMap, SAML2Constants.SP_AUTHCONTEXT_COMPARISON);
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message("AuthComparison in Query:" + authCtxComparison);
    }
    if ((authCtxComparison == null) || !isValidAuthComparison(authCtxComparison)) {
        authCtxComparison = SAML2Utils.getAttributeValueFromSSOConfig(realm, hostEntityID, SAML2Constants.SP_ROLE, SAML2Constants.SP_AUTHCONTEXT_COMPARISON_TYPE);
        if ((authCtxComparison != null) && (!isValidAuthComparison(authCtxComparison))) {
            authCtxComparison = null;
        }
    }
    RequestedAuthnContext reqCtx = ProtocolFactory.getInstance().createRequestedAuthnContext();
    reqCtx.setAuthnContextClassRef(authCtxList);
    reqCtx.setComparison(authCtxComparison);
    return reqCtx;
}
Also used : RequestedAuthnContext(com.sun.identity.saml2.protocol.RequestedAuthnContext) Set(java.util.Set) ArrayList(java.util.ArrayList) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) List(java.util.List) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)

Aggregations

SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)3 HashMap (java.util.HashMap)3 LinkedHashMap (java.util.LinkedHashMap)3 ArrayList (java.util.ArrayList)2 Iterator (java.util.Iterator)2 List (java.util.List)2 Map (java.util.Map)2 SystemConfigurationException (com.sun.identity.common.SystemConfigurationException)1 COTException (com.sun.identity.cot.COTException)1 DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)1 SessionException (com.sun.identity.plugin.session.SessionException)1 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)1 DefaultSPAuthnContextMapper (com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper)1 SPAuthnContextMapper (com.sun.identity.saml2.plugins.SPAuthnContextMapper)1 RequestedAuthnContext (com.sun.identity.saml2.protocol.RequestedAuthnContext)1 IOException (java.io.IOException)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 Set (java.util.Set)1 StringTokenizer (java.util.StringTokenizer)1