Examples with AttributeQuery com.sun.identity.saml2.protocol.AttributeQuery used on opensource projects

Search in sources :

Example 6 with AttributeQuery

use of com.sun.identity.saml2.protocol.AttributeQuery in project OpenAM by OpenRock.

the class AttributeQueryUtil method sendAttributeQuerySOAP.

private static Response sendAttributeQuerySOAP(AttributeQuery attrQuery, String attributeServiceURL, String attrAuthorityEntityID, AttributeAuthorityDescriptorElement aad) throws SAML2Exception {
    String attrQueryXMLString = attrQuery.toXMLString(true, true);
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message("AttributeQueryUtil.sendAttributeQuerySOAP: " + "attrQueryXMLString = " + attrQueryXMLString);
        SAML2Utils.debug.message("AttributeQueryUtil.sendAttributeQuerySOAP: " + "attributeServiceURL = " + attributeServiceURL);
    }
    SOAPMessage resMsg = null;
    try {
        resMsg = SOAPCommunicator.getInstance().sendSOAPMessage(attrQueryXMLString, attributeServiceURL, true);
    } catch (SOAPException se) {
        SAML2Utils.debug.error("AttributeQueryUtil.sendAttributeQuerySOAP: ", se);
        throw new SAML2Exception(SAML2Utils.bundle.getString("errorSendingAttributeQuery"));
    }
    Element respElem = SOAPCommunicator.getInstance().getSamlpElement(resMsg, "Response");
    Response response = ProtocolFactory.getInstance().createResponse(respElem);
    Status status = response.getStatus();
    if (!SAML2Constants.SUCCESS.equals(status.getStatusCode().getValue())) {
        String message = status.getStatusMessage() == null ? "" : status.getStatusMessage();
        String detail = status.getStatusDetail() == null ? "" : status.getStatusDetail().toXMLString();
        SAML2Utils.debug.error("AttributeQueryUtil.sendAttributeQuerySOAP: " + "Non-Success status " + status.getStatusCode().getValue() + ", message: " + message + ", detail: " + detail);
        Object[] args = { status.getStatusCode().getValue(), message, detail };
        throw new SAML2Exception(SAML2Utils.BUNDLE_NAME, "failureStatusAttributeQuery", args);
    }
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message("AttributeQueryUtil.sendAttributeQuerySOAP: " + "response = " + response.toXMLString(true, true));
    }
    verifyResponse(response, attrQuery, attrAuthorityEntityID, aad);
    return response;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Response(com.sun.identity.saml2.protocol.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) Status(com.sun.identity.saml2.protocol.Status) SOAPException(javax.xml.soap.SOAPException) AttributeServiceElement(com.sun.identity.saml2.jaxb.metadata.AttributeServiceElement) AttributeValueElement(com.sun.identity.saml2.jaxb.assertion.AttributeValueElement) AttributeElement(com.sun.identity.saml2.jaxb.assertion.AttributeElement) IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement) AttributeAuthorityConfigElement(com.sun.identity.saml2.jaxb.entityconfig.AttributeAuthorityConfigElement) AttributeQueryDescriptorElement(com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement) AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement) Element(org.w3c.dom.Element) AttributeQueryConfigElement(com.sun.identity.saml2.jaxb.entityconfig.AttributeQueryConfigElement) SOAPMessage(javax.xml.soap.SOAPMessage)

Example 7 with AttributeQuery

use of com.sun.identity.saml2.protocol.AttributeQuery in project OpenAM by OpenRock.

the class AttributeServiceSOAP method doGetPost.

private void doGetPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    // handle DOS attack
    SAMLUtils.checkHTTPContentLength(req);
    AttributeQuery attrQuery = null;
    try {
        SOAPMessage msg = SOAPCommunicator.getInstance().getSOAPMessage(req);
        Element elem = SOAPCommunicator.getInstance().getSamlpElement(msg, SAML2Constants.ATTRIBUTE_QUERY);
        attrQuery = ProtocolFactory.getInstance().createAttributeQuery(elem);
    } catch (Exception ex) {
        SAML2Utils.debug.error("AttributeServiceSOAP.doGetPost:", ex);
        SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "failedToCreateAttributeQuery", ex.getMessage());
        return;
    }
    String pathInfo = req.getPathInfo();
    if (pathInfo == null) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("AttributeServiceSOAP.doGetPost: " + "pathInfo is null.");
        }
        SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "nullPathInfo", SAML2Utils.bundle.getString("nullPathInfo"));
        return;
    }
    String attrQueryProfileAlias = null;
    int index = pathInfo.indexOf(SAML2MetaManager.NAME_META_ALIAS_IN_URI);
    if (index > 2) {
        attrQueryProfileAlias = pathInfo.substring(1, index - 1);
    }
    String attrAuthorityMetaAlias = SAML2MetaUtils.getMetaAliasByUri(req.getRequestURI());
    String attrAuthorityEntityID = null;
    String realm = null;
    try {
        attrAuthorityEntityID = SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(attrAuthorityMetaAlias);
        realm = SAML2MetaUtils.getRealmByMetaAlias(attrAuthorityMetaAlias);
    } catch (SAML2Exception sme) {
        SAML2Utils.debug.error("AttributeServiceSOAP.doGetPost", sme);
        SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "invalidMetaAlias", sme.getMessage());
        return;
    }
    SOAPMessage replymsg = null;
    try {
        Response samlResp = AttributeQueryUtil.processAttributeQuery(attrQuery, req, resp, attrAuthorityEntityID, realm, attrQueryProfileAlias);
        replymsg = SOAPCommunicator.getInstance().createSOAPMessage(samlResp.toXMLString(true, true), false);
    } catch (Throwable t) {
        SAML2Utils.debug.error("AttributeServiceSOAP.doGetPost: " + "Unable to create SOAP message:", t);
        replymsg = SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "unableToCreateSOAPMessage", null);
    }
    try {
        if (replymsg.saveRequired()) {
            replymsg.saveChanges();
        }
        resp.setStatus(HttpServletResponse.SC_OK);
        SAML2Utils.putHeaders(replymsg.getMimeHeaders(), resp);
        OutputStream os = resp.getOutputStream();
        replymsg.writeTo(os);
        os.flush();
    } catch (SOAPException soap) {
        SAML2Utils.debug.error("AttributeServiceSOAP.doGetPost", soap);
        SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "soapError", soap.getMessage());
        return;
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(com.sun.identity.saml2.protocol.Response) AttributeQuery(com.sun.identity.saml2.protocol.AttributeQuery) Element(org.w3c.dom.Element) OutputStream(java.io.OutputStream) SOAPException(javax.xml.soap.SOAPException) SOAPMessage(javax.xml.soap.SOAPMessage) ServletException(javax.servlet.ServletException) SOAPException(javax.xml.soap.SOAPException) IOException(java.io.IOException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)

Example 8 with AttributeQuery

use of com.sun.identity.saml2.protocol.AttributeQuery in project OpenAM by OpenRock.

the class AttributeQueryUtil method getAssertion.

private static Assertion getAssertion(AttributeQuery attrQuery, String attrAuthorityEntityID, String requesterEntityID, String realm, String attrQueryProfileAlias, List attributes) throws SAML2Exception {
    AssertionFactory assertionFactory = AssertionFactory.getInstance();
    Assertion assertion = assertionFactory.createAssertion();
    assertion.setID(SAML2Utils.generateID());
    assertion.setVersion(SAML2Constants.VERSION_2_0);
    assertion.setIssueInstant(new Date());
    Issuer issuer = assertionFactory.createIssuer();
    issuer.setValue(attrAuthorityEntityID);
    assertion.setIssuer(issuer);
    Subject subjectQ = attrQuery.getSubject();
    Subject subject = assertionFactory.createSubject();
    subject.setEncryptedID(subjectQ.getEncryptedID());
    subject.setNameID(subjectQ.getNameID());
    subject.setBaseID(subjectQ.getBaseID());
    subject.setSubjectConfirmation(subjectQ.getSubjectConfirmation());
    assertion.setSubject(subject);
    if ((attributes != null) && (!attributes.isEmpty())) {
        AttributeStatement attrStatement = assertionFactory.createAttributeStatement();
        attrStatement.setAttribute(attributes);
        List attrStatementList = new ArrayList();
        attrStatementList.add(attrStatement);
        assertion.setAttributeStatements(attrStatementList);
    }
    int effectiveTime = IDPSSOUtil.getEffectiveTime(realm, attrAuthorityEntityID);
    int notBeforeSkewTime = IDPSSOUtil.getNotBeforeSkewTime(realm, attrAuthorityEntityID);
    Conditions conditions = IDPSSOUtil.getConditions(requesterEntityID, notBeforeSkewTime, effectiveTime);
    assertion.setConditions(conditions);
    return assertion;
}
Also used : AssertionFactory(com.sun.identity.saml2.assertion.AssertionFactory) Issuer(com.sun.identity.saml2.assertion.Issuer) AttributeStatement(com.sun.identity.saml2.assertion.AttributeStatement) EncryptedAssertion(com.sun.identity.saml2.assertion.EncryptedAssertion) Assertion(com.sun.identity.saml2.assertion.Assertion) ArrayList(java.util.ArrayList) List(java.util.List) ArrayList(java.util.ArrayList) Date(java.util.Date) Subject(com.sun.identity.saml2.assertion.Subject) Conditions(com.sun.identity.saml2.assertion.Conditions)

Example 9 with AttributeQuery

use of com.sun.identity.saml2.protocol.AttributeQuery in project OpenAM by OpenRock.

the class AttributeQueryUtil method validateEntityRequester.

public static void validateEntityRequester(AttributeQuery attrQuery, String attrAuthorityEntityID, String realm) throws SAML2Exception {
    Issuer issuer = attrQuery.getIssuer();
    String format = issuer.getFormat();
    if ((format == null) || (format.length() == 0) || (format.equals(SAML2Constants.UNSPECIFIED)) || (format.equals(SAML2Constants.ENTITY))) {
        String requestedEntityID = issuer.getValue();
        if (!SAML2Utils.isSourceSiteValid(issuer, realm, attrAuthorityEntityID)) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("attrQueryIssuerInvalid"));
        }
    } else {
        throw new SAML2Exception(SAML2Utils.bundle.getString("attrQueryIssuerInvalid"));
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Issuer(com.sun.identity.saml2.assertion.Issuer)

Example 10 with AttributeQuery

use of com.sun.identity.saml2.protocol.AttributeQuery in project OpenAM by OpenRock.

the class AttributeQueryUtil method verifyDesiredAttributes.

private static List<Attribute> verifyDesiredAttributes(List<AttributeElement> supportedAttrs, List<Attribute> desiredAttrs) throws SAML2Exception {
    if (supportedAttrs == null || supportedAttrs.isEmpty()) {
        return desiredAttrs;
    }
    if (desiredAttrs == null || desiredAttrs.isEmpty()) {
        return convertAttributes(supportedAttrs);
    }
    for (Attribute desiredAttr : desiredAttrs) {
        boolean isAttrValid = false;
        Iterator<AttributeElement> supportedAttrIterator = supportedAttrs.iterator();
        while (supportedAttrIterator.hasNext()) {
            AttributeElement supportedAttr = supportedAttrIterator.next();
            if (isSameAttribute(desiredAttr, supportedAttr)) {
                if (isValueValid(desiredAttr, supportedAttr)) {
                    isAttrValid = true;
                    //By removing the attribute from the supported list we make sure that an AttributeQuery can
                    //not request the same Attribute more than once, see SAML core 3.3.2.3.
                    supportedAttrIterator.remove();
                    break;
                } else {
                    throw new SAML2Exception("Attribute value not supported");
                }
            }
        }
        if (!isAttrValid) {
            throw new SAML2Exception("Attribute name not supported");
        }
    }
    return desiredAttrs;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Attribute(com.sun.identity.saml2.assertion.Attribute) AttributeElement(com.sun.identity.saml2.jaxb.assertion.AttributeElement)

Aggregations

SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)12 Issuer (com.sun.identity.saml2.assertion.Issuer)5 AttributeAuthorityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)5 ArrayList (java.util.ArrayList)5 List (java.util.List)5 Attribute (com.sun.identity.saml2.assertion.Attribute)4 EncryptedID (com.sun.identity.saml2.assertion.EncryptedID)4 Subject (com.sun.identity.saml2.assertion.Subject)4 Response (com.sun.identity.saml2.protocol.Response)4 HashMap (java.util.HashMap)4 HashSet (java.util.HashSet)4 Set (java.util.Set)4 HttpServletResponse (javax.servlet.http.HttpServletResponse)4 DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)3 Assertion (com.sun.identity.saml2.assertion.Assertion)3 EncryptedAssertion (com.sun.identity.saml2.assertion.EncryptedAssertion)3 NameID (com.sun.identity.saml2.assertion.NameID)3 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)3 AttributeQuery (com.sun.identity.saml2.protocol.AttributeQuery)3 X509Certificate (java.security.cert.X509Certificate)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial