Example 1 with NameIDMappingRequest
use of com.sun.identity.saml2.protocol.NameIDMappingRequest in project OpenAM by OpenRock.
the class NameIDMapping method initiateNameIDMappingRequest.
/**
* Parses the request parameters and builds the NameIDMappingRequest to
* sent to remote identity provider.
*
* @param session user session.
* @param realm the realm of hosted entity
* @param spEntityID entity ID of hosted service provider
* @param idpEntityID entity ID of remote idendity provider
* @param targetSPEntityID entity ID of target entity ID of service
* provider
* @param targetNameIDFormat format of target Name ID
* @param paramsMap Map of all other parameters
*
* @return the <code>NameIDMappingResponse</code>
* @throws SAML2Exception if error initiating request to remote entity.
*
* @supported.api
*/
public static NameIDMappingResponse initiateNameIDMappingRequest(Object session, String realm, String spEntityID, String idpEntityID, String targetSPEntityID, String targetNameIDFormat, Map paramsMap) throws SAML2Exception {
if (spEntityID == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("nullSPEntityID"));
}
if (idpEntityID == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("nullIDPEntityID"));
}
String userID = null;
try {
userID = sessionProvider.getPrincipalName(session);
} catch (SessionException e) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("NameIDMapping.createNameIDMappingRequest: ", e);
}
}
if (userID == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSSOToken"));
}
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("NameIDMapping.initiateNameMappingRequest:" + " IDP EntityID is : " + idpEntityID);
SAML2Utils.debug.message("NameIDMapping.initiateNameMappingRequest:" + " SP HOST EntityID is : " + spEntityID);
SAML2Utils.debug.message("NameIDMapping.initiateNameMappingRequest:" + " target SP EntityID is : " + targetSPEntityID);
}
try {
// nameIDMappingService
String binding = SAML2Utils.getParameter(paramsMap, SAML2Constants.BINDING);
if (binding == null) {
binding = SAML2Constants.SOAP;
} else if (!binding.equals(SAML2Constants.SOAP)) {
throw new SAML2Exception(SAML2Utils.bundle.getString("nimServiceBindingUnsupport"));
}
String nimURL = SAML2Utils.getParameter(paramsMap, "nimURL");
if (nimURL == null) {
NameIDMappingServiceElement nameIDMappingService = getNameIDMappingService(realm, idpEntityID, binding);
if (nameIDMappingService != null) {
nimURL = nameIDMappingService.getLocation();
}
}
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("NameIDMapping.initiateNameMappingRequest:" + " nimURL" + nimURL);
}
if (nimURL == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("nimServiceNotFound"));
}
NameIDMappingRequest nimRequest = createNameIDMappingRequest(userID, realm, spEntityID, idpEntityID, nimURL, targetSPEntityID, targetNameIDFormat);
signNIMRequest(nimRequest, realm, spEntityID, false);
BaseConfigType config = metaManager.getIDPSSOConfig(realm, idpEntityID);
nimURL = SAML2SDKUtils.fillInBasicAuthInfo(config, nimURL);
return doNIMBySOAP(nimRequest.toXMLString(true, true), nimURL, realm, spEntityID);
} catch (SAML2MetaException sme) {
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
NameIDMappingServiceElement(com.sun.identity.saml2.jaxb.metadata.NameIDMappingServiceElement)
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
SessionException(com.sun.identity.plugin.session.SessionException)
NameIDMappingRequest(com.sun.identity.saml2.protocol.NameIDMappingRequest)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 2 with NameIDMappingRequest
use of com.sun.identity.saml2.protocol.NameIDMappingRequest in project OpenAM by OpenRock.
the class NameIDMapping method createNameIDMappingRequest.
private static NameIDMappingRequest createNameIDMappingRequest(String userID, String realm, String spEntityID, String idpEntityID, String destination, String targetSPEntityID, String targetNameIDFormat) throws SAML2Exception {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("NameIDMapping.createNameIDMappingRequest: User ID : " + userID);
}
NameIDMappingRequest nimRequest = pf.createNameIDMappingRequest();
nimRequest.setID(SAML2Utils.generateID());
nimRequest.setVersion(SAML2Constants.VERSION_2_0);
nimRequest.setDestination(XMLUtils.escapeSpecialCharacters(destination));
nimRequest.setIssuer(SAML2Utils.createIssuer(spEntityID));
nimRequest.setIssueInstant(new Date());
setNameIDForNIMRequest(nimRequest, realm, spEntityID, idpEntityID, targetSPEntityID, targetNameIDFormat, userID);
return nimRequest;
}
Also used :
NameIDMappingRequest(com.sun.identity.saml2.protocol.NameIDMappingRequest)
Date(java.util.Date)
Example 3 with NameIDMappingRequest
use of com.sun.identity.saml2.protocol.NameIDMappingRequest in project OpenAM by OpenRock.
the class NameIDMapping method signNIMRequest.
private static void signNIMRequest(NameIDMappingRequest nimRequest, String realm, String spEntityID, boolean includeCert) throws SAML2Exception {
String alias = SAML2Utils.getSigningCertAlias(realm, spEntityID, SAML2Constants.SP_ROLE);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("NameIDMapping.signNIMRequest: " + "Cert Alias is : " + alias);
SAML2Utils.debug.message("NameIDMapping.signNIMRequest: " + "NIMRequest before sign : " + nimRequest.toXMLString(true, true));
}
PrivateKey signingKey = keyProvider.getPrivateKey(alias);
X509Certificate signingCert = null;
if (includeCert) {
signingCert = keyProvider.getX509Certificate(alias);
}
if (signingKey != null) {
nimRequest.sign(signingKey, signingCert);
} else {
throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
}
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("NameIDMapping.signNIMRequest: " + "NIMRequest after sign : " + nimRequest.toXMLString(true, true));
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
PrivateKey(java.security.PrivateKey)
X509Certificate(java.security.cert.X509Certificate)
Example 4 with NameIDMappingRequest
use of com.sun.identity.saml2.protocol.NameIDMappingRequest in project OpenAM by OpenRock.
the class NameIDMapping method setNameIDForNIMRequest.
private static void setNameIDForNIMRequest(NameIDMappingRequest nimRequest, String realm, String spEntityID, String idpEntityID, String targetSPEntityID, String targetNameIDFormat, String userID) throws SAML2Exception {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("NameIDMapping.setNameIDForNIMRequest: " + "user ID = " + userID);
}
NameID nameID = AssertionFactory.getInstance().createNameID();
NameIDInfo info = AccountUtils.getAccountFederation(userID, spEntityID, idpEntityID);
nameID.setValue(info.getNameIDValue());
nameID.setFormat(info.getFormat());
nameID.setNameQualifier(idpEntityID);
nameID.setSPNameQualifier(spEntityID);
NameIDPolicy nameIDPolicy = ProtocolFactory.getInstance().createNameIDPolicy();
nameIDPolicy.setSPNameQualifier(targetSPEntityID);
nameIDPolicy.setFormat(targetNameIDFormat);
nimRequest.setNameIDPolicy(nameIDPolicy);
boolean needEncryptIt = SAML2Utils.getWantNameIDEncrypted(realm, idpEntityID, SAML2Constants.IDP_ROLE);
if (!needEncryptIt) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("NameIDMapping.setNameIDForNIMRequest: " + "NamID doesn't need to be encrypted.");
}
nimRequest.setNameID(nameID);
return;
}
EncryptedID encryptedID = getEncryptedID(nameID, realm, idpEntityID, SAML2Constants.IDP_ROLE);
nimRequest.setEncryptedID(encryptedID);
}
Also used :
NameIDInfo(com.sun.identity.saml2.common.NameIDInfo)
NameID(com.sun.identity.saml2.assertion.NameID)
NameIDPolicy(com.sun.identity.saml2.protocol.NameIDPolicy)
EncryptedID(com.sun.identity.saml2.assertion.EncryptedID)
Example 5 with NameIDMappingRequest
use of com.sun.identity.saml2.protocol.NameIDMappingRequest in project OpenAM by OpenRock.
the class NameIDMapping method processNameIDMappingRequest.
public static NameIDMappingResponse processNameIDMappingRequest(NameIDMappingRequest nimRequest, String realm, String idpEntityID) throws SAML2Exception {
NameIDMappingResponse nimResponse = null;
String spEntityID = nimRequest.getIssuer().getValue();
if (spEntityID == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("nullSPEntityID"));
}
String responseID = SAML2Utils.generateID();
if (responseID == null) {
SAML2Utils.debug.error(SAML2Utils.bundle.getString("failedToGenResponseID"));
}
nimResponse = pf.createNameIDMappingResponse();
nimResponse.setID(responseID);
nimResponse.setInResponseTo(nimRequest.getID());
nimResponse.setVersion(SAML2Constants.VERSION_2_0);
nimResponse.setIssueInstant(new Date());
nimResponse.setIssuer(SAML2Utils.createIssuer(idpEntityID));
SAML2Utils.verifyRequestIssuer(realm, idpEntityID, nimRequest.getIssuer(), nimRequest.getID());
NameIDPolicy nameIDPolicy = nimRequest.getNameIDPolicy();
String targetSPEntityID = nameIDPolicy.getSPNameQualifier();
String format = nameIDPolicy.getFormat();
Status status = null;
if ((format != null) && (format.length() != 0) && (!format.equals(SAML2Constants.PERSISTENT)) && (!format.equals(SAML2Constants.UNSPECIFIED))) {
nimResponse.setNameID(nimRequest.getNameID());
nimResponse.setEncryptedID(nimRequest.getEncryptedID());
status = SAML2Utils.generateStatus(SAML2Constants.INVALID_NAME_ID_POLICY, SAML2Utils.bundle.getString("targetNameIDFormatUnsupported"));
} else if ((targetSPEntityID == null) || (targetSPEntityID.length() == 0) || targetSPEntityID.equals(spEntityID)) {
nimResponse.setNameID(nimRequest.getNameID());
nimResponse.setEncryptedID(nimRequest.getEncryptedID());
status = SAML2Utils.generateStatus(SAML2Constants.INVALID_NAME_ID_POLICY, SAML2Utils.bundle.getString("targetNameIDNoChange"));
} else {
// check if source SP has account fed
// if yes then get nameid of targetSP
IDPAccountMapper idpAcctMapper = SAML2Utils.getIDPAccountMapper(realm, idpEntityID);
NameID nameID = getNameID(nimRequest, realm, idpEntityID);
String userID = idpAcctMapper.getIdentity(nameID, idpEntityID, spEntityID, realm);
NameIDInfo targetNameIDInfo = null;
if (userID != null) {
targetNameIDInfo = AccountUtils.getAccountFederation(userID, idpEntityID, targetSPEntityID);
}
if (targetNameIDInfo == null) {
nimResponse.setNameID(nimRequest.getNameID());
nimResponse.setEncryptedID(nimRequest.getEncryptedID());
status = SAML2Utils.generateStatus(SAML2Constants.INVALID_NAME_ID_POLICY, SAML2Utils.bundle.getString("targetNameIDNotFound"));
} else {
NameID targetSPNameID = targetNameIDInfo.getNameID();
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("NameIDMapping.processNameIDMappingRequest: " + "User ID = " + userID + ", name ID = " + targetSPNameID.toXMLString(true, true));
}
nimResponse.setEncryptedID(getEncryptedID(targetSPNameID, realm, spEntityID, SAML2Constants.SP_ROLE));
status = SAML2Utils.generateStatus(SAML2Constants.SUCCESS, null);
}
}
nimResponse.setStatus(status);
signNIMResponse(nimResponse, realm, idpEntityID, false);
return nimResponse;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Status(com.sun.identity.saml2.protocol.Status)
IDPAccountMapper(com.sun.identity.saml2.plugins.IDPAccountMapper)
NameIDInfo(com.sun.identity.saml2.common.NameIDInfo)
NameIDPolicy(com.sun.identity.saml2.protocol.NameIDPolicy)
NameID(com.sun.identity.saml2.assertion.NameID)
NameIDMappingResponse(com.sun.identity.saml2.protocol.NameIDMappingResponse)
Date(java.util.Date)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)5
NameID (com.sun.identity.saml2.assertion.NameID)3
NameIDMappingRequest (com.sun.identity.saml2.protocol.NameIDMappingRequest)3
EncryptedID (com.sun.identity.saml2.assertion.EncryptedID)2
NameIDInfo (com.sun.identity.saml2.common.NameIDInfo)2
NameIDMappingResponse (com.sun.identity.saml2.protocol.NameIDMappingResponse)2
NameIDPolicy (com.sun.identity.saml2.protocol.NameIDPolicy)2
Date (java.util.Date)2
SessionException (com.sun.identity.plugin.session.SessionException)1
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)1
IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)1
NameIDMappingServiceElement (com.sun.identity.saml2.jaxb.metadata.NameIDMappingServiceElement)1
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)1
IDPAccountMapper (com.sun.identity.saml2.plugins.IDPAccountMapper)1
Status (com.sun.identity.saml2.protocol.Status)1
OutputStream (java.io.OutputStream)1
PrivateKey (java.security.PrivateKey)1
X509Certificate (java.security.cert.X509Certificate)1
SOAPException (javax.xml.soap.SOAPException)1
SOAPMessage (javax.xml.soap.SOAPMessage)1
