use of com.sun.identity.saml2.protocol.ProtocolFactory in project OpenAM by OpenRock.
the class AttributeQueryUtil method processAttributeQuery.
/**
* Processes the <code>AttributeQuery</code> coming
* from a requester.
*
* @param attrQuery the <code>AttributeQuery</code> object
* @param request the <code>HttpServletRequest</code> object
* @param response the <code>HttpServletResponse</code> object
* @param attrAuthorityEntityID entity ID of attribute authority
* @param realm the realm of hosted entity
* @param attrQueryProfileAlias the attribute query profile alias
*
* @return the <code>Response</code> object
* @exception SAML2Exception if the operation is not successful
*/
public static Response processAttributeQuery(AttributeQuery attrQuery, HttpServletRequest request, HttpServletResponse response, String attrAuthorityEntityID, String realm, String attrQueryProfileAlias) throws SAML2Exception {
AttributeAuthorityMapper attrAuthorityMapper = getAttributeAuthorityMapper(realm, attrAuthorityEntityID, attrQueryProfileAlias);
String attrQueryProfile = AttributeQueryUtil.getAttributeQueryProfile(attrQueryProfileAlias);
try {
attrAuthorityMapper.authenticateRequester(request, response, attrQuery, attrAuthorityEntityID, realm);
} catch (SAML2Exception se) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil." + "processAttributeQuery: ", se);
}
return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.REQUESTER, null, se.getMessage(), null);
}
try {
attrAuthorityMapper.validateAttributeQuery(request, response, attrQuery, attrAuthorityEntityID, realm);
} catch (SAML2Exception se) {
SAML2Utils.debug.error("AttributeQueryUtil.processAttributeQuery:", se);
return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.REQUESTER, null, se.getMessage(), null);
}
Issuer issuer = attrQuery.getIssuer();
String requesterEntityID = issuer.getValue();
AttributeAuthorityDescriptorElement aad = null;
try {
aad = metaManager.getAttributeAuthorityDescriptor(realm, attrAuthorityEntityID);
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error("AttributeQueryUtil.processAttributeQuery:", sme);
return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.RESPONDER, null, SAML2Utils.bundle.getString("metaDataError"), null);
}
if (aad == null) {
return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.REQUESTER, null, SAML2Utils.bundle.getString("attrAuthorityNotFound"), null);
}
Object identity = null;
try {
identity = attrAuthorityMapper.getIdentity(request, response, attrQuery, attrAuthorityEntityID, realm);
} catch (SAML2Exception se) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil." + "processAttributeQuery: ", se);
}
return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.REQUESTER, SAML2Constants.UNKNOWN_PRINCIPAL, se.getMessage(), null);
}
if (identity == null) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil." + "processAttributeQuery: unable to find identity.");
}
return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.REQUESTER, SAML2Constants.UNKNOWN_PRINCIPAL, null, null);
}
// Addition to support changing of desired attributes list
List desiredAttrs = (List) request.getAttribute("AttributeQueryUtil-desiredAttrs");
if (desiredAttrs == null) {
desiredAttrs = attrQuery.getAttributes();
}
try {
desiredAttrs = verifyDesiredAttributes(aad.getAttribute(), desiredAttrs);
} catch (SAML2Exception se) {
return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.REQUESTER, SAML2Constants.INVALID_ATTR_NAME_OR_VALUE, null, null);
}
List attributes = attrAuthorityMapper.getAttributes(identity, attrQuery, attrAuthorityEntityID, realm);
if (request.getAttribute("AttributeQueryUtil-storeAllAttributes") != null) {
request.setAttribute("AttributeQueryUtil-allAttributes", attributes);
}
attributes = filterAttributes(attributes, desiredAttrs);
ProtocolFactory protocolFactory = ProtocolFactory.getInstance();
Response samlResp = protocolFactory.createResponse();
List assertionList = new ArrayList();
Assertion assertion = null;
try {
assertion = getAssertion(attrQuery, attrAuthorityEntityID, requesterEntityID, realm, attrQueryProfileAlias, attributes);
} catch (SAML2Exception se) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.processAttributeQuery:", se);
}
return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.RESPONDER, null, se.getMessage(), null);
}
EncryptedID encryptedID = attrQuery.getSubject().getEncryptedID();
if (encryptedID != null) {
EncryptedAssertion encryptedAssertion = null;
try {
signAssertion(assertion, realm, attrAuthorityEntityID, false);
encryptedAssertion = encryptAssertion(assertion, encryptedID, attrAuthorityEntityID, requesterEntityID, realm, attrQueryProfileAlias);
} catch (SAML2Exception se) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.processAttributeQuery:", se);
}
return SAML2Utils.getErrorResponse(attrQuery, SAML2Constants.RESPONDER, null, se.getMessage(), null);
}
assertionList.add(encryptedAssertion);
samlResp.setEncryptedAssertion(assertionList);
} else {
assertionList.add(assertion);
samlResp.setAssertion(assertionList);
}
samlResp.setID(SAML2Utils.generateID());
samlResp.setInResponseTo(attrQuery.getID());
samlResp.setVersion(SAML2Constants.VERSION_2_0);
samlResp.setIssueInstant(new Date());
Status status = protocolFactory.createStatus();
StatusCode statusCode = protocolFactory.createStatusCode();
statusCode.setValue(SAML2Constants.SUCCESS);
status.setStatusCode(statusCode);
samlResp.setStatus(status);
Issuer respIssuer = AssertionFactory.getInstance().createIssuer();
respIssuer.setValue(attrAuthorityEntityID);
samlResp.setIssuer(respIssuer);
signResponse(samlResp, attrAuthorityEntityID, realm, false);
return samlResp;
}
use of com.sun.identity.saml2.protocol.ProtocolFactory in project OpenAM by OpenRock.
the class AuthnQueryUtil method processAuthnQuery.
/**
* This method processes the <code>AuthnQuery</code> coming
* from a requester.
*
* @param authnQuery the <code>AuthnQuery</code> object
* @param request the <code>HttpServletRequest</code> object
* @param response the <code>HttpServletResponse</code> object
* @param authnAuthorityEntityID entity ID of authentication authority
* @param realm the realm of hosted entity
*
* @return the <code>Response</code> object
* @exception SAML2Exception if the operation is not successful
*/
public static Response processAuthnQuery(AuthnQuery authnQuery, HttpServletRequest request, HttpServletResponse response, String authnAuthorityEntityID, String realm) throws SAML2Exception {
try {
verifyAuthnQuery(authnQuery, authnAuthorityEntityID, realm);
} catch (SAML2Exception se) {
SAML2Utils.debug.error("AuthnQueryUtil.processAuthnQuery:", se);
return SAML2Utils.getErrorResponse(authnQuery, SAML2Constants.REQUESTER, null, se.getMessage(), null);
}
Issuer issuer = authnQuery.getIssuer();
String spEntityID = issuer.getValue();
AuthnAuthorityDescriptorElement aad = null;
SAML2MetaManager metaManager = SAML2Utils.getSAML2MetaManager();
try {
aad = metaManager.getAuthnAuthorityDescriptor(realm, authnAuthorityEntityID);
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error("AuthnQueryUtil.processAuthnQuery:", sme);
return SAML2Utils.getErrorResponse(authnQuery, SAML2Constants.RESPONDER, null, SAML2Utils.bundle.getString("metaDataError"), null);
}
if (aad == null) {
return SAML2Utils.getErrorResponse(authnQuery, SAML2Constants.REQUESTER, null, SAML2Utils.bundle.getString("authnAuthorityNotFound"), null);
}
NameID nameID = getNameID(authnQuery.getSubject(), realm, authnAuthorityEntityID);
if (nameID == null) {
return SAML2Utils.getErrorResponse(authnQuery, SAML2Constants.REQUESTER, SAML2Constants.UNKNOWN_PRINCIPAL, null, null);
}
IDPAccountMapper idpAcctMapper = SAML2Utils.getIDPAccountMapper(realm, authnAuthorityEntityID);
String userID = idpAcctMapper.getIdentity(nameID, authnAuthorityEntityID, spEntityID, realm);
if (userID == null) {
return SAML2Utils.getErrorResponse(authnQuery, SAML2Constants.REQUESTER, SAML2Constants.UNKNOWN_PRINCIPAL, null, null);
}
IDPAuthnContextMapper idpAuthnContextMapper = IDPSSOUtil.getIDPAuthnContextMapper(realm, authnAuthorityEntityID);
// get assertion for matching authncontext using session
List returnAssertions = new ArrayList();
String qSessionIndex = authnQuery.getSessionIndex();
RequestedAuthnContext requestedAC = authnQuery.getRequestedAuthnContext();
List assertions = null;
String cacheKey = userID.toLowerCase();
AssertionFactory assertionFactory = AssertionFactory.getInstance();
if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AuthnQueryUtil.processAuthnQuery: " + "getting user assertions from DB. user = " + cacheKey);
}
List list = null;
try {
list = SAML2FailoverUtils.retrieveSAML2TokensWithSecondaryKey(cacheKey);
} catch (SAML2TokenRepositoryException se) {
SAML2Utils.debug.error("AuthnQueryUtil.processAuthnQuery: " + "Unable to obtain user assertions from CTS Repository. user = " + cacheKey, se);
}
if (list != null && !list.isEmpty()) {
assertions = new ArrayList();
for (Iterator iter = list.iterator(); iter.hasNext(); ) {
String assertionStr = (String) iter.next();
assertions.add(assertionFactory.createAssertion(assertionStr));
}
}
} else {
assertions = (List) IDPCache.assertionCache.get(cacheKey);
}
if ((assertions != null) && (!assertions.isEmpty())) {
synchronized (assertions) {
for (Iterator aIter = assertions.iterator(); aIter.hasNext(); ) {
Assertion assertion = (Assertion) aIter.next();
if (!assertion.isTimeValid()) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AuthnQueryUtil.processAuthnQuery: " + " assertion " + assertion.getID() + " expired.");
}
continue;
}
List authnStmts = assertion.getAuthnStatements();
for (Iterator asIter = authnStmts.iterator(); asIter.hasNext(); ) {
AuthnStatement authnStmt = (AuthnStatement) asIter.next();
AuthnContext authnStmtAC = authnStmt.getAuthnContext();
String sessionIndex = authnStmt.getSessionIndex();
String authnStmtACClassRef = authnStmtAC.getAuthnContextClassRef();
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AuthnQueryUtil.processAuthnQuery: " + "authnStmtACClassRef is " + authnStmtACClassRef + ", sessionIndex = " + sessionIndex);
}
if ((qSessionIndex != null) && (qSessionIndex.length() != 0) && (!qSessionIndex.equals(sessionIndex))) {
continue;
}
if (requestedAC != null) {
List requestedACClassRefs = requestedAC.getAuthnContextClassRef();
String comparison = requestedAC.getComparison();
if (idpAuthnContextMapper.isAuthnContextMatching(requestedACClassRefs, authnStmtACClassRef, comparison, realm, authnAuthorityEntityID)) {
returnAssertions.add(assertion);
break;
}
} else {
returnAssertions.add(assertion);
break;
}
}
}
}
// end assertion iterator while.
}
ProtocolFactory protocolFactory = ProtocolFactory.getInstance();
Response samlResp = protocolFactory.createResponse();
if (!returnAssertions.isEmpty()) {
samlResp.setAssertion(returnAssertions);
}
samlResp.setID(SAML2Utils.generateID());
samlResp.setInResponseTo(authnQuery.getID());
samlResp.setVersion(SAML2Constants.VERSION_2_0);
samlResp.setIssueInstant(new Date());
Status status = protocolFactory.createStatus();
StatusCode statusCode = protocolFactory.createStatusCode();
statusCode.setValue(SAML2Constants.SUCCESS);
status.setStatusCode(statusCode);
samlResp.setStatus(status);
Issuer respIssuer = assertionFactory.createIssuer();
respIssuer.setValue(authnAuthorityEntityID);
samlResp.setIssuer(respIssuer);
signResponse(samlResp, authnAuthorityEntityID, realm, false);
return samlResp;
}
use of com.sun.identity.saml2.protocol.ProtocolFactory in project OpenAM by OpenRock.
the class AuthnRequestImpl method parseDOMElement.
/**
* Parses the Docuemnt Element for this object.
*
* @param element the Document Element of this object.
* @throws SAML2Exception if error parsing the Document Element.
*/
protected void parseDOMElement(Element element) throws SAML2Exception {
AssertionFactory assertionFactory = AssertionFactory.getInstance();
ProtocolFactory protoFactory = ProtocolFactory.getInstance();
requestId = element.getAttribute(SAML2Constants.ID);
validateID(requestId);
version = element.getAttribute(SAML2Constants.VERSION);
validateVersion(version);
String issueInstantStr = element.getAttribute(SAML2Constants.ISSUE_INSTANT);
validateIssueInstant(issueInstantStr);
destinationURI = element.getAttribute(SAML2Constants.DESTINATION);
consent = element.getAttribute(SAML2Constants.CONSENT);
NodeList nList = element.getChildNodes();
if ((nList != null) && (nList.getLength() > 0)) {
for (int i = 0; i < nList.getLength(); i++) {
Node childNode = nList.item(i);
String cName = childNode.getLocalName();
if (cName != null) {
if (cName.equals(SAML2Constants.ISSUER)) {
validateIssuer();
nameID = assertionFactory.createIssuer((Element) childNode);
} else if (cName.equals(SAML2Constants.SIGNATURE)) {
validateSignature();
signatureString = XMLUtils.print((Element) childNode);
isSigned = true;
} else if (cName.equals(SAML2Constants.EXTENSIONS)) {
validateExtensions();
extensions = protoFactory.createExtensions((Element) childNode);
} else if (cName.equals(SAML2Constants.SUBJECT)) {
validateSubject();
subject = assertionFactory.createSubject((Element) childNode);
} else if (cName.equals(SAML2Constants.NAMEIDPOLICY)) {
validateNameIDPolicy();
nameIDPolicy = protoFactory.createNameIDPolicy((Element) childNode);
} else if (cName.equals(SAML2Constants.CONDITIONS)) {
validateConditions();
conditions = assertionFactory.createConditions((Element) childNode);
} else if (cName.equals(SAML2Constants.REQ_AUTHN_CONTEXT)) {
validateReqAuthnContext();
reqAuthnContext = protoFactory.createRequestedAuthnContext((Element) childNode);
} else if (cName.equals(SAML2Constants.SCOPING)) {
validateScoping();
scoping = protoFactory.createScoping((Element) childNode);
}
}
}
}
// Get ForceAuthn Attribute
String forceAuthnAttr = element.getAttribute(SAML2Constants.FORCEAUTHN);
if ((forceAuthnAttr != null) && (forceAuthnAttr.length() > 0)) {
forceAuthn = SAML2SDKUtils.booleanValueOf(forceAuthnAttr);
}
String isPassiveAttr = element.getAttribute(SAML2Constants.ISPASSIVE);
if ((isPassiveAttr != null) && (isPassiveAttr.length() > 0)) {
isPassive = SAML2SDKUtils.booleanValueOf(isPassiveAttr);
}
protocolBinding = element.getAttribute(SAML2Constants.PROTOBINDING);
String index = element.getAttribute(SAML2Constants.ASSERTION_CONSUMER_SVC_INDEX);
if ((index != null) && (index.length() > 0)) {
assertionConsumerSvcIndex = new Integer(index);
validateAssertionConsumerServiceIndex(assertionConsumerSvcIndex);
}
assertionConsumerServiceURL = XMLUtils.unescapeSpecialCharacters(element.getAttribute(SAML2Constants.ASSERTION_CONSUMER_SVC_URL));
index = element.getAttribute(SAML2Constants.ATTR_CONSUMING_SVC_INDEX);
if ((index != null) && (index.length() > 0)) {
attrConsumingSvcIndex = new Integer(index);
validateAttributeConsumingServiceIndex(attrConsumingSvcIndex);
}
providerName = element.getAttribute(SAML2Constants.PROVIDER_NAME);
}
use of com.sun.identity.saml2.protocol.ProtocolFactory in project OpenAM by OpenRock.
the class LogoutRequestImpl method toXMLString.
/**
* Returns the <code>LogoutRequest</code> in an XML document String format
* based on the <code>LogoutRequest</code> schema described above.
*
* @param includeNSPrefix Determines whether or not the namespace qualifier
* is prepended to the Element when converted
* @param declareNS Determines whether or not the namespace is declared
* within the Element.
* @return A XML String representing the <code>LogoutRequest</code>.
* @throws SAML2Exception if some error occurs during conversion to
* <code>String</code>.
*/
public String toXMLString(boolean includeNSPrefix, boolean declareNS) throws SAML2Exception {
if (isSigned && signedXMLString != null) {
return signedXMLString;
}
validateData();
StringBuffer xmlString = new StringBuffer(1000);
xmlString.append(SAML2Constants.START_TAG);
if (includeNSPrefix) {
xmlString.append(SAML2Constants.PROTOCOL_PREFIX);
}
xmlString.append(SAML2Constants.LOGOUT_REQUEST).append(SAML2Constants.SPACE);
if (declareNS) {
xmlString.append(SAML2Constants.PROTOCOL_DECLARE_STR).append(SAML2Constants.SPACE);
}
xmlString.append(SAML2Constants.ID).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(requestId).append(SAML2Constants.QUOTE).append(SAML2Constants.SPACE).append(SAML2Constants.VERSION).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(version).append(SAML2Constants.QUOTE).append(SAML2Constants.SPACE).append(SAML2Constants.ISSUE_INSTANT).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(DateUtils.toUTCDateFormat(issueInstant)).append(SAML2Constants.QUOTE);
if ((destinationURI != null) && (destinationURI.length() > 0)) {
xmlString.append(SAML2Constants.SPACE).append(SAML2Constants.DESTINATION).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(destinationURI).append(SAML2Constants.QUOTE);
}
if ((consent != null) && (consent.length() > 0)) {
xmlString.append(SAML2Constants.SPACE).append(SAML2Constants.CONSENT).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(consent).append(SAML2Constants.QUOTE);
}
if (notOnOrAfter != null) {
xmlString.append(SAML2Constants.SPACE).append(SAML2Constants.NOTONORAFTER).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(DateUtils.toUTCDateFormat(notOnOrAfter)).append(SAML2Constants.QUOTE);
}
if ((reason != null) && (reason.length() > 0)) {
xmlString.append(SAML2Constants.SPACE).append(SAML2Constants.REASON).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(reason).append(SAML2Constants.QUOTE);
}
xmlString.append(SAML2Constants.END_TAG);
if (nameID != null) {
String issuerString = nameID.toXMLString(includeNSPrefix, declareNS);
xmlString.append(issuerString);
}
if ((signatureString != null) && (signatureString.length() > 0)) {
xmlString.append(signatureString);
}
if (extensions != null) {
xmlString.append(extensions.toXMLString(includeNSPrefix, declareNS));
}
if (baseId != null) {
xmlString.append(baseId.toXMLString(includeNSPrefix, declareNS));
}
if (nameId != null) {
xmlString.append(nameId.toXMLString(includeNSPrefix, declareNS));
}
if (encryptedId != null) {
xmlString.append(encryptedId.toXMLString(includeNSPrefix, declareNS));
}
if (sessionIndexList != null && !sessionIndexList.isEmpty()) {
Iterator sessionIterator = sessionIndexList.iterator();
while (sessionIterator.hasNext()) {
ProtocolFactory protoFactory = ProtocolFactory.getInstance();
String sessionString = (String) sessionIterator.next();
SessionIndex sIndex = protoFactory.createSessionIndex(sessionString);
xmlString.append(sIndex.toXMLString(includeNSPrefix, declareNS));
}
}
xmlString.append(SAML2Constants.SAML2_END_TAG).append(SAML2Constants.LOGOUT_REQUEST).append(SAML2Constants.END_TAG);
return xmlString.toString();
}
use of com.sun.identity.saml2.protocol.ProtocolFactory in project OpenAM by OpenRock.
the class LogoutRequestImpl method parseElement.
/**
* Parses the Docuemnt Element for this object.
*
* @param element the Document Element of this object.
* @throws SAML2Exception if error parsing the Document Element.
*/
private void parseElement(Element element) throws SAML2Exception {
AssertionFactory assertionFactory = AssertionFactory.getInstance();
ProtocolFactory protoFactory = ProtocolFactory.getInstance();
requestId = element.getAttribute(SAML2Constants.ID);
validateID(requestId);
version = element.getAttribute(SAML2Constants.VERSION);
validateVersion(version);
String issueInstantStr = element.getAttribute(SAML2Constants.ISSUE_INSTANT);
validateIssueInstant(issueInstantStr);
destinationURI = element.getAttribute(SAML2Constants.DESTINATION);
consent = element.getAttribute(SAML2Constants.CONSENT);
String notOnOrAfterStr = element.getAttribute(SAML2Constants.NOTONORAFTER);
validateNotOnOrAfterStr(notOnOrAfterStr);
reason = element.getAttribute(SAML2Constants.REASON);
String sessionIndexStr = null;
NodeList nList = element.getChildNodes();
if ((nList != null) && (nList.getLength() > 0)) {
for (int i = 0; i < nList.getLength(); i++) {
Node childNode = nList.item(i);
String cName = childNode.getLocalName();
if (cName != null) {
if (cName.equals(SAML2Constants.ISSUER)) {
nameID = assertionFactory.createIssuer((Element) childNode);
} else if (cName.equals(SAML2Constants.SIGNATURE)) {
signatureString = XMLUtils.print((Element) childNode);
isSigned = true;
} else if (cName.equals(SAML2Constants.EXTENSIONS)) {
extensions = protoFactory.createExtensions((Element) childNode);
} else if (cName.equals(SAML2Constants.BASEID)) {
baseId = assertionFactory.createBaseID((Element) childNode);
} else if (cName.equals(SAML2Constants.NAMEID)) {
nameId = assertionFactory.createNameID((Element) childNode);
} else if (cName.equals(SAML2Constants.ENCRYPTEDID)) {
encryptedId = assertionFactory.createEncryptedID((Element) childNode);
} else if (cName.equals(SAML2Constants.SESSION_INDEX)) {
if ((sessionIndexList == null) || (sessionIndexList.isEmpty())) {
sessionIndexList = new ArrayList();
}
sessionIndexStr = XMLUtils.getElementString((Element) childNode);
sessionIndexList.add(sessionIndexStr);
}
}
}
validateBaseIDorNameIDorEncryptedID();
if ((sessionIndexList != null) && (!sessionIndexList.isEmpty())) {
sessionIndexList = Collections.unmodifiableList(sessionIndexList);
}
}
}
Aggregations