Search in sources :

Example 1 with RequestedAuthnContext

use of com.sun.identity.saml2.protocol.RequestedAuthnContext in project OpenAM by OpenRock.

the class DefaultIDPAuthnContextMapper method getIDPAuthnContextInfo.

/** 
    * Returns an <code>IDPAuthnContextInfo</code> object.
    *
    * @param authnRequest the <code>AuthnRequest</code> from the 
    * Service Provider
    * @param idpEntityID the Entity ID of the Identity Provider    
    * @param realm the realm to which the Identity Provider belongs
    * 
    * @return an <code>IDPAuthnContextInfo</code> object
    * @throws SAML2Exception if an error occurs.
    */
public IDPAuthnContextInfo getIDPAuthnContextInfo(AuthnRequest authnRequest, String idpEntityID, String realm) throws SAML2Exception {
    String classMethod = "DefaultIDPAuthnContextMapper.getIDPAuthnContextInfo: ";
    // Get the ClassRef to AuthnType and Value Map
    Map classRefSchemesMap = null;
    if (IDPCache.classRefSchemesHash != null) {
        classRefSchemesMap = (Map) IDPCache.classRefSchemesHash.get(idpEntityID + "|" + realm);
    }
    // Get the ClassRef to AuthN Level Map
    Map classRefLevelMap = null;
    if (IDPCache.classRefLevelHash != null) {
        classRefLevelMap = (Map) IDPCache.classRefLevelHash.get(idpEntityID + "|" + realm);
    }
    // If one of the Maps above was empty populate them
    if (classRefSchemesMap == null || classRefSchemesMap.isEmpty() || classRefLevelMap == null || classRefLevelMap.isEmpty()) {
        updateAuthnContextMapping(realm, idpEntityID);
        classRefSchemesMap = (Map) IDPCache.classRefSchemesHash.get(idpEntityID + "|" + realm);
        if (classRefSchemesMap == null) {
            classRefSchemesMap = new LinkedHashMap();
        }
        classRefLevelMap = (Map) IDPCache.classRefLevelHash.get(idpEntityID + "|" + realm);
        if (classRefLevelMap == null) {
            classRefLevelMap = new LinkedHashMap();
        }
    }
    // Look now for the Authn Class Ref that fulfills the request
    String classRef = null;
    Set authTypeAndValues = null;
    Integer authnLevel = null;
    RequestedAuthnContext requestedAuthnContext = null;
    if (authnRequest != null) {
        requestedAuthnContext = authnRequest.getRequestedAuthnContext();
    }
    if (requestedAuthnContext != null) {
        List requestedClassRefs = requestedAuthnContext.getAuthnContextClassRef();
        String comparison = requestedAuthnContext.getComparison();
        for (Iterator iter1 = requestedClassRefs.iterator(); iter1.hasNext(); ) {
            List singleClassRef = new ArrayList();
            singleClassRef.add((String) iter1.next());
            for (Iterator iter = classRefSchemesMap.keySet().iterator(); iter.hasNext(); ) {
                String tmpClassRef = (String) iter.next();
                if (isAuthnContextMatching(singleClassRef, tmpClassRef, comparison, realm, idpEntityID)) {
                    authTypeAndValues = (Set) classRefSchemesMap.get(tmpClassRef);
                    classRef = tmpClassRef;
                    authnLevel = (Integer) classRefLevelMap.get(tmpClassRef);
                    break;
                }
            }
            if (classRef != null) {
                break;
            }
        }
        if (classRef == null) {
            return null;
        }
    } else {
        authTypeAndValues = (Set) classRefSchemesMap.get(DEFAULT);
        classRef = (String) IDPCache.defaultClassRefHash.get(idpEntityID + "|" + realm);
        authnLevel = (Integer) classRefLevelMap.get(classRef);
        if (classRef == null) {
            classRef = SAML2Constants.CLASSREF_PASSWORD_PROTECTED_TRANSPORT;
        }
    }
    AuthnContext authnContext = AssertionFactory.getInstance().createAuthnContext();
    authnContext.setAuthnContextClassRef(classRef);
    IDPAuthnContextInfo info = new IDPAuthnContextInfo(authnContext, authTypeAndValues, authnLevel);
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message(classMethod + "\nreturned AuthnContextClassRef=" + classRef + "\nauthTypeAndValues=" + authTypeAndValues + "\nauthnLevel=" + authnLevel);
    }
    return info;
}
Also used : RequestedAuthnContext(com.sun.identity.saml2.protocol.RequestedAuthnContext) Set(java.util.Set) HashSet(java.util.HashSet) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) Map(java.util.Map) LinkedHashMap(java.util.LinkedHashMap) AuthnContext(com.sun.identity.saml2.assertion.AuthnContext) RequestedAuthnContext(com.sun.identity.saml2.protocol.RequestedAuthnContext)

Example 2 with RequestedAuthnContext

use of com.sun.identity.saml2.protocol.RequestedAuthnContext in project OpenAM by OpenRock.

the class SPSSOFederate method createReqAuthnContext.

/* Creates RequestedAuthnContext Object */
private static RequestedAuthnContext createReqAuthnContext(String realmName, String spEntityID, Map paramsMap, Map spConfigMap) {
    RequestedAuthnContext reqCtx = null;
    String className = null;
    if ((spConfigMap != null) && (!spConfigMap.isEmpty())) {
        List listVal = (List) spConfigMap.get(SAML2Constants.SP_AUTHCONTEXT_MAPPER);
        if (listVal != null && listVal.size() != 0) {
            className = ((String) listVal.iterator().next()).trim();
        }
    }
    SPAuthnContextMapper spAuthnContextMapper = SAML2Utils.getSPAuthnContextMapper(realmName, spEntityID, className);
    try {
        reqCtx = spAuthnContextMapper.getRequestedAuthnContext(realmName, spEntityID, paramsMap);
    } catch (SAML2Exception e) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPSSOFederate:Error creating " + "RequestedAuthnContext", e);
        }
    }
    return reqCtx;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) RequestedAuthnContext(com.sun.identity.saml2.protocol.RequestedAuthnContext) List(java.util.List) IDPList(com.sun.identity.saml2.protocol.IDPList) ArrayList(java.util.ArrayList) SPAuthnContextMapper(com.sun.identity.saml2.plugins.SPAuthnContextMapper)

Example 3 with RequestedAuthnContext

use of com.sun.identity.saml2.protocol.RequestedAuthnContext in project OpenAM by OpenRock.

the class SAML2IDPProxyFRImpl method storeSessionParamsAndCache.

private void storeSessionParamsAndCache(HttpServletRequest request, String idpListSt, AuthnRequest authnRequest, String hostProviderID, String realm, String requestID) {
    String methodName = "storeSessionParamsAndCache";
    HttpSession hts = request.getSession();
    hts.setAttribute(SESSION_ATTR_NAME_IDP_LIST, idpListSt);
    debugMessage(methodName, " Setting " + SESSION_ATTR_NAME_IDP_LIST + " = " + idpListSt);
    hts.setAttribute(SESSION_ATTR_NAME_RELAYSTATE, buildReturnURL(requestID, request));
    debugMessage(methodName, " Setting " + SESSION_ATTR_NAME_RELAYSTATE);
    hts.setAttribute(SESSION_ATTR_NAME_SPREQUESTER, authnRequest.getIssuer().getValue().toString());
    debugMessage(methodName, " Setting " + SESSION_ATTR_NAME_SPREQUESTER);
    RequestedAuthnContext requestedAuthnContext = authnRequest.getRequestedAuthnContext();
    hts.setAttribute(SESSION_ATTR_NAME_REQAUTHNCONTEXT, requestedAuthnContext == null ? null : requestedAuthnContext.getAuthnContextClassRef());
    debugMessage(methodName, " Setting " + SESSION_ATTR_NAME_REQAUTHNCONTEXT);
    // Save the important param in the reqParamHash so we can
    // locate them when we return to the IDPSSOFederate.
    Map paramsMap = new HashMap();
    paramsMap.put("authnReq", authnRequest);
    paramsMap.put("spSSODescriptor", spSSODescriptor);
    paramsMap.put("idpEntityID", hostProviderID);
    paramsMap.put("realm", realm);
    paramsMap.put("relayState", relayState);
    paramsMap.put("binding", binding);
    SPCache.reqParamHash.put(requestID, paramsMap);
}
Also used : RequestedAuthnContext(com.sun.identity.saml2.protocol.RequestedAuthnContext) HashMap(java.util.HashMap) HttpSession(javax.servlet.http.HttpSession) HashMap(java.util.HashMap) Map(java.util.Map)

Example 4 with RequestedAuthnContext

use of com.sun.identity.saml2.protocol.RequestedAuthnContext in project OpenAM by OpenRock.

the class AuthnQueryImpl method parseDOMChileElements.

/** 
     * Parses child elements of the Docuemnt Element for this object.
     * 
     * @param iter the child elements iterator.
     * @throws SAML2Exception if error parsing the Document Element.
     */
protected void parseDOMChileElements(ListIterator iter) throws SAML2Exception {
    super.parseDOMChileElements(iter);
    ProtocolFactory pFactory = ProtocolFactory.getInstance();
    if (iter.hasNext()) {
        Element childElement = (Element) iter.next();
        String localName = childElement.getLocalName();
        if (SAML2Constants.REQ_AUTHN_CONTEXT.equals(localName)) {
            requestedAuthnContext = pFactory.createRequestedAuthnContext(childElement);
        } else {
            iter.previous();
        }
    }
}
Also used : ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory) Element(org.w3c.dom.Element)

Example 5 with RequestedAuthnContext

use of com.sun.identity.saml2.protocol.RequestedAuthnContext in project OpenAM by OpenRock.

the class SAML2Utils method fillMap.

private static Map fillMap(final List authnStmts, final Subject subject, final Assertion assertion, final List assertions, final AuthnRequestInfo reqInfo, final String inRespToResp, final String orgName, final String hostEntityId, final String idpEntityId, final SPSSOConfigElement spConfig, final Date notOnOrAfterTime) throws SAML2Exception {
    // use the first AuthnStmt
    AuthnStatement authnStmt = (AuthnStatement) authnStmts.get(0);
    int authLevel = -1;
    String mapperClass = getAttributeValueFromSPSSOConfig(spConfig, SAML2Constants.SP_AUTHCONTEXT_MAPPER);
    SPAuthnContextMapper mapper = getSPAuthnContextMapper(orgName, hostEntityId, mapperClass);
    RequestedAuthnContext reqContext = null;
    AuthnRequest authnRequest = null;
    if (reqInfo != null) {
        reqContext = (reqInfo.getAuthnRequest()).getRequestedAuthnContext();
        authnRequest = reqInfo.getAuthnRequest();
    }
    authLevel = mapper.getAuthLevel(reqContext, authnStmt.getAuthnContext(), orgName, hostEntityId, idpEntityId);
    String sessionIndex = authnStmt.getSessionIndex();
    Date sessionNotOnOrAfter = authnStmt.getSessionNotOnOrAfter();
    Map smap = new HashMap();
    smap.put(SAML2Constants.SUBJECT, subject);
    smap.put(SAML2Constants.POST_ASSERTION, assertion);
    smap.put(SAML2Constants.ASSERTIONS, assertions);
    if (authnRequest != null) {
        smap.put(SAML2Constants.AUTHN_REQUEST, authnRequest);
    }
    String[] data = { assertion.getID(), "", "" };
    if (LogUtil.isAccessLoggable(Level.FINE)) {
        data[1] = subject.toXMLString();
    }
    if (sessionIndex != null && sessionIndex.length() != 0) {
        data[2] = sessionIndex;
        smap.put(SAML2Constants.SESSION_INDEX, sessionIndex);
    }
    if (authLevel >= 0) {
        smap.put(SAML2Constants.AUTH_LEVEL, new Integer(authLevel));
    }
    // SessionNotOnOrAfter
    if (sessionNotOnOrAfter != null) {
        long maxSessionTime = (sessionNotOnOrAfter.getTime() - System.currentTimeMillis()) / 60000;
        if (maxSessionTime > 0) {
            smap.put(SAML2Constants.MAX_SESSION_TIME, new Long(maxSessionTime));
        }
    }
    if (inRespToResp != null && inRespToResp.length() != 0) {
        smap.put(SAML2Constants.IN_RESPONSE_TO, inRespToResp);
    }
    if (debug.messageEnabled()) {
        debug.message("SAML2Utils.fillMap: Found valid authentication " + "assertion.");
    }
    if (notOnOrAfterTime != null) {
        smap.put(SAML2Constants.NOTONORAFTER, new Long(notOnOrAfterTime.getTime()));
    }
    LogUtil.access(Level.INFO, LogUtil.FOUND_AUTHN_ASSERTION, data, null);
    return smap;
}
Also used : HashMap(java.util.HashMap) Date(java.util.Date) RequestedAuthnContext(com.sun.identity.saml2.protocol.RequestedAuthnContext) AuthnRequest(com.sun.identity.saml2.protocol.AuthnRequest) AuthnStatement(com.sun.identity.saml2.assertion.AuthnStatement) SPAuthnContextMapper(com.sun.identity.saml2.plugins.SPAuthnContextMapper) DefaultSPAuthnContextMapper(com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper) Map(java.util.Map) HashMap(java.util.HashMap)

Aggregations

RequestedAuthnContext (com.sun.identity.saml2.protocol.RequestedAuthnContext)7 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)5 ArrayList (java.util.ArrayList)5 HashMap (java.util.HashMap)5 List (java.util.List)5 Map (java.util.Map)5 Iterator (java.util.Iterator)4 LinkedHashMap (java.util.LinkedHashMap)3 Set (java.util.Set)3 AuthnContext (com.sun.identity.saml2.assertion.AuthnContext)2 AuthnStatement (com.sun.identity.saml2.assertion.AuthnStatement)2 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)2 SPAuthnContextMapper (com.sun.identity.saml2.plugins.SPAuthnContextMapper)2 ProtocolFactory (com.sun.identity.saml2.protocol.ProtocolFactory)2 Date (java.util.Date)2 HashSet (java.util.HashSet)2 COTException (com.sun.identity.cot.COTException)1 Assertion (com.sun.identity.saml2.assertion.Assertion)1 AssertionFactory (com.sun.identity.saml2.assertion.AssertionFactory)1 EncryptedAssertion (com.sun.identity.saml2.assertion.EncryptedAssertion)1