Example 6 with ServiceConfig
use of com.sun.identity.sm.ServiceConfig in project OpenAM by OpenRock.
the class AuthIdHelper method getSigningKey.
/**
* Retrieves the secret key to use to sign and verify the JWT.
*
* @param orgName The organisation name for the realm being authenticated against.
* @return The signing key.
*/
private SecretKey getSigningKey(String orgName) throws RestAuthException {
SSOToken token = coreServicesWrapper.getAdminToken();
try {
ServiceConfigManager scm = coreServicesWrapper.getServiceConfigManager(AUTH_SERVICE_NAME, token);
ServiceConfig orgConfig = scm.getOrganizationConfig(orgName, null);
byte[] key = Base64.decode(CollectionHelper.getMapAttr(orgConfig.getAttributes(), SHARED_SECRET_ATTR));
return new SecretKeySpec(key, "RAW");
} catch (SMSException | SSOException | NullPointerException e) {
throw new RestAuthException(ResourceException.INTERNAL_ERROR, e);
}
}
Also used :
RestAuthException(org.forgerock.openam.core.rest.authn.exceptions.RestAuthException)
SSOToken(com.iplanet.sso.SSOToken)
ServiceConfig(com.sun.identity.sm.ServiceConfig)
SMSException(com.sun.identity.sm.SMSException)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
SSOException(com.iplanet.sso.SSOException)
ServiceConfigManager(com.sun.identity.sm.ServiceConfigManager)
Example 7 with ServiceConfig
use of com.sun.identity.sm.ServiceConfig in project OpenAM by OpenRock.
the class ConfiguredSocialAuthServices method filterConfigs.
@Override
protected Set<String> filterConfigs(Set<String> namedConfigs, ServiceConfig parentConfig, String realm, SSOToken adminToken) {
AMAuthenticationManager authMgr;
try {
authMgr = new AMAuthenticationManager(adminToken, realm);
} catch (AMConfigurationException e) {
debug.warning("Could not load authentication manager for realm: " + realm, e);
return Collections.EMPTY_SET;
}
Set<String> configs = new TreeSet<String>();
for (String config : namedConfigs) {
try {
ServiceConfig authConfig = parentConfig.getSubConfig(config);
Set<String> chainConfig = (Set<String>) authConfig.getAttributes().get(AMAuthConfigUtils.ATTR_NAME);
AppConfigurationEntry[] chain = AMAuthConfigUtils.parseValues(chainConfig.iterator().next());
for (int i = 0; i < chain.length; i++) {
if (getType(authMgr, chain[i]).equals(OAUTH2_TYPE)) {
// There's an OAuth2 module in the chain, so this could be a social authn chain
configs.add(config);
}
}
} catch (SMSException e) {
if (debug.messageEnabled()) {
debug.message("Not using auth chain as couldn't get config: " + config, e);
}
} catch (SSOException e) {
if (debug.warningEnabled()) {
debug.warning("Invalid SSO Token when trying to get config for " + config, e);
}
}
}
return configs;
}
Also used :
AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry)
Set(java.util.Set)
TreeSet(java.util.TreeSet)
ServiceConfig(com.sun.identity.sm.ServiceConfig)
SMSException(com.sun.identity.sm.SMSException)
TreeSet(java.util.TreeSet)
AMConfigurationException(com.sun.identity.authentication.config.AMConfigurationException)
SSOException(com.iplanet.sso.SSOException)
AMAuthenticationManager(com.sun.identity.authentication.config.AMAuthenticationManager)
Example 8 with ServiceConfig
use of com.sun.identity.sm.ServiceConfig in project OpenAM by OpenRock.
the class DirectoryServicesImpl method isExternalGetAttributesEnabled.
/**
* Method to check if the CallBack plugins are enabled for reading external
* attributes.
*/
protected static boolean isExternalGetAttributesEnabled(String orgDN) {
// Obtain the ServiceConfig
Set attrVal;
SSOToken token = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
try {
// Get the org config
ServiceConfig sc = AMServiceUtils.getOrgConfig(token, orgDN, ADMINISTRATION_SERVICE);
if (sc != null) {
Map attributes = sc.getAttributes();
attrVal = (Set) attributes.get(EXTERNAL_ATTRIBUTES_FETCH_ENABLED_ATTR);
} else {
attrVal = getDefaultGlobalConfig(token, EXTERNAL_ATTRIBUTES_FETCH_ENABLED_ATTR);
}
} catch (Exception ee) {
attrVal = getDefaultGlobalConfig(token, EXTERNAL_ATTRIBUTES_FETCH_ENABLED_ATTR);
}
boolean enabled = false;
if (attrVal != null && !attrVal.isEmpty()) {
String val = (String) attrVal.iterator().next();
enabled = (val.equalsIgnoreCase("true"));
}
if (debug.messageEnabled()) {
debug.message("DirectoryServicesImpl." + "isExternalGetAttributeEnabled() = " + enabled);
}
return enabled;
}
Also used :
Set(java.util.Set)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
TreeSet(java.util.TreeSet)
HashSet(java.util.HashSet)
AttrSet(com.iplanet.services.ldap.AttrSet)
SSOToken(com.iplanet.sso.SSOToken)
ServiceConfig(com.sun.identity.sm.ServiceConfig)
Map(java.util.Map)
AMHashMap(com.iplanet.am.sdk.AMHashMap)
HashMap(java.util.HashMap)
TreeMap(java.util.TreeMap)
EntryAlreadyExistsException(com.iplanet.ums.EntryAlreadyExistsException)
UMSException(com.iplanet.ums.UMSException)
AMEventManagerException(com.iplanet.am.sdk.AMEventManagerException)
AMEntryExistsException(com.iplanet.am.sdk.AMEntryExistsException)
SizeLimitExceededException(com.iplanet.ums.SizeLimitExceededException)
AMInvalidDNException(com.iplanet.am.sdk.AMInvalidDNException)
TimeLimitExceededException(com.iplanet.ums.TimeLimitExceededException)
SSOException(com.iplanet.sso.SSOException)
AccessRightsException(com.iplanet.ums.AccessRightsException)
LdapException(org.forgerock.opendj.ldap.LdapException)
InvalidSearchFilterException(com.iplanet.ums.InvalidSearchFilterException)
SMSException(com.sun.identity.sm.SMSException)
AMException(com.iplanet.am.sdk.AMException)
AMPreCallBackException(com.iplanet.am.sdk.AMPreCallBackException)
EntryNotFoundException(com.iplanet.ums.EntryNotFoundException)
COSNotFoundException(com.iplanet.ums.cos.COSNotFoundException)
Example 9 with ServiceConfig
use of com.sun.identity.sm.ServiceConfig in project OpenAM by OpenRock.
the class AMAuthenticationManager method createAuthenticationInstance.
/**
* Creates an <code>AMAuthenticationInstance</code> instance with the
* specified parameters.
*
* @param name Name of the authentication module instance.
* @param type Type of the authentication module instance.
* @param attributes A Map of parameters for this module instance.
* @return <code>AMAuthenticationInstance</code> object is newly created.
* @throws AMConfigurationException if error occurred during the
* authentication creation.
*/
public AMAuthenticationInstance createAuthenticationInstance(String name, String type, Map attributes) throws AMConfigurationException {
if (name.indexOf(' ') != -1) {
throw new AMConfigurationException(BUNDLE_NAME, "invalidAuthenticationInstanceName", null);
}
Set moduleTypes = getAuthenticationTypes();
if (!moduleTypes.contains(type)) {
throw new AMConfigurationException(BUNDLE_NAME, "wrongType", new Object[] { type });
}
AMAuthenticationInstance instance = getAuthenticationInstance(name);
if (instance != null) {
if (instance.getServiceConfig() != null) {
throw new AMConfigurationException(BUNDLE_NAME, "authInstanceExist", new Object[] { name });
} else {
throw new AMConfigurationException(BUNDLE_NAME, "authInstanceIsGlobal", new Object[] { name });
}
}
String serviceName = getServiceName(type);
ServiceSchema schema = null;
try {
ServiceSchemaManager ssm = new ServiceSchemaManager(serviceName, token);
schema = ssm.getSchema(SchemaType.GLOBAL);
} catch (SSOException e) {
if (DEBUG.warningEnabled()) {
DEBUG.warning("Token doesn't have access to service: " + token + " -> " + serviceName);
}
} catch (SMSException e) {
// normal exception for service without global configuration.
// no need to log anything.
}
try {
OrganizationConfigManager ocm = new OrganizationConfigManager(token, realm);
// Check if service is assigned
if (!ocm.getAssignedServices().contains(serviceName)) {
ocm.assignService(serviceName, null);
}
ServiceConfig orgConfig = ocm.getServiceConfig(serviceName);
if (orgConfig == null) {
orgConfig = ocm.addServiceConfig(serviceName, null);
}
ServiceConfig subConfig = orgConfig;
if (!name.equals(type)) {
orgConfig.addSubConfig(name, ISAuthConstants.SERVER_SUBSCHEMA, 0, attributes);
subConfig = orgConfig.getSubConfig(name);
} else {
// if the module instance name equals to its type, set the
// the attributes in its organization config, not sub config.
subConfig.setAttributes(attributes);
}
//AMAuthLevelManager listeners are in place, so let's reinitialize to be on the safe side.
if (!SystemProperties.isServerMode()) {
buildModuleInstanceForService(realm, serviceName);
}
return new AMAuthenticationInstance(name, type, subConfig, schema);
} catch (Exception e) {
throw new AMConfigurationException(e);
}
}
Also used :
ServiceSchema(com.sun.identity.sm.ServiceSchema)
HashSet(java.util.HashSet)
Set(java.util.Set)
SMSException(com.sun.identity.sm.SMSException)
ServiceConfig(com.sun.identity.sm.ServiceConfig)
OrganizationConfigManager(com.sun.identity.sm.OrganizationConfigManager)
SSOException(com.iplanet.sso.SSOException)
ServiceSchemaManager(com.sun.identity.sm.ServiceSchemaManager)
SMSException(com.sun.identity.sm.SMSException)
SSOException(com.iplanet.sso.SSOException)
Example 10 with ServiceConfig
use of com.sun.identity.sm.ServiceConfig in project OpenAM by OpenRock.
the class GetSubConfiguration method printGlobalSubConfig.
private void printGlobalSubConfig(String serviceName, String subConfigName) throws CLIException {
SSOToken adminSSOToken = getAdminSSOToken();
IOutput outputWriter = getOutputWriter();
String[] params = { subConfigName, serviceName };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_GET_SUB_CONFIGURATION", params);
try {
ServiceConfigManager scm = new ServiceConfigManager(serviceName, adminSSOToken);
ServiceConfig sc = scm.getGlobalConfig(null);
printSubConfig(sc, subConfigName);
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_GET_SUB_CONFIGURATION", params);
outputWriter.printlnMessage(MessageFormat.format(getResourceString("get-sub-configuration-succeed"), (Object[]) params));
} catch (SSOException e) {
String[] args = { subConfigName, serviceName, e.getMessage() };
debugError("GetSubConfiguration.printGlobalSubConfig", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_GET_SUB_CONFIGURATION", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SMSException e) {
String[] args = { subConfigName, serviceName, e.getMessage() };
debugError("GetSubConfiguration.printGlobalSubConfig", e);
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_GET_SUB_CONFIGURATION", args);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
ServiceConfig(com.sun.identity.sm.ServiceConfig)
SMSException(com.sun.identity.sm.SMSException)
IOutput(com.sun.identity.cli.IOutput)
CLIException(com.sun.identity.cli.CLIException)
SSOException(com.iplanet.sso.SSOException)
ServiceConfigManager(com.sun.identity.sm.ServiceConfigManager)
Aggregations
ServiceConfig (com.sun.identity.sm.ServiceConfig)285
SMSException (com.sun.identity.sm.SMSException)180
Set (java.util.Set)144
SSOException (com.iplanet.sso.SSOException)143
ServiceConfigManager (com.sun.identity.sm.ServiceConfigManager)124
HashSet (java.util.HashSet)119
Map (java.util.Map)101
HashMap (java.util.HashMap)96
SSOToken (com.iplanet.sso.SSOToken)52
Iterator (java.util.Iterator)41
IdRepoException (com.sun.identity.idm.IdRepoException)27
UpgradeException (org.forgerock.openam.upgrade.UpgradeException)22
EntitlementException (com.sun.identity.entitlement.EntitlementException)19
LinkedHashSet (java.util.LinkedHashSet)18
OrganizationConfigManager (com.sun.identity.sm.OrganizationConfigManager)17
CLIException (com.sun.identity.cli.CLIException)16
CaseInsensitiveHashSet (com.sun.identity.common.CaseInsensitiveHashSet)16
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)13
ServiceNotFoundException (com.sun.identity.sm.ServiceNotFoundException)13
ServiceSchema (com.sun.identity.sm.ServiceSchema)12
