Example 1 with IDPSSOConfigElement
use of com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.
the class DefaultADFSPartnerAccountMapper method getSearchParameters.
/**
* This method simply extracts the NameIDValue and constructs a search map
* according to the configuration.
* @param nameID NameIdentifier for the subject
* @param hostEntityID entity ID of the identity provider
* @param remoteEntityID entity ID of the service provider
*/
protected Map getSearchParameters(NameIdentifier nameID, String realm, String hostEntityID, String remoteEntityID) throws WSFederationException {
String classMethod = "DefaultADFSPartnerAccountMapper.getSearchParameters: ";
// Get configuration for this IdP
IDPSSOConfigElement idpConfig = null;
try {
idpConfig = WSFederationUtils.getMetaManager().getIDPSSOConfig(realm, remoteEntityID);
} catch (WSFederationMetaException wsfme) {
throw new WSFederationException(wsfme);
}
String nameIdAttribute = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.NAMEID_ATTRIBUTE);
// Search on uid by default
if (nameIdAttribute == null || nameIdAttribute.length() == 0) {
nameIdAttribute = WSFederationConstants.UID;
}
String domainAttribute = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.DOMAIN_ATTRIBUTE);
String strNameIncludesDomain = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.NAME_INCLUDES_DOMAIN);
boolean nameIncludesDomain = Boolean.valueOf(strNameIncludesDomain);
String nameValue = nameID.getName();
if (nameValue == null || nameValue.length() == 0) {
throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "nullNameID", null);
}
// Now construct the key map
Map keyMap = new HashMap();
String name = null;
if (nameID.getFormat().equals(WSFederationConstants.NAMED_CLAIM_TYPES[WSFederationConstants.NAMED_CLAIM_UPN]) && !nameIncludesDomain) {
int atSign = nameValue.indexOf('@');
if (atSign == -1) {
String[] args = { nameValue };
throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "missingAtInUpn", args);
}
name = nameValue.substring(0, atSign);
String upnDomain = nameValue.substring(atSign + 1);
if (domainAttribute != null && domainAttribute.length() > 0) {
HashSet set = new HashSet();
set.add(upnDomain);
keyMap.put(domainAttribute, set);
}
if (debug.messageEnabled()) {
debug.message(classMethod + "domain is " + upnDomain);
}
} else {
name = nameValue;
}
if (debug.messageEnabled()) {
debug.message(classMethod + "name is " + name);
}
HashSet set = new HashSet();
set.add(name);
keyMap.put(nameIdAttribute, set);
return keyMap;
}
Also used :
WSFederationException(com.sun.identity.wsfederation.common.WSFederationException)
HashMap(java.util.HashMap)
IDPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)
WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 2 with IDPSSOConfigElement
use of com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.
the class DefaultIDPAccountMapper method getNameID.
/**
* Returns the user's <code>NameID</code>information that contains
* account federation with the corresponding remote and local entities.
*
* @param session Session object.
* @param realm Realm where user resides.
* @param hostEntityID <code>EntityID</code> of the hosted provider.
* @param remoteEntityID <code>EntityID</code> of the remote provider.
* @return the <code>NameID</code> corresponding to the authenticated user.
* null if the authenticated user does not container account
* federation information.
* @exception WSFederationException if any failure.
*/
public NameIdentifier getNameID(Object session, String realm, String hostEntityID, String remoteEntityID) throws WSFederationException {
String userID = null;
try {
SessionProvider sessionProv = SessionManager.getProvider();
userID = sessionProv.getPrincipalName(session);
} catch (SessionException se) {
throw new WSFederationException(WSFederationUtils.bundle.getString("invalidSSOToken"));
}
IDPSSOConfigElement idpConfig = WSFederationUtils.getMetaManager().getIDPSSOConfig(realm, hostEntityID);
String name2 = null;
String attrName = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.NAMEID_ATTRIBUTE);
if (attrName == null || attrName.length() == 0) {
attrName = WSFederationConstants.UID;
}
try {
Set attrValues = dsProvider.getAttribute(userID, attrName);
if ((attrValues != null) && (!attrValues.isEmpty())) {
name2 = (String) attrValues.iterator().next();
} else {
String[] args = { attrName, userID };
throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "missingNameAttribute", args);
}
} catch (DataStoreProviderException dspe) {
throw new WSFederationException(dspe);
}
String nameIdFormat = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.NAMEID_FORMAT);
if (nameIdFormat == null || nameIdFormat.length() == 0) {
nameIdFormat = WSFederationConstants.NAMED_CLAIM_TYPES[WSFederationConstants.NAMED_CLAIM_UPN];
}
String strNameIncludesDomain = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.NAME_INCLUDES_DOMAIN);
boolean nameIncludesDomain = Boolean.valueOf(strNameIncludesDomain);
String name = null;
if (nameIdFormat.equals(WSFederationConstants.NAMED_CLAIM_TYPES[WSFederationConstants.NAMED_CLAIM_UPN]) && !nameIncludesDomain) {
// Need to get a domain from somewhere and append it to name2
// Try user profile first
String domainAttribute = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.DOMAIN_ATTRIBUTE);
String upnDomain = null;
if (domainAttribute != null && domainAttribute.length() > 0) {
Set attrValues;
try {
attrValues = dsProvider.getAttribute(userID, domainAttribute);
} catch (DataStoreProviderException dspe) {
throw new WSFederationException(dspe);
}
if ((attrValues != null) && (!attrValues.isEmpty())) {
upnDomain = (String) attrValues.iterator().next();
}
}
if (upnDomain == null || upnDomain.length() == 0) {
// Nothing on the user profile - get from config
upnDomain = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.UPN_DOMAIN);
}
if (upnDomain == null || upnDomain.length() == 0) {
// OK - now we have a problem
throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "noDomainConfigured", null);
}
name = name2 + "@" + upnDomain;
} else {
name = name2;
}
try {
return new NameIdentifier(name, null, nameIdFormat);
} catch (SAMLException se) {
throw new WSFederationException(se);
}
}
Also used :
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
Set(java.util.Set)
WSFederationException(com.sun.identity.wsfederation.common.WSFederationException)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
SessionException(com.sun.identity.plugin.session.SessionException)
IDPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)
SAMLException(com.sun.identity.saml.common.SAMLException)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 3 with IDPSSOConfigElement
use of com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.
the class DefaultIDPAuthenticationMethodMapper method getIDPAuthnContextInfo.
/**
*
* Returns an <code>IDPAuthenticationTypeInfo</code> object.
*
* @param authenticationType the <code>AuthenticationType</code> from the
* Service Provider
* @param idpEntityID the Entity ID of the Identity Provider
* @param realm the realm to which the Identity Provider belongs
* @return an <code>IDPAuthenticationTypeInfo</code> object
* @throws WSFederationException if an error occurs.
*/
public IDPAuthenticationTypeInfo getIDPAuthnContextInfo(String authenticationType, String idpEntityID, String realm) throws WSFederationException {
String classMethod = "DefaultIDPAuthnContextMapper.getIDPAuthnContextInfo: ";
Map attrs = null;
Set authTypeAndValues = null;
IDPAuthenticationTypeInfo info = null;
List requestedClassRefs = null;
String requestedClassRef = null;
List classRefs = null;
String classRef = null;
try {
IDPSSOConfigElement config = WSFederationUtils.getMetaManager().getIDPSSOConfig(realm, idpEntityID);
attrs = WSFederationMetaUtils.getAttributes(config);
} catch (WSFederationMetaException sme) {
debug.error(classMethod + "get IDPSSOConfig failed:", sme);
throw new WSFederationException(sme);
}
List values = (List) attrs.get(SAML2Constants.IDP_AUTHNCONTEXT_CLASSREF_MAPPING);
if ((values != null) && (values.size() != 0)) {
if (authenticationType != null) {
for (int i = 0; i < values.size(); i++) {
String value = ((String) values.get(i)).trim();
if (debug.messageEnabled()) {
debug.message(classMethod + "configured mapping=" + value);
}
StringTokenizer st = new StringTokenizer(value, "|");
if (st.hasMoreTokens()) {
// the first element is an AuthnContextClassRef
classRef = ((String) st.nextToken()).trim();
if (classRef.equals(authenticationType)) {
authTypeAndValues = new HashSet();
while (st.hasMoreTokens()) {
String authTypeAndValue = ((String) st.nextToken()).trim();
if (authTypeAndValue.length() != 0) {
authTypeAndValues.add(authTypeAndValue);
}
}
break;
}
}
}
}
if (authTypeAndValues == null) {
// no matching authnContextClassRef found in config, or
// no valid requested authn class ref, use the first
// one in the config
String value = ((String) values.get(0)).trim();
StringTokenizer st = new StringTokenizer(value, "|");
if (st.hasMoreTokens()) {
// the first element is an AuthnContextClassRef
classRef = ((String) st.nextToken()).trim();
authTypeAndValues = new HashSet();
while (st.hasMoreTokens()) {
String authTypeAndValue = ((String) st.nextToken()).trim();
if (authTypeAndValue.length() != 0) {
authTypeAndValues.add(authTypeAndValue);
}
}
}
}
info = new IDPAuthenticationTypeInfo(authenticationType, authTypeAndValues);
if (debug.messageEnabled()) {
debug.message(classMethod + "requested AuthnContextClassRef=" + requestedClassRef + "\nreturned AuthnContextClassRef=" + classRef + "\nauthTypeAndValues=" + authTypeAndValues);
}
}
return info;
}
Also used :
StringTokenizer(java.util.StringTokenizer)
HashSet(java.util.HashSet)
Set(java.util.Set)
WSFederationException(com.sun.identity.wsfederation.common.WSFederationException)
List(java.util.List)
IDPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)
WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 4 with IDPSSOConfigElement
use of com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.
the class IDPSSOUtil method getAuthenticationServiceURL.
/**
* Returns the authentication service <code>URL</code> of the
* identity provider
*
* @param realm the realm name of the identity provider
* @param hostEntityId the entity id of the identity provider
* @param request the <code>HttpServletRequest</code> object
*
* @return the authentication service <code>URL</code> of the
* identity provider
*/
public static String getAuthenticationServiceURL(String realm, String hostEntityId, HttpServletRequest request) {
String classMethod = "IDPSSOUtil.getAuthenticationServiceURL: ";
// Try to get authUrl from system configuration
String authUrl = SystemConfigurationUtil.getProperty(IFSConstants.IDP_LOGIN_URL);
if ((authUrl == null) || (authUrl.trim().length() == 0)) {
// try to get it from IDP config
try {
IDPSSOConfigElement config = WSFederationUtils.getMetaManager().getIDPSSOConfig(realm, hostEntityId);
authUrl = WSFederationMetaUtils.getAttribute(config, SAML2Constants.AUTH_URL);
} catch (WSFederationMetaException sme) {
if (debug.messageEnabled()) {
debug.message(classMethod + "get IDPSSOConfig failed:", sme);
}
}
if (authUrl == null) {
// It's not in IDP config
// need to get it from the request
String uri = request.getRequestURI();
String deploymentURI = uri;
int firstSlashIndex = uri.indexOf("/");
int secondSlashIndex = uri.indexOf("/", firstSlashIndex + 1);
if (secondSlashIndex != -1) {
deploymentURI = uri.substring(0, secondSlashIndex);
}
StringBuffer sb = new StringBuffer(100);
sb.append(request.getScheme()).append("://").append(request.getServerName()).append(":").append(request.getServerPort()).append(deploymentURI).append("/UI/Login?realm=").append(realm);
authUrl = sb.toString();
}
}
if (debug.messageEnabled()) {
debug.message(classMethod + "auth url=:" + authUrl);
}
return authUrl;
}
Also used :
IDPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)
WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException)
Example 5 with IDPSSOConfigElement
use of com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.
the class WSFederationMetaSecurityUtils method updateProviderKeyInfo.
/**
* Updates signing or encryption key info for SP or IDP.
* This will update both signing/encryption alias on extended metadata and
* certificates in standard metadata.
* @param realm Realm the entity resides.
* @param entityID ID of the entity to be updated.
* @param certAlias Alias of the certificate to be set to the entity. If
* null, will remove existing key information from the SP or IDP.
* @param isIDP true if this is for IDP signing/encryption alias, false
* if this is for SP signing/encryption alias
* @throws WSFederationMetaException if failed to update the certificate
* alias for the entity.
*/
public static void updateProviderKeyInfo(String realm, String entityID, String certAlias, boolean isIDP) throws WSFederationMetaException {
WSFederationMetaManager metaManager = new WSFederationMetaManager();
FederationConfigElement config = metaManager.getEntityConfig(realm, entityID);
if (!config.isHosted()) {
String[] args = { entityID, realm };
throw new WSFederationMetaException("entityNotHosted", args);
}
FederationElement desp = metaManager.getEntityDescriptor(realm, entityID);
if (isIDP) {
IDPSSOConfigElement idpConfig = metaManager.getIDPSSOConfig(realm, entityID);
if ((idpConfig == null) || (desp == null)) {
String[] args = { entityID, realm };
throw new WSFederationMetaException("entityNotIDP", args);
}
// update standard metadata
if ((certAlias == null) || (certAlias.length() == 0)) {
// remove key info
removeKeyDescriptor(desp);
setExtendedAttributeValue(idpConfig, SAML2Constants.SIGNING_CERT_ALIAS, null);
} else {
TokenSigningKeyInfoElement kde = getKeyDescriptor(certAlias);
updateKeyDescriptor(desp, kde);
// update extended metadata
Set value = new HashSet();
value.add(certAlias);
setExtendedAttributeValue(idpConfig, SAML2Constants.SIGNING_CERT_ALIAS, value);
}
} else {
SPSSOConfigElement spConfig = metaManager.getSPSSOConfig(realm, entityID);
if ((spConfig == null) || (desp == null)) {
String[] args = { entityID, realm };
throw new WSFederationMetaException("entityNotSP", args);
}
// update standard metadata
if ((certAlias == null) || (certAlias.length() == 0)) {
// remove key info
removeKeyDescriptor(desp);
setExtendedAttributeValue(spConfig, SAML2Constants.SIGNING_CERT_ALIAS, null);
} else {
TokenSigningKeyInfoElement kde = getKeyDescriptor(certAlias);
updateKeyDescriptor(desp, kde);
// update extended metadata
Set value = new HashSet();
value.add(certAlias);
setExtendedAttributeValue(spConfig, SAML2Constants.SIGNING_CERT_ALIAS, value);
}
}
metaManager.setFederation(realm, desp);
metaManager.setEntityConfig(realm, config);
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
TokenSigningKeyInfoElement(com.sun.identity.wsfederation.jaxb.wsfederation.TokenSigningKeyInfoElement)
SPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement)
FederationConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.FederationConfigElement)
IDPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)
FederationElement(com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement)
HashSet(java.util.HashSet)
Aggregations
IDPSSOConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)17
SPSSOConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement)7
Set (java.util.Set)6
WSFederationMetaException (com.sun.identity.wsfederation.meta.WSFederationMetaException)5
HashSet (java.util.HashSet)5
List (java.util.List)5
Map (java.util.Map)5
WSFederationException (com.sun.identity.wsfederation.common.WSFederationException)4
WSFederationMetaManager (com.sun.identity.wsfederation.meta.WSFederationMetaManager)4
ConfigurationException (com.sun.identity.plugin.configuration.ConfigurationException)3
SessionException (com.sun.identity.plugin.session.SessionException)3
FederationConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.FederationConfigElement)3
ArrayList (java.util.ArrayList)3
Iterator (java.util.Iterator)3
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)2
NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)2
BaseConfigType (com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType)2
HashMap (java.util.HashMap)2
JAXBException (javax.xml.bind.JAXBException)2
CircleOfTrustManager (com.sun.identity.cot.CircleOfTrustManager)1
