Search in sources :

Example 11 with IDPSSOConfigElement

use of com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.

the class WSFedPropertiesModelImpl method getidpsso.

/**
     * Retrieves the IDPSSOConfigElement .
     *
     * @param fed is the FederationConfigElement.
     * @return the corresponding IDPSSOConfigType Object.
     */
private IDPSSOConfigElement getidpsso(FederationConfigElement fed) {
    List listFed = fed.getIDPSSOConfigOrSPSSOConfig();
    IDPSSOConfigElement idpsso = null;
    Iterator i = listFed.iterator();
    //IDPSSOConfigElement ?????
    while (i.hasNext()) {
        BaseConfigType bc = (BaseConfigType) i.next();
        if (bc instanceof IDPSSOConfigElement) {
            idpsso = (IDPSSOConfigElement) bc;
            break;
        }
    }
    return idpsso;
}
Also used : BaseConfigType(com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType) Iterator(java.util.Iterator) List(java.util.List) IDPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)

Example 12 with IDPSSOConfigElement

use of com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.

the class IPSigninRequest method sendResponse.

/**
     * Sends <code>RequestSecurityTokenResponse</code> containing an 
     * <code>Assertion</code> back to the requesting service provider
     */
private void sendResponse(Object session, String idpEntityId, String spEntityId, String idpMetaAlias, String realm) throws WSFederationException, IOException {
    String classMethod = "IDPSSOFederate.sendResponse: ";
    /*    
        String nameIDFormat = null;
        NameIDPolicy policy = authnReq.getNameIDPolicy();
        if (policy != null) {
            nameIDFormat = policy.getFormat();
        }
 */
    String acsURL = IDPSSOUtil.getACSurl(spEntityId, realm, wreply);
    if ((acsURL == null) || (acsURL.trim().length() == 0)) {
        debug.error(classMethod + "no ACS URL found.");
        String[] data = { realm, spEntityId, wreply };
        LogUtil.error(Level.INFO, LogUtil.NO_ACS_URL, data, null);
        throw new WSFederationException(WSFederationUtils.bundle.getString("unableTofindACSURL"));
    }
    WSFederationMetaManager metaManager = WSFederationUtils.getMetaManager();
    IDPSSOConfigElement idpConfig = metaManager.getIDPSSOConfig(realm, idpEntityId);
    if (idpConfig == null) {
        debug.error(classMethod + "cannot find configuration for IdP " + idpEntityId);
        throw new WSFederationException(WSFederationUtils.bundle.getString("unableToFindIDPConfiguration"));
    }
    SPSSOConfigElement spConfig = metaManager.getSPSSOConfig(realm, spEntityId);
    if (spConfig == null) {
        debug.error(classMethod + "cannot find configuration for SP " + spEntityId);
        throw new WSFederationException(WSFederationUtils.bundle.getString("unableToFindSPConfiguration"));
    }
    String authMethod = null;
    String authSSOInstant = null;
    String userid = null;
    try {
        authMethod = WSFederationUtils.sessionProvider.getProperty(session, SessionProvider.AUTH_METHOD)[0];
        authSSOInstant = WSFederationUtils.sessionProvider.getProperty(session, SessionProvider.AUTH_INSTANT)[0];
        userid = WSFederationUtils.sessionProvider.getProperty(session, "UserId")[// ISAuthConstants.USER_ID
        0];
    } catch (SessionException se) {
        throw new WSFederationException(se);
    }
    IDPAttributeMapper attrMapper = getIDPAttributeMapper(WSFederationMetaUtils.getAttributes(idpConfig));
    IDPAccountMapper accountMapper = getIDPAccountMapper(WSFederationMetaUtils.getAttributes(idpConfig));
    List attributes = attrMapper.getAttributes(session, idpEntityId, spEntityId, realm);
    Date authInstant = null;
    if (authSSOInstant == null || authSSOInstant.equals("")) {
        authInstant = new Date();
    } else {
        try {
            authInstant = DateUtils.stringToDate(authSSOInstant);
        } catch (ParseException pe) {
            throw new WSFederationException(pe);
        }
    }
    NameIdentifier ni = accountMapper.getNameID(session, realm, idpEntityId, spEntityId);
    int notBeforeSkew = SAML2Constants.NOTBEFORE_ASSERTION_SKEW_DEFAULT;
    String notBeforeSkewStr = WSFederationMetaUtils.getAttribute(idpConfig, SAML2Constants.ASSERTION_NOTBEFORE_SKEW_ATTRIBUTE);
    if (notBeforeSkewStr != null) {
        try {
            notBeforeSkew = Integer.parseInt(notBeforeSkewStr);
            if (debug.messageEnabled()) {
                debug.message(classMethod + "got not before skew from config:" + notBeforeSkew);
            }
        } catch (NumberFormatException nfe) {
            debug.error(classMethod + "Failed to get not before skew from IDP SSO config: ", nfe);
            throw new WSFederationException(nfe);
        }
    }
    int effectiveTime = SAML2Constants.ASSERTION_EFFECTIVE_TIME;
    String effectiveTimeStr = WSFederationMetaUtils.getAttribute(idpConfig, SAML2Constants.ASSERTION_EFFECTIVE_TIME_ATTRIBUTE);
    if (effectiveTimeStr != null) {
        try {
            effectiveTime = Integer.parseInt(effectiveTimeStr);
            if (debug.messageEnabled()) {
                debug.message(classMethod + "got effective time from config:" + effectiveTime);
            }
        } catch (NumberFormatException nfe) {
            debug.error(classMethod + "Failed to get assertion effective time from " + "IDP SSO config: ", nfe);
            throw new WSFederationException(nfe);
        }
    }
    String strWantAssertionSigned = WSFederationMetaUtils.getAttribute(spConfig, WSFederationConstants.WANT_ASSERTION_SIGNED);
    // By default, we want to sign assertions
    boolean wantAssertionSigned = (strWantAssertionSigned != null) ? Boolean.parseBoolean(strWantAssertionSigned) : true;
    String certAlias = WSFederationMetaUtils.getAttribute(idpConfig, SAML2Constants.SIGNING_CERT_ALIAS);
    if (wantAssertionSigned && certAlias == null) {
        // SP wants us to sign the assertion, but we don't have a signing 
        // cert
        debug.error(classMethod + "SP wants signed assertion, but no signing cert is " + "configured");
        throw new WSFederationException(WSFederationUtils.bundle.getString("noIdPCertAlias"));
    }
    if (!wantAssertionSigned) {
        // SP doesn't want us to sign the assertion, so pass null certAlias 
        // to indicate no assertion signature required
        certAlias = null;
    }
    // generate a response for the authn request
    RequestSecurityTokenResponse rstr = new RequestSecurityTokenResponse(new SAML11RequestedSecurityToken(realm, spEntityId, idpEntityId, notBeforeSkew, effectiveTime, certAlias, authMethod, authInstant, ni, attributes), wtrealm);
    if (rstr == null) {
        debug.error(classMethod + "response is null");
        String errorMsg = WSFederationUtils.bundle.getString("UnableToCreateAssertion");
        /*
            res = IDPSSOUtil.getErrorResponse(authnReq, 
                SAML2Constants.RESPONDER, errorMsg, idpEntityID);
             */
        return;
    } else {
        try {
            String[] values = { idpMetaAlias };
            // Add SP to SP list in session
            String[] spList = WSFederationUtils.sessionProvider.getProperty(session, WSFederationConstants.SESSION_SP_LIST);
            ArrayList<String> newSpList = (spList != null) ? new ArrayList<String>(Arrays.asList(spList)) : new ArrayList<String>();
            if (!newSpList.contains(spEntityId)) {
                newSpList.add(spEntityId);
                WSFederationUtils.sessionProvider.setProperty(session, WSFederationConstants.SESSION_SP_LIST, newSpList.toArray(new String[0]));
            }
        } catch (SessionException e) {
            debug.error(classMethod + "error setting idpMetaAlias into the session: ", e);
        }
        try {
            postToTarget(rstr, acsURL);
        } catch (ServletException se) {
            throw new WSFederationException(se);
        }
    }
}
Also used : WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager) IDPAccountMapper(com.sun.identity.wsfederation.plugins.IDPAccountMapper) WSFederationException(com.sun.identity.wsfederation.common.WSFederationException) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) SPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement) SessionException(com.sun.identity.plugin.session.SessionException) IDPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement) Date(java.util.Date) ServletException(javax.servlet.ServletException) SAML11RequestedSecurityToken(com.sun.identity.wsfederation.profile.SAML11RequestedSecurityToken) IDPAttributeMapper(com.sun.identity.wsfederation.plugins.IDPAttributeMapper) ArrayList(java.util.ArrayList) List(java.util.List) ParseException(java.text.ParseException) RequestSecurityTokenResponse(com.sun.identity.wsfederation.profile.RequestSecurityTokenResponse)

Example 13 with IDPSSOConfigElement

use of com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.

the class WSFederationMetaManager method deleteEntityConfig.

/**
     * Deletes the extended entity configuration under the realm.
     * 
     * @param realm The realm under which the entity resides.
     * @param federationId The ID of the entity for whom the extended entity
     *                 configuration will be deleted.
     * @throws WSFederationMetaException if unable to delete the entity 
     * descriptor.
     */
public void deleteEntityConfig(String realm, String federationId) throws WSFederationMetaException {
    if (federationId == null) {
        return;
    }
    if (realm == null) {
        realm = "/";
    }
    String[] objs = { federationId, realm };
    try {
        Map oldAttrs = configInst.getConfiguration(realm, federationId);
        Set oldValues = (Set) oldAttrs.get(ATTR_ENTITY_CONFIG);
        if (oldValues == null || oldValues.isEmpty()) {
            LogUtil.error(Level.INFO, LogUtil.NO_ENTITY_DESCRIPTOR_DELETE_ENTITY_CONFIG, objs, null);
            throw new WSFederationMetaException("entity_config_not_exist", objs);
        }
        // Remove the entity from cot              
        IDPSSOConfigElement idpconfig = getIDPSSOConfig(realm, federationId);
        if (idpconfig != null) {
            removeFromCircleOfTrust(idpconfig, realm, federationId);
        }
        SPSSOConfigElement spconfig = getSPSSOConfig(realm, federationId);
        if (spconfig != null) {
            removeFromCircleOfTrust(spconfig, realm, federationId);
        }
        Set attr = new HashSet();
        attr.add(ATTR_ENTITY_CONFIG);
        configInst.deleteConfiguration(realm, federationId, attr);
        LogUtil.access(Level.INFO, LogUtil.ENTITY_CONFIG_DELETED, objs, null);
        WSFederationMetaCache.putEntityConfig(realm, federationId, null);
    } catch (ConfigurationException e) {
        debug.error("WSFederationMetaManager.deleteEntityConfig:", e);
        String[] data = { e.getMessage(), federationId, realm };
        LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_DELETE_ENTITY_CONFIG, data, null);
        throw new WSFederationMetaException(e);
    }
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) ConfigurationException(com.sun.identity.plugin.configuration.ConfigurationException) SPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement) IDPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement) Map(java.util.Map) HashSet(java.util.HashSet)

Example 14 with IDPSSOConfigElement

use of com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.

the class WSFederationMetaManager method getRoleByMetaAlias.

/**
     * Returns role of an entity based on its metaAlias.
     * 
     * @param metaAlias Meta alias of the entity.
     * @return role of an entity either <code>SAML2Constants.IDP_ROLE</code>; or
     *         <code>SAML2Constants.SP_ROLE</code> or 
     *         <code>SAML2Constants.UNKNOWN_ROLE</code>
     * @throws WSFederationMetaException if there are issues in getting the 
     * entity profile from the meta alias.
     */
public String getRoleByMetaAlias(String metaAlias) throws WSFederationMetaException {
    String role = SAML2Constants.UNKNOWN_ROLE;
    String federationId = getEntityByMetaAlias(metaAlias);
    if (federationId != null) {
        String realm = WSFederationMetaUtils.getRealmByMetaAlias(metaAlias);
        IDPSSOConfigElement idpConfig = getIDPSSOConfig(realm, federationId);
        SPSSOConfigElement spConfig = getSPSSOConfig(realm, federationId);
        if (idpConfig == null) {
            String m = spConfig.getMetaAlias();
            if ((m != null) && m.equals(metaAlias)) {
                role = SAML2Constants.SP_ROLE;
            }
        } else if (spConfig == null) {
            String m = idpConfig.getMetaAlias();
            if ((m != null) && m.equals(metaAlias)) {
                role = SAML2Constants.IDP_ROLE;
            }
        } else {
            //Assuming that sp and idp cannot have the same metaAlias
            String m = spConfig.getMetaAlias();
            if ((m != null) && m.equals(metaAlias)) {
                role = SAML2Constants.SP_ROLE;
            } else {
                m = idpConfig.getMetaAlias();
                if ((m != null) && m.equals(metaAlias)) {
                    role = SAML2Constants.IDP_ROLE;
                }
            }
        }
    }
    return role;
}
Also used : SPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement) IDPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)

Example 15 with IDPSSOConfigElement

use of com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement in project OpenAM by OpenRock.

the class WSFederationMetaManager method deleteFederation.

/**
     * Deletes the standard metadata entity descriptor under the realm.
     * 
     * @param realm The realm under which the entity resides.
     * @param federationId The ID of the entity for whom the standard entity 
     *                 descriptor will be deleted.
     * @throws WSFederationMetaException if unable to delete the entity 
     * descriptor.
     */
public void deleteFederation(String realm, String federationId) throws WSFederationMetaException {
    if (federationId == null) {
        return;
    }
    if (realm == null) {
        realm = "/";
    }
    String[] objs = { federationId, realm };
    try {
        // Remove the entity from cot              
        IDPSSOConfigElement idpconfig = getIDPSSOConfig(realm, federationId);
        if (idpconfig != null) {
            removeFromCircleOfTrust(idpconfig, realm, federationId);
        }
        SPSSOConfigElement spconfig = getSPSSOConfig(realm, federationId);
        if (spconfig != null) {
            removeFromCircleOfTrust(spconfig, realm, federationId);
        }
        // end of remove entity from cot
        configInst.deleteConfiguration(realm, federationId, null);
        LogUtil.access(Level.INFO, LogUtil.ENTITY_DESCRIPTOR_DELETED, objs, null);
        WSFederationMetaCache.putFederation(realm, federationId, null);
    } catch (ConfigurationException e) {
        debug.error("WSFederationMetaManager.deleteFederation:", e);
        String[] data = { e.getMessage(), federationId, realm };
        LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_DELETE_ENTITY_DESCRIPTOR, data, null);
        throw new WSFederationMetaException(e);
    }
}
Also used : ConfigurationException(com.sun.identity.plugin.configuration.ConfigurationException) SPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement) IDPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)

Aggregations

IDPSSOConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)17 SPSSOConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement)7 Set (java.util.Set)6 WSFederationMetaException (com.sun.identity.wsfederation.meta.WSFederationMetaException)5 HashSet (java.util.HashSet)5 List (java.util.List)5 Map (java.util.Map)5 WSFederationException (com.sun.identity.wsfederation.common.WSFederationException)4 WSFederationMetaManager (com.sun.identity.wsfederation.meta.WSFederationMetaManager)4 ConfigurationException (com.sun.identity.plugin.configuration.ConfigurationException)3 SessionException (com.sun.identity.plugin.session.SessionException)3 FederationConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.FederationConfigElement)3 ArrayList (java.util.ArrayList)3 Iterator (java.util.Iterator)3 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)2 NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)2 BaseConfigType (com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType)2 HashMap (java.util.HashMap)2 JAXBException (javax.xml.bind.JAXBException)2 CircleOfTrustManager (com.sun.identity.cot.CircleOfTrustManager)1