Example 1 with FederationElement
use of com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement in project OpenAM by OpenRock.
the class CreateWSFedMetaDataTemplate method createStandardMetaTemplate.
public static String createStandardMetaTemplate(String entityId, Map mapParams, String url) throws JAXBException, CertificateEncodingException {
JAXBContext jc = WSFederationMetaUtils.getMetaJAXBContext();
com.sun.identity.wsfederation.jaxb.wsfederation.ObjectFactory objFactory = new com.sun.identity.wsfederation.jaxb.wsfederation.ObjectFactory();
FederationElement fed = objFactory.createFederationElement();
fed.setFederationID(entityId);
String idpAlias = (String) mapParams.get(MetaTemplateParameters.P_IDP);
if (idpAlias != null) {
addWSFedIdentityProviderTemplate(entityId, objFactory, fed, mapParams, url);
}
String spAlias = (String) mapParams.get(MetaTemplateParameters.P_SP);
if (spAlias != null) {
addWSFedServiceProviderTemplate(entityId, objFactory, fed, mapParams, url);
}
Marshaller m = jc.createMarshaller();
m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
StringWriter pw = new StringWriter();
m.marshal(fed, pw);
return pw.toString();
}
Also used :
Marshaller(javax.xml.bind.Marshaller)
StringWriter(java.io.StringWriter)
JAXBContext(javax.xml.bind.JAXBContext)
FederationElement(com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement)
Example 2 with FederationElement
use of com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement in project OpenAM by OpenRock.
the class ConfigFedMonitoring method getWSFedRoles.
public List getWSFedRoles(String entity, String realm) {
List roles = new ArrayList(4);
boolean isSP = true;
int cnt = 0;
try {
WSFederationMetaManager metaManager = new WSFederationMetaManager();
if (metaManager.getIDPSSOConfig(realm, entity) != null) {
roles.add(IDENTITY_PROVIDER);
}
if (metaManager.getSPSSOConfig(realm, entity) != null) {
roles.add(SERVICE_PROVIDER);
}
//to handle dual roles specifically for WSFED
if (roles.isEmpty()) {
FederationElement fedElem = metaManager.getEntityDescriptor(realm, entity);
if (fedElem != null) {
for (Iterator iter = fedElem.getAny().iterator(); iter.hasNext(); ) {
Object o = iter.next();
if (o instanceof UriNamedClaimTypesOfferedElement) {
roles.add(IDENTITY_PROVIDER);
isSP = false;
} else if (o instanceof TokenIssuerEndpointElement) {
cnt++;
}
}
if ((isSP) || (cnt > 1)) {
roles.add(SERVICE_PROVIDER);
}
}
}
} catch (WSFederationMetaException e) {
debug.warning("ConfigFedMonitoring.getWSFedRoles", e);
}
return (roles != null) ? roles : Collections.EMPTY_LIST;
}
Also used :
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
UriNamedClaimTypesOfferedElement(com.sun.identity.wsfederation.jaxb.wsfederation.UriNamedClaimTypesOfferedElement)
ArrayList(java.util.ArrayList)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException)
FederationElement(com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement)
TokenIssuerEndpointElement(com.sun.identity.wsfederation.jaxb.wsfederation.TokenIssuerEndpointElement)
Example 3 with FederationElement
use of com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement in project OpenAM by OpenRock.
the class MetadataRequest method process.
public void process() throws WSFederationException, IOException {
String classMethod = "MetadataRequest.process: ";
String realm = "/";
String entityId = null;
int prefixLength = (request.getContextPath() + WSFederationConstants.METADATA_URL_PREFIX).length();
String suffix = request.getRequestURI().substring(prefixLength);
WSFederationMetaManager metaManager = WSFederationUtils.getMetaManager();
if (suffix.equals(WSFederationConstants.METADATA_URL_SUFFIX)) {
// No entity ID in request - return first defined
List providers = metaManager.getAllHostedEntities(null);
if ((providers != null) && !providers.isEmpty()) {
entityId = (String) providers.iterator().next();
} else {
throw new WSFederationException(WSFederationUtils.bundle.getString("noHostedEntities"));
}
} else {
// Request URL is of the form METADATA_URL_PREFIX + metaalias +
// + METADATA_URL_SUFFIX
// e.g. /FederationMetadata/2006-12/red/idp/FederationMetadata.xml
int metaAliasLength = suffix.length() - WSFederationConstants.METADATA_URL_SUFFIX.length();
String metaAlias = suffix.substring(0, metaAliasLength);
realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
entityId = metaManager.getEntityByMetaAlias(metaAlias);
if (entityId == null || entityId.length() == 0) {
String[] args = { metaAlias, realm };
throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "invalidMetaAlias", args);
}
}
FederationElement fedElem = metaManager.getEntityDescriptor(realm, entityId);
String metaXML = null;
try {
metaXML = WSFederationMetaUtils.convertJAXBToString(fedElem);
} catch (JAXBException ex) {
throw new WSFederationException(ex);
}
response.setContentType("text/xml");
response.setHeader("Pragma", "no-cache");
response.getWriter().print(metaXML);
}
Also used :
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
WSFederationException(com.sun.identity.wsfederation.common.WSFederationException)
JAXBException(javax.xml.bind.JAXBException)
List(java.util.List)
FederationElement(com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement)
Example 4 with FederationElement
use of com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement in project OpenAM by OpenRock.
the class RPSigninRequest method process.
/**
* Processes the sign-in request, redirecting the browser to the identity
* provider via the HttpServletResponse passed to the constructor.
*/
public void process() throws WSFederationException, IOException {
String classMethod = "RPSigninRequest.process: ";
if (debug.messageEnabled()) {
debug.message(classMethod + "entered method");
}
if (wctx == null || wctx.length() == 0) {
// Exchange reply URL for opaque identifier
wctx = (wreply != null && (wreply.length() > 0)) ? WSFederationUtils.putReplyURL(wreply) : null;
}
String spMetaAlias = WSFederationMetaUtils.getMetaAliasByUri(request.getRequestURI());
if (spMetaAlias == null || spMetaAlias.length() == 0) {
throw new WSFederationException(WSFederationUtils.bundle.getString("MetaAliasNotFound"));
}
String spRealm = SAML2MetaUtils.getRealmByMetaAlias(spMetaAlias);
WSFederationMetaManager metaManager = WSFederationUtils.getMetaManager();
String spEntityId = metaManager.getEntityByMetaAlias(spMetaAlias);
if (spEntityId == null || spEntityId.length() == 0) {
String[] args = { spMetaAlias, spRealm };
throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "invalidMetaAlias", args);
}
SPSSOConfigElement spConfig = metaManager.getSPSSOConfig(spRealm, spEntityId);
if (spConfig == null) {
String[] args = { spEntityId, spRealm };
throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "badSPEntityID", args);
}
Map<String, List<String>> spConfigAttributes = WSFederationMetaUtils.getAttributes(spConfig);
String accountRealmSelection = spConfigAttributes.get(com.sun.identity.wsfederation.common.WSFederationConstants.ACCOUNT_REALM_SELECTION).get(0);
if (accountRealmSelection == null) {
accountRealmSelection = WSFederationConstants.ACCOUNT_REALM_SELECTION_DEFAULT;
}
String accountRealmCookieName = spConfigAttributes.get(WSFederationConstants.ACCOUNT_REALM_COOKIE_NAME).get(0);
if (accountRealmCookieName == null) {
accountRealmCookieName = WSFederationConstants.ACCOUNT_REALM_COOKIE_NAME_DEFAULT;
}
String homeRealmDiscoveryService = spConfigAttributes.get(WSFederationConstants.HOME_REALM_DISCOVERY_SERVICE).get(0);
if (debug.messageEnabled()) {
debug.message(classMethod + "account realm selection method is " + accountRealmSelection);
}
String idpIssuerName = null;
if (whr != null && whr.length() > 0) {
// whr parameter overrides other mechanisms...
idpIssuerName = whr;
if (accountRealmSelection.equals(WSFederationConstants.COOKIE)) {
// ...and overwrites cookie
Cookie cookie = new Cookie(accountRealmCookieName, whr);
// Set cookie to persist for a year
cookie.setMaxAge(60 * 60 * 24 * 365);
CookieUtils.addCookieToResponse(response, cookie);
}
} else {
if (accountRealmSelection.equals(WSFederationConstants.USERAGENT)) {
String uaHeader = request.getHeader(WSFederationConstants.USERAGENT);
if (debug.messageEnabled()) {
debug.message(classMethod + "user-agent is :" + uaHeader);
}
idpIssuerName = WSFederationUtils.accountRealmFromUserAgent(uaHeader, accountRealmCookieName);
} else if (accountRealmSelection.equals(WSFederationConstants.COOKIE)) {
Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (int i = 0; i < cookies.length; i++) {
if (cookies[i].getName().equals(accountRealmCookieName)) {
idpIssuerName = cookies[i].getValue();
break;
}
}
}
} else {
debug.error(classMethod + "unexpected value for " + WSFederationConstants.ACCOUNT_REALM_SELECTION + " : " + accountRealmSelection);
throw new WSFederationException(WSFederationUtils.bundle.getString("badAccountRealm"));
}
}
FederationElement sp = metaManager.getEntityDescriptor(spRealm, spEntityId);
String spIssuerName = metaManager.getTokenIssuerName(sp);
if (debug.messageEnabled()) {
debug.message(classMethod + "SP issuer name:" + spIssuerName);
}
String idpEntityId = null;
if (idpIssuerName != null && idpIssuerName.length() > 0) {
// Got the issuer name from the cookie/UA string - let's see if
// we know the entity ID
idpEntityId = metaManager.getEntityByTokenIssuerName(null, idpIssuerName);
}
if (idpEntityId == null) {
// See if there is only one trusted IdP configured...
List<String> allRemoteIdPs = metaManager.getAllRemoteIdentityProviderEntities(spRealm);
ArrayList<String> trustedRemoteIdPs = new ArrayList<String>();
for (String idp : allRemoteIdPs) {
if (metaManager.isTrustedProvider(spRealm, spEntityId, idp)) {
trustedRemoteIdPs.add(idp);
}
}
if (trustedRemoteIdPs.size() == 0) {
// Misconfiguration!
throw new WSFederationException(WSFederationUtils.bundle.getString("noIDPConfigured"));
} else if (trustedRemoteIdPs.size() == 1) {
idpEntityId = trustedRemoteIdPs.get(0);
}
}
FederationElement idp = null;
if (idpEntityId != null) {
idp = metaManager.getEntityDescriptor(null, idpEntityId);
}
// Set LB cookie here so it's done regardless of which redirect happens
// We want response to come back to this instance
WSFederationUtils.sessionProvider.setLoadBalancerCookie(request, response);
// If we still don't know the IdP, redirect to home realm discovery
if (idp == null) {
StringBuffer url = new StringBuffer(homeRealmDiscoveryService);
url.append("?wreply=");
url.append(URLEncDec.encode(request.getRequestURL().toString()));
if (wctx != null) {
url.append("&wctx=");
url.append(URLEncDec.encode(wctx));
}
if (debug.messageEnabled()) {
debug.message(classMethod + "no account realm - redirecting to :" + url);
}
response.sendRedirect(url.toString());
return;
}
if (debug.messageEnabled()) {
debug.message(classMethod + "account realm:" + idpEntityId);
}
String endpoint = metaManager.getTokenIssuerEndpoint(idp);
if (debug.messageEnabled()) {
debug.message(classMethod + "endpoint:" + endpoint);
}
String replyURL = metaManager.getTokenIssuerEndpoint(sp);
if (debug.messageEnabled()) {
debug.message(classMethod + "replyURL:" + replyURL);
}
StringBuffer url = new StringBuffer(endpoint);
url.append("?wa=");
url.append(URLEncDec.encode(WSFederationConstants.WSIGNIN10));
if (wctx != null) {
url.append("&wctx=");
url.append(URLEncDec.encode(wctx));
}
url.append("&wreply=");
url.append(URLEncDec.encode(replyURL));
url.append("&wct=");
url.append(URLEncDec.encode(DateUtils.toUTCDateFormat(new Date())));
url.append("&wtrealm=");
url.append(URLEncDec.encode(spIssuerName));
if (debug.messageEnabled()) {
debug.message(classMethod + "Redirecting to:" + url);
}
response.sendRedirect(url.toString());
}
Also used :
Cookie(javax.servlet.http.Cookie)
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
WSFederationException(com.sun.identity.wsfederation.common.WSFederationException)
SPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement)
ArrayList(java.util.ArrayList)
Date(java.util.Date)
ArrayList(java.util.ArrayList)
List(java.util.List)
FederationElement(com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement)
Example 5 with FederationElement
use of com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement in project OpenAM by OpenRock.
the class IDPSSOUtil method getACSurl.
/**
* Returns the assertion consumer service (ACS) URL for the entity.
* @param entityId entity ID of provider
* @param realm realm of the provider
* @param wreply the ACSURL supplied by the requestor. If supplied, this is
* checked against the URLs registered for the provider.
* @return assertion consumer service (ACS) URL for the entity.
*/
public static String getACSurl(String entityId, String realm, String wreply) throws WSFederationMetaException {
WSFederationMetaManager metaManager = WSFederationUtils.getMetaManager();
FederationElement sp = metaManager.getEntityDescriptor(realm, entityId);
if (wreply == null) {
// Get first ACS URL for this SP
return metaManager.getTokenIssuerEndpoint(sp);
} else {
// Just return first TokenIssuerEndpoint in the Federation
for (Object o : sp.getAny()) {
if (o instanceof TokenIssuerEndpointElement) {
try {
URL replyUrl = new URL(wreply);
URL thisUrl = new URL(((TokenIssuerEndpointElement) o).getAddress().getValue());
if (replyUrl.equals(thisUrl))
return wreply;
} catch (MalformedURLException mue) {
return null;
}
}
}
}
return null;
}
Also used :
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
MalformedURLException(java.net.MalformedURLException)
FederationElement(com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement)
TokenIssuerEndpointElement(com.sun.identity.wsfederation.jaxb.wsfederation.TokenIssuerEndpointElement)
URL(java.net.URL)
Aggregations
FederationElement (com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement)23
WSFederationMetaManager (com.sun.identity.wsfederation.meta.WSFederationMetaManager)12
WSFederationMetaException (com.sun.identity.wsfederation.meta.WSFederationMetaException)10
List (java.util.List)8
Iterator (java.util.Iterator)7
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)6
HashSet (java.util.HashSet)6
JAXBException (javax.xml.bind.JAXBException)6
FederationConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.FederationConfigElement)5
BaseConfigType (com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType)4
TokenIssuerEndpointElement (com.sun.identity.wsfederation.jaxb.wsfederation.TokenIssuerEndpointElement)4
CLIException (com.sun.identity.cli.CLIException)3
WSFederationException (com.sun.identity.wsfederation.common.WSFederationException)3
UriNamedClaimTypesOfferedElement (com.sun.identity.wsfederation.jaxb.wsfederation.UriNamedClaimTypesOfferedElement)3
ArrayList (java.util.ArrayList)3
Set (java.util.Set)3
WSFedPropertiesModel (com.sun.identity.console.federation.model.WSFedPropertiesModel)2
ConfigurationException (com.sun.identity.plugin.configuration.ConfigurationException)2
AttributeType (com.sun.identity.wsfederation.jaxb.entityconfig.AttributeType)2
ObjectFactory (com.sun.identity.wsfederation.jaxb.entityconfig.ObjectFactory)2
