Example 11 with WSFederationMetaManager
use of com.sun.identity.wsfederation.meta.WSFederationMetaManager in project OpenAM by OpenRock.
the class UpdateMetadataKeyInfo method handleWSFedRequest.
private void handleWSFedRequest(RequestContext rc) throws CLIException {
try {
WSFederationMetaManager metaManager = new WSFederationMetaManager(ssoToken);
FederationElement descriptor = metaManager.getEntityDescriptor(realm, entityID);
if (descriptor == null) {
Object[] objs2 = { entityID, realm };
throw new CLIException(MessageFormat.format(getResourceString("update-meta-keyinfo-exception-entity-not-exist"), objs2), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
if (!isEmpty(spSigningAliases)) {
if (NULL_ALIAS.equals(getFirstItem(spSigningAliases))) {
WSFederationMetaSecurityUtils.updateProviderKeyInfo(realm, entityID, null, false);
} else {
WSFederationMetaSecurityUtils.updateProviderKeyInfo(realm, entityID, getFirstItem(spSigningAliases), false);
}
}
if (!isEmpty(idpSigningAliases)) {
if (NULL_ALIAS.equals(getFirstItem(idpSigningAliases))) {
WSFederationMetaSecurityUtils.updateProviderKeyInfo(realm, entityID, null, true);
} else {
WSFederationMetaSecurityUtils.updateProviderKeyInfo(realm, entityID, getFirstItem(idpSigningAliases), true);
}
}
if (!isEmpty(spEncryptionAliases)) {
Object[] objs2 = { entityID, realm };
throw new CLIException(MessageFormat.format(getResourceString("update-meta-keyinfo-exception-invalid-option"), objs2), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
if (!isEmpty(idpEncryptionAliases)) {
Object[] objs2 = { entityID, realm };
throw new CLIException(MessageFormat.format(getResourceString("update-meta-keyinfo-exception-invalid-option"), objs2), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
Object[] objs = { entityID };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("update-keyinfo-succeeded"), objs));
} catch (WSFederationMetaException e) {
WSFederationMetaUtils.debug.error("UpdateMetaKey.handleIDFFRequest", e);
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Also used :
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
CLIException(com.sun.identity.cli.CLIException)
WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException)
FederationElement(com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement)
Example 12 with WSFederationMetaManager
use of com.sun.identity.wsfederation.meta.WSFederationMetaManager in project OpenAM by OpenRock.
the class ExportMetaData method runWSFedExportMeta.
private void runWSFedExportMeta() throws CLIException {
PrintWriter pw = null;
String out = (isWebBase) ? "web" : metadata;
Object[] objs = { out };
Object[] objs2 = { entityID, realm };
try {
WSFederationMetaManager metaManager = new WSFederationMetaManager(ssoToken);
FederationElement federation = metaManager.getEntityDescriptor(realm, entityID);
if (federation == null) {
throw new CLIException(MessageFormat.format(getResourceString("export-entity-exception-entity-descriptor-not-exist"), objs2), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
String xmlstr = WSFederationMetaUtils.convertJAXBToString(federation);
xmlstr = WSFederationMetaSecurityUtils.formatBase64BinaryElement(xmlstr);
if (isWebBase) {
getOutputWriter().printlnMessage(xmlstr);
} else {
pw = new PrintWriter(new FileWriter(metadata));
pw.print(xmlstr);
}
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("export-entity-export-descriptor-succeeded"), objs));
} catch (WSFederationMetaException e) {
debugError("ExportMetaData.runExportMeta", e);
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IOException e) {
debugError("ExportMetaData.runExportMeta", e);
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (JAXBException e) {
debugWarning("ExportMetaData.runExportMeta", e);
throw new CLIException(MessageFormat.format(getResourceString("export-entity-exception-invalid_descriptor"), objs2), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IllegalArgumentException e) {
debugWarning("ExportMetaData.runExportMeta", e);
throw new CLIException(MessageFormat.format(getResourceString("export-entity-exception-invalid_descriptor"), objs2), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} finally {
if (pw != null) {
pw.close();
}
}
}
Also used :
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
FileWriter(java.io.FileWriter)
JAXBException(javax.xml.bind.JAXBException)
CLIException(com.sun.identity.cli.CLIException)
WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException)
IOException(java.io.IOException)
FederationElement(com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement)
PrintWriter(java.io.PrintWriter)
Example 13 with WSFederationMetaManager
use of com.sun.identity.wsfederation.meta.WSFederationMetaManager in project OpenAM by OpenRock.
the class ImportEntityModelImpl method importWSFedMetaData.
private void importWSFedMetaData() throws WSFederationMetaException, AMConsoleException {
try {
Object obj = WSFederationMetaUtils.convertStringToJAXB(standardMetaData);
if (obj instanceof com.sun.identity.wsfederation.jaxb.wsfederation.FederationMetadataElement) {
obj = ((com.sun.identity.wsfederation.jaxb.wsfederation.FederationMetadataElement) obj).getAny().get(0);
}
if (obj instanceof com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement) {
com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement federation = (com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement) obj;
// TBD
//Document doc = XMLUtils.toDOMDocument(standardMetadata, debug);
// WSFederationMetaSecurityUtils.verifySignature(doc);
(new WSFederationMetaManager()).createFederation(realm, federation);
}
} catch (JAXBException e) {
debug.error("ImportEntityModel.importWSFedMetaData", e);
throw new AMConsoleException(e);
} catch (IllegalArgumentException e) {
debug.error("ImportEntityModel.importWSFedMetaData", e);
throw new AMConsoleException(e);
}
}
Also used :
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
JAXBException(javax.xml.bind.JAXBException)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Example 14 with WSFederationMetaManager
use of com.sun.identity.wsfederation.meta.WSFederationMetaManager in project OpenAM by OpenRock.
the class ConfigFedMonitoring method getWSFedEntities.
private Map getWSFedEntities(String realm) {
String classMethod = "ConfigFedMonitoring.getWSFedEntities:";
Set wsEnts = null;
// wsentMap: entity name => Map of ("location", "roles") -> values
Map wsentMap = new HashMap();
try {
WSFederationMetaManager metaManager = new WSFederationMetaManager();
wsEnts = metaManager.getAllEntities(realm);
List hosted = metaManager.getAllHostedEntities(realm);
for (Iterator it = wsEnts.iterator(); it.hasNext(); ) {
Map wse = new HashMap();
String entId = (String) it.next();
if ((hosted != null) && hosted.contains(entId)) {
wse.put("location", "hosted");
} else {
wse.put("location", "remote");
}
wse.put("roles", listToString(getWSFedRoles(entId, realm)));
wsentMap.put(entId, wse);
}
} catch (WSFederationMetaException e) {
debug.error(classMethod + "getting WSFed entities for realm " + realm + ": " + e.getMessage());
}
return wsentMap;
}
Also used :
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
Set(java.util.Set)
HashMap(java.util.HashMap)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 15 with WSFederationMetaManager
use of com.sun.identity.wsfederation.meta.WSFederationMetaManager in project OpenAM by OpenRock.
the class SAML11RequestedSecurityToken method verifyToken.
/**
* Verifies the token's validity, checking the signature, validity period
* etc.
* @param realm the realm of the local entity
* @param hostEntityId the local entity ID
* @param timeskew permitted skew between service provider and identity
* provider clocks, in seconds
* @return a Map of relevant data including Subject and the List of
* Assertions.
* @throws com.sun.identity.wsfederation.common.WSFederationException in
* case of any error - invalid token signature, token expired etc.
*/
public Map<String, Object> verifyToken(String realm, String hostEntityId, int timeskew) throws WSFederationException {
String classMethod = "SAML11RequestedSecurityToken.verifyToken";
// check that assertion issuer is trusted by the local entity
String issuer = assertion.getIssuer();
WSFederationMetaManager metaManager = WSFederationUtils.getMetaManager();
String remoteEntityId = metaManager.getEntityByTokenIssuerName(realm, issuer);
if (!metaManager.isTrustedProvider(realm, hostEntityId, remoteEntityId)) {
String[] data = { LogUtil.isErrorLoggable(Level.FINER) ? this.toString() : this.getTokenId(), realm, hostEntityId };
LogUtil.error(Level.INFO, LogUtil.UNTRUSTED_ISSUER, data, null);
throw new WSFederationException(WSFederationUtils.bundle.getString("untrustedIssuer"));
}
SPSSOConfigElement spConfig = metaManager.getSPSSOConfig(realm, hostEntityId);
if (spConfig == null) {
debug.error(classMethod + "cannot find configuration for SP " + hostEntityId);
throw new WSFederationException("unableToFindSPConfiguration");
}
String strWantAssertionSigned = WSFederationMetaUtils.getAttribute(spConfig, WSFederationConstants.WANT_ASSERTION_SIGNED);
// By default, we want to sign assertions
boolean wantAssertionSigned = (strWantAssertionSigned != null) ? Boolean.parseBoolean(strWantAssertionSigned) : true;
if (wantAssertionSigned && (!WSFederationUtils.isSignatureValid(assertion, realm, remoteEntityId))) {
// isSignatureValid will log the error
throw new WSFederationException(WSFederationUtils.bundle.getString("invalidSignature"));
}
// TODO: check AudienceRestrictionCondition
Subject assertionSubject = null;
Iterator stmtIter = assertion.getStatement().iterator();
while (stmtIter.hasNext()) {
Statement statement = (Statement) stmtIter.next();
if (statement.getStatementType() == Statement.AUTHENTICATION_STATEMENT) {
assertionSubject = ((SubjectStatement) statement).getSubject();
break;
}
}
if (assertionSubject == null) {
String[] data = { LogUtil.isErrorLoggable(Level.FINER) ? this.toString() : this.getTokenId() };
LogUtil.error(Level.INFO, LogUtil.MISSING_SUBJECT, data, null);
throw new WSFederationException(WSFederationUtils.bundle.getString("missingSubject"));
}
// must be valid (timewise)
if (!WSFederationUtils.isTimeValid(assertion, timeskew)) {
// isTimeValid will log the error
throw new WSFederationException(WSFederationUtils.bundle.getString("timeInvalid"));
}
List assertions = new ArrayList();
assertions.add(assertion);
Map<String, Object> attrMap = new HashMap<String, Object>();
attrMap.put(SAML2Constants.SUBJECT, assertionSubject);
attrMap.put(SAML2Constants.POST_ASSERTION, assertion);
attrMap.put(SAML2Constants.ASSERTIONS, assertions);
// TODO
int authLevel = 0;
if (authLevel >= 0) {
attrMap.put(SAML2Constants.AUTH_LEVEL, new Integer(authLevel));
}
Date sessionNotOnOrAfter = assertion.getConditions().getNotOnorAfter();
if (sessionNotOnOrAfter != null) {
long maxSessionTime = (sessionNotOnOrAfter.getTime() - System.currentTimeMillis()) / 60000;
if (maxSessionTime > 0) {
attrMap.put(SAML2Constants.MAX_SESSION_TIME, new Long(maxSessionTime));
}
}
if (debug.messageEnabled()) {
debug.message(classMethod + " Attribute Map : " + attrMap);
}
return attrMap;
}
Also used :
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
WSFederationException(com.sun.identity.wsfederation.common.WSFederationException)
HashMap(java.util.HashMap)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
SubjectStatement(com.sun.identity.saml.assertion.SubjectStatement)
Statement(com.sun.identity.saml.assertion.Statement)
AuthenticationStatement(com.sun.identity.saml.assertion.AuthenticationStatement)
SPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement)
ArrayList(java.util.ArrayList)
Subject(com.sun.identity.saml.assertion.Subject)
Date(java.util.Date)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
Aggregations
WSFederationMetaManager (com.sun.identity.wsfederation.meta.WSFederationMetaManager)31
WSFederationMetaException (com.sun.identity.wsfederation.meta.WSFederationMetaException)20
List (java.util.List)13
FederationElement (com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement)12
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)11
JAXBException (javax.xml.bind.JAXBException)10
Iterator (java.util.Iterator)9
CLIException (com.sun.identity.cli.CLIException)8
ArrayList (java.util.ArrayList)8
WSFederationException (com.sun.identity.wsfederation.common.WSFederationException)7
HashMap (java.util.HashMap)7
SPSSOConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement)6
Map (java.util.Map)6
SessionException (com.sun.identity.plugin.session.SessionException)5
Set (java.util.Set)5
BaseConfigType (com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType)4
FederationConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.FederationConfigElement)4
IDPSSOConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)4
TokenIssuerEndpointElement (com.sun.identity.wsfederation.jaxb.wsfederation.TokenIssuerEndpointElement)4
IOException (java.io.IOException)4
