Example 16 with WSFederationMetaManager
use of com.sun.identity.wsfederation.meta.WSFederationMetaManager in project OpenAM by OpenRock.
the class IPRPSignoutRequest method process.
/**
* Processes the sign-out request, returning a response via the
* HttpServletResponse passed to the constructor.
*/
public void process() throws IOException, WSFederationException {
String classMethod = "IPRPSignoutRequest.process: ";
String metaAlias = WSFederationMetaUtils.getMetaAliasByUri(request.getRequestURI());
if ((metaAlias == null) || (metaAlias.trim().length() == 0)) {
debug.error(classMethod + "Unable to get meta alias from request");
throw new WSFederationException(WSFederationUtils.bundle.getString("MetaAliasNotFound"));
}
String realm = WSFederationMetaUtils.getRealmByMetaAlias(metaAlias);
if ((realm == null) || (realm.trim().length() == 0)) {
debug.error(classMethod + "Unable to get realm from request");
throw new WSFederationException(WSFederationUtils.bundle.getString("nullRealm"));
}
WSFederationMetaManager metaManager = WSFederationUtils.getMetaManager();
// retrieve entity id from meta alias
String entityId = metaManager.getEntityByMetaAlias(metaAlias);
if ((entityId == null) || (entityId.trim().length() == 0)) {
debug.error(classMethod + "Unable to get Entity ID from metaAlias" + metaAlias);
throw new WSFederationException(WSFederationUtils.bundle.getString("nullEntityID"));
}
Object session = null;
try {
session = WSFederationUtils.sessionProvider.getSession(request);
} catch (SessionException se) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Session exception" + se.getLocalizedMessage());
}
// Don't care too much about session exceptions here - usual cause
// is trying to log out after the session has expired
}
try {
// Strategy here is to do logouts in parallel via iframes, provide a
// link to wreply, if any
BaseConfigType config = metaManager.getBaseConfig(realm, entityId);
String displayName = WSFederationMetaUtils.getAttribute(config, WSFederationConstants.DISPLAY_NAME);
if (displayName == null || displayName.length() == 0) {
displayName = entityId;
}
request.setAttribute(WSFederationConstants.LOGOUT_DISPLAY_NAME, displayName);
request.setAttribute(WSFederationConstants.LOGOUT_WREPLY, wreply);
request.setAttribute(WSFederationConstants.REALM_PARAM, realm);
request.setAttribute(WSFederationConstants.ENTITYID_PARAM, entityId);
LinkedHashMap<String, String> providerList = new LinkedHashMap<String, String>();
if (session != null) {
String[] idpList = WSFederationUtils.sessionProvider.getProperty(session, WSFederationConstants.SESSION_IDP);
if (idpList != null && idpList.length > 0 && idpList[0] != null && idpList[0].length() > 0) {
FederationElement fed = metaManager.getEntityDescriptor(realm, idpList[0]);
String endpoint = metaManager.getTokenIssuerEndpoint(fed);
String url = endpoint + "?wa=" + WSFederationConstants.WSIGNOUT10;
config = metaManager.getBaseConfig(realm, idpList[0]);
displayName = WSFederationMetaUtils.getAttribute(config, WSFederationConstants.DISPLAY_NAME);
if (displayName == null) {
displayName = idpList[0];
}
if (debug.messageEnabled()) {
debug.message(classMethod + "sending signout to " + url);
}
providerList.put(url, displayName);
}
String[] spList = WSFederationUtils.sessionProvider.getProperty(session, WSFederationConstants.SESSION_SP_LIST);
if (spList != null && spList.length > 0 && spList[0] != null && spList[0].length() > 0) {
for (int i = 0; i < spList.length; i++) {
config = metaManager.getBaseConfig(realm, spList[i]);
displayName = WSFederationMetaUtils.getAttribute(config, WSFederationConstants.DISPLAY_NAME);
if (displayName == null) {
displayName = spList[i];
}
FederationElement fed = metaManager.getEntityDescriptor(realm, spList[i]);
String endpoint = metaManager.getTokenIssuerEndpoint(fed);
String url = endpoint + "?wa=" + WSFederationConstants.WSIGNOUT10;
if (debug.messageEnabled()) {
debug.message(classMethod + "sending signout to " + url);
}
providerList.put(url, displayName);
}
// Can't remove a session property, so just set it to
// an empty string
String[] empty = { "" };
WSFederationUtils.sessionProvider.setProperty(session, WSFederationConstants.SESSION_SP_LIST, empty);
}
if (debug.messageEnabled()) {
debug.message(classMethod + "destroying session " + session);
}
MultiProtocolUtils.invalidateSession(session, request, response, SingleLogoutManager.WS_FED);
}
request.setAttribute(WSFederationConstants.LOGOUT_PROVIDER_LIST, providerList);
request.getRequestDispatcher("/wsfederation/jsp/logout.jsp").forward(request, response);
} catch (ServletException se) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Servlet exception" + se.getLocalizedMessage());
}
throw new WSFederationException(se);
} catch (SessionException se) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Session exception" + se.getLocalizedMessage());
}
throw new WSFederationException(se);
}
// Can't pass session, since we just invalidated it!
String[] data = { wreply };
LogUtil.access(Level.INFO, LogUtil.SLO_SUCCESSFUL, data, null);
}
Also used :
BaseConfigType(com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType)
ServletException(javax.servlet.ServletException)
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
WSFederationException(com.sun.identity.wsfederation.common.WSFederationException)
SessionException(com.sun.identity.plugin.session.SessionException)
FederationElement(com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement)
LinkedHashMap(java.util.LinkedHashMap)
Example 17 with WSFederationMetaManager
use of com.sun.identity.wsfederation.meta.WSFederationMetaManager in project OpenAM by OpenRock.
the class IPSigninRequest method sendResponse.
/**
* Sends <code>RequestSecurityTokenResponse</code> containing an
* <code>Assertion</code> back to the requesting service provider
*/
private void sendResponse(Object session, String idpEntityId, String spEntityId, String idpMetaAlias, String realm) throws WSFederationException, IOException {
String classMethod = "IDPSSOFederate.sendResponse: ";
/*
String nameIDFormat = null;
NameIDPolicy policy = authnReq.getNameIDPolicy();
if (policy != null) {
nameIDFormat = policy.getFormat();
}
*/
String acsURL = IDPSSOUtil.getACSurl(spEntityId, realm, wreply);
if ((acsURL == null) || (acsURL.trim().length() == 0)) {
debug.error(classMethod + "no ACS URL found.");
String[] data = { realm, spEntityId, wreply };
LogUtil.error(Level.INFO, LogUtil.NO_ACS_URL, data, null);
throw new WSFederationException(WSFederationUtils.bundle.getString("unableTofindACSURL"));
}
WSFederationMetaManager metaManager = WSFederationUtils.getMetaManager();
IDPSSOConfigElement idpConfig = metaManager.getIDPSSOConfig(realm, idpEntityId);
if (idpConfig == null) {
debug.error(classMethod + "cannot find configuration for IdP " + idpEntityId);
throw new WSFederationException(WSFederationUtils.bundle.getString("unableToFindIDPConfiguration"));
}
SPSSOConfigElement spConfig = metaManager.getSPSSOConfig(realm, spEntityId);
if (spConfig == null) {
debug.error(classMethod + "cannot find configuration for SP " + spEntityId);
throw new WSFederationException(WSFederationUtils.bundle.getString("unableToFindSPConfiguration"));
}
String authMethod = null;
String authSSOInstant = null;
String userid = null;
try {
authMethod = WSFederationUtils.sessionProvider.getProperty(session, SessionProvider.AUTH_METHOD)[0];
authSSOInstant = WSFederationUtils.sessionProvider.getProperty(session, SessionProvider.AUTH_INSTANT)[0];
userid = WSFederationUtils.sessionProvider.getProperty(session, "UserId")[// ISAuthConstants.USER_ID
0];
} catch (SessionException se) {
throw new WSFederationException(se);
}
IDPAttributeMapper attrMapper = getIDPAttributeMapper(WSFederationMetaUtils.getAttributes(idpConfig));
IDPAccountMapper accountMapper = getIDPAccountMapper(WSFederationMetaUtils.getAttributes(idpConfig));
List attributes = attrMapper.getAttributes(session, idpEntityId, spEntityId, realm);
Date authInstant = null;
if (authSSOInstant == null || authSSOInstant.equals("")) {
authInstant = new Date();
} else {
try {
authInstant = DateUtils.stringToDate(authSSOInstant);
} catch (ParseException pe) {
throw new WSFederationException(pe);
}
}
NameIdentifier ni = accountMapper.getNameID(session, realm, idpEntityId, spEntityId);
int notBeforeSkew = SAML2Constants.NOTBEFORE_ASSERTION_SKEW_DEFAULT;
String notBeforeSkewStr = WSFederationMetaUtils.getAttribute(idpConfig, SAML2Constants.ASSERTION_NOTBEFORE_SKEW_ATTRIBUTE);
if (notBeforeSkewStr != null) {
try {
notBeforeSkew = Integer.parseInt(notBeforeSkewStr);
if (debug.messageEnabled()) {
debug.message(classMethod + "got not before skew from config:" + notBeforeSkew);
}
} catch (NumberFormatException nfe) {
debug.error(classMethod + "Failed to get not before skew from IDP SSO config: ", nfe);
throw new WSFederationException(nfe);
}
}
int effectiveTime = SAML2Constants.ASSERTION_EFFECTIVE_TIME;
String effectiveTimeStr = WSFederationMetaUtils.getAttribute(idpConfig, SAML2Constants.ASSERTION_EFFECTIVE_TIME_ATTRIBUTE);
if (effectiveTimeStr != null) {
try {
effectiveTime = Integer.parseInt(effectiveTimeStr);
if (debug.messageEnabled()) {
debug.message(classMethod + "got effective time from config:" + effectiveTime);
}
} catch (NumberFormatException nfe) {
debug.error(classMethod + "Failed to get assertion effective time from " + "IDP SSO config: ", nfe);
throw new WSFederationException(nfe);
}
}
String strWantAssertionSigned = WSFederationMetaUtils.getAttribute(spConfig, WSFederationConstants.WANT_ASSERTION_SIGNED);
// By default, we want to sign assertions
boolean wantAssertionSigned = (strWantAssertionSigned != null) ? Boolean.parseBoolean(strWantAssertionSigned) : true;
String certAlias = WSFederationMetaUtils.getAttribute(idpConfig, SAML2Constants.SIGNING_CERT_ALIAS);
if (wantAssertionSigned && certAlias == null) {
// SP wants us to sign the assertion, but we don't have a signing
// cert
debug.error(classMethod + "SP wants signed assertion, but no signing cert is " + "configured");
throw new WSFederationException(WSFederationUtils.bundle.getString("noIdPCertAlias"));
}
if (!wantAssertionSigned) {
// SP doesn't want us to sign the assertion, so pass null certAlias
// to indicate no assertion signature required
certAlias = null;
}
// generate a response for the authn request
RequestSecurityTokenResponse rstr = new RequestSecurityTokenResponse(new SAML11RequestedSecurityToken(realm, spEntityId, idpEntityId, notBeforeSkew, effectiveTime, certAlias, authMethod, authInstant, ni, attributes), wtrealm);
if (rstr == null) {
debug.error(classMethod + "response is null");
String errorMsg = WSFederationUtils.bundle.getString("UnableToCreateAssertion");
/*
res = IDPSSOUtil.getErrorResponse(authnReq,
SAML2Constants.RESPONDER, errorMsg, idpEntityID);
*/
return;
} else {
try {
String[] values = { idpMetaAlias };
// Add SP to SP list in session
String[] spList = WSFederationUtils.sessionProvider.getProperty(session, WSFederationConstants.SESSION_SP_LIST);
ArrayList<String> newSpList = (spList != null) ? new ArrayList<String>(Arrays.asList(spList)) : new ArrayList<String>();
if (!newSpList.contains(spEntityId)) {
newSpList.add(spEntityId);
WSFederationUtils.sessionProvider.setProperty(session, WSFederationConstants.SESSION_SP_LIST, newSpList.toArray(new String[0]));
}
} catch (SessionException e) {
debug.error(classMethod + "error setting idpMetaAlias into the session: ", e);
}
try {
postToTarget(rstr, acsURL);
} catch (ServletException se) {
throw new WSFederationException(se);
}
}
}
Also used :
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
IDPAccountMapper(com.sun.identity.wsfederation.plugins.IDPAccountMapper)
WSFederationException(com.sun.identity.wsfederation.common.WSFederationException)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
SPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement)
SessionException(com.sun.identity.plugin.session.SessionException)
IDPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)
Date(java.util.Date)
ServletException(javax.servlet.ServletException)
SAML11RequestedSecurityToken(com.sun.identity.wsfederation.profile.SAML11RequestedSecurityToken)
IDPAttributeMapper(com.sun.identity.wsfederation.plugins.IDPAttributeMapper)
ArrayList(java.util.ArrayList)
List(java.util.List)
ParseException(java.text.ParseException)
RequestSecurityTokenResponse(com.sun.identity.wsfederation.profile.RequestSecurityTokenResponse)
Example 18 with WSFederationMetaManager
use of com.sun.identity.wsfederation.meta.WSFederationMetaManager in project OpenAM by OpenRock.
the class WSFedPropertiesModelImpl method setGenAttributeValues.
/**
* Saves the attribute values from the General page.
*
* @param realm to which the entity belongs.
* @param fedId is the entity id.
* @param idpStdValues has the General standard attribute value pairs.
* @param role of the entity ID.
* @param location specifies if the entity is remote or local.
* @throws AMConsoleException if saving of attribute value fails.
*/
public void setGenAttributeValues(String realm, String fedId, Map idpStdValues, String role, String location) throws AMConsoleException {
String tknissEndPt = null;
String tknissName = null;
Iterator it = idpStdValues.entrySet().iterator();
while (it.hasNext()) {
Map.Entry entry = (Map.Entry) it.next();
Object key = entry.getKey();
Object value = entry.getValue();
if (key.equals(TFTOKENISSUER_ENDPT)) {
HashSet set = (HashSet) idpStdValues.get(key);
Iterator i = set.iterator();
while ((i != null) && (i.hasNext())) {
tknissEndPt = (String) i.next();
}
} else if (key.equals(TFTOKENISSUER_NAME)) {
HashSet set = (HashSet) idpStdValues.get(key);
Iterator i = set.iterator();
while ((i != null) && (i.hasNext())) {
tknissName = (String) i.next();
}
} else if (key.equals(TF_DISPNAME)) {
if (role.equals(EntityModel.SERVICE_PROVIDER)) {
HashSet set = (HashSet) idpStdValues.get(key);
// Get the current map of extended SP values
Map tmpMap = getExtendedValues(role, realm, fedId);
// Replace existing value
tmpMap.put(TF_DISPNAME, set);
setSPExtAttributeValues(realm, fedId, tmpMap, location);
} else if (role.equals(EntityModel.IDENTITY_PROVIDER)) {
HashSet set = (HashSet) idpStdValues.get(key);
// Get the current map of extended IDP values
Map tmpMap = getExtendedValues(role, realm, fedId);
// Replace existing value
tmpMap.put(TF_DISPNAME, set);
setIDPExtAttributeValues(realm, fedId, tmpMap, location);
} else if (role.equals(DUAL)) {
HashSet set = (HashSet) idpStdValues.get(key);
// Get the current map of extended SP values
Map tmpMap = getExtendedValues(EntityModel.SERVICE_PROVIDER, realm, fedId);
// Replace existing value
tmpMap.put(TF_DISPNAME, set);
setSPExtAttributeValues(realm, fedId, tmpMap, location);
// Get the current map of extended IDP values
tmpMap = getExtendedValues(EntityModel.IDENTITY_PROVIDER, realm, fedId);
set = (HashSet) idpStdValues.get(TFIDPDISP_NAME);
// Replace existing value
tmpMap.put(TF_DISPNAME, set);
setIDPExtAttributeValues(realm, fedId, tmpMap, location);
}
}
}
try {
//fedElem is standard metadata federation element under the realm.
WSFederationMetaManager metaManager = getWSFederationMetaManager();
FederationElement fedElem = metaManager.getEntityDescriptor(realm, fedId);
if (fedElem == null) {
if (debug.warningEnabled()) {
debug.warning("WSFedPropertiesModelImpl.setGenAttributeValues:" + " found invalid federation element " + fedId);
}
throw new AMConsoleException("invalid.federation.element");
} else {
for (Iterator iter = fedElem.getAny().iterator(); iter.hasNext(); ) {
Object o = iter.next();
if (o instanceof TokenIssuerEndpointElement) {
((TokenIssuerEndpointElement) o).getAddress().setValue(tknissEndPt);
} else if (o instanceof TokenIssuerNameElement) {
((TokenIssuerNameElement) o).setValue(tknissName);
}
}
metaManager.setFederation(realm, fedElem);
}
} catch (WSFederationMetaException e) {
debug.warning("WSFedPropertiesModelImpl.setGenAttributeValues", e);
throw new AMConsoleException(e.getMessage());
}
}
Also used :
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
TokenIssuerEndpointElement(com.sun.identity.wsfederation.jaxb.wsfederation.TokenIssuerEndpointElement)
TokenIssuerNameElement(com.sun.identity.wsfederation.jaxb.wsfederation.TokenIssuerNameElement)
Iterator(java.util.Iterator)
WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
HashMap(java.util.HashMap)
Map(java.util.Map)
FederationElement(com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement)
HashSet(java.util.HashSet)
Example 19 with WSFederationMetaManager
use of com.sun.identity.wsfederation.meta.WSFederationMetaManager in project OpenAM by OpenRock.
the class WSFedPropertiesModelImpl method setIDPExtAttributeValues.
/**
* Saves the standard attribute values for the SP.
*
* @param realm to which the entity belongs.
* @param fedId is the entity id.
* @param idpExtValues has the extended attribute value pairs of IDP.
* @param location has the information whether remote or hosted.
* @throws AMConsoleException if saving of attribute value fails.
*/
public void setIDPExtAttributeValues(String realm, String fedId, Map idpExtValues, String location) throws AMConsoleException {
try {
String role = EntityModel.IDENTITY_PROVIDER;
// fed is the extended entity configuration under the realm
WSFederationMetaManager metaManager = getWSFederationMetaManager();
FederationConfigElement fed = metaManager.getEntityConfig(realm, fedId);
if (fed == null) {
IDPEX_DATA_MAP.put(TF_DISPNAME, Collections.EMPTY_SET);
createExtendedObject(realm, fedId, location, IDENTITY_PROVIDER, IDPEX_DATA_MAP);
fed = metaManager.getEntityConfig(realm, fedId);
}
IDPSSOConfigElement idpsso = getidpsso(fed);
if (idpsso != null) {
BaseConfigType baseConfig = (BaseConfigType) idpsso;
updateBaseConfig(idpsso, idpExtValues, role);
}
//saves the new configuration by passing new fed element created
metaManager.setEntityConfig(realm, fed);
} catch (JAXBException e) {
debug.warning("WSFedPropertiesModelImpl.setIDPExtAttributeValues", e);
throw new AMConsoleException(getErrorString(e));
} catch (WSFederationMetaException e) {
debug.warning("WSFedPropertiesModelImpl.setIDPExtAttributeValues", e);
throw new AMConsoleException(getErrorString(e));
}
}
Also used :
BaseConfigType(com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType)
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
JAXBException(javax.xml.bind.JAXBException)
FederationConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.FederationConfigElement)
IDPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)
WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Example 20 with WSFederationMetaManager
use of com.sun.identity.wsfederation.meta.WSFederationMetaManager in project OpenAM by OpenRock.
the class ImportEntityModelImpl method createWSFedEntity.
private void createWSFedEntity() throws AMConsoleException {
try {
com.sun.identity.wsfederation.jaxb.entityconfig.FederationConfigElement configElt = null;
if (extendedMetaData != null) {
configElt = getWSFedEntityConfigElement();
/*
* see note at the end of this class for how we decide
* the realm value
*/
if (configElt != null && configElt.isHosted()) {
List config = configElt.getIDPSSOConfigOrSPSSOConfig();
if (!config.isEmpty()) {
com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType bConfig = (com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType) config.iterator().next();
realm = WSFederationMetaUtils.getRealmByMetaAlias(bConfig.getMetaAlias());
}
}
}
if (standardMetaData != null) {
importWSFedMetaData();
}
if (configElt != null) {
(new WSFederationMetaManager()).createEntityConfig(realm, configElt);
}
} catch (WSFederationMetaException e) {
debug.error("ImportEntityModel.createWSFedEntity", e);
throw new AMConsoleException(e);
}
}
Also used :
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
List(java.util.List)
WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Aggregations
WSFederationMetaManager (com.sun.identity.wsfederation.meta.WSFederationMetaManager)31
WSFederationMetaException (com.sun.identity.wsfederation.meta.WSFederationMetaException)20
List (java.util.List)13
FederationElement (com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement)12
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)11
JAXBException (javax.xml.bind.JAXBException)10
Iterator (java.util.Iterator)9
CLIException (com.sun.identity.cli.CLIException)8
ArrayList (java.util.ArrayList)8
WSFederationException (com.sun.identity.wsfederation.common.WSFederationException)7
HashMap (java.util.HashMap)7
SPSSOConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement)6
Map (java.util.Map)6
SessionException (com.sun.identity.plugin.session.SessionException)5
Set (java.util.Set)5
BaseConfigType (com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType)4
FederationConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.FederationConfigElement)4
IDPSSOConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)4
TokenIssuerEndpointElement (com.sun.identity.wsfederation.jaxb.wsfederation.TokenIssuerEndpointElement)4
IOException (java.io.IOException)4
