Example 21 with WSFederationMetaManager
use of com.sun.identity.wsfederation.meta.WSFederationMetaManager in project OpenAM by OpenRock.
the class WSFederationSingleLogoutHandler method findIDPMetaAlias.
/**
* Returns the WSFed IDP metaAlis which is in the same COT as the initiation
* IDP and SP. Return null if such WSFed IDP does not exist or exception
* occurs.
*/
private String findIDPMetaAlias(String idpEntityID, String spEntityID, String realm, String protocol) {
try {
WSFederationMetaManager metaManager = WSFederationUtils.getMetaManager();
List hostedIdps = metaManager.getAllHostedIdentityProviderEntities(realm);
if (debug.messageEnabled()) {
debug.message("WSFedSingleLogoutHandler.findIDPMetaAlias: " + " all hosted WS-Fed IDPs = " + hostedIdps);
}
if ((hostedIdps == null) || hostedIdps.isEmpty()) {
return null;
}
CircleOfTrustManager cotManager = new CircleOfTrustManager();
Set cots = cotManager.getAllActiveCirclesOfTrust(realm);
int num = hostedIdps.size();
for (int i = 0; i < num; i++) {
String idpId = (String) hostedIdps.get(i);
Iterator it = cots.iterator();
while (it.hasNext()) {
String cotName = (String) it.next();
if (debug.messageEnabled()) {
debug.message("WSFedSLOHandler.findIDPMetaAlias: " + " check COT = " + cotName);
}
// check if this cot contains the wsfed IDP to be checked
Set providers = cotManager.listCircleOfTrustMember(realm, cotName, SingleLogoutManager.WS_FED);
if ((providers == null) || !providers.contains(idpId)) {
continue;
}
providers = cotManager.listCircleOfTrustMember(realm, cotName, protocol);
if ((providers == null) || !providers.contains(idpEntityID)) {
continue;
}
if ((spEntityID != null) && (spEntityID.length() != 0) && !providers.contains(spEntityID)) {
continue;
}
// but just stop here right now.
if (SingleLogoutManager.debug.messageEnabled()) {
SingleLogoutManager.debug.message("WSFedSingleLogoutHandler.findIDPMetaAlias : " + "found IDP " + idpId + " in COT " + cotName);
}
IDPSSOConfigElement config = metaManager.getIDPSSOConfig(realm, idpId);
return config.getMetaAlias();
}
}
} catch (Exception e) {
SingleLogoutManager.debug.error("WSFederationSingleLogoutHandler." + "findIDPMetaAlias", e);
}
return null;
}
Also used :
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
Set(java.util.Set)
Iterator(java.util.Iterator)
List(java.util.List)
IDPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)
SessionException(com.sun.identity.plugin.session.SessionException)
Example 22 with WSFederationMetaManager
use of com.sun.identity.wsfederation.meta.WSFederationMetaManager in project OpenAM by OpenRock.
the class IPSigninRequest method process.
/**
* Processes the sign-in request, returning a response via the
* HttpServletResponse passed to the constructor.
*/
public void process() throws IOException, WSFederationException {
String classMethod = "IPSigninRequest.process: ";
Object session = null;
String idpMetaAlias = WSFederationMetaUtils.getMetaAliasByUri(request.getRequestURI());
if ((idpMetaAlias == null) || (idpMetaAlias.trim().length() == 0)) {
debug.error(classMethod + "unable to get IDP meta alias from request.");
throw new WSFederationException(WSFederationUtils.bundle.getString("IDPMetaAliasNotFound"));
}
WSFederationMetaManager metaManager = WSFederationUtils.getMetaManager();
// retrieve IDP entity id from meta alias
String idpEntityID = metaManager.getEntityByMetaAlias(idpMetaAlias);
if ((idpEntityID == null) || (idpEntityID.trim().length() == 0)) {
debug.error(classMethod + "Unable to get IDP Entity ID from metaAlias");
throw new WSFederationException(WSFederationUtils.bundle.getString("nullIDPEntityID"));
}
String realm = WSFederationMetaUtils.getRealmByMetaAlias(idpMetaAlias);
String spEntityID = metaManager.getEntityByTokenIssuerName(realm, wtrealm);
if ((spEntityID == null) || (spEntityID.trim().length() == 0)) {
debug.error(classMethod + "Unable to get SP Entity ID from wtrealm");
throw new WSFederationException(WSFederationUtils.bundle.getString("nullIDPEntityID"));
}
// check if the remote provider is valid
if (!metaManager.isTrustedProvider(realm, idpEntityID, spEntityID)) {
debug.error(classMethod + "The remote provider is not valid.");
throw new WSFederationException(WSFederationUtils.bundle.getString("invalidReceiver"));
}
// get the user sso session from the request
try {
session = WSFederationUtils.sessionProvider.getSession(request);
} catch (SessionException se) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Unable to retrieve user session.");
}
session = null;
}
if (session == null) {
// the user has not logged in yet, redirect to auth
redirectAuthentication(idpEntityID, realm);
return;
}
String sessionRealm = getSessionRealm(session);
// If we are in the same realm as the users existing session then we can continue processing
if (realm.equalsIgnoreCase(sessionRealm)) {
// set session property for multi-federation protocol hub
MultiProtocolUtils.addFederationProtocol(session, SingleLogoutManager.WS_FED);
sendResponse(session, idpEntityID, spEntityID, idpMetaAlias, realm);
} else {
// Trigger a re-auth to the new realm if the session realm value is different
if (debug.messageEnabled()) {
debug.message(classMethod + "The users realm: " + sessionRealm + " was different to the IDP's realm: " + realm + ", will re-authenticate to IDP: " + idpEntityID);
}
redirectAuthentication(idpEntityID, realm);
}
}
Also used :
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
WSFederationException(com.sun.identity.wsfederation.common.WSFederationException)
SessionException(com.sun.identity.plugin.session.SessionException)
Example 23 with WSFederationMetaManager
use of com.sun.identity.wsfederation.meta.WSFederationMetaManager in project OpenAM by OpenRock.
the class ImportMetaData method handleWSFedRequest.
private void handleWSFedRequest(RequestContext rc) throws CLIException {
try {
String federationID = null;
List<String> newMetaAliases = null;
com.sun.identity.wsfederation.jaxb.entityconfig.FederationConfigElement configElt = null;
if (extendedData != null) {
configElt = getWSFedEntityConfigElement();
/*
* see note at the end of this class for how we decide
* the realm value
*/
if (configElt != null && configElt.isHosted()) {
List config = configElt.getIDPSSOConfigOrSPSSOConfig();
if (!config.isEmpty()) {
com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType bConfig = (com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType) config.iterator().next();
realm = WSFederationMetaUtils.getRealmByMetaAlias(bConfig.getMetaAlias());
newMetaAliases = getMetaAliases(config);
}
}
}
WSFederationMetaManager metaManager = new WSFederationMetaManager(ssoToken);
if (metadata != null) {
federationID = importWSFedMetaData();
}
if (configElt != null) {
if (null != newMetaAliases && !newMetaAliases.isEmpty()) {
metaManager.validateMetaAliasForNewEntity(realm, newMetaAliases);
}
metaManager.createEntityConfig(realm, configElt);
String out = (webAccess) ? "web" : extendedData;
Object[] objs = { out };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("import-entity-succeeded"), objs));
}
if ((cot != null) && (cot.length() > 0) && (federationID != null)) {
CircleOfTrustManager cotManager = new CircleOfTrustManager(ssoToken);
if (!cotManager.isInCircleOfTrust(realm, cot, spec, federationID)) {
cotManager.addCircleOfTrustMember(realm, cot, spec, federationID);
}
}
} catch (COTException e) {
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (WSFederationMetaException e) {
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Also used :
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
COTException(com.sun.identity.cot.COTException)
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
CLIException(com.sun.identity.cli.CLIException)
ArrayList(java.util.ArrayList)
List(java.util.List)
WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException)
Example 24 with WSFederationMetaManager
use of com.sun.identity.wsfederation.meta.WSFederationMetaManager in project OpenAM by OpenRock.
the class ImportMetaData method importWSFedMetaData.
private String importWSFedMetaData() throws WSFederationMetaException, CLIException {
InputStream is = null;
String out = (webAccess) ? "web" : metadata;
Object[] objs = { out };
String federationID = null;
try {
Object obj;
Document doc;
if (webAccess) {
obj = WSFederationMetaUtils.convertStringToJAXB(metadata);
doc = XMLUtils.toDOMDocument(metadata, CommandManager.getDebugger());
} else {
is = new FileInputStream(metadata);
doc = XMLUtils.toDOMDocument(is, CommandManager.getDebugger());
obj = WSFederationMetaUtils.convertNodeToJAXB(doc);
}
if (obj instanceof com.sun.identity.wsfederation.jaxb.wsfederation.FederationMetadataElement) {
// Just get the first element for now...
// TODO - loop through Federation elements?
obj = ((com.sun.identity.wsfederation.jaxb.wsfederation.FederationMetadataElement) obj).getAny().get(0);
}
if (obj instanceof com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement) {
com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement federation = (com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement) obj;
federationID = federation.getFederationID();
if (federationID == null) {
federationID = WSFederationConstants.DEFAULT_FEDERATION_ID;
}
// WSFederationMetaSecurityUtils.verifySignature(doc);
WSFederationMetaManager metaManager = new WSFederationMetaManager(ssoToken);
metaManager.createFederation(realm, federation);
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("import-entity-succeeded"), objs));
}
return federationID;
} catch (FileNotFoundException e) {
throw new CLIException(MessageFormat.format(getResourceString("file-not-found"), objs), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (JAXBException e) {
debugWarning("ImportMetaData.importMetaData", e);
throw new CLIException(MessageFormat.format(getResourceString("import-entity-exception-invalid-descriptor-file"), objs), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IllegalArgumentException e) {
debugWarning("ImportMetaData.importMetaData", e);
throw new CLIException(MessageFormat.format(getResourceString("import-entity-exception-invalid-descriptor-file"), objs), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} finally {
if (is != null) {
try {
is.close();
} catch (IOException e) {
//do not if the file cannot be closed.
}
}
}
}
Also used :
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
FileInputStream(java.io.FileInputStream)
InputStream(java.io.InputStream)
JAXBException(javax.xml.bind.JAXBException)
FileNotFoundException(java.io.FileNotFoundException)
IOException(java.io.IOException)
Document(org.w3c.dom.Document)
FileInputStream(java.io.FileInputStream)
CLIException(com.sun.identity.cli.CLIException)
Example 25 with WSFederationMetaManager
use of com.sun.identity.wsfederation.meta.WSFederationMetaManager in project OpenAM by OpenRock.
the class ListEntities method handleWSFedRequest.
private void handleWSFedRequest(RequestContext rc) throws CLIException {
IOutput outputWriter = getOutputWriter();
Object[] objs = { realm };
try {
WSFederationMetaManager metaManager = new WSFederationMetaManager(ssoToken);
Set entities = metaManager.getAllEntities(realm);
if ((entities == null) || entities.isEmpty()) {
outputWriter.printlnMessage(MessageFormat.format(getResourceString("list-entities-no-entities"), objs));
} else {
outputWriter.printlnMessage(MessageFormat.format(getResourceString("list-entities-entity-listing"), objs));
for (Iterator i = entities.iterator(); i.hasNext(); ) {
String name = (String) i.next();
outputWriter.printlnMessage(" " + name);
}
}
} catch (WSFederationMetaException e) {
debugWarning("ListEntities.handleRequest", e);
String[] args = { realm, e.getMessage() };
writeLog(LogWriter.LOG_ERROR, Level.INFO, "FAILED_LIST_ENTITIES", args);
throw new CLIException(e.getMessage(), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Also used :
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
Set(java.util.Set)
IOutput(com.sun.identity.cli.IOutput)
Iterator(java.util.Iterator)
CLIException(com.sun.identity.cli.CLIException)
WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException)
Aggregations
WSFederationMetaManager (com.sun.identity.wsfederation.meta.WSFederationMetaManager)31
WSFederationMetaException (com.sun.identity.wsfederation.meta.WSFederationMetaException)20
List (java.util.List)13
FederationElement (com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement)12
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)11
JAXBException (javax.xml.bind.JAXBException)10
Iterator (java.util.Iterator)9
CLIException (com.sun.identity.cli.CLIException)8
ArrayList (java.util.ArrayList)8
WSFederationException (com.sun.identity.wsfederation.common.WSFederationException)7
HashMap (java.util.HashMap)7
SPSSOConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement)6
Map (java.util.Map)6
SessionException (com.sun.identity.plugin.session.SessionException)5
Set (java.util.Set)5
BaseConfigType (com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType)4
FederationConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.FederationConfigElement)4
IDPSSOConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)4
TokenIssuerEndpointElement (com.sun.identity.wsfederation.jaxb.wsfederation.TokenIssuerEndpointElement)4
IOException (java.io.IOException)4
