Search in sources :

Example 1 with IDPAttributeMapper

use of com.sun.identity.wsfederation.plugins.IDPAttributeMapper in project OpenAM by OpenRock.

the class IPSigninRequest method sendResponse.

/**
     * Sends <code>RequestSecurityTokenResponse</code> containing an 
     * <code>Assertion</code> back to the requesting service provider
     */
private void sendResponse(Object session, String idpEntityId, String spEntityId, String idpMetaAlias, String realm) throws WSFederationException, IOException {
    String classMethod = "IDPSSOFederate.sendResponse: ";
    /*    
        String nameIDFormat = null;
        NameIDPolicy policy = authnReq.getNameIDPolicy();
        if (policy != null) {
            nameIDFormat = policy.getFormat();
        }
 */
    String acsURL = IDPSSOUtil.getACSurl(spEntityId, realm, wreply);
    if ((acsURL == null) || (acsURL.trim().length() == 0)) {
        debug.error(classMethod + "no ACS URL found.");
        String[] data = { realm, spEntityId, wreply };
        LogUtil.error(Level.INFO, LogUtil.NO_ACS_URL, data, null);
        throw new WSFederationException(WSFederationUtils.bundle.getString("unableTofindACSURL"));
    }
    WSFederationMetaManager metaManager = WSFederationUtils.getMetaManager();
    IDPSSOConfigElement idpConfig = metaManager.getIDPSSOConfig(realm, idpEntityId);
    if (idpConfig == null) {
        debug.error(classMethod + "cannot find configuration for IdP " + idpEntityId);
        throw new WSFederationException(WSFederationUtils.bundle.getString("unableToFindIDPConfiguration"));
    }
    SPSSOConfigElement spConfig = metaManager.getSPSSOConfig(realm, spEntityId);
    if (spConfig == null) {
        debug.error(classMethod + "cannot find configuration for SP " + spEntityId);
        throw new WSFederationException(WSFederationUtils.bundle.getString("unableToFindSPConfiguration"));
    }
    String authMethod = null;
    String authSSOInstant = null;
    String userid = null;
    try {
        authMethod = WSFederationUtils.sessionProvider.getProperty(session, SessionProvider.AUTH_METHOD)[0];
        authSSOInstant = WSFederationUtils.sessionProvider.getProperty(session, SessionProvider.AUTH_INSTANT)[0];
        userid = WSFederationUtils.sessionProvider.getProperty(session, "UserId")[// ISAuthConstants.USER_ID
        0];
    } catch (SessionException se) {
        throw new WSFederationException(se);
    }
    IDPAttributeMapper attrMapper = getIDPAttributeMapper(WSFederationMetaUtils.getAttributes(idpConfig));
    IDPAccountMapper accountMapper = getIDPAccountMapper(WSFederationMetaUtils.getAttributes(idpConfig));
    List attributes = attrMapper.getAttributes(session, idpEntityId, spEntityId, realm);
    Date authInstant = null;
    if (authSSOInstant == null || authSSOInstant.equals("")) {
        authInstant = new Date();
    } else {
        try {
            authInstant = DateUtils.stringToDate(authSSOInstant);
        } catch (ParseException pe) {
            throw new WSFederationException(pe);
        }
    }
    NameIdentifier ni = accountMapper.getNameID(session, realm, idpEntityId, spEntityId);
    int notBeforeSkew = SAML2Constants.NOTBEFORE_ASSERTION_SKEW_DEFAULT;
    String notBeforeSkewStr = WSFederationMetaUtils.getAttribute(idpConfig, SAML2Constants.ASSERTION_NOTBEFORE_SKEW_ATTRIBUTE);
    if (notBeforeSkewStr != null) {
        try {
            notBeforeSkew = Integer.parseInt(notBeforeSkewStr);
            if (debug.messageEnabled()) {
                debug.message(classMethod + "got not before skew from config:" + notBeforeSkew);
            }
        } catch (NumberFormatException nfe) {
            debug.error(classMethod + "Failed to get not before skew from IDP SSO config: ", nfe);
            throw new WSFederationException(nfe);
        }
    }
    int effectiveTime = SAML2Constants.ASSERTION_EFFECTIVE_TIME;
    String effectiveTimeStr = WSFederationMetaUtils.getAttribute(idpConfig, SAML2Constants.ASSERTION_EFFECTIVE_TIME_ATTRIBUTE);
    if (effectiveTimeStr != null) {
        try {
            effectiveTime = Integer.parseInt(effectiveTimeStr);
            if (debug.messageEnabled()) {
                debug.message(classMethod + "got effective time from config:" + effectiveTime);
            }
        } catch (NumberFormatException nfe) {
            debug.error(classMethod + "Failed to get assertion effective time from " + "IDP SSO config: ", nfe);
            throw new WSFederationException(nfe);
        }
    }
    String strWantAssertionSigned = WSFederationMetaUtils.getAttribute(spConfig, WSFederationConstants.WANT_ASSERTION_SIGNED);
    // By default, we want to sign assertions
    boolean wantAssertionSigned = (strWantAssertionSigned != null) ? Boolean.parseBoolean(strWantAssertionSigned) : true;
    String certAlias = WSFederationMetaUtils.getAttribute(idpConfig, SAML2Constants.SIGNING_CERT_ALIAS);
    if (wantAssertionSigned && certAlias == null) {
        // SP wants us to sign the assertion, but we don't have a signing 
        // cert
        debug.error(classMethod + "SP wants signed assertion, but no signing cert is " + "configured");
        throw new WSFederationException(WSFederationUtils.bundle.getString("noIdPCertAlias"));
    }
    if (!wantAssertionSigned) {
        // SP doesn't want us to sign the assertion, so pass null certAlias 
        // to indicate no assertion signature required
        certAlias = null;
    }
    // generate a response for the authn request
    RequestSecurityTokenResponse rstr = new RequestSecurityTokenResponse(new SAML11RequestedSecurityToken(realm, spEntityId, idpEntityId, notBeforeSkew, effectiveTime, certAlias, authMethod, authInstant, ni, attributes), wtrealm);
    if (rstr == null) {
        debug.error(classMethod + "response is null");
        String errorMsg = WSFederationUtils.bundle.getString("UnableToCreateAssertion");
        /*
            res = IDPSSOUtil.getErrorResponse(authnReq, 
                SAML2Constants.RESPONDER, errorMsg, idpEntityID);
             */
        return;
    } else {
        try {
            String[] values = { idpMetaAlias };
            // Add SP to SP list in session
            String[] spList = WSFederationUtils.sessionProvider.getProperty(session, WSFederationConstants.SESSION_SP_LIST);
            ArrayList<String> newSpList = (spList != null) ? new ArrayList<String>(Arrays.asList(spList)) : new ArrayList<String>();
            if (!newSpList.contains(spEntityId)) {
                newSpList.add(spEntityId);
                WSFederationUtils.sessionProvider.setProperty(session, WSFederationConstants.SESSION_SP_LIST, newSpList.toArray(new String[0]));
            }
        } catch (SessionException e) {
            debug.error(classMethod + "error setting idpMetaAlias into the session: ", e);
        }
        try {
            postToTarget(rstr, acsURL);
        } catch (ServletException se) {
            throw new WSFederationException(se);
        }
    }
}
Also used : WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager) IDPAccountMapper(com.sun.identity.wsfederation.plugins.IDPAccountMapper) WSFederationException(com.sun.identity.wsfederation.common.WSFederationException) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) SPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement) SessionException(com.sun.identity.plugin.session.SessionException) IDPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement) Date(java.util.Date) ServletException(javax.servlet.ServletException) SAML11RequestedSecurityToken(com.sun.identity.wsfederation.profile.SAML11RequestedSecurityToken) IDPAttributeMapper(com.sun.identity.wsfederation.plugins.IDPAttributeMapper) ArrayList(java.util.ArrayList) List(java.util.List) ParseException(java.text.ParseException) RequestSecurityTokenResponse(com.sun.identity.wsfederation.profile.RequestSecurityTokenResponse)

Example 2 with IDPAttributeMapper

use of com.sun.identity.wsfederation.plugins.IDPAttributeMapper in project OpenAM by OpenRock.

the class IPSigninRequest method getIDPAttributeMapper.

private static IDPAttributeMapper getIDPAttributeMapper(Map<String, List<String>> attributes) throws WSFederationException {
    IDPAttributeMapper attrMapper = null;
    List attrMapperList = (List) attributes.get(SAML2Constants.IDP_ATTRIBUTE_MAPPER);
    if (attrMapperList != null) {
        try {
            attrMapper = (IDPAttributeMapper) (Class.forName((String) attrMapperList.get(0)).newInstance());
        } catch (ClassNotFoundException cfe) {
            throw new WSFederationException(cfe);
        } catch (InstantiationException ie) {
            throw new WSFederationException(ie);
        } catch (IllegalAccessException iae) {
            throw new WSFederationException(iae);
        }
    }
    if (attrMapper == null) {
        throw new WSFederationException(WSFederationUtils.bundle.getString("failedAttrMapper"));
    }
    return attrMapper;
}
Also used : WSFederationException(com.sun.identity.wsfederation.common.WSFederationException) IDPAttributeMapper(com.sun.identity.wsfederation.plugins.IDPAttributeMapper) ArrayList(java.util.ArrayList) List(java.util.List)

Aggregations

WSFederationException (com.sun.identity.wsfederation.common.WSFederationException)2 IDPAttributeMapper (com.sun.identity.wsfederation.plugins.IDPAttributeMapper)2 ArrayList (java.util.ArrayList)2 List (java.util.List)2 SessionException (com.sun.identity.plugin.session.SessionException)1 NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)1 IDPSSOConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)1 SPSSOConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement)1 WSFederationMetaManager (com.sun.identity.wsfederation.meta.WSFederationMetaManager)1 IDPAccountMapper (com.sun.identity.wsfederation.plugins.IDPAccountMapper)1 RequestSecurityTokenResponse (com.sun.identity.wsfederation.profile.RequestSecurityTokenResponse)1 SAML11RequestedSecurityToken (com.sun.identity.wsfederation.profile.SAML11RequestedSecurityToken)1 ParseException (java.text.ParseException)1 Date (java.util.Date)1 ServletException (javax.servlet.ServletException)1