Example 1 with IdpType
use of com.tremolosecurity.config.xml.IdpType in project OpenUnison by TremoloSecurity.
the class LoadApplicationsFromK8s method createIdpOnUrl.
private void createIdpOnUrl(JSONObject jsonUrl, UrlType url) throws ProvisioningException, Exception {
IdpType idp = new IdpType();
JSONObject jsonIdp = (JSONObject) jsonUrl.get("idp");
url.setIdp(idp);
idp.setClassName((String) jsonIdp.get("className"));
JSONObject params = (JSONObject) jsonIdp.get("params");
if (params != null) {
for (Object x : params.keySet()) {
String paramName = (String) x;
Object z = params.get(paramName);
if (z instanceof String) {
ParamType pt = new ParamType();
pt.setName(paramName);
pt.setValue((String) z);
idp.getParams().add(pt);
} else {
JSONArray values = (JSONArray) z;
for (Object y : values) {
ParamType pt = new ParamType();
pt.setName(paramName);
pt.setValue((String) y);
idp.getParams().add(pt);
}
}
}
}
JSONArray secretParams = (JSONArray) jsonIdp.get("secretParams");
if (secretParams != null) {
HttpCon nonwatchHttp = this.k8sWatch.getK8s().createClient();
String token = this.k8sWatch.getK8s().getAuthToken();
try {
for (Object ox : secretParams) {
JSONObject secretParam = (JSONObject) ox;
String paramName = (String) secretParam.get("name");
String secretName = (String) secretParam.get("secretName");
String secretKey = (String) secretParam.get("secretKey");
String secretValue = this.k8sWatch.getSecretValue(secretName, secretKey, token, nonwatchHttp);
ParamType pt = new ParamType();
pt.setName(paramName);
pt.setValue(secretValue);
idp.getParams().add(pt);
}
} finally {
nonwatchHttp.getHttp().close();
nonwatchHttp.getBcm().close();
}
}
JSONObject mappings = (JSONObject) jsonIdp.get("mappings");
if (mappings != null) {
IdpMappingType idpMappingType = new IdpMappingType();
idpMappingType.setStrict(getBoolValue(mappings.get("strict"), true));
JSONArray jsonMap = (JSONArray) mappings.get("map");
if (jsonMap != null) {
for (Object x : jsonMap) {
JSONObject map = (JSONObject) x;
ProvisionMappingType pmt = new ProvisionMappingType();
pmt.setTargetAttributeName((String) map.get("targetAttributeName"));
pmt.setTargetAttributeSource((String) map.get("targetAttributeSource"));
pmt.setSourceType((String) map.get("sourceType"));
idpMappingType.getMapping().add(pmt);
}
}
idp.setMappings(idpMappingType);
}
JSONArray jsonTrusts = (JSONArray) jsonIdp.get("trusts");
if (jsonTrusts != null) {
TrustsType tt = new TrustsType();
for (Object o : jsonTrusts) {
JSONObject jsonTrust = (JSONObject) o;
TrustType trust = new TrustType();
trust.setName((String) jsonTrust.get("name"));
params = (JSONObject) jsonTrust.get("params");
if (params != null) {
for (Object x : params.keySet()) {
String paramName = (String) x;
Object z = params.get(paramName);
if (z instanceof String) {
ParamType pt = new ParamType();
pt.setName(paramName);
pt.setValue((String) z);
trust.getParam().add(pt);
} else {
JSONArray values = (JSONArray) z;
for (Object y : values) {
ParamType pt = new ParamType();
pt.setName(paramName);
pt.setValue((String) y);
trust.getParam().add(pt);
}
}
}
}
secretParams = (JSONArray) jsonTrust.get("secretParams");
if (secretParams != null) {
HttpCon nonwatchHttp = this.k8sWatch.getK8s().createClient();
String token = this.k8sWatch.getK8s().getAuthToken();
try {
for (Object ox : secretParams) {
JSONObject secretParam = (JSONObject) ox;
String paramName = (String) secretParam.get("name");
String secretName = (String) secretParam.get("secretName");
String secretKey = (String) secretParam.get("secretKey");
String secretValue = this.k8sWatch.getSecretValue(secretName, secretKey, token, nonwatchHttp);
ParamType pt = new ParamType();
pt.setName(paramName);
pt.setValue(secretValue);
trust.getParam().add(pt);
}
} finally {
nonwatchHttp.getHttp().close();
nonwatchHttp.getBcm().close();
}
}
tt.getTrust().add(trust);
}
idp.setTrusts(tt);
}
}
Also used :
IdpType(com.tremolosecurity.config.xml.IdpType)
TrustsType(com.tremolosecurity.config.xml.TrustsType)
HttpCon(com.tremolosecurity.provisioning.util.HttpCon)
JSONObject(org.json.simple.JSONObject)
JSONArray(org.json.simple.JSONArray)
TrustType(com.tremolosecurity.config.xml.TrustType)
JSONObject(org.json.simple.JSONObject)
ProvisionMappingType(com.tremolosecurity.config.xml.ProvisionMappingType)
IdpMappingType(com.tremolosecurity.config.xml.IdpMappingType)
AuthMechParamType(com.tremolosecurity.config.xml.AuthMechParamType)
ParamType(com.tremolosecurity.config.xml.ParamType)
Example 2 with IdpType
use of com.tremolosecurity.config.xml.IdpType in project OpenUnison by TremoloSecurity.
the class PreAuthFilter method initFilter.
@Override
public void initFilter(HttpFilterConfig config) throws Exception {
this.postSAML = config.getAttribute("postSAML") != null && config.getAttribute("postSAML").getValues().get(0).equalsIgnoreCase("true");
if (postSAML) {
String idpName = config.getAttribute("idpName").getValues().get(0);
ApplicationType app = config.getConfigManager().getApp(idpName);
IdpType idp = app.getUrls().getUrl().get(0).getIdp();
for (ParamType pt : idp.getParams()) {
if (pt.getName().equalsIgnoreCase("sigKey")) {
this.keyAlias = pt.getValue();
}
}
TrustType tt = idp.getTrusts().getTrust().get(0);
for (ParamType pt : tt.getParam()) {
if (pt.getName().equalsIgnoreCase("signResponse")) {
this.signResponse = pt.getValue().equalsIgnoreCase("true");
} else if (pt.getName().equalsIgnoreCase("signAssertion")) {
this.signAssertion = pt.getValue().equalsIgnoreCase("true");
} else if (pt.getName().equalsIgnoreCase("httpPostRespURL")) {
this.assertionConsumerURL = pt.getValue();
} else if (pt.getName().equalsIgnoreCase("defaultNameId")) {
this.nameIDType = pt.getValue();
} else if (pt.getName().equalsIgnoreCase("nameIdMap")) {
this.nameIDAttribute = pt.getValue().substring(pt.getValue().indexOf('=') + 1);
} else if (pt.getName().equalsIgnoreCase("defaultAuthCtx")) {
this.authnCtxClassRef = pt.getValue();
}
}
String issuerHost = config.getAttribute("issuerHost").getValues().get(0);
String issuerPort = config.getAttribute("issuerPort").getValues().get(0);
boolean issuerSSL = config.getAttribute("issuerSSL").getValues().get(0).equalsIgnoreCase("true");
StringBuffer b = new StringBuffer();
if (issuerSSL) {
b.append("https://");
} else {
b.append("http://");
}
b.append(issuerHost);
if (!issuerPort.isEmpty()) {
b.append(':').append(issuerPort);
}
b.append("/auth/idp/").append(idpName);
this.issuer = b.toString();
// this.issuer = config.getAttribute("issuer").getValues().get(0);
this.audience = tt.getName();
this.relayState = config.getAttribute("relayState").getValues().get(0);
InitializationService.initialize();
this.url = this.assertionConsumerURL;
} else {
this.url = config.getAttribute("url").getValues().get(0);
}
URL nurl = new URL(this.url);
this.uri = nurl.getPath();
UrlType urlCfg = config.getConfigManager().findURL(this.url).getUrl();
for (FilterConfigType filterCfg : urlCfg.getFilterChain().getFilter()) {
if (filterCfg.getClazz().equalsIgnoreCase("com.tremolosecurity.proxy.filters.LastMile")) {
for (ParamWithValueType pt : filterCfg.getParam()) {
if (pt.getName().equalsIgnoreCase("encKeyAlias")) {
this.lastMileKeyAlias = pt.getValue();
} else if (pt.getName().equalsIgnoreCase("headerName")) {
this.headerName = pt.getValue();
} else if (pt.getName().equalsIgnoreCase("userAttribute")) {
this.loginAttribute = pt.getValue();
}
}
for (ParamWithValueType pt : filterCfg.getParam()) {
if (pt.getName().equalsIgnoreCase("attribs")) {
String param = pt.getValue();
String fromUser = param.substring(0, param.indexOf('='));
String toApp = param.substring(param.indexOf('=') + 1);
if (fromUser.equalsIgnoreCase(this.headerName)) {
this.headerName = toApp;
}
}
}
}
}
logger.info("URL : '" + this.url + "'");
logger.info("Key Alias : '" + this.lastMileKeyAlias + "'");
logger.info("Login ID Attribute : '" + this.loginAttribute + "'");
logger.info("Header Attribute : '" + this.headerName + "'");
if (this.postSAML) {
logger.info("Saml : true");
logger.info("Issuer : " + this.issuer);
}
}
Also used :
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
IdpType(com.tremolosecurity.config.xml.IdpType)
FilterConfigType(com.tremolosecurity.config.xml.FilterConfigType)
TrustType(com.tremolosecurity.config.xml.TrustType)
ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType)
UrlType(com.tremolosecurity.config.xml.UrlType)
ParamType(com.tremolosecurity.config.xml.ParamType)
URL(java.net.URL)
Aggregations
IdpType (com.tremolosecurity.config.xml.IdpType)2
ParamType (com.tremolosecurity.config.xml.ParamType)2
TrustType (com.tremolosecurity.config.xml.TrustType)2
ApplicationType (com.tremolosecurity.config.xml.ApplicationType)1
AuthMechParamType (com.tremolosecurity.config.xml.AuthMechParamType)1
FilterConfigType (com.tremolosecurity.config.xml.FilterConfigType)1
IdpMappingType (com.tremolosecurity.config.xml.IdpMappingType)1
ParamWithValueType (com.tremolosecurity.config.xml.ParamWithValueType)1
ProvisionMappingType (com.tremolosecurity.config.xml.ProvisionMappingType)1
TrustsType (com.tremolosecurity.config.xml.TrustsType)1
UrlType (com.tremolosecurity.config.xml.UrlType)1
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)1
URL (java.net.URL)1
JSONArray (org.json.simple.JSONArray)1
JSONObject (org.json.simple.JSONObject)1
