Examples with SAML2IdPTO org.apache.syncope.common.lib.to.SAML2IdPTO used on opensource projects

Search in sources :

Example 1 with SAML2IdPTO

use of org.apache.syncope.common.lib.to.SAML2IdPTO in project syncope by apache.

the class SAML2ITCase method setIdPMapping.

@Test
public void setIdPMapping() {
    assumeTrue(SAML2SPDetector.isSAML2SPAvailable());
    Optional<SAML2IdPTO> ssoCircleOpt = saml2IdPService.list().stream().filter(o -> "https://idp.ssocircle.com".equals(o.getEntityID())).findFirst();
    assertTrue(ssoCircleOpt.isPresent());
    SAML2IdPTO ssoCircle = ssoCircleOpt.get();
    assertNotNull(ssoCircle);
    assertFalse(ssoCircle.isCreateUnmatching());
    assertNull(ssoCircle.getUserTemplate());
    assertFalse(ssoCircle.getItems().isEmpty());
    assertNotNull(ssoCircle.getConnObjectKeyItem());
    assertNotEquals("email", ssoCircle.getConnObjectKeyItem().getIntAttrName());
    assertNotEquals("EmailAddress", ssoCircle.getConnObjectKeyItem().getExtAttrName());
    ssoCircle.setCreateUnmatching(true);
    UserTO userTemplate = new UserTO();
    userTemplate.setRealm("'/'");
    ssoCircle.setUserTemplate(userTemplate);
    ssoCircle.getItems().clear();
    ItemTO keyMapping = new ItemTO();
    keyMapping.setIntAttrName("email");
    keyMapping.setExtAttrName("EmailAddress");
    ssoCircle.setConnObjectKeyItem(keyMapping);
    saml2IdPService.update(ssoCircle);
    ssoCircle = saml2IdPService.read(ssoCircle.getKey());
    assertTrue(ssoCircle.isCreateUnmatching());
    assertEquals(userTemplate, ssoCircle.getUserTemplate());
    assertEquals("email", ssoCircle.getConnObjectKeyItem().getIntAttrName());
    assertEquals("EmailAddress", ssoCircle.getConnObjectKeyItem().getExtAttrName());
}
Also used : X509Certificate(java.security.cert.X509Certificate) Merlin(org.apache.wss4j.common.crypto.Merlin) KeyPair(java.security.KeyPair) Arrays(java.util.Arrays) JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) Date(java.util.Date) DOMUtils(org.apache.cxf.helpers.DOMUtils) DOM2Writer(org.apache.wss4j.common.util.DOM2Writer) Assertions.assertNotEquals(org.junit.jupiter.api.Assertions.assertNotEquals) SAML2SPService(org.apache.syncope.common.rest.api.service.SAML2SPService) SecureRandom(java.security.SecureRandom) AfterAll(org.junit.jupiter.api.AfterAll) Status(org.opensaml.saml.saml2.core.Status) MediaType(javax.ws.rs.core.MediaType) X500Name(org.bouncycastle.asn1.x500.X500Name) Assertions.assertFalse(org.junit.jupiter.api.Assertions.assertFalse) SAML2ReceivedResponseTO(org.apache.syncope.common.lib.to.SAML2ReceivedResponseTO) XMLSignature(org.apache.xml.security.signature.XMLSignature) BeforeAll(org.junit.jupiter.api.BeforeAll) Document(org.w3c.dom.Document) SignatureConstants(org.opensaml.xmlsec.signature.support.SignatureConstants) BigInteger(java.math.BigInteger) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) Path(java.nio.file.Path) KeyPairGenerator(java.security.KeyPairGenerator) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) KeyStore(java.security.KeyStore) WSSConfig(org.apache.wss4j.dom.engine.WSSConfig) StandardCharsets(java.nio.charset.StandardCharsets) Test(org.junit.jupiter.api.Test) Base64(java.util.Base64) List(java.util.List) Certificate(java.security.cert.Certificate) Response(javax.ws.rs.core.Response) Assertions.assertTrue(org.junit.jupiter.api.Assertions.assertTrue) AudienceRestrictionBean(org.apache.wss4j.common.saml.bean.AudienceRestrictionBean) Optional(java.util.Optional) SAMLProtocolResponseValidator(org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator) Pattern(java.util.regex.Pattern) QName(javax.xml.namespace.QName) Assertions.fail(org.junit.jupiter.api.Assertions.fail) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) AnonymousAuthenticationHandler(org.apache.syncope.client.lib.AnonymousAuthenticationHandler) ContentSigner(org.bouncycastle.operator.ContentSigner) SAML2RequestTO(org.apache.syncope.common.lib.to.SAML2RequestTO) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) Assertions.assertNull(org.junit.jupiter.api.Assertions.assertNull) JcaContentSignerBuilder(org.bouncycastle.operator.jcajce.JcaContentSignerBuilder) SyncopeClientFactoryBean(org.apache.syncope.client.lib.SyncopeClientFactoryBean) WSConstants(org.apache.wss4j.dom.WSConstants) SAML2IdPTO(org.apache.syncope.common.lib.to.SAML2IdPTO) SubjectConfirmationDataBean(org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean) ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean) SAMLUtil(org.apache.wss4j.common.saml.SAMLUtil) RFC4519Style(org.bouncycastle.asn1.x500.style.RFC4519Style) Assumptions.assumeTrue(org.junit.jupiter.api.Assumptions.assumeTrue) ItemTO(org.apache.syncope.common.lib.to.ItemTO) SAML2LoginResponseTO(org.apache.syncope.common.lib.to.SAML2LoginResponseTO) SAML2Constants(org.apache.wss4j.common.saml.builder.SAML2Constants) OpenSAMLUtil(org.apache.wss4j.common.saml.OpenSAMLUtil) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) AbstractITCase(org.apache.syncope.fit.AbstractITCase) SAMLConstants(org.opensaml.saml.common.xml.SAMLConstants) OutputStream(java.io.OutputStream) Crypto(org.apache.wss4j.common.crypto.Crypto) Files(java.nio.file.Files) WebClient(org.apache.cxf.jaxrs.client.WebClient) DateTime(org.joda.time.DateTime) InputStreamReader(java.io.InputStreamReader) File(java.io.File) Element(org.w3c.dom.Element) SAML2SPDetector(org.apache.syncope.fit.SAML2SPDetector) Loader(org.apache.wss4j.common.util.Loader) SyncopeClient(org.apache.syncope.client.lib.SyncopeClient) UserTO(org.apache.syncope.common.lib.to.UserTO) Collections(java.util.Collections) StaxUtils(org.apache.cxf.staxutils.StaxUtils) FileSystems(java.nio.file.FileSystems) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) InputStream(java.io.InputStream) SAML2IdPTO(org.apache.syncope.common.lib.to.SAML2IdPTO) UserTO(org.apache.syncope.common.lib.to.UserTO) ItemTO(org.apache.syncope.common.lib.to.ItemTO) Test(org.junit.jupiter.api.Test)

Example 2 with SAML2IdPTO

use of org.apache.syncope.common.lib.to.SAML2IdPTO in project syncope by apache.

the class SAML2IdPLogic method importIdPs.

private List<SAML2IdPTO> importIdPs(final InputStream input) throws Exception {
    List<EntityDescriptor> idpEntityDescriptors = new ArrayList<>();
    Element root = OpenSAMLUtil.getParserPool().parse(new InputStreamReader(input)).getDocumentElement();
    if (SAMLConstants.SAML20MD_NS.equals(root.getNamespaceURI()) && EntityDescriptor.DEFAULT_ELEMENT_LOCAL_NAME.equals(root.getLocalName())) {
        idpEntityDescriptors.add((EntityDescriptor) OpenSAMLUtil.fromDom(root));
    } else if (SAMLConstants.SAML20MD_NS.equals(root.getNamespaceURI()) && EntitiesDescriptor.DEFAULT_ELEMENT_LOCAL_NAME.equals(root.getLocalName())) {
        NodeList children = root.getChildNodes();
        for (int i = 0; i < children.getLength(); i++) {
            Node child = children.item(i);
            if (SAMLConstants.SAML20MD_NS.equals(child.getNamespaceURI()) && EntityDescriptor.DEFAULT_ELEMENT_LOCAL_NAME.equals(child.getLocalName())) {
                NodeList descendants = child.getChildNodes();
                for (int j = 0; j < descendants.getLength(); j++) {
                    Node descendant = descendants.item(j);
                    if (SAMLConstants.SAML20MD_NS.equals(descendant.getNamespaceURI()) && IDPSSODescriptor.DEFAULT_ELEMENT_LOCAL_NAME.equals(descendant.getLocalName())) {
                        idpEntityDescriptors.add((EntityDescriptor) OpenSAMLUtil.fromDom((Element) child));
                    }
                }
            }
        }
    }
    List<SAML2IdPTO> result = new ArrayList<>(idpEntityDescriptors.size());
    for (EntityDescriptor idpEntityDescriptor : idpEntityDescriptors) {
        SAML2IdPTO idpTO = new SAML2IdPTO();
        idpTO.setEntityID(idpEntityDescriptor.getEntityID());
        idpTO.setName(idpEntityDescriptor.getEntityID());
        idpTO.setUseDeflateEncoding(false);
        try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
            saml2rw.write(new OutputStreamWriter(baos), idpEntityDescriptor, false);
            idpTO.setMetadata(Base64.getEncoder().encodeToString(baos.toByteArray()));
        }
        ItemTO connObjectKeyItem = new ItemTO();
        connObjectKeyItem.setIntAttrName("username");
        connObjectKeyItem.setExtAttrName("NameID");
        idpTO.setConnObjectKeyItem(connObjectKeyItem);
        SAML2IdPEntity idp = cache.put(idpEntityDescriptor, idpTO);
        if (idp.getSSOLocation(SAML2BindingType.POST) != null) {
            idpTO.setBindingType(SAML2BindingType.POST);
        } else if (idp.getSSOLocation(SAML2BindingType.REDIRECT) != null) {
            idpTO.setBindingType(SAML2BindingType.REDIRECT);
        } else {
            throw new IllegalArgumentException("Neither POST nor REDIRECT artifacts supported by " + idp.getId());
        }
        result.add(idpTO);
    }
    return result;
}
Also used : SAML2IdPTO(org.apache.syncope.common.lib.to.SAML2IdPTO) InputStreamReader(java.io.InputStreamReader) Element(org.w3c.dom.Element) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) ArrayList(java.util.ArrayList) ByteArrayOutputStream(java.io.ByteArrayOutputStream) ItemTO(org.apache.syncope.common.lib.to.ItemTO) EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) SAML2IdPEntity(org.apache.syncope.core.logic.saml2.SAML2IdPEntity) OutputStreamWriter(java.io.OutputStreamWriter)

Example 3 with SAML2IdPTO

use of org.apache.syncope.common.lib.to.SAML2IdPTO in project syncope by apache.

the class SAML2IdPsResource method newResourceResponse.

@Override
protected ResourceResponse newResourceResponse(final Attributes attributes) {
    ResourceResponse response = new ResourceResponse();
    response.setContentType(MediaType.APPLICATION_JSON);
    response.setTextEncoding(StandardCharsets.UTF_8.name());
    try {
        final ArrayNode result = MAPPER.createArrayNode();
        for (SAML2IdPTO idp : SyncopeEnduserSession.get().getService(SAML2IdPService.class).list()) {
            ObjectNode idpNode = MAPPER.createObjectNode();
            idpNode.put("name", idp.getName());
            idpNode.put("entityID", idp.getEntityID());
            idpNode.put("logout", idp.isLogoutSupported());
            result.add(idpNode);
        }
        response.setWriteCallback(new AbstractResource.WriteCallback() {

            @Override
            public void writeData(final Attributes attributes) throws IOException {
                attributes.getResponse().write(MAPPER.writeValueAsString(result));
            }
        });
        response.setStatusCode(Response.Status.OK.getStatusCode());
    } catch (Exception e) {
        LOG.error("Error retrieving available SAML 2.0 Identity Providers", e);
        response.setError(Response.Status.BAD_REQUEST.getStatusCode(), "ErrorMessage{{ " + e.getMessage() + "}}");
    }
    return response;
}
Also used : SAML2IdPTO(org.apache.syncope.common.lib.to.SAML2IdPTO) ObjectNode(com.fasterxml.jackson.databind.node.ObjectNode) ArrayNode(com.fasterxml.jackson.databind.node.ArrayNode) AbstractResource(org.apache.wicket.request.resource.AbstractResource) IOException(java.io.IOException) SAML2IdPService(org.apache.syncope.common.rest.api.service.SAML2IdPService) IOException(java.io.IOException)

Example 4 with SAML2IdPTO

use of org.apache.syncope.common.lib.to.SAML2IdPTO in project syncope by apache.

the class SAML2IdPLogic method importFromMetadata.

@PreAuthorize("hasRole('" + SAML2SPEntitlement.IDP_IMPORT + "')")
public List<String> importFromMetadata(final InputStream input) {
    check();
    List<String> imported = new ArrayList<>();
    try {
        for (SAML2IdPTO idpTO : importIdPs(input)) {
            SAML2IdP idp = idpDAO.save(binder.create(idpTO));
            imported.add(idp.getKey());
        }
    } catch (SyncopeClientException e) {
        throw e;
    } catch (Exception e) {
        LOG.error("Unexpected error while importing IdP metadata", e);
        SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidEntity);
        sce.getElements().add(e.getMessage());
        throw sce;
    }
    return imported;
}
Also used : SAML2IdPTO(org.apache.syncope.common.lib.to.SAML2IdPTO) SAML2IdP(org.apache.syncope.core.persistence.api.entity.SAML2IdP) ArrayList(java.util.ArrayList) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) NotFoundException(org.apache.syncope.core.persistence.api.dao.NotFoundException) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 5 with SAML2IdPTO

use of org.apache.syncope.common.lib.to.SAML2IdPTO in project syncope by apache.

the class SAML2IdPsDirectoryPanel method getActions.

@Override
public ActionsPanel<SAML2IdPTO> getActions(final IModel<SAML2IdPTO> model) {
    final ActionsPanel<SAML2IdPTO> panel = super.getActions(model);
    panel.add(new ActionLink<SAML2IdPTO>() {

        private static final long serialVersionUID = -7978723352517770645L;

        @Override
        public void onClick(final AjaxRequestTarget target, final SAML2IdPTO ignore) {
            SAML2IdPTO object = restClient.read(model.getObject().getKey());
            metadataModal.header(Model.of(object.getName() + " - Metadata"));
            metadataModal.setContent(new XMLEditorPanel(metadataModal, Model.of(new String(Base64.decodeBase64(object.getMetadata()))), true, pageRef));
            metadataModal.show(true);
            target.add(metadataModal);
        }
    }, ActionLink.ActionType.HTML, SAML2SPEntitlement.IDP_READ);
    panel.add(new ActionLink<SAML2IdPTO>() {

        private static final long serialVersionUID = -3722207913631435501L;

        @Override
        public void onClick(final AjaxRequestTarget target, final SAML2IdPTO ignore) {
            SAML2IdPTO object = restClient.read(model.getObject().getKey());
            send(SAML2IdPsDirectoryPanel.this, Broadcast.EXACT, new AjaxWizard.EditItemActionEvent<>(object, target));
        }
    }, ActionLink.ActionType.EDIT, SAML2SPEntitlement.IDP_UPDATE);
    panel.add(new ActionLink<SAML2IdPTO>() {

        private static final long serialVersionUID = -3722207913631435501L;

        @Override
        public void onClick(final AjaxRequestTarget target, final SAML2IdPTO ignore) {
            final SAML2IdPTO object = restClient.read(model.getObject().getKey());
            UserTemplateWizardBuilder builder = new UserTemplateWizardBuilder(object.getUserTemplate(), new AnyTypeRestClient().read(AnyTypeKind.USER.name()).getClasses(), new UserFormLayoutInfo(), pageRef) {

                private static final long serialVersionUID = -7978723352517770634L;

                @Override
                protected Serializable onApplyInternal(final AnyWrapper<UserTO> modelObject) {
                    object.setUserTemplate(modelObject.getInnerObject());
                    restClient.update(object);
                    return modelObject;
                }
            };
            templateModal.header(Model.of(StringUtils.capitalize(new StringResourceModel("template.title", SAML2IdPsDirectoryPanel.this).getString())));
            templateModal.setContent(builder.build(BaseModal.CONTENT_ID));
            templateModal.show(true);
            target.add(templateModal);
        }
    }, ActionLink.ActionType.TEMPLATE, SAML2SPEntitlement.IDP_UPDATE);
    panel.add(new ActionLink<SAML2IdPTO>() {

        private static final long serialVersionUID = -5467832321897812767L;

        @Override
        public void onClick(final AjaxRequestTarget target, final SAML2IdPTO ignore) {
            try {
                restClient.delete(model.getObject().getKey());
                SyncopeConsoleSession.get().info(getString(Constants.OPERATION_SUCCEEDED));
                target.add(container);
            } catch (SyncopeClientException e) {
                LOG.error("While deleting object {}", model.getObject().getKey(), e);
                SyncopeConsoleSession.get().error(StringUtils.isBlank(e.getMessage()) ? e.getClass().getName() : e.getMessage());
            }
            ((BasePage) pageRef.getPage()).getNotificationPanel().refresh(target);
        }
    }, ActionLink.ActionType.DELETE, SAML2SPEntitlement.IDP_DELETE, true);
    return panel;
}
Also used : SAML2IdPTO(org.apache.syncope.common.lib.to.SAML2IdPTO) XMLEditorPanel(org.apache.syncope.client.console.wicket.markup.html.form.XMLEditorPanel) Serializable(java.io.Serializable) AnyTypeRestClient(org.apache.syncope.client.console.rest.AnyTypeRestClient) SyncopeClientException(org.apache.syncope.common.lib.SyncopeClientException) AjaxRequestTarget(org.apache.wicket.ajax.AjaxRequestTarget) UserTemplateWizardBuilder(org.apache.syncope.client.console.wizards.any.UserTemplateWizardBuilder) UserTO(org.apache.syncope.common.lib.to.UserTO) UserFormLayoutInfo(org.apache.syncope.client.console.layout.UserFormLayoutInfo) BasePage(org.apache.syncope.client.console.pages.BasePage) StringResourceModel(org.apache.wicket.model.StringResourceModel)

Aggregations

SAML2IdPTO (org.apache.syncope.common.lib.to.SAML2IdPTO)6 InputStreamReader (java.io.InputStreamReader)2 ArrayList (java.util.ArrayList)2 SyncopeClientException (org.apache.syncope.common.lib.SyncopeClientException)2 ItemTO (org.apache.syncope.common.lib.to.ItemTO)2 Element (org.w3c.dom.Element)2 ArrayNode (com.fasterxml.jackson.databind.node.ArrayNode)1 ObjectNode (com.fasterxml.jackson.databind.node.ObjectNode)1 ByteArrayOutputStream (java.io.ByteArrayOutputStream)1 File (java.io.File)1 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 OutputStream (java.io.OutputStream)1 OutputStreamWriter (java.io.OutputStreamWriter)1 Serializable (java.io.Serializable)1 BigInteger (java.math.BigInteger)1 StandardCharsets (java.nio.charset.StandardCharsets)1 FileSystems (java.nio.file.FileSystems)1 Files (java.nio.file.Files)1 Path (java.nio.file.Path)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial