Examples with TokenCreationException org.forgerock.openam.sts.TokenCreationException used on opensource projects

Search in sources :

Example 21 with TokenCreationException

use of org.forgerock.openam.sts.TokenCreationException in project OpenAM by OpenRock.

the class DefaultConditionsProvider method get.

/**
     * @see org.forgerock.openam.sts.tokengeneration.saml2.statements.ConditionsProvider#get(
     * org.forgerock.openam.sts.config.user.SAML2Config, java.util.Date,
     * org.forgerock.openam.sts.token.SAML2SubjectConfirmation)
     */
public Conditions get(SAML2Config saml2Config, Date issueInstant, SAML2SubjectConfirmation saml2SubjectConfirmation) throws TokenCreationException {
    Conditions conditions = AssertionFactory.getInstance().createConditions();
    try {
        conditions.setNotBefore(issueInstant);
        conditions.setNotOnOrAfter(new Date(issueInstant.getTime() + (saml2Config.getTokenLifetimeInSeconds() * 1000)));
    } catch (SAML2Exception e) {
        throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught setting token lifetime state in SAML2TokenGenerationImpl: " + e, e);
    }
    String audience = saml2Config.getSpEntityId();
    /*
         Section 4.1.4.2 of http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf specifies that
         Audiences specifying the entity ids of SPs, must be contained in the AudienceRestriction for bearer tokens.
         */
    if (((audience == null) || audience.isEmpty()) && SAML2SubjectConfirmation.BEARER.equals(saml2SubjectConfirmation)) {
        throw new TokenCreationException(ResourceException.BAD_REQUEST, "The audiences field in the SAML2Config is empty, " + "but the BEARER SubjectConfirmation is required. BEARER tokens must include Conditions with " + "AudienceRestrictions specifying the SP entity ids.");
    }
    if ((audience != null) && !audience.isEmpty()) {
        try {
            AudienceRestriction audienceRestriction = AssertionFactory.getInstance().createAudienceRestriction();
            List<String> audienceList = new ArrayList<String>(1);
            audienceList.add(audience);
            audienceRestriction.setAudience(audienceList);
            List<AudienceRestriction> audienceRestrictionList = new ArrayList<AudienceRestriction>(1);
            audienceRestrictionList.add(audienceRestriction);
            conditions.setAudienceRestrictions(audienceRestrictionList);
        } catch (SAML2Exception e) {
            throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught setting audience restriction state in SAML2TokenGenerationImpl: " + e, e);
        }
    }
    return conditions;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) AudienceRestriction(com.sun.identity.saml2.assertion.AudienceRestriction) ArrayList(java.util.ArrayList) TokenCreationException(org.forgerock.openam.sts.TokenCreationException) Conditions(com.sun.identity.saml2.assertion.Conditions) Date(java.util.Date)

Example 22 with TokenCreationException

use of org.forgerock.openam.sts.TokenCreationException in project OpenAM by OpenRock.

the class DefaultSubjectProvider method getHoKSubjectConfirmationData.

private SubjectConfirmationData getHoKSubjectConfirmationData(X509Certificate certificate) throws TokenCreationException {
    Element keyInfoElement;
    try {
        keyInfoElement = keyInfoFactory.generatePublicKeyInfo(certificate);
    } catch (ParserConfigurationException e) {
        throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught generating KeyInfo for HoK SubjectConfirmation DefaultSubjectProvider: " + e, e);
    } catch (XMLSecurityException e) {
        throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught generating KeyInfo for HoK SubjectConfirmation DefaultSubjectProvider: " + e, e);
    }
    try {
        final List<Element> elementList = new ArrayList<Element>();
        elementList.add(keyInfoElement);
        final SubjectConfirmationData subjectConfirmationData = AssertionFactory.getInstance().createSubjectConfirmationData();
        subjectConfirmationData.setContentType(KEY_INFO_CONFIRMATION_DATA_TYPE);
        subjectConfirmationData.setContent(elementList);
        return subjectConfirmationData;
    } catch (SAML2Exception e) {
        throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught generating SubjectConfirmationData with HoK KeyInfo element in DefaultSubjectProvider: " + e, e);
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) SubjectConfirmationData(com.sun.identity.saml2.assertion.SubjectConfirmationData) TokenCreationException(org.forgerock.openam.sts.TokenCreationException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)

Example 23 with TokenCreationException

use of org.forgerock.openam.sts.TokenCreationException in project OpenAM by OpenRock.

the class DefaultSubjectProvider method createNameIdentifier.

private NameID createNameIdentifier(String subjectId, String nameIdFormat) throws TokenCreationException {
    NameID nameID = AssertionFactory.getInstance().createNameID();
    try {
        nameID.setValue(subjectId);
        nameID.setFormat(nameIdFormat);
    } catch (SAML2Exception e) {
        throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught setting NameID state in DefaultSubjectProvider: " + e, e);
    }
    return nameID;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) NameID(com.sun.identity.saml2.assertion.NameID) TokenCreationException(org.forgerock.openam.sts.TokenCreationException)

Aggregations

TokenCreationException (org.forgerock.openam.sts.TokenCreationException)23 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)12 ArrayList (java.util.ArrayList)6 Date (java.util.Date)4 IOException (java.io.IOException)3 ResourceException (org.forgerock.json.resource.ResourceException)3 CTSTokenPersistenceException (org.forgerock.openam.sts.CTSTokenPersistenceException)3 Element (org.w3c.dom.Element)3 SSOException (com.iplanet.sso.SSOException)2 IdRepoException (com.sun.identity.idm.IdRepoException)2 Attribute (com.sun.identity.saml2.assertion.Attribute)2 AttributeStatement (com.sun.identity.saml2.assertion.AttributeStatement)2 NameID (com.sun.identity.saml2.assertion.NameID)2 Subject (com.sun.identity.saml2.assertion.Subject)2 SubjectConfirmationData (com.sun.identity.saml2.assertion.SubjectConfirmationData)2 HashMap (java.util.HashMap)2 TokenProviderResponse (org.apache.cxf.sts.token.provider.TokenProviderResponse)2 JwsHeaderBuilder (org.forgerock.json.jose.builders.JwsHeaderBuilder)2 SigningManager (org.forgerock.json.jose.jws.SigningManager)2 SigningHandler (org.forgerock.json.jose.jws.handlers.SigningHandler)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial