use of org.forgerock.openam.sts.config.user.AuthTargetMapping in project OpenAM by OpenRock.
the class SoapSTSInstanceStateServiceListenerTest method createInstanceConfig.
private SoapSTSInstanceConfig createInstanceConfig(String amDeploymentUrl) throws UnsupportedEncodingException {
AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldap").build();
SoapDeploymentConfig deploymentConfig = SoapDeploymentConfig.builder().portQName(AMSTSConstants.STANDARD_STS_PORT_QNAME).serviceQName(AMSTSConstants.STANDARD_STS_SERVICE_NAME).wsdlLocation("wsdl_loc").realm("realm").amDeploymentUrl(amDeploymentUrl).uriElement(DEPLOYMENT_URL_ELEMENT).authTargetMapping(mapping).build();
SoapSTSKeystoreConfig keystoreConfig = SoapSTSKeystoreConfig.builder().keystoreFileName("stsstore.jks").keystorePassword("stsspass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).encryptionKeyAlias("mystskey").signatureKeyAlias("mystskey").encryptionKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).signatureKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).build();
Map<String, String> attributes = new HashMap<>();
attributes.put("email", "mail");
SAML2Config saml2Config = SAML2Config.builder().attributeMap(attributes).nameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent").spEntityId("http://host.com/sp/entity/id").idpId("da_idp").build();
SoapSTSInstanceConfig.SoapSTSInstanceConfigBuilderBase<?> builder = SoapSTSInstanceConfig.builder();
builder.addSecurityPolicyTokenValidationConfiguration(TokenType.OPENAM, false);
builder.addIssueTokenType(TokenType.SAML2);
return builder.deploymentConfig(deploymentConfig).soapSTSKeystoreConfig(keystoreConfig).saml2Config(saml2Config).build();
}
use of org.forgerock.openam.sts.config.user.AuthTargetMapping in project OpenAM by OpenRock.
the class SoapDeploymentConfigTest method testNotEquals.
@Test
public void testNotEquals() {
AuthTargetMapping atm = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "module", "untmodule").build();
SoapDeploymentConfig dc1 = soapDeploymentConfig(!WITH_TLS_OFFLOAD_CONFIG);
SoapDeploymentConfig dc2 = SoapDeploymentConfig.builder().realm("aa").uriElement("b").wsdlLocation("wsdl_location").amDeploymentUrl("deployment_url").serviceQName(new QName("service_namespace", "local_service")).portQName(new QName("port_namespace", "local_port")).authTargetMapping(atm).build();
assertNotEquals(dc1, dc2);
assertNotEquals(dc1.hashCode(), dc2.hashCode());
dc1 = soapDeploymentConfig(WITH_TLS_OFFLOAD_CONFIG);
dc2 = soapDeploymentConfig(!WITH_TLS_OFFLOAD_CONFIG);
assertNotEquals(dc1, dc2);
assertNotEquals(dc1.hashCode(), dc2.hashCode());
}
use of org.forgerock.openam.sts.config.user.AuthTargetMapping in project OpenAM by OpenRock.
the class SoapDeploymentConfigTest method soapDeploymentConfig.
private SoapDeploymentConfig soapDeploymentConfig(boolean withTLSOffloadConfig) {
AuthTargetMapping atm = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "module", "untmodule").build();
SoapDeploymentConfig.SoapDeploymentConfigBuilder builder = SoapDeploymentConfig.builder();
builder.realm("a").uriElement("b").wsdlLocation("wsdl_location").amDeploymentUrl("deployment_url").serviceQName(new QName("service_namespace", "local_service")).portQName(new QName("port_namespace", "local_port")).authTargetMapping(atm);
if (withTLSOffloadConfig) {
builder.tlsOffloadEngineHostIpAddrs(Sets.newHashSet("15.23.44.56"));
builder.offloadedTwoWayTLSHeaderKey("client_cert");
}
return builder.build();
}
use of org.forgerock.openam.sts.config.user.AuthTargetMapping in project OpenAM by OpenRock.
the class SoapSTSInstanceConfigTest method createInstanceConfig.
private SoapSTSInstanceConfig createInstanceConfig(String uriElement, String amDeploymentUrl, boolean withKeystoreConfig, boolean withValidationConfig, boolean delegationValidatorsSpecified, boolean customDelegationHandler, boolean withSAML2Config, boolean withOIDCConfig, boolean withCTSTokenPersistence) throws UnsupportedEncodingException {
AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldap").build();
SoapDeploymentConfig deploymentConfig = SoapDeploymentConfig.builder().portQName(AMSTSConstants.STANDARD_STS_PORT_QNAME).serviceQName(AMSTSConstants.STANDARD_STS_SERVICE_NAME).wsdlLocation("wsdl_loc").realm("realm").amDeploymentUrl(amDeploymentUrl).uriElement(uriElement).authTargetMapping(mapping).build();
SoapSTSKeystoreConfig keystoreConfig = null;
if (withKeystoreConfig) {
keystoreConfig = SoapSTSKeystoreConfig.builder().keystoreFileName("stsstore.jks").keystorePassword("stsspass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).encryptionKeyAlias("mystskey").signatureKeyAlias("mystskey").encryptionKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).signatureKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).build();
}
SoapSTSInstanceConfig.SoapSTSInstanceConfigBuilderBase<?> builder = SoapSTSInstanceConfig.builder();
if (withValidationConfig) {
builder.addSecurityPolicyTokenValidationConfiguration(TokenType.OPENAM, false);
builder.addSecurityPolicyTokenValidationConfiguration(TokenType.USERNAME, true);
builder.addSecurityPolicyTokenValidationConfiguration(TokenType.X509, true);
}
Map<String, String> attributeMap = new HashMap<>();
attributeMap.put("mail", "email");
attributeMap.put("uid", "id");
SAML2Config saml2Config = null;
if (withSAML2Config) {
builder.addIssueTokenType(TokenType.SAML2);
saml2Config = buildSAML2Config(attributeMap);
}
OpenIdConnectTokenConfig openIdConnectTokenConfig = null;
if (withOIDCConfig) {
builder.addIssueTokenType(TokenType.OPENIDCONNECT);
openIdConnectTokenConfig = buildOIDCConfig(attributeMap);
}
boolean delegationRelationshipsSupported = customDelegationHandler || delegationValidatorsSpecified;
if (delegationRelationshipsSupported) {
SoapDelegationConfig.SoapDelegationConfigBuilder delegationConfigBuilder = SoapDelegationConfig.builder();
if (delegationValidatorsSpecified) {
delegationConfigBuilder.addValidatedDelegationTokenType(TokenType.USERNAME, true).addValidatedDelegationTokenType(TokenType.OPENAM, false);
}
if (customDelegationHandler) {
delegationConfigBuilder.addCustomDelegationTokenHandler("com.org.TokenDelegationHandlerImpl");
}
builder.soapDelegationConfig(delegationConfigBuilder.build());
}
return builder.deploymentConfig(deploymentConfig).soapSTSKeystoreConfig(keystoreConfig).saml2Config(saml2Config).oidcIdTokenConfig(openIdConnectTokenConfig).delegationRelationshipsSupported(delegationRelationshipsSupported).persistIssuedTokensInCTS(withCTSTokenPersistence).build();
}
use of org.forgerock.openam.sts.config.user.AuthTargetMapping in project OpenAM by OpenRock.
the class TokenDelegationHandlersProviderTest method createInstanceConfig.
private SoapSTSInstanceConfig createInstanceConfig(boolean delegationValidatorsSpecified, boolean customDelegationHandler) throws UnsupportedEncodingException {
AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldap").build();
SoapDeploymentConfig deploymentConfig = SoapDeploymentConfig.builder().portQName(AMSTSConstants.STANDARD_STS_PORT_QNAME).serviceQName(AMSTSConstants.STANDARD_STS_SERVICE_NAME).wsdlLocation("wsdl_loc").realm("realm").amDeploymentUrl("http://host.com/am:443").uriElement("inst1222").authTargetMapping(mapping).build();
SoapSTSKeystoreConfig keystoreConfig;
keystoreConfig = SoapSTSKeystoreConfig.builder().keystoreFileName("stsstore.jks").keystorePassword("stsspass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).encryptionKeyAlias("mystskey").signatureKeyAlias("mystskey").encryptionKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).signatureKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).build();
SoapSTSInstanceConfig.SoapSTSInstanceConfigBuilderBase<?> builder = SoapSTSInstanceConfig.builder();
builder.addSecurityPolicyTokenValidationConfiguration(TokenType.OPENAM, false);
builder.addIssueTokenType(TokenType.SAML2);
Map<String, String> attributeMap = new HashMap<>();
attributeMap.put("mail", "email");
attributeMap.put("uid", "id");
SAML2Config saml2Config = SAML2Config.builder().nameIdFormat("transient").tokenLifetimeInSeconds(500000).spEntityId("http://host.com/saml2/sp/entity/id").encryptAssertion(true).signAssertion(true).encryptionAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc").encryptionKeyAlias("test").signatureKeyAlias("test").signatureKeyPassword("super.secret".getBytes()).encryptionAlgorithmStrength(128).keystoreFile("da/directory/file").keystorePassword("super.secret".getBytes()).attributeMap(attributeMap).idpId("da_idp").build();
boolean delegationRelationshipsSupported = customDelegationHandler || delegationValidatorsSpecified;
if (delegationRelationshipsSupported) {
SoapDelegationConfig.SoapDelegationConfigBuilder delegationConfigBuilder = SoapDelegationConfig.builder();
if (delegationValidatorsSpecified) {
delegationConfigBuilder.addValidatedDelegationTokenType(TokenType.USERNAME, true).addValidatedDelegationTokenType(TokenType.OPENAM, false);
}
if (customDelegationHandler) {
delegationConfigBuilder.addCustomDelegationTokenHandler("org.forgerock.openam.sts.soap.token.delegation.DefaultTokenDelegationHandler");
}
builder.soapDelegationConfig(delegationConfigBuilder.build());
}
return builder.deploymentConfig(deploymentConfig).soapSTSKeystoreConfig(keystoreConfig).saml2Config(saml2Config).delegationRelationshipsSupported(delegationRelationshipsSupported).build();
}
Aggregations