Search in sources :

Example 6 with AuthTargetMapping

use of org.forgerock.openam.sts.config.user.AuthTargetMapping in project OpenAM by OpenRock.

the class SoapSTSInstanceStateProviderTest method createInstanceConfig.

private SoapSTSInstanceConfig createInstanceConfig() throws UnsupportedEncodingException {
    AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldap").build();
    SoapDeploymentConfig deploymentConfig = SoapDeploymentConfig.builder().portQName(AMSTSConstants.STANDARD_STS_PORT_QNAME).serviceQName(AMSTSConstants.STANDARD_STS_SERVICE_NAME).wsdlLocation("wsdl_loc").realm("realm").amDeploymentUrl(AM_DEPLOYMENT_URL).uriElement(DEPLOYMENT_URL_ELEMENT).authTargetMapping(mapping).build();
    SoapSTSKeystoreConfig keystoreConfig = SoapSTSKeystoreConfig.builder().keystoreFileName("stsstore.jks").keystorePassword("stsspass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).encryptionKeyAlias("mystskey").signatureKeyAlias("mystskey").encryptionKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).signatureKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).build();
    Map<String, String> attributes = new HashMap<>();
    attributes.put("email", "mail");
    SAML2Config saml2Config = SAML2Config.builder().attributeMap(attributes).nameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent").spEntityId("http://host.com/sp/entity/id").idpId("da_idp").build();
    return SoapSTSInstanceConfig.builder().addIssueTokenType(TokenType.SAML2).addSecurityPolicyTokenValidationConfiguration(TokenType.OPENAM, false).deploymentConfig(deploymentConfig).soapSTSKeystoreConfig(keystoreConfig).saml2Config(saml2Config).build();
}
Also used : SoapSTSKeystoreConfig(org.forgerock.openam.sts.soap.config.user.SoapSTSKeystoreConfig) SAML2Config(org.forgerock.openam.sts.config.user.SAML2Config) AuthTargetMapping(org.forgerock.openam.sts.config.user.AuthTargetMapping) HashMap(java.util.HashMap) SoapDeploymentConfig(org.forgerock.openam.sts.soap.config.user.SoapDeploymentConfig)

Example 7 with AuthTargetMapping

use of org.forgerock.openam.sts.config.user.AuthTargetMapping in project OpenAM by OpenRock.

the class SoapSTSInstancePublisherImplTest method createInstanceConfig.

private SoapSTSInstanceConfig createInstanceConfig(String uriElement, String amDeploymentUrl) throws UnsupportedEncodingException {
    AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldap").build();
    SoapDeploymentConfig deploymentConfig = SoapDeploymentConfig.builder().portQName(AMSTSConstants.STANDARD_STS_PORT_QNAME).serviceQName(AMSTSConstants.STANDARD_STS_SERVICE_NAME).wsdlLocation("wsdl_loc").realm("realm").amDeploymentUrl(amDeploymentUrl).uriElement(uriElement).authTargetMapping(mapping).build();
    SoapSTSKeystoreConfig keystoreConfig = SoapSTSKeystoreConfig.builder().keystoreFileName("stsstore.jks").keystorePassword("frstssrvkspw".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).encryptionKeyAlias("frstssrval").encryptionKeyPassword("frstssrvpw".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).signatureKeyAlias("frstssrval").signatureKeyPassword("frstssrvpw".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).build();
    SoapSTSInstanceConfig.SoapSTSInstanceConfigBuilderBase<?> builder = SoapSTSInstanceConfig.builder();
    builder.addSecurityPolicyTokenValidationConfiguration(TokenType.OPENAM, false);
    builder.addSecurityPolicyTokenValidationConfiguration(TokenType.USERNAME, true);
    builder.addIssueTokenType(TokenType.SAML2);
    Map<String, String> attributeMap = new HashMap<>();
    attributeMap.put("mail", "email");
    attributeMap.put("uid", "id");
    SAML2Config saml2Config = SAML2Config.builder().nameIdFormat("transient").tokenLifetimeInSeconds(500000).spEntityId("http://host.com/saml2/sp/entity/id").encryptAssertion(true).signAssertion(true).encryptionAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc").encryptionKeyAlias("test").signatureKeyAlias("test").signatureKeyPassword("super.secret".getBytes()).encryptionAlgorithmStrength(128).keystoreFile("da/directory/file").keystorePassword("super.secret".getBytes()).attributeMap(attributeMap).idpId("da_idp").build();
    return builder.deploymentConfig(deploymentConfig).soapSTSKeystoreConfig(keystoreConfig).saml2Config(saml2Config).build();
}
Also used : SoapSTSKeystoreConfig(org.forgerock.openam.sts.soap.config.user.SoapSTSKeystoreConfig) SAML2Config(org.forgerock.openam.sts.config.user.SAML2Config) SoapSTSInstanceConfig(org.forgerock.openam.sts.soap.config.user.SoapSTSInstanceConfig) AuthTargetMapping(org.forgerock.openam.sts.config.user.AuthTargetMapping) HashMap(java.util.HashMap) SoapDeploymentConfig(org.forgerock.openam.sts.soap.config.user.SoapDeploymentConfig)

Example 8 with AuthTargetMapping

use of org.forgerock.openam.sts.config.user.AuthTargetMapping in project OpenAM by OpenRock.

the class RestSTSInstanceStateProviderTest method createSAMLRestInstanceConfig.

private RestSTSInstanceConfig createSAMLRestInstanceConfig() {
    Map<String, String> context = new HashMap<>();
    context.put(AMSTSConstants.OPEN_ID_CONNECT_ID_TOKEN_AUTH_TARGET_HEADER_KEY, "oidc_id_token");
    AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldapService").addMapping(TokenType.OPENIDCONNECT, "module", "oidc", context).build();
    DeploymentConfig deploymentConfig = DeploymentConfig.builder().uriElement(DEPLOYMENT_URL_ELEMENT).authTargetMapping(mapping).build();
    Map<String, String> attributes = new HashMap<>();
    attributes.put("email", "mail");
    SAML2Config saml2Config = SAML2Config.builder().attributeMap(attributes).nameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent").spEntityId("http://host.com/sp/entity/id").idpId("da_idp").build();
    return RestSTSInstanceConfig.builder().deploymentConfig(deploymentConfig).saml2Config(saml2Config).addSupportedTokenTransform(TokenType.X509, TokenType.SAML2, !AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.USERNAME, TokenType.SAML2, AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.OPENAM, TokenType.SAML2, !AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.OPENIDCONNECT, TokenType.SAML2, AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).build();
}
Also used : SAML2Config(org.forgerock.openam.sts.config.user.SAML2Config) HashMap(java.util.HashMap) AuthTargetMapping(org.forgerock.openam.sts.config.user.AuthTargetMapping) DeploymentConfig(org.forgerock.openam.sts.config.user.DeploymentConfig)

Example 9 with AuthTargetMapping

use of org.forgerock.openam.sts.config.user.AuthTargetMapping in project OpenAM by OpenRock.

the class SAML2TokenGenerationImplTest method getRestSTSInstanceConfig.

private RestSTSInstanceConfig getRestSTSInstanceConfig(boolean signAssertion) throws UnsupportedEncodingException {
    Map<String, String> context = new HashMap<>();
    context.put(AMSTSConstants.OPEN_ID_CONNECT_ID_TOKEN_AUTH_TARGET_HEADER_KEY, "oidc_id_token");
    AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldapService").addMapping(TokenType.OPENIDCONNECT, "module", "oidc", context).build();
    DeploymentConfig deploymentConfig = DeploymentConfig.builder().uriElement("boborealm/inst1").authTargetMapping(mapping).build();
    Map<String, String> attributes = new HashMap<>();
    attributes.put("email", "mail");
    SAML2Config saml2Config = SAML2Config.builder().attributeMap(attributes).nameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent").spEntityId("http://host.com/sp/entity/id").signAssertion(signAssertion).keystoreFile("/keystore.jks").keystorePassword("changeit".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).encryptionKeyAlias("test").signatureKeyAlias("test").signatureKeyPassword("changeit".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).idpId("da_idp").build();
    return RestSTSInstanceConfig.builder().deploymentConfig(deploymentConfig).saml2Config(saml2Config).addSupportedTokenTransform(TokenType.X509, TokenType.SAML2, !AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.USERNAME, TokenType.SAML2, AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.OPENAM, TokenType.SAML2, !AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.OPENIDCONNECT, TokenType.SAML2, AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).build();
}
Also used : SAML2Config(org.forgerock.openam.sts.config.user.SAML2Config) HashMap(java.util.HashMap) AuthTargetMapping(org.forgerock.openam.sts.config.user.AuthTargetMapping) DeploymentConfig(org.forgerock.openam.sts.config.user.DeploymentConfig)

Example 10 with AuthTargetMapping

use of org.forgerock.openam.sts.config.user.AuthTargetMapping in project OpenAM by OpenRock.

the class RestSTSInstanceConfigTest method createInstanceConfigWithoutSaml2Config.

/*
    Create RestSTSInstanceConfig with SAML2 output tokens, but without SAML2Config, to test IllegalStateException
     */
private RestSTSInstanceConfig createInstanceConfigWithoutSaml2Config(String uriElement) throws UnsupportedEncodingException {
    AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldapService").build();
    DeploymentConfig deploymentConfig = DeploymentConfig.builder().uriElement(uriElement).authTargetMapping(mapping).build();
    return RestSTSInstanceConfig.builder().deploymentConfig(deploymentConfig).addSupportedTokenTransform(TokenType.USERNAME, TokenType.SAML2, AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.OPENAM, TokenType.SAML2, !AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.OPENIDCONNECT, TokenType.SAML2, AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.X509, TokenType.SAML2, AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).build();
}
Also used : AuthTargetMapping(org.forgerock.openam.sts.config.user.AuthTargetMapping) DeploymentConfig(org.forgerock.openam.sts.config.user.DeploymentConfig)

Aggregations

AuthTargetMapping (org.forgerock.openam.sts.config.user.AuthTargetMapping)13 HashMap (java.util.HashMap)9 SAML2Config (org.forgerock.openam.sts.config.user.SAML2Config)9 DeploymentConfig (org.forgerock.openam.sts.config.user.DeploymentConfig)5 SoapDeploymentConfig (org.forgerock.openam.sts.soap.config.user.SoapDeploymentConfig)4 SoapSTSKeystoreConfig (org.forgerock.openam.sts.soap.config.user.SoapSTSKeystoreConfig)4 SoapSTSInstanceConfig (org.forgerock.openam.sts.soap.config.user.SoapSTSInstanceConfig)3 QName (javax.xml.namespace.QName)2 OpenIdConnectTokenConfig (org.forgerock.openam.sts.config.user.OpenIdConnectTokenConfig)2 Test (org.testng.annotations.Test)2 HashSet (java.util.HashSet)1 SoapDelegationConfig (org.forgerock.openam.sts.soap.config.user.SoapDelegationConfig)1