Examples with AuthTargetMapping org.forgerock.openam.sts.config.user.AuthTargetMapping used on opensource projects

Example 11 with AuthTargetMapping

use of org.forgerock.openam.sts.config.user.AuthTargetMapping in project OpenAM by OpenRock.

the class RestSTSInstanceConfigTest method createInstanceConfig.

private RestSTSInstanceConfig createInstanceConfig(String uriElement, boolean withTlsOffloadConfig, boolean withSAML2Config, boolean withOIDCConfig, boolean withCustomValidator, boolean withCustomProvider, boolean withCTSTokenPersistence) throws UnsupportedEncodingException {
    Map<String, String> oidcContext = new HashMap<>();
    oidcContext.put("context_key_1", "context_value_1");
    AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldapService").addMapping(TokenType.OPENIDCONNECT, "module", "oidc", oidcContext).build();
    Set<String> offloadHosts = new HashSet<>(1);
    offloadHosts.add(TLS_OFFLOAD_HOST_IP);
    DeploymentConfig deploymentConfig;
    if (withTlsOffloadConfig) {
        deploymentConfig = DeploymentConfig.builder().uriElement(uriElement).authTargetMapping(mapping).tlsOffloadEngineHostIpAddrs(offloadHosts).offloadedTwoWayTLSHeaderKey(TLS_CLIENT_CERT_HEADER).build();
    } else {
        deploymentConfig = DeploymentConfig.builder().uriElement(uriElement).authTargetMapping(mapping).build();
    }
    RestSTSInstanceConfig.RestSTSInstanceConfigBuilder restSTSInstanceConfigBuilder = RestSTSInstanceConfig.builder();
    Map<String, String> attributeMap = new HashMap<>();
    attributeMap.put("mail", "email");
    attributeMap.put("uid", "id");
    SAML2Config saml2Config = null;
    if (withSAML2Config) {
        addOutputTokenTypeTranslationSuite(TokenType.SAML2, restSTSInstanceConfigBuilder);
        saml2Config = SAML2Config.builder().nameIdFormat("transient").tokenLifetimeInSeconds(500000).spEntityId("http://host.com/saml2/sp/entity/id").encryptAssertion(true).signAssertion(true).encryptionAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc").encryptionKeyAlias("test").signatureKeyAlias("test").signatureKeyPassword("super.secret".getBytes()).encryptionAlgorithmStrength(128).keystoreFile("da/directory/file").keystorePassword("super.secret".getBytes()).attributeMap(attributeMap).idpId("da_idp").build();
    }
    OpenIdConnectTokenConfig openIdConnectTokenConfig = null;
    if (withOIDCConfig) {
        addOutputTokenTypeTranslationSuite(TokenType.OPENIDCONNECT, restSTSInstanceConfigBuilder);
        openIdConnectTokenConfig = OpenIdConnectTokenConfig.builder().keystoreLocation("keystore.jks").keystorePassword("bobo".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).signatureKeyAlias("test").signatureKeyPassword("bobo".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).signatureAlgorithm("RS256").addAudience("oidcTokenAudience").tokenLifetimeInSeconds(900).issuer("oidcTokenIssuer").build();
    }
    if (withCustomValidator) {
        restSTSInstanceConfigBuilder.addCustomTokenValidator(CUSTOM_TOKEN_NAME, CUSTOM_TOKEN_VALIDATOR);
        restSTSInstanceConfigBuilder.addCustomTokenTransform(CUSTOM_TOKEN_NAME, "SAML2", true);
    }
    if (withCustomProvider) {
        restSTSInstanceConfigBuilder.addCustomTokenProvider(CUSTOM_TOKEN_NAME, CUSTOM_TOKEN_PROVIDER);
        restSTSInstanceConfigBuilder.addCustomTokenTransform("OPENAM", CUSTOM_TOKEN_NAME, true);
    }
    return restSTSInstanceConfigBuilder.deploymentConfig(deploymentConfig).saml2Config(saml2Config).oidcIdTokenConfig(openIdConnectTokenConfig).persistIssuedTokensInCTS(withCTSTokenPersistence).build();
}

Example 12 with AuthTargetMapping

use of org.forgerock.openam.sts.config.user.AuthTargetMapping in project OpenAM by OpenRock.

the class SoapDeploymentConfigTest method testRejectIfNullIfAMDeploymentUrlNotSet.

@Test(expectedExceptions = NullPointerException.class)
public void testRejectIfNullIfAMDeploymentUrlNotSet() {
    AuthTargetMapping atm = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "module", "untmodule").build();
    SoapDeploymentConfig.builder().realm("a").uriElement("b").authTargetMapping(atm).build();
}

Example 13 with AuthTargetMapping

use of org.forgerock.openam.sts.config.user.AuthTargetMapping in project OpenAM by OpenRock.

the class RestSTSInstanceStateServiceListenerTest method createInstanceConfig.

private RestSTSInstanceConfig createInstanceConfig(String issuerName) {
    Map<String, String> context = new HashMap<>();
    context.put(AMSTSConstants.OPEN_ID_CONNECT_ID_TOKEN_AUTH_TARGET_HEADER_KEY, "oidc_id_token");
    AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldapService").addMapping(TokenType.OPENIDCONNECT, "module", "oidc", context).build();
    DeploymentConfig deploymentConfig = DeploymentConfig.builder().uriElement(DEPLOYMENT_URL_ELEMENT).authTargetMapping(mapping).build();
    Map<String, String> attributes = new HashMap<>();
    attributes.put("email", "mail");
    SAML2Config saml2Config = SAML2Config.builder().attributeMap(attributes).nameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent").spEntityId("http://host.com/sp/entity/id").idpId(issuerName).build();
    return RestSTSInstanceConfig.builder().deploymentConfig(deploymentConfig).saml2Config(saml2Config).addSupportedTokenTransform(TokenType.X509, TokenType.SAML2, !AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.USERNAME, TokenType.SAML2, AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.OPENAM, TokenType.SAML2, !AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.OPENIDCONNECT, TokenType.SAML2, AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).build();
}