Example 1 with DeploymentConfig
use of org.forgerock.openam.sts.config.user.DeploymentConfig in project OpenAM by OpenRock.
the class RestSTSInstanceStateProviderTest method createSAMLRestInstanceConfig.
private RestSTSInstanceConfig createSAMLRestInstanceConfig() {
Map<String, String> context = new HashMap<>();
context.put(AMSTSConstants.OPEN_ID_CONNECT_ID_TOKEN_AUTH_TARGET_HEADER_KEY, "oidc_id_token");
AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldapService").addMapping(TokenType.OPENIDCONNECT, "module", "oidc", context).build();
DeploymentConfig deploymentConfig = DeploymentConfig.builder().uriElement(DEPLOYMENT_URL_ELEMENT).authTargetMapping(mapping).build();
Map<String, String> attributes = new HashMap<>();
attributes.put("email", "mail");
SAML2Config saml2Config = SAML2Config.builder().attributeMap(attributes).nameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent").spEntityId("http://host.com/sp/entity/id").idpId("da_idp").build();
return RestSTSInstanceConfig.builder().deploymentConfig(deploymentConfig).saml2Config(saml2Config).addSupportedTokenTransform(TokenType.X509, TokenType.SAML2, !AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.USERNAME, TokenType.SAML2, AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.OPENAM, TokenType.SAML2, !AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.OPENIDCONNECT, TokenType.SAML2, AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).build();
}
Also used :
SAML2Config(org.forgerock.openam.sts.config.user.SAML2Config)
HashMap(java.util.HashMap)
AuthTargetMapping(org.forgerock.openam.sts.config.user.AuthTargetMapping)
DeploymentConfig(org.forgerock.openam.sts.config.user.DeploymentConfig)
Example 2 with DeploymentConfig
use of org.forgerock.openam.sts.config.user.DeploymentConfig in project OpenAM by OpenRock.
the class SAML2TokenGenerationImplTest method getRestSTSInstanceConfig.
private RestSTSInstanceConfig getRestSTSInstanceConfig(boolean signAssertion) throws UnsupportedEncodingException {
Map<String, String> context = new HashMap<>();
context.put(AMSTSConstants.OPEN_ID_CONNECT_ID_TOKEN_AUTH_TARGET_HEADER_KEY, "oidc_id_token");
AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldapService").addMapping(TokenType.OPENIDCONNECT, "module", "oidc", context).build();
DeploymentConfig deploymentConfig = DeploymentConfig.builder().uriElement("boborealm/inst1").authTargetMapping(mapping).build();
Map<String, String> attributes = new HashMap<>();
attributes.put("email", "mail");
SAML2Config saml2Config = SAML2Config.builder().attributeMap(attributes).nameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent").spEntityId("http://host.com/sp/entity/id").signAssertion(signAssertion).keystoreFile("/keystore.jks").keystorePassword("changeit".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).encryptionKeyAlias("test").signatureKeyAlias("test").signatureKeyPassword("changeit".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).idpId("da_idp").build();
return RestSTSInstanceConfig.builder().deploymentConfig(deploymentConfig).saml2Config(saml2Config).addSupportedTokenTransform(TokenType.X509, TokenType.SAML2, !AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.USERNAME, TokenType.SAML2, AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.OPENAM, TokenType.SAML2, !AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.OPENIDCONNECT, TokenType.SAML2, AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).build();
}
Also used :
SAML2Config(org.forgerock.openam.sts.config.user.SAML2Config)
HashMap(java.util.HashMap)
AuthTargetMapping(org.forgerock.openam.sts.config.user.AuthTargetMapping)
DeploymentConfig(org.forgerock.openam.sts.config.user.DeploymentConfig)
Example 3 with DeploymentConfig
use of org.forgerock.openam.sts.config.user.DeploymentConfig in project OpenAM by OpenRock.
the class RestSTSInstanceConfig method marshalFromAttributeMap.
/*
When we are marshaling back from a Map<String, Set<String>>, this Map contains all of the values, also those
contributed by encapsulated complex objects. So the structure must be 'un-flattened', where the top-level map
is passed to encapsulated complex-objects, so that they may re-constitute themselves, and then the top-level json entry
key is set to point at these re-constituted complex objects.
Not that the marshalToAttributeMap first calls toJson to obtain the map representation, albeit with hierarchical
elements, which must be subsequently flattened. The 'flattening' performed by the marshalToAttributeMap must then
be 'inverted' by this method, where all complex objects are re-constituted, using the state in the flattened map.
*/
public static RestSTSInstanceConfig marshalFromAttributeMap(Map<String, Set<String>> attributeMap) {
DeploymentConfig deploymentConfig = DeploymentConfig.marshalFromAttributeMap(attributeMap);
Map<String, Object> jsonAttributes = MapMarshallUtils.toJsonValueMap(attributeMap);
jsonAttributes.remove(DEPLOYMENT_CONFIG);
jsonAttributes.put(DEPLOYMENT_CONFIG, deploymentConfig.toJson());
SAML2Config saml2Config = SAML2Config.marshalFromAttributeMap(attributeMap);
if (saml2Config != null) {
jsonAttributes.remove(SAML2_CONFIG);
jsonAttributes.put(SAML2_CONFIG, saml2Config.toJson());
}
OpenIdConnectTokenConfig openIdConnectTokenConfig = OpenIdConnectTokenConfig.marshalFromAttributeMap(attributeMap);
if (openIdConnectTokenConfig != null) {
jsonAttributes.remove(OIDC_ID_TOKEN_CONFIG);
jsonAttributes.put(OIDC_ID_TOKEN_CONFIG, openIdConnectTokenConfig.toJson());
}
/*
The SUPPORTED_TOKEN_TRANSFORMS, CUSTOM_TOKEN_TRANSFORMS, CUSTOM_TOKEN_VALIDATORS, and CUSTOM_TOKEN_PROVIDERS
are currently each in a String representation in the Set<String> map entry corresponding
to their respective key. I need to marshal each back into a TokenTransformConfig instance, and then
call toJson on each, and put them in a JsonValue wrapping a list.
*/
ArrayList<JsonValue> jsonTranslationsList = new ArrayList<>();
JsonValue jsonTranslations = new JsonValue(jsonTranslationsList);
jsonAttributes.remove(SUPPORTED_TOKEN_TRANSFORMS);
jsonAttributes.put(SUPPORTED_TOKEN_TRANSFORMS, jsonTranslations);
Set<String> stringTokenTranslations = attributeMap.get(SUPPORTED_TOKEN_TRANSFORMS);
for (String translation : stringTokenTranslations) {
jsonTranslationsList.add(TokenTransformConfig.fromSMSString(translation).toJson());
}
ArrayList<JsonValue> jsonCustomTranslationsList = new ArrayList<>();
JsonValue jsonCustomTranslations = new JsonValue(jsonCustomTranslationsList);
jsonAttributes.remove(CUSTOM_TOKEN_TRANSFORMS);
jsonAttributes.put(CUSTOM_TOKEN_TRANSFORMS, jsonCustomTranslations);
Set<String> stringCustomTranslations = attributeMap.get(CUSTOM_TOKEN_TRANSFORMS);
for (String translation : stringCustomTranslations) {
jsonCustomTranslationsList.add(TokenTransformConfig.fromSMSString(translation).toJson());
}
ArrayList<JsonValue> jsonCustomValidatorsList = new ArrayList<>();
JsonValue jsonCustomValidators = new JsonValue(jsonCustomValidatorsList);
jsonAttributes.remove(CUSTOM_TOKEN_VALIDATORS);
jsonAttributes.put(CUSTOM_TOKEN_VALIDATORS, jsonCustomValidators);
Set<String> stringCustomValidators = attributeMap.get(CUSTOM_TOKEN_VALIDATORS);
for (String validator : stringCustomValidators) {
jsonCustomValidatorsList.add(CustomTokenOperation.fromSMSString(validator).toJson());
}
ArrayList<JsonValue> jsonCustomProvidersList = new ArrayList<>();
JsonValue jsonCustomProviders = new JsonValue(jsonCustomProvidersList);
jsonAttributes.remove(CUSTOM_TOKEN_PROVIDERS);
jsonAttributes.put(CUSTOM_TOKEN_PROVIDERS, jsonCustomProviders);
Set<String> stringCustomProviders = attributeMap.get(CUSTOM_TOKEN_PROVIDERS);
for (String provider : stringCustomProviders) {
jsonCustomProvidersList.add(CustomTokenOperation.fromSMSString(provider).toJson());
}
return fromJson(new JsonValue(jsonAttributes));
}
Also used :
SAML2Config(org.forgerock.openam.sts.config.user.SAML2Config)
JsonValue(org.forgerock.json.JsonValue)
DeploymentConfig(org.forgerock.openam.sts.config.user.DeploymentConfig)
OpenIdConnectTokenConfig(org.forgerock.openam.sts.config.user.OpenIdConnectTokenConfig)
Example 4 with DeploymentConfig
use of org.forgerock.openam.sts.config.user.DeploymentConfig in project OpenAM by OpenRock.
the class RestSTSInstanceConfigTest method createInstanceConfigWithoutSaml2Config.
/*
Create RestSTSInstanceConfig with SAML2 output tokens, but without SAML2Config, to test IllegalStateException
*/
private RestSTSInstanceConfig createInstanceConfigWithoutSaml2Config(String uriElement) throws UnsupportedEncodingException {
AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldapService").build();
DeploymentConfig deploymentConfig = DeploymentConfig.builder().uriElement(uriElement).authTargetMapping(mapping).build();
return RestSTSInstanceConfig.builder().deploymentConfig(deploymentConfig).addSupportedTokenTransform(TokenType.USERNAME, TokenType.SAML2, AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.OPENAM, TokenType.SAML2, !AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.OPENIDCONNECT, TokenType.SAML2, AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).addSupportedTokenTransform(TokenType.X509, TokenType.SAML2, AMSTSConstants.INVALIDATE_INTERIM_OPENAM_SESSION).build();
}
Also used :
AuthTargetMapping(org.forgerock.openam.sts.config.user.AuthTargetMapping)
DeploymentConfig(org.forgerock.openam.sts.config.user.DeploymentConfig)
Example 5 with DeploymentConfig
use of org.forgerock.openam.sts.config.user.DeploymentConfig in project OpenAM by OpenRock.
the class SoapDeploymentConfig method fromJson.
/**
* Used by the sts-publish serviceQName to marshal the json representation of SoapDeploymentConfig instances back to their
* native formation prior to SMS persistence.
* @param json the json representation of the SoapDeploymentConfig instance
* @return the SoapDeploymentConfig instance corresponding to the input json.
*/
public static SoapDeploymentConfig fromJson(JsonValue json) {
if (json == null) {
throw new NullPointerException("JsonValue passed to SoapDeploymentConfig#fromJson cannot be null!");
}
DeploymentConfig baseConfig = DeploymentConfig.fromJson(json);
SoapDeploymentConfigBuilderBase<?> builder = SoapDeploymentConfig.builder().authTargetMapping(baseConfig.getAuthTargetMapping()).offloadedTwoWayTLSHeaderKey(baseConfig.getOffloadedTwoWayTlsHeaderKey()).realm(baseConfig.getRealm()).tlsOffloadEngineHostIpAddrs(baseConfig.getTlsOffloadEngineHostIpAddrs()).uriElement(baseConfig.getUriElement()).amDeploymentUrl(json.get(AM_DEPLOYMENT_URL).asString()).portQName(json.get(PORT_QNAME).isString() ? QName.valueOf(json.get(PORT_QNAME).asString()) : null).serviceQName(json.get(SERVICE_QNAME).isString() ? QName.valueOf(json.get(SERVICE_QNAME).asString()) : null).customWsdlLocation(json.get(CUSTOM_WSDL_LOCATION).isString() ? json.get(CUSTOM_WSDL_LOCATION).asString() : null).customPortQName(json.get(CUSTOM_PORT_QNAME).isString() ? QName.valueOf(json.get(CUSTOM_PORT_QNAME).asString()) : null).customServiceQName(json.get(CUSTOM_SERVICE_QNAME).isString() ? QName.valueOf(json.get(CUSTOM_SERVICE_QNAME).asString()) : null).wsdlLocation(json.get(WSDL_LOCATION).asString());
return builder.build();
}
Also used :
DeploymentConfig(org.forgerock.openam.sts.config.user.DeploymentConfig)
Aggregations
DeploymentConfig (org.forgerock.openam.sts.config.user.DeploymentConfig)9
SAML2Config (org.forgerock.openam.sts.config.user.SAML2Config)6
AuthTargetMapping (org.forgerock.openam.sts.config.user.AuthTargetMapping)5
HashMap (java.util.HashMap)4
OpenIdConnectTokenConfig (org.forgerock.openam.sts.config.user.OpenIdConnectTokenConfig)3
HashSet (java.util.HashSet)2
JsonValue (org.forgerock.json.JsonValue)2
ArrayList (java.util.ArrayList)1
