use of org.forgerock.openam.sts.soap.config.user.SoapDeploymentConfig in project OpenAM by OpenRock.
the class TokenDelegationHandlersProviderTest method createInstanceConfig.
private SoapSTSInstanceConfig createInstanceConfig(boolean delegationValidatorsSpecified, boolean customDelegationHandler) throws UnsupportedEncodingException {
AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldap").build();
SoapDeploymentConfig deploymentConfig = SoapDeploymentConfig.builder().portQName(AMSTSConstants.STANDARD_STS_PORT_QNAME).serviceQName(AMSTSConstants.STANDARD_STS_SERVICE_NAME).wsdlLocation("wsdl_loc").realm("realm").amDeploymentUrl("http://host.com/am:443").uriElement("inst1222").authTargetMapping(mapping).build();
SoapSTSKeystoreConfig keystoreConfig;
keystoreConfig = SoapSTSKeystoreConfig.builder().keystoreFileName("stsstore.jks").keystorePassword("stsspass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).encryptionKeyAlias("mystskey").signatureKeyAlias("mystskey").encryptionKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).signatureKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).build();
SoapSTSInstanceConfig.SoapSTSInstanceConfigBuilderBase<?> builder = SoapSTSInstanceConfig.builder();
builder.addSecurityPolicyTokenValidationConfiguration(TokenType.OPENAM, false);
builder.addIssueTokenType(TokenType.SAML2);
Map<String, String> attributeMap = new HashMap<>();
attributeMap.put("mail", "email");
attributeMap.put("uid", "id");
SAML2Config saml2Config = SAML2Config.builder().nameIdFormat("transient").tokenLifetimeInSeconds(500000).spEntityId("http://host.com/saml2/sp/entity/id").encryptAssertion(true).signAssertion(true).encryptionAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc").encryptionKeyAlias("test").signatureKeyAlias("test").signatureKeyPassword("super.secret".getBytes()).encryptionAlgorithmStrength(128).keystoreFile("da/directory/file").keystorePassword("super.secret".getBytes()).attributeMap(attributeMap).idpId("da_idp").build();
boolean delegationRelationshipsSupported = customDelegationHandler || delegationValidatorsSpecified;
if (delegationRelationshipsSupported) {
SoapDelegationConfig.SoapDelegationConfigBuilder delegationConfigBuilder = SoapDelegationConfig.builder();
if (delegationValidatorsSpecified) {
delegationConfigBuilder.addValidatedDelegationTokenType(TokenType.USERNAME, true).addValidatedDelegationTokenType(TokenType.OPENAM, false);
}
if (customDelegationHandler) {
delegationConfigBuilder.addCustomDelegationTokenHandler("org.forgerock.openam.sts.soap.token.delegation.DefaultTokenDelegationHandler");
}
builder.soapDelegationConfig(delegationConfigBuilder.build());
}
return builder.deploymentConfig(deploymentConfig).soapSTSKeystoreConfig(keystoreConfig).saml2Config(saml2Config).delegationRelationshipsSupported(delegationRelationshipsSupported).build();
}
use of org.forgerock.openam.sts.soap.config.user.SoapDeploymentConfig in project OpenAM by OpenRock.
the class SoapSTSInstanceStateProviderTest method createInstanceConfig.
private SoapSTSInstanceConfig createInstanceConfig() throws UnsupportedEncodingException {
AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldap").build();
SoapDeploymentConfig deploymentConfig = SoapDeploymentConfig.builder().portQName(AMSTSConstants.STANDARD_STS_PORT_QNAME).serviceQName(AMSTSConstants.STANDARD_STS_SERVICE_NAME).wsdlLocation("wsdl_loc").realm("realm").amDeploymentUrl(AM_DEPLOYMENT_URL).uriElement(DEPLOYMENT_URL_ELEMENT).authTargetMapping(mapping).build();
SoapSTSKeystoreConfig keystoreConfig = SoapSTSKeystoreConfig.builder().keystoreFileName("stsstore.jks").keystorePassword("stsspass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).encryptionKeyAlias("mystskey").signatureKeyAlias("mystskey").encryptionKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).signatureKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).build();
Map<String, String> attributes = new HashMap<>();
attributes.put("email", "mail");
SAML2Config saml2Config = SAML2Config.builder().attributeMap(attributes).nameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent").spEntityId("http://host.com/sp/entity/id").idpId("da_idp").build();
return SoapSTSInstanceConfig.builder().addIssueTokenType(TokenType.SAML2).addSecurityPolicyTokenValidationConfiguration(TokenType.OPENAM, false).deploymentConfig(deploymentConfig).soapSTSKeystoreConfig(keystoreConfig).saml2Config(saml2Config).build();
}
use of org.forgerock.openam.sts.soap.config.user.SoapDeploymentConfig in project OpenAM by OpenRock.
the class SoapSTSInstancePublisherImplTest method createInstanceConfig.
private SoapSTSInstanceConfig createInstanceConfig(String uriElement, String amDeploymentUrl) throws UnsupportedEncodingException {
AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldap").build();
SoapDeploymentConfig deploymentConfig = SoapDeploymentConfig.builder().portQName(AMSTSConstants.STANDARD_STS_PORT_QNAME).serviceQName(AMSTSConstants.STANDARD_STS_SERVICE_NAME).wsdlLocation("wsdl_loc").realm("realm").amDeploymentUrl(amDeploymentUrl).uriElement(uriElement).authTargetMapping(mapping).build();
SoapSTSKeystoreConfig keystoreConfig = SoapSTSKeystoreConfig.builder().keystoreFileName("stsstore.jks").keystorePassword("frstssrvkspw".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).encryptionKeyAlias("frstssrval").encryptionKeyPassword("frstssrvpw".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).signatureKeyAlias("frstssrval").signatureKeyPassword("frstssrvpw".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).build();
SoapSTSInstanceConfig.SoapSTSInstanceConfigBuilderBase<?> builder = SoapSTSInstanceConfig.builder();
builder.addSecurityPolicyTokenValidationConfiguration(TokenType.OPENAM, false);
builder.addSecurityPolicyTokenValidationConfiguration(TokenType.USERNAME, true);
builder.addIssueTokenType(TokenType.SAML2);
Map<String, String> attributeMap = new HashMap<>();
attributeMap.put("mail", "email");
attributeMap.put("uid", "id");
SAML2Config saml2Config = SAML2Config.builder().nameIdFormat("transient").tokenLifetimeInSeconds(500000).spEntityId("http://host.com/saml2/sp/entity/id").encryptAssertion(true).signAssertion(true).encryptionAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc").encryptionKeyAlias("test").signatureKeyAlias("test").signatureKeyPassword("super.secret".getBytes()).encryptionAlgorithmStrength(128).keystoreFile("da/directory/file").keystorePassword("super.secret".getBytes()).attributeMap(attributeMap).idpId("da_idp").build();
return builder.deploymentConfig(deploymentConfig).soapSTSKeystoreConfig(keystoreConfig).saml2Config(saml2Config).build();
}
use of org.forgerock.openam.sts.soap.config.user.SoapDeploymentConfig in project OpenAM by OpenRock.
the class SoapSTSInstanceStateServiceListenerTest method createInstanceConfig.
private SoapSTSInstanceConfig createInstanceConfig(String amDeploymentUrl) throws UnsupportedEncodingException {
AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldap").build();
SoapDeploymentConfig deploymentConfig = SoapDeploymentConfig.builder().portQName(AMSTSConstants.STANDARD_STS_PORT_QNAME).serviceQName(AMSTSConstants.STANDARD_STS_SERVICE_NAME).wsdlLocation("wsdl_loc").realm("realm").amDeploymentUrl(amDeploymentUrl).uriElement(DEPLOYMENT_URL_ELEMENT).authTargetMapping(mapping).build();
SoapSTSKeystoreConfig keystoreConfig = SoapSTSKeystoreConfig.builder().keystoreFileName("stsstore.jks").keystorePassword("stsspass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).encryptionKeyAlias("mystskey").signatureKeyAlias("mystskey").encryptionKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).signatureKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).build();
Map<String, String> attributes = new HashMap<>();
attributes.put("email", "mail");
SAML2Config saml2Config = SAML2Config.builder().attributeMap(attributes).nameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent").spEntityId("http://host.com/sp/entity/id").idpId("da_idp").build();
SoapSTSInstanceConfig.SoapSTSInstanceConfigBuilderBase<?> builder = SoapSTSInstanceConfig.builder();
builder.addSecurityPolicyTokenValidationConfiguration(TokenType.OPENAM, false);
builder.addIssueTokenType(TokenType.SAML2);
return builder.deploymentConfig(deploymentConfig).soapSTSKeystoreConfig(keystoreConfig).saml2Config(saml2Config).build();
}
Aggregations