use of org.forgerock.openam.sts.soap.config.user.SoapSTSInstanceConfig in project OpenAM by OpenRock.
the class SoapSTSInstanceStateServiceListenerTest method testServiceListenerCacheInvalidation.
/**
* This test will seed the SoapSTSInstanceStateProvider class with a SoapSTSInstanceConfig instance, which should
* populate the cache entry. Then the ServiceListener#organizationalConfigChanged method will be invoked, which should
* invalidate the cache entry.
*/
@Test
public void testServiceListenerCacheInvalidation() throws UnsupportedEncodingException, STSPublishException, TokenCreationException {
SoapSTSInstanceConfig instanceConfig = createInstanceConfig("http://host.com:8080/am");
when(mockConfigStore.getSTSInstanceConfig(DEPLOYMENT_URL_ELEMENT, REALM)).thenReturn(instanceConfig);
//initializes the cache with the mocked config
provider.getSTSInstanceState(DEPLOYMENT_URL_ELEMENT, REALM);
//this should invalidate the cache. Lower-case is necessary on the DEPLOYMENT_URL_ELEMENT as
//due to ldap case-insensitivity.
serviceListener.organizationConfigChanged(AMSTSConstants.SOAP_STS_SERVICE_NAME, AMSTSConstants.SOAP_STS_SERVICE_VERSION, "irrelevant", "irrelevant", DEPLOYMENT_URL_ELEMENT.toLowerCase(), ServiceListener.REMOVED);
SoapSTSInstanceConfig instanceConfig1 = createInstanceConfig("https://host.com:443/am");
//should initialize cache with new entry when getSTSInstanceConfig is called
when(mockConfigStore.getSTSInstanceConfig(DEPLOYMENT_URL_ELEMENT, REALM)).thenReturn(instanceConfig1);
SoapSTSInstanceConfig providerConfig = provider.getSTSInstanceState(DEPLOYMENT_URL_ELEMENT, REALM).getConfig();
assertEquals(instanceConfig1, providerConfig);
assertNotEquals(instanceConfig, providerConfig);
}
use of org.forgerock.openam.sts.soap.config.user.SoapSTSInstanceConfig in project OpenAM by OpenRock.
the class SoapSTSInstanceStateServiceListenerTest method createInstanceConfig.
private SoapSTSInstanceConfig createInstanceConfig(String amDeploymentUrl) throws UnsupportedEncodingException {
AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldap").build();
SoapDeploymentConfig deploymentConfig = SoapDeploymentConfig.builder().portQName(AMSTSConstants.STANDARD_STS_PORT_QNAME).serviceQName(AMSTSConstants.STANDARD_STS_SERVICE_NAME).wsdlLocation("wsdl_loc").realm("realm").amDeploymentUrl(amDeploymentUrl).uriElement(DEPLOYMENT_URL_ELEMENT).authTargetMapping(mapping).build();
SoapSTSKeystoreConfig keystoreConfig = SoapSTSKeystoreConfig.builder().keystoreFileName("stsstore.jks").keystorePassword("stsspass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).encryptionKeyAlias("mystskey").signatureKeyAlias("mystskey").encryptionKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).signatureKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).build();
Map<String, String> attributes = new HashMap<>();
attributes.put("email", "mail");
SAML2Config saml2Config = SAML2Config.builder().attributeMap(attributes).nameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent").spEntityId("http://host.com/sp/entity/id").idpId("da_idp").build();
SoapSTSInstanceConfig.SoapSTSInstanceConfigBuilderBase<?> builder = SoapSTSInstanceConfig.builder();
builder.addSecurityPolicyTokenValidationConfiguration(TokenType.OPENAM, false);
builder.addIssueTokenType(TokenType.SAML2);
return builder.deploymentConfig(deploymentConfig).soapSTSKeystoreConfig(keystoreConfig).saml2Config(saml2Config).build();
}
use of org.forgerock.openam.sts.soap.config.user.SoapSTSInstanceConfig in project OpenAM by OpenRock.
the class SoapSTSPublishServiceRequestHandler method handleRead.
public Promise<ResourceResponse, ResourceException> handleRead(Context context, ReadRequest request) {
try {
if (EMPTY_STRING.equals(request.getResourcePath())) {
List<SoapSTSInstanceConfig> publishedInstances = publisher.getPublishedInstances();
JsonObject jsonObject = JsonValueBuilder.jsonValue();
for (SoapSTSInstanceConfig instanceConfig : publishedInstances) {
jsonObject.put(instanceConfig.getDeploymentSubPath(), mapStringToJson(instanceConfig.toJson().toString()));
}
/*
Note that the revision etag is not set, as this is not a resource which should really be cached.
If caching becomes necessary, a string composed of the hash codes of each of the SoapSTSInstanceConfig
instances could be used (or a hash of that string).
*/
return newResultPromise(newResourceResponse(PUBLISHED_INSTANCES, EMPTY_STRING, jsonObject.build()));
} else {
final String realm = getRealmFromResourceName(request.getResourcePath());
if (!realmValidator.isRealm(realm)) {
logger.warn("Read of soap STS instance state for instance " + request.getResourcePath() + " in realm " + realm + " rejected because realm does not exist");
return new NotFoundException("The specified realm does not exist.").asPromise();
}
SoapSTSInstanceConfig instanceConfig = publisher.getPublishedInstance(request.getResourcePath(), realm);
return newResultPromise(newResourceResponse(instanceConfig.getDeploymentSubPath(), getInstanceConfigEtag(instanceConfig), JsonValueBuilder.jsonValue().put(instanceConfig.getDeploymentSubPath(), mapStringToJson(instanceConfig.toJson().toString())).build()));
}
} catch (STSPublishException e) {
String message = "Exception caught obtaining soap sts instance corresponding to id: " + request.getResourcePath() + "; Exception: " + e;
logger.error(message, e);
return e.asPromise();
}
}
use of org.forgerock.openam.sts.soap.config.user.SoapSTSInstanceConfig in project OpenAM by OpenRock.
the class TokenDelegationHandlersProviderTest method createInstanceConfig.
private SoapSTSInstanceConfig createInstanceConfig(boolean delegationValidatorsSpecified, boolean customDelegationHandler) throws UnsupportedEncodingException {
AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldap").build();
SoapDeploymentConfig deploymentConfig = SoapDeploymentConfig.builder().portQName(AMSTSConstants.STANDARD_STS_PORT_QNAME).serviceQName(AMSTSConstants.STANDARD_STS_SERVICE_NAME).wsdlLocation("wsdl_loc").realm("realm").amDeploymentUrl("http://host.com/am:443").uriElement("inst1222").authTargetMapping(mapping).build();
SoapSTSKeystoreConfig keystoreConfig;
keystoreConfig = SoapSTSKeystoreConfig.builder().keystoreFileName("stsstore.jks").keystorePassword("stsspass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).encryptionKeyAlias("mystskey").signatureKeyAlias("mystskey").encryptionKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).signatureKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).build();
SoapSTSInstanceConfig.SoapSTSInstanceConfigBuilderBase<?> builder = SoapSTSInstanceConfig.builder();
builder.addSecurityPolicyTokenValidationConfiguration(TokenType.OPENAM, false);
builder.addIssueTokenType(TokenType.SAML2);
Map<String, String> attributeMap = new HashMap<>();
attributeMap.put("mail", "email");
attributeMap.put("uid", "id");
SAML2Config saml2Config = SAML2Config.builder().nameIdFormat("transient").tokenLifetimeInSeconds(500000).spEntityId("http://host.com/saml2/sp/entity/id").encryptAssertion(true).signAssertion(true).encryptionAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc").encryptionKeyAlias("test").signatureKeyAlias("test").signatureKeyPassword("super.secret".getBytes()).encryptionAlgorithmStrength(128).keystoreFile("da/directory/file").keystorePassword("super.secret".getBytes()).attributeMap(attributeMap).idpId("da_idp").build();
boolean delegationRelationshipsSupported = customDelegationHandler || delegationValidatorsSpecified;
if (delegationRelationshipsSupported) {
SoapDelegationConfig.SoapDelegationConfigBuilder delegationConfigBuilder = SoapDelegationConfig.builder();
if (delegationValidatorsSpecified) {
delegationConfigBuilder.addValidatedDelegationTokenType(TokenType.USERNAME, true).addValidatedDelegationTokenType(TokenType.OPENAM, false);
}
if (customDelegationHandler) {
delegationConfigBuilder.addCustomDelegationTokenHandler("org.forgerock.openam.sts.soap.token.delegation.DefaultTokenDelegationHandler");
}
builder.soapDelegationConfig(delegationConfigBuilder.build());
}
return builder.deploymentConfig(deploymentConfig).soapSTSKeystoreConfig(keystoreConfig).saml2Config(saml2Config).delegationRelationshipsSupported(delegationRelationshipsSupported).build();
}
use of org.forgerock.openam.sts.soap.config.user.SoapSTSInstanceConfig in project OpenAM by OpenRock.
the class TokenDelegationHandlersProviderTest method testDefaultDelegationHandler.
@Test
public void testDefaultDelegationHandler() throws UnsupportedEncodingException {
Logger mockLogger = mock(Logger.class);
ThreadLocalAMTokenCache mockTokenCache = mock(ThreadLocalAMTokenCache.class);
SoapSTSInstanceConfig instanceConfig = createInstanceConfig(DELEGATION_VALIDATORS_SPECIFIED, !CUSTOM_DELEGATION_HANDLER);
assertTrue(new TokenDelegationHandlersProvider(instanceConfig, mockTokenCache, mockLogger).get().get(0) instanceof DefaultTokenDelegationHandler);
}
Aggregations