Search in sources :

Example 1 with SoapSTSInstanceConfig

use of org.forgerock.openam.sts.soap.config.user.SoapSTSInstanceConfig in project OpenAM by OpenRock.

the class SoapSTSInstanceStateServiceListenerTest method testServiceListenerCacheInvalidation.

/**
     * This test will seed the SoapSTSInstanceStateProvider class with a SoapSTSInstanceConfig instance, which should
     * populate the cache entry. Then the ServiceListener#organizationalConfigChanged method will be invoked, which should
     * invalidate the cache entry.
     */
@Test
public void testServiceListenerCacheInvalidation() throws UnsupportedEncodingException, STSPublishException, TokenCreationException {
    SoapSTSInstanceConfig instanceConfig = createInstanceConfig("http://host.com:8080/am");
    when(mockConfigStore.getSTSInstanceConfig(DEPLOYMENT_URL_ELEMENT, REALM)).thenReturn(instanceConfig);
    //initializes the cache with the mocked config
    provider.getSTSInstanceState(DEPLOYMENT_URL_ELEMENT, REALM);
    //this should invalidate the cache. Lower-case is necessary on the DEPLOYMENT_URL_ELEMENT as
    //due to ldap case-insensitivity.
    serviceListener.organizationConfigChanged(AMSTSConstants.SOAP_STS_SERVICE_NAME, AMSTSConstants.SOAP_STS_SERVICE_VERSION, "irrelevant", "irrelevant", DEPLOYMENT_URL_ELEMENT.toLowerCase(), ServiceListener.REMOVED);
    SoapSTSInstanceConfig instanceConfig1 = createInstanceConfig("https://host.com:443/am");
    //should initialize cache with new entry when getSTSInstanceConfig is called
    when(mockConfigStore.getSTSInstanceConfig(DEPLOYMENT_URL_ELEMENT, REALM)).thenReturn(instanceConfig1);
    SoapSTSInstanceConfig providerConfig = provider.getSTSInstanceState(DEPLOYMENT_URL_ELEMENT, REALM).getConfig();
    assertEquals(instanceConfig1, providerConfig);
    assertNotEquals(instanceConfig, providerConfig);
}
Also used : SoapSTSInstanceConfig(org.forgerock.openam.sts.soap.config.user.SoapSTSInstanceConfig) Test(org.testng.annotations.Test) BeforeTest(org.testng.annotations.BeforeTest)

Example 2 with SoapSTSInstanceConfig

use of org.forgerock.openam.sts.soap.config.user.SoapSTSInstanceConfig in project OpenAM by OpenRock.

the class SoapSTSInstanceStateServiceListenerTest method createInstanceConfig.

private SoapSTSInstanceConfig createInstanceConfig(String amDeploymentUrl) throws UnsupportedEncodingException {
    AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldap").build();
    SoapDeploymentConfig deploymentConfig = SoapDeploymentConfig.builder().portQName(AMSTSConstants.STANDARD_STS_PORT_QNAME).serviceQName(AMSTSConstants.STANDARD_STS_SERVICE_NAME).wsdlLocation("wsdl_loc").realm("realm").amDeploymentUrl(amDeploymentUrl).uriElement(DEPLOYMENT_URL_ELEMENT).authTargetMapping(mapping).build();
    SoapSTSKeystoreConfig keystoreConfig = SoapSTSKeystoreConfig.builder().keystoreFileName("stsstore.jks").keystorePassword("stsspass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).encryptionKeyAlias("mystskey").signatureKeyAlias("mystskey").encryptionKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).signatureKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).build();
    Map<String, String> attributes = new HashMap<>();
    attributes.put("email", "mail");
    SAML2Config saml2Config = SAML2Config.builder().attributeMap(attributes).nameIdFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent").spEntityId("http://host.com/sp/entity/id").idpId("da_idp").build();
    SoapSTSInstanceConfig.SoapSTSInstanceConfigBuilderBase<?> builder = SoapSTSInstanceConfig.builder();
    builder.addSecurityPolicyTokenValidationConfiguration(TokenType.OPENAM, false);
    builder.addIssueTokenType(TokenType.SAML2);
    return builder.deploymentConfig(deploymentConfig).soapSTSKeystoreConfig(keystoreConfig).saml2Config(saml2Config).build();
}
Also used : SoapSTSKeystoreConfig(org.forgerock.openam.sts.soap.config.user.SoapSTSKeystoreConfig) SAML2Config(org.forgerock.openam.sts.config.user.SAML2Config) SoapSTSInstanceConfig(org.forgerock.openam.sts.soap.config.user.SoapSTSInstanceConfig) AuthTargetMapping(org.forgerock.openam.sts.config.user.AuthTargetMapping) HashMap(java.util.HashMap) SoapDeploymentConfig(org.forgerock.openam.sts.soap.config.user.SoapDeploymentConfig)

Example 3 with SoapSTSInstanceConfig

use of org.forgerock.openam.sts.soap.config.user.SoapSTSInstanceConfig in project OpenAM by OpenRock.

the class SoapSTSPublishServiceRequestHandler method handleRead.

public Promise<ResourceResponse, ResourceException> handleRead(Context context, ReadRequest request) {
    try {
        if (EMPTY_STRING.equals(request.getResourcePath())) {
            List<SoapSTSInstanceConfig> publishedInstances = publisher.getPublishedInstances();
            JsonObject jsonObject = JsonValueBuilder.jsonValue();
            for (SoapSTSInstanceConfig instanceConfig : publishedInstances) {
                jsonObject.put(instanceConfig.getDeploymentSubPath(), mapStringToJson(instanceConfig.toJson().toString()));
            }
            /*
                Note that the revision etag is not set, as this is not a resource which should really be cached.
                If caching becomes necessary, a string composed of the hash codes of each of the SoapSTSInstanceConfig
                instances could be used (or a hash of that string).
                 */
            return newResultPromise(newResourceResponse(PUBLISHED_INSTANCES, EMPTY_STRING, jsonObject.build()));
        } else {
            final String realm = getRealmFromResourceName(request.getResourcePath());
            if (!realmValidator.isRealm(realm)) {
                logger.warn("Read of soap STS instance state for instance " + request.getResourcePath() + " in realm " + realm + " rejected because realm does not exist");
                return new NotFoundException("The specified realm does not exist.").asPromise();
            }
            SoapSTSInstanceConfig instanceConfig = publisher.getPublishedInstance(request.getResourcePath(), realm);
            return newResultPromise(newResourceResponse(instanceConfig.getDeploymentSubPath(), getInstanceConfigEtag(instanceConfig), JsonValueBuilder.jsonValue().put(instanceConfig.getDeploymentSubPath(), mapStringToJson(instanceConfig.toJson().toString())).build()));
        }
    } catch (STSPublishException e) {
        String message = "Exception caught obtaining soap sts instance corresponding to id: " + request.getResourcePath() + "; Exception: " + e;
        logger.error(message, e);
        return e.asPromise();
    }
}
Also used : SoapSTSInstanceConfig(org.forgerock.openam.sts.soap.config.user.SoapSTSInstanceConfig) STSPublishException(org.forgerock.openam.sts.STSPublishException) JsonObject(org.forgerock.openam.utils.JsonObject) NotFoundException(org.forgerock.json.resource.NotFoundException)

Example 4 with SoapSTSInstanceConfig

use of org.forgerock.openam.sts.soap.config.user.SoapSTSInstanceConfig in project OpenAM by OpenRock.

the class TokenDelegationHandlersProviderTest method createInstanceConfig.

private SoapSTSInstanceConfig createInstanceConfig(boolean delegationValidatorsSpecified, boolean customDelegationHandler) throws UnsupportedEncodingException {
    AuthTargetMapping mapping = AuthTargetMapping.builder().addMapping(TokenType.USERNAME, "service", "ldap").build();
    SoapDeploymentConfig deploymentConfig = SoapDeploymentConfig.builder().portQName(AMSTSConstants.STANDARD_STS_PORT_QNAME).serviceQName(AMSTSConstants.STANDARD_STS_SERVICE_NAME).wsdlLocation("wsdl_loc").realm("realm").amDeploymentUrl("http://host.com/am:443").uriElement("inst1222").authTargetMapping(mapping).build();
    SoapSTSKeystoreConfig keystoreConfig;
    keystoreConfig = SoapSTSKeystoreConfig.builder().keystoreFileName("stsstore.jks").keystorePassword("stsspass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).encryptionKeyAlias("mystskey").signatureKeyAlias("mystskey").encryptionKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).signatureKeyPassword("stskpass".getBytes(AMSTSConstants.UTF_8_CHARSET_ID)).build();
    SoapSTSInstanceConfig.SoapSTSInstanceConfigBuilderBase<?> builder = SoapSTSInstanceConfig.builder();
    builder.addSecurityPolicyTokenValidationConfiguration(TokenType.OPENAM, false);
    builder.addIssueTokenType(TokenType.SAML2);
    Map<String, String> attributeMap = new HashMap<>();
    attributeMap.put("mail", "email");
    attributeMap.put("uid", "id");
    SAML2Config saml2Config = SAML2Config.builder().nameIdFormat("transient").tokenLifetimeInSeconds(500000).spEntityId("http://host.com/saml2/sp/entity/id").encryptAssertion(true).signAssertion(true).encryptionAlgorithm("http://www.w3.org/2001/04/xmlenc#aes128-cbc").encryptionKeyAlias("test").signatureKeyAlias("test").signatureKeyPassword("super.secret".getBytes()).encryptionAlgorithmStrength(128).keystoreFile("da/directory/file").keystorePassword("super.secret".getBytes()).attributeMap(attributeMap).idpId("da_idp").build();
    boolean delegationRelationshipsSupported = customDelegationHandler || delegationValidatorsSpecified;
    if (delegationRelationshipsSupported) {
        SoapDelegationConfig.SoapDelegationConfigBuilder delegationConfigBuilder = SoapDelegationConfig.builder();
        if (delegationValidatorsSpecified) {
            delegationConfigBuilder.addValidatedDelegationTokenType(TokenType.USERNAME, true).addValidatedDelegationTokenType(TokenType.OPENAM, false);
        }
        if (customDelegationHandler) {
            delegationConfigBuilder.addCustomDelegationTokenHandler("org.forgerock.openam.sts.soap.token.delegation.DefaultTokenDelegationHandler");
        }
        builder.soapDelegationConfig(delegationConfigBuilder.build());
    }
    return builder.deploymentConfig(deploymentConfig).soapSTSKeystoreConfig(keystoreConfig).saml2Config(saml2Config).delegationRelationshipsSupported(delegationRelationshipsSupported).build();
}
Also used : SoapSTSKeystoreConfig(org.forgerock.openam.sts.soap.config.user.SoapSTSKeystoreConfig) SAML2Config(org.forgerock.openam.sts.config.user.SAML2Config) SoapSTSInstanceConfig(org.forgerock.openam.sts.soap.config.user.SoapSTSInstanceConfig) SoapDelegationConfig(org.forgerock.openam.sts.soap.config.user.SoapDelegationConfig) AuthTargetMapping(org.forgerock.openam.sts.config.user.AuthTargetMapping) HashMap(java.util.HashMap) SoapDeploymentConfig(org.forgerock.openam.sts.soap.config.user.SoapDeploymentConfig)

Example 5 with SoapSTSInstanceConfig

use of org.forgerock.openam.sts.soap.config.user.SoapSTSInstanceConfig in project OpenAM by OpenRock.

the class TokenDelegationHandlersProviderTest method testDefaultDelegationHandler.

@Test
public void testDefaultDelegationHandler() throws UnsupportedEncodingException {
    Logger mockLogger = mock(Logger.class);
    ThreadLocalAMTokenCache mockTokenCache = mock(ThreadLocalAMTokenCache.class);
    SoapSTSInstanceConfig instanceConfig = createInstanceConfig(DELEGATION_VALIDATORS_SPECIFIED, !CUSTOM_DELEGATION_HANDLER);
    assertTrue(new TokenDelegationHandlersProvider(instanceConfig, mockTokenCache, mockLogger).get().get(0) instanceof DefaultTokenDelegationHandler);
}
Also used : SoapSTSInstanceConfig(org.forgerock.openam.sts.soap.config.user.SoapSTSInstanceConfig) ThreadLocalAMTokenCache(org.forgerock.openam.sts.token.ThreadLocalAMTokenCache) Logger(org.slf4j.Logger) Test(org.testng.annotations.Test)

Aggregations

SoapSTSInstanceConfig (org.forgerock.openam.sts.soap.config.user.SoapSTSInstanceConfig)15 Test (org.testng.annotations.Test)8 HashMap (java.util.HashMap)5 STSPublishException (org.forgerock.openam.sts.STSPublishException)4 AuthTargetMapping (org.forgerock.openam.sts.config.user.AuthTargetMapping)3 SAML2Config (org.forgerock.openam.sts.config.user.SAML2Config)3 SoapDeploymentConfig (org.forgerock.openam.sts.soap.config.user.SoapDeploymentConfig)3 SoapSTSKeystoreConfig (org.forgerock.openam.sts.soap.config.user.SoapSTSKeystoreConfig)3 ThreadLocalAMTokenCache (org.forgerock.openam.sts.token.ThreadLocalAMTokenCache)3 Logger (org.slf4j.Logger)3 BeforeTest (org.testng.annotations.BeforeTest)3 Map (java.util.Map)2 Server (org.apache.cxf.endpoint.Server)2 SecurityTokenServiceProvider (org.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider)2 JsonValue (org.forgerock.json.JsonValue)2 BadRequestException (org.forgerock.json.resource.BadRequestException)2 NotFoundException (org.forgerock.json.resource.NotFoundException)2 HashSet (java.util.HashSet)1 JsonException (org.forgerock.json.JsonException)1 JsonPointer (org.forgerock.json.JsonPointer)1