Example 11 with GluuSAMLTrustRelationship
use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.
the class Shibboleth3ConfService method initAttributeParamMap.
private HashMap<String, Object> initAttributeParamMap(List<GluuSAMLTrustRelationship> trustRelationships) {
HashMap<String, Object> attrParams = new HashMap<String, Object>();
// Collect attributes
List<GluuAttribute> attributes = new ArrayList<GluuAttribute>();
List<String> attributeNames = new ArrayList<String>();
for (GluuSAMLTrustRelationship trustRelationship : trustRelationships) {
for (GluuCustomAttribute customAttribute : trustRelationship.getReleasedCustomAttributes()) {
GluuAttribute metadata = customAttribute.getMetadata();
if (!attributes.contains(metadata)) {
attributes.add(metadata);
String attributeName = metadata.getName();
attributeNames.add(attributeName);
}
}
}
SchemaEntry schemaEntry = shemaService.getSchema();
List<AttributeTypeDefinition> attributeTypes = shemaService.getAttributeTypeDefinitions(schemaEntry, attributeNames);
Map<String, String> attributeSAML1Strings = new HashMap<String, String>();
Map<String, String> attributeSAML2Strings = new HashMap<String, String>();
for (GluuAttribute metadata : attributes) {
String attributeName = metadata.getName();
AttributeTypeDefinition attributeTypeDefinition = shemaService.getAttributeTypeDefinition(attributeTypes, attributeName);
if (attributeTypeDefinition == null) {
log.error("Failed to get OID for attribute name {}", attributeName);
return null;
}
//
// urn::dir:attribute-def:$attribute.name
// urn:oid:$attrParams.attributeOids.get($attribute.name)
String saml1String = metadata.getSaml1Uri();
if (StringHelper.isEmpty(saml1String)) {
boolean standard = metadata.isCustom() || StringHelper.isEmpty(metadata.getUrn()) || (!StringHelper.isEmpty(metadata.getUrn()) && metadata.getUrn().startsWith("urn:gluu:dir:attribute-def:"));
saml1String = String.format("urn:%s:dir:attribute-def:%s", standard ? "gluu" : "mace", attributeName);
}
attributeSAML1Strings.put(attributeName, saml1String);
String saml2String = metadata.getSaml2Uri();
if (StringHelper.isEmpty(saml2String)) {
saml2String = String.format("urn:oid:%s", attributeTypeDefinition.getOID());
}
attributeSAML2Strings.put(attributeName, saml2String);
}
attrParams.put("attributes", attributes);
attrParams.put("attributeSAML1Strings", attributeSAML1Strings);
attrParams.put("attributeSAML2Strings", attributeSAML2Strings);
return attrParams;
}
Also used :
GluuSAMLTrustRelationship(org.gluu.oxtrust.model.GluuSAMLTrustRelationship)
GluuCustomAttribute(org.gluu.oxtrust.model.GluuCustomAttribute)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
SchemaEntry(org.xdi.model.SchemaEntry)
GluuAttribute(org.xdi.model.GluuAttribute)
AttributeTypeDefinition(com.unboundid.ldap.sdk.schema.AttributeTypeDefinition)
Example 12 with GluuSAMLTrustRelationship
use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.
the class Shibboleth3ConfService method initTrustParamMap.
/*
* Prepare trustRelationships to generate files
*/
private HashMap<String, Object> initTrustParamMap(List<GluuSAMLTrustRelationship> trustRelationships) {
log.trace("Starting trust parameters map initialization.");
HashMap<String, Object> trustParams = new HashMap<String, Object>();
// Metadata signature verification engines
// https://wiki.shibboleth.net/confluence/display/SHIB2/IdPTrustEngine
List<Map<String, String>> trustEngines = new ArrayList<Map<String, String>>();
// the map of {inum,number} for easy naming of relying parties.
Map<String, String> trustIds = new HashMap<String, String>();
// Trust relationships that are part of some federation
List<GluuSAMLTrustRelationship> deconstructed = new ArrayList<GluuSAMLTrustRelationship>();
// the map of {inum,number} for easy naming of federated relying
// parties.
Map<String, String> deconstructedIds = new HashMap<String, String>();
// the map of {inum, {inum, inum, inum...}} describing the federations
// and TRs defined from them.
Map<String, List<String>> deconstructedMap = new HashMap<String, List<String>>();
// entityIds defined in each TR.
Map<String, List<String>> trustEntityIds = new HashMap<String, List<String>>();
int id = 1;
for (GluuSAMLTrustRelationship trustRelationship : trustRelationships) {
boolean isPartOfFederation = !(trustRelationship.getSpMetaDataSourceType() == GluuMetadataSourceType.URI || trustRelationship.getSpMetaDataSourceType() == GluuMetadataSourceType.FILE);
if (!isPartOfFederation) {
// Set Id
trustIds.put(trustRelationship.getInum(), String.valueOf(id++));
// Set entityId
String idpMetadataFolder = getIdpMetadataDir();
File metadataFile = new File(idpMetadataFolder + trustRelationship.getSpMetaDataFN());
List<String> entityIds = SAMLMetadataParser.getEntityIdFromMetadataFile(metadataFile);
// user will be able to fix this in UI
if (entityIds == null) {
trustRelationship.setStatus(GluuStatus.INACTIVE);
trustService.updateTrustRelationship(trustRelationship);
continue;
}
trustEntityIds.put(trustRelationship.getInum(), entityIds);
try {
filterService.parseFilters(trustRelationship);
profileConfigurationService.parseProfileConfigurations(trustRelationship);
} catch (Exception e) {
log.error("Failed to parse stored metadataFilter configuration for trustRelationship " + trustRelationship.getDn(), e);
e.printStackTrace();
}
if (trustRelationship.getMetadataFilters().get("signatureValidation") != null) {
Map<String, String> trustEngine = new HashMap<String, String>();
trustEngine.put("id", "Trust" + StringHelper.removePunctuation(trustRelationship.getInum()));
trustEngine.put("certPath", appConfiguration.getShibboleth3IdpRootDir() + File.separator + SHIB3_IDP_METADATA_FOLDER + File.separator + "credentials" + File.separator + trustRelationship.getMetadataFilters().get("signatureValidation").getFilterCertFileName());
trustEngines.add(trustEngine);
}
// If there is an intrusive filter - push it to the end of the list.
if (trustRelationship.getGluuSAMLMetaDataFilter() != null) {
List<String> filtersList = new ArrayList<String>();
String entityRoleWhiteList = null;
for (String filterXML : trustRelationship.getGluuSAMLMetaDataFilter()) {
Document xmlDocument;
try {
xmlDocument = xmlService.getXmlDocument(filterXML.getBytes());
} catch (Exception e) {
log.error("GluuSAMLMetaDataFilter contains invalid value.", e);
e.printStackTrace();
continue;
}
if (xmlDocument.getFirstChild().getAttributes().getNamedItem("xsi:type").getNodeValue().equals(FilterService.ENTITY_ROLE_WHITE_LIST_TYPE)) {
entityRoleWhiteList = filterXML;
continue;
}
filtersList.add(filterXML);
}
if (entityRoleWhiteList != null) {
filtersList.add(entityRoleWhiteList);
}
trustRelationship.setGluuSAMLMetaDataFilter(filtersList);
}
} else {
String federationInum = trustRelationship.getContainerFederation().getInum();
if (deconstructedMap.get(federationInum) == null) {
deconstructedMap.put(federationInum, new ArrayList<String>());
}
deconstructedMap.get(federationInum).add(trustRelationship.getEntityId());
deconstructed.add(trustRelationship);
deconstructedIds.put(trustRelationship.getEntityId(), String.valueOf(id++));
}
}
for (String trustRelationshipInum : trustEntityIds.keySet()) {
List<String> federatedSites = deconstructedMap.get(trustRelationshipInum);
if (federatedSites != null) {
trustEntityIds.get(trustRelationshipInum).removeAll(federatedSites);
}
}
trustParams.put("idpCredentialsPath", appConfiguration.getShibboleth3IdpRootDir() + File.separator + SHIB3_IDP_METADATA_FOLDER + File.separator + "credentials" + File.separator);
trustParams.put("deconstructed", deconstructed);
trustParams.put("deconstructedIds", deconstructedIds);
trustParams.put("trustEngines", trustEngines);
trustParams.put("trusts", trustRelationships);
trustParams.put("trustIds", trustIds);
trustParams.put("trustEntityIds", trustEntityIds);
return trustParams;
}
Also used :
GluuSAMLTrustRelationship(org.gluu.oxtrust.model.GluuSAMLTrustRelationship)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
Document(org.w3c.dom.Document)
InvalidConfigurationException(org.xdi.util.exception.InvalidConfigurationException)
XPathExpressionException(javax.xml.xpath.XPathExpressionException)
SAXException(org.xml.sax.SAXException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
EncryptionException(org.xdi.util.security.StringEncrypter.EncryptionException)
IOException(java.io.IOException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
List(java.util.List)
ArrayList(java.util.ArrayList)
Map(java.util.Map)
HashMap(java.util.HashMap)
SubversionFile(org.gluu.oxtrust.model.SubversionFile)
File(java.io.File)
Example 13 with GluuSAMLTrustRelationship
use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.
the class Shibboleth3ConfService method getConfigurationFilesForSubversion.
public List<SubversionFile> getConfigurationFilesForSubversion(List<GluuSAMLTrustRelationship> trustRelationships) {
if (appConfiguration.getShibboleth3IdpRootDir() == null) {
throw new InvalidConfigurationException("Failed to create SubversionFile file due to undefined IDP root folder");
}
String idpConfFolder = getIdpConfDir();
String idpMetadataFolder = appConfiguration.getShibboleth3IdpRootDir() + File.separator + SHIB3_IDP_METADATA_FOLDER + File.separator;
String idpMetadataCredentialsFolder = appConfiguration.getShibboleth3IdpRootDir() + File.separator + SHIB3_IDP_METADATA_CREDENTIALS_FOLDER + File.separator;
String spConfFolder = appConfiguration.getShibboleth3SpConfDir() + File.separator;
List<SubversionFile> subversionFiles = new ArrayList<SubversionFile>();
subversionFiles.add(new SubversionFile(SHIB3_IDP, idpConfFolder + SHIB3_IDP_ATTRIBUTE_RESOLVER_FILE));
subversionFiles.add(new SubversionFile(SHIB3_IDP, idpConfFolder + SHIB3_IDP_ATTRIBUTE_FILTER_FILE));
subversionFiles.add(new SubversionFile(SHIB3_IDP, idpConfFolder + SHIB3_IDP_RELYING_PARTY_FILE));
subversionFiles.add(new SubversionFile(SHIB3_SP, spConfFolder + SHIB3_SP_ATTRIBUTE_MAP_FILE));
subversionFiles.add(new SubversionFile(SHIB3_SP, spConfFolder + SHIB3_SP_SHIBBOLETH2_FILE));
for (GluuSAMLTrustRelationship trustRelationship : trustRelationships) {
if (trustRelationship.getContainerFederation() == null) {
subversionFiles.add(new SubversionFile(SHIB3_IDP + File.separator + SHIB3_IDP_METADATA_FOLDER, idpMetadataFolder + trustRelationship.getSpMetaDataFN()));
}
if (trustRelationship.getMetadataFilters().containsKey("signatureValidation")) {
subversionFiles.add(new SubversionFile(SHIB3_IDP + File.separator + SHIB3_IDP_METADATA_CREDENTIALS_FOLDER, idpMetadataCredentialsFolder + StringHelper.removePunctuation(trustRelationship.getInum())));
}
}
return subversionFiles;
}
Also used :
GluuSAMLTrustRelationship(org.gluu.oxtrust.model.GluuSAMLTrustRelationship)
ArrayList(java.util.ArrayList)
SubversionFile(org.gluu.oxtrust.model.SubversionFile)
InvalidConfigurationException(org.xdi.util.exception.InvalidConfigurationException)
Example 14 with GluuSAMLTrustRelationship
use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.
the class Shibboleth3ConfService method generateSpAttributeMapFile.
public String generateSpAttributeMapFile(GluuSAMLTrustRelationship trustRelationship) {
List<GluuSAMLTrustRelationship> trustRelationships = Arrays.asList(trustRelationship);
initAttributes(trustRelationships);
HashMap<String, Object> attrParams = initAttributeParamMap(trustRelationships);
if (attrParams == null) {
return null;
}
VelocityContext context = prepareVelocityContext(null, attrParams, null, null);
String spAttributeMap = templateService.generateConfFile(SHIB3_SP_ATTRIBUTE_MAP_FILE, context);
return spAttributeMap;
}
Also used :
GluuSAMLTrustRelationship(org.gluu.oxtrust.model.GluuSAMLTrustRelationship)
VelocityContext(org.apache.velocity.VelocityContext)
Example 15 with GluuSAMLTrustRelationship
use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.
the class SvnSyncTimer method commitShibboleth3Configuration.
private void commitShibboleth3Configuration(List<GluuSAMLTrustRelationship> trustRelationships) {
synchronized (this) {
List<SubversionFile> subversionFiles = new ArrayList<SubversionFile>();
try {
subversionFiles = subversionService.getDifferentFiles(shibboleth3ConfService.getConfigurationFilesForSubversion(trustRelationships));
} catch (IOException e) {
log.error("Failed to prepare files list to be persisted in svn", e);
}
List<SubversionFile> removeSubversionFiles = new ArrayList<SubversionFile>();
while (!removedTrustRelationship.isEmpty()) {
Pair<GluuSAMLTrustRelationship, String> removedRelationship = removedTrustRelationship.poll();
SubversionFile file = shibboleth3ConfService.getConfigurationFileForSubversion(removedRelationship.getValue0());
if (file != null) {
removeSubversionFiles.add(file);
}
}
String idpSvnComment = "";
// Find all TRs modified not by user.
for (SubversionFile file : subversionFiles) {
String filename = file.getLocalFile();
if (filename.matches(".*/DA[0-9A-F]*-sp-metadata\\.xml")) {
boolean found = false;
String inum = filename.replaceAll("-sp-metadata\\.xml", "").replaceAll(".*/", "");
for (Pair<GluuSAMLTrustRelationship, String> trust : alteredTrustRelations) {
if (StringHelper.removePunctuation(trust.getValue0().getInum()).equals(inum)) {
found = true;
break;
}
}
if (!found) {
GluuSAMLTrustRelationship unknownTrust = trustService.getTrustByUnpunctuatedInum(inum);
if (unknownTrust != null) {
idpSvnComment += "Trust relationship '" + unknownTrust.getDisplayName() + "' was updated automatically\n";
} else {
idpSvnComment += "Appliance have no information about '" + filename + "'. Please report this issue to appliance admin.\n";
}
}
}
}
log.debug("Files to be persisted in repository: " + StringHelper.toString(subversionFiles.toArray(new SubversionFile[] {})));
log.debug("Files to be removed from repository: " + StringHelper.toString(removeSubversionFiles.toArray(new SubversionFile[] {})));
if (!subversionService.commitShibboleth3ConfigurationFiles(organizationService.getOrganization(), subversionFiles, removeSubversionFiles, svnComment + idpSvnComment)) {
log.error("Failed to commit Shibboleth3 configuration to SVN repository");
} else {
svnComment = "";
alteredTrustRelations.clear();
log.info("Shibboleth3 configuration commited successfully to SVN repository");
}
}
}
Also used :
GluuSAMLTrustRelationship(org.gluu.oxtrust.model.GluuSAMLTrustRelationship)
ArrayList(java.util.ArrayList)
IOException(java.io.IOException)
SubversionFile(org.gluu.oxtrust.model.SubversionFile)
Aggregations
GluuSAMLTrustRelationship (org.gluu.oxtrust.model.GluuSAMLTrustRelationship)28
ArrayList (java.util.ArrayList)10
GluuAttribute (org.xdi.model.GluuAttribute)5
File (java.io.File)4
IOException (java.io.IOException)4
SubversionFile (org.gluu.oxtrust.model.SubversionFile)4
LdapMappingException (org.gluu.site.ldap.persistence.exception.LdapMappingException)3
HashMap (java.util.HashMap)2
HashSet (java.util.HashSet)2
List (java.util.List)2
TreeSet (java.util.TreeSet)2
GluuCustomAttribute (org.gluu.oxtrust.model.GluuCustomAttribute)2
OrganizationalUnit (org.gluu.oxtrust.model.OrganizationalUnit)2
InvalidConfigurationException (org.xdi.util.exception.InvalidConfigurationException)2
Filter (com.unboundid.ldap.sdk.Filter)1
AttributeTypeDefinition (com.unboundid.ldap.sdk.schema.AttributeTypeDefinition)1
FileInputStream (java.io.FileInputStream)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
CertificateEncodingException (java.security.cert.CertificateEncodingException)1
LinkedList (java.util.LinkedList)1
