Search in sources :

Example 16 with GluuSAMLTrustRelationship

use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.

the class TrustService method searchSAMLTrustRelationships.

public List<GluuSAMLTrustRelationship> searchSAMLTrustRelationships(String pattern, int sizeLimit) {
    String[] targetArray = new String[] { pattern };
    Filter displayNameFilter = Filter.createSubstringFilter(OxTrustConstants.displayName, null, targetArray, null);
    Filter descriptionFilter = Filter.createSubstringFilter(OxTrustConstants.description, null, targetArray, null);
    Filter inameFilter = Filter.createSubstringFilter(OxTrustConstants.iname, null, targetArray, null);
    Filter inumFilter = Filter.createSubstringFilter(OxTrustConstants.inum, null, targetArray, null);
    Filter searchFilter = Filter.createORFilter(displayNameFilter, descriptionFilter, inameFilter, inumFilter);
    List<GluuSAMLTrustRelationship> result = ldapEntryManager.findEntries(getDnForTrustRelationShip(null), GluuSAMLTrustRelationship.class, searchFilter, 0, sizeLimit);
    return result;
}
Also used : GluuSAMLTrustRelationship(org.gluu.oxtrust.model.GluuSAMLTrustRelationship) Filter(com.unboundid.ldap.sdk.Filter)

Example 17 with GluuSAMLTrustRelationship

use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.

the class TrustService method getAllActiveTrustRelationships.

public List<GluuSAMLTrustRelationship> getAllActiveTrustRelationships() {
    GluuSAMLTrustRelationship trustRelationship = new GluuSAMLTrustRelationship();
    trustRelationship.setBaseDn(getDnForTrustRelationShip(null));
    trustRelationship.setStatus(GluuStatus.ACTIVE);
    return ldapEntryManager.findEntries(trustRelationship);
}
Also used : GluuSAMLTrustRelationship(org.gluu.oxtrust.model.GluuSAMLTrustRelationship)

Example 18 with GluuSAMLTrustRelationship

use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.

the class TrustService method addTrustRelationship.

public void addTrustRelationship(GluuSAMLTrustRelationship trustRelationship) {
    log.info("Creating TR " + trustRelationship.getInum());
    String[] clusterMembers = appConfiguration.getClusteredInums();
    String applianceInum = appConfiguration.getApplianceInum();
    if (clusterMembers == null || clusterMembers.length == 0) {
        log.debug("there is no cluster configuration. Assuming standalone appliance.");
        clusterMembers = new String[] { applianceInum };
    }
    String dn = trustRelationship.getDn();
    for (String clusterMember : clusterMembers) {
        String clusteredDN = StringHelper.replaceLast(dn, applianceInum, clusterMember);
        trustRelationship.setDn(clusteredDN);
        GluuSAMLTrustRelationship tr = new GluuSAMLTrustRelationship();
        tr.setDn(trustRelationship.getDn());
        if (!containsTrustRelationship(tr)) {
            log.debug("Adding TR" + clusteredDN);
            OrganizationalUnit ou = new OrganizationalUnit();
            ou.setDn(getDnForTrustRelationShip(null));
            if (!ldapEntryManager.contains(ou)) {
                ldapEntryManager.persist(ou);
            }
            ldapEntryManager.persist(trustRelationship);
        } else {
            ldapEntryManager.merge(trustRelationship);
        }
    }
    trustRelationship.setDn(dn);
}
Also used : GluuSAMLTrustRelationship(org.gluu.oxtrust.model.GluuSAMLTrustRelationship) OrganizationalUnit(org.gluu.oxtrust.model.OrganizationalUnit)

Example 19 with GluuSAMLTrustRelationship

use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.

the class EntityIDMonitoringService method process.

public void process() {
    log.trace("Starting entityId monitoring process.");
    log.trace("EVENT_METADATA_ENTITY_ID_UPDATE Starting");
    for (GluuSAMLTrustRelationship tr : trustService.getAllTrustRelationships()) {
        log.trace("Evaluating TR " + tr.getDn());
        boolean meatadataAvailable = tr.getSpMetaDataFN() != null && StringHelper.isNotEmpty(tr.getSpMetaDataFN());
        log.trace("meatadataAvailable:" + meatadataAvailable);
        boolean correctType = tr.getContainerFederation() == null;
        log.trace("correctType:" + correctType);
        boolean isValidated = GluuValidationStatus.VALIDATION_SUCCESS.equals(tr.getValidationStatus());
        log.trace("isValidated:" + isValidated);
        if (meatadataAvailable && correctType && isValidated) {
            String idpMetadataFolder = appConfiguration.getShibboleth3IdpRootDir() + File.separator + Shibboleth3ConfService.SHIB3_IDP_METADATA_FOLDER + File.separator;
            File metadataFile = new File(idpMetadataFolder + tr.getSpMetaDataFN());
            List<String> entityIds = SAMLMetadataParser.getEntityIdFromMetadataFile(metadataFile);
            log.trace("entityIds from metadata: " + serviceUtil.iterableToString(entityIds));
            Set<String> entityIdSet = new TreeSet<String>();
            if (entityIds != null && !entityIds.isEmpty()) {
                Set<String> duplicatesSet = new TreeSet<String>();
                for (String entityId : entityIds) {
                    if (!entityIdSet.add(entityId)) {
                        duplicatesSet.add(entityId);
                    }
                }
            }
            log.trace("unique entityIds: " + serviceUtil.iterableToString(entityIdSet));
            Collection<String> disjunction = CollectionUtils.disjunction(entityIdSet, tr.getGluuEntityId());
            log.trace("entityIds disjunction: " + serviceUtil.iterableToString(disjunction));
            if (!disjunction.isEmpty()) {
                log.trace("entityIds disjunction is not empty. Somthing has changed. Processing further.");
                tr.setGluuEntityId(entityIdSet);
                if (tr.isFederation()) {
                    List<GluuSAMLTrustRelationship> parts = trustService.getDeconstructedTrustRelationships(tr);
                    for (GluuSAMLTrustRelationship part : parts) {
                        log.trace("Processing TR part: " + part.getDn());
                        boolean isActive = part.getStatus() != null && GluuStatus.ACTIVE.equals(part.getStatus());
                        log.trace("isActive:" + isActive);
                        boolean entityIdPresent = entityIdSet != null && entityIdSet.contains(part.getEntityId());
                        log.trace("entityIdPresent:" + entityIdPresent);
                        boolean previouslyDisabled = part.getValidationLog() != null && part.getValidationLog().contains(ENTITY_ID_VANISHED_MESSAGE + " : " + part.getEntityId());
                        log.trace("previouslyDisabled:" + previouslyDisabled);
                        if (isActive && !entityIdPresent) {
                            log.trace("no entityId found for part : " + part.getDn());
                            part.setStatus(GluuStatus.INACTIVE);
                            List<String> log = new ArrayList<String>();
                            log.add(ENTITY_ID_VANISHED_MESSAGE + " : " + part.getEntityId());
                            part.setValidationLog(log);
                            trustService.updateTrustRelationship(part);
                        }
                        if (entityIdPresent && previouslyDisabled) {
                            log.trace("entityId found for part : " + part.getDn());
                            part.setStatus(GluuStatus.ACTIVE);
                            List<String> log = part.getValidationLog();
                            List<String> updatedLog = new ArrayList<String>(log);
                            updatedLog.remove(ENTITY_ID_VANISHED_MESSAGE + " : " + part.getEntityId());
                            if (updatedLog.isEmpty()) {
                                updatedLog = null;
                            }
                            part.setValidationLog(updatedLog);
                            trustService.updateTrustRelationship(part);
                        }
                    }
                }
                trustService.updateTrustRelationship(tr);
            }
        }
    }
}
Also used : GluuSAMLTrustRelationship(org.gluu.oxtrust.model.GluuSAMLTrustRelationship) TreeSet(java.util.TreeSet) ArrayList(java.util.ArrayList) File(java.io.File)

Example 20 with GluuSAMLTrustRelationship

use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.

the class ShibbolethInitializer method createShibbolethConfiguration.

public boolean createShibbolethConfiguration() {
    boolean createConfig = appConfiguration.isConfigGeneration();
    log.info("IDP config generation is set to " + createConfig);
    if (createConfig) {
        String gluuSPInum;
        GluuSAMLTrustRelationship gluuSP;
        try {
            gluuSPInum = applianceService.getAppliance().getGluuSPTR();
            // log.info("########## gluuSPInum = " + gluuSPInum);
            gluuSP = new GluuSAMLTrustRelationship();
            gluuSP.setDn(trustService.getDnForTrustRelationShip(gluuSPInum));
        } catch (EntryPersistenceException ex) {
            log.error("Failed to determine SP inum", ex);
            return false;
        }
        // log.info("########## gluuSP.getDn() = " + gluuSP.getDn());
        boolean servicesNeedRestarting = false;
        if (gluuSPInum == null || !trustService.containsTrustRelationship(gluuSP)) {
            log.info("No trust relationships exist in LDAP. Adding gluuSP");
            //				GluuAppliance appliance = applianceService.getAppliance();
            //				appliance.setGluuSPTR(null);
            //				applianceService.updateAppliance(appliance);
            shibboleth3ConfService.addGluuSP();
            servicesNeedRestarting = true;
        }
        gluuSP = trustService.getRelationshipByInum(applianceService.getAppliance().getGluuSPTR());
        List<GluuSAMLTrustRelationship> trustRelationships = trustService.getAllActiveTrustRelationships();
        /*
			if (trustRelationships != null && !trustRelationships.isEmpty()) {
				for (GluuSAMLTrustRelationship gluuSAMLTrustRelationship : trustRelationships) {
					log.info("########## gluuSAMLTrustRelationship.getDn() = " + gluuSAMLTrustRelationship.getDn());
				}
			}
			*/
        String shibbolethVersion = appConfiguration.getShibbolethVersion();
        log.info("########## shibbolethVersion = " + shibbolethVersion);
        shibboleth3ConfService.generateMetadataFiles(gluuSP);
        shibboleth3ConfService.generateConfigurationFiles(trustRelationships);
        shibboleth3ConfService.removeUnusedCredentials();
        shibboleth3ConfService.removeUnusedMetadata();
        if (servicesNeedRestarting) {
            applianceService.restartServices();
        }
    }
    return true;
}
Also used : GluuSAMLTrustRelationship(org.gluu.oxtrust.model.GluuSAMLTrustRelationship) EntryPersistenceException(org.gluu.site.ldap.persistence.exception.EntryPersistenceException)

Aggregations

GluuSAMLTrustRelationship (org.gluu.oxtrust.model.GluuSAMLTrustRelationship)28 ArrayList (java.util.ArrayList)10 GluuAttribute (org.xdi.model.GluuAttribute)5 File (java.io.File)4 IOException (java.io.IOException)4 SubversionFile (org.gluu.oxtrust.model.SubversionFile)4 LdapMappingException (org.gluu.site.ldap.persistence.exception.LdapMappingException)3 HashMap (java.util.HashMap)2 HashSet (java.util.HashSet)2 List (java.util.List)2 TreeSet (java.util.TreeSet)2 GluuCustomAttribute (org.gluu.oxtrust.model.GluuCustomAttribute)2 OrganizationalUnit (org.gluu.oxtrust.model.OrganizationalUnit)2 InvalidConfigurationException (org.xdi.util.exception.InvalidConfigurationException)2 Filter (com.unboundid.ldap.sdk.Filter)1 AttributeTypeDefinition (com.unboundid.ldap.sdk.schema.AttributeTypeDefinition)1 FileInputStream (java.io.FileInputStream)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 CertificateEncodingException (java.security.cert.CertificateEncodingException)1 LinkedList (java.util.LinkedList)1