use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.
the class TrustService method searchSAMLTrustRelationships.
public List<GluuSAMLTrustRelationship> searchSAMLTrustRelationships(String pattern, int sizeLimit) {
String[] targetArray = new String[] { pattern };
Filter displayNameFilter = Filter.createSubstringFilter(OxTrustConstants.displayName, null, targetArray, null);
Filter descriptionFilter = Filter.createSubstringFilter(OxTrustConstants.description, null, targetArray, null);
Filter inameFilter = Filter.createSubstringFilter(OxTrustConstants.iname, null, targetArray, null);
Filter inumFilter = Filter.createSubstringFilter(OxTrustConstants.inum, null, targetArray, null);
Filter searchFilter = Filter.createORFilter(displayNameFilter, descriptionFilter, inameFilter, inumFilter);
List<GluuSAMLTrustRelationship> result = ldapEntryManager.findEntries(getDnForTrustRelationShip(null), GluuSAMLTrustRelationship.class, searchFilter, 0, sizeLimit);
return result;
}
use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.
the class TrustService method getAllActiveTrustRelationships.
public List<GluuSAMLTrustRelationship> getAllActiveTrustRelationships() {
GluuSAMLTrustRelationship trustRelationship = new GluuSAMLTrustRelationship();
trustRelationship.setBaseDn(getDnForTrustRelationShip(null));
trustRelationship.setStatus(GluuStatus.ACTIVE);
return ldapEntryManager.findEntries(trustRelationship);
}
use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.
the class TrustService method addTrustRelationship.
public void addTrustRelationship(GluuSAMLTrustRelationship trustRelationship) {
log.info("Creating TR " + trustRelationship.getInum());
String[] clusterMembers = appConfiguration.getClusteredInums();
String applianceInum = appConfiguration.getApplianceInum();
if (clusterMembers == null || clusterMembers.length == 0) {
log.debug("there is no cluster configuration. Assuming standalone appliance.");
clusterMembers = new String[] { applianceInum };
}
String dn = trustRelationship.getDn();
for (String clusterMember : clusterMembers) {
String clusteredDN = StringHelper.replaceLast(dn, applianceInum, clusterMember);
trustRelationship.setDn(clusteredDN);
GluuSAMLTrustRelationship tr = new GluuSAMLTrustRelationship();
tr.setDn(trustRelationship.getDn());
if (!containsTrustRelationship(tr)) {
log.debug("Adding TR" + clusteredDN);
OrganizationalUnit ou = new OrganizationalUnit();
ou.setDn(getDnForTrustRelationShip(null));
if (!ldapEntryManager.contains(ou)) {
ldapEntryManager.persist(ou);
}
ldapEntryManager.persist(trustRelationship);
} else {
ldapEntryManager.merge(trustRelationship);
}
}
trustRelationship.setDn(dn);
}
use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.
the class EntityIDMonitoringService method process.
public void process() {
log.trace("Starting entityId monitoring process.");
log.trace("EVENT_METADATA_ENTITY_ID_UPDATE Starting");
for (GluuSAMLTrustRelationship tr : trustService.getAllTrustRelationships()) {
log.trace("Evaluating TR " + tr.getDn());
boolean meatadataAvailable = tr.getSpMetaDataFN() != null && StringHelper.isNotEmpty(tr.getSpMetaDataFN());
log.trace("meatadataAvailable:" + meatadataAvailable);
boolean correctType = tr.getContainerFederation() == null;
log.trace("correctType:" + correctType);
boolean isValidated = GluuValidationStatus.VALIDATION_SUCCESS.equals(tr.getValidationStatus());
log.trace("isValidated:" + isValidated);
if (meatadataAvailable && correctType && isValidated) {
String idpMetadataFolder = appConfiguration.getShibboleth3IdpRootDir() + File.separator + Shibboleth3ConfService.SHIB3_IDP_METADATA_FOLDER + File.separator;
File metadataFile = new File(idpMetadataFolder + tr.getSpMetaDataFN());
List<String> entityIds = SAMLMetadataParser.getEntityIdFromMetadataFile(metadataFile);
log.trace("entityIds from metadata: " + serviceUtil.iterableToString(entityIds));
Set<String> entityIdSet = new TreeSet<String>();
if (entityIds != null && !entityIds.isEmpty()) {
Set<String> duplicatesSet = new TreeSet<String>();
for (String entityId : entityIds) {
if (!entityIdSet.add(entityId)) {
duplicatesSet.add(entityId);
}
}
}
log.trace("unique entityIds: " + serviceUtil.iterableToString(entityIdSet));
Collection<String> disjunction = CollectionUtils.disjunction(entityIdSet, tr.getGluuEntityId());
log.trace("entityIds disjunction: " + serviceUtil.iterableToString(disjunction));
if (!disjunction.isEmpty()) {
log.trace("entityIds disjunction is not empty. Somthing has changed. Processing further.");
tr.setGluuEntityId(entityIdSet);
if (tr.isFederation()) {
List<GluuSAMLTrustRelationship> parts = trustService.getDeconstructedTrustRelationships(tr);
for (GluuSAMLTrustRelationship part : parts) {
log.trace("Processing TR part: " + part.getDn());
boolean isActive = part.getStatus() != null && GluuStatus.ACTIVE.equals(part.getStatus());
log.trace("isActive:" + isActive);
boolean entityIdPresent = entityIdSet != null && entityIdSet.contains(part.getEntityId());
log.trace("entityIdPresent:" + entityIdPresent);
boolean previouslyDisabled = part.getValidationLog() != null && part.getValidationLog().contains(ENTITY_ID_VANISHED_MESSAGE + " : " + part.getEntityId());
log.trace("previouslyDisabled:" + previouslyDisabled);
if (isActive && !entityIdPresent) {
log.trace("no entityId found for part : " + part.getDn());
part.setStatus(GluuStatus.INACTIVE);
List<String> log = new ArrayList<String>();
log.add(ENTITY_ID_VANISHED_MESSAGE + " : " + part.getEntityId());
part.setValidationLog(log);
trustService.updateTrustRelationship(part);
}
if (entityIdPresent && previouslyDisabled) {
log.trace("entityId found for part : " + part.getDn());
part.setStatus(GluuStatus.ACTIVE);
List<String> log = part.getValidationLog();
List<String> updatedLog = new ArrayList<String>(log);
updatedLog.remove(ENTITY_ID_VANISHED_MESSAGE + " : " + part.getEntityId());
if (updatedLog.isEmpty()) {
updatedLog = null;
}
part.setValidationLog(updatedLog);
trustService.updateTrustRelationship(part);
}
}
}
trustService.updateTrustRelationship(tr);
}
}
}
}
use of org.gluu.oxtrust.model.GluuSAMLTrustRelationship in project oxTrust by GluuFederation.
the class ShibbolethInitializer method createShibbolethConfiguration.
public boolean createShibbolethConfiguration() {
boolean createConfig = appConfiguration.isConfigGeneration();
log.info("IDP config generation is set to " + createConfig);
if (createConfig) {
String gluuSPInum;
GluuSAMLTrustRelationship gluuSP;
try {
gluuSPInum = applianceService.getAppliance().getGluuSPTR();
// log.info("########## gluuSPInum = " + gluuSPInum);
gluuSP = new GluuSAMLTrustRelationship();
gluuSP.setDn(trustService.getDnForTrustRelationShip(gluuSPInum));
} catch (EntryPersistenceException ex) {
log.error("Failed to determine SP inum", ex);
return false;
}
// log.info("########## gluuSP.getDn() = " + gluuSP.getDn());
boolean servicesNeedRestarting = false;
if (gluuSPInum == null || !trustService.containsTrustRelationship(gluuSP)) {
log.info("No trust relationships exist in LDAP. Adding gluuSP");
// GluuAppliance appliance = applianceService.getAppliance();
// appliance.setGluuSPTR(null);
// applianceService.updateAppliance(appliance);
shibboleth3ConfService.addGluuSP();
servicesNeedRestarting = true;
}
gluuSP = trustService.getRelationshipByInum(applianceService.getAppliance().getGluuSPTR());
List<GluuSAMLTrustRelationship> trustRelationships = trustService.getAllActiveTrustRelationships();
/*
if (trustRelationships != null && !trustRelationships.isEmpty()) {
for (GluuSAMLTrustRelationship gluuSAMLTrustRelationship : trustRelationships) {
log.info("########## gluuSAMLTrustRelationship.getDn() = " + gluuSAMLTrustRelationship.getDn());
}
}
*/
String shibbolethVersion = appConfiguration.getShibbolethVersion();
log.info("########## shibbolethVersion = " + shibbolethVersion);
shibboleth3ConfService.generateMetadataFiles(gluuSP);
shibboleth3ConfService.generateConfigurationFiles(trustRelationships);
shibboleth3ConfService.removeUnusedCredentials();
shibboleth3ConfService.removeUnusedMetadata();
if (servicesNeedRestarting) {
applianceService.restartServices();
}
}
return true;
}
Aggregations