8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: AMAuthConfigUtils.java,v 1.5 2008/06/25 05:41:51 qcheng Exp $
f61b30b8e8804b30f7e3c4eb122d6d908ae42d53Mark de Reeper * Portions Copyrighted 2011-2015 ForgeRock AS.
deab5d0e23a609e0eb9c5915e6cd0f4e26aac38fJaco Joosteimport static javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag.*;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.AuthContext;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.util.ISAuthConstants;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.sm.ServiceConfigManager;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.sm.ServiceSchemaManager;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.security.auth.login.AppConfigurationEntry;
deab5d0e23a609e0eb9c5915e6cd0f4e26aac38fJaco Joosteimport javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Authentication Configuration Utility.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static Debug debug = Debug.getInstance("amAuthConfig");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected static final String SERVICE_NAME = "iPlanetAMAuthConfiguration";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected static final String NAMED_CONFIGURATION = "Configurations";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected static final String NAMED_CONFIGURATION_ID = "NamedConfiguration";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected static final String SERVICE_VERSION = "1.0";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected static final String ATTR_VALUE_PAIR_NODE = "AttributeValuePair";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected static final String ATTR_VALUE_NODE = "Value";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static final String ATTR_NAME = "iplanet-am-auth-configuration";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected static final String MODULE_KEY = "MODULE";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected static final String USER_KEY = "USER";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected static final String ORG_KEY = "ORGANIZATION";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected static final String SERVICE_KEY = "SERVICE";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected static final String ROLE_KEY = "ROLE";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected static final String CLIENT_KEY = "CLIENT";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String AUTH_SERVICE = "iPlanetAMAuthService";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String AUTH_MODULES_ATTR =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "iplanet-am-auth-allowed-modules";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String AUTH_AUTHENTICATOR_ATTR =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "iplanet-am-auth-authenticators";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String APPLICATION_CLASS_NAME =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "com.sun.identity.authentication.modules.application.Application";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected static String bundleName = "amAuthConfig";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Parses the string value for the authentication configuration
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * based on the attribute DTD and return an array of
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>AppConfigurationEntry</code> which could be used to retrieve
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * module name, flag and options. Empty array of
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>AppConfigurationEntry</code> will be returned if the XML value
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * could not be parsed.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param xmlValue XML string value for the authentication configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Array of <code>AppConfigurationEntry</code> each contains module
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * name, flag and options.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static AppConfigurationEntry[] parseValues(String xmlValue) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "AuthConfigUtil.AppConfigurationEntry, xml=" + xmlValue);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // call util method to parse the document
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Document document = XMLUtils.toDOMDocument(xmlValue, debug);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AppConfigurationEntry[] entries = new AppConfigurationEntry[0];
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // get document elements of the documents
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Element valuePair = document.getDocumentElement();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // retrieve child elements (<Value>) of the root (<AttributeValuePair>)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // each element corresponding to one AppConfigurationEntry
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // new AppConfigurationEntry[] according to children number
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AppConfigurationEntry[] entries = new AppConfigurationEntry[number];
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // process each child
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Processes value of the Auth Configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The value consists of thress part :
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * module_name flag options
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * there could only be one A/V pair in options, e.g. instance=/iplanet/ldap
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static AppConfigurationEntry processValue(Node node) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("ConfigUtils.processValue, value=" + node.toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String value = node.getFirstChild().getNodeValue();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ConfigUtils.processValue, invalid value=" + value);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // construct string tokenizer
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster StringTokenizer st = new StringTokenizer(value);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ConfigUtils.processValue, wrong config : " + value);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // set module & flag
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // check control flag
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AppConfigurationEntry.LoginModuleControlFlag cFlag = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUIRED;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cFlag = AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cFlag = AppConfigurationEntry.LoginModuleControlFlag.REQUISITE;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster cFlag = AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.error("ConfigUtils.processValue, invalid flag : " + value);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // process options if any
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // process next options
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (k != -1) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //set.add("Empty");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return new AppConfigurationEntry(moduleName, cFlag, options);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the authentication configuration name given the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>AuthContext.IndexType</code> and <code>indexName</code>. The
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication configuration name will be used as the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>configName</code> for <code>getAppConfigurationEntry()</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * function in <code>AMConfiguration</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param indexType The <code>AuthContext.IndexType</code>, one of the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * following values:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>AuthContext.IndexType.MODULE_INSTANCE</code>,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>AuthContext.IndexType.SERVICE</code>,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>AuthContext.IndexType.ROLE</code> or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>AuthContext.IndexType.USER </code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param indexName The corresponding index value for the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>IndexType</code>, for <code>ROLE</code> and
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>USER</code>, DNs must be passed in.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param organizationDN DN for the login organization.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param clientType Client type, example <code>genericHTML</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMConfigurationException if <code>indexType</code> is not
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * supported.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Corresponding authentication configuration name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (indexType == AuthContext.IndexType.MODULE_INSTANCE) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return MODULE_KEY + "=" + indexName + ";" + ORG_KEY + "=" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster organizationDN.toLowerCase()+";"+CLIENT_KEY + "=" + clientType;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (indexType == AuthContext.IndexType.ROLE) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return ROLE_KEY + "=" + indexName + ";" + ORG_KEY + "=" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster organizationDN .toLowerCase()+";"+CLIENT_KEY + "=" + clientType;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (indexType == AuthContext.IndexType.SERVICE) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return SERVICE_KEY + "=" + indexName + ";" + ORG_KEY + "=" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster organizationDN .toLowerCase()+";"+CLIENT_KEY + "=" + clientType;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (indexType == AuthContext.IndexType.USER) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return USER_KEY + "=" + indexName + ";" + ORG_KEY + "=" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster organizationDN.toLowerCase()+";"+CLIENT_KEY + "=" + clientType;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Invalid IndexType, throw exception
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AMConfigurationException(bundleName, "invalidIndexType");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the authentication configuration name for the organization based
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication. The authentication configuration name will be used as
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the <code>configName</code> for <code>getAppConfigurationEntry()</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * function in <code>AMConfiguration</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param organizationDN DN for the login organization.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param clientType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Corresponding authentication configuration name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return ORG_KEY + "=" + organizationDN + ";" + CLIENT_KEY + "=" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Converts a List of authentication configuration to XML string
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * representation according to following DTD.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <!-- AttributeValuePair defines the values used to specify
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication configuration information. -->
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <!ELEMENT AttributeValuePair (Value*) >
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <!-- Value defines one authentication configuration -->
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <!ELEMENT Value (#PCDATA) >
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param configs List of configurations to be processed, each value
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * consists of following parts separated by blank space:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>module_name</code> flag <code>option1</code>,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>option2</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return XML representation of the configuration .
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String convertToXMLString(List configs) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("convertToXMLString : " + configs.toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append('<').append(ATTR_VALUE_PAIR_NODE).append('>');
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append('<').append(ATTR_VALUE_NODE).append('>').append(it.next()).
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster append("</").append(ATTR_VALUE_NODE).append('>');
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append("</").append(ATTR_VALUE_PAIR_NODE).append('>');
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("convertToXMLString : return " + sb.toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Creates an authentication configuration in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>iPlanetAMAuthConfiguration</code> service. This method will be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * used by console to manage configurations for different services.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param configName Name of the authentication configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param priority Priority of this authentication configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param attributeDataMap Map of authentication service attributes.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgName Organization DN.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token Single sign on token.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SMSException if failed to store the configuration because
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of SM Exception.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException if single sign on token is not valid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMConfigurationException if the <code>configName</code> is null.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ) throws SMSException, SSOException, AMConfigurationException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("createNamedConfig name=" + configName + ", value=" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check if name is valid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (configName == null || configName.length() == 0) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AMConfigurationException(bundleName, "null-name");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfigManager scm = new ServiceConfigManager(token,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig orgConfig = scm.getOrganizationConfig(orgName, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgConfig = scm.createOrganizationConfig(orgName, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig authConfig = orgConfig.getSubConfig(NAMED_CONFIGURATION);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgConfig.addSubConfig(NAMED_CONFIGURATION, null, 0, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authConfig = orgConfig.getSubConfig(NAMED_CONFIGURATION);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /*Map map = new HashMap();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set set = new HashSet();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // construct the xml for value, and add it as value for the map
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster set.add(convertToXMLString(configs));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster map.put(ATTR_NAME, set); */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // add sub config
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authConfig.addSubConfig(configName, NAMED_CONFIGURATION_ID,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Replaces an existing authentication configuration defined in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>iPlanetAMAuthConfiguration</code> service. This method will be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * used by console to manage configurations for different services.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param configName Name of the authentication configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param priority Priority of the configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param attributeDataMap Map of authentication service attributes.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgName Organization DN.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token Single sign on token.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SMSException if failed to set the configuration because
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of SM Exception.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException if single sign on token is not valid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMConfigurationException if <code>configName</code> is null or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * not defined.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ) throws SMSException, SSOException, AMConfigurationException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("replaceNamedConfig name=" + configName + ", value=" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check if name is valid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AMConfigurationException(bundleName, "null-name");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Get the named config node
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfigManager scm = new ServiceConfigManager(token,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig oConfig = scm.getOrganizationConfig(orgName, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // service not registered
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig namedConfig = oConfig.getSubConfig(NAMED_CONFIGURATION);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // named configuration not exists
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig pConfig = namedConfig.getSubConfig(configName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // configuration does not exist
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AMConfigurationException(bundleName, "config-not-exists");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Construct the named config
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /*String configXml = convertToXMLString(configs);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Map attrs = new HashMap();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set set = new HashSet();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster set.add(configXml);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster attrs.put(ATTR_NAME, set);*/
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // do the replacement in named config
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // return the xml string
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //return configXml;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Removes an authentication configuration defined in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>iPlanetAMAuthConfiguration</code> service. This method will be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * used by console to manage configurations for different services.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param configName Name of the authentication configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgName Organization DN.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token Single Sign On token.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SMSException if failed to delete the configuration because
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of SM Exception.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException if single sign on token is not valid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMConfigurationException if <code>configName</code> is null
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * or not defined .
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ) throws SMSException, SSOException, AMConfigurationException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("removeNamedConfig name=" + configName + ",org=" +
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check if name is valid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AMConfigurationException(bundleName, "null-name");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Get service config for named config node
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfigManager scm = new ServiceConfigManager(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig oConfig = scm.getOrganizationConfig(orgName, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // service not registered
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig namedConfig = oConfig.getSubConfig(NAMED_CONFIGURATION);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // named configuration not exists
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // get the config
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig pConfig = namedConfig.getSubConfig(configName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // configuration does not exist
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AMConfigurationException(bundleName, "config-not-exists");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // do the removal of config
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns all the authentication configurations defined in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>iPlanetAMAuthConfiguration</code> service. This method will be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * used by console to manage configurations for different services.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgName Organization DN.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token Single Sign On token.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Set which contains all the configuration names
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SMSException if failed to get configurations because
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of SM Exception.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException if single sign on token is not valid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Set getAllNamedConfig(String orgName, SSOToken token)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((orgName != null) && (orgName.length() != 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("getAllNamedConfig org=" + orgName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Get the named config node
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfigManager scm = new ServiceConfigManager(token,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig oConfig = scm.getOrganizationConfig(orgName, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // service not registered
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig namedConfig = oConfig.getSubConfig(NAMED_CONFIGURATION);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // named configuration not exists
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // get all sub config names
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the authentication configuration defined in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>iPlanetAMAuthConfiguration</code> service as XML string.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This method will be used by console to manage configurations for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * different services.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Here is a sample XML string for an authentication configuration
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <AttributeValuePair> <br>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <Value>com.sun.identity.authentication.modules.LDAP required
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * debug=true</Value><br>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <Value>com.sun.identity.authentication.modules.RADIUS
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * optional</Value>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * </AttributeValuePair>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This means user need to pass a required LDAP Login module, then an
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * optional RADIUS Login module.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param configName Name of the authentication configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgName Organization DN.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token Single Sign On token.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Map containing authentication service attributes.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SMSException if failed to get the configuration because
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of SM Exception.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws SSOException if single sign on token is not valid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMConfigurationException if <code>configName</code> is null or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * not defined.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ) throws SMSException, SSOException, AMConfigurationException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "getNamedConfig name=" + configName + ",org=" + orgName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check if name is valid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AMConfigurationException(bundleName, "null-name");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // get configuration using SM API
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfigManager scm = new ServiceConfigManager(token,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // retrieve subconfig
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig orgConfig = scm.getOrganizationConfig(orgName, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // service not registered
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig authConfig = orgConfig.getSubConfig(NAMED_CONFIGURATION);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // named configuration not exists
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceConfig conf = authConfig.getSubConfig(configName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // configuration does not exist
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster throw new AMConfigurationException(bundleName, "config-not-exists");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // retrieve attribute
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster /*Set value = (Set) map.get(ATTR_NAME);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (value == null || value.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (String) value.iterator().next();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns module name from complete class name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param className Class name, example
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>com.sun.identity.authentication.modules.ldap.LDAP</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return module name, e.g. "LDAP"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getModuleName(String className) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // dot is the last character in className
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns SM service name based on module name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param module Login module name, e.g. "LDAP"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Service name for the login module, example
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>iPlanetAMAuthLDAPService</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getModuleServiceName(String module) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return "iPlanetAMAuthRadiusService";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getNewModuleServiceName(String module) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return ISAuthConstants.AUTH_ATTR_PREFIX_NEW + module + "Service";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns authentication level attribute name for module name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param attrs parameter map of the module service.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param module Login module name, e.g. "LDAP".
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return attribute name for authentication level
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * example <code>iplanet-am-auth-ldap-auth-level</code> or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>sunIdentityServerLDAPAuthLevel</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String getAuthLevelAttribute(Map attrs, String module) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // auth level attribute must follow this naming convention
f61b30b8e8804b30f7e3c4eb122d6d908ae42d53Mark de Reeper String attrName = ISAuthConstants.AUTH_ATTR_PREFIX + module.toLowerCase() + "-auth-level";
f61b30b8e8804b30f7e3c4eb122d6d908ae42d53Mark de Reeper attrName = ISAuthConstants.AUTH_ATTR_PREFIX_FORGEROCK + module.toLowerCase() + "-auth-level";
f61b30b8e8804b30f7e3c4eb122d6d908ae42d53Mark de Reeper attrName = ISAuthConstants.AUTH_ATTR_PREFIX_NEW + module + "AuthLevel";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns service schema object for the authentication configuration
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * subschema.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token Single Sign On token.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Service Schema.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws AMConfigurationException if there are errors accessing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static ServiceSchema getServiceSchema(SSOToken token)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchema orgSchema = scm.getOrganizationSchema();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns all supported authentication modules
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token Single Sign On token to be using for accessing configuration
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * information.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Map contains all modules, key is the module name (e.g. LDAP),
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * value is the complete class name (example
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>com.sun.identity.authentication.modules.ldap.LDAP</code>)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Map getAllAuthModules(SSOToken token) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // get auth global attribute
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // if this is too slow, might need to consider listener option
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchemaManager scm = new ServiceSchemaManager(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set classes = (Set) attrs.get("iplanet-am-auth-authenticators");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // skip Application module here since it is internal
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "com.sun.identity.authentication.modules.application.Application"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("getAllAuthModules. process " + name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String tmp = name.substring(dot + 1, name.length());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // ignore exception
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns all supported authentication modules in an Organization
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If there are not modules configured at the Organization level
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * then the authentication modules set at Global level will be returned.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgDN organization DN.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token single sign on token.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return Map contains all modules, key is the module name (e.g. LDAP),
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * value is the complete class name (e.g.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>com.sun.identity.authentication.modules.ldap.LDAP</code>)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Map getAllAuthModules(String orgDN,SSOToken token) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // get auth global attribute
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMStoreConnection dpStore = new AMStoreConnection(token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster (AMOrganization) dpStore.getOrganization(orgDN);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster AMTemplate template = org.getTemplate(AUTH_SERVICE,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authenticators = (Set)attrs.get(AUTH_MODULES_ATTR);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Set globalAuth = getGlobalAuthenticators(token);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((authenticators != null) && (!authenticators.isEmpty())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster modules = constructModulesList(authenticators, globalAuth);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster modules = constructModulesList(globalAuth, null);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("Returning modules : " + modules);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Parses the string value for the authentication configuration
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * based on the attribute DTD and return a List of
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>AuthConfigurationEntry</code> which could be used to retrieve
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * module name, flag and options. Empty List will be returned if the XML
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * value could not be parsed.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param xmlValue XML value for the authentication configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return List of <code>AuthConfigurationEntry</code> contains module
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * name, flag and options.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static List xmlToAuthConfigurationEntry(String xmlValue) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("AuthConfUtil.xmltoentries, xml=" +xmlValue);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // call util method to parse the document
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Document document = XMLUtils.toDOMDocument(xmlValue, debug);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // get document elements of the documents
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Element valuePair = document.getDocumentElement();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // retrieve child elements (<Value>) of the root (<AttributeValuePair>)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // each element corresponding to one AuthConfigurationEntry
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // process each child
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster entries.add(new AuthConfigurationEntry(children.item(i)));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // continue next item
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Converts a List of <code>AuthConfigurationEntry</code> to XML
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * representation according to following DTD.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <!-- AttributeValuePair defines the values used to specify
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication configuration information. -->
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <!ELEMENT AttributeValuePair (Value*) >
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <!-- Value defines one authentication configuration -->
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <!ELEMENT Value (#PCDATA) >
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param entries List of <code>AuthConfigurationEntry</code> to be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * processed.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return XML representation of the configuration.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static String authConfigurationEntryToXMLString(List entries) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("convertToXMLString : " + entries);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append('<').append(ATTR_VALUE_PAIR_NODE).append('>');
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append('<').append(ATTR_VALUE_NODE).append('>')
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster .append(entry.getLoginModuleName()).append(' ')
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster .append(entry.getControlFlag().toString()).append(' ');
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append("</").append(ATTR_VALUE_NODE).append('>');
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster sb.append("</").append(ATTR_VALUE_PAIR_NODE).append('>');
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("convertToXMLString : return " + sb.toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Creates a map where key is the module name and value is the fully
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * qualified class name of the module.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param classes Set of class name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param globalAuth
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static Map constructModulesList(Set classes, Set globalAuth) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("constructModulesList : classes : " + classes);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // skip Application module here since it is internal
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("getAllAuthModules. process " + name);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String tmp = name.substring(dot + 1, name.length());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if ((globalAuth != null) && (!globalAuth.isEmpty())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the fully qualified class name of the Module. Returns the module
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Name if class name is not found.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param moduleName Name of authentication module.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param globalAuth
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static String getAuthenticatorClassName(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // skip Application module here since it is internal
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster String tmp = name.substring(dot+1,name.length());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster debug.message("fullClassName is : " + fullClassName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the global authenticators.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param token Single sign on token to access configuration information.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return the global Authenticators.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public static Set getGlobalAuthenticators(SSOToken token) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ServiceSchemaManager scm = new ServiceSchemaManager(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster globalAuth = (Set)attrs.get(AUTH_AUTHENTICATOR_ATTR);
deab5d0e23a609e0eb9c5915e6cd0f4e26aac38fJaco Jooste * Get the string representation of the {@link LoginModuleControlFlag}.
deab5d0e23a609e0eb9c5915e6cd0f4e26aac38fJaco Jooste * @param controlFlag The {@link LoginModuleControlFlag}
deab5d0e23a609e0eb9c5915e6cd0f4e26aac38fJaco Jooste * @return A string representing the {@link LoginModuleControlFlag}.
deab5d0e23a609e0eb9c5915e6cd0f4e26aac38fJaco Jooste public static String getControlFlagAsString(LoginModuleControlFlag controlFlag) {
deab5d0e23a609e0eb9c5915e6cd0f4e26aac38fJaco Jooste return "REQUIRED";
deab5d0e23a609e0eb9c5915e6cd0f4e26aac38fJaco Jooste return "OPTIONAL";
deab5d0e23a609e0eb9c5915e6cd0f4e26aac38fJaco Jooste return "REQUISITE";
deab5d0e23a609e0eb9c5915e6cd0f4e26aac38fJaco Jooste return "SUFFICIENT";