package com.sun.identity.monitoring;
import com.sun.identity.shared.Constants;
import com.sun.identity.shared.debug.Debug;
import com.sun.jdmk.comm.AuthInfo;
import com.sun.jdmk.comm.HtmlAdaptorServer;
import java.rmi.registry.LocateRegistry;
import java.rmi.registry.Registry;
import java.rmi.server.UnicastRemoteObject;
import java.text.SimpleDateFormat;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import org.forgerock.openam.monitoring.cts.CtsMonitoring;
import org.forgerock.openam.monitoring.cts.FORGEROCK_OPENAM_CTS_MIB;
import org.forgerock.openam.monitoring.cts.FORGEROCK_OPENAM_CTS_MIBImpl;
* The Agent class provides a simple example on how to use the SNMP
* protocol adaptor.
* A subset of MIB II (RFC1213) is implemented. The MIB is loaded and
* initialized. As such you can now see the MIB using your favorite
* SNMP manager, or you can use a web browser and see the MIB through
* the HTML adaptor.
* When calling the program, you can specify:
* - nb_traps: number of traps the SNMP agent will send.
* If not specified, the agent will send traps continuously.
* In this example, the SNMP adaptor is started on port 8085, and the
* traps are sent to the port 8086, i.e. non standard ports for SNMP.
* As such you do not need to be root to start the agent.
public class Agent {
private static SnmpAdaptorServer snmpAdaptor = null;
private static HtmlAdaptorServer htmlAdaptor = null;
private static Debug debug;
* This variable defines the number of traps this agent has to send.
* If not specified in the command line arguments, the traps will be
* sent continuously.
private static int nbTraps = -1;
private static boolean agentStarted;
private static MBeanServer server;
private static ObjectName htmlObjName;
private static ObjectName snmpObjName;
private static ObjectName sunMibObjName;
private static ObjectName forgerockCtsMibObjName;
private static int monHtmlPort;
private static int monSnmpPort;
private static int monRmiPort;
private static String monAuthFilePath;
private static String ssoProtocol;
private static String ssoName;
private static String ssoPort;
private static String ssoURI;
private static String ssoSiteID;
private static String ssoServerID;
private static boolean dsIsEmbedded;
private static Hashtable<String, String> siteIdTable;
private static Hashtable<String, String> serverIDTable;
private static Hashtable<String, String> namingTable;
private static Map<String, String> siteToURL;
private static Map<String, String> URLToSite;
private static String startDate;
private static JMXConnectorServer cs;
//static mib references
static FORGEROCK_OPENAM_CTS_MIBImpl forgerockCtsMib;
private static SSOServerInfo agentSvrInfo;
private static Map<String, Integer> realm2Index = new HashMap<String, Integer>(); // realm name to index map
private static Map<Integer, String> index2Realm = new HashMap<Integer, String>(); // index to realm name map
private static Map<String, String> realm2DN = new HashMap<String, String>(); // realm name to DN map
private static Map<String, String> DN2Realm = new HashMap(); // DN to realm name map
private static Map<String, SsoServerAuthModulesEntryImpl> realmAuthInst =
new HashMap<String, SsoServerAuthModulesEntryImpl>(); // realm|authname entries
private static Map<String, SsoServerSAML2IDPEntryImpl> realmSAML2IDPs =
new HashMap<String, SsoServerSAML2IDPEntryImpl>(); // realm|idp entries
private static Map<String, SsoServerSAML2SPEntryImpl> realmSAML2SPs =
new HashMap<String, SsoServerSAML2SPEntryImpl>(); // realm|sp entries
private static boolean monitoringEnabled;
private static boolean monHtmlPortEnabled;
private static boolean monSnmpPortEnabled;
private static boolean monRmiPortEnabled;
private static boolean isSessFOEnabled;
private static SimpleDateFormat sdf =
new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
public static final int MON_CONFIG_DISABLED = -1;
public static final int MON_MBEANSRVR_PROBLEM = -2;
public static final int MON_RMICONNECTOR_PROBLEM = -3;
public static final int MON_CREATEMIB_PROBLEM = -4;
public static final int MON_READATTRS_PROBLEM = -5;
static final String NotAvail = "NotAvailable";
static final String None = "NONE";
private static Registry registry = null;
static {
if (debug == null) {
debug = Debug.getInstance("amMonitoring");
* Agent constructor
private Agent() {
public static void stopRMI() {
if (monitoringEnabled && monRmiPortEnabled && (cs != null)) {
if ((server != null)) {
try {
if (sunMibObjName != null) {
if (forgerockCtsMibObjName != null) {
} catch (InstanceNotFoundException ex) {
if (debug.warningEnabled()) {
"Agent.stopRMI: error unregistering MBean:" +
} catch (MBeanRegistrationException ex) {
if (debug.warningEnabled()) {
"Agent.stopRMI: error unregistering MBean:" +
try {
if (registry != null) {
UnicastRemoteObject.unexportObject(registry, true);
debug.warning("Agent.stopRMI:rmi adaptor stopped.");
} catch (Exception ex) {
debug.error("Agent.stopRMI: error stopping monitoring " +
" agent RMI server: ", ex);
} else {
debug.warning("Agent.stopRMI: cs is null, or " +
"monitoring or RMI port not enabled.");
if (monitoringEnabled && monSnmpPortEnabled && (snmpAdaptor != null)) {
debug.warning("Agent.stopRMI:snmp adaptor stopped.");
if (monitoringEnabled && monHtmlPortEnabled && (htmlAdaptor != null)) {
debug.warning("Agent.stopRMI:html adaptor stopped.");
* Receives Site and Server configuration information from
* WebtopNaming. Information is saved and the corresponding
* Monitoring MBeans are created after the Agent ports are started.
public static void siteAndServerInfo(SSOServerInfo svrInfo) {
agentSvrInfo = svrInfo;
* This method starts up the monitoring agent. Returns either
* zero (0) if intialization has completed successfully, or one (1)
* if not.
* @param OpenSSOServerID The OpenSSO server's ID in the site
* @param svrProtocol OpenSSO server's protocol (http/https)
* @param svrName OpenSSO server's hostname
* @param svrPort OpenSSO server's port
* @param svrURI OpenSSO server's URI
* @param siteID OpenSSO server's Site ID
* @param openSSOServerID OpenSSO server's ID
* @param isEmbeddedDS Whether the OpenSSO server is using an embedded DS
* @param siteIdTbl the Site ID table for this installation
* @param serverIdTbl the Server ID table for this installation
* @param namingTbl the Naming table for this installation
* @param stDate start date/time for this OpenSSO server
* @return Success (0) or Failure (1)
private static void startMonitoringAgent(SSOServerInfo svrInfo) {
agentSvrInfo = svrInfo;
ssoServerID = svrInfo.serverID;
ssoSiteID = svrInfo.siteID;
ssoProtocol = svrInfo.serverProtocol;
ssoName = svrInfo.serverName;
ssoURI = svrInfo.serverURI;
ssoPort = svrInfo.serverPort;
dsIsEmbedded = svrInfo.isEmbeddedDS;
siteIdTable = svrInfo.siteIDTable;
serverIDTable = svrInfo.serverIDTable;
namingTable = svrInfo.namingTable;
startDate = svrInfo.startDate;
String classMethod = "Agent.startMonitoringAgent:";
* ServerIDTable has form:
* <proto>://<host>:<port>/<uri>=nn,
* while NamingTable has form
* nn=<proto>://<host>:<port>/<uri>
if (debug.messageEnabled()) {
StringBuilder sb =
new StringBuilder("Agent.startMonitoringAgent:ServerInfo:\n");
sb.append(" ServerID = ").append(ssoServerID).append("\n").
append(" SiteID = ").append(ssoSiteID).append("\n").
append(" ServerProtocol = ").append(ssoProtocol).
append(" ServerName = ").append(ssoName).append("\n").
append(" ServerURI = ").append(ssoURI).append("\n").
append(" IsEmbeddedDS = ").append(dsIsEmbedded).append("\n").
* can get this server's URL from the naming table, using
* its serverID. get the site's URL with siteID
String svrURL = namingTable.get(ssoServerID);
sb.append(" Naming table entry for serverID ").
append(ssoServerID).append(" is ");
if ((svrURL != null) && (svrURL.length() > 0)) {
} else {
svrURL = namingTable.get(ssoSiteID);
sb.append(" Naming table entry for siteID ").
append(ssoSiteID).append(" is ");
if ((svrURL != null) && (svrURL.length() > 0)) {
} else {
sb.append(" start date/time = ").append(startDate);
* if there's a site configured, then siteIdTable will contain
* the serverIDs
sb = new StringBuilder(classMethod);
if ((siteIdTable != null) && !siteIdTable.isEmpty()) {
sb.append("Site ID Table:\n");
for (Map.Entry<String, String> entry : siteIdTable.entrySet()) {
String siteid = entry.getKey();
String svrid = siteIdTable.get(siteid);
String sURL = namingTable.get(siteid);
sb.append(" ").append(siteid).append('(').
append(sURL).append(')').append(" = ").
} else {
sb.append("siteIdTable is null or empty");
* print out the serverIDTable
sb = new StringBuilder(classMethod);
if ((serverIDTable != null) && !serverIDTable.isEmpty()) {
sb.append("Server ID Table:\n");
for (Map.Entry<String, String> entry : serverIDTable.entrySet()) {
sb.append(" server ").append(entry.getKey()).append(" ==> svrid ").
} else {
sb.append("ServerIdTable is null or empty");
* print out the namingTable
sb = new StringBuilder(classMethod);
if ((namingTable != null) && !namingTable.isEmpty()) {
Set ks = namingTable.keySet();
sb.append("Naming Table:\n");
for (Iterator it = ks.iterator(); it.hasNext(); ) {
String svr = (String);
String svrid = (String)namingTable.get(svr);
sb.append(" key ").append(svr).append(" ==> value ").
} else {
sb.append("NamingTable is null or empty");
* This method starts up the monitoring agent from the
* common/ConfigMonitoring module (load-on-startup or at the
* end of AMSetupServlet/configuration). Since web-app startup
* is sensitive to exceptions in load-on-startup stuff, this has
* quite a few try/catch blocks.
* If any of HTML, SNMP, or RMI adaptors has a problem getting created
* or started, attempts to create/start the others will be made; If
* at least one adaptor is started, monitoring will be "active"
* (Agent.isRunning() will return true).
* @param monConfig SSOServerMonConfig structure of OpenSSO configuration
* @return 0 (zero) if at least one of HTML/SNMP/RMI adaptors started up;
* if monitoring configured as disabled
* if MBeanServer problem encountered
* if RMI connector problem
* (MIB not registered with MBeanServer)
* if problem creating/registering MIB
public static int startAgent (SSOServerMonConfig monConfig) {
monHtmlPort = monConfig.htmlPort;
monSnmpPort = monConfig.snmpPort;
monRmiPort = monConfig.rmiPort;
monitoringEnabled = monConfig.monitoringEnabled;
monHtmlPortEnabled = monConfig.monHtmlPortEnabled;
monSnmpPortEnabled = monConfig.monSnmpPortEnabled;
monRmiPortEnabled = monConfig.monRmiPortEnabled;
monAuthFilePath = monConfig.monAuthFilePath;
String classMethod = "Agent.startAgent:";
// OpenSSO server port comes from WebtopNaming.siteAndServerInfo
String serverPort = agentSvrInfo.serverPort;
// Check for Legacy MonAuthFile.
if ( (monAuthFilePath != null) && (monAuthFilePath.endsWith("opensso_mon_auth")) )
// Perform a rename of the old filename to the latest naming.
File monAuthFile = new File(monAuthFilePath);
File newMonAuthFile = new File(monAuthFile.getParentFile()+"/"+"openam_mon_auth");
if (monAuthFile.renameTo(newMonAuthFile)) {
monAuthFilePath = newMonAuthFile.getAbsolutePath();
* there are a lot of exception checks in this method, as
* it's invoked from a load-on-startup servlet. if it
* chokes in here, OpenSSO won't start up.
if (debug.messageEnabled()) {
debug.message(classMethod + "entry:\n" +
" htmlPort = " + monHtmlPort + "\n" +
" authFilePath = " + monAuthFilePath + "\n" +
" snmpPort = " + monSnmpPort + "\n" +
" rmiPort = " + monRmiPort + "\n" +
" monEna = " + monitoringEnabled + "\n" +
" htmlEna = " + monHtmlPortEnabled + "\n" +
" snmpEna = " + monSnmpPortEnabled + "\n" +
" rmiEna = " + monRmiPortEnabled + "\n" +
" serverPort = " + serverPort + "\n"
if (!monitoringEnabled) {
debug.warning(classMethod + "Monitoring configured as disabled.");
* verify that the HTML, SNMP and RMI ports aren't the same as
* the OpenSSO server port. if HTML or SNMP conflict with it,
* then they'll be disabled (warning message). if the RMI port
* conflicts, then all of monitoring is disabled. there might
* be other ports that should be checked.
try {
int sport = Integer.parseInt(serverPort);
if (monRmiPort == sport) {
debug.error(classMethod +
"RMI port conflicts with OpenSSO server port (" +
sport + "); Monitoring disabled.");
if (monHtmlPort == sport) {
monHtmlPortEnabled = false;
if (debug.warningEnabled()) {
debug.warning(classMethod +
"HTML port conflicts with OpenSSO server port (" +
sport + "); Monitoring HTML port disabled.");
if (monSnmpPort == sport) {
monSnmpPortEnabled = false;
if (debug.warningEnabled()) {
debug.warning(classMethod +
"SNMP port conflicts with OpenSSO server port (" +
sport + "); Monitoring SNMP port disabled.");
} catch (NumberFormatException nfe) {
* odd. if serverPort's not a valid int, then there'll be
* other problems
debug.error(classMethod + "Server port (" + serverPort +
" is invalid: " + nfe.getMessage());
if (debug.messageEnabled()) {
debug.message(classMethod + "config:\n" +
" monitoring Enabled = " + monitoringEnabled + "\n" +
" HTML Port = " + monHtmlPort +
", enabled = " + monHtmlPortEnabled + "\n" +
" SNMP Port = " + monSnmpPort +
", enabled = " + monSnmpPortEnabled + "\n" +
" RMI Port = " + monRmiPort +
", enabled = " + monRmiPortEnabled + "\n");
* if OpenSSO's deployed on a container that has MBeanServer(s),
* will the findMBeanServer(null) "find" those? if so,
* is using the first one the right thing to do?
List<MBeanServer> servers = null;
try {
servers = MBeanServerFactory.findMBeanServer(null);
} catch (SecurityException ex) {
* if can't find one, try creating one below, although
* if there's no findMBeanServer permission, it's unlikely
* that there's a createMBeanServer permission...
if (debug.warningEnabled()) {
debug.warning(classMethod +
"findMBeanServer permission error: " + ex.getMessage());
if (debug.messageEnabled()) {
debug.message(classMethod + "MBeanServer list is not empty: " +
((servers != null) && !servers.isEmpty()));
if ((servers != null) && !servers.isEmpty()) {
server = servers.get(0);
} else {
try {
server = MBeanServerFactory.createMBeanServer();
} catch (SecurityException ex) {
if (debug.warningEnabled()) {
debug.warning(classMethod +
"createMBeanServer permission error: " +
} catch (JMRuntimeException ex) {
if (debug.warningEnabled()) {
debug.warning(classMethod +
"createMBeanServer JMRuntime error: " +
} catch (ClassCastException ex) {
if (debug.warningEnabled()) {
debug.warning(classMethod +
"createMBeanServer ClassCast error: " +
if (server == null) {
if (debug.warningEnabled()) {
debug.warning(classMethod + "no MBeanServer");
String domain = server.getDefaultDomain(); // throws no exception
// Create the MIB II (RFC 1213), add to the MBean server.
try {
sunMibObjName =
new ObjectName("snmp:class=SUN_OPENSSO_SERVER_MIB");
forgerockCtsMibObjName =
new ObjectName("snmp:class=FORGEROCK_OPENAM_CTS_MIB");
if (debug.messageEnabled()) {
debug.message(classMethod +
"Adding SUN_OPENSSO_SERVER_MIB to MBean server " +
"with name '" + sunMibObjName + "'");
debug.message(classMethod +
"Adding FORGEROCK_OPENAM_CTS_MIB to MBean server " +
"with name '" + forgerockCtsMibObjName + "'");
} catch (MalformedObjectNameException ex) {
// from ObjectName
if (debug.warningEnabled()) {
debug.warning(classMethod +
"Error getting ObjectName for the MIB: " +
// Create an instance of the customized MIB
try {
sunMib = new SUN_OPENSSO_SERVER_MIBImpl();
forgerockCtsMib = new FORGEROCK_OPENAM_CTS_MIBImpl();
} catch (RuntimeException ex) {
debug.error (classMethod + "Runtime error instantiating MIB", ex);
} catch (Exception ex) {
debug.error (classMethod + "Error instantiating MIB", ex);
try {
server.registerMBean(sunMib, sunMibObjName);
server.registerMBean(forgerockCtsMib, forgerockCtsMibObjName);
} catch (RuntimeOperationsException ex) {
// from registerMBean
if (debug.warningEnabled()) {
debug.warning(classMethod +
"Null parameter or no object name for MIB specified: " +
} catch (InstanceAlreadyExistsException ex) {
// from registerMBean
if (debug.warningEnabled()) {
debug.warning(classMethod +
"Error registering MIB MBean: " +
// probably can just continue
} catch (MBeanRegistrationException ex) {
// from registerMBean
if (debug.warningEnabled()) {
debug.warning(classMethod +
"Error registering MIB MBean: " +
} catch (NotCompliantMBeanException ex) {
// from registerMBean
if (debug.warningEnabled()) {
debug.warning(classMethod +
"Error registering MIB MBean: " +
* now that we have the MBeanServer, see if the HTML,
* SNMP and RMI adaptors specified will start up
boolean monHTMLStarted = false;
boolean monSNMPStarted = false;
boolean monRMIStarted = false;
// HTML port adaptor
if (monHtmlPortEnabled) {
// Create and start the HTML adaptor.
try {
htmlObjName = new ObjectName(domain +
":class=HtmlAdaptorServer,protocol=html,port=" +
if (debug.messageEnabled()) {
debug.message(classMethod +
"Adding HTML adaptor to MBean server with name '" +
htmlObjName + "'\n " +
"HTML adaptor is bound on TCP port " + monHtmlPort);
Map<String, String> users = MonitoringUtil.getMonAuthList(monAuthFilePath);
if (users != null) {
AuthInfo authInfo[] = new AuthInfo[users.size()];
int i = 0;
for (Map.Entry<String, String> entry : users.entrySet()) {
authInfo[i] = new AuthInfo(entry.getKey(), entry.getValue());
htmlAdaptor = new HtmlAdaptorServer(monHtmlPort, authInfo);
} else {
if (debug.warningEnabled()) {
debug.warning(classMethod +
"HTML monitoring interface disabled; no " +
"authentication file found");
htmlAdaptor = null;
if (htmlAdaptor == null) {
if (debug.warningEnabled()) {
debug.warning(classMethod + "HTTP port " +
monHtmlPort + " unavailable or invalid. " +
"Monitoring HTML adaptor not started.");
} else {
server.registerMBean(htmlAdaptor, htmlObjName);
htmlAdaptor.start(); // throws no exception
monHTMLStarted = true;
} catch (MalformedObjectNameException ex) {
// from ObjectName
if (debug.warningEnabled()) {
debug.warning(classMethod +
"Error getting ObjectName for HTML adaptor: " +
} catch (NullPointerException ex) {
// from ObjectName
debug.error(classMethod +
"NPE getting ObjectName for HTML adaptor", ex);
if (debug.warningEnabled()) {
debug.warning(classMethod +
"NPE getting ObjectName for HTML adaptor: " +
} catch (InstanceAlreadyExistsException ex) {
// from registerMBean
if (debug.warningEnabled()) {
debug.warning(classMethod +
"Error registering HTML adaptor MBean: " +
} catch (MBeanRegistrationException ex) {
// from registerMBean
if (debug.warningEnabled()) {
debug.warning(classMethod +
"Error registering HTML adaptor MBean: " +
} catch (NotCompliantMBeanException ex) {
// from registerMBean
if (debug.warningEnabled()) {
debug.warning(classMethod +
"Error registering HTML adaptor MBean: " +
} else {
debug.warning(classMethod +
"Monitoring HTML port not enabled in configuration.");
// SNMP port adaptor
if (monSnmpPortEnabled) {
// SNMP specific code:
* Create and start the SNMP adaptor.
* Specify the port to use in the constructor.
* The standard port for SNMP is 161.
try {
snmpObjName = new ObjectName(domain +
":class=SnmpAdaptorServer,protocol=snmp,port=" +
if (debug.messageEnabled()) {
debug.message(classMethod +
"Adding SNMP adaptor to MBean server with name '" +
snmpObjName + "'\n " +
"SNMP Adaptor is bound on UDP port " + monSnmpPort);
snmpAdaptor = new SnmpAdaptorServer(monSnmpPort); // no exc
if (snmpAdaptor == null) {
if (debug.warningEnabled()) {
debug.warning(classMethod +
"Unable to get SNMP adaptor.");
} else {
server.registerMBean(snmpAdaptor, snmpObjName);
snmpAdaptor.start(); // throws no exception
* Send a coldStart SNMP Trap.
* Use port = monSnmpPort+1.
if (debug.messageEnabled()) {
debug.message(classMethod +
"Sending a coldStart SNMP trap to each " +
"destination defined in the ACL file...");
snmpAdaptor.setTrapPort(new Integer(monSnmpPort+1));
snmpAdaptor.snmpV1Trap(0, 0, null);
if (debug.messageEnabled()) {
debug.message(classMethod + "Done sending coldStart.");
* Bind the SNMP adaptor to the MIB in order to make the
* MIB accessible through the SNMP protocol adaptor.
* If this step is not performed, the MIB will still live
* in the Java DMK agent:
* its objects will be addressable through HTML but not
sunMib.setSnmpAdaptor(snmpAdaptor); // throws no exception
monSNMPStarted = true;
} catch (Exception ex) {
if (debug.warningEnabled()) {
debug.warning(classMethod +
"Error while setting up SNMP adaptor " +
if (ex instanceof IOException || ex instanceof SnmpStatusException) {
// should be from the snmpV1Trap call, which
//*shouldn't* affect the rest of snmp operations...
monSNMPStarted = true;
} else {
debug.warning(classMethod +
"Monitoring SNMP port not enabled.");
// RMI port adaptor
if (monRmiPortEnabled) {
// Create an RMI connector and start it
try {
registry = LocateRegistry.createRegistry(monRmiPort);
JMXServiceURL url = new JMXServiceURL(
"service:jmx:rmi:///jndi/rmi://localhost:" +
monRmiPort + "/server");
cs = JMXConnectorServerFactory.newJMXConnectorServer(
url, null, server);
monRMIStarted = true;
// /*
// * Create a LinkTrapGenerator.
// * Specify the ifIndex to use in the object name.
// */
// String trapGeneratorClass = "LinkTrapGenerator";
// int ifIndex = 1;
// trapGeneratorObjName = new ObjectName("trapGenerator" +
// ":class=LinkTrapGenerator,ifIndex=" + ifIndex);
// if (debug.messageEnabled()) {
// debug.message(classMethod +
// "Adding LinkTrapGenerator to MBean server " +
// "with name '" +
// trapGeneratorObjName + "'");
// }
// LinkTrapGenerator trapGenerator =
// new LinkTrapGenerator(nbTraps);
// server.registerMBean(trapGenerator, trapGeneratorObjName);
} catch (MalformedURLException ex) {
* from JMXServiceURL or
* JMXConnectorServerFactory.JMXConnectorServer
if (debug.warningEnabled()) {
debug.warning(classMethod +
"Error getting JMXServiceURL or JMXConnectorServer " +
"for RMI adaptor: " + ex.getMessage());
} catch (NullPointerException ex) {
* from JMXServiceURL or
* JMXConnectorServerFactory.JMXConnectorServer
if (debug.warningEnabled()) {
debug.warning(classMethod +
"Error getting JMXServiceURL or JMXConnectorServer " +
"for RMI adaptor: " + ex.getMessage());
} catch (IOException ex) {
* from JMXConnectorServerFactory.JMXConnectorServer or
* JMXConnectorServer.start
if (debug.warningEnabled()) {
debug.warning(classMethod +
"Error getting JMXConnectorServer for, or starting " +
"RMI adaptor: " + ex.getMessage());
} catch (IllegalStateException ex) {
// from JMXConnectorServer.start
if (debug.warningEnabled()) {
debug.warning(classMethod +
"Illegal State Error from JMXConnectorServer for " +
"RMI adaptor: " + ex.getMessage());
} catch (Exception ex) {
* compiler says that JMXProviderException and
* NullPointerException already caught
debug.error(classMethod +
"Error starting RMI: executing rmiregistry " +
monRmiPort + ".", ex);
} else {
debug.warning(classMethod + "Monitoring RMI port not enabled.");
* the HTML and SNMP adaptors may or may not be started,
* but if the RMI connector had a problem, monitoring is
* non-functional, as the opensso MIB didn't get registered.
if (!monRMIStarted && !monSNMPStarted && !monHTMLStarted) {
debug.warning(classMethod +
"No Monitoring interfaces started; monitoring disabled.");
} else {
agentStarted = true; // if all/enough has gone well
return 0;
* Return whether agent is "running" or not
* Monitoring implementations should not call this method directly, but
* instead, they should call {@link MonitoringUtil#isRunning()}.
protected static boolean isRunning() {
return agentStarted;
* Return the pointer to the authentication service mbean
public static SsoServerAuthSvcImpl getAuthSvcMBean() {
return sunMib == null ? null : sunMib.getAuthSvcGroup();
public static SsoServerConnPoolSvcImpl getConnPoolSvcMBean() {
return sunMib == null ? null : sunMib.getConnPoolGroup();
* Return the pointer to the session service mbean
public static SsoServerSessSvcImpl getSessSvcMBean() {
return sunMib == null ? null : sunMib.getSessSvcGroup();
* Return the pointer to the logging service mbean
public static SsoServerLoggingSvcImpl getLoggingSvcMBean() {
return sunMib == null ? null : sunMib.getLoggingSvcGroup();
* Return the pointer to the policy service mbean
public static SsoServerPolicySvcImpl getPolicySvcMBean() {
return sunMib == null ? null : sunMib.getPolicySvcGroup();
* Return the pointer to the IdRepo service mbean
public static SsoServerIdRepoSvcImpl getIdrepoSvcMBean() {
return sunMib == null ? null : sunMib.getIdrepoSvcGroup();
* Return the pointer to the service service mbean
public static SsoServerSvcMgmtSvcImpl getSmSvcMBean() {
return sunMib == null ? null : sunMib.getSmSvcGroup();
* Return the pointer to the SAML1 service mbean
public static SsoServerSAML1SvcImpl getSaml1SvcMBean() {
return sunMib == null ? null : sunMib.getSaml1SvcGroup();
* Return the pointer to the SAML2 service mbean
public static SsoServerSAML2SvcImpl getSaml2SvcMBean() {
return sunMib == null ? null : sunMib.getSaml2SvcGroup();
* Return the pointer to the IDFF service mbean
public static SsoServerIDFFSvcImpl getIdffSvcMBean() {
return sunMib == null ? null : sunMib.getIdffSvcGroup();
* Return the pointer to the Topology mbean
public static SsoServerTopologyImpl getTopologyMBean() {
return sunMib == null ? null : sunMib.getTopologyGroup();
* Return the pointer to the CTSMonitor mbean
public static CtsMonitoring getCtsMonitoringMBean() {
return forgerockCtsMib == null ? null : forgerockCtsMib.getCtsMonitoringGroup();
* Return the pointer to the Server Instance mbean
public static SsoServerInstanceImpl getSvrInstanceMBean() {
return sunMib == null ? null : sunMib.getSvrInstanceGroup();
* Return the pointer to the Fed COTs mbean
public static SsoServerFedCOTsImpl getFedCOTsMBean() {
return sunMib == null ? null : sunMib.getFedCotsGroup();
* Return the pointer to the Federation Entities mbean
public static SsoServerFedEntitiesImpl getFedEntsMBean() {
return sunMib == null ? null : sunMib.getFedEntitiesGroup();
* Return the pointer to the Entitlements Service mbean
public static SsoServerEntitlementSvcImpl getEntitlementsGroup() {
return sunMib == null ? null : sunMib.getEntitlementsGroup();
public static String getSsoProtocol() {
if (agentSvrInfo != null) {
return agentSvrInfo.serverProtocol;
} else {
return null;
public static String getSsoName() {
if (agentSvrInfo != null) {
return agentSvrInfo.serverName;
} else {
return null;
public static String getSsoPort() {
if (agentSvrInfo != null) {
return agentSvrInfo.serverPort;
} else {
return null;
public static String getSsoURI() {
if (agentSvrInfo != null) {
return agentSvrInfo.serverURI;
} else {
return null;
public static String getSsoSvrID() {
if (agentSvrInfo != null) {
return agentSvrInfo.serverID;
} else {
return null;
public static Hashtable<String, String> getSiteIdTable() {
if (agentSvrInfo != null) {
return agentSvrInfo.siteIDTable;
} else {
return null;
public static Hashtable<String, String> getServerIdTable() {
if (agentSvrInfo != null) {
return agentSvrInfo.serverIDTable;
} else {
return null;
public static Hashtable<String, String> getNamingTable() {
if (agentSvrInfo != null) {
return agentSvrInfo.namingTable;
} else {
return null;
public static Map<String, String> getSiteToURLTable() {
return siteToURL;
public static Map<String, String> getURLToSiteTable() {
return URLToSite;
public static boolean getDsIsEmbedded() {
return dsIsEmbedded;
public static String getStartDate() {
return startDate;
public static String getSiteId() {
if (agentSvrInfo != null) {
return agentSvrInfo.siteID;
} else {
return null;
* receive Set of site names
* @param sNames site name -> primary URL
* @param urlSites is opposite... primary URL -> site name
public static void siteNames (Map<String, String> sNames, Map<String, String> urlSites) {
String classMethod = "Agent.siteNames:";
if (sNames.isEmpty()) {
if (debug.messageEnabled()) {
debug.message(classMethod + "no sites");
Date startDate = new Date();
siteToURL = sNames;
URLToSite = urlSites;
if (debug.messageEnabled()) {
StringBuilder sb = new StringBuilder("Site Names and URLs:\n");
for (Map.Entry<String, String> entry : sNames.entrySet()) {
sb.append(" siteName = ").append(entry.getKey()).
append(", primary URL = ").append(entry.getValue()).append("\n");
debug.message(classMethod + sb.toString());
* with the urlSites map (url => sitename), can do the
* SsoServerSitesEntryImpl entries
* where the key==value in siteIdTable is a site
* where the key!=value, then do the sitemap entries
int i = 1;
for (Map.Entry<String, String> entry : siteIdTable.entrySet()) {
String svrId = entry.getKey();
String siteId = entry.getValue();
String svrURL = namingTable.get(siteId);
String siteName = urlSites.get(svrURL);
String escSiteName = getEscapedString(siteName);
SsoServerTopologyImpl tg = sunMib.getTopologyGroup();
if (siteId.equals(svrId)) { // is a site
SsoServerSitesEntryImpl ssse = new SsoServerSitesEntryImpl(sunMib);
Integer sid = Integer.valueOf(0);
try {
sid = Integer.valueOf(siteId);
} catch (NumberFormatException nfe) {
debug.error(classMethod + "invalid siteid (" +
siteId + "): " + nfe.getMessage(), nfe);
ssse.SiteId = sid;
ssse.SiteName = escSiteName;
if (debug.messageEnabled()) {
debug.message(classMethod + "doing siteName " + siteName +
", svrURL = " + svrURL);
final ObjectName stName =
if (stName == null) {
debug.error(classMethod +
"Error creating object for siteName '" + siteName +
try {
TableSsoServerSitesTable stTbl =
stTbl.addEntry(ssse, stName);
if ((server != null) && (stName != null)) {
server.registerMBean(ssse, stName);
} catch (Exception ex) {
debug.error(classMethod + siteId, ex);
} else { // is a server
SsoServerSiteMapEntryImpl ssse =
new SsoServerSiteMapEntryImpl(sunMib);
ssse.MapServerURL = namingTable.get(svrId);
ssse.MapSiteName = escSiteName;
ssse.MapId = siteId;
try {
ssse.SiteMapId = Integer.valueOf(svrId);
} catch (NumberFormatException nfe) {
debug.error(classMethod + "invalid serverID (" +
svrId + "): " + nfe.getMessage(), nfe);
ssse.SiteMapIndex = new Integer(i++);
final ObjectName smName =
if (smName == null) {
debug.error(classMethod +
"Error creating object for server siteName '" +
siteName + "'");
if (debug.messageEnabled()) {
debug.message(classMethod +
"doing servermap entry; sitemapid = " + svrId +
", mapid = " + siteId + ", siteName = " + siteName);
try {
TableSsoServerSiteMapTable stTbl =
stTbl.addEntry(ssse, smName);
if ((server != null) && (smName != null)) {
server.registerMBean(ssse, smName);
} catch (Exception ex) {
debug.error(classMethod + siteId + "/" + svrId, ex);
Date stopDate = new Date();
if (debug.messageEnabled()) {
String stDate = sdf.format(startDate);
String endDate = sdf.format(stopDate);
debug.message("Agent.siteNames:\n Start Time = " +
stDate + "\n End Time = " + endDate);
* receive ordered list of realms
public static int realmsConfig (List<String> realmList) {
String classMethod = "Agent.realmsConfig:";
* no realm "service", so have to create the
* realm table here.
Date startDate = new Date();
StringBuilder sb =
new StringBuilder("receiving list of realms (size = ");
SsoServerInstanceImpl sig = sunMib.getSvrInstanceGroup();
TableSsoServerRealmTable rtab = null;
if (sig != null) {
try {
rtab = sig.accessSsoServerRealmTable();
} catch (SnmpStatusException ex) {
debug.error(classMethod + "getting realm table: ", ex);
return -1;
int realmsAdded = 0;
for (int i = 0; i < realmList.size(); i++) {
String ss = realmList.get(i);
SsoServerRealmEntryImpl rei = new SsoServerRealmEntryImpl(sunMib);
rei.SsoServerRealmIndex = Integer.valueOf(i+1);
String ss2 = ss;
ss2 = getEscapedString(ss2);
rei.SsoServerRealmName = ss2;
ObjectName oname = rei.createSsoServerRealmEntryObjectName(server);
if (oname == null) {
debug.error(classMethod + "Error creating object for realm '" +
ss + "'");
String rlmToDN = DNMapper.orgNameToDN(ss);
sb.append(" realm #").append(i).append(" = ").append(ss).
append(", DN = ").append(rlmToDN).append("\n");
* each realm gets a realm-to-index, index-to-realm,
* realm-to-DN and DN-to-realm map entry
try {
rtab.addEntry(rei, oname);
if ((server != null) && (rei != null)) {
server.registerMBean(rei, oname);
realm2Index.put(ss, rei.SsoServerRealmIndex);
index2Realm.put(rei.SsoServerRealmIndex, ss);
realm2DN.put(ss, rlmToDN);
DN2Realm.put(rlmToDN, ss);
} catch (JMException ex) {
debug.error(classMethod + ss, ex);
} catch (SnmpStatusException ex) {
debug.error(classMethod + ss, ex);
* could have used TableSsoServerRealmTable.getEntries(),
* but that's a little more complicated than just counting
* entries as they're successfully added here.
if (realmsAdded == 0) {
debug.error(classMethod + "No realms processed successfully.");
return -2;
if (debug.messageEnabled()) {
debug.message (classMethod + sb.toString());
* create the Entitlements MBeans for this realm as specified by Ii.
* the Network Monitors are not per-real. the set list is in
* (getNetworkMonitorNames()).
* the Policy Stats are realm-based.
String[] nms = MonitoringUtil.getNetworkMonitorNames();
if ((nms != null) && (nms.length > 0)) {
SsoServerEntitlementSvc esi = sunMib.getEntitlementsGroup();
if (esi != null) {
try {
TableSsoServerEntitlementExecStatsTable etab =
for (int i = 0; i < nms.length; i++) {
String str = nms[i];
SsoServerEntitlementExecStatsEntryImpl ssi =
new SsoServerEntitlementExecStatsEntryImpl(sunMib);
ssi.EntitlementNetworkMonitorName = str;
ssi.EntitlementMonitorThruPut = 0L;
ssi.EntitlementMonitorTotalTime = 0L;
ssi.EntitlementNetworkMonitorIndex = Integer.valueOf(i+1);
ObjectName sname =
if (sname == null) {
debug.error(classMethod +
"Error creating object for Entitlements " +
"Network Monitor '" + str + "'");
try {
etab.addEntry(ssi, sname);
if ((server != null) && (ssi != null)) {
server.registerMBean(ssi, sname);
} catch (JMException ex) {
debug.error(classMethod +
"on Entitlements Network Monitor '" +
str + "': ", ex);
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"on Entitlements Network Monitor '" +
str + "': ", ex);
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"Can't get Network Monitor Table: " +
// now the realm-based policy stats
try {
TableSsoServerEntitlementPolicyStatsTable ptab =
for (int i = 0; i < realmList.size(); i++) {
String ss = realmList.get(i);
Integer Ii = Integer.valueOf(i+1);
SsoServerEntitlementPolicyStatsEntryImpl ssi =
new SsoServerEntitlementPolicyStatsEntryImpl(sunMib);
ssi.EntitlementPolicyCaches = 0;
ssi.EntitlementReferralCaches = 0;
ssi.EntitlementPolicyStatsIndex = Integer.valueOf(i+1);
ssi.SsoServerRealmIndex = Ii;
ObjectName sname =
if (sname == null) {
debug.error(classMethod +
"Error creating object for Entitlements " +
"Policy Stats, realm = '" + ss + "'");
try {
ptab.addEntry(ssi, sname);
if ((server != null) && (ssi != null)) {
server.registerMBean(ssi, sname);
} catch (JMException ex) {
debug.error(classMethod +
"on Entitlements Policy Stats '" +
ss + "': ", ex);
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"on Entitlements Policy Stats '" +
ss + "': ", ex);
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"getting Entitlements Policy Stats table: ", ex);
} else {
debug.error(classMethod +
"Entitlement NetworkMonitor list empty.");
Date stopDate = new Date();
if (debug.messageEnabled()) {
String stDate = sdf.format(startDate);
String endDate = sdf.format(stopDate);
debug.message("Agent.realmsConfig:\n Start Time = " +
stDate + "\n End Time = " + endDate);
return 0;
* process configuration for a realm
public static int realmConfigMonitoringAgent (SSOServerRealmInfo rlmInfo) {
String classMethod = "Agent.realmConfigMonitoringAgent:";
String realm = rlmInfo.realmName;
Map<String, String> authMods = rlmInfo.authModules;
Integer realmIndex = realm2Index.get(realm);
if (realmIndex == null) {
debug.error(classMethod + "could not find realm " + realm +
" in realm2Index map");
return -1;
SsoServerAuthSvcImpl sig = sunMib.getAuthSvcGroup();
TableSsoServerAuthModulesTable atab = null;
if (sig != null) {
try {
atab = sig.accessSsoServerAuthModulesTable();
} catch (SnmpStatusException ex) {
debug.error(classMethod + "getting auth table: ", ex);
return -2;
StringBuilder sb = new StringBuilder();
if (debug.messageEnabled()) {
sb.append("receiving config info for realm = ").
append(realm).append(":\n Authentication Modules:\n");
* auth module table entries have realm index, and auth module index
int i = 1;
for (Map.Entry<String, String> entry : authMods.entrySet()) {
String modInst = entry.getKey();
String modType = entry.getValue();
if (debug.messageEnabled()) {
sb.append(" instance = ").append(modInst).
append(", value(type) = ").append(modType).append("\n");
SsoServerAuthModulesEntryImpl aei =
new SsoServerAuthModulesEntryImpl(sunMib);
aei.SsoServerRealmIndex = realmIndex;
aei.AuthModuleIndex = new Integer(i++);
aei.AuthModuleName = modInst;
aei.AuthModuleType = getEscapedString(modType);
aei.AuthModuleSuccessCount = 0L;
aei.AuthModuleFailureCount = 0L;
ObjectName aname =
if (aname == null) {
debug.error(classMethod +
"Error creating object for auth module name '" +
modInst + "', type '" + modType + "'");
try {
atab.addEntry(aei, aname);
if ((server != null) && (aei != null)) {
server.registerMBean(aei, aname);
/* is a Map of realm/authmodule to index needed? */
String rai = realm + "|" + modInst;
// aei is this module's SsoServerAuthModulesEntryImpl instance
realmAuthInst.put(rai, aei);
} catch (JMException ex) {
debug.error(classMethod + modInst, ex);
} catch (SnmpStatusException ex) {
debug.error(classMethod + modInst, ex);
// if no realm info added because mbean not created...
if (realmAuthInst.isEmpty()) {
return -3;
if (debug.messageEnabled()) {
debug.message(classMethod + sb.toString());
return 0;
* process realm's Agents (only)
* the HashMap of attributes/values:
* type is extracted from the set; can be:
* J2EEAgent, WSPAgent, WSCAgent, 2.2_Agent
* WSPAgent, STSAgent, WebAgent, DiscoveryAgent
* don't do "SharedAgent" (authenticators)
* J2EEAgent should have:
* "com.sun.identity.agents.config.login.url"
* "com.sun.identity.client.notification.url"
* "groupmembership"
* WSPAgent should have:
* "wspendpoint"
* "wspproxyendpoint"
* "groupmembership"
* WSCAgent should have:
* "wspendpoint"
* "wspproxyendpoint"
* "groupmembership"
* STSAgent should have:
* "stsendpoint"
* "groupmembership"
* WebAgent should have:
* "com.sun.identity.agents.config.agenturi.prefix"
* "com.sun.identity.agents.config.login.url"
* "groupmembership"
* DiscoveryAgent should have:
* "discoveryendpoint"
* "authnserviceendpoint"
* "groupmembership"
* 2.2_Agent should have:
* "groupmembership"
public static void configAgentsOnly (String realm, Map<String, Map<String, String>> agtAttrs) {
String classMethod = "Agent.configAgentsOnly:";
if ((agtAttrs == null) || agtAttrs.isEmpty()) {
if (debug.messageEnabled()) {
debug.message(classMethod + "got null attr map for realm " +
SsoServerPolicyAgents sss = sunMib.getPolicyAgentsGroup();
TableSsoServerPolicy22AgentTable t22tab = null;
TableSsoServerPolicyJ2EEAgentTable j2eetab = null;
TableSsoServerPolicyWebAgentTable watab = null;
SsoServerWSSAgents ssa = sunMib.getWssAgentsGroup();
TableSsoServerWSSAgentsSTSAgentTable ststab = null;
TableSsoServerWSSAgentsWSPAgentTable wsptab = null;
TableSsoServerWSSAgentsWSCAgentTable wsctab = null;
TableSsoServerWSSAgentsDSCAgentTable dsctab = null;
* get the tables
if (sss != null) {
try {
t22tab = sss.accessSsoServerPolicy22AgentTable();
j2eetab = sss.accessSsoServerPolicyJ2EEAgentTable();
watab = sss.accessSsoServerPolicyWebAgentTable();
ststab = ssa.accessSsoServerWSSAgentsSTSAgentTable();
wsptab = ssa.accessSsoServerWSSAgentsWSPAgentTable();
wsctab = ssa.accessSsoServerWSSAgentsWSCAgentTable();
dsctab = ssa.accessSsoServerWSSAgentsDSCAgentTable();
} catch (SnmpStatusException ex) {
debug.error(classMethod + "getting Agents tables: ", ex);
return; // can't do anything without the tables
if (ssa != null) {
try {
ststab = ssa.accessSsoServerWSSAgentsSTSAgentTable();
wsptab = ssa.accessSsoServerWSSAgentsWSPAgentTable();
wsctab = ssa.accessSsoServerWSSAgentsWSCAgentTable();
dsctab = ssa.accessSsoServerWSSAgentsDSCAgentTable();
} catch (SnmpStatusException ex) {
debug.error(classMethod + "getting WSS Agents tables: ", ex);
return; // can't do anything without the tables
StringBuilder sb = new StringBuilder(classMethod);
if (debug.messageEnabled()) {
sb.append("agents for realm ").append(realm).append(", # = ").
int wai = 1; // index for web agents
int j2eei = 1; // index for j2ee agents
int t22i = 1; // index for 2.2_agents
int stsi = 1; // index for STS agents
int wspi = 1; // index for WSP agents
int wsci = 1; // index for WSC agents
int dsci = 1; // index for DSC agents
Integer ri = getRealmIndexFromName(realm);
* if the realm isn't in the table, there's not much point
* in doing the rest
if (ri == null) {
debug.error(classMethod + "didn't find index for realm " +
for (Map.Entry<String, Map<String, String>> entry : agtAttrs.entrySet()) {
String agtname = entry.getKey();
Map<String, String> hm = entry.getValue();;
String atype = hm.get(Constants.ATTR_NAME_AGENT_TYPE);
String grpmem = hm.get("groupmembership");
// group and agent name can't have ":" in it, or jdmk gags
if (grpmem == null) {
grpmem = None;
} else {
grpmem = getEscapedString(grpmem);
agtname = getEscapedString(agtname);
if (debug.messageEnabled()) {
sb.append(" agent name = ").append(agtname).
append(", type = ").append(atype).
append(", membership = ").append(grpmem).append("\n");
if (atype.equals("WebAgent")) {
String aurl = hm.get(
String lurl = hm.get("com.sun.identity.agents.config.login.url");
SsoServerPolicyWebAgentEntryImpl aei =
new SsoServerPolicyWebAgentEntryImpl(sunMib);
aei.SsoServerRealmIndex = ri;
aei.PolicyWebAgentIndex = new Integer(wai++);
aei.PolicyWebAgentName = agtname;
aei.PolicyWebAgentGroup = grpmem;
aei.PolicyWebAgentAgentURL = aurl;
aei.PolicyWebAgentServerURL = lurl;
ObjectName aname =
if (aname == null) {
debug.error(classMethod +
"Error creating object for Policy WebAgent '" +
agtname + "'");
try {
watab.addEntry(aei, aname);
if ((server != null) && (aei != null)) {
server.registerMBean(aei, aname);
} catch (JMException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} catch (SnmpStatusException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} else if (atype.equals("2.2_Agent")) {
SsoServerPolicy22AgentEntryImpl aei =
new SsoServerPolicy22AgentEntryImpl(sunMib);
aei.SsoServerRealmIndex = ri;
aei.Policy22AgentIndex = new Integer(t22i++);
aei.Policy22AgentName = agtname;
ObjectName aname =
if (aname == null) {
debug.error(classMethod +
"Error creating object for Policy 2.2 Agent '" +
agtname + "'");
try {
t22tab.addEntry(aei, aname);
if ((server != null) && (aei != null)) {
server.registerMBean(aei, aname);
} catch (JMException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} catch (SnmpStatusException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} else if (atype.equals("J2EEAgent")) {
SsoServerPolicyJ2EEAgentEntryImpl aei =
new SsoServerPolicyJ2EEAgentEntryImpl(sunMib);
String aurl =
if (aurl == null) {
aurl = None;
String lurl =
aei.PolicyJ2EEAgentGroup = grpmem;
aei.PolicyJ2EEAgentAgentURL = aurl;
aei.PolicyJ2EEAgentServerURL = lurl;
aei.PolicyJ2EEAgentName = agtname;
aei.PolicyJ2EEAgentIndex = new Integer(j2eei++);
aei.SsoServerRealmIndex = ri;
ObjectName aname =
if (aname == null) {
debug.error(classMethod +
"Error creating object for Policy J2EE Agent '" +
agtname + "'");
try {
j2eetab.addEntry(aei, aname);
if ((server != null) && (aei != null)) {
server.registerMBean(aei, aname);
} catch (JMException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} catch (SnmpStatusException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} else if (atype.equals("WSPAgent")) {
SsoServerWSSAgentsWSPAgentEntryImpl aei =
new SsoServerWSSAgentsWSPAgentEntryImpl(sunMib);
String wep = hm.get("wsendpoint");
if (wep == null) {
wep = NotAvail;
String wpep = hm.get("wspproxyendpoint");
if (wpep == null) {
wpep = NotAvail;
String mgrp = hm.get("groupmembership");
if (mgrp == null) {
mgrp = None;
aei.WssAgentsWSPAgentName = agtname;
aei.WssAgentsWSPAgentSvcEndPoint = wep;
aei.WssAgentsWSPAgentProxy = wpep;
aei.WssAgentsWSPAgentIndex = new Integer(wspi++);
aei.SsoServerRealmIndex = ri;
// no entry for group membership...
ObjectName aname =
if (aname == null) {
debug.error(classMethod +
"Error creating object for Policy WSP Agent '" +
agtname + "'");
try {
if (wsptab != null) {
wsptab.addEntry(aei, aname);
if ((server != null) && (aei != null)) {
server.registerMBean(aei, aname);
} else {
debug.error(classMethod + "WSPAgent: agtname = " +
agtname + ", wep = " + wep +
", wpep = " + wpep + ", mgrp = " + mgrp +
", realm = " + realm);
} catch (JMException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} catch (SnmpStatusException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} else if (atype.equals("WSCAgent")) {
SsoServerWSSAgentsWSCAgentEntryImpl aei =
new SsoServerWSSAgentsWSCAgentEntryImpl(sunMib);
String wep = hm.get("wsendpoint");
if (wep == null) {
wep = None;
String wpep = hm.get("wspproxyendpoint");
if (wpep == null) {
wpep = None;
String mgrp = hm.get("groupmembership");
if (mgrp == null) {
mgrp = None;
aei.WssAgentsWSCAgentName = agtname;
aei.WssAgentsWSCAgentSvcEndPoint = wep;
aei.WssAgentsWSCAgentProxy = wpep;
aei.WssAgentsWSCAgentIndex = new Integer(wsci++);
aei.SsoServerRealmIndex = ri;
// no entry for group membership...
ObjectName aname =
if (aname == null) {
debug.error(classMethod +
"Error creating object for Policy WSC Agent '" +
agtname + "'");
try {
wsctab.addEntry(aei, aname);
if ((server != null) && (aei != null)) {
server.registerMBean(aei, aname);
} catch (JMException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} catch (SnmpStatusException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} else if (atype.equals("STSAgent")) {
SsoServerWSSAgentsSTSAgentEntryImpl aei =
new SsoServerWSSAgentsSTSAgentEntryImpl(sunMib);
String sep = hm.get("stsendpoint");
aei.WssAgentsSTSAgentName = agtname;
aei.WssAgentsSTSAgentSvcTokenEndPoint = sep;
aei.WssAgentsSTSAgentIndex = new Integer(stsi++);
aei.WssAgentsSTSAgentSvcMEXEndPoint = NotAvail; // notretrieved
aei.SsoServerRealmIndex = ri;
// no entry for group membership...
ObjectName aname =
if (aname == null) {
debug.error(classMethod +
"Error creating object for Policy STS Agent '" +
agtname + "'");
try {
ststab.addEntry(aei, aname);
if ((server != null) && (aei != null)) {
server.registerMBean(aei, aname);
} catch (JMException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} catch (SnmpStatusException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} else if (atype.equals("DiscoveryAgent")) {
SsoServerWSSAgentsDSCAgentEntryImpl aei =
new SsoServerWSSAgentsDSCAgentEntryImpl(sunMib);
String dep = hm.get("discoveryendpoint");
if (dep == null) {
dep = NotAvail;
String aep = hm.get("authnserviceendpoint");
if (aep == null) {
aep = NotAvail;
aei.WssAgentsDSCAgentName = agtname;
aei.WssAgentsDSCAgentWebSvcEndPoint = dep;
aei.WssAgentsDSCAgentSvcEndPoint = aep;
aei.WssAgentsDSCAgentIndex = new Integer(dsci++);
aei.SsoServerRealmIndex = ri;
// no entry for group membership...
ObjectName aname =
if (aname == null) {
debug.error(classMethod +
"Error creating object for Policy Discovery Agent '" +
agtname + "'");
try {
dsctab.addEntry(aei, aname);
if ((server != null) && (aei != null)) {
server.registerMBean(aei, aname);
} catch (JMException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} catch (SnmpStatusException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} else if (atype.equals("SharedAgent")) {
// SharedAgent type are agent authenticators
} else {
debug.error(classMethod + "agent type = " + atype +
", agent name = " + agtname + " not supported.");
if (debug.messageEnabled()) {
* process realm's Agent Groups
* the HashMap of attributes/values:
* type is extracted from the set; can be:
* STSAgent, WSPAgent, WSCAgent, WebAgent
* J2EEAgent, DiscoveryAgent
* don't do "SharedAgent" (authenticators)
* WSPAgent should have:
* "wspendpoint"
* "wspproxyendpoint"
* WSCAgent should have:
* "wspendpoint"
* "wspproxyendpoint"
* WebAgent should have:
* "com.sun.identity.agents.config.agenturi.prefix"
* "com.sun.identity.agents.config.login.url"
* J2EEAgents should have:
* "com.sun.identity.agents.config.login.url"
* "com.sun.identity.client.notification.url"
* DiscoveryAgent should have:
* "discoveryendpoint"
* "authnserviceendpoint"
* STSAgent should have:
* "stsendpoint"
* 2.2_Agent
* no groups
public static void configAgentGroups (String realm, Map<String, Map<String, String>> agtAttrs) {
String classMethod = "Agent.configAgentGroups:";
if ((agtAttrs == null) || agtAttrs.isEmpty()) {
if (debug.messageEnabled()) {
debug.message(classMethod + "got null attr map for realm " +
* only doing the J2EEAgent and WebAgent Groups
* for now.
SsoServerPolicyAgents sss = sunMib.getPolicyAgentsGroup();
TableSsoServerPolicyJ2EEGroupTable j2eetab = null;
TableSsoServerPolicyWebGroupTable wgtab = null;
SsoServerWSSAgents ssa = sunMib.getWssAgentsGroup();
TableSsoServerWSSAgentsSTSAgtGrpTable ststab = null;
TableSsoServerWSSAgentsWSPAgtGrpTable wsptab = null;
TableSsoServerWSSAgentsWSCAgtGrpTable wsctab = null;
TableSsoServerWSSAgentsDSCAgtGrpTable dsctab = null;
if (sss != null) {
try {
j2eetab = sss.accessSsoServerPolicyJ2EEGroupTable();
wgtab = sss.accessSsoServerPolicyWebGroupTable();
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"getting Agent Groups tables: ", ex);
return; // can't do anything without the tables
if (ssa != null) {
try {
ststab = ssa.accessSsoServerWSSAgentsSTSAgtGrpTable();
wsptab = ssa.accessSsoServerWSSAgentsWSPAgtGrpTable();
wsctab = ssa.accessSsoServerWSSAgentsWSCAgtGrpTable();
dsctab = ssa.accessSsoServerWSSAgentsDSCAgtGrpTable();
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"getting WSS Agent Groups tables: ", ex);
return; // can't do anything without the tables
StringBuilder sb = new StringBuilder(classMethod);
if (debug.messageEnabled()) {
sb.append("agents for realm ").append(realm).append(", # = ").
int wai = 1; // index for web agent groups
int j2eei = 1; // index for j2ee agent groups
int stsi = 1; // index for STS agent groups
int wspi = 1; // index for WSP agent groups
int wsci = 1; // index for WSC agent groups
int dsci = 1; // index for DSC agent groups
Integer ri = getRealmIndexFromName(realm);
* if the realm isn't in the table, there's not much point
* in doing the rest
if (ri == null) {
debug.error(classMethod + "didn't find index for realm " +
for (Map.Entry<String, Map<String, String>> entry : agtAttrs.entrySet()) {
String agtname = entry.getKey();
Map<String, String> hm = entry.getValue();
String atype = hm.get(Constants.ATTR_NAME_AGENT_TYPE);
if (debug.messageEnabled()) {
sb.append(" agent group name = ").append(agtname).
append(", type = ").append(atype).append("\n");
agtname = getEscapedString(agtname);
if (atype.equals("WebAgent")) {
if (wgtab == null) {
continue; // no table to put it into
String lurl =
SsoServerPolicyWebGroupEntryImpl aei =
new SsoServerPolicyWebGroupEntryImpl(sunMib);
aei.SsoServerRealmIndex = ri;
aei.PolicyWebGroupIndex = new Integer(wai++);
aei.PolicyWebGroupName = agtname;
aei.PolicyWebGroupServerURL = lurl;
ObjectName aname =
if (aname == null) {
debug.error(classMethod +
"Error creating object for Policy Web Agent Group '" +
agtname + "'");
try {
wgtab.addEntry(aei, aname);
if ((server != null) && (aei != null)) {
server.registerMBean(aei, aname);
} catch (JMException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} catch (SnmpStatusException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} else if (atype.equals("J2EEAgent")) {
if (j2eetab == null) {
continue; // no table to put it into
SsoServerPolicyJ2EEGroupEntryImpl aei =
new SsoServerPolicyJ2EEGroupEntryImpl(sunMib);
String lurl =
aei.PolicyJ2EEGroupServerURL = lurl;
aei.PolicyJ2EEGroupName = agtname;
aei.PolicyJ2EEGroupIndex = new Integer(j2eei++);
aei.SsoServerRealmIndex = ri;
ObjectName aname =
if (aname == null) {
debug.error(classMethod +
"Error creating object for Policy J2EE Agent Group '" +
agtname + "'");
try {
j2eetab.addEntry(aei, aname);
if ((server != null) && (aei != null)) {
server.registerMBean(aei, aname);
} catch (JMException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} catch (SnmpStatusException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} else if (atype.equals("WSPAgent")) {
if (wsptab == null) {
continue; // no table to put it into
SsoServerWSSAgentsWSPAgtGrpEntryImpl aei =
new SsoServerWSSAgentsWSPAgtGrpEntryImpl(sunMib);
String wep = hm.get("wsendpoint");
if (wep == null) {
wep = NotAvail;
String wpep = hm.get("wspproxyendpoint");
if (wpep == null) {
wpep = NotAvail;
aei.WssAgentsWSPAgtGrpName = agtname;
aei.WssAgentsWSPAgtGrpSvcEndPoint = wep;
aei.WssAgentsWSPAgtGrpProxy = wpep;
aei.WssAgentsWSPAgtGrpIndex = new Integer(wspi++);
aei.SsoServerRealmIndex = ri;
ObjectName aname =
if (aname == null) {
debug.error(classMethod +
"Error creating object for Policy WSP Agent Group '" +
agtname + "'");
try {
wsptab.addEntry(aei, aname);
if ((server != null) && (aei != null)) {
server.registerMBean(aei, aname);
} catch (JMException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} catch (SnmpStatusException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} else if (atype.equals("WSCAgent")) {
if (wsctab == null) {
continue; // no table to put it into
SsoServerWSSAgentsWSCAgtGrpEntryImpl aei =
new SsoServerWSSAgentsWSCAgtGrpEntryImpl(sunMib);
String wep = hm.get("wsendpoint");
if (wep == null) {
wep = NotAvail;
String wpep = hm.get("wspproxyendpoint");
if (wpep == null) {
wpep = NotAvail;
aei.WssAgentsWSCAgtGrpName = agtname;
aei.WssAgentsWSCAgtGrpSvcEndPoint = wep;
aei.WssAgentsWSCAgtGrpProxy = wpep;
aei.WssAgentsWSCAgtGrpIndex = new Integer(wsci++);
aei.SsoServerRealmIndex = ri;
ObjectName aname =
if (aname == null) {
debug.error(classMethod +
"Error creating object for Policy WSC Agent Group '" +
agtname + "'");
try {
wsctab.addEntry(aei, aname);
if ((server != null) && (aei != null)) {
server.registerMBean(aei, aname);
} catch (JMException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} catch (SnmpStatusException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} else if (atype.equals("STSAgent")) {
if (ststab == null) {
continue; // no table to put it into
SsoServerWSSAgentsSTSAgtGrpEntryImpl aei =
new SsoServerWSSAgentsSTSAgtGrpEntryImpl(sunMib);
String sep = hm.get("stsendpoint");
if (sep == null) {
sep = NotAvail;
aei.WssAgentsSTSAgtGrpName = agtname;
aei.WssAgentsSTSAgtGrpSvcEndPoint = sep;
aei.WssAgentsSTSAgtGrpIndex = new Integer(stsi++);
aei.WssAgentsSTSAgtGrpSvcMEXEndPoint = NotAvail; //notretrieved
aei.SsoServerRealmIndex = ri;
ObjectName aname =
if (aname == null) {
debug.error(classMethod +
"Error creating object for Policy STS Agent Group '" +
agtname + "'");
try {
ststab.addEntry(aei, aname);
if ((server != null) && (aei != null)) {
server.registerMBean(aei, aname);
} catch (JMException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} catch (SnmpStatusException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} else if (atype.equals("DiscoveryAgent")) {
if (dsctab == null) {
continue; // no table to put it into
SsoServerWSSAgentsDSCAgtGrpEntryImpl aei =
new SsoServerWSSAgentsDSCAgtGrpEntryImpl(sunMib);
String dep = hm.get("discoveryendpoint");
if (dep == null) {
dep = NotAvail;
String aep = hm.get("authnserviceendpoint");
if (aep == null) {
aep = NotAvail;
aei.WssAgentsDSCAgtGrpName = agtname;
aei.WssAgentsDSCAgtGrpWebSvcEndPoint = dep;
aei.WssAgentsDSCAgtGrpSvcEndPoint = aep;
aei.WssAgentsDSCAgtGrpIndex = new Integer(dsci++);
aei.SsoServerRealmIndex = ri;
ObjectName aname =
if (aname == null) {
debug.error(classMethod +
"Error creating object for Policy Discovery Agent " +
"Group '" + agtname + "'");
try {
dsctab.addEntry(aei, aname);
if ((server != null) && (aei != null)) {
server.registerMBean(aei, aname);
} catch (JMException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} catch (SnmpStatusException ex) {
debug.error(classMethod + agtname + ": " + ex.getMessage());
} else if (atype.equals("SharedAgent")) {
} else {
debug.error(classMethod + "agent group type = " + atype +
", agent group name = " + agtname + " not supported.");
if (debug.messageEnabled()) {
* process saml1.x trusted partners (global)
public static int saml1TPConfig (List<String> s1TPInfo) {
String classMethod = "Agent.saml1TPConfig:";
StringBuilder sb = new StringBuilder(classMethod);
int sz = s1TPInfo.size();
boolean skipSAML1EndPoints = true; // until instrumentation done
Date startDate = new Date();
if (debug.messageEnabled()) {
sb.append("number of SAML1 Trusted Partners = ").append(sz).
if (server == null) { // can't do anything without a server
debug.error(classMethod + "no server");
return -1;
for (int i = 0; i < sz; i++) {
String pName = s1TPInfo.get(i);
if (debug.messageEnabled()) {
sb.append(" ").append(pName).append("\n");
SsoServerSAML1TrustPrtnrsEntryImpl sstpe =
new SsoServerSAML1TrustPrtnrsEntryImpl(sunMib);
sstpe.SAML1TrustPrtnrIndex = new Integer(i+1);
sstpe.SAML1TrustPrtnrName = getEscapedString(pName);
SsoServerSAML1Svc sss =
(SsoServerSAML1SvcImpl) sunMib.getSaml1SvcGroup();
TableSsoServerSAML1TrustPrtnrsTable tptab = null;
if (sss != null) {
try {
tptab = sss.accessSsoServerSAML1TrustPrtnrsTable();
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"getting SAML1 trusted partner table: ", ex);
return -2; // can't do anything without the table
if (tptab == null) {
return -2; // can't do anything without the table
ObjectName aname =
if (aname == null) {
debug.error(classMethod +
"Error creating object for SAML1 Trusted Partner '" +
pName + "'");
try {
tptab.addEntry(sstpe, aname);
if (sstpe != null) {
server.registerMBean(sstpe, aname);
} catch (JMException ex) {
debug.error(classMethod + pName + ": " + ex.getMessage());
} catch (SnmpStatusException ex) {
debug.error(classMethod + pName + ": " + ex.getMessage());
if (debug.messageEnabled()) {
* while we're here, setup the
* SAML1 Cache table (Artifacts and Assertions)
* SAML1 Endpoints for SOAPReceiver, POSTProfile,
* SAMLAware/ArtifactProfile
// assertions
SsoServerSAML1CacheEntryImpl ssce =
new SsoServerSAML1CacheEntryImpl(sunMib);
ssce.SAML1CacheIndex = Integer.valueOf(1);
ssce.SAML1CacheName = "Assertion_Cache";
ssce.SAML1CacheMisses = 0L;
ssce.SAML1CacheHits = 0L;
ssce.SAML1CacheWrites = 0L;
ssce.SAML1CacheReads = 0L;
SsoServerSAML1SvcImpl sss = sunMib.getSaml1SvcGroup();
TableSsoServerSAML1CacheTable tptab = null;
if (sss != null) {
try {
tptab = sss.accessSsoServerSAML1CacheTable();
} catch (SnmpStatusException ex) {
debug.error(classMethod + "getting SAML1 Cache table: ", ex);
if (tptab != null) { // if sss is null, so will tptab
sss.assertCache = ssce;
ObjectName aname =
if (aname == null) {
debug.error(classMethod +
"Error creating object for SAML1 Assertion Cache");
} else {
try {
tptab.addEntry(ssce, aname);
if (ssce != null) {
server.registerMBean(ssce, aname);
} catch (JMException ex) {
debug.error(classMethod +
"SAML1 Assertion Cache table: " + ex.getMessage());
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"SAML1 Assertion Cache table: " + ex.getMessage());
// artifacts
ssce = new SsoServerSAML1CacheEntryImpl(sunMib);
ssce.SAML1CacheIndex = Integer.valueOf(2);
ssce.SAML1CacheName = "Artifact_Cache";
ssce.SAML1CacheMisses = 0L;
ssce.SAML1CacheHits = 0L;
ssce.SAML1CacheWrites = 0L;
ssce.SAML1CacheReads = 0L;
aname = ssce.createSsoServerSAML1CacheEntryObjectName(server);
if (aname == null) {
debug.error(classMethod +
"Error creating object for SAML1 Artifact Cache");
} else {
try {
tptab.addEntry(ssce, aname);
if (ssce != null) {
server.registerMBean(ssce, aname);
} catch (JMException ex) {
debug.error(classMethod + "SAML1 Artifact Cache table: " +
} catch (SnmpStatusException ex) {
debug.error(classMethod + "SAML1 Artifact Cache table: " +
sss.artifactCache = ssce;
// SOAPReceiver endpoint
if (!skipSAML1EndPoints) {
SsoServerSAML1EndPointEntryImpl ssee =
new SsoServerSAML1EndPointEntryImpl(sunMib);
ssee.SAML1EndPointIndex = Integer.valueOf(1);
ssee.SAML1EndPointName = "SOAPReceiver_EndPoint";
ssee.SAML1EndPointRqtFailed = 0L;
ssee.SAML1EndPointRqtOut = 0L;
ssee.SAML1EndPointRqtIn = 0L;
ssee.SAML1EndPointRqtAborted = 0L;
ssee.SAML1EndPointStatus = "operational";
TableSsoServerSAML1EndPointTable tetab = null;
if (sss != null) {
try {
tetab = sss.accessSsoServerSAML1EndPointTable();
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"getting SAML1 EndPoint table: ", ex);
if (tetab != null) { // if sss is null, so will tetab
ObjectName aname =
if (aname == null) {
debug.error(classMethod +
"Error creating object for SAML1 SOAPReceiver_EndPoint");
} else {
try {
tetab.addEntry(ssee, aname);
if (ssee != null) {
server.registerMBean(ssee, aname);
} catch (JMException ex) {
debug.error(classMethod +
"SAML1 SOAPReceiver EndPoint table: " +
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"SAML1 SOAPReceiver EndPoint table: " +
sss.soapEP = ssee;
// POSTProfile table
ssee = new SsoServerSAML1EndPointEntryImpl(sunMib);
ssee.SAML1EndPointIndex = Integer.valueOf(2);
ssee.SAML1EndPointName = "POSTProfile_EndPoint";
ssee.SAML1EndPointRqtFailed = 0L;
ssee.SAML1EndPointRqtOut = 0L;
ssee.SAML1EndPointRqtIn = 0L;
ssee.SAML1EndPointRqtAborted = 0L;
ssee.SAML1EndPointStatus = "operational";
aname = ssee.createSsoServerSAML1EndPointEntryObjectName(server);
if (aname == null) {
debug.error(classMethod +
"Error creating object for SAML1 POSTProfile_EndPoint");
} else {
try {
tetab.addEntry(ssee, aname);
if (ssee != null) {
server.registerMBean(ssee, aname);
} catch (JMException ex) {
debug.error(classMethod +
"SAML1 POSTProfile EndPoint table: " +
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"SAML1 POSTProfile EndPoint table: " +
sss.pprofEP = ssee;
// SAMLAware/ArtifactProfile table
ssee = new SsoServerSAML1EndPointEntryImpl(sunMib);
ssee.SAML1EndPointIndex = Integer.valueOf(3);
ssee.SAML1EndPointName = "SAMLAware_EndPoint";
ssee.SAML1EndPointRqtFailed = 0L;
ssee.SAML1EndPointRqtOut = 0L;
ssee.SAML1EndPointRqtIn = 0L;
ssee.SAML1EndPointRqtAborted = 0L;
ssee.SAML1EndPointStatus = "operational";
aname = ssee.createSsoServerSAML1EndPointEntryObjectName(server);
if (aname == null) {
debug.error(classMethod +
"Error creating object for SAML1 SAMLAware_EndPoint");
} else {
try {
tetab.addEntry(ssee, aname);
if (ssee != null) {
server.registerMBean(ssee, aname);
} catch (JMException ex) {
debug.error(classMethod +
"SAML1 SAMLAware/ArtifactProfile EndPoint table: " +
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"SAML1 SAMLAware/ArtifactProfile EndPoint table: " +
sss.samlAwareEP = ssee;
} // if (!skipSAML1EndPoints)
Date stopDate = new Date();
if (debug.messageEnabled()) {
String stDate = sdf.format(startDate);
String endDate = sdf.format(stopDate);
debug.message("Agent.saml1TPConfig:\n Start Time = " +
stDate + "\n End Time = " + endDate);
return 0;
public static int federationConfig (SSOServerRealmFedInfo srfi)
String classMethod = "Agent.federationConfig:";
Date startDate = new Date();
String realm = srfi.realmName;
Integer ri = getRealmIndexFromName(realm);
Set<String> cots = srfi.cots;
Map<String, Map<String, String>> saml2Ents = srfi.samlv2Ents;
Map<String, Map<String, String>> wsEnts = srfi.wsEnts;
Map<String, Map<String, String>> idffEnts = srfi.idffEnts;
Map<String, Map<String, Set<String>>> cotMembs = srfi.membEnts;
StringBuilder sb = new StringBuilder(classMethod);
if (debug.messageEnabled()) {
sb.append("fed entities for realm ").append(realm).append(":\n");
sb.append(" Circle of Trusts set has ");
if (server == null) { // can't do anything without a server
debug.error(classMethod + "no server");
return -1;
SsoServerFedCOTs ssfc = getFedCOTsMBean();
if ((cots != null) && (cots.size() > 0)) {
if (debug.messageEnabled()) {
sb.append(cots.size()).append(" entries:\n");
TableSsoServerFedCOTsTable ftab = null;
try {
ftab = ssfc.accessSsoServerFedCOTsTable();
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"getting fed COTs table: ", ex);
if (ftab != null) {
int i = 1;
for (String ss : cots) {
ss = getEscapedString(ss);
if (debug.messageEnabled()) {
sb.append(" #").append(i).append(": ").append(ss).
SsoServerFedCOTsEntryImpl cei =
new SsoServerFedCOTsEntryImpl(sunMib);
cei.SsoServerRealmIndex = ri;
cei.FedCOTName = ss;
cei.FedCOTIndex = new Integer(i++);
ObjectName oname =
if (oname == null) {
debug.error(classMethod +
"Error creating object for Fed COT '" + ss + "'");
try {
ftab.addEntry(cei, oname);
if (cei != null) {
server.registerMBean(cei, oname);
} catch (JMException ex) {
debug.error(classMethod + ss, ex);
} catch (SnmpStatusException ex) {
debug.error(classMethod + ss, ex);
} else {
if (debug.messageEnabled()) {
sb.append("no entries\n");
* the federation entities all go into the
* SsoServerFedEntitiesTable
SsoServerFedEntities ssfe = getFedEntsMBean();
TableSsoServerFedEntitiesTable ftab = null;
try {
ftab = ssfe.accessSsoServerFedEntitiesTable();
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"getting FederationEntities table: ", ex);
return -1; // can't proceed without the table
if (ftab != null) {
* the SAML2 entities map:
* entity name -> hashmap of:
* key="location"; value="hosted" or "remote"
* key="roles"; value=some combo of IDP;SP
int tabinx = 1; // increments for all entries
if (debug.messageEnabled()) {
sb.append("\n SAML2 entities map has ");
if ((saml2Ents != null) && (saml2Ents.size() > 0)) {
TableSsoServerSAML2IDPTable iTab = null;
TableSsoServerSAML2SPTable sTab = null;
SsoServerSAML2SvcImpl ss2s = getSaml2SvcMBean();
try {
iTab = ss2s.accessSsoServerSAML2IDPTable();
sTab = ss2s.accessSsoServerSAML2SPTable();
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"getting SAML2 IDP and/or SP tables: ", ex);
return -1; // can't proceed without the tables
if (debug.messageEnabled()) {
sb.append(saml2Ents.size()).append(" entries:\n");
Set ks = saml2Ents.keySet();
int idpi = 1;
int spi = 1;
for (Map.Entry<String, Map<String, String>> entry : saml2Ents.entrySet()) {
String entname = entry.getKey();
Map<String, String> hm = entry.getValue();
String loc = hm.get("location");
String roles = hm.get("roles");
SsoServerFedEntitiesEntryImpl cei =
new SsoServerFedEntitiesEntryImpl(sunMib);
cei.SsoServerRealmIndex = ri;
cei.FedEntityName = getEscapedString(entname);
cei.FedEntityIndex = new Integer(tabinx++);
cei.FedEntityProto = "SAMLv2";
cei.FedEntityType = roles;
cei.FedEntityLoc = loc;
ObjectName oname =
if (oname == null) {
debug.error(classMethod +
"Error creating object for SAML2 Entity '" +
entname + "'");
try {
ftab.addEntry(cei, oname);
if (cei != null) {
server.registerMBean(cei, oname);
} catch (JMException ex) {
debug.error(classMethod +
"JMEx adding SAMLv2 entity " +
entname + " in realm " + realm, ex);
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"SnmpEx adding SAMLv2 entity " +
entname + " in realm " + realm, ex);
* these also need to be added to either (possibly
* both if in both roles?) SAML2's IDP or SP table
if (((roles.indexOf("IDP")) >= 0) &&
if (iTab == null) {
SsoServerSAML2IDPEntryImpl sei =
new SsoServerSAML2IDPEntryImpl(sunMib);
sei.SAML2IDPArtifactsIssued = 0L;
sei.SAML2IDPAssertionsIssued = 0L;
sei.SAML2IDPInvalRqtsRcvd = 0L;
sei.SAML2IDPRqtsRcvd = 0L;
sei.SAML2IDPArtifactsInCache = 0L;
sei.SAML2IDPAssertionsInCache = 0L;
sei.SAML2IDPIndex = new Integer(idpi++);
sei.SAML2IDPName = getEscapedString(entname);
sei.SsoServerRealmIndex = ri;
oname =
try {
iTab.addEntry(sei, oname);
if (sei != null) {
server.registerMBean(sei, oname);
/* is a Map of realm/saml2idp to index needed? */
String rai = realm + "|" + entname;
// sei is this bean's instance
realmSAML2IDPs.put(rai, sei);
} catch (JMException ex) {
debug.error(classMethod +
"JMEx adding SAMLv2 IDP entity " +
entname + " in realm " + realm, ex);
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"SnmpEx adding SAMLv2 IDP entity " +
entname + " in realm " + realm, ex);
if (((roles.indexOf("IDP")) >= 0) &&
if (((roles.indexOf("SP")) >= 0) &&
if (sTab == null) {
SsoServerSAML2SPEntryImpl sei =
new SsoServerSAML2SPEntryImpl(sunMib);
sei.SAML2SPInvalidArtifactsRcvd = 0L;
sei.SAML2SPValidAssertionsRcvd = 0L;
sei.SAML2SPRqtsSent = 0L;
sei.SAML2SPName = getEscapedString(entname);
sei.SsoServerRealmIndex = ri;
sei.SAML2SPIndex = new Integer(spi++);
oname =
try {
sTab.addEntry(sei, oname);
if (sei != null) {
server.registerMBean(sei, oname);
/* is a Map of realm/saml2sp to index needed? */
String rai = realm + "|" + entname;
// sei is this bean's instance
realmSAML2SPs.put(rai, sei);
} catch (JMException ex) {
debug.error(classMethod +
"JMEx adding SAMLv2 SP entity " +
entname + " in realm " + realm, ex);
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"SnmpEx adding SAMLv2 SP entity " +
entname + " in realm " + realm, ex);
if (debug.messageEnabled()) {
sb.append(" name=").append(entname).
append(", loc=").append(loc).append(", roles=").
} else {
if (debug.messageEnabled()) {
sb.append("no entries\n");
* the WSFed entities map:
* entity name -> hashmap of:
* key="location"; value="hosted" or "remote"
* key="roles"; value=some combo of IDP;SP
if (debug.messageEnabled()) {
sb.append("\n WSFed entities map has ");
if ((wsEnts != null) && (wsEnts.size() > 0)) {
if (debug.messageEnabled()) {
sb.append(wsEnts.size()).append(" entries:\n");
for (Map.Entry<String, Map<String, String>> entry : wsEnts.entrySet()) {
String entname = entry.getKey();
Map<String, String> hm = entry.getValue();
String loc = hm.get("location");
String roles = hm.get("roles");
SsoServerFedEntitiesEntryImpl cei =
new SsoServerFedEntitiesEntryImpl(sunMib);
cei.SsoServerRealmIndex = ri;
cei.FedEntityName = getEscapedString(entname);
cei.FedEntityIndex = new Integer(tabinx++);
cei.FedEntityProto = "WSFed";
cei.FedEntityType = roles;
cei.FedEntityLoc = loc;
ObjectName oname =
if (oname == null) {
debug.error(classMethod +
"Error creating object for WSFed Entity '" +
entname + "'");
try {
ftab.addEntry(cei, oname);
if (cei != null) {
server.registerMBean(cei, oname);
} catch (JMException ex) {
debug.error(classMethod + "JMEx adding WSFed entity " +
entname + " in realm " + realm, ex);
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"SnmpEx adding WSFed entity " +
entname + " in realm " + realm, ex);
sb.append(" name=").append(entname).append(", loc=").
append(loc).append(", roles=").append(roles).
} else {
if (debug.messageEnabled()) {
sb.append("no entries\n");
* the IDFF entities map:
* entity name -> hashmap of:
* key="location"; value="hosted" or "remote"
* key="roles"; value=some combo of IDP;SP
if (debug.messageEnabled()) {
sb.append("\n IDFF entities map has ");
if ((idffEnts != null) && (idffEnts.size() > 0)) {
if (debug.messageEnabled()) {
sb.append(idffEnts.size()).append(" entries:\n");
for (Map.Entry<String, Map<String, String>> entry : idffEnts.entrySet()) {
String entname = entry.getKey();
Map<String, String> hm = entry.getValue();
String loc = hm.get("location");
String roles = hm.get("roles");
SsoServerFedEntitiesEntryImpl cei =
new SsoServerFedEntitiesEntryImpl(sunMib);
cei.SsoServerRealmIndex = ri;
cei.FedEntityName = getEscapedString(entname);
cei.FedEntityIndex = new Integer(tabinx++);
cei.FedEntityProto = "IDFF";
cei.FedEntityType = roles;
cei.FedEntityLoc = loc;
ObjectName oname =
if (oname == null) {
debug.error(classMethod +
"Error creating object for IDFF Entity '" +
entname + "'");
try {
ftab.addEntry(cei, oname);
if (cei != null) {
server.registerMBean(cei, oname);
} catch (JMException ex) {
debug.error(classMethod + "JMEx adding IDFF entity " +
entname + " in realm " + realm, ex);
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"SnmpEx adding IDFF entity " +
entname + " in realm " + realm, ex);
if (debug.messageEnabled()) {
sb.append(" name=").append(entname).
append(", loc=").append(loc).append(", roles=").
} else {
if (debug.messageEnabled()) {
sb.append("no entries\n");
} else {
debug.error(classMethod +
"FederationEntities table is null");
* the COT members map:
* cot name -> hashmap of:
* key="SAML"; value=Set of member names
* key="IDFF"; value=Set of member names
* key="WSFed"; value=Set of member names
if (debug.messageEnabled()) {
sb.append("\n COT Members map has ");
if ((cotMembs != null) && (cotMembs.size() > 0)) {
if (debug.messageEnabled()) {
sb.append(cotMembs.size()).append(" entries:\n");
int coti = 1;
TableSsoServerFedCOTMemberTable mtab = null;
try {
mtab = ssfc.accessSsoServerFedCOTMemberTable();
} catch (SnmpStatusException ex) {
debug.error(classMethod +
"getting fed COT members table: ", ex);
for (Map.Entry<String, Map<String, Set<String>>> entry : cotMembs.entrySet()) {
String cotname = entry.getKey();
Map<String, Set<String>> hm = entry.getValue();
cotname = getEscapedString(cotname);
if (debug.messageEnabled()) {
sb.append(" COT name = ").append(cotname).
append(", SAML members = ");
Set<String> fset = hm.get("SAML");
int mi = 1;
Integer cotI = new Integer(coti++);
if ((fset != null) && fset.size() > 0) {
for (String mbm : fset) {
if (debug.messageEnabled()) {
sb.append(" ").append(mbm).append("\n");
SsoServerFedCOTMemberEntryImpl cmi =
new SsoServerFedCOTMemberEntryImpl(sunMib);
cmi.FedCOTMemberType = "SAMLv2";
cmi.FedCOTMemberName = getEscapedString(mbm);
cmi.FedCOTMemberIndex = new Integer(mi++);
cmi.SsoServerRealmIndex = ri;
cmi.FedCOTIndex = cotI; // xxx - need to get from tbl
ObjectName ceName =
if (ceName == null) {
debug.error(classMethod +
"Error creating object for SAMLv2 COT Member '"+
mbm + "'");
try {
mtab.addEntry(cmi, ceName);
if (ceName != null) {
server.registerMBean(cmi, ceName);
} catch (Exception ex) {
debug.error(classMethod + "cotmember = " +
mbm, ex);
} else {
if (debug.messageEnabled()) {
sb.append(" NONE\n");
fset = hm.get("IDFF");
if (debug.messageEnabled()) {
sb.append(" IDFF members = ");
if ((fset != null) && fset.size() > 0) {
for (String mbm : fset) {
if (debug.messageEnabled()) {
sb.append(" ").append(mbm).append("\n");
SsoServerFedCOTMemberEntryImpl cmi =
new SsoServerFedCOTMemberEntryImpl(sunMib);
cmi.FedCOTMemberType = "IDFF";
cmi.FedCOTMemberName = getEscapedString(mbm);
cmi.FedCOTMemberIndex = new Integer(mi++);
cmi.SsoServerRealmIndex = ri;
cmi.FedCOTIndex = cotI; // xxx - need to get from tbl
ObjectName ceName =
if (ceName == null) {
debug.error(classMethod +
"Error creating object for IDFF COT Member '" +
mbm + "'");
try {
mtab.addEntry(cmi, ceName);
if (ceName != null) {
server.registerMBean(cmi, ceName);
} catch (Exception ex) {
debug.error(classMethod + "cotmember = " +
mbm, ex);
} else {
if (debug.messageEnabled()) {
sb.append(" NONE\n");
fset = hm.get("WSFed");
if (debug.messageEnabled()) {
sb.append(" WSFed members = ");
if ((fset != null) && fset.size() > 0) {
for (String mbm : fset) {
if (debug.messageEnabled()) {
sb.append(" ").append(mbm).append("\n");
SsoServerFedCOTMemberEntryImpl cmi =
new SsoServerFedCOTMemberEntryImpl(sunMib);
cmi.FedCOTMemberType = "WSFed";
cmi.FedCOTMemberName = getEscapedString(mbm);
cmi.FedCOTMemberIndex = new Integer(mi++);
cmi.SsoServerRealmIndex = ri;
cmi.FedCOTIndex = cotI; // xxx - need to get from tbl
ObjectName ceName =
if (ceName == null) {
debug.error(classMethod +
"Error creating object for WSFed Member '" +
mbm + "'");
try {
mtab.addEntry(cmi, ceName);
if (ceName != null) {
server.registerMBean(cmi, ceName);
} catch (Exception ex) {
debug.error(classMethod + "cotmember = " +
mbm, ex);
} else {
if (debug.messageEnabled()) {
sb.append(" NONE\n");
if (debug.messageEnabled()) {
* have to do it here?
if (debug.messageEnabled()) {
try {
DSConfigMgr dscm = DSConfigMgr.getDSConfigMgr();
ServerGroup sgrp = dscm.getServerGroup("sms");
Collection<Server> slist = sgrp.getServersList();
StringBuilder sbp1 = new StringBuilder("DSConfigMgr:\n");
for (Server sobj : slist) {
String svr = sobj.getServerName();
int port = sobj.getPort();
sbp1.append(" svrname = ").append(svr).
append(", port = ").append(port).append("\n");
debug.message(classMethod + sbp1.toString());
} catch (Exception d) {
debug.message(classMethod +
"trying to get Directory Server Config");
Properties props = SystemProperties.getProperties();
StringBuilder sbp = new StringBuilder("SYSPROPS:\n");
for (Map.Entry<Object, Object> entry : props.entrySet()) {
String entname = (String) entry.getKey();
String val = (String) entry.getValue();
sbp.append(" key = ").append(entname).append(", val = ").
debug.message(classMethod + sbp.toString());
String dirHost = SystemProperties.get(Constants.AM_DIRECTORY_HOST);
String dirPort = SystemProperties.get(Constants.AM_DIRECTORY_PORT);
String drSSL =
boolean dirSSL = SystemProperties.getAsBoolean(
debug.message(classMethod + "SMS CONFIG:\n host = " + dirHost +
"\n port = " + dirPort + "\n ssl = " + drSSL +
"\n dirSSL = " + dirSSL);
Date stopDate = new Date();
String stDate = sdf.format(startDate);
String endDate = sdf.format(stopDate);
debug.message("Agent.federationConfig:\n Start Time = " +
stDate + "\n End Time = " + endDate);
return 0;
private static String getEscapedString (String str) {
if (str != null) {
str = str.replaceAll(":", "&#58;");
str = str.replaceAll("=", "&#61;");
str = str.replaceAll("\\?", "&#63;");
return str;
public static String getRealmNameFromIndex (Integer index) {
return index2Realm.get(index);
public static String getEscRealmNameFromIndex (Integer index) {
String ss = index2Realm.get(index);
return getEscapedString(ss);
public static Integer getRealmIndexFromName (String name) {
return realm2Index.get(name) ;
public static String getRealmNameFromDN(String rlmDN) {
return DN2Realm.get(rlmDN);
public static SsoServerAuthModulesEntryImpl getAuthModuleEntry (
String rlmAuthInst)
return realmAuthInst.get(rlmAuthInst);
public static SSOServerInfo getAgentSvrInfo() {
return agentSvrInfo;
public static SsoServerSAML2IDPEntryImpl getSAML2IDPEntry (
String rlmSAMLIDP)
return realmSAML2IDPs.get(rlmSAMLIDP);
public static SsoServerSAML2SPEntryImpl getSAML2SPEntry (
String rlmSAMLSP)
return realmSAML2SPs.get(rlmSAMLSP);
public static void setSFOStatus (boolean sfoStatus) {
isSessFOEnabled = sfoStatus;
public static boolean getSFOStatus() {
return isSessFOEnabled;
public static void setMonitoringDisabled () {
monitoringEnabled = false;
agentStarted = false; // so Agent.isRunning() is false
* Main entry point.
* When calling the program, you can specify:
* 1) nb_traps: number of traps the SNMP agent will send.
* If not specified, the agent will send traps continuously.
public static void main(String args[]) {
final MBeanServer server;
final ObjectName htmlObjName;
final ObjectName snmpObjName;
final ObjectName sunMibObjName;
final ObjectName forgerockCtsMibObjName;
final ObjectName trapGeneratorObjName;
int htmlPort = 8082;
int snmpPort = 11161;
// Parse the number of traps to be sent.
if ((args.length != 0) && (args.length != 1)) {
} else if (args.length == 1) {
try {
nbTraps = (new Integer(args[0])).intValue();
if (nbTraps < 0) {
} catch (java.lang.NumberFormatException e) {
try {
List<MBeanServer> servers = MBeanServerFactory.findMBeanServer(null);
if ((servers != null) && !servers.isEmpty()) {
server = servers.get(0);
} else {
server = MBeanServerFactory.createMBeanServer();
String domain = server.getDefaultDomain();
// Create and start the HTML adaptor.
htmlObjName = new ObjectName(domain +
":class=HtmlAdaptorServer,protocol=html,port=" + htmlPort);
println("Adding HTML adaptor to MBean server with name \n " +
println("NOTE: HTML adaptor is bound on TCP port " + htmlPort);
HtmlAdaptorServer htmlAdaptor = new HtmlAdaptorServer(htmlPort);
server.registerMBean(htmlAdaptor, htmlObjName);
// SNMP specific code:
// Create and start the SNMP adaptor.
// Specify the port to use in the constructor.
// If you want to use the standard port (161) comment out the
// following line:
// snmpPort = 8085;
snmpPort = 11161;
snmpObjName = new ObjectName(domain +
":class=SnmpAdaptorServer,protocol=snmp,port=" + snmpPort);
println("Adding SNMP adaptor to MBean server with name \n " +
println("NOTE: SNMP Adaptor is bound on UDP port " + snmpPort);
snmpAdaptor = new SnmpAdaptorServer(snmpPort);
server.registerMBean(snmpAdaptor, snmpObjName);
// Send a coldStart SNMP Trap.
// Use port = snmpPort+1.
print("NOTE: Sending a coldStart SNMP trap" +
" to each destination defined in the ACL file...");
snmpAdaptor.setTrapPort(new Integer(snmpPort+1));
snmpAdaptor.snmpV1Trap(0, 0, null);
// Create an RMI connector and start it
try {
JMXServiceURL url =
new JMXServiceURL(
JMXConnectorServer cs =
url, null, server);
} catch (Exception ex) {
"Error starting RMI : execute rmiregistry 9999; ex="+ex);
// Create the MIB II (RFC 1213) and add it to the MBean server.
sunMibObjName = new ObjectName("snmp:class=SUN_OPENSSO_SERVER_MIB");
"Adding SUN_OPENSSO_SERVER_MIB-MIB to MBean server with name" +
"\n " + sunMibObjName);
// Create an instance of the customized MIB
server.registerMBean(mib2, sunMibObjName);
forgerockCtsMibObjName = new ObjectName("snmp:class=FORGEROCK_OPENAM_CTS_MIB");
"Adding FORGEROCK_OPENAM_CTS_MIB-MIB to MBean server with name" +
"\n " + forgerockCtsMibObjName);
server.registerMBean(mib3, forgerockCtsMibObjName);
// Bind the SNMP adaptor to the MIB in order to make the MIB
// accessible through the SNMP protocol adaptor.
// If this step is not performed, the MIB will still live in
// the Java DMK agent:
// its objects will be addressable through HTML but not SNMP.
// Create a LinkTrapGenerator.
// Specify the ifIndex to use in the object name.
int ifIndex = 1;
trapGeneratorObjName = new ObjectName("trapGenerator" +
":class=LinkTrapGenerator,ifIndex=" + ifIndex);
println("Adding LinkTrapGenerator to MBean server with name" +
"\n " + trapGeneratorObjName);
LinkTrapGenerator trapGenerator = new LinkTrapGenerator(nbTraps);
server.registerMBean(trapGenerator, trapGeneratorObjName);
println("\n>> Press <Enter> if you want to start sending traps.");
println(" -or-");
println(">> Press <Ctrl-C> if you want to stop this agent.");;
} catch (Exception e) {
* Return a reference to the SNMP adaptor server.
public static SnmpAdaptorServer getSnmpAdaptor() {
return snmpAdaptor;
* Return usage of the program.
public static void usage() {
println("java Agent <nb_traps>");
println(" -nb_traps: " +
"number of traps the SNMP agent will send.");
println(" " +
"If not specified, the agent will send traps continuously.");
* print/println stuff...
private final static void println(String msg) {
private final static void print(String msg) {