4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * The contents of this file are subject to the terms
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * of the Common Development and Distribution License
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * (the License). You may not use this file except in
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * compliance with the License.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * You can obtain a copy of the License at
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * See the License for the specific language governing
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * permission and limitations under the License.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * When distributing Covered Code, include this CDDL
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Header Notice in each file and include the License file
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * If applicable, add the following below the CDDL Header,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * with the fields enclosed by brackets [] replaced by
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * your own identifying information:
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * "Portions Copyrighted [year] [name of copyright owner]"
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * $Id: CreateIDFFMetaDataTemplate.java,v 1.9 2008/11/18 22:38:19 asyhuang Exp $
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.common.IFSConstants;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.meta.IDFFMetaException;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.meta.IDFFMetaSecurityUtils;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.meta.IDFFMetaUtils;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml2.meta.SAML2MetaManager;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.shared.configuration.SystemPropertiesManager;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Create IDFF Meta Template.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster public static String createStandardMetaTemplate(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String host = SystemPropertiesManager.get(Constants.AM_SERVER_HOST);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String port = SystemPropertiesManager.get(Constants.AM_SERVER_PORT);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String deploymentURI = SystemPropertiesManager.get(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster url = protocol + "://" + host + ":" + port + deploymentURI;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" xmlns=\"urn:liberty:metadata:2003-08\"\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" providerID=\"" + entityId + "\">\n");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String idpAlias = (String)mapParams.get(MetaTemplateParameters.P_IDP);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String realm = IDFFMetaUtils.getRealmByMetaAlias(idpAlias);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster addIDFFIdentityProviderTemplate(buff, mapParams, url);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String spAlias = (String)mapParams.get(MetaTemplateParameters.P_SP);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String realm = IDFFMetaUtils.getRealmByMetaAlias(spAlias);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster addIDFFServiceProviderTemplate(buff, mapParams, url);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String realm = IDFFMetaUtils.getRealmByMetaAlias(affiAlias);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster addAffiliationTemplate(buff, entityId, affiAlias, url, mapParams);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster private static void addIDFFIdentityProviderTemplate(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String idpAlias = (String)mapParams.get(MetaTemplateParameters.P_IDP);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append("\"urn:liberty:iff:2003-08 urn:liberty:iff:2002-12\">\n");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String idpSX509Cert = IDFFMetaSecurityUtils.buildX509Certificate(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster buff.append(" <KeyDescriptor use=\"signing\">\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String idpEX509Cert = IDFFMetaSecurityUtils.buildX509Certificate(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster buff.append(" <KeyDescriptor use=\"encryption\">\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <EncryptionMethod>http://www.w3.org/2001/04/xmlenc#aes128-cbc</EncryptionMethod>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append("</FederationTerminationServiceURL>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <FederationTerminationServiceReturnURL>")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append("</FederationTerminationServiceReturnURL>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-http</FederationTerminationNotificationProtocolProfile>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-soap</FederationTerminationNotificationProtocolProfile>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-http</SingleLogoutProtocolProfile>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-sp-soap</SingleLogoutProtocolProfile>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-http</RegisterNameIdentifierProtocolProfile>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-sp-soap</RegisterNameIdentifierProtocolProfile>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append("</RegisterNameIdentifierServiceURL>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <RegisterNameIdentifierServiceReturnURL>")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append("</RegisterNameIdentifierServiceReturnURL>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <SingleSignOnProtocolProfile>http://projectliberty.org/profiles/brws-art</SingleSignOnProtocolProfile>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <SingleSignOnProtocolProfile>http://projectliberty.org/profiles/brws-post</SingleSignOnProtocolProfile>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <SingleSignOnProtocolProfile>http://projectliberty.org/profiles/lecp</SingleSignOnProtocolProfile>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster private static void addIDFFServiceProviderTemplate(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String spAlias = (String)mapParams.get(MetaTemplateParameters.P_SP);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" \"urn:liberty:iff:2003-08 urn:liberty:iff:2002-12\">\n");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String spSX509Cert = IDFFMetaSecurityUtils.buildX509Certificate(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster buff.append(" <KeyDescriptor use=\"signing\">\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String spEX509Cert = IDFFMetaSecurityUtils.buildX509Certificate(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster buff.append(" <KeyDescriptor use=\"encryption\">\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <EncryptionMethod>http://www.w3.org/2001/04/xmlenc#aes128-cbc</EncryptionMethod>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append("</FederationTerminationServiceURL>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <FederationTerminationServiceReturnURL>")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append("</FederationTerminationServiceReturnURL>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-http</FederationTerminationNotificationProtocolProfile>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-idp-soap</FederationTerminationNotificationProtocolProfile>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-http</SingleLogoutProtocolProfile>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-http</RegisterNameIdentifierProtocolProfile>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <RegisterNameIdentifierProtocolProfile>http://projectliberty.org/profiles/rni-idp-soap</RegisterNameIdentifierProtocolProfile>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append("</RegisterNameIdentifierServiceURL>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <RegisterNameIdentifierServiceReturnURL>")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append("</RegisterNameIdentifierServiceReturnURL>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <AssertionConsumerServiceURL id=\"1\" isDefault=\"true\">")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <AuthnRequestsSigned>false</AuthnRequestsSigned>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster public static String createExtendedMetaTemplate(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster buff.append("<EntityConfig xmlns=\"urn:sun:fm:ID-FF:entityconfig\"\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String idpAlias = (String)mapParams.get(MetaTemplateParameters.P_IDP);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String realm = IDFFMetaUtils.getRealmByMetaAlias(idpAlias);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String spAlias = (String)mapParams.get(MetaTemplateParameters.P_SP);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String realm = IDFFMetaUtils.getRealmByMetaAlias(spAlias);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String realm = IDFFMetaUtils.getRealmByMetaAlias(affiAlias);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster buildAffiliationConfigTemplate(buff, affiAlias, mapParams);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster private static void buildIDFFIDPConfigTemplate(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String idpAlias = (String)mapParams.get(MetaTemplateParameters.P_IDP);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster buff.append(" <IDPDescriptorConfig metaAlias=\"")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <Value>com.sun.identity.federation.accountmgmt.DefaultFSUserProvider</Value>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <Value>com.sun.identity.federation.services.util.FSNameIdentifierImpl</Value>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(IFSConstants.DEFAULT_AUTHNCONTEXT_PASSWORD)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(IFSConstants.DEFAULT_AUTHNCONTEXT_PASSWORD)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append("|key=module|value=DataStore|level=0</Value>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(IFSConstants.AUTO_FEDERATION_ATTRIBUTE)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String spAlias = (String)mapParams.get(MetaTemplateParameters.P_SP);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster buff.append(" <SPDescriptorConfig metaAlias=\"")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(IFSConstants.USE_INTRODUCTION_FOR_IDP_PROXY)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <Value>http://projectliberty.org/profiles/brws-art</Value>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <Value>http://projectliberty.org/profiles/brws-post</Value>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <Value>http://projectliberty.org/profiles/wml-post</Value>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <Value>http://projectliberty.org/profiles/lecp</Value>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <Value>com.sun.identity.federation.accountmgmt.DefaultFSUserProvider</Value>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <Value>com.sun.identity.federation.services.util.FSNameIdentifierImpl</Value>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(IFSConstants.DEFAULT_AUTHNCONTEXT_PASSWORD)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(IFSConstants.DEFAULT_AUTHNCONTEXT_PASSWORD)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(IFSConstants.AUTO_FEDERATION_ATTRIBUTE)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <Value>com.sun.identity.federation.plugins.FSDefaultSPAdapter</Value>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(IFSConstants.FEDERATION_SP_ADAPTER_ENV)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster private static String buildMetaAliasInURI(String alias) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster return "/" + SAML2MetaManager.NAME_META_ALIAS_IN_URI + alias;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster for(Iterator iter = affiMembers.iterator(); iter.hasNext(); ) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster " <AffiliateMember>" + affiMember + "</AffiliateMember>\n");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String affiSX509Cert = IDFFMetaSecurityUtils.buildX509Certificate(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster buff.append(" <KeyDescriptor use=\"signing\">\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster String affiEX509Cert = IDFFMetaSecurityUtils.buildX509Certificate(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster buff.append(" <KeyDescriptor use=\"encryption\">\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster .append(" <EncryptionMethod>http://www.w3.org/2001/04/xmlenc#aes128-cbc</EncryptionMethod>\n")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster private static void buildAffiliationConfigTemplate(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster buff.append(" <AffiliationDescriptorConfig metaAlias=\"")