a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * opensso/legal/CDDLv1.0.txt
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * at opensso/legal/CDDLv1.0.txt.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: SAML2MetaManager.java,v 1.18 2009/10/28 23:58:58 exu Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * Portions Copyrighted 2010-2015 ForgeRock AS.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.saml2.meta;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.ArrayList;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Collection;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.HashSet;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Iterator;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.List;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Map;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Set;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.logging.Level;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport javax.xml.bind.JAXBException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.cot.CircleOfTrustManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.cot.COTConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.cot.COTException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.configuration.ConfigurationManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.configuration.ConfigurationInstance;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.configuration.ConfigurationException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Constants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.AffiliationConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.AttributeAuthorityConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.AttributeQueryConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.AuthnAuthorityConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.AffiliationDescriptorType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.XACMLAuthzDecisionQueryDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.logging.LogUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.debug.Debug;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The <code>SAML2MetaManager</code> provides methods to manage both the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * standard entity descriptor and the extended entity configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class SAML2MetaManager {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static final String ATTR_METADATA = "sun-fm-saml2-metadata";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static final String ATTR_ENTITY_CONFIG =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "sun-fm-saml2-entityconfig";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static final String SUBCONFIG_ID = "EntityDescriptor";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static final int SUBCONFIG_PRIORITY = 0;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static Debug debug = SAML2MetaUtils.debug;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static CircleOfTrustManager cotmStatic;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static ConfigurationInstance configInstStatic;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static final String SAML2 = "SAML2";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private CircleOfTrustManager cotm;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private ConfigurationInstance configInst;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private Object callerSession = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constant used to identify meta alias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String NAME_META_ALIAS_IN_URI = "metaAlias";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster static {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster configInstStatic = ConfigurationManager.getConfigurationInstance(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (ConfigurationException ce) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager constructor:", ce);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (configInstStatic != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster configInstStatic.addListener(new SAML2MetaServiceListener());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (ConfigurationException ce) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SAML2MetaManager.static: Unable to add " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "ConfigurationListener for SAML2COT service.",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ce);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster cotmStatic = new CircleOfTrustManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (COTException se) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager constructor:", se);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor for <code>SAML2MetaManager</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to construct
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>SAML2MetaManager</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public SAML2MetaManager() throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster configInst = configInstStatic;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (configInst == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("null_config", null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster cotm = cotmStatic;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor for <code>SAML2MetaManager</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param callerToken session token for the caller.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to construct
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>SAML2MetaManager</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public SAML2MetaManager(Object callerToken) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster configInst = ConfigurationManager.getConfigurationInstance(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2, callerToken);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster cotm = new CircleOfTrustManager(callerToken);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (ConfigurationException ex) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("null_config", null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (COTException cx) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("null_config", null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster callerSession = callerToken;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the standard metadata entity descriptor under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>EntityDescriptorElement</code> for the entity or null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public EntityDescriptorElement getEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (entityId == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (realm == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm = "/";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] objs = { entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement descriptor = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (callerSession == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster descriptor = SAML2MetaCache.getEntityDescriptor(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (descriptor != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.getEntityDescriptor: got "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "descriptor from SAML2MetaCache " + entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.FINE, LogUtil.GOT_ENTITY_DESCRIPTOR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objs, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return descriptor;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attrs = configInst.getConfiguration(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (attrs == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set values = (Set)attrs.get(ATTR_METADATA);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((values == null) || values.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String value = (String)values.iterator().next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object obj = SAML2MetaUtils.convertStringToJAXB(value);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (obj instanceof EntityDescriptorElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster descriptor = (EntityDescriptorElement)obj;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaCache.putEntityDescriptor(realm, entityId, descriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.getEntityDescriptor: got "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "descriptor from SMS " + entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.FINE, LogUtil.GOT_ENTITY_DESCRIPTOR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objs, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return descriptor;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SAML2MetaManager.getEntityDescriptor: invalid descriptor");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO, LogUtil.GOT_INVALID_ENTITY_DESCRIPTOR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objs, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("invalid_descriptor", objs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (ConfigurationException e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.getEntityDescriptor", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { e.getMessage(), entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.CONFIG_ERROR_GET_ENTITY_DESCRIPTOR, data, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException(e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (JAXBException jaxbe) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.getEntityDescriptor", jaxbe);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO, LogUtil.GOT_INVALID_ENTITY_DESCRIPTOR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objs, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("invalid_descriptor", objs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first service provider's SSO descriptor in an entity under the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>SPSSODescriptorElement</code> for the entity or null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the first service
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * provider's SSO descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public SPSSODescriptorElement getSPSSODescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement eDescriptor = getEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return SAML2MetaUtils.getSPSSODescriptor(eDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns attribute authority descriptor in an entity under the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return an <code>AttributeAuthorityDescriptorElement</code> object for
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the entity or null if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve attribute authority
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public AttributeAuthorityDescriptorElement
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getAttributeAuthorityDescriptor(String realm, String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement eDescriptor = getEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return SAML2MetaUtils.getAttributeAuthorityDescriptor(eDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns attribute query descriptor in an entity under the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return an <code>AttributeQueryDescriptorElement</code> object for
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the entity or null if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve attribute query
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public AttributeQueryDescriptorElement
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getAttributeQueryDescriptor(String realm, String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement eDescriptor = getEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return SAML2MetaUtils.getAttributeQueryDescriptor(eDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns authentication authority descriptor in an entity under the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return an <code>AuthnAuthorityDescriptorElement</code> object for
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the entity or null if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve authentication
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * authority descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public AuthnAuthorityDescriptorElement getAuthnAuthorityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm, String entityId) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement eDescriptor = getEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return SAML2MetaUtils.getAuthnAuthorityDescriptor(eDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first policy decision point descriptor in an entity under the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return policy decision point descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public XACMLPDPDescriptorElement getPolicyDecisionPointDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm, String entityId
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement eDescriptor = getEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return SAML2MetaUtils.getPolicyDecisionPointDescriptor(eDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first policy enforcement point descriptor in an entity under the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return policy enforcement point descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public XACMLAuthzDecisionQueryDescriptorElement
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getPolicyEnforcementPointDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm, String entityId
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement eDescriptor = getEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return SAML2MetaUtils.getPolicyEnforcementPointDescriptor(eDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first identity provider's SSO descriptor in an entity under the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>IDPSSODescriptorElement</code> for the entity or null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the first identity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * provider's SSO descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public IDPSSODescriptorElement getIDPSSODescriptor(String realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement eDescriptor = getEntityDescriptor(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return SAML2MetaUtils.getIDPSSODescriptor(eDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns affiliation descriptor in an entity under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>AffiliationDescriptorType</code> for the entity or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * null if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the affiliation
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public AffiliationDescriptorType getAffiliationDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement eDescriptor = getEntityDescriptor(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return (eDescriptor == null ? null :
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster eDescriptor.getAffiliationDescriptor());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the standard metadata entity descriptor under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param descriptor The standard entity descriptor object to be set.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to set the entity descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement descriptor)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId = descriptor.getEntityID();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (entityId == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SAML2MetaManager.setEntityDescriptor: entity ID is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.NO_ENTITY_ID_SET_ENTITY_DESCRIPTOR, data, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("empty_entityid", null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (realm == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm = "/";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] objs = { entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attrs = SAML2MetaUtils.convertJAXBToAttrMap(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ATTR_METADATA, descriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map oldAttrs = configInst.getConfiguration(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster oldAttrs.put(ATTR_METADATA, attrs.get(ATTR_METADATA));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster configInst.setConfiguration(realm, entityId, oldAttrs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaCache.putEntityDescriptor(realm, entityId, descriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.setEntityDescriptor: saved "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "entity descriptor for " + entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.INFO, LogUtil.SET_ENTITY_DESCRIPTOR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objs, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (ConfigurationException e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.setEntityDescriptor:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { e.getMessage(), entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.CONFIG_ERROR_SET_ENTITY_DESCRIPTOR, data, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException(e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (JAXBException jaxbe) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.setEntityDescriptor:", jaxbe);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO, LogUtil.SET_INVALID_ENTITY_DESCRIPTOR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objs, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("invalid_descriptor", objs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Creates the standard metadata entity descriptor under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity descriptor will be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * created.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param descriptor The standard entity descriptor object to be created.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to create the entity descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void createEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement descriptor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.createEntityDescriptor: called.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster createEntity(realm, descriptor, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Creates the standard and extended metadata under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity descriptor will be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * created.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param descriptor The standard entity descriptor object to be created.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param config The extended entity config object to be created.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to create the entity.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void createEntity(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement descriptor,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement config
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.createEntity: called.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((descriptor == null) && (config == null)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SAML2metaManager.createEntity: no meta to import.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (descriptor != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster entityId = descriptor.getEntityID();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster entityId = config.getEntityID();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (realm == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm = "/";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (entityId == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SAML2MetaManager.createEntity: entity ID is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.NO_ENTITY_ID_CREATE_ENTITY_DESCRIPTOR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster data, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("empty_entityid", null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.createEntity: realm="
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + realm + ", entityId=" + entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] objs = { entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement oldDescriptor = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement oldConfig = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean isCreate = true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map newAttrs = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map oldAttrs = configInst.getConfiguration(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (oldAttrs != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // get the entity descriptor if any
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set values = (Set)oldAttrs.get(ATTR_METADATA);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((values != null) && !values.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String value = (String)values.iterator().next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object obj = SAML2MetaUtils.convertStringToJAXB(value);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (obj instanceof EntityDescriptorElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster oldDescriptor = (EntityDescriptorElement)obj;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.createEntity: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "got descriptor from SMS " + entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // get the entity config if any
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster values = (Set)oldAttrs.get(ATTR_ENTITY_CONFIG);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((values != null) && !values.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String value = (String)values.iterator().next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object obj = SAML2MetaUtils.convertStringToJAXB(value);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (obj instanceof EntityConfigElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster oldConfig = (EntityConfigElement)obj;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.createEntity: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "got entity config from SMS " + entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (oldDescriptor != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (descriptor != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List currentRoles = oldDescriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set currentRolesTypes = getEntityRolesTypes(currentRoles);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List newRoles = descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator i = newRoles.iterator(); i.hasNext(); ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object role = i.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (currentRolesTypes.contains(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster role.getClass().getName()))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.createEntity: current"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " descriptor contains role "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + role.getClass().getName()
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " already");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = {entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.SET_ENTITY_DESCRIPTOR, data, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] param = {entityId};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("role_already_exists",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster param);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster currentRoles.add(role);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attrs = SAML2MetaUtils.convertJAXBToAttrMap(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ATTR_METADATA, oldDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster oldAttrs.put(ATTR_METADATA, attrs.get(ATTR_METADATA));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster isCreate = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (descriptor != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster newAttrs = SAML2MetaUtils.convertJAXBToAttrMap(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ATTR_METADATA, descriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (config != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((oldDescriptor == null) && (descriptor == null)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.createEntity: entity "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "descriptor is null: " + entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.NO_ENTITY_DESCRIPTOR_CREATE_ENTITY_CONFIG, objs,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("entity_descriptor_not_exist",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (oldConfig != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List currentRoles = oldConfig.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set currentRolesTypes = getEntityRolesTypes(currentRoles);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List newRoles = config.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator i = newRoles.iterator(); i.hasNext(); ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object role = i.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (currentRolesTypes.contains(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster role.getClass().getName()))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.createEntity: current"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " entity config contains role "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + role.getClass().getName()
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " already");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = {entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.SET_ENTITY_CONFIG, data, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] param = {entityId};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("role_already_exists",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster param);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster currentRoles.add(role);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attrs = SAML2MetaUtils.convertJAXBToAttrMap(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ATTR_ENTITY_CONFIG, oldConfig);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster oldAttrs.put(ATTR_ENTITY_CONFIG,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrs.get(ATTR_ENTITY_CONFIG));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster isCreate = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attrs = SAML2MetaUtils.convertJAXBToAttrMap(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ATTR_ENTITY_CONFIG, config);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (oldAttrs != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster oldAttrs.put(ATTR_ENTITY_CONFIG,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrs.get(ATTR_ENTITY_CONFIG));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster isCreate = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (newAttrs != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster newAttrs.put(ATTR_ENTITY_CONFIG,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrs.get(ATTR_ENTITY_CONFIG));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (isCreate) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster configInst.createConfiguration(realm, entityId, newAttrs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (descriptor != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaCache.putEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm, entityId, descriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.ENTITY_DESCRIPTOR_CREATED, objs, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (config != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.ENTITY_CONFIG_CREATED, objs, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Add the entity to cot
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (config != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaCache.putEntityConfig(realm, entityId, config);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster addToCircleOfTrust(realm, entityId, config);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster configInst.setConfiguration(realm, entityId, oldAttrs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (descriptor != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.SET_ENTITY_DESCRIPTOR, objs, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaCache.putEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm, entityId, oldDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (config != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.SET_ENTITY_CONFIG, objs, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (oldConfig != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaCache.putEntityConfig(realm, entityId, oldConfig);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (config != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaCache.putEntityConfig(realm, entityId, config);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster addToCircleOfTrust(realm, entityId, config);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (ConfigurationException e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.createEntity:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { e.getMessage(), entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.CONFIG_ERROR_CREATE_ENTITY_DESCRIPTOR, data, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException(e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (JAXBException jaxbe) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.createEntity:", jaxbe);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.CREATE_INVALID_ENTITY_DESCRIPTOR, objs, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("invalid_descriptor", objs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static Set getEntityRolesTypes(Collection roles) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set types = new HashSet();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator i = roles.iterator(); i.hasNext(); ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object o = i.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster types.add(o.getClass().getName());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return types;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Deletes the standard metadata entity descriptor under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId The ID of the entity for whom the standard entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * descriptor will be deleted.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to delete the entity descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void deleteEntityDescriptor(String realm, String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (entityId == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (realm == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm = "/";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] objs = { entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Remove the entity from cot
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster removeFromCircleOfTrust(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // end of remove entity from cot
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster configInst.deleteConfiguration(realm, entityId, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.ENTITY_DESCRIPTOR_DELETED,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objs,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaCache.putEntityDescriptor(realm, entityId, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (ConfigurationException e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.deleteEntityDescriptor:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { e.getMessage(), entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.CONFIG_ERROR_DELETE_ENTITY_DESCRIPTOR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster data,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException(e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns extended entity configuration under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>EntityConfigElement</code> object for the entity or null
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public EntityConfigElement getEntityConfig(String realm, String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (entityId == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (realm == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm = "/";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] objs = { entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement config = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (callerSession == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster config = SAML2MetaCache.getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (config != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.getEntityConfig: got entity"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " config from SAML2MetaCache: " + entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.FINE,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.GOT_ENTITY_CONFIG,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objs,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return config;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attrs = configInst.getConfiguration(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (attrs == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set values = (Set)attrs.get(ATTR_ENTITY_CONFIG);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (values == null || values.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String value = (String)values.iterator().next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object obj = SAML2MetaUtils.convertStringToJAXB(value);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (obj instanceof EntityConfigElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster config = (EntityConfigElement)obj;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.getEntityConfig: got "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "entity config from SMS: " + entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaCache.putEntityConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm, entityId, config);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.FINE,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.GOT_ENTITY_CONFIG,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objs,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return config;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.getEntityConfig: invalid config");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.GOT_INVALID_ENTITY_CONFIG,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objs,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("invalid_config", objs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (ConfigurationException e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.getEntityConfig:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { e.getMessage(), entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.CONFIG_ERROR_GET_ENTITY_CONFIG,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster data,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException(e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (JAXBException jaxbe) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.getEntityConfig:", jaxbe);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.GOT_INVALID_ENTITY_CONFIG,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objs,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("invalid_config", objs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first service provider's SSO configuration in an entity under
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>SPSSOConfigElement</code> for the entity or null if not
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the first service
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * provider's SSO configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public SPSSOConfigElement getSPSSOConfig(String realm, String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement eConfig = getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (eConfig == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List list =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = list.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object obj = iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (obj instanceof SPSSOConfigElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return (SPSSOConfigElement)obj;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first policy decision point configuration in an entity under
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return policy decision point configuration or null if it is not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public XACMLPDPConfigElement getPolicyDecisionPointConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm, String entityId
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XACMLPDPConfigElement elm = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement eConfig = getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (eConfig != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List list =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator i = list.iterator(); i.hasNext() && (elm == null);) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object obj = i.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (obj instanceof XACMLPDPConfigElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster elm = (XACMLPDPConfigElement)obj;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return elm;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first policy enforcement point configuration in an entity under
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return policy decision point configuration or null if it is not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public XACMLAuthzDecisionQueryConfigElement getPolicyEnforcementPointConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm, String entityId
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XACMLAuthzDecisionQueryConfigElement elm = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement eConfig = getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (eConfig != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List list =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator i = list.iterator(); i.hasNext() && (elm == null);) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object obj = i.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (obj instanceof XACMLAuthzDecisionQueryConfigElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster elm = (XACMLAuthzDecisionQueryConfigElement)obj;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return elm;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first identity provider's SSO configuration in an entity under
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>IDPSSOConfigElement</code> for the entity or null if not
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the first identity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * provider's SSO configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public IDPSSOConfigElement getIDPSSOConfig(String realm, String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement eConfig = getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (eConfig == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List list =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = list.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object obj = iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (obj instanceof IDPSSOConfigElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return (IDPSSOConfigElement)obj;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first attribute authority configuration in an entity under
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>AttributeAuthorityConfigElement</code> for the entity or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * null if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the first attribute
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * authority configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public AttributeAuthorityConfigElement getAttributeAuthorityConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm, String entityId) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement eConfig = getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (eConfig == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List list =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = list.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object obj = iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (obj instanceof AttributeAuthorityConfigElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return (AttributeAuthorityConfigElement)obj;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first attribute query configuration in an entity under
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>AttributeQueryConfigElement</code> for the entity or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * null if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the first attribute
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * query configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public AttributeQueryConfigElement getAttributeQueryConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm, String entityId) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement eConfig = getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (eConfig == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List list =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = list.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object obj = iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (obj instanceof AttributeQueryConfigElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return (AttributeQueryConfigElement)obj;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first authentication authority configuration in an entity under
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>AuthnAuthorityConfigElement</code> for the entity or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * null if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the first authentication
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * authority configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public AuthnAuthorityConfigElement getAuthnAuthorityConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm, String entityId) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement eConfig = getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (eConfig == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List list =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = list.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object obj = iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (obj instanceof AuthnAuthorityConfigElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return (AuthnAuthorityConfigElement)obj;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns affiliation configuration in an entity under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>AffiliationConfigElement</code> for the entity or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * null if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the affiliation
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public AffiliationConfigElement getAffiliationConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm, String entityId) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement eConfig = getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (eConfig == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return (AffiliationConfigElement)eConfig.getAffiliationConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the extended entity configuration under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param config The extended entity configuration object to be set.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to set the entity configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setEntityConfig(String realm, EntityConfigElement config)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId = config.getEntityID();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (entityId == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.setEntityConfig: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "entity ID is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.NO_ENTITY_ID_SET_ENTITY_CONFIG,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster data,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("empty_entityid", null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (realm == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm = "/";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] objs = { entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attrs = SAML2MetaUtils.convertJAXBToAttrMap(ATTR_ENTITY_CONFIG,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster config);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map oldAttrs = configInst.getConfiguration(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster oldAttrs.put(ATTR_ENTITY_CONFIG, attrs.get(ATTR_ENTITY_CONFIG));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster configInst.setConfiguration(realm, entityId, oldAttrs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaCache.putEntityConfig(realm, entityId, config);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.setEntityConfig: saved "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "entity config for " + entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.SET_ENTITY_CONFIG,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objs,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (ConfigurationException e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.setEntityConfig:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { e.getMessage(), entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.CONFIG_ERROR_SET_ENTITY_CONFIG,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster data,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException(e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (JAXBException jaxbe) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.setEntityConfig:", jaxbe);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.SET_INVALID_ENTITY_CONFIG,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objs,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("invalid_config", objs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Creates the extended entity configuration under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity configuration will be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * created.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param config The extended entity configuration object to be created.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to create the entity configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void createEntityConfig(String realm, EntityConfigElement config)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.creatEntityConfig: called.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster createEntity(realm, null, config);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void addToCircleOfTrust(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm, String entityId, EntityConfigElement eConfig)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (eConfig != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List elist = eConfig.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // use first one to add the entity to COT
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster BaseConfigType config = (BaseConfigType)elist.iterator().next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attr = SAML2MetaUtils.getAttributes(config);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List cotAttr = (List) attr.get(SAML2Constants.COT_LIST);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List cotList = new ArrayList(cotAttr);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((cotList != null) && !cotList.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator iter = cotList.iterator();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String cotName = ((String) iter.next()).trim();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((cotName != null) && (!cotName.equals(""))) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster cotm.addCircleOfTrustMember(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster cotName, COTConstants.SAML2, entityId, false);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (Exception e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.addToCircleOfTrust:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Error while adding entity" + entityId + "to COT.",e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Deletes the extended entity configuration under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId The ID of the entity for whom the extended entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * configuration will be deleted.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to delete the entity descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void deleteEntityConfig(String realm, String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (entityId == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (realm == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm = "/";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] objs = { entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map oldAttrs = configInst.getConfiguration(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set oldValues = (Set)oldAttrs.get(ATTR_ENTITY_CONFIG);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (oldValues == null || oldValues.isEmpty() ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.NO_ENTITY_DESCRIPTOR_DELETE_ENTITY_CONFIG,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objs,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("entity_config_not_exist", objs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Remove the entity from cot
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster removeFromCircleOfTrust(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set attr = new HashSet();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attr.add(ATTR_ENTITY_CONFIG);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster configInst.deleteConfiguration(realm, entityId, attr);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.ENTITY_CONFIG_DELETED,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objs,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaCache.putEntityConfig(realm, entityId, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (ConfigurationException e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.deleteEntityConfig:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { e.getMessage(), entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.CONFIG_ERROR_DELETE_ENTITY_CONFIG,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster data,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException(e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void removeFromCircleOfTrust(String realm, String entityId) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement eConfig = getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean isAffiliation = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (getAffiliationDescriptor(realm, entityId) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster isAffiliation = true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.removeFromCircleOfTrust is "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + entityId + " in realm " + realm
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " an affiliation? " + isAffiliation);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (eConfig != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List elist = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (isAffiliation) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AffiliationConfigElement affiliationCfgElm =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getAffiliationConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster elist = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster elist.add(affiliationCfgElm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster elist = eConfig.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // use first one to delete the entity from COT
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster BaseConfigType config = (BaseConfigType)elist.iterator().next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attr = SAML2MetaUtils.getAttributes(config);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List cotAttr = (List) attr.get(SAML2Constants.COT_LIST);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List cotList = new ArrayList(cotAttr);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((cotList != null) && !cotList.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator iter = cotList.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String cotName = ((String) iter.next()).trim();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((cotName != null) && (!cotName.equals(""))) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster cotm.removeCircleOfTrustMember(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster cotName, COTConstants.SAML2, entityId, false);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (Exception e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.removeFromCircleOfTrust:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Error while removing entity" + entityId + "from COT.",e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all hosted entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the hosted entities reside.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a <code>List</code> of entity ID <code>String</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllHostedEntities(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedEntityIds = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set entityIds = configInst.getAllConfigurationNames(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (entityIds != null && !entityIds.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = entityIds.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId = (String)iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement config =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (config != null && config.isHosted()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedEntityIds.add(entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (ConfigurationException e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.getAllHostedEntities:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { e.getMessage(), realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.CONFIG_ERROR_GET_ALL_HOSTED_ENTITIES,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster data,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException(e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] objs = { realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.FINE,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.GOT_ALL_HOSTED_ENTITIES,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objs,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return hostedEntityIds;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all hosted service provider entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the hosted service provider entities
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * reside.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a <code>List</code> of entity ID <code>String</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllHostedServiceProviderEntities(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedSPEntityIds = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedEntityIds = getAllHostedEntities(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = hostedEntityIds.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId = (String)iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (getSPSSODescriptor(realm, entityId) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedSPEntityIds.add(entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return hostedSPEntityIds;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all hosted policy decision point entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the hosted policy decision point
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * entities reside.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a list of entity ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllHostedPolicyDecisionPointEntities(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return getHostedPolicyDecisionPointEntities(realm, true);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all remote policy decision point entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the remote policy decision point
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * entities reside.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a list of entity ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllRemotePolicyDecisionPointEntities(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return getHostedPolicyDecisionPointEntities(realm, false);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private List getHostedPolicyDecisionPointEntities(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean hosted
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedPDPEntityIds = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedEntityIds = (hosted) ? getAllHostedEntities(realm) :
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getAllRemoteEntities(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator i = hostedEntityIds.iterator(); i.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId = (String)i.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (getPolicyDecisionPointDescriptor(realm, entityId) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedPDPEntityIds.add(entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return hostedPDPEntityIds;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all hosted policy enforcement point entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the hosted policy enforcement point
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * entities reside.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a list of entity ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllHostedPolicyEnforcementPointEntities(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return getAllPolicyEnforcementPointEntities(realm, true);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all remote policy enforcement point entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the remote policy enforcement point
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * entities reside.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a list of entity ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllRemotePolicyEnforcementPointEntities(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return getAllPolicyEnforcementPointEntities(realm, false);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private List getAllPolicyEnforcementPointEntities(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean hosted
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedPEPEntityIds = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedEntityIds = (hosted) ? getAllHostedEntities(realm) :
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getAllRemoteEntities(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator i = hostedEntityIds.iterator(); i.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId = (String)i.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (getPolicyEnforcementPointDescriptor(realm, entityId) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedPEPEntityIds.add(entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return hostedPEPEntityIds;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all hosted identity provider entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the hosted identity provider entities
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * reside.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a <code>List</code> of entity ID <code>String</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllHostedIdentityProviderEntities(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedIDPEntityIds = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedEntityIds = getAllHostedEntities(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = hostedEntityIds.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId = (String)iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (getIDPSSODescriptor(realm, entityId) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedIDPEntityIds.add(entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return hostedIDPEntityIds;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all remote entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the hosted entities reside.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a <code>List</code> of entity ID <code>String</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllRemoteEntities(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List remoteEntityIds = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] objs = { realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set entityIds = configInst.getAllConfigurationNames(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (entityIds != null && !entityIds.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = entityIds.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId = (String)iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement config =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (config == null || !config.isHosted()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster remoteEntityIds.add(entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (ConfigurationException e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.getAllRemoteEntities:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { e.getMessage(), realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.CONFIG_ERROR_GET_ALL_REMOTE_ENTITIES,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster data,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException(e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.FINE,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.GOT_ALL_REMOTE_ENTITIES,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objs,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return remoteEntityIds;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all remote service provider entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the remote service provider entities
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * reside.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a <code>List</code> of entity ID <code>String</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllRemoteServiceProviderEntities(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List remoteSPEntityIds = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List remoteEntityIds = getAllRemoteEntities(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = remoteEntityIds.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId = (String)iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (getSPSSODescriptor(realm, entityId) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster remoteSPEntityIds.add(entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return remoteSPEntityIds;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all remote identity provider entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the remote identity provider entities
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * reside.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a <code>List</code> of entity ID <code>String</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllRemoteIdentityProviderEntities(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List remoteIDPEntityIds = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List remoteEntityIds = getAllRemoteEntities(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = remoteEntityIds.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId = (String)iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (getIDPSSODescriptor(realm, entityId) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster remoteIDPEntityIds.add(entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return remoteIDPEntityIds;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns entity ID associated with the metaAlias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias The metaAlias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return entity ID associated with the metaAlias or null if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String getEntityByMetaAlias(String metaAlias)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set entityIds = configInst.getAllConfigurationNames(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (entityIds == null || entityIds.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator iter = entityIds.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId = (String)iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement config = getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((config == null) || !config.isHosted()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster continue;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List list =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster config.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter2 = list.iterator(); iter2.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster BaseConfigType bConfig = (BaseConfigType)iter2.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String cMetaAlias = bConfig.getMetaAlias();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (cMetaAlias != null && cMetaAlias.equals(metaAlias)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return entityId;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (ConfigurationException e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.getEntityByMetaAlias:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException(e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas /**
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * Returns all the hosted entity metaAliases for a realm.
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas *
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * @param realm The given realm.
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * @return all the hosted entity metaAliases for a realm or an empty arrayList if not found.
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * @throws SAML2MetaException if unable to retrieve the entity ids.
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas */
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas public List<String> getAllHostedMetaAliasesByRealm(String realm) throws SAML2MetaException {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas List<String> metaAliases = new ArrayList<String>();
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas try {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas Set<String> entityIds = configInst.getAllConfigurationNames(realm);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas if (entityIds == null || entityIds.isEmpty()) {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas return metaAliases;
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas }
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas for (String entityId : entityIds) {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas EntityConfigElement config = getEntityConfig(realm, entityId);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas if (config == null || !config.isHosted()) {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas continue;
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas }
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas List<BaseConfigType> configList = config.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas for (BaseConfigType bConfigType : configList) {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas String curMetaAlias = bConfigType.getMetaAlias();
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas if (curMetaAlias != null && !curMetaAlias.isEmpty()) {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas metaAliases.add(curMetaAlias);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas }
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas }
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas }
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas } catch (ConfigurationException e) {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas debug.error("SAML2MetaManager.getAllHostedMetaAliasesByRealm:", e);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas throw new SAML2MetaException(e);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas }
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas return metaAliases;
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas }
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns role of an entity based on its metaAlias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias Meta alias of the entity.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return role of an entity either <code>SAML2Constants.IDP_ROLE</code>; or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>SAML2Constants.SP_ROLE</code> or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>SAML2Constants.UNKNOWN_ROLE</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if there are issues in getting the entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * profile from the meta alias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String getRoleByMetaAlias(String metaAlias)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String role = SAML2Constants.UNKNOWN_ROLE;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId = getEntityByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (entityId != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPSSOConfigElement idpConfig = getIDPSSOConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SPSSOConfigElement spConfig = getSPSSOConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XACMLPDPConfigElement pdpConfig = getPolicyDecisionPointConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XACMLAuthzDecisionQueryConfigElement pepConfig =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getPolicyEnforcementPointConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (idpConfig != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String m = idpConfig.getMetaAlias();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((m != null) && m.equals(metaAlias)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster role = SAML2Constants.IDP_ROLE;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (spConfig != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String m = spConfig.getMetaAlias();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((m != null) && m.equals(metaAlias)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster role = SAML2Constants.SP_ROLE;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (pdpConfig != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String m = pdpConfig.getMetaAlias();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((m != null) && m.equals(metaAlias)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster role = SAML2Constants.PDP_ROLE;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (pepConfig != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String m = pepConfig.getMetaAlias();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((m != null) && m.equals(metaAlias)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster role = SAML2Constants.PEP_ROLE;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return role;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * Returns metaAliases of all hosted identity providers under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the identity provider metaAliases
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * reside.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a <code>List</code> of metaAliases <code>String</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve meta aliases.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllHostedIdentityProviderMetaAliases(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List metaAliases = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPSSOConfigElement idpConfig = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedEntityIds = getAllHostedIdentityProviderEntities(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = hostedEntityIds.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId = (String)iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((idpConfig = getIDPSSOConfig(realm, entityId)) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaAliases.add(idpConfig.getMetaAlias());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return metaAliases;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * Returns metaAliases of all hosted service providers under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the service provider metaAliases
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * reside.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a <code>List</code> of metaAliases <code>String</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve meta aliases.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllHostedServiceProviderMetaAliases(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List metaAliases = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SPSSOConfigElement spConfig = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedEntityIds = getAllHostedServiceProviderEntities(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = hostedEntityIds.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId = (String)iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((spConfig = getSPSSOConfig(realm, entityId)) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaAliases.add(spConfig.getMetaAlias());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return metaAliases;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns meta aliases of all hosted policy decision point under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the policy decision point resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return list of meta aliases
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve meta aliases.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllHostedPolicyDecisionPointMetaAliases(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List metaAliases = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedEntityIds = getAllHostedPolicyDecisionPointEntities(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator i = hostedEntityIds.iterator(); i.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId = (String)i.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XACMLPDPConfigElement elm = getPolicyDecisionPointConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (elm != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaAliases.add(elm.getMetaAlias());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return metaAliases;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns meta aliases of all hosted policy enforcement point under the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the policy enforcement point resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return list of meta aliases
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve meta aliases.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllHostedPolicyEnforcementPointMetaAliases(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List metaAliases = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedEntityIds = getAllHostedPolicyEnforcementPointEntities(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator i = hostedEntityIds.iterator(); i.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId = (String)i.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XACMLAuthzDecisionQueryConfigElement elm =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getPolicyEnforcementPointConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (elm != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaAliases.add(elm.getMetaAlias());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return metaAliases;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Determines whether two entities are in the same circle of trust
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId The ID of the entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param trustedEntityId The ID of the entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to determine the trusted
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * relationship.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public boolean isTrustedProvider(String realm, String entityId,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String trustedEntityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean result=false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SPSSOConfigElement spconfig = getSPSSOConfig(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (spconfig != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster result = isSameCircleOfTrust(spconfig, realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster trustedEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (result) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPSSOConfigElement idpconfig = getIDPSSOConfig(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (idpconfig !=null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return (isSameCircleOfTrust(idpconfig, realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster trustedEntityId));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Determines whether two entities are in the same circle of trust
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * under the realm. Returns true if entities are in same
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * circle of trust. The entity can be a PDP or a PEP. If an entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * role other then PEP or PDP is specified then a false will be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * returned.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId the hosted entity Identifier (PEP or PDP).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param trustedEntityId the remote entity identifier (PEP or PDP).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param role the role of the hosted entity.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to determine the trusted
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * relationship.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public boolean isTrustedXACMLProvider(String realm, String entityId,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String trustedEntityId,String role)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean result=false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (role != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (role.equals(SAML2Constants.PDP_ROLE)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XACMLPDPConfigElement pdpConfig =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getPolicyDecisionPointConfig(realm,entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (pdpConfig != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster result = isSameCircleOfTrust(pdpConfig,realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster trustedEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (role.equals(SAML2Constants.PEP_ROLE)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XACMLAuthzDecisionQueryConfigElement pepConfig =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getPolicyEnforcementPointConfig(realm,entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster result = isSameCircleOfTrust(pepConfig,realm,trustedEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return result;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private boolean isSameCircleOfTrust(BaseConfigType config, String realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String trustedEntityId) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (config != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attr = SAML2MetaUtils.getAttributes(config);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List cotList = (List) attr.get(SAML2Constants.COT_LIST);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((cotList != null) && !cotList.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator iter = cotList.iterator();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String a = (String) iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (cotm.isInCircleOfTrust(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster a, COTConstants.SAML2, trustedEntityId)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (Exception e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.isSameCircleOfTrust: Error" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " while determining two entities are in the same COT.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entities reside.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a <code>Set</code> of entity ID <code>String</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public Set getAllEntities(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set ret = new HashSet();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] objs = { realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set entityIds = configInst.getAllConfigurationNames(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (entityIds != null && !entityIds.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ret.addAll(entityIds);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (ConfigurationException e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.getAllEntities:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { e.getMessage(), realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.CONFIG_ERROR_GET_ALL_ENTITIES,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster data,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException(e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.FINE,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.GOT_ALL_ENTITIES,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster objs,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return ret;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas /**
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * Checks that the provided metaAliases are valid for a new hosted entity in the specified realm.
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * Will verify that the metaAliases do not already exist in the realm and that no duplicates are provided.
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas *
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * @param realm The realm in which we are validating the metaAliases.
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * @param newMetaAliases values we are using to create the new metaAliases.
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * @throws SAML2MetaException if duplicate values found.
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas */
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas public void validateMetaAliasForNewEntity(String realm, List<String> newMetaAliases) throws SAML2MetaException {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas if (null != newMetaAliases && !newMetaAliases.isEmpty()) {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas if (newMetaAliases.size() > 1) {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas Set checkForDuplicates = new HashSet<String>(newMetaAliases);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas if (checkForDuplicates.size() < newMetaAliases.size()) {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas debug.error("SAML2MetaManager.validateMetaAliasForNewEntity:Duplicate" +
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas " metaAlias values provided in list:\n"
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas + newMetaAliases);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas String[] data = { newMetaAliases.toString() };
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas throw new SAML2MetaException("meta_alias_duplicate", data);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas }
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas }
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas List<String> allRealmMetaAliaes = getAllHostedMetaAliasesByRealm(realm);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas // only check if we have existing aliases
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas if (!allRealmMetaAliaes.isEmpty()) {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas List<String> duplicateMetaAliases = new ArrayList<String>();
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas for (String metaAlias : newMetaAliases) {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas if (allRealmMetaAliaes.contains(metaAlias)) {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas duplicateMetaAliases.add(metaAlias);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas }
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas }
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas if (!duplicateMetaAliases.isEmpty()) {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas StringBuilder sb = new StringBuilder();
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas for (String value : duplicateMetaAliases) {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas sb.append(value);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas sb.append("\t");
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas }
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas debug.error("SAML2MetaManager.validateMetaAliasForNewEntity: metaAliases " + sb.toString()
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas + " already exists in the realm: " + realm);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas String[] data = { sb.toString(), realm };
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas throw new SAML2MetaException("meta_alias_exists", data);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas }
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas }
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas }
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster}