a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: DefaultIDPAuthnContextMapper.java,v 1.9 2008/11/10 22:57:02 veiming Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Portions Copyrighted 2011 ForgeRock AS
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.AssertionFactory;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.AuthnContext;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Constants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Exception;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Utils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.meta.SAML2MetaException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.meta.SAML2MetaManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.meta.SAML2MetaUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.profile.IDPSSOUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.protocol.AuthnRequest;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.protocol.RequestedAuthnContext;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This class is an out of the box default implementation of interface
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>IDPAuthnContextMapper</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns an <code>IDPAuthnContextInfo</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authnRequest the <code>AuthnRequest</code> from the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Service Provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param idpEntityID the Entity ID of the Identity Provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm the realm to which the Identity Provider belongs
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return an <code>IDPAuthnContextInfo</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2Exception if an error occurs.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public IDPAuthnContextInfo getIDPAuthnContextInfo(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "DefaultIDPAuthnContextMapper.getIDPAuthnContextInfo: ";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Get the ClassRef to AuthnType and Value Map
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster classRefSchemesMap = (Map) IDPCache.classRefSchemesHash.get(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Get the ClassRef to AuthN Level Map
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster classRefLevelMap = (Map) IDPCache.classRefLevelHash.get(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // If one of the Maps above was empty populate them
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (classRefSchemesMap == null || classRefSchemesMap.isEmpty() ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster classRefLevelMap == null || classRefLevelMap.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster classRefSchemesMap = (Map) IDPCache.classRefSchemesHash.get(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster classRefLevelMap = (Map) IDPCache.classRefLevelHash.get(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Look now for the Authn Class Ref that fulfills the request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster RequestedAuthnContext requestedAuthnContext = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster requestedAuthnContext = authnRequest.getRequestedAuthnContext();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster requestedAuthnContext.getAuthnContextClassRef();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String comparison = requestedAuthnContext.getComparison();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator iter1 = requestedClassRefs.iterator();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = classRefSchemesMap.keySet().iterator();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (isAuthnContextMatching(singleClassRef, tmpClassRef,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authnLevel = (Integer)classRefLevelMap.get(tmpClassRef);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authTypeAndValues = (Set) classRefSchemesMap.get(DEFAULT);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster classRef = (String) IDPCache.defaultClassRefHash.get(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authnLevel = (Integer)classRefLevelMap.get(classRef);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster classRef = SAML2Constants.CLASSREF_PASSWORD_PROTECTED_TRANSPORT;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AssertionFactory.getInstance().createAuthnContext();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authnContext.setAuthnContextClassRef(classRef);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPAuthnContextInfo info = new IDPAuthnContextInfo(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "\nreturned AuthnContextClassRef=" + classRef +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns <code>AuthnContext</code> that matches the authenticated level.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authLevel user authenticated level
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm the realm to which the Identity Provider belongs
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param idpEntityID the Entity ID of the Identity Provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>AuthnContext</code> object that matches authenticated
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * level. Return default AuthnContext if authLevel is <code>null</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2Exception if an error occurs.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public AuthnContext getAuthnContextFromAuthLevel(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String authLevel, String realm, String idpEntityID)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster classRefLevelMap = (Map) IDPCache.classRefLevelHash.get(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (classRefLevelMap == null || classRefLevelMap.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster classRefLevelMap = (Map) IDPCache.classRefLevelHash.get(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((authLevel != null) && (authLevel.length() != 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Iterator iter = classRefLevelMap.keySet().iterator();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Integer value = (Integer) classRefLevelMap.get(key);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (value != null && (level == value.intValue())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "DefaultIDPAuthnContextMapper.getAuthnContextFromLevel:"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster classRef = (String)IDPCache.defaultClassRefHash.get(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster classRef = SAML2Constants.CLASSREF_PASSWORD_PROTECTED_TRANSPORT;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "DefaultIDPAuthnContext.getClassRefFromLevel: authLevel=" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AssertionFactory.getInstance().createAuthnContext();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns true if the specified AuthnContextClassRef matches a list of
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * requested AuthnContextClassRef.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param requestedACClassRefs a list of requested AuthnContextClassRef's
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param acClassRef AuthnContextClassRef
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param comparison the type of comparison
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm the realm to which the Identity Provider belongs
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param idpEntityID the Entity ID of the Identity Provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return true if the specified AuthnContextClassRef matches a list of
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * requested AuthnContextClassRef
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public boolean isAuthnContextMatching(List requestedACClassRefs,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String acClassRef, String comparison, String realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster acClassRefLevelMap = (Map) IDPCache.classRefLevelHash.get(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (acClassRefLevelMap == null || acClassRefLevelMap.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster acClassRefLevelMap = (Map) IDPCache.classRefLevelHash.get(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return SAML2Utils.isAuthnContextMatching(requestedACClassRefs,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void updateAuthnContextMapping(String realm, String idpEntityID) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List values = SAML2Utils.getAllAttributeValueFromSSOConfig(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Constants.IDP_AUTHNCONTEXT_CLASSREF_MAPPING);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((values != null) && (values.size() != 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean isDefault = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String value = ((String) values.get(i)).trim();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster value = value.substring(0, value.length()-DEFAULT.length());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster StringTokenizer st = new StringTokenizer(value, "|");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "DefaultIDPAuthnContextMapper." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // this is not a level, but a auth scheme def.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String authTypeAndValue = st.nextToken().trim();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster classRefSchemesMap.put(classRef, authTypeAndValues);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster classRefSchemesMap.put(DEFAULT, authTypeAndValues);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPCache.classRefSchemesHash.put(key, classRefSchemesMap);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPCache.classRefLevelHash.put(key, classRefLevelMap);