a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: DiscoveryBootstrap.java,v 1.4 2008/12/05 00:18:31 exu Exp $
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbings * Portions Copyrighted 2015 ForgeRock AS.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.IFSConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.common.AuthnContext;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.common.EncryptedNameIdentifier;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.common.IDPProvidedNameIdentifier;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.disco.common.DiscoConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.disco.common.DiscoServiceManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.disco.common.DiscoUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.disco.jaxb.ResourceIDType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.disco.jaxb.ResourceOfferingType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.disco.jaxb.ServiceInstanceType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.disco.plugins.jaxb.DiscoEntryElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.disco.ResourceOffering;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.interfaces.ResourceIDMapper;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.security.SessionContext;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.security.SessionSubject;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.Assertion;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.NameIdentifier;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.AssertionFactory;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.Attribute;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.AttributeStatement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.Subject;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.SubjectConfirmation;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.SubjectConfirmationData;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Constants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Exception;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Utils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The class <code>DiscoBootstrap</code> helps in generating the discovery
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * boot strap statement i.e. Discovery Resource Offering as part of the SAML2
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * assertion that is generated during the Single Sign-On. This class checks
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * if there are any credentials that need to be generated for accesing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * discovery service and do the needful.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private AttributeStatement bootstrapStatement = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param session session of the user.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param sub SAML2 Subject.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authnContextClassRef Authentication context class ref
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * that the user is signed-on.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param wscID wsc entity ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm the realm name.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if there is any failure.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public DiscoveryBootstrap(Object session, Subject sub,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String authnContextClassRef, String wscID, String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String offering = getResourceOffering(authnContextClassRef,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AssertionFactory.getInstance().createAttribute();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Constants.DISCOVERY_BOOTSTRAP_ATTRIBUTE_NAME);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Constants.DISCOVERY_BOOTSTRAP_ATTRIBUTE_NAME_FORMAT);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attribute.setAttributeValueString(resourceOfferings);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AssertionFactory.getInstance().createAttributeStatement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster bootstrapStatement.setAttribute(attributeList);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.error("DiscoveryBootstrap.DiscoveryBootstrap: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "while creating discovery bootstrap statement", ex);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Gets the discovery bootstrap resource offering for the user.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Discovery Resource Offering String
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if there's any failure.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private String getResourceOffering(String authnContextClassRef,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Subject subject, String wscID, String realm) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "DiscoveryBootstrap.getResourceOffering:Init");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoServiceManager.getBootstrappingDiscoEntry();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster values = SessionManager.getProvider().getProperty(session,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((values == null) || (values.length == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("missingDiscoOffering"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ResourceOfferingType offering = discoEntry.getResourceOffering();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ServiceInstanceType serviceInstance = offering.getServiceInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String providerID = serviceInstance.getProviderID();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!DiscoServiceManager.useImpliedResource()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster DiscoServiceManager.getResourceIDMapper(providerID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster idMapper = DiscoServiceManager.getDefaultResourceIDMapper();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ResourceIDType resourceID = fac.createResourceIDType();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String resourceIDValue = idMapper.getResourceID(providerID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "DiscoveryBootstrap.getResourceOffering: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster new com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ResourceIDType resourceID = fac.createResourceIDType();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster resourceID.setValue(DiscoConstants.IMPLIED_RESOURCE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (DiscoServiceManager.encryptNIinSessionContext()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPSSODescriptorElement idpSSODesc = SAML2Utils
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .getSAML2MetaManager().getIDPSSODescriptor(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EncInfo encInfo = KeyUtil.getEncInfo(idpSSODesc, wscID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EncryptedNameIdentifier.getEncryptedNameIdentifier(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster convertSPNameID(subject.getNameID()), providerID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AuthnContext authnContext = new AuthnContext(authnContextClassRef,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SessionContext invocatorSession = new SessionContext(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map map = DiscoUtils.checkPolicyAndHandleDirectives(univID, null,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster discoEntryList, null, invocatorSession, wscID, session);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List offerings = (List) map.get(DiscoUtils.OFFERINGS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "DiscoveryBootstrap.getResourceOffering:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "no ResourceOffering");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("missingDiscoOffering"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster assertions = (List) map.get(DiscoUtils.CREDENTIALS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "DiscoveryBootstrap.getResourceOffering: "+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.error("DiscoveryBootstrap.getResourceOffering:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Exception while creating resource offering.", ex);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Gets the bootstrap attribute statement
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return AttributeStatement ResourceOffering AttributeStatement.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public AttributeStatement getBootstrapStatement() {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Gets the credential for discovery boot strap resource offering
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Advice Credential advice
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public Advice getCredentials() throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((assertions != null) && (assertions.size() != 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator iter = assertions.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster assertionStrs.add(assertion.toString(true, true));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster advice = AssertionFactory.getInstance().createAdvice();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static NameIdentifier convertSPNameID(NameID nameId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster nameId.getSPNameQualifier(), nameId.getFormat());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static IDPProvidedNameIdentifier convertIDPNameID(NameID nameId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return new IDPProvidedNameIdentifier(nameId.getValue(),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster nameId.getNameQualifier(), nameId.getFormat());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static com.sun.identity.saml.assertion.SubjectConfirmation
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster convertSC(List subjectConfirmations) throws SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((subjectConfirmations == null) || subjectConfirmations.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (SubjectConfirmation)subjectConfirmations.get(0);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster com.sun.identity.saml.assertion.SubjectConfirmation samlSC =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster new com.sun.identity.saml.assertion.SubjectConfirmation(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster subjectConfirmation.getSubjectConfirmationData();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((content != null) && (!content.isEmpty())) {