NameIDMapping.java revision 449854c2a07b50ea64d9d6a8b03d18d4afeeee43
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: NameIDMapping.java,v 1.6 2009/11/20 21:41:16 exu Exp $
*
* Portions Copyrighted 2013-2015 ForgeRock AS.
*/
/**
* This class provides methods to send or process
* <code>NameIDMappingRequest</code>.
*
* @supported.api
*/
public class NameIDMapping {
static {
try {
metaManager= new SAML2MetaManager();
} catch (SAML2MetaException se) {
"errorMetaManager"), se);
} catch (SessionException sessE) {
}
}
/**
* Parses the request parameters and builds the NameIDMappingRequest to
* sent to remote identity provider.
*
* @param session user session.
* @param realm the realm of hosted entity
* @param spEntityID entity ID of hosted service provider
* @param idpEntityID entity ID of remote idendity provider
* @param targetSPEntityID entity ID of target entity ID of service
* provider
* @param targetNameIDFormat format of target Name ID
* @param paramsMap Map of all other parameters
*
* @return the <code>NameIDMappingResponse</code>
* @throws SAML2Exception if error initiating request to remote entity.
*
* @supported.api
*/
public static NameIDMappingResponse initiateNameIDMappingRequest(
if (spEntityID == null) {
throw new SAML2Exception(
}
if (idpEntityID == null) {
throw new SAML2Exception(
}
try {
} catch (SessionException e) {
"NameIDMapping.createNameIDMappingRequest: ", e);
}
}
throw new SAML2Exception(
}
"NameIDMapping.initiateNameMappingRequest:" +
" IDP EntityID is : " + idpEntityID);
"NameIDMapping.initiateNameMappingRequest:" +
" SP HOST EntityID is : " + spEntityID);
"NameIDMapping.initiateNameMappingRequest:" +
" target SP EntityID is : " + targetSPEntityID);
}
try {
// nameIDMappingService
throw new SAML2Exception(
}
"nimURL");
if (nameIDMappingService != null) {
}
}
"NameIDMapping.initiateNameMappingRequest:" +
" nimURL" + nimURL);
}
throw new SAML2Exception(
}
realm, spEntityID);
} catch (SAML2MetaException sme) {
throw new SAML2Exception(
}
}
public static NameIDMappingResponse processNameIDMappingRequest(
throws SAML2Exception {
if (spEntityID == null) {
throw new SAML2Exception(
}
if (responseID == null) {
}
} else if ((targetSPEntityID == null) ||
} else {
// check if source SP has account fed
// if yes then get nameid of targetSP
realm, idpEntityID);
spEntityID, realm);
}
if (targetNameIDInfo == null) {
} else {
"NameIDMapping.processNameIDMappingRequest: " +
targetSPNameID.toXMLString(true,true));
}
}
}
return nimResponse;
}
static private NameIDMappingRequest createNameIDMappingRequest(
throws SAML2Exception {
"NameIDMapping.createNameIDMappingRequest: User ID : " +
userID);
}
destination));
return nimRequest;
}
static private NameIDMappingResponse doNIMBySOAP(
"NIMRequestXMLString : " + nimRequestXMLString);
"NIMRedirectURL : " + nimURL);
}
try {
true);
} catch (SOAPException se) {
"invalidSOAPMessge"));
}
"NameIDMappingResponse without SOAP envelope:\n" +
nimResponse.toXMLString(true,true));
}
throw new SAML2Exception(
}
return nimResponse;
}
throws SAML2Exception {
"user ID = " + userID);
}
if (!needEncryptIt) {
"NameIDMapping.setNameIDForNIMRequest: " +
"NamID doesn't need to be encrypted.");
}
return;
}
}
/**
* Returns first NameIDMappingService matching specified binding in an
* entity under the realm.
*
* @param realm The realm under which the entity resides.
* @param entityId ID of the entity to be retrieved.
* @param binding bind type need to has to be matched.
* @return <code>ManageNameIDServiceElement</code> for the entity or null
* @throws SAML2MetaException if unable to retrieve the first identity
* provider's SSO configuration.
* @throws SessionException invalid or expired single-sign-on session
*/
static public NameIDMappingServiceElement getNameIDMappingService(
throws SAML2MetaException {
if (idpSSODesc == null) {
return null;
}
}
return nimService;
}
}
}
return null;
}
} else {
}
throw new SAML2Exception(
}
entityID);
return encryptedID;
}
throws SAML2Exception {
"Cert Alias is : " + alias);
"NIMRequest before sign : " +
nimRequest.toXMLString(true, true));
}
if (includeCert) {
}
if (signingKey != null) {
} else {
throw new SAML2Exception(
}
"NIMRequest after sign : " +
nimRequest.toXMLString(true, true));
}
}
throws SAML2Exception {
realm);
alias);
}
} else {
}
if (includeCert) {
}
if (signingKey != null) {
} else {
"Incorrect configuration for Signing Certificate.");
throw new SAML2Exception(
}
}
realm, idpEntityID);
if (!signingCerts.isEmpty()) {
"Signature is : " + valid);
}
return valid;
} else {
}
}
private static NameID getNameID(NameIDMappingRequest nimRequest, String realm, String idpEntityID) {
try {
} catch (SAML2Exception ex) {
}
return null;
}
}
return null;
}
return nameID;
}
}