RestSTSModelImpl.java revision 35579419d6433dcf5ed882de02c6eb1739749733
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmek * The contents of this file are subject to the terms of the Common Development and
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmek * Distribution License (the License). You may not use this file except in compliance with the
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmek * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmek * specific language governing permission and limitations under the License.
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmek * When distributing Covered Software, include this CDDL Header Notice in each file and include
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmek * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmek * Header, with the fields enclosed by brackets [] replaced by your own identifying
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmek * information: "Portions Copyrighted [year] [name of copyright owner]".
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmek * Copyright 2014 ForgeRock AS. All rights reserved.
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmekpackage com.sun.identity.console.reststs.model;
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmekimport com.iplanet.sso.SSOException;
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmekimport com.sun.identity.common.HttpURLConnectionManager;
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmekimport com.sun.identity.console.base.model.AMAdminConstants;
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmekimport com.sun.identity.console.base.model.AMConsoleException;
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmekimport com.sun.identity.console.base.model.AMServiceProfileModelImpl;
07630cea1f3a845c09309f197ac7c4f11edd3b62Lennart Poetteringimport com.sun.identity.console.base.model.AMSystemConfig;
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmekimport com.sun.identity.shared.Constants;
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmekimport com.sun.identity.shared.configuration.SystemPropertiesManager;
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmekimport com.sun.identity.shared.datastruct.CollectionHelper;
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmekimport com.sun.identity.sm.SMSException;
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmekimport com.sun.identity.sm.ServiceConfigManager;
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmekimport org.forgerock.json.fluent.JsonValue;
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmekimport org.forgerock.openam.shared.sts.SharedSTSConstants;
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmekimport org.forgerock.openam.utils.CollectionUtils;
787784c4c1b24a13207d18b415d60483cfbdeaa3Ronny Chevalierimport javax.servlet.http.HttpServletRequest;
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmekimport java.io.OutputStreamWriter;
e88baee88fad8bc59d33b55a7a2d640ef9e16cd6Zbigniew Jędrzejewski-Szmekimport java.net.HttpURLConnection;
* This class extends the AMServiceProfileModelImpl because this class provides functionality for reading values corresponding
} catch (SMSException e) {
throw new AMConsoleException(e);
} catch (SSOException e) {
throw new AMConsoleException(e);
} catch (IOException e) {
throw new AMConsoleException(e);
public RestSTSModelResponse createInstance(Map<String, Set<String>> configurationState, String realm) throws AMConsoleException {
} catch (IOException e) {
throw new AMConsoleException(e);
public RestSTSModelResponse updateInstance(Map<String, Set<String>> configurationState, String realm, String instanceName) throws AMConsoleException {
} catch (IOException e) {
throw new AMConsoleException(e);
public Map<String, Set<String>> getInstanceState(String realm, String instanceName) throws AMConsoleException {
} catch (SMSException e) {
throw new AMConsoleException(e);
} catch (SSOException e) {
throw new AMConsoleException(e);
public RestSTSModelResponse validateConfigurationState(Map<String, Set<String>> configurationState) {
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.validation.token.lifetime.message"));
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.validation.deployment.url.message"));
String urlElement = configurationState.get(SharedSTSConstants.DEPLOYMENT_URL_ELEMENT).iterator().next();
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.validation.deployment.url.content.message"));
if (CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_SIGN_ASSERTION, false)
|| CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_ENCRYPT_ASSERTION, false)
|| CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_ENCRYPT_ATTRIBUTES, false)
|| CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_ENCRYPT_NAME_ID, false)) {
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.validation.saml2.keystore.filename.message"));
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.validation.saml2.keystore.password.message"));
if (CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_SIGN_ASSERTION, false)) {
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.validation.saml2.keystore.signature.keyalias.message"));
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.validation.saml2.keystore.signature.keypassword.message"));
if (CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_ENCRYPT_ASSERTION, false)
|| CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_ENCRYPT_ATTRIBUTES, false)
|| CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_ENCRYPT_NAME_ID, false)) {
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.validation.saml2.keystore.encryption.keyalias.message"));
if (CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_ENCRYPT_ASSERTION, false)
&& (CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_ENCRYPT_ATTRIBUTES, false)
|| CollectionHelper.getBooleanMapAttr(configurationState, SharedSTSConstants.SAML2_ENCRYPT_NAME_ID, false))) {
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.saml2.encryptioncombinations.message"));
return RestSTSModelResponse.failure(getLocalizedString("rest.sts.validation.tokentransforms.message"));
Add the realm, as this information does not have to be solicited from the user. Also add the encryption strength
parameter, as this value is hard-coded based upon the encryption algorithm type, and necessary only if the
FMEncProvider is over-ridden. See comment in SAML2Config.SAML2ConfigBuilder#encryptionAlgorithmStrength for details.
private void addProgrammaticConfigurationState(Map<String, Set<String>> configurationState, String realm) {
getEncryptionStrengthFromEncryptionAlgorithm(CollectionHelper.getMapAttr(configurationState, SharedSTSConstants.SAML2_ENCRYPTION_ALGORITHM));
field(SharedSTSConstants.REST_STS_PUBLISH_INVOCATION_CONTEXT, SharedSTSConstants.REST_STS_PUBLISH_INVOCATION_CONTEXT_VIEW_BEAN),
return getRestSTSPublishEndpointUrl() + SharedSTSConstants.REST_PUBLISH_SERVICE_CREATE_ACTION_URL_ELEMENT;
Currently, JsonValue#toString will only create a json array for elements which are lists. If I want the
Map<String, Set<String>> returned by this.getValues() to marshal to json correctly using JsonValue#toString(), I
return listMap;
private RestSTSModelResponse invokeRestSTSInstancePublish(String invocationPayload) throws IOException {
connection.setRequestProperty(SharedSTSConstants.CONTENT_TYPE, SharedSTSConstants.APPLICATION_JSON);
connection.setRequestProperty(SharedSTSConstants.CONTENT_TYPE, SharedSTSConstants.APPLICATION_JSON);
private RestSTSModelResponse invokeRestSTSInstanceUpdate(String invocationPayload, String instanceId) throws IOException {
connection.setRequestProperty(SharedSTSConstants.CONTENT_TYPE, SharedSTSConstants.APPLICATION_JSON);
return SystemPropertiesManager.get(Constants.AM_COOKIE_NAME) + EQUALS + getUserSSOToken().getTokenID().toString();