CreateSAML2HostedProviderTemplate.java revision 07856bf23b706ef4e3654388d9ca26a720e0ad6a
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: CreateSAML2HostedProviderTemplate.java,v 1.29 2009/11/24 21:49:04 madan_ranganath Exp $
*
* Portions Copyrighted 2015 ForgeRock AS.
*/
/**
* Create SAML2 Hosted Provider Template.
*/
public class CreateSAML2HostedProviderTemplate {
private CreateSAML2HostedProviderTemplate() {
}
private static String getHostURL() {
}
public static String createExtendedDataTemplate(
) {
}
public static String createExtendedDataTemplate(
boolean hosted
) {
url = getHostURL();
}
"<EntityConfig xmlns=\"urn:sun:fm:SAML:2.0:entityconfig\"\n"+
" xmlns:fm=\"urn:sun:fm:SAML:2.0:entityconfig\"\n" +
}
}
if (attraAlias != null) {
}
if (attrqAlias != null) {
}
if (authnaAlias != null) {
}
}
}
}
}
private static void buildIDPConfigTemplate(
) {
if (idpSCertAlias == null) {
idpSCertAlias = "";
}
if (idpECertAlias == null) {
idpECertAlias = "";
}
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" </Attribute>\n" +
"\">\n" +
" <Value>false</Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value>false</Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value>600</Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value>com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper" +
"</Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value>" +
" </Attribute>\n" +
"\">\n" +
" <Value>com.sun.identity.saml2.plugins.DefaultIDPAccountMapper" +
"</Value>\n" +
" </Attribute>\n" +
" <Value>false</Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value>com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper" +
"</Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value>com.sun.identity.saml2.plugins.DefaultAssertionIDRequestMapper" +
"</Value>\n" +
" </Attribute>\n" +
"\">\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value>" +
" </Attribute>\n" +
"\">\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value></Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value></Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value></Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value></Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value></Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value></Value>\n" +
" </Attribute>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value>false</Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value>false</Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value>600</Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" </Attribute>\n" +
idpAlias + "</Value>\n" +
" </Attribute>\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value>false</Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" </Attribute>\n" +
" </IDPSSOConfig>\n"
);
}
private static void buildSPConfigTemplate(
) {
if (spSCertAlias == null) {
spSCertAlias = "";
}
if (spECertAlias == null) {
spECertAlias = "";
}
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" </Attribute>\n" +
"\">\n" +
" <Value>false</Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value>false</Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value>com.sun.identity.saml2.plugins.DefaultSPAccountMapper" +
"</Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value>false" +
"</Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value>com.sun.identity.saml2.plugins.DefaultSPAttributeMapper" +
"</Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value>" +
" </Attribute>\n" +
" <Attribute name=\""
" <Value>" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value>" +
" </Attribute>\n" +
"\">\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value>300</Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value></Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value></Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value></Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value></Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value></Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value></Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value></Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value></Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value></Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" </Attribute>\n" +
" </Attribute>\n" +
"\">\n" +
" </Attribute>\n" +
"</Value>\n" +
" </Attribute>\n" +
"\">\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value>com.sun.identity.saml2.plugins.ECPIDPFinder</Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value>false</Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value>0</Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value>false</Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value>false</Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" </Attribute>\n" +
" </SPSSOConfig>\n"
);
}
private static void buildAttributeAuthorityConfigTemplate(
) {
if (attraECertAlias == null) {
attraECertAlias = "";
}
if (attraSCertAlias == null) {
attraSCertAlias = "";
}
"\">\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value>" +
"</Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value>com.sun.identity.saml2.plugins.X509SubjectAttributeAuthorityMapper</Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value>com.sun.identity.saml2.plugins.DefaultAssertionIDRequestMapper" +
"</Value>\n" +
" </Attribute>\n" +
" </AttributeAuthorityConfig>\n"
);
}
private static void buildAttributeQueryConfigTemplate(
) {
if (attrqSCertAlias == null) {
attrqSCertAlias = "";
}
if (attrqECertAlias == null) {
attrqECertAlias = "";
}
"\">\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" </Attribute>\n" +
" </AttributeQueryConfig>\n"
);
}
private static void buildAuthnAuthorityConfigTemplate(
) {
if (authnaECertAlias == null) {
authnaECertAlias = "";
}
if (authnaSCertAlias == null) {
authnaSCertAlias = "";
}
"\">\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" </Attribute>\n" +
"\">\n" +
" <Value>com.sun.identity.saml2.plugins.DefaultAssertionIDRequestMapper" +
"</Value>\n" +
" </Attribute>\n" +
" </AuthnAuthorityConfig>\n"
);
}
private static void buildAffiliationConfigTemplate(
) {
if (affiECertAlias == null) {
affiECertAlias = "";
}
if (affiSCertAlias == null) {
affiSCertAlias = "";
}
"\">\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" </Attribute>\n" +
" </AffiliationConfig>\n"
);
}
private static void buildPDPConfigTemplate(
) {
if (pdpECertAlias == null) {
pdpECertAlias = "";
}
if (pdpSCertAlias == null) {
pdpSCertAlias = "";
}
"\">\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" </Attribute>\n" +
"\">\n" +
" <Value>false</Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value>false</Value>\n" +
" </Attribute>\n" +
" </Attribute>\n" +
" </XACMLPDPConfig>\n");
}
private static void buildPEPConfigTemplate(
) {
if (pepECertAlias == null) {
pepECertAlias = "";
}
if (pepSCertAlias == null) {
pepSCertAlias = "";
}
" <XACMLAuthzDecisionQueryConfig metaAlias=\"" + pepAlias +
"\">\n" +
"\">\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" </Attribute>\n" +
"\">\n" +
" <Value>false</Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
"\">\n" +
" <Value></Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value>false</Value>\n" +
" </Attribute>\n" +
" <Attribute name=\"" +
" <Value>false</Value>\n" +
" </Attribute>\n" +
" </Attribute>\n" +
" </XACMLAuthzDecisionQueryConfig>\n");
}
public static String buildMetaDataTemplate(
) throws SAML2MetaException {
url = getHostURL();
}
"<EntityDescriptor\n" +
" xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n" +
}
}
if (attraAlias != null) {
}
if (attrqAlias != null) {
}
if (authnaAlias != null) {
}
}
}
}
}
private static void addIdentityProviderTemplate(
) throws SAML2MetaException {
" <IDPSSODescriptor\n" +
" WantAuthnRequestsSigned=\"false\"\n" +
" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n"
);
if (idpSX509Cert != null) {
" <KeyDescriptor use=\"signing\">\n" +
" <KeyInfo xmlns=\"" +
" <X509Data>\n" +
" <X509Certificate>\n" + idpSX509Cert +
" </X509Certificate>\n" +
" </X509Data>\n" +
" </KeyInfo>\n" +
" </KeyDescriptor>\n");
}
if (idpEX509Cert != null) {
" <KeyDescriptor use=\"encryption\">\n" +
" <KeyInfo xmlns=\"" +
" <X509Data>\n" +
" <X509Certificate>\n" + idpEX509Cert +
" </X509Certificate>\n" +
" </X509Data>\n" +
" </KeyInfo>\n" +
" <EncryptionMethod Algorithm=" +
"\"http://www.w3.org/2001/04/xmlenc#aes128-cbc\">\n" +
" <KeySize xmlns=\"" +
"128</KeySize>\n" +
" </EncryptionMethod>\n" +
" </KeyDescriptor>\n");
}
" <ArtifactResolutionService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n" +
"\"\n" +
" index=\"0\"\n" +
" isDefault=\"1\"/>\n" +
" <SingleLogoutService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n" +
maStr + "\"/>\n" +
" <SingleLogoutService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n" +
maStr + "\"/>\n" +
" <SingleLogoutService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n" +
" <ManageNameIDService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n" +
maStr + "\"/>\n" +
" <ManageNameIDService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n" +
maStr + "\"/>\n" +
" <ManageNameIDService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n" +
" <NameIDFormat>\n" +
" </NameIDFormat>\n" +
" <NameIDFormat>\n" +
" </NameIDFormat>\n" +
" <NameIDFormat>\n" +
" </NameIDFormat>\n" +
" <NameIDFormat>\n" +
" </NameIDFormat>\n" +
" <NameIDFormat>\n" +
" </NameIDFormat>\n" +
" <NameIDFormat>\n" +
" </NameIDFormat>\n" +
" <NameIDFormat>\n" +
" </NameIDFormat>\n" +
" <SingleSignOnService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n" +
" <SingleSignOnService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n" +
" <SingleSignOnService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n" +
" <NameIDMappingService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n" +
" <AssertionIDRequestService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n" +
" <AssertionIDRequestService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:URI\"\n" +
" </IDPSSODescriptor>\n"
);
}
private static void addServiceProviderTemplate(
) throws SAML2MetaException {
" <SPSSODescriptor\n" +
" AuthnRequestsSigned=\"false\"\n" +
" WantAssertionsSigned=\"false\"\n" +
" protocolSupportEnumeration=\n" +
" \"urn:oasis:names:tc:SAML:2.0:protocol\">\n");
if (spSX509Cert != null) {
" <KeyDescriptor use=\"signing\">\n" +
" <KeyInfo xmlns=\"" +
" <X509Data>\n" +
" <X509Certificate>\n" + spSX509Cert +
" </X509Certificate>\n" +
" </X509Data>\n" +
" </KeyInfo>\n" +
" </KeyDescriptor>\n");
}
if (spEX509Cert != null) {
" <KeyDescriptor use=\"encryption\">\n" +
" <KeyInfo xmlns=\"" +
" <X509Data>\n" +
" <X509Certificate>\n" + spEX509Cert +
" </X509Certificate>\n" +
" </X509Data>\n" +
" </KeyInfo>\n" +
" <EncryptionMethod Algorithm=" +
"\"http://www.w3.org/2001/04/xmlenc#aes128-cbc\">\n" +
" <KeySize xmlns=\"" +
"128</KeySize>\n" +
" </EncryptionMethod>\n" +
" </KeyDescriptor>\n");
}
" <SingleLogoutService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n" +
"\"/>\n" +
" <SingleLogoutService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n" +
"\"/>\n" +
" <SingleLogoutService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n" +
" <ManageNameIDService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n" +
"\"/>\n" +
" <ManageNameIDService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n" +
"\"/>\n" +
" <ManageNameIDService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n" +
"\"/>\n" +
" <NameIDFormat>\n" +
" </NameIDFormat>\n" +
" <NameIDFormat>\n" +
" </NameIDFormat>\n" +
" <NameIDFormat>\n" +
" </NameIDFormat>\n" +
" <NameIDFormat>\n" +
" </NameIDFormat>\n" +
" <NameIDFormat>\n" +
" </NameIDFormat>\n" +
" <NameIDFormat>\n" +
" </NameIDFormat>\n" +
" <NameIDFormat>\n" +
" </NameIDFormat>\n" +
" <AssertionConsumerService\n" +
" isDefault=\"true\"\n" +
" index=\"0\"\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact\"\n" +
" <AssertionConsumerService\n" +
" index=\"1\"\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n" +
" <AssertionConsumerService\n" +
" index=\"2\"\n" +
"\"/>\n" +
" </SPSSODescriptor>\n");
}
private static void addAttributeAuthorityTemplate(
) throws SAML2MetaException {
" <AttributeAuthorityDescriptor\n" +
" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n");
if (attraSX509Cert != null) {
" <KeyDescriptor use=\"signing\">\n" +
" <KeyInfo xmlns=\"" +
" <X509Data>\n" +
" <X509Certificate>\n" + attraSX509Cert +
" </X509Certificate>\n" +
" </X509Data>\n" +
" </KeyInfo>\n" +
" </KeyDescriptor>\n");
}
if (attraEX509Cert != null) {
" <KeyDescriptor use=\"encryption\">\n" +
" <KeyInfo xmlns=\"" +
" <X509Data>\n" +
" <X509Certificate>\n" + attraEX509Cert +
" </X509Certificate>\n" +
" </X509Data>\n" +
" </KeyInfo>\n" +
" <EncryptionMethod Algorithm=" +
"\"http://www.w3.org/2001/04/xmlenc#aes128-cbc\">\n" +
" <KeySize xmlns=\"" +
"128</KeySize>\n" +
" </EncryptionMethod>\n" +
" </KeyDescriptor>\n");
}
" <AttributeService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n" +
" <AttributeService\n" +
" xmlns:x509qry=\"urn:oasis:names:tc:SAML:metadata:X509:query\"\n" +
" x509qry:supportsX509Query=\"true\"\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n" +
"\"/>\n" +
" <AssertionIDRequestService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n" +
" <AssertionIDRequestService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:URI\"\n" +
" <AttributeProfile>" +
" </AttributeAuthorityDescriptor>\n");
}
private static void addAttributeQueryTemplate(
) throws SAML2MetaException {
" <RoleDescriptor\n" +
" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n" +
" xmlns:query=\"urn:oasis:names:tc:SAML:metadata:ext:query\"\n" +
" xsi:type=\"query:AttributeQueryDescriptorType\"\n" +
" protocolSupportEnumeration=\n" +
" \"urn:oasis:names:tc:SAML:2.0:protocol\">\n");
if (attrqSX509Cert != null) {
" <KeyDescriptor use=\"signing\">\n" +
" <KeyInfo xmlns=\"" +
" <X509Data>\n" +
" <X509Certificate>\n" + attrqSX509Cert +
" </X509Certificate>\n" +
" </X509Data>\n" +
" </KeyInfo>\n" +
" </KeyDescriptor>\n");
}
if (attrqEX509Cert != null) {
" <KeyDescriptor use=\"encryption\">\n" +
" <KeyInfo xmlns=\"" +
" <X509Data>\n" +
" <X509Certificate>\n" + attrqEX509Cert +
" </X509Certificate>\n" +
" </X509Data>\n" +
" </KeyInfo>\n" +
" <EncryptionMethod Algorithm=" +
"\"http://www.w3.org/2001/04/xmlenc#aes128-cbc\">\n" +
" <KeySize xmlns=\"" +
"128</KeySize>\n" +
" </EncryptionMethod>\n" +
" </KeyDescriptor>\n");
}
" <NameIDFormat>\n" +
" urn:oasis:names:tc:SAML:2.0:nameid-format:persistent\n" +
" </NameIDFormat>\n" +
" <NameIDFormat>\n" +
" urn:oasis:names:tc:SAML:2.0:nameid-format:transient\n" +
" </NameIDFormat>\n" +
" <NameIDFormat>\n" +
" urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\n" +
" </NameIDFormat>\n" +
" </RoleDescriptor>\n");
}
private static void addAuthnAuthorityTemplate(
) throws SAML2MetaException {
" <AuthnAuthorityDescriptor\n" +
" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n");
if (authnaSX509Cert != null) {
" <KeyDescriptor use=\"signing\">\n" +
" <KeyInfo xmlns=\"" +
" <X509Data>\n" +
" <X509Certificate>\n" + authnaSX509Cert +
" </X509Certificate>\n" +
" </X509Data>\n" +
" </KeyInfo>\n" +
" </KeyDescriptor>\n");
}
if (authnaEX509Cert != null) {
" <KeyDescriptor use=\"encryption\">\n" +
" <KeyInfo xmlns=\"" +
" <X509Data>\n" +
" <X509Certificate>\n" + authnaEX509Cert +
" </X509Certificate>\n" +
" </X509Data>\n" +
" </KeyInfo>\n" +
" <EncryptionMethod Algorithm=" +
"\"http://www.w3.org/2001/04/xmlenc#aes128-cbc\">\n" +
" <KeySize xmlns=\"" +
"128</KeySize>\n" +
" </EncryptionMethod>\n" +
" </KeyDescriptor>\n");
}
" <AuthnQueryService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n" +
maStr + "\"/>\n" +
" <AssertionIDRequestService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"\n" +
" <AssertionIDRequestService\n" +
" Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:URI\"\n" +
" </AuthnAuthorityDescriptor>\n");
}
private static void addAffiliationTemplate(
) throws SAML2MetaException {
" <AffiliationDescriptor\n" +
}
if (affiSX509Cert != null) {
" <KeyDescriptor use=\"signing\">\n" +
" <KeyInfo xmlns=\"" +
" <X509Data>\n" +
" <X509Certificate>\n" + affiSX509Cert +
" </X509Certificate>\n" +
" </X509Data>\n" +
" </KeyInfo>\n" +
" </KeyDescriptor>\n");
}
if (affiEX509Cert != null) {
" <KeyDescriptor use=\"encryption\">\n" +
" <KeyInfo xmlns=\"" +
" <X509Data>\n" +
" <X509Certificate>\n" + affiEX509Cert +
" </X509Certificate>\n" +
" </X509Data>\n" +
" </KeyInfo>\n" +
" <EncryptionMethod Algorithm=" +
"\"http://www.w3.org/2001/04/xmlenc#aes128-cbc\">\n" +
" <KeySize xmlns=\"" +
"128</KeySize>\n" +
" </EncryptionMethod>\n" +
" </KeyDescriptor>\n");
}
" </AffiliationDescriptor>\n");
}
private static void addPDPTemplate(
) throws SAML2MetaException {
" <XACMLPDPDescriptor " +
"protocolSupportEnumeration=" +
"\"urn:oasis:names:tc:SAML:2.0:protocol\">\n");
if (pdpSX509Cert != null) {
" <KeyDescriptor use=\"signing\">\n" +
" <KeyInfo xmlns=\"" +
" <X509Data>\n" +
" <X509Certificate>\n" + pdpSX509Cert +
" </X509Certificate>\n" +
" </X509Data>\n" +
" </KeyInfo>\n" +
" </KeyDescriptor>\n");
}
if (pdpEX509Cert != null) {
" <KeyDescriptor use=\"encryption\">\n" +
" <KeyInfo xmlns=\"" +
" <X509Data>\n" +
" <X509Certificate>\n" + pdpEX509Cert +
" </X509Certificate>\n" +
" </X509Data>\n" +
" </KeyInfo>\n" +
" <EncryptionMethod Algorithm=" +
"\"http://www.w3.org/2001/04/xmlenc#aes128-cbc\">\n" +
" <KeySize xmlns=\"" +
"128</KeySize>\n" +
" </EncryptionMethod>\n" +
" </KeyDescriptor>\n");
}
" <XACMLAuthzService " +
"Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:SOAP\"" +
" </XACMLPDPDescriptor>\n");
}
private static void addPEPTemplate(
) throws SAML2MetaException {
"WantAssertionsSigned=\"false\" " +
"protocolSupportEnumeration=" +
"\"urn:oasis:names:tc:SAML:2.0:protocol\">\n");
if (pepSX509Cert != null) {
" <KeyDescriptor use=\"signing\">\n" +
" <KeyInfo xmlns=\"" +
" <X509Data>\n" +
" <X509Certificate>\n" + pepSX509Cert +
" </X509Certificate>\n" +
" </X509Data>\n" +
" </KeyInfo>\n" +
" </KeyDescriptor>\n");
}
if (pepEX509Cert != null) {
" <KeyDescriptor use=\"encryption\">\n" +
" <KeyInfo xmlns=\"" +
" <X509Data>\n" +
" <X509Certificate>\n" + pepEX509Cert +
" </X509Certificate>\n" +
" </X509Data>\n" +
" </KeyInfo>\n" +
" <EncryptionMethod Algorithm=" +
"\"http://www.w3.org/2001/04/xmlenc#aes128-cbc\">\n" +
" <KeySize xmlns=\"" +
"128</KeySize>\n" +
" </EncryptionMethod>\n" +
" </KeyDescriptor>\n");
}
}
}
}