a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: SAML2MetaManager.java,v 1.18 2009/10/28 23:58:58 exu Exp $
327aca89813b3f887da682aa3c20dd3279e1c726Jonathan * Portions Copyrighted 2010-2016 ForgeRock AS.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.cot.CircleOfTrustManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.configuration.ConfigurationManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.configuration.ConfigurationInstance;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.configuration.ConfigurationException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Constants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.AffiliationConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.AttributeAuthorityConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.AttributeQueryConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.AuthnAuthorityConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.XACMLPDPConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.XACMLAuthzDecisionQueryConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.AffiliationDescriptorType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.XACMLAuthzDecisionQueryDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The <code>SAML2MetaManager</code> provides methods to manage both the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * standard entity descriptor and the extended entity configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static final String ATTR_METADATA = "sun-fm-saml2-metadata";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static final String ATTR_ENTITY_CONFIG =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "sun-fm-saml2-entityconfig";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static final String SUBCONFIG_ID = "EntityDescriptor";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static final int SUBCONFIG_PRIORITY = 0;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static Debug debug = SAML2MetaUtils.debug;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static CircleOfTrustManager cotmStatic;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static ConfigurationInstance configInstStatic;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constant used to identify meta alias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static final String NAME_META_ALIAS_IN_URI = "metaAlias";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster configInstStatic = ConfigurationManager.getConfigurationInstance(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager constructor:", ce);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster configInstStatic.addListener(new SAML2MetaServiceListener());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SAML2MetaManager.static: Unable to add " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "ConfigurationListener for SAML2COT service.",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager constructor:", se);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor for <code>SAML2MetaManager</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to construct
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>SAML2MetaManager</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public SAML2MetaManager() throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("null_config", null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor for <code>SAML2MetaManager</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param callerToken session token for the caller.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to construct
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>SAML2MetaManager</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public SAML2MetaManager(Object callerToken) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster configInst = ConfigurationManager.getConfigurationInstance(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("null_config", null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("null_config", null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the standard metadata entity descriptor under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>EntityDescriptorElement</code> for the entity or null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public EntityDescriptorElement getEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster descriptor = SAML2MetaCache.getEntityDescriptor(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.getEntityDescriptor: got "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "descriptor from SAML2MetaCache " + entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.FINE, LogUtil.GOT_ENTITY_DESCRIPTOR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attrs = configInst.getConfiguration(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String value = (String)values.iterator().next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object obj = SAML2MetaUtils.convertStringToJAXB(value);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaCache.putEntityDescriptor(realm, entityId, descriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.getEntityDescriptor: got "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.FINE, LogUtil.GOT_ENTITY_DESCRIPTOR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SAML2MetaManager.getEntityDescriptor: invalid descriptor");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO, LogUtil.GOT_INVALID_ENTITY_DESCRIPTOR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("invalid_descriptor", objs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.getEntityDescriptor", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { e.getMessage(), entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.CONFIG_ERROR_GET_ENTITY_DESCRIPTOR, data, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.getEntityDescriptor", jaxbe);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO, LogUtil.GOT_INVALID_ENTITY_DESCRIPTOR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("invalid_descriptor", objs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first service provider's SSO descriptor in an entity under the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>SPSSODescriptorElement</code> for the entity or null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the first service
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * provider's SSO descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public SPSSODescriptorElement getSPSSODescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement eDescriptor = getEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return SAML2MetaUtils.getSPSSODescriptor(eDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns attribute authority descriptor in an entity under the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return an <code>AttributeAuthorityDescriptorElement</code> object for
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the entity or null if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve attribute authority
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getAttributeAuthorityDescriptor(String realm, String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement eDescriptor = getEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return SAML2MetaUtils.getAttributeAuthorityDescriptor(eDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns attribute query descriptor in an entity under the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return an <code>AttributeQueryDescriptorElement</code> object for
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the entity or null if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve attribute query
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getAttributeQueryDescriptor(String realm, String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement eDescriptor = getEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return SAML2MetaUtils.getAttributeQueryDescriptor(eDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns authentication authority descriptor in an entity under the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return an <code>AuthnAuthorityDescriptorElement</code> object for
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the entity or null if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve authentication
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * authority descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public AuthnAuthorityDescriptorElement getAuthnAuthorityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm, String entityId) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement eDescriptor = getEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return SAML2MetaUtils.getAuthnAuthorityDescriptor(eDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first policy decision point descriptor in an entity under the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return policy decision point descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public XACMLPDPDescriptorElement getPolicyDecisionPointDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement eDescriptor = getEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return SAML2MetaUtils.getPolicyDecisionPointDescriptor(eDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first policy enforcement point descriptor in an entity under the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return policy enforcement point descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public XACMLAuthzDecisionQueryDescriptorElement
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement eDescriptor = getEntityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return SAML2MetaUtils.getPolicyEnforcementPointDescriptor(eDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first identity provider's SSO descriptor in an entity under the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>IDPSSODescriptorElement</code> for the entity or null if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the first identity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * provider's SSO descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public IDPSSODescriptorElement getIDPSSODescriptor(String realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement eDescriptor = getEntityDescriptor(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return SAML2MetaUtils.getIDPSSODescriptor(eDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns affiliation descriptor in an entity under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>AffiliationDescriptorType</code> for the entity or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * null if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the affiliation
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public AffiliationDescriptorType getAffiliationDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityDescriptorElement eDescriptor = getEntityDescriptor(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the standard metadata entity descriptor under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param descriptor The standard entity descriptor object to be set.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to set the entity descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SAML2MetaManager.setEntityDescriptor: entity ID is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.NO_ENTITY_ID_SET_ENTITY_DESCRIPTOR, data, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("empty_entityid", null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attrs = SAML2MetaUtils.convertJAXBToAttrMap(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map oldAttrs = configInst.getConfiguration(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster oldAttrs.put(ATTR_METADATA, attrs.get(ATTR_METADATA));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster configInst.setConfiguration(realm, entityId, oldAttrs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaCache.putEntityDescriptor(realm, entityId, descriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.setEntityDescriptor: saved "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.INFO, LogUtil.SET_ENTITY_DESCRIPTOR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.setEntityDescriptor:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { e.getMessage(), entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.CONFIG_ERROR_SET_ENTITY_DESCRIPTOR, data, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.setEntityDescriptor:", jaxbe);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO, LogUtil.SET_INVALID_ENTITY_DESCRIPTOR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("invalid_descriptor", objs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Creates the standard metadata entity descriptor under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity descriptor will be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param descriptor The standard entity descriptor object to be created.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to create the entity descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.createEntityDescriptor: called.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Creates the standard and extended metadata under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity descriptor will be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param descriptor The standard entity descriptor object to be created.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param config The extended entity config object to be created.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to create the entity.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.createEntity: called.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((descriptor == null) && (config == null)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SAML2metaManager.createEntity: no meta to import.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SAML2MetaManager.createEntity: entity ID is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("empty_entityid", null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.createEntity: realm="
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean isCreate = true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map oldAttrs = configInst.getConfiguration(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // get the entity descriptor if any
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String value = (String)values.iterator().next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object obj = SAML2MetaUtils.convertStringToJAXB(value);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.createEntity: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // get the entity config if any
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster values = (Set)oldAttrs.get(ATTR_ENTITY_CONFIG);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String value = (String)values.iterator().next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object obj = SAML2MetaUtils.convertStringToJAXB(value);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.createEntity: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set currentRolesTypes = getEntityRolesTypes(currentRoles);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator i = newRoles.iterator(); i.hasNext(); ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.createEntity: current"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " descriptor contains role "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " already");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("role_already_exists",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attrs = SAML2MetaUtils.convertJAXBToAttrMap(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster oldAttrs.put(ATTR_METADATA, attrs.get(ATTR_METADATA));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster newAttrs = SAML2MetaUtils.convertJAXBToAttrMap(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((oldDescriptor == null) && (descriptor == null)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.createEntity: entity "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.NO_ENTITY_DESCRIPTOR_CREATE_ENTITY_CONFIG, objs,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("entity_descriptor_not_exist",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set currentRolesTypes = getEntityRolesTypes(currentRoles);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator i = newRoles.iterator(); i.hasNext(); ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.createEntity: current"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " entity config contains role "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " already");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("role_already_exists",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attrs = SAML2MetaUtils.convertJAXBToAttrMap(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attrs = SAML2MetaUtils.convertJAXBToAttrMap(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster configInst.createConfiguration(realm, entityId, newAttrs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.ENTITY_DESCRIPTOR_CREATED, objs, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Add the entity to cot
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaCache.putEntityConfig(realm, entityId, config);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster configInst.setConfiguration(realm, entityId, oldAttrs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaCache.putEntityConfig(realm, entityId, oldConfig);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaCache.putEntityConfig(realm, entityId, config);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.createEntity:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { e.getMessage(), entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.CONFIG_ERROR_CREATE_ENTITY_DESCRIPTOR, data, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.createEntity:", jaxbe);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.CREATE_INVALID_ENTITY_DESCRIPTOR, objs, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("invalid_descriptor", objs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static Set getEntityRolesTypes(Collection roles) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator i = roles.iterator(); i.hasNext(); ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Deletes the standard metadata entity descriptor under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId The ID of the entity for whom the standard entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * descriptor will be deleted.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to delete the entity descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void deleteEntityDescriptor(String realm, String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Remove the entity from cot
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // end of remove entity from cot
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster configInst.deleteConfiguration(realm, entityId, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaCache.putEntityDescriptor(realm, entityId, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.deleteEntityDescriptor:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { e.getMessage(), entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns extended entity configuration under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>EntityConfigElement</code> object for the entity or null
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public EntityConfigElement getEntityConfig(String realm, String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster config = SAML2MetaCache.getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.getEntityConfig: got entity"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attrs = configInst.getConfiguration(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set values = (Set)attrs.get(ATTR_ENTITY_CONFIG);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String value = (String)values.iterator().next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object obj = SAML2MetaUtils.convertStringToJAXB(value);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.getEntityConfig: got "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.getEntityConfig: invalid config");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("invalid_config", objs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.getEntityConfig:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { e.getMessage(), entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.getEntityConfig:", jaxbe);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("invalid_config", objs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first service provider's SSO configuration in an entity under
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>SPSSOConfigElement</code> for the entity or null if not
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the first service
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * provider's SSO configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public SPSSOConfigElement getSPSSOConfig(String realm, String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement eConfig = getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = list.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first policy decision point configuration in an entity under
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return policy decision point configuration or null if it is not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public XACMLPDPConfigElement getPolicyDecisionPointConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement eConfig = getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator i = list.iterator(); i.hasNext() && (elm == null);) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first policy enforcement point configuration in an entity under
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return policy decision point configuration or null if it is not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public XACMLAuthzDecisionQueryConfigElement getPolicyEnforcementPointConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XACMLAuthzDecisionQueryConfigElement elm = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement eConfig = getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator i = list.iterator(); i.hasNext() && (elm == null);) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (obj instanceof XACMLAuthzDecisionQueryConfigElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster elm = (XACMLAuthzDecisionQueryConfigElement)obj;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first identity provider's SSO configuration in an entity under
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>IDPSSOConfigElement</code> for the entity or null if not
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the first identity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * provider's SSO configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public IDPSSOConfigElement getIDPSSOConfig(String realm, String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement eConfig = getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = list.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first attribute authority configuration in an entity under
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>AttributeAuthorityConfigElement</code> for the entity or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * null if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the first attribute
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * authority configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public AttributeAuthorityConfigElement getAttributeAuthorityConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm, String entityId) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement eConfig = getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = list.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (obj instanceof AttributeAuthorityConfigElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first attribute query configuration in an entity under
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>AttributeQueryConfigElement</code> for the entity or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * null if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the first attribute
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * query configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public AttributeQueryConfigElement getAttributeQueryConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm, String entityId) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement eConfig = getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = list.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (obj instanceof AttributeQueryConfigElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns first authentication authority configuration in an entity under
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>AuthnAuthorityConfigElement</code> for the entity or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * null if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the first authentication
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * authority configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public AuthnAuthorityConfigElement getAuthnAuthorityConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm, String entityId) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement eConfig = getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = list.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (obj instanceof AuthnAuthorityConfigElement) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns affiliation configuration in an entity under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId ID of the entity to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>AffiliationConfigElement</code> for the entity or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * null if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the affiliation
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public AffiliationConfigElement getAffiliationConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm, String entityId) throws SAML2MetaException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement eConfig = getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return (AffiliationConfigElement)eConfig.getAffiliationConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the extended entity configuration under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param config The extended entity configuration object to be set.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to set the entity configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setEntityConfig(String realm, EntityConfigElement config)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.setEntityConfig: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "entity ID is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("empty_entityid", null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attrs = SAML2MetaUtils.convertJAXBToAttrMap(ATTR_ENTITY_CONFIG,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map oldAttrs = configInst.getConfiguration(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster oldAttrs.put(ATTR_ENTITY_CONFIG, attrs.get(ATTR_ENTITY_CONFIG));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster configInst.setConfiguration(realm, entityId, oldAttrs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaCache.putEntityConfig(realm, entityId, config);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.setEntityConfig: saved "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.setEntityConfig:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { e.getMessage(), entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.setEntityConfig:", jaxbe);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("invalid_config", objs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Creates the extended entity configuration under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity configuration will be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param config The extended entity configuration object to be created.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to create the entity configuration.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void createEntityConfig(String realm, EntityConfigElement config)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.creatEntityConfig: called.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm, String entityId, EntityConfigElement eConfig)
327aca89813b3f887da682aa3c20dd3279e1c726Jonathan List elist = eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
327aca89813b3f887da682aa3c20dd3279e1c726Jonathan // Use first one to add the entity to COT, if this is present in the config
327aca89813b3f887da682aa3c20dd3279e1c726Jonathan // Typically found in the proprietary extended metadata, not standard SAML2 entity metadata
327aca89813b3f887da682aa3c20dd3279e1c726Jonathan BaseConfigType config = (BaseConfigType) elist.iterator().next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attr = SAML2MetaUtils.getAttributes(config);
327aca89813b3f887da682aa3c20dd3279e1c726Jonathan List cotList = (List) attr.get(SAML2Constants.COT_LIST);
327aca89813b3f887da682aa3c20dd3279e1c726Jonathan for (Iterator iter = cotList.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String cotName = ((String) iter.next()).trim();
327aca89813b3f887da682aa3c20dd3279e1c726Jonathan cotm.addCircleOfTrustMember(realm, cotName, COTConstants.SAML2, entityId, false);
327aca89813b3f887da682aa3c20dd3279e1c726Jonathan } catch (Exception e) {
327aca89813b3f887da682aa3c20dd3279e1c726Jonathan debug.error("SAML2MetaManager.addToCircleOfTrust: Error while adding entity " + entityId + " to COT.", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Deletes the extended entity configuration under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId The ID of the entity for whom the extended entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * configuration will be deleted.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to delete the entity descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void deleteEntityConfig(String realm, String entityId)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map oldAttrs = configInst.getConfiguration(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set oldValues = (Set)oldAttrs.get(ATTR_ENTITY_CONFIG);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (oldValues == null || oldValues.isEmpty() ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.NO_ENTITY_DESCRIPTOR_DELETE_ENTITY_CONFIG,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2MetaException("entity_config_not_exist", objs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Remove the entity from cot
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster configInst.deleteConfiguration(realm, entityId, attr);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaCache.putEntityConfig(realm, entityId, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.deleteEntityConfig:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { e.getMessage(), entityId, realm };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void removeFromCircleOfTrust(String realm, String entityId) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement eConfig = getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean isAffiliation = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (getAffiliationDescriptor(realm, entityId) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message("SAML2MetaManager.removeFromCircleOfTrust is "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // use first one to delete the entity from COT
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster BaseConfigType config = (BaseConfigType)elist.iterator().next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attr = SAML2MetaUtils.getAttributes(config);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List cotAttr = (List) attr.get(SAML2Constants.COT_LIST);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator iter = cotList.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String cotName = ((String) iter.next()).trim();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((cotName != null) && (!cotName.equals(""))) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.removeFromCircleOfTrust:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Error while removing entity" + entityId + "from COT.",e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all hosted entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the hosted entities reside.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a <code>List</code> of entity ID <code>String</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set entityIds = configInst.getAllConfigurationNames(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (entityIds != null && !entityIds.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = entityIds.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.getAllHostedEntities:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all hosted service provider entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the hosted service provider entities
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a <code>List</code> of entity ID <code>String</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllHostedServiceProviderEntities(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedEntityIds = getAllHostedEntities(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = hostedEntityIds.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (getSPSSODescriptor(realm, entityId) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all hosted policy decision point entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the hosted policy decision point
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * entities reside.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a list of entity ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllHostedPolicyDecisionPointEntities(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return getHostedPolicyDecisionPointEntities(realm, true);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all remote policy decision point entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the remote policy decision point
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * entities reside.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a list of entity ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllRemotePolicyDecisionPointEntities(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return getHostedPolicyDecisionPointEntities(realm, false);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private List getHostedPolicyDecisionPointEntities(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedEntityIds = (hosted) ? getAllHostedEntities(realm) :
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator i = hostedEntityIds.iterator(); i.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (getPolicyDecisionPointDescriptor(realm, entityId) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all hosted policy enforcement point entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the hosted policy enforcement point
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * entities reside.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a list of entity ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllHostedPolicyEnforcementPointEntities(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return getAllPolicyEnforcementPointEntities(realm, true);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all remote policy enforcement point entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the remote policy enforcement point
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * entities reside.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a list of entity ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllRemotePolicyEnforcementPointEntities(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return getAllPolicyEnforcementPointEntities(realm, false);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private List getAllPolicyEnforcementPointEntities(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedEntityIds = (hosted) ? getAllHostedEntities(realm) :
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator i = hostedEntityIds.iterator(); i.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (getPolicyEnforcementPointDescriptor(realm, entityId) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all hosted identity provider entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the hosted identity provider entities
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a <code>List</code> of entity ID <code>String</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllHostedIdentityProviderEntities(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedEntityIds = getAllHostedEntities(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = hostedEntityIds.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (getIDPSSODescriptor(realm, entityId) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all remote entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the hosted entities reside.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a <code>List</code> of entity ID <code>String</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set entityIds = configInst.getAllConfigurationNames(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (entityIds != null && !entityIds.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = entityIds.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.getAllRemoteEntities:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all remote service provider entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the remote service provider entities
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a <code>List</code> of entity ID <code>String</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllRemoteServiceProviderEntities(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List remoteEntityIds = getAllRemoteEntities(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = remoteEntityIds.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (getSPSSODescriptor(realm, entityId) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all remote identity provider entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the remote identity provider entities
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a <code>List</code> of entity ID <code>String</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllRemoteIdentityProviderEntities(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List remoteEntityIds = getAllRemoteEntities(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = remoteEntityIds.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (getIDPSSODescriptor(realm, entityId) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns entity ID associated with the metaAlias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias The metaAlias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return entity ID associated with the metaAlias or null if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String getEntityByMetaAlias(String metaAlias)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set entityIds = configInst.getAllConfigurationNames(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (entityIds == null || entityIds.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator iter = entityIds.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EntityConfigElement config = getEntityConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster config.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter2 = list.iterator(); iter2.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster BaseConfigType bConfig = (BaseConfigType)iter2.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (cMetaAlias != null && cMetaAlias.equals(metaAlias)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.getEntityByMetaAlias:", e);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * Returns all the hosted entity metaAliases for a realm.
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * @param realm The given realm.
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * @return all the hosted entity metaAliases for a realm or an empty arrayList if not found.
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * @throws SAML2MetaException if unable to retrieve the entity ids.
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas public List<String> getAllHostedMetaAliasesByRealm(String realm) throws SAML2MetaException {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas List<String> metaAliases = new ArrayList<String>();
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas Set<String> entityIds = configInst.getAllConfigurationNames(realm);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas if (entityIds == null || entityIds.isEmpty()) {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas EntityConfigElement config = getEntityConfig(realm, entityId);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas List<BaseConfigType> configList = config.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig();
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas for (BaseConfigType bConfigType : configList) {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas String curMetaAlias = bConfigType.getMetaAlias();
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas if (curMetaAlias != null && !curMetaAlias.isEmpty()) {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas debug.error("SAML2MetaManager.getAllHostedMetaAliasesByRealm:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns role of an entity based on its metaAlias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias Meta alias of the entity.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return role of an entity either <code>SAML2Constants.IDP_ROLE</code>; or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>SAML2Constants.SP_ROLE</code> or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>SAML2Constants.UNKNOWN_ROLE</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if there are issues in getting the entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * profile from the meta alias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String getRoleByMetaAlias(String metaAlias)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId = getEntityByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPSSOConfigElement idpConfig = getIDPSSOConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SPSSOConfigElement spConfig = getSPSSOConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XACMLPDPConfigElement pdpConfig = getPolicyDecisionPointConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XACMLAuthzDecisionQueryConfigElement pepConfig =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getPolicyEnforcementPointConfig(realm, entityId);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * Returns metaAliases of all hosted identity providers under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the identity provider metaAliases
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a <code>List</code> of metaAliases <code>String</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve meta aliases.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllHostedIdentityProviderMetaAliases(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedEntityIds = getAllHostedIdentityProviderEntities(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = hostedEntityIds.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((idpConfig = getIDPSSOConfig(realm, entityId)) != null) {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * Returns metaAliases of all hosted service providers under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the service provider metaAliases
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a <code>List</code> of metaAliases <code>String</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve meta aliases.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllHostedServiceProviderMetaAliases(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedEntityIds = getAllHostedServiceProviderEntities(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = hostedEntityIds.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((spConfig = getSPSSOConfig(realm, entityId)) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns meta aliases of all hosted policy decision point under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the policy decision point resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return list of meta aliases
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve meta aliases.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllHostedPolicyDecisionPointMetaAliases(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedEntityIds = getAllHostedPolicyDecisionPointEntities(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator i = hostedEntityIds.iterator(); i.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XACMLPDPConfigElement elm = getPolicyDecisionPointConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns meta aliases of all hosted policy enforcement point under the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the policy enforcement point resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return list of meta aliases
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve meta aliases.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public List getAllHostedPolicyEnforcementPointMetaAliases(String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List hostedEntityIds = getAllHostedPolicyEnforcementPointEntities(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator i = hostedEntityIds.iterator(); i.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getPolicyEnforcementPointConfig(realm, entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Determines whether two entities are in the same circle of trust
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId The ID of the entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param trustedEntityId The ID of the entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to determine the trusted
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * relationship.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public boolean isTrustedProvider(String realm, String entityId,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean result=false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SPSSOConfigElement spconfig = getSPSSOConfig(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPSSOConfigElement idpconfig = getIDPSSOConfig(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Determines whether two entities are in the same circle of trust
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * under the realm. Returns true if entities are in same
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * circle of trust. The entity can be a PDP or a PEP. If an entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * role other then PEP or PDP is specified then a false will be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId the hosted entity Identifier (PEP or PDP).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param trustedEntityId the remote entity identifier (PEP or PDP).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param role the role of the hosted entity.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to determine the trusted
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * relationship.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public boolean isTrustedXACMLProvider(String realm, String entityId,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean result=false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (role.equals(SAML2Constants.PEP_ROLE)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XACMLAuthzDecisionQueryConfigElement pepConfig =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getPolicyEnforcementPointConfig(realm,entityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster result = isSameCircleOfTrust(pepConfig,realm,trustedEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private boolean isSameCircleOfTrust(BaseConfigType config, String realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attr = SAML2MetaUtils.getAttributes(config);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List cotList = (List) attr.get(SAML2Constants.COT_LIST);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.isSameCircleOfTrust: Error" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " while determining two entities are in the same COT.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns all entities under the realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entities reside.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a <code>Set</code> of entity ID <code>String</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws SAML2MetaException if unable to retrieve the entity ids.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set entityIds = configInst.getAllConfigurationNames(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (entityIds != null && !entityIds.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error("SAML2MetaManager.getAllEntities:", e);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * Checks that the provided metaAliases are valid for a new hosted entity in the specified realm.
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * Will verify that the metaAliases do not already exist in the realm and that no duplicates are provided.
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * @param realm The realm in which we are validating the metaAliases.
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * @param newMetaAliases values we are using to create the new metaAliases.
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas * @throws SAML2MetaException if duplicate values found.
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas public void validateMetaAliasForNewEntity(String realm, List<String> newMetaAliases) throws SAML2MetaException {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas if (null != newMetaAliases && !newMetaAliases.isEmpty()) {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas Set checkForDuplicates = new HashSet<String>(newMetaAliases);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas if (checkForDuplicates.size() < newMetaAliases.size()) {
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas debug.error("SAML2MetaManager.validateMetaAliasForNewEntity:Duplicate" +
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas " metaAlias values provided in list:\n"
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas String[] data = { newMetaAliases.toString() };
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas throw new SAML2MetaException("meta_alias_duplicate", data);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas List<String> allRealmMetaAliaes = getAllHostedMetaAliasesByRealm(realm);
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas // only check if we have existing aliases
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas List<String> duplicateMetaAliases = new ArrayList<String>();
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas debug.error("SAML2MetaManager.validateMetaAliasForNewEntity: metaAliases " + sb.toString()
e99c5132fdbbe07880893fa1f7d7afb2767261beJon Jonthomas throw new SAML2MetaException("meta_alias_exists", data);