AttributeQueryUtil.java revision b563881b581c69ca884d14003b550c77e01ae057
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: AttributeQueryUtil.java,v 1.11 2009/07/24 22:51:48 madan_ranganath Exp $
1b49125c5fbcee4ac3052f0831212bbb6feae221Mark Craig * Portions copyright 2010-2013 ForgeRock, Inc.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.datastore.DataStoreProviderException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.datastore.DataStoreProvider;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.xmlsig.KeyProvider;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.Assertion;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.AssertionFactory;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.Attribute;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.AttributeStatement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.Conditions;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.EncryptedAssertion;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.EncryptedID;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.Subject;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.AccountUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Constants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Exception;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Utils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.assertion.AttributeElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.assertion.AttributeValueElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.AttributeAuthorityConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.AttributeQueryConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.AttributeServiceElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.NameIDMappingServiceElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.meta.SAML2MetaException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.meta.SAML2MetaManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.meta.SAML2MetaUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.plugins.AttributeAuthorityMapper;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.protocol.AttributeQuery;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.protocol.ProtocolFactory;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.protocol.Response;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.protocol.StatusCode;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.xmlenc.EncManager;
1b49125c5fbcee4ac3052f0831212bbb6feae221Mark Craig * This class provides methods to send or process <code>AttributeQuery</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster static KeyProvider keyProvider = KeyUtil.getKeyProviderInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster static Hashtable attrAuthorityMapperCache = new Hashtable();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster static SAML2MetaManager metaManager = SAML2Utils.getSAML2MetaManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster dsProvider = SAML2Utils.getDataStoreProvider();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.error("AttributeQueryUtil.static:", se);
b563881b581c69ca884d14003b550c77e01ae057Mark Craig * Sends the <code>AttributeQuery</code> to specified
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * attribute authority and returns <code>Response</code> coming
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * from the attribute authority.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrQuery the <code>AttributeQuery</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrAuthorityEntityID entity ID of attribute authority
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm the realm of hosted entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrQueryProfile the attribute query profile or null to ignore
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrProfile the attribute profile
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param binding the binding
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the <code>Response</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the operation is not successful
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Response sendAttributeQuery(AttributeQuery attrQuery,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String attrAuthorityEntityID, String realm, String attrQueryProfile,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String attrProfile, String binding) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AttributeAuthorityDescriptorElement aad = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster aad = metaManager.getAttributeAuthorityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.error("AttributeQueryUtil.sendAttributeQuery:",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("attrAuthorityNotFound"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("unsupportedBinding"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String location = findLocation(aad, binding, attrQueryProfile,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("attrAuthorityNotFound"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (binding.equalsIgnoreCase(SAML2Constants.SOAP)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return sendAttributeQuerySOAP(attrQuery, location,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("unsupportedBinding"));
b563881b581c69ca884d14003b550c77e01ae057Mark Craig * Sends the <code>AttributeQuery</code> to specified
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * attribute authority and returns <code>Response</code> coming
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * from the attribute authority.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrQuery the <code>AttributeQuery</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request the HTTP Request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response the HTTP Response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrAuthorityEntityID entity ID of attribute authority
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm the realm of hosted entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrQueryProfile the attribute query profile or null to ignore
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrProfile the attribute profile
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param binding the binding
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the operation is not successful
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static void sendAttributeQuery(AttributeQuery attrQuery,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster HttpServletRequest request, HttpServletResponse response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String attrAuthorityEntityID, String realm, String attrQueryProfile,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String attrProfile, String binding) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AttributeAuthorityDescriptorElement aad = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster aad = metaManager.getAttributeAuthorityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.error("AttributeQueryUtil.sendAttributeQuery:",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("attrAuthorityNotFound"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("unsupportedBinding"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String location = findLocation(aad, binding, attrQueryProfile,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("attrAuthorityNotFound"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (binding.equalsIgnoreCase(SAML2Constants.HTTP_POST)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String encodedReqMsg = SAML2Utils.encodeForPOST(attrQuery.toXMLString(true, true));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.postToTarget(response, "SAMLRequest",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getBundle("errorSendingAttributeQuery");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("unsupportedBinding"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Processes the <code>AttributeQuery</code> coming
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * from a requester.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrQuery the <code>AttributeQuery</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request the <code>HttpServletRequest</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response the <code>HttpServletResponse</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrAuthorityEntityID entity ID of attribute authority
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm the realm of hosted entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrQueryProfileAlias the attribute query profile alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the <code>Response</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the operation is not successful
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Response processAttributeQuery(AttributeQuery attrQuery,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster HttpServletRequest request, HttpServletResponse response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String attrQueryProfileAlias) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getAttributeAuthorityMapper(realm, attrAuthorityEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String attrQueryProfile = AttributeQueryUtil.getAttributeQueryProfile(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrAuthorityMapper.authenticateRequester(request, response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("AttributeQueryUtil." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Constants.REQUESTER, null, se.getMessage(), null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrAuthorityMapper.validateAttributeQuery(request, response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.error("AttributeQueryUtil.processAttributeQuery:",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Constants.REQUESTER, null, se.getMessage(), null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AttributeAuthorityDescriptorElement aad = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster aad = metaManager.getAttributeAuthorityDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.error("AttributeQueryUtil.processAttributeQuery:",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("metaDataError"), null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("attrAuthorityNotFound"), null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster identity = attrAuthorityMapper.getIdentity(request, response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("AttributeQueryUtil." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Constants.REQUESTER, SAML2Constants.UNKNOWN_PRINCIPAL,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("AttributeQueryUtil." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "processAttributeQuery: unable to find identity.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Constants.REQUESTER, SAML2Constants.UNKNOWN_PRINCIPAL,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Addition to support changing of desired attributes list
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List desiredAttrs = (List)request.getAttribute("AttributeQueryUtil-desiredAttrs");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster desiredAttrs = verifyDesiredAttributes(aad.getAttribute(),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Constants.INVALID_ATTR_NAME_OR_VALUE, null, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List attributes = attrAuthorityMapper.getAttributes(identity,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (request.getAttribute("AttributeQueryUtil-storeAllAttributes") != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request.setAttribute("AttributeQueryUtil-allAttributes", attributes);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attributes = filterAttributes(attributes, desiredAttrs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ProtocolFactory protocolFactory = ProtocolFactory.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Response samlResp = protocolFactory.createResponse();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster assertion = getAssertion(attrQuery, attrAuthorityEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster requesterEntityID, realm, attrQueryProfileAlias, attributes);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.processAttributeQuery:", se);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Constants.RESPONDER, null, se.getMessage(), null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EncryptedID encryptedID = attrQuery.getSubject().getEncryptedID();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster signAssertion(assertion, realm, attrAuthorityEntityID, false);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster encryptedAssertion = encryptAssertion(assertion,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster encryptedID, attrAuthorityEntityID, requesterEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.processAttributeQuery:", se);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Constants.RESPONDER, null, se.getMessage(), null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster samlResp.setVersion(SAML2Constants.VERSION_2_0);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Status status = protocolFactory.createStatus();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster StatusCode statusCode = protocolFactory.createStatusCode();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Issuer respIssuer = AssertionFactory.getInstance().createIssuer();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster signResponse(samlResp, attrAuthorityEntityID, realm, false);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Converts attribute query profile alias to attribute query profile.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrQueryProfileAlias attribute query profile alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return attribute query profile
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Constants.DEFAULT_ATTR_QUERY_PROFILE_ALIAS)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return SAML2Constants.DEFAULT_ATTR_QUERY_PROFILE;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Constants.X509_SUBJECT_ATTR_QUERY_PROFILE_ALIAS)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return SAML2Constants.X509_SUBJECT_ATTR_QUERY_PROFILE;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static void signAttributeQuery(AttributeQuery attrQuery,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm, boolean includeCert) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String requesterEntityID = attrQuery.getIssuer().getValue();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String alias = SAML2Utils.getSigningCertAlias(realm, requesterEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster PrivateKey signingKey = keyProvider.getPrivateKey(alias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("missingSigningCertAlias"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster signingCert = keyProvider.getX509Certificate(alias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static void validateEntityRequester(AttributeQuery attrQuery,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String attrAuthorityEntityID, String realm) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((format == null) || (format.length() == 0) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!SAML2Utils.isSourceSiteValid(issuer, realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2Utils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "attrQueryIssuerInvalid"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2Utils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "attrQueryIssuerInvalid"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Checks if the attribute query signature is valid.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrQuery attribute query
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrAuthorityEntityID entity ID of attribute authority
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm the realm of hosted entity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the attribute query signature is not valid.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static void verifyAttrQuerySignature(AttributeQuery attrQuery,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2Utils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "attrQueryNotSigned"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String requestedEntityID = attrQuery.getIssuer().getValue();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getAttributeQueryDescriptor(realm, requestedEntityID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2Utils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "attrQueryIssuerNotFound"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster KeyUtil.getVerificationCert(attrqDesc, requestedEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean valid = attrQuery.isSignatureValid(signingCert);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.verifyAttributeQuery: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2Utils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "invalidSignatureAttrQuery"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("missingSigningCertAlias"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static String getIdentityFromDataStoreX509Subject(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AttributeQuery attrQuery, String attrAuthorityEntityID, String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EncryptedID encryptedID = subject.getEncryptedID();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String alias = SAML2Utils.getEncryptionCertAlias(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster PrivateKey privateKey = keyProvider.getPrivateKey(alias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!SAML2Constants.X509_SUBJECT_NAME.equals(nameID.getFormat())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2Utils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "unsupportedAttrQuerySubjectNameID"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String mappingAttrName = getAttributeValueFromAttrAuthorityConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Constants.X509_SUBJECT_DATA_STORE_ATTR_NAME);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((mappingAttrName == null) || (mappingAttrName.length() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2Utils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "x509SubjectMappingNotConfigured"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.getIdentityFromDataStoreX509Subject: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.getIdentityFromDataStoreX509Subject:",dse);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static String getIdentity(AttributeQuery attrQuery,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String attrAuthorityEntityID, String realm) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EncryptedID encryptedID = subject.getEncryptedID();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String alias = SAML2Utils.getEncryptionCertAlias(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster PrivateKey privateKey = keyProvider.getPrivateKey(alias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // NameIDFormat is "transient"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAML2Constants.NAMEID_TRANSIENT_FORMAT.equals(nameIDFormat)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return (String)IDPCache.userIDByTransientNameIDValue.get(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // NameIDFormat is "unspecified"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAML2Constants.UNSPECIFIED.equals(nameIDFormat)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPSSOConfigElement config = SAML2Utils.getSAML2MetaManager().getIDPSSOConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attrs = SAML2MetaUtils.getAttributes(config);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List nimAttrs = (List)attrs.get(SAML2Constants.NAME_ID_FORMAT_MAP);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator i = nimAttrs.iterator(); i.hasNext(); ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (attrName != null && attrName.length()>2 && attrName.startsWith(nameIDFormat)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (eqPos != -1 && eqPos<attrName.length()-2) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("AttributeQueryUtil.getIdentity: NameID attribute from map: " + userId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return dsProvider.getUserID(realm, userIDsSearchMap);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.getIdentityFromDataStore1:", dse);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String requestedEntityID = attrQuery.getIssuer().getValue();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return dsProvider.getUserID(realm, SAML2Utils.getNameIDKeyMap(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster nameID, attrAuthorityEntityID, requestedEntityID, realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.getIdentityFromDataStore:", dse);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static List getUserAttributes(String userId,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AttributeQuery attrQuery, String attrAuthorityEntityID, String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String requestedEntityID = attrQuery.getIssuer().getValue();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map configMap = SAML2Utils.getConfigAttributeMap(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.getUserAttributes: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (configMap == null || configMap.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster configMap = SAML2Utils.getConfigAttributeMap(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrAuthorityEntityID, SAML2Constants.IDP_ROLE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (configMap == null || configMap.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.getUserAttributes:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Configuration map is not defined.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.getUserAttributes: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster valueMap = dsProvider.getAttributes(userId, localAttributes);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String localAttribute = (String)configMap.get(samlAttribute);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((valueMap != null) && (!valueMap.isEmpty())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set values = (Set)valueMap.get(localAttribute);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.getUserAttributes:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " user profile does not have value for " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.getUserAttributes:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Attribute attr = SAML2Utils.getSAMLAttribute(samlAttribute,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static void signResponse(Response response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String attrAuthorityEntityID, String realm, boolean includeCert)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String alias = SAML2Utils.getSigningCertAlias(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster PrivateKey signingKey = keyProvider.getPrivateKey(alias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("missingSigningCertAlias"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster signingCert = keyProvider.getX509Certificate(alias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static Assertion getAssertion(AttributeQuery attrQuery,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String attrAuthorityEntityID, String requesterEntityID, String realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String attrQueryProfileAlias, List attributes) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AssertionFactory assertionFactory = AssertionFactory.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Assertion assertion = assertionFactory.createAssertion();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster assertion.setVersion(SAML2Constants.VERSION_2_0);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Issuer issuer = assertionFactory.createIssuer();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Subject subject = assertionFactory.createSubject();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster subject.setEncryptedID(subjectQ.getEncryptedID());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster subject.setSubjectConfirmation(subjectQ.getSubjectConfirmation());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((attributes != null) && (!attributes.isEmpty())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster assertion.setAttributeStatements(attrStatementList);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster int effectiveTime = IDPSSOUtil.getEffectiveTime(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster int notBeforeSkewTime = IDPSSOUtil.getNotBeforeSkewTime(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Conditions conditions = IDPSSOUtil.getConditions(requesterEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static void signAssertion(Assertion assertion, String realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String attrAuthorityEntityID, boolean includeCert)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String alias = SAML2Utils.getSigningCertAlias(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster PrivateKey signingKey = keyProvider.getPrivateKey(alias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster signingCert = keyProvider.getX509Certificate(alias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static EncryptedAssertion encryptAssertion(Assertion assertion,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EncryptedID encryptedID, String attrAuthorityEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String requesterEntityID, String realm, String attrQueryProfileAlias)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String alias = SAML2Utils.getEncryptionCertAlias(realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster PrivateKey privateKey = keyProvider.getPrivateKey(alias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SecretKey secretKey = EncManager.getEncInstance().getSecretKey(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster encryptedID.toXMLString(true, true), privateKey);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getAttributeQueryDescriptor(realm, requesterEntityID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EncInfo encInfo = KeyUtil.getEncInfo(aqd, requesterEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Element el = EncManager.getEncInstance().encrypt(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster assertion.toXMLString(true, true), encInfo.getWrappingKey(),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster encInfo.getDataEncStrength(), requesterEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "EncryptedAssertion");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return AssertionFactory.getInstance().createEncryptedAssertion(el);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static List verifyDesiredAttributes(List supportedAttrs,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((supportedAttrs == null) || (supportedAttrs.isEmpty())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((desiredAttrs == null) || (desiredAttrs.isEmpty())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iterD = desiredAttrs.iterator(); iterD.hasNext(); ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean isAttrValid = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AttributeElement attrS = (AttributeElement)iterS.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Attribute value not suppoted");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception("Attribute name not suppoted");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static List convertAttributes(List jaxbAttrs)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = jaxbAttrs.iterator(); iter.hasNext(); ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AttributeElement jaxbAttr = (AttributeElement)iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Attribute attr = AssertionFactory.getInstance().createAttribute();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attr.setFriendlyName(jaxbAttr.getFriendlyName());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List jaxbValues = jaxbAttr.getAttributeValue();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((jaxbValues != null) && (!jaxbValues.isEmpty())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iterV = jaxbValues.iterator(); iterV.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((content != null) && (!content.isEmpty())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static List filterAttributes(List attributes, List desiredAttrs) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((attributes == null) || (attributes.isEmpty())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("AttributeQueryUtil.filterAttributes: attributes are null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((desiredAttrs == null) || (desiredAttrs.isEmpty())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("AttributeQueryUtil.filterAttributes: desired attributes are null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((desiredAttrs != null) && (!desiredAttrs.isEmpty())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iterD = desiredAttrs.iterator(); iterD.hasNext();){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = attributes.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //let's copy FriendlyName if exists
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //do nothing, attribute will be sent without
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //friendlyName set
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static boolean isSameAttribute(Attribute attr1, Attribute attr2) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!attr1.getName().equals(attr2.getName())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return (nameFormat1.equals(attr2.getNameFormat()));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static Attribute filterAttributeValues(Attribute attr,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List valuesD = desiredAttr.getAttributeValueString();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((valuesD == null) || (valuesD.isEmpty())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = valuesD.iterator(); iter.hasNext(); ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AssertionFactory.getInstance().createAttribute();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster newAttr.setNameFormat(desiredAttr.getNameFormat());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster newAttr.setFriendlyName(desiredAttr.getFriendlyName());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster newAttr.setAnyAttribute(desiredAttr.getAnyAttribute());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.filterAttributeValues:", se);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static boolean isSameAttribute(Attribute attr1,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!attr1.getName().equals(attr2.getName())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return (nameFormat1.equals(attr2.getNameFormat()));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static boolean isValueValid(Attribute desiredAttr,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List valuesD = desiredAttr.getAttributeValueString();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((valuesD == null) || (valuesD.isEmpty())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List attrValuesS = supportedAttr.getAttributeValue();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((attrValuesS == null) || (attrValuesS.isEmpty())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = attrValuesS.iterator(); iter.hasNext(); ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static Response sendAttributeQuerySOAP(AttributeQuery attrQuery,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String attributeServiceURL, String attrAuthorityEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AttributeAuthorityDescriptorElement aad) throws SAML2Exception {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String attrQueryXMLString = attrQuery.toXMLString(true, true);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.sendAttributeQuerySOAP: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.sendAttributeQuerySOAP: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "attributeServiceURL = " + attributeServiceURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster resMsg = SAML2Utils.sendSOAPMessage(attrQueryXMLString,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.sendAttributeQuerySOAP: ", se);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("errorSendingAttributeQuery"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Element respElem = SAML2Utils.getSamlpElement(resMsg, "Response");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ProtocolFactory.getInstance().createResponse(respElem);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.sendAttributeQuerySOAP: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "response = " + response.toXMLString(true, true));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster verifyResponse(response, attrQuery, attrAuthorityEntityID, aad);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static void verifyResponse(Response response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AttributeQuery attrQuery, String attrAuthorityEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (!attrQueryID.equals(response.getInResponseTo()))) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("invalidInResponseToAttrQuery"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!attrAuthorityEntityID.equals(respIssuer.getValue())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2Utils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "responseIssuerMismatch"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2Utils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "responseNotSigned"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster KeyUtil.getVerificationCert(aad, attrAuthorityEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean valid = response.isSignatureValid(signingCert);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.verifyResponse: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2Utils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "invalidSignatureOnResponse"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("missingSigningCertAlias"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AttributeAuthorityDescriptorElement aad, String binding,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("AttributeQueryUtil.findLocation entering...");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((attrProfiles == null) || (attrProfiles.isEmpty())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("AttributeQueryUtil.findLocation: attrProfiles is null or empty");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("AttributeQueryUtil.findLocation: attrProfiles is null or empty and attrProfile is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (!attrProfiles.contains(attrProfile)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("AttributeQueryUtil.findLocation: attrProfile not found in the attrProfiles");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("AttributeQueryUtil.findLocation: entering...");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = attrServices.iterator(); iter.hasNext(); ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (isValidAttributeService(binding, attrService,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("AttributeQueryUtil.findLocation: found valid service");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("AttributeQueryUtil.findLocation: nothing found, leaving last line with null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static boolean isValidAttributeService(String binding,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AttributeServiceElement attrService, String attrQueryProfile) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!binding.equalsIgnoreCase(attrService.getBinding())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (SAML2Constants.X509_SUBJECT_ATTR_QUERY_PROFILE.equals(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrQueryProfile) && attrService.isSupportsX509Query()));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns an <code>AttributeAuthorityMapper</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm the realm name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrAuthorityEntityID the entity id of the attribute authority
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrQueryProfileAlias attribute profile alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the <code>AttributeAuthorityMapper</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the operation is not successful
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster static AttributeAuthorityMapper getAttributeAuthorityMapper(String realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String attrAuthorityEntityID, String attrQueryProfileAlias)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AttributeAuthorityMapper attrAuthorityMapper = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrAuthorityMapperName = getAttributeValueFromAttrAuthorityConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm, attrAuthorityEntityID, attrQueryProfileAlias + "_" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Constants.DEFAULT_ATTRIBUTE_AUTHORITY_MAPPER_CLASS;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.getAttributeAuthorityMapper: use "+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrAuthorityMapper = (AttributeAuthorityMapper)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrAuthorityMapperCache.get(attrAuthorityMapperName);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrAuthorityMapper = (AttributeAuthorityMapper)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Class.forName(attrAuthorityMapperName).newInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrAuthorityMapperCache.put(attrAuthorityMapperName,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.getAttributeAuthorityMapper: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "got the AttributeAuthorityMapper from cache");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil.getAttributeAuthorityMapper: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static String getAttributeValueFromAttrAuthorityConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm, String attrAuthorityEntityID, String attrName)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map attrs = SAML2MetaUtils.getAttributes(config);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster value = ((String)values.iterator().next()).trim();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("AttributeQueryUtil." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "getAttributeValueFromAttrAuthorityConfig: " +
b563881b581c69ca884d14003b550c77e01ae057Mark Craig * Sends the AttributeQuery to specified attribute authority,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * validates the response and returns the attribute map
b563881b581c69ca884d14003b550c77e01ae057Mark Craig * <code>Map<String, String></code> to the Fedlet
4200bb8dd4c9333d2263fd312bf27069f9875f13Sachiko Wallace * @param spEntityID SP entity ID
4200bb8dd4c9333d2263fd312bf27069f9875f13Sachiko Wallace * @param idpEntityID IDP entity ID
4200bb8dd4c9333d2263fd312bf27069f9875f13Sachiko Wallace * @param nameIDValue NameID value
b563881b581c69ca884d14003b550c77e01ae057Mark Craig * @param attrsList The list of attributes whose values need to be
4200bb8dd4c9333d2263fd312bf27069f9875f13Sachiko Wallace * fetched from IDP
4200bb8dd4c9333d2263fd312bf27069f9875f13Sachiko Wallace * @param attrQueryProfileAlias Attribute Query Profile Alias
4200bb8dd4c9333d2263fd312bf27069f9875f13Sachiko Wallace * @param subjectDN Attribute name which contains X.509 subject DN
4200bb8dd4c9333d2263fd312bf27069f9875f13Sachiko Wallace * @return the <code>Map</code> object
4200bb8dd4c9333d2263fd312bf27069f9875f13Sachiko Wallace * @exception SAML2Exception if the operation is not successful
4200bb8dd4c9333d2263fd312bf27069f9875f13Sachiko Wallace * @deprecated Use #getAttributesForFedlet(String, String, String, List, String, String)
4200bb8dd4c9333d2263fd312bf27069f9875f13Sachiko Wallace public static Map<String, String> getAttributeMapForFedlet(String spEntityID,
4200bb8dd4c9333d2263fd312bf27069f9875f13Sachiko Wallace Map<String, Set<String>> attrMap = getAttributesForFedlet(spEntityID,
4200bb8dd4c9333d2263fd312bf27069f9875f13Sachiko Wallace Map<String, String> newAttrMap = new HashMap<String, String>();
4200bb8dd4c9333d2263fd312bf27069f9875f13Sachiko Wallace for (Map.Entry<String, Set<String>> entry : attrMap.entrySet()) {
4200bb8dd4c9333d2263fd312bf27069f9875f13Sachiko Wallace StringBuilder pipedValue = new StringBuilder();
4200bb8dd4c9333d2263fd312bf27069f9875f13Sachiko Wallace // Multiple attribute values
4200bb8dd4c9333d2263fd312bf27069f9875f13Sachiko Wallace // are seperated with "|"
4200bb8dd4c9333d2263fd312bf27069f9875f13Sachiko Wallace newAttrMap.put(attrName, pipedValue.toString());
b563881b581c69ca884d14003b550c77e01ae057Mark Craig * Sends the AttributeQuery to specified attribute authority,
4200bb8dd4c9333d2263fd312bf27069f9875f13Sachiko Wallace * validates the response and returns the attribute map
b563881b581c69ca884d14003b550c77e01ae057Mark Craig * <code>Map<String, Set<String>></code> to the Fedlet
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param spEntityID SP entity ID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param idpEntityID IDP entity ID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param nameIDValue NameID value
b563881b581c69ca884d14003b550c77e01ae057Mark Craig * @param attrsList The list of attributes whose values need to be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * fetched from IDP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param attrQueryProfileAlias Attribute Query Profile Alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param subjectDN Attribute name which contains X.509 subject DN
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the <code>Map</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the operation is not successful
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
4200bb8dd4c9333d2263fd312bf27069f9875f13Sachiko Wallace public static Map<String, Set<String>> getAttributesForFedlet(String spEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getAttributeQueryConfig("/", spEntityID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("AttributeQueryUtil." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "getAttributeMapForFedlet: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Attribute Query Config is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String attrqMetaAlias = attrQueryConfig.getMetaAlias();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("AttributeQueryUtil." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "getAttributeMapForFedlet: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Attribute Query MetaAlias is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean wantNameIDEncrypted = SAML2Utils.getWantNameIDEncrypted("/",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AttributeQuery attrQuery = constructAttrQueryForFedlet(spEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Constants.DEFAULT_ATTR_QUERY_PROFILE_ALIAS)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrQueryProfile = SAML2Constants.DEFAULT_ATTR_QUERY_PROFILE;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Constants.X509_SUBJECT_ATTR_QUERY_PROFILE_ALIAS)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrQueryProfile = SAML2Constants.X509_SUBJECT_ATTR_QUERY_PROFILE;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Response samlResp = sendAttributeQuery(attrQuery, idpEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Validate the response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean validResp = validateSAMLResponseForFedlet(samlResp,
4200bb8dd4c9333d2263fd312bf27069f9875f13Sachiko Wallace Map<String, Set<String>> attrMap = new HashMap();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Return back the AttributeMap
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator asserIter = assertions.iterator();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List statements = assertion.getAttributeStatements();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (statements != null && statements.size() > 0 ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator stmtIter = statements.iterator();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AttributeQueryUtil." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "getAttributeMapForFedlet: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "No Attributes present in " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SAML response");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("AttributeQueryUtil." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "getAttributeMapForFedlet: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Empty Statement present in SAML response");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("AttributeQueryUtil." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "getAttributeMapForFedlet: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Empty Assertion present in SAML response");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("AttributeQueryUtil." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "getAttributeMapForFedlet: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Invalid response obtained from Attribute Authority");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Return the attribute map and to the fedlet
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructs the Attribute Query used by the Fedlet to retrieve the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * values from IDP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param samlResp saml response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the operation is not successful
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static AttributeQuery constructAttrQueryForFedlet(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean wantNameIDEncrypted) throws SAML2Exception
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(attrqMetaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ProtocolFactory protocolFactory = ProtocolFactory.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AssertionFactory assertionFactory = AssertionFactory.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AttributeQuery attrQuery = protocolFactory.createAttributeQuery();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Issuer issuer = assertionFactory.createIssuer();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attrQuery.setVersion(SAML2Constants.VERSION_2_0);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Attribute attr = assertionFactory.createAttribute();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String attributeName = (String)attrIter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster attr.setNameFormat(SAML2Constants.BASIC_NAME_FORMAT);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Subject subject = assertionFactory.createSubject();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster NameID nameID = assertionFactory.createNameID();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Constants.DEFAULT_ATTR_QUERY_PROFILE_ALIAS)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster nameID.setFormat(SAML2Constants.NAMEID_TRANSIENT_FORMAT);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Constants.X509_SUBJECT_ATTR_QUERY_PROFILE_ALIAS)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster nameID.setFormat(SAML2Constants.X509_SUBJECT_NAME);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getAttributeAuthorityDescriptor("/", idpEntityID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EncInfo encInfo = KeyUtil.getEncInfo(aad, idpEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster EncryptedID encryptedID = nameID.encrypt(encInfo.getWrappingKey(),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Validates the SAML response obtained from Attribute Authortity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param samlResp saml response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the operation is not successful
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static boolean validateSAMLResponseForFedlet(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean wantNameIDEncrypted) throws SAML2Exception
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean resp = true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (Iterator asserIter = assertions.iterator();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Conditions conditions = assertion.getConditions();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List statements = assertion.getAttributeStatements();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the decrypted assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param samlResp saml response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the operation is not successful
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static Assertion getDecryptedAssertion(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String alias = SAML2Utils.getEncryptionCertAlias("/", spEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster KeyUtil.getKeyProviderInstance().getPrivateKey(alias);