/*
* The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation for Advanced Internet Development, Inc.
- * All rights reserved
- *
- *
- * Redistribution and use in source and binary forms, with or without modification, are permitted provided that the
- * following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice, this list of conditions and the following
- * disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following
- * disclaimer in the documentation and/or other materials provided with the distribution, if any, must include the
- * following acknowledgment: "This product includes software developed by the University Corporation for Advanced
- * Internet Development <http://www.ucaid.edu> Internet2 Project. Alternately, this acknowledegement may appear in the
- * software itself, if and wherever such third-party acknowledgments normally appear.
- *
- * Neither the name of Shibboleth nor the names of its contributors, nor Internet2, nor the University Corporation for
- * Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote products derived from this software
- * without specific prior written permission. For written permission, please contact shibboleth@shibboleth.org
- *
- * Products derived from this software may not be called Shibboleth, Internet2, UCAID, or the University Corporation
- * for Advanced Internet Development, nor may Shibboleth appear in their name, without prior written permission of the
- * University Corporation for Advanced Internet Development.
- *
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE,
- * ACCURACY, AND EFFORT IS WITH LICENSEE. IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * All rights reserved Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met: Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials
+ * provided with the distribution, if any, must include the following acknowledgment: "This product includes software
+ * developed by the University Corporation for Advanced Internet Development <http://www.ucaid.edu> Internet2 Project.
+ * Alternately, this acknowledegement may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear. Neither the name of Shibboleth nor the names of its contributors, nor Internet2, nor
+ * the University Corporation for Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote
+ * products derived from this software without specific prior written permission. For written permission, please contact
+ * shibboleth@shibboleth.org Products derived from this software may not be called Shibboleth, Internet2, UCAID, or the
+ * University Corporation for Advanced Internet Development, nor may Shibboleth appear in their name, without prior
+ * written permission of the University Corporation for Advanced Internet Development. THIS SOFTWARE IS PROVIDED BY THE
+ * COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE
+ * DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. IN NO
+ * EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC.
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package edu.internet2.middleware.shibboleth.common;
import org.opensaml.SAMLNameIdentifier;
import org.w3c.dom.Element;
-import edu.internet2.middleware.shibboleth.hs.HSNameIdentifierMapping;
-
/**
* Base class for processing name identifier mapping configuration.
*
private static Logger log = Logger.getLogger(BaseNameIdentifierMapping.class.getName());
private URI format;
+ private String id;
public BaseNameIdentifierMapping(Element config) throws NameIdentifierMappingException {
- if (!config.getLocalName().equals("NameMapping")) {
- throw new IllegalArgumentException();
- }
+ if (!config.getLocalName().equals("NameMapping")) { throw new IllegalArgumentException(); }
String rawFormat = ((Element) config).getAttribute("format");
if (rawFormat == null || rawFormat.equals("")) {
}
String id = ((Element) config).getAttribute("id");
- if (id != null && (!id.equals("")) && (!(this instanceof HSNameIdentifierMapping))) {
- log.error(
- "\"id\" attribute is not valid for Name Mapping implementations that do are not used for Name Identifer Creation.");
- throw new NameIdentifierMappingException("Invalid mapping information specified.");
+ if (id != null || !id.equals("")) {
+ this.id = id;
}
+
}
public URI getNameIdentifierFormat() {
+
return format;
}
+ public String getId() {
+
+ return id;
+ }
+
public void destroy() {
- //nothing to do
+
+ //nothing to do
}
-
- protected void verifyQualifier(SAMLNameIdentifier nameId, IdentityProvider idProv) throws NameIdentifierMappingException {
-
+
+ protected void verifyQualifier(SAMLNameIdentifier nameId, IdentityProvider idProv)
+ throws NameIdentifierMappingException {
+
if (idProv.getProviderId() == null || !idProv.getProviderId().equals(nameId.getNameQualifier())) {
log.error("The name qualifier (" + nameId.getNameQualifier()
+ ") for the referenced subject is not valid for this identity provider.");
+ ") for the referenced subject is not valid for this identity provider.");
}
}
-}
+}
\ No newline at end of file
import org.opensaml.SAMLNameIdentifier;
/**
- * Defines a mechanism for converting SAML Name Identifiers to local {@link AuthNPrincipal}objects.
+ * Defines a mechanism for converting back and forth between SAML Name Identifiers and local {@link AuthNPrincipal}
+ * objects.
*
* @author Walter Hoehn
*/
public interface NameIdentifierMapping {
- public static final String mappingNamespace = "urn:mace:shibboleth:namemapper:1.0";
+ public static final String mappingNamespace = "urn:mace:shibboleth:namemapper:1.0";
+
+ /**
+ * @return the id of this mapping or <code>null</code> is it is not configured with one
+ */
+ public String getId();
/**
* Returns the Name Identifier format for this mapping.
throws NameIdentifierMappingException, InvalidNameIdentifierException;
/**
+ * Maps a local principal to a SAML Name Identifier.
+ *
+ * @param id
+ * the id under which the effective {@link HSNameIdentifierMapping}is registered
+ * @param principal
+ * the principal to map
+ * @param sProv
+ * the provider initiating the request
+ * @param idProv
+ * the provider handling the request
+ * @return the SAML name identifier
+ * @throws NameIdentifierMappingException
+ * If the {@link NameMapper}encounters an internal error
+ */
+ public SAMLNameIdentifier getNameIdentifierName(AuthNPrincipal principal, ServiceProvider sProv,
+ IdentityProvider idProv) throws NameIdentifierMappingException;
+
+ /**
* Cleanup resources that won't be released when this object is garbage-collected
*/
public void destroy();
import org.apache.log4j.Logger;
import org.apache.xerces.parsers.DOMParser;
+import org.opensaml.SAMLException;
import org.opensaml.SAMLNameIdentifier;
import org.w3c.dom.Element;
import org.xml.sax.InputSource;
/**
* Facility for managing mappings from SAML Name Identifiers to local {@link AuthNPrincipal}objects. Mappings are
- * registered by Name Identifier format.
+ * registered by Name Identifier format and can be associated with a <code>String</code> id and recovered based on the
+ * same.
*
* @author Walter Hoehn
* @see NameIdentifierMapping
*/
public class NameMapper {
- private static Logger log = Logger.getLogger(NameMapper.class.getName());
- protected Map byFormat = new HashMap();
- private static Map registeredMappingTypes = Collections.synchronizedMap(new HashMap());
+ private static Logger log = Logger.getLogger(NameMapper.class.getName());
+ private Map byFormat = new HashMap();
+ private Map byId = new HashMap();
+ private static Map registeredMappingTypes = Collections.synchronizedMap(new HashMap());
/** true if mappings have been added */
- protected boolean initialized = false;
+ protected boolean initialized = false;
/** Mapping to use if no other mappings have been added */
- protected SharedMemoryShibHandle defaultMapping;
+ protected SharedMemoryShibHandle defaultMapping;
//Preload aliases for bundled mappings
static {
.forName("edu.internet2.middleware.shibboleth.hs.provider.SharedMemoryShibHandle"));
registeredMappingTypes.put("Principal", Class
- .forName("edu.internet2.middleware.shibboleth.common.PrincipalNameIdentifier"));
+ .forName("edu.internet2.middleware.shibboleth.hs.provider.PrincipalNameIdentifier"));
} catch (ClassNotFoundException e) {
log.error("Unable to pre-register Name mapping implementation types.");
* Constructs the name mapper and loads a default name mapping.
*/
public NameMapper() {
+
try {
//Load the default mapping
String rawConfig = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
}
protected void initialize() {
+
initialized = true;
defaultMapping = null;
}
}
byFormat.put(mapping.getNameIdentifierFormat(), mapping);
+ if (mapping.getId() != null && !mapping.getId().equals("")) {
+ byId.put(mapping.getId(), mapping);
+ }
+
}
/**
return (NameIdentifierMapping) byFormat.get(format);
}
+ /**
+ * Returns the <code>NameIdentifierMapping</code> registered for a given id
+ *
+ * @param id
+ * the registered id
+ * @return the mapping or <tt>null</tt> if no mapping is registered for the given id
+ */
+ public NameIdentifierMapping getNameIdentifierMappingById(String id) {
+
+ if (id == null || id.equals("")) {
+ if (!initialized) { return defaultMapping; }
+
+ if (byFormat.size() == 1) {
+ Iterator values = byFormat.values().iterator();
+ Object mapping = values.next();
+ return (NameIdentifierMapping) mapping;
+ }
+ }
+
+ return (NameIdentifierMapping) byId.get(id);
+ }
+
protected NameIdentifierMapping loadNameIdentifierMapping(Class implementation, Element config)
throws NameIdentifierMappingException {
}
/**
- * Cleanup resources that won't be released when this object is garbage-collected
+ * Maps a local principal to a SAML Name Identifier using the mapping registered under a given id.
+ *
+ * @param id
+ * the id under which the effective <code>NameIdentifierMapping</code> is registered
+ * @param principal
+ * the principal to map
+ * @param sProv
+ * the provider initiating the request
+ * @param idProv
+ * the provider handling the request
+ * @return
+ * @throws NameIdentifierMappingException
+ * If the <code>NameMapper</code> encounters an internal error
*/
- public void destroy() {
- Iterator mappingIterator = byFormat.values().iterator();
- while (mappingIterator.hasNext()) {
- ((NameIdentifierMapping) mappingIterator.next()).destroy();
- }
+ public SAMLNameIdentifier getNameIdentifierName(String id, AuthNPrincipal principal, ServiceProvider sProv,
+ IdentityProvider idProv) throws NameIdentifierMappingException {
+
+ NameIdentifierMapping mapping = getNameIdentifierMappingById(id);
+
+ if (mapping == null) { throw new NameIdentifierMappingException("Name Identifier id not registered."); }
+ return mapping.getNameIdentifierName(principal, sProv, idProv);
}
/**
public class TestNameIdentifierMapping implements NameIdentifierMapping {
private TestNameIdentifierMapping() {
+
//Constructor to prevent others from creating this class
}
* @see edu.internet2.middleware.shibboleth.common.NameIdentifierMapping#getNameIdentifierFormat()
*/
public URI getNameIdentifierFormat() {
+
try {
return new URI("urn:mace:shibboleth:test:nameIdentifier");
} catch (URISyntaxException e) {
*/
public AuthNPrincipal getPrincipal(SAMLNameIdentifier nameId, ServiceProvider sProv, IdentityProvider idProv)
throws NameIdentifierMappingException, InvalidNameIdentifierException {
-
+
log.info("Request references built-in test principal.");
if (idProv.getProviderId() == null || !idProv.getProviderId().equals(nameId.getNameQualifier())) {
* @see edu.internet2.middleware.shibboleth.common.NameIdentifierMapping#destroy()
*/
public void destroy() {
+
//Nothing to do
}
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see edu.internet2.middleware.shibboleth.common.NameIdentifierMapping#getId()
+ */
+ public String getId() {
+
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see edu.internet2.middleware.shibboleth.common.NameIdentifierMapping#getNameIdentifierName(edu.internet2.middleware.shibboleth.common.AuthNPrincipal,
+ * edu.internet2.middleware.shibboleth.common.ServiceProvider,
+ * edu.internet2.middleware.shibboleth.common.IdentityProvider)
+ */
+ public SAMLNameIdentifier getNameIdentifierName(AuthNPrincipal principal, ServiceProvider sProv,
+ IdentityProvider idProv) throws NameIdentifierMappingException {
+
+ try {
+ return new SAMLNameIdentifier("test-handle", idProv.getProviderId(), getNameIdentifierFormat()
+ .toString());
+ } catch (SAMLException e) {
+ throw new NameIdentifierMappingException("Unable to generate Name Identifier: " + e);
+ }
+ }
+ }
+
+ /**
+ * Cleanup resources that won't be released when this object is garbage-collected
+ */
+ public void destroy() {
+
+ Iterator mappingIterator = byFormat.values().iterator();
+ while (mappingIterator.hasNext()) {
+ ((NameIdentifierMapping) mappingIterator.next()).destroy();
+ }
}
}
\ No newline at end of file
+++ /dev/null
-/*
- * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation
- * for Advanced Internet Development, Inc. All rights reserved
- *
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution, if any, must include
- * the following acknowledgment: "This product includes software developed by
- * the University Corporation for Advanced Internet Development
- * <http://www.ucaid.edu> Internet2 Project. Alternately, this acknowledegement
- * may appear in the software itself, if and wherever such third-party
- * acknowledgments normally appear.
- *
- * Neither the name of Shibboleth nor the names of its contributors, nor
- * Internet2, nor the University Corporation for Advanced Internet Development,
- * Inc., nor UCAID may be used to endorse or promote products derived from this
- * software without specific prior written permission. For written permission,
- * please contact shibboleth@shibboleth.org
- *
- * Products derived from this software may not be called Shibboleth, Internet2,
- * UCAID, or the University Corporation for Advanced Internet Development, nor
- * may Shibboleth appear in their name, without prior written permission of the
- * University Corporation for Advanced Internet Development.
- *
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-package edu.internet2.middleware.shibboleth.common;
-
-import org.opensaml.SAMLNameIdentifier;
-import org.w3c.dom.Element;
-
-/**
- * {@link NameIdentifierMapping} implementation to use when the SAML name identifier format matches the Shibboleth
- * internal representation of the principal.
- *
- * @author Walter Hoehn
- */
-public class PrincipalNameIdentifier extends BaseNameIdentifierMapping {
-
- public PrincipalNameIdentifier(Element config) throws NameIdentifierMappingException {
- super(config);
- }
-
- public AuthNPrincipal getPrincipal(SAMLNameIdentifier nameId, ServiceProvider sProv, IdentityProvider idProv)
- throws NameIdentifierMappingException, InvalidNameIdentifierException {
-
- verifyQualifier(nameId, idProv);
- return new AuthNPrincipal(nameId.getName());
- }
-}
+++ /dev/null
-/*
- * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation
- * for Advanced Internet Development, Inc. All rights reserved
- *
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution, if any, must include
- * the following acknowledgment: "This product includes software developed by
- * the University Corporation for Advanced Internet Development
- * <http://www.ucaid.edu> Internet2 Project. Alternately, this acknowledegement
- * may appear in the software itself, if and wherever such third-party
- * acknowledgments normally appear.
- *
- * Neither the name of Shibboleth nor the names of its contributors, nor
- * Internet2, nor the University Corporation for Advanced Internet Development,
- * Inc., nor UCAID may be used to endorse or promote products derived from this
- * software without specific prior written permission. For written permission,
- * please contact shibboleth@shibboleth.org
- *
- * Products derived from this software may not be called Shibboleth, Internet2,
- * UCAID, or the University Corporation for Advanced Internet Development, nor
- * may Shibboleth appear in their name, without prior written permission of the
- * University Corporation for Advanced Internet Development.
- *
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-package edu.internet2.middleware.shibboleth.hs;
-
-import org.opensaml.SAMLNameIdentifier;
-
-import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
-import edu.internet2.middleware.shibboleth.common.IdentityProvider;
-import edu.internet2.middleware.shibboleth.common.NameIdentifierMapping;
-import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
-import edu.internet2.middleware.shibboleth.common.ServiceProvider;
-
-/**
- * Adds a mechanism to the {@link NameIdentifierMapping} interface for generating SAML Name Identifiers from
- * {@link AuthNPrincipal} objects.
- *
- * @author Walter Hoehn
- */
-public interface HSNameIdentifierMapping extends NameIdentifierMapping {
-
- /**
- * @return the id of this mapping or <code>null</code> is it is not
- * configured with one
- */
- public String getId();
-
- /**
- * Maps a local principal to a SAML Name Identifier.
- *
- * @param id
- * the id under which the effective {@link HSNameIdentifierMapping}
- * is registered
- * @param principal
- * the principal to map
- * @param sProv
- * the provider initiating the request
- * @param idProv
- * the provider handling the request
- * @return the SAML name identifier
-
- * @throws NameIdentifierMappingException If the {@link NameMapper}
- * encounters an internal error
- */
- public SAMLNameIdentifier getNameIdentifierName(
- AuthNPrincipal principal,
- ServiceProvider sProv,
- IdentityProvider idProv)
- throws NameIdentifierMappingException;
-
-}
+++ /dev/null
-/*
- * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation
- * for Advanced Internet Development, Inc. All rights reserved
- *
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- *
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution, if any, must include
- * the following acknowledgment: "This product includes software developed by
- * the University Corporation for Advanced Internet Development
- * <http://www.ucaid.edu> Internet2 Project. Alternately, this acknowledegement
- * may appear in the software itself, if and wherever such third-party
- * acknowledgments normally appear.
- *
- * Neither the name of Shibboleth nor the names of its contributors, nor
- * Internet2, nor the University Corporation for Advanced Internet Development,
- * Inc., nor UCAID may be used to endorse or promote products derived from this
- * software without specific prior written permission. For written permission,
- * please contact shibboleth@shibboleth.org
- *
- * Products derived from this software may not be called Shibboleth, Internet2,
- * UCAID, or the University Corporation for Advanced Internet Development, nor
- * may Shibboleth appear in their name, without prior written permission of the
- * University Corporation for Advanced Internet Development.
- *
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
- * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK
- * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE.
- * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY
- * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY
- * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
- * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-package edu.internet2.middleware.shibboleth.hs;
-
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Map;
-
-import org.opensaml.SAMLNameIdentifier;
-
-import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
-import edu.internet2.middleware.shibboleth.common.IdentityProvider;
-import edu.internet2.middleware.shibboleth.common.NameIdentifierMapping;
-import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
-import edu.internet2.middleware.shibboleth.common.NameMapper;
-import edu.internet2.middleware.shibboleth.common.ServiceProvider;
-
-/**
- * <code>NameMapper</code> that additionally maps local <code>AuthNPrincipal</code>
- * to SAML Name Identifiers. Mappings can be associated with a <code>String</code>
- * id and recovered based on the same.
- *
- * @author Walter Hoehn
- * @see NameMapper
- * @see HSNameIdentifierMapping
- */
-public class HSNameMapper extends NameMapper {
-
- private Map byId = new HashMap();
-
- /**
- * Adds a <code>NameIdentifierMapping</code> to this <code>HSNameMapper</code>,
- * registering it according to its format and, if applicable, according to
- * its id.
- *
- * @param mapping
- * the mapping to add
- */
- public void addNameMapping(NameIdentifierMapping mapping) {
- super.addNameMapping(mapping);
- if (mapping instanceof HSNameIdentifierMapping) {
- if (((HSNameIdentifierMapping) mapping).getId() != null
- && (!((HSNameIdentifierMapping) mapping).getId().equals(""))) {
- byId.put(((HSNameIdentifierMapping) mapping).getId(), mapping);
- }
- }
- }
-
- /**
- * Returns the <code>HSNameIdentifierMapping</code> registered for a
- * given id
- *
- * @param id
- * the registered id
- * @return the mapping or <tt>null</tt> if no mapping is registered for
- * the given id
- */
- public HSNameIdentifierMapping getNameIdentifierMappingById(String id) {
-
- if (id == null || id.equals("")) {
- if (!initialized) {
- return defaultMapping;
- }
-
- if (byFormat.size() == 1) {
- Iterator values = byFormat.values().iterator();
- Object mapping = values.next();
- if (mapping instanceof HSNameIdentifierMapping) {
- return (HSNameIdentifierMapping) mapping;
- }
- }
- }
-
- return (HSNameIdentifierMapping) byId.get(id);
- }
-
- /**
- *
- * Maps a local principal to a SAML Name Identifier using the mapping registered under a given id.
- *
- * @param id
- * the id under which the effective <code>HSNameIdentifierMapping</code>
- * is registered
- * @param principal
- * the principal to map
- * @param sProv
- * the provider initiating the request
- * @param idProv
- * the provider handling the request
- * @return @throws
- * NameIdentifierMappingException If the <code>NameMapper</code>
- * encounters an internal error
- */
- public SAMLNameIdentifier getNameIdentifierName(
- String id,
- AuthNPrincipal principal,
- ServiceProvider sProv,
- IdentityProvider idProv)
- throws NameIdentifierMappingException {
-
- HSNameIdentifierMapping mapping = getNameIdentifierMappingById(id);
-
- if (mapping == null) {
- throw new NameIdentifierMappingException("Name Identifier id not registered.");
- }
- return mapping.getNameIdentifierName(principal, sProv, idProv);
- }
-}
* The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation for Advanced Internet Development, Inc.
* All rights reserved Redistribution and use in source and binary forms, with or without modification, are permitted
* provided that the following conditions are met: Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other
- * materials provided with the distribution, if any, must include the following acknowledgment: "This product includes
- * software developed by the University Corporation for Advanced Internet Development <http://www.ucaid.edu> Internet2
- * Project. Alternately, this acknowledegement may appear in the software itself, if and wherever such third-party
- * acknowledgments normally appear. Neither the name of Shibboleth nor the names of its contributors, nor Internet2,
- * nor the University Corporation for Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote
- * products derived from this software without specific prior written permission. For written permission, please
- * contact shibboleth@shibboleth.org Products derived from this software may not be called Shibboleth, Internet2,
- * UCAID, or the University Corporation for Advanced Internet Development, nor may Shibboleth appear in their name,
- * without prior written permission of the University Corporation for Advanced Internet Development. THIS SOFTWARE IS
- * PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND
- * NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS
- * WITH LICENSEE. IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY CORPORATION FOR ADVANCED
- * INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
- * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials
+ * provided with the distribution, if any, must include the following acknowledgment: "This product includes software
+ * developed by the University Corporation for Advanced Internet Development <http://www.ucaid.edu> Internet2 Project.
+ * Alternately, this acknowledegement may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear. Neither the name of Shibboleth nor the names of its contributors, nor Internet2, nor
+ * the University Corporation for Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote
+ * products derived from this software without specific prior written permission. For written permission, please contact
+ * shibboleth@shibboleth.org Products derived from this software may not be called Shibboleth, Internet2, UCAID, or the
+ * University Corporation for Advanced Internet Development, nor may Shibboleth appear in their name, without prior
+ * written permission of the University Corporation for Advanced Internet Development. THIS SOFTWARE IS PROVIDED BY THE
+ * COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE
+ * DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. IN NO
+ * EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC.
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package edu.internet2.middleware.shibboleth.hs;
import edu.internet2.middleware.shibboleth.common.Credential;
import edu.internet2.middleware.shibboleth.common.Credentials;
+import edu.internet2.middleware.shibboleth.common.NameMapper;
import edu.internet2.middleware.shibboleth.common.RelyingParty;
import edu.internet2.middleware.shibboleth.common.ServiceProviderMapper;
import edu.internet2.middleware.shibboleth.common.ServiceProviderMapperException;
import edu.internet2.middleware.shibboleth.metadata.Metadata;
/**
- * Class for determining the effective relying party for the Shibboleth handle service from the unique id of the
- * service provider.
+ * Class for determining the effective relying party for the Shibboleth handle service from the unique id of the service
+ * provider.
*
* @author Walter Hoehn
*/
public class HSServiceProviderMapper extends ServiceProviderMapper {
- private static Logger log = Logger.getLogger(HSServiceProviderMapper.class.getName());
- private HSConfig configuration;
- private Credentials credentials;
- private HSNameMapper nameMapper;
+ private static Logger log = Logger.getLogger(HSServiceProviderMapper.class.getName());
+ private HSConfig configuration;
+ private Credentials credentials;
+ private NameMapper nameMapper;
/**
* Constructs a new service provider mapper for the handle service.
* if the configuration is invalid
*/
public HSServiceProviderMapper(Element rawConfig, HSConfig configuration, Credentials credentials,
- HSNameMapper nameMapper, Metadata metaData) throws ServiceProviderMapperException {
+ NameMapper nameMapper, Metadata metaData) throws ServiceProviderMapperException {
+
super(metaData);
this.configuration = configuration;
this.credentials = credentials;
}
protected ShibbolethOriginConfig getOriginConfig() {
+
return configuration;
}
*/
class HSRelyingPartyImpl extends BaseRelyingPartyImpl implements HSRelyingParty {
- private URL overridenAAUrl;
- private URI overridenDefaultAuthMethod;
- protected String hsNameFormatId;
- private HSConfig configuration;
+ private URL overridenAAUrl;
+ private URI overridenDefaultAuthMethod;
+ protected String hsNameFormatId;
+ private HSConfig configuration;
- HSRelyingPartyImpl(Element partyConfig, HSConfig globalConfig, Credentials credentials, HSNameMapper nameMapper)
+ HSRelyingPartyImpl(Element partyConfig, HSConfig globalConfig, Credentials credentials, NameMapper nameMapper)
throws ServiceProviderMapperException {
super(partyConfig);
}
public boolean isLegacyProvider() {
+
return false;
}
public String getHSNameFormatId() {
+
return hsNameFormatId;
}
}
public URL getAAUrl() {
+
if (overridenAAUrl != null) {
return overridenAAUrl;
} else {
class LegacyWrapper extends UnknownProviderWrapper implements HSRelyingParty {
LegacyWrapper(HSRelyingParty wrapped) {
+
super(wrapped, null);
}
public boolean isLegacyProvider() {
+
return true;
}
public String getHSNameFormatId() {
+
return ((HSRelyingParty) wrapped).getHSNameFormatId();
}
public URL getAAUrl() {
+
return ((HSRelyingParty) wrapped).getAAUrl();
}
public URI getDefaultAuthMethod() {
+
return ((HSRelyingParty) wrapped).getDefaultAuthMethod();
}
}
class NoMetadataWrapper extends UnknownProviderWrapper implements HSRelyingParty {
NoMetadataWrapper(HSRelyingParty wrapped) {
+
super(wrapped, null);
}
public String getHSNameFormatId() {
+
return ((HSRelyingParty) wrapped).getHSNameFormatId();
}
public URL getAAUrl() {
+
return ((HSRelyingParty) wrapped).getAAUrl();
}
public URI getDefaultAuthMethod() {
+
return ((HSRelyingParty) wrapped).getDefaultAuthMethod();
}
}
-}
+}
\ No newline at end of file
+++ /dev/null
-/*
- * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation for Advanced Internet Development, Inc.
- * All rights reserved Redistribution and use in source and binary forms, with or without modification, are permitted
- * provided that the following conditions are met: Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other
- * materials provided with the distribution, if any, must include the following acknowledgment: "This product includes
- * software developed by the University Corporation for Advanced Internet Development <http://www.ucaid.edu> Internet2
- * Project. Alternately, this acknowledegement may appear in the software itself, if and wherever such third-party
- * acknowledgments normally appear. Neither the name of Shibboleth nor the names of its contributors, nor Internet2,
- * nor the University Corporation for Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote
- * products derived from this software without specific prior written permission. For written permission, please
- * contact shibboleth@shibboleth.org Products derived from this software may not be called Shibboleth, Internet2,
- * UCAID, or the University Corporation for Advanced Internet Development, nor may Shibboleth appear in their name,
- * without prior written permission of the University Corporation for Advanced Internet Development. THIS SOFTWARE IS
- * PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND
- * NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS
- * WITH LICENSEE. IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY CORPORATION FOR ADVANCED
- * INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
- * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
- */
-
-package edu.internet2.middleware.shibboleth.hs;
-
-import java.io.IOException;
-import java.util.Collections;
-import java.util.Date;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletException;
-import javax.servlet.UnavailableException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.log4j.Level;
-import org.apache.log4j.Logger;
-import org.apache.log4j.MDC;
-import org.doomdark.uuid.UUIDGenerator;
-import org.opensaml.QName;
-import org.opensaml.SAMLAuthorityBinding;
-import org.opensaml.SAMLBinding;
-import org.opensaml.SAMLException;
-import org.opensaml.SAMLNameIdentifier;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-
-import sun.misc.BASE64Decoder;
-import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
-import edu.internet2.middleware.shibboleth.common.Credentials;
-import edu.internet2.middleware.shibboleth.common.NameIdentifierMapping;
-import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
-import edu.internet2.middleware.shibboleth.common.OriginConfig;
-import edu.internet2.middleware.shibboleth.common.ServiceProviderMapperException;
-import edu.internet2.middleware.shibboleth.common.ShibPOSTProfile;
-import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
-import edu.internet2.middleware.shibboleth.common.ShibbolethOriginConfig;
-import edu.internet2.middleware.shibboleth.common.TargetFederationComponent;
-import edu.internet2.middleware.shibboleth.metadata.Endpoint;
-import edu.internet2.middleware.shibboleth.metadata.Provider;
-import edu.internet2.middleware.shibboleth.metadata.ProviderRole;
-import edu.internet2.middleware.shibboleth.metadata.SPProviderRole;
-
-public class HandleServlet extends TargetFederationComponent {
-
- private static Logger log = Logger.getLogger(HandleServlet.class.getName());
- private static Logger transactionLog = Logger.getLogger("Shibboleth-TRANSACTION");
-
- private Semaphore throttle;
- private HSConfig configuration;
- private Credentials credentials;
- private HSNameMapper nameMapper;
- private ShibPOSTProfile postProfile = new ShibPOSTProfile();
- private HSServiceProviderMapper targetMapper;
-
- protected void loadConfiguration() throws ShibbolethConfigurationException {
-
- Document originConfig = OriginConfig.getOriginConfig(this.getServletContext());
-
- //Load global configuration properties
- configuration = new HSConfig(originConfig.getDocumentElement());
-
- //Load signing credentials
- NodeList itemElements = originConfig.getDocumentElement().getElementsByTagNameNS(
- Credentials.credentialsNamespace, "Credentials");
- if (itemElements.getLength() < 1) {
- log.error("Credentials not specified.");
- throw new ShibbolethConfigurationException(
- "The Handle Service requires that signing credentials be supplied in the <Credentials> configuration element.");
- }
-
- if (itemElements.getLength() > 1) {
- log.error("Multiple Credentials specifications found, using first.");
- }
-
- credentials = new Credentials((Element) itemElements.item(0));
-
- //Load name mappings
- itemElements = originConfig.getDocumentElement().getElementsByTagNameNS(NameIdentifierMapping.mappingNamespace,
- "NameMapping");
-
- for (int i = 0; i < itemElements.getLength(); i++) {
- try {
- nameMapper.addNameMapping((Element) itemElements.item(i));
- } catch (NameIdentifierMappingException e) {
- log.error("Name Identifier mapping could not be loaded: " + e);
- }
- }
-
- //Load metadata
- itemElements = originConfig.getDocumentElement().getElementsByTagNameNS(
- ShibbolethOriginConfig.originConfigNamespace, "FederationProvider");
- for (int i = 0; i < itemElements.getLength(); i++) {
- addFederationProvider((Element) itemElements.item(i));
- }
- if (providerCount() < 1) {
- log.error("No Federation Provider metadata loaded.");
- throw new ShibbolethConfigurationException("Could not load federation metadata.");
- }
-
- //Load relying party config
- try {
- targetMapper = new HSServiceProviderMapper(originConfig.getDocumentElement(), configuration, credentials,
- nameMapper, this);
- } catch (ServiceProviderMapperException e) {
- log.error("Could not load origin configuration: " + e);
- throw new ShibbolethConfigurationException("Could not load origin configuration.");
- }
-
- }
-
- public void init() throws ServletException {
- super.init();
- MDC.put("serviceId", "[HS] Core");
- transactionLog.setLevel((Level) Level.INFO);
- try {
- log.info("Initializing Handle Service.");
-
- nameMapper = new HSNameMapper();
- loadConfiguration();
-
- throttle = new Semaphore(configuration.getMaxThreads());
-
- log.info("Handle Service initialization complete.");
-
- } catch (ShibbolethConfigurationException ex) {
- log.fatal("Handle Service runtime configuration error. Please fix and re-initialize. Cause: " + ex);
- throw new UnavailableException("Handle Service failed to initialize.");
- }
- }
-
- public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
-
- MDC.put("serviceId", "[HS] " + UUIDGenerator.getInstance().generateRandomBasedUUID());
- MDC.put("remoteAddr", req.getRemoteAddr());
- log.info("Handling request.");
-
- try {
- throttle.enter();
- checkRequestParams(req);
-
- req.setAttribute("shire", req.getParameter("shire"));
- req.setAttribute("target", req.getParameter("target"));
-
- //Get the authN info
- String username = configuration.getAuthHeaderName().equalsIgnoreCase("REMOTE_USER")
- ? req.getRemoteUser()
- : req.getHeader(configuration.getAuthHeaderName());
-
- //If the target did not send a Provider Id, then assume it is a Shib
- // 1.1 or older target
- HSRelyingParty relyingParty = null;
- String remoteProviderId = req.getParameter("providerId");
- if (remoteProviderId == null) {
- relyingParty = targetMapper.getLegacyRelyingParty();
- } else if (remoteProviderId.equals("")) {
- throw new InvalidClientDataException("Invalid service provider id.");
- } else {
- log.debug("Remote provider has identified itself as: (" + remoteProviderId + ").");
- relyingParty = targetMapper.getRelyingParty(req.getParameter("providerId"));
- }
-
- //Make sure that the selected relying party configuration is appropriate for this
- //acceptance URL
- if (!relyingParty.isLegacyProvider()) {
-
- Provider provider = lookup(relyingParty.getProviderId());
- if (provider == null) {
- log.info("No metadata found for provider: (" + relyingParty.getProviderId() + ").");
- relyingParty = targetMapper.getRelyingParty(null);
-
- } else {
-
- if (isValidAssertionConsumerURL(provider, req.getParameter("shire"))) {
- log.info("Supplied consumer URL validated for this provider.");
- } else {
- log.error("Supplied assertion consumer service URL (" + req.getParameter("shire")
- + ") is NOT valid for provider (" + relyingParty.getProviderId() + ").");
- throw new InvalidClientDataException("Invalid assertion consumer service URL.");
- }
- }
- }
-
- SAMLNameIdentifier nameId = nameMapper.getNameIdentifierName(relyingParty.getHSNameFormatId(),
- new AuthNPrincipal(username), relyingParty, relyingParty.getIdentityProvider());
-
- String authenticationMethod = req.getHeader("SAMLAuthenticationMethod");
- if (authenticationMethod == null || authenticationMethod.equals("")) {
- authenticationMethod = relyingParty.getDefaultAuthMethod().toString();
- log.debug("User was authenticated via the default method for this relying party ("
- + authenticationMethod + ").");
- } else {
- log.debug("User was authenticated via the method (" + authenticationMethod + ").");
- }
-
- byte[] buf = generateAssertion(relyingParty, nameId, req.getParameter("shire"), req.getRemoteAddr(),
- authenticationMethod);
-
- createForm(req, res, buf);
-
- if (relyingParty.isLegacyProvider()) {
- transactionLog.info("Authentication assertion issued to legacy provider (SHIRE: "
- + req.getParameter("shire") + ") on behalf of principal (" + username + ") for resource ("
- + req.getParameter("target") + "). Name Identifier: (" + nameId.getName()
- + "). Name Identifier Format: (" + nameId.getFormat() + ").");
- } else {
- transactionLog.info("Authentication assertion issued to provider (" + req.getParameter("providerId")
- + ") on behalf of principal (" + username + "). Name Identifier: (" + nameId.getName()
- + "). Name Identifier Format: (" + nameId.getFormat() + ").");
- }
-
- } catch (NameIdentifierMappingException ex) {
- log.error(ex);
- handleError(req, res, ex);
- return;
- } catch (InvalidClientDataException ex) {
- log.error(ex);
- handleError(req, res, ex);
- return;
- } catch (SAMLException ex) {
- log.error(ex);
- handleError(req, res, ex);
- return;
- } catch (InterruptedException ex) {
- log.error(ex);
- handleError(req, res, ex);
- return;
- } finally {
- throttle.exit();
- }
- }
-
- public void destroy() {
- log.info("Cleaning up resources.");
- nameMapper.destroy();
- }
-
- protected byte[] generateAssertion(HSRelyingParty relyingParty, SAMLNameIdentifier nameId, String shireURL,
- String clientAddress, String authType) throws SAMLException, IOException {
-
- if (relyingParty.isLegacyProvider()) {
- //For compatibility with pre-1.2 shibboleth targets, include a pointer to the AA
- SAMLAuthorityBinding binding = new SAMLAuthorityBinding(SAMLBinding.SAML_SOAP_HTTPS, relyingParty
- .getAAUrl().toString(), new QName(org.opensaml.XML.SAMLP_NS, "AttributeQuery"));
- return postProfile.prepare(shireURL, relyingParty, nameId, clientAddress, authType,
- new Date(System.currentTimeMillis()), Collections.singleton(binding)).toBase64();
-
- } else {
- return postProfile.prepare(shireURL, relyingParty, nameId, clientAddress, authType,
- new Date(System.currentTimeMillis()), null).toBase64();
- }
- }
-
- protected void createForm(HttpServletRequest req, HttpServletResponse res, byte[] buf) throws IOException,
- ServletException {
-
- //Hardcoded to ASCII to ensure Base64 encoding compatibility
- req.setAttribute("assertion", new String(buf, "ASCII"));
-
- if (log.isDebugEnabled()) {
- try {
- log.debug("Dumping generated SAML Response:" + System.getProperty("line.separator")
- + new String(new BASE64Decoder().decodeBuffer(new String(buf, "ASCII")), "UTF8"));
- } catch (IOException e) {
- log.error("Encountered an error while decoding SAMLReponse for logging purposes.");
- }
- }
-
- RequestDispatcher rd = req.getRequestDispatcher("/hs.jsp");
- rd.forward(req, res);
- }
-
- protected void handleError(HttpServletRequest req, HttpServletResponse res, Exception e) throws ServletException,
- IOException {
-
- req.setAttribute("errorText", e.toString());
- req.setAttribute("requestURL", req.getRequestURI().toString());
- RequestDispatcher rd = req.getRequestDispatcher("/hserror.jsp");
-
- rd.forward(req, res);
- }
-
- protected void checkRequestParams(HttpServletRequest req) throws InvalidClientDataException {
-
- if (req.getParameter("target") == null || req.getParameter("target").equals("")) {
- throw new InvalidClientDataException("Invalid data from SHIRE: no target URL received.");
- }
- if ((req.getParameter("shire") == null) || (req.getParameter("shire").equals(""))) {
- throw new InvalidClientDataException("Invalid data from SHIRE: No acceptance URL received.");
- }
- if ((req.getRemoteUser() == null) || (req.getRemoteUser().equals(""))) {
- throw new InvalidClientDataException("Unable to authenticate remote user");
- }
- if ((req.getRemoteAddr() == null) || (req.getRemoteAddr().equals(""))) {
- throw new InvalidClientDataException("Unable to obtain client address.");
- }
- }
-
- protected boolean isValidAssertionConsumerURL(Provider provider, String shireURL) throws InvalidClientDataException {
-
- ProviderRole[] roles = provider.getRoles();
- if (roles.length == 0) {
- log.info("Inappropriate metadata for provider.");
- return false;
- }
-
- for (int i = 0; roles.length > i; i++) {
- if (roles[i] instanceof SPProviderRole) {
- Endpoint[] endpoints = ((SPProviderRole) roles[i]).getAssertionConsumerServiceURLs();
- for (int j = 0; endpoints.length > j; j++) {
- if (shireURL.equals(endpoints[j].getLocation())) {
- return true;
- }
- }
- }
- }
- log.info("Supplied consumer URL not found in metadata.");
- return false;
- }
-
- class InvalidClientDataException extends Exception {
-
- public InvalidClientDataException(String message) {
- super(message);
- }
- }
-
- private class Semaphore {
-
- private int value;
-
- public Semaphore(int value) {
- this.value = value;
- }
-
- public synchronized void enter() throws InterruptedException {
- --value;
- if (value < 0) {
- wait();
- }
- }
-
- public synchronized void exit() {
- ++value;
- notify();
- }
- }
-
-}
private static Logger log = Logger.getLogger(AQHNameIdentifierMapping.class.getName());
/** Time in seconds for which handles are valid */
protected long handleTTL = 1800;
- private String id;
protected static QName[] errorCodes = {SAMLException.REQUESTER,
new QName(edu.internet2.middleware.shibboleth.common.XML.SHIB_NS, "InvalidHandle")};
public AQHNameIdentifierMapping(Element config) throws NameIdentifierMappingException {
super(config);
- String id = ((Element) config).getAttribute("id");
- if (id != null || !id.equals("")) {
- this.id = id;
- }
String rawTTL = ((Element) config).getAttribute("handleTTL");
try {
protected HandleEntry createHandleEntry(AuthNPrincipal principal) {
return new HandleEntry(principal, handleTTL);
}
-
- public String getId() {
- return id;
- }
-
}
class HandleEntry implements Serializable {
import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
import edu.internet2.middleware.shibboleth.common.ServiceProvider;
import edu.internet2.middleware.shibboleth.common.ShibResource;
-import edu.internet2.middleware.shibboleth.hs.HSNameIdentifierMapping;
import edu.internet2.middleware.shibboleth.utils.Base32;
/**
* @author Walter Hoehn
* @author Derek Morr
*/
-public class CryptoShibHandle extends AQHNameIdentifierMapping implements HSNameIdentifierMapping {
+public class CryptoShibHandle extends AQHNameIdentifierMapping implements NameIdentifierMapping {
private static Logger log = Logger.getLogger(CryptoShibHandle.class.getName());
protected SecretKey secret;
--- /dev/null
+/*
+ * The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation for Advanced Internet Development, Inc.
+ * All rights reserved Redistribution and use in source and binary forms, with or without modification, are permitted
+ * provided that the following conditions are met: Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials
+ * provided with the distribution, if any, must include the following acknowledgment: "This product includes software
+ * developed by the University Corporation for Advanced Internet Development <http://www.ucaid.edu> Internet2 Project.
+ * Alternately, this acknowledegement may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear. Neither the name of Shibboleth nor the names of its contributors, nor Internet2, nor
+ * the University Corporation for Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote
+ * products derived from this software without specific prior written permission. For written permission, please contact
+ * shibboleth@shibboleth.org Products derived from this software may not be called Shibboleth, Internet2, UCAID, or the
+ * University Corporation for Advanced Internet Development, nor may Shibboleth appear in their name, without prior
+ * written permission of the University Corporation for Advanced Internet Development. THIS SOFTWARE IS PROVIDED BY THE
+ * COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE
+ * DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. IN NO
+ * EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC.
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+package edu.internet2.middleware.shibboleth.hs.provider;
+
+import org.apache.log4j.Logger;
+import org.opensaml.SAMLException;
+import org.opensaml.SAMLNameIdentifier;
+import org.w3c.dom.Element;
+
+import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
+import edu.internet2.middleware.shibboleth.common.BaseNameIdentifierMapping;
+import edu.internet2.middleware.shibboleth.common.IdentityProvider;
+import edu.internet2.middleware.shibboleth.common.InvalidNameIdentifierException;
+import edu.internet2.middleware.shibboleth.common.NameIdentifierMapping;
+import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
+import edu.internet2.middleware.shibboleth.common.ServiceProvider;
+
+/**
+ * {@link NameIdentifierMapping}implementation to use when the SAML name identifier format matches the Shibboleth
+ * internal representation of the principal.
+ *
+ * @author Walter Hoehn
+ */
+public class PrincipalNameIdentifier extends BaseNameIdentifierMapping {
+
+ private static Logger log = Logger.getLogger(PrincipalNameIdentifier.class.getName());
+
+ public PrincipalNameIdentifier(Element config) throws NameIdentifierMappingException {
+
+ super(config);
+ }
+
+ public AuthNPrincipal getPrincipal(SAMLNameIdentifier nameId, ServiceProvider sProv, IdentityProvider idProv)
+ throws NameIdentifierMappingException, InvalidNameIdentifierException {
+
+ verifyQualifier(nameId, idProv);
+ return new AuthNPrincipal(nameId.getName());
+ }
+
+ public SAMLNameIdentifier getNameIdentifierName(AuthNPrincipal principal, ServiceProvider sProv,
+ IdentityProvider idProv) throws NameIdentifierMappingException {
+
+ if (principal == null) {
+ log.error("A principal must be supplied for Name Identifier creation.");
+ throw new IllegalArgumentException("A principal must be supplied for Name Identifier creation.");
+ }
+
+ try {
+ return new SAMLNameIdentifier(principal.getName(), idProv.getProviderId(), getNameIdentifierFormat()
+ .toString());
+ } catch (SAMLException e) {
+ throw new NameIdentifierMappingException("Unable to generate Name Identifier: " + e);
+ }
+ }
+}
\ No newline at end of file
* The Shibboleth License, Version 1. Copyright (c) 2002 University Corporation for Advanced Internet Development, Inc.
* All rights reserved Redistribution and use in source and binary forms, with or without modification, are permitted
* provided that the following conditions are met: Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the
- * above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other
- * materials provided with the distribution, if any, must include the following acknowledgment: "This product includes
- * software developed by the University Corporation for Advanced Internet Development <http://www.ucaid.edu> Internet2
- * Project. Alternately, this acknowledegement may appear in the software itself, if and wherever such third-party
- * acknowledgments normally appear. Neither the name of Shibboleth nor the names of its contributors, nor Internet2,
- * nor the University Corporation for Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote
- * products derived from this software without specific prior written permission. For written permission, please
- * contact shibboleth@shibboleth.org Products derived from this software may not be called Shibboleth, Internet2,
- * UCAID, or the University Corporation for Advanced Internet Development, nor may Shibboleth appear in their name,
- * without prior written permission of the University Corporation for Advanced Internet Development. THIS SOFTWARE IS
- * PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND
- * NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS
- * WITH LICENSEE. IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY CORPORATION FOR ADVANCED
- * INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
- * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- * POSSIBILITY OF SUCH DAMAGE.
+ * notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above
+ * copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials
+ * provided with the distribution, if any, must include the following acknowledgment: "This product includes software
+ * developed by the University Corporation for Advanced Internet Development <http://www.ucaid.edu> Internet2 Project.
+ * Alternately, this acknowledegement may appear in the software itself, if and wherever such third-party
+ * acknowledgments normally appear. Neither the name of Shibboleth nor the names of its contributors, nor Internet2, nor
+ * the University Corporation for Advanced Internet Development, Inc., nor UCAID may be used to endorse or promote
+ * products derived from this software without specific prior written permission. For written permission, please contact
+ * shibboleth@shibboleth.org Products derived from this software may not be called Shibboleth, Internet2, UCAID, or the
+ * University Corporation for Advanced Internet Development, nor may Shibboleth appear in their name, without prior
+ * written permission of the University Corporation for Advanced Internet Development. THIS SOFTWARE IS PROVIDED BY THE
+ * COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE
+ * DISCLAIMED AND THE ENTIRE RISK OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. IN NO
+ * EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC.
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+ * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package edu.internet2.middleware.shibboleth.hs.provider;
import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
import edu.internet2.middleware.shibboleth.common.IdentityProvider;
import edu.internet2.middleware.shibboleth.common.InvalidNameIdentifierException;
+import edu.internet2.middleware.shibboleth.common.NameIdentifierMapping;
import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
import edu.internet2.middleware.shibboleth.common.ServiceProvider;
-import edu.internet2.middleware.shibboleth.hs.HSNameIdentifierMapping;
/**
- * {@link HSNameIdentifierMapping}implementation that uses an in-memory cache to store mappings between principal
- * names and Shibboleth Attribute Query Handles.
+ * {@link HSNameIdentifierMapping}implementation that uses an in-memory cache to store mappings between principal names
+ * and Shibboleth Attribute Query Handles.
*
* @author Walter Hoehn
*/
-public class SharedMemoryShibHandle extends AQHNameIdentifierMapping implements HSNameIdentifierMapping {
+public class SharedMemoryShibHandle extends AQHNameIdentifierMapping implements NameIdentifierMapping {
- protected HandleCache cache = HandleCache.instance();
- private static Logger log = Logger.getLogger(SharedMemoryShibHandle.class.getName());
+ protected HandleCache cache = HandleCache.instance();
+ private static Logger log = Logger.getLogger(SharedMemoryShibHandle.class.getName());
public SharedMemoryShibHandle(Element config) throws NameIdentifierMappingException {
+
super(config);
}
public AuthNPrincipal getPrincipal(SAMLNameIdentifier nameId, ServiceProvider sProv, IdentityProvider idProv)
throws NameIdentifierMappingException, InvalidNameIdentifierException {
-
+
verifyQualifier(nameId, idProv);
synchronized (cache.handleEntries) {
}
public void destroy() {
+
cache.destroy();
}
class HandleCache {
- protected Map handleEntries = new HashMap();
- private static HandleCache instance;
- protected MemoryRepositoryCleaner cleaner = new MemoryRepositoryCleaner();
- private static Logger log = Logger.getLogger(HandleCache.class.getName());
+ protected Map handleEntries = new HashMap();
+ private static HandleCache instance;
+ protected MemoryRepositoryCleaner cleaner = new MemoryRepositoryCleaner();
+ private static Logger log = Logger.getLogger(HandleCache.class.getName());
- protected HandleCache() {}
+ protected HandleCache() {
+
+ }
public static synchronized HandleCache instance() {
+
if (instance == null) {
instance = new HandleCache();
return instance;
}
protected void finalize() throws Throwable {
+
super.finalize();
destroy();
}
protected void destroy() {
+
synchronized (cleaner) {
if (cleaner != null) {
cleaner.shutdown = true;
private class MemoryRepositoryCleaner extends Thread {
- private boolean shutdown = false;
- private Thread master;
+ private boolean shutdown = false;
+ private Thread master;
public MemoryRepositoryCleaner() {
+
super(
"edu.internet2.middleware.shibboleth.hs.provider.SharedMemoryShibHandle.HandleCache.MemoryRepositoryCleaner");
this.master = Thread.currentThread();
}
public void run() {
+
try {
sleep(60 * 1000); //one minute
} catch (InterruptedException e) {
}
}
-}
+}
\ No newline at end of file
import edu.internet2.middleware.shibboleth.common.BaseNameIdentifierMapping;
import edu.internet2.middleware.shibboleth.common.IdentityProvider;
import edu.internet2.middleware.shibboleth.common.InvalidNameIdentifierException;
+import edu.internet2.middleware.shibboleth.common.NameIdentifierMapping;
import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
import edu.internet2.middleware.shibboleth.common.ServiceProvider;
-import edu.internet2.middleware.shibboleth.hs.HSNameIdentifierMapping;
/**
* <code>HSNameIdentifierMapping</code> implementation that translates principal names to E-Auth compliant
*
* @author Walter Hoehn
*/
-public class X509SubjectNameNameIdentifierMapping extends BaseNameIdentifierMapping implements HSNameIdentifierMapping {
+public class X509SubjectNameNameIdentifierMapping extends BaseNameIdentifierMapping implements NameIdentifierMapping {
- private static Logger log = Logger.getLogger(X509SubjectNameNameIdentifierMapping.class.getName());
- private String regexTemplate = ".*uid=([^,/]+).*";
- private Pattern regex;
- private String id;
- private String qualifier;
- private String internalNameContext;
- private QName[] errorCodes = new QName[0];
+ private static Logger log = Logger.getLogger(X509SubjectNameNameIdentifierMapping.class.getName());
+ private String regexTemplate = ".*uid=([^,/]+).*";
+ private Pattern regex;
+ private String qualifier;
+ private String internalNameContext;
+ private QName[] errorCodes = new QName[0];
public X509SubjectNameNameIdentifierMapping(Element config) throws NameIdentifierMappingException {
- super(config);
- String id = ((Element) config).getAttribute("id");
- if (id != null || !id.equals("")) {
- this.id = id;
- }
+ super(config);
String rawRegex = ((Element) config).getAttribute("regex");
if (rawRegex != null && !rawRegex.equals("")) {
/*
* (non-Javadoc)
*
- * @see edu.internet2.middleware.shibboleth.hs.HSNameIdentifierMapping#getId()
- */
- public String getId() {
- return id;
- }
-
- /*
- * (non-Javadoc)
- *
* @see edu.internet2.middleware.shibboleth.hs.HSNameIdentifierMapping#getNameIdentifierName(edu.internet2.middleware.shibboleth.common.AuthNPrincipal,
* edu.internet2.middleware.shibboleth.common.ServiceProvider,
* edu.internet2.middleware.shibboleth.common.IdentityProvider)
import edu.internet2.middleware.shibboleth.common.ShibbolethOriginConfig;
import edu.internet2.middleware.shibboleth.common.TargetFederationComponent;
import edu.internet2.middleware.shibboleth.hs.HSConfig;
-import edu.internet2.middleware.shibboleth.hs.HSNameMapper;
import edu.internet2.middleware.shibboleth.hs.HSRelyingParty;
import edu.internet2.middleware.shibboleth.hs.HSServiceProviderMapper;
import edu.internet2.middleware.shibboleth.metadata.AttributeConsumerRole;
//TODO Obviously this has got to be unified
private AAConfig configuration;
private HSConfig hsConfiguration;
-
- //TODO unify
private NameMapper nameMapper;
- private HSNameMapper hsNameMapper;
//TODO unify
private AAServiceProviderMapper targetMapper;
}
//Create SAML Name Identifier
- SAMLNameIdentifier nameId = hsNameMapper.getNameIdentifierName(relyingParty.getHSNameFormatId(),
+ SAMLNameIdentifier nameId = nameMapper.getNameIdentifierName(relyingParty.getHSNameFormatId(),
new AuthNPrincipal(username), relyingParty, relyingParty.getIdentityProvider());
String authenticationMethod = request.getHeader("SAMLAuthenticationMethod");
import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
import edu.internet2.middleware.shibboleth.common.Credential;
import edu.internet2.middleware.shibboleth.common.IdentityProvider;
+import edu.internet2.middleware.shibboleth.common.NameIdentifierMapping;
import edu.internet2.middleware.shibboleth.common.NameIdentifierMappingException;
import edu.internet2.middleware.shibboleth.common.NameMapper;
import edu.internet2.middleware.shibboleth.common.ServiceProvider;
-import edu.internet2.middleware.shibboleth.hs.HSNameIdentifierMapping;
-import edu.internet2.middleware.shibboleth.hs.HSNameMapper;
+
/**
* Validation suite for the <code>NameMapper</code>.
try {
- HSNameMapper nameMapper = new HSNameMapper();
+ NameMapper nameMapper = new NameMapper();
File file = new File("data/handle.jks");
try {
- HSNameMapper nameMapper = new HSNameMapper();
+ NameMapper nameMapper = new NameMapper();
File file = new File("data/handle.jks");
try {
- HSNameMapper nameMapper = new HSNameMapper();
+ NameMapper nameMapper = new NameMapper();
File file = new File("data/handle.jks");
try {
- HSNameMapper nameMapper = new HSNameMapper();
+ NameMapper nameMapper = new NameMapper();
SAMLNameIdentifier nameId = nameMapper.getNameIdentifierName(null, new AuthNPrincipal("testprincipal"),
new BasicServiceProvider(), new BasicIdentityProvider("urn-x:testid"));
try {
- HSNameMapper nameMapper = new HSNameMapper();
+ NameMapper nameMapper = new NameMapper();
File file = new File("data/handle.jks");
assertEquals("Round-trip handle validation failed.", principal.getName(), "testprincipal");
- HSNameIdentifierMapping nameMapping = nameMapper.getNameIdentifierMappingById(null);
+ NameIdentifierMapping nameMapping = nameMapper.getNameIdentifierMappingById(null);
if (!(nameMapping instanceof CryptoShibHandle)) {
fail("HSNameMapper defaulted to incorrect name mapping.");
}
try {
- HSNameMapper nameMapper = new HSNameMapper();
+ NameMapper nameMapper = new NameMapper();
File file = new File("data/handle.jks");
try {
- HSNameMapper nameMapper = new HSNameMapper();
+ NameMapper nameMapper = new NameMapper();
String rawConfig = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ "<NameMapping xmlns=\"urn:mace:shibboleth:namemapper:1.0\""
try {
- HSNameMapper nameMapper = new HSNameMapper();
+ NameMapper nameMapper = new NameMapper();
String rawConfig = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
+ "<NameMapping xmlns=\"urn:mace:shibboleth:namemapper:1.0\""
projects / java-idp.git / commitdiff