<?xml version="1.0" encoding="UTF-8"?>
<ShibbolethOriginConfig xmlns="urn:mace:shibboleth:origin:1.0" xmlns:cred="urn:mace:shibboleth:credentials:1.0" xmlns:name="urn:mace:shibboleth:namemapper:1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:origin:1.0 origin.xsd"
- AAUrl="http://snc.cc.columbia.edu/shibboleth/AA" defaultRelyingParty="urn:x-columbia-intranet"
+ AAUrl="http://snc.cc.columbia.edu/shibboleth/AA" defaultRelyingParty="urn:mace:inqueue"
providerId="urn:mace:inqueue:shibdev.edu">
+
<RelyingParty name="urn:mace:inqueue" signingCredential="foo">
<HSNameFormat nameMapping="crypto"/>
</RelyingParty>
+
<RelyingParty name="urn:x-fed1" signingCredential="foo" passThruErrors="true">
<HSNameFormat nameMapping="crypto"/>
</RelyingParty>
+
<RelyingParty name="urn:x-columbia-intranet" signingCredential="foo" providerId="urn:x-columbia-intranet.columbia">
- <HSNameFormat nameMapping="uni"/>
+ <HSNameFormat nameMapping="crypto"/>
</RelyingParty>
- <ReleasePolicyEngine/>
- <name:NameMapping xmlns="urn:mace:shibboleth:namemapper:1.0" id="cryptotest" format="urn:mace:shibboleth:1.0:nameIdentifier" type="CryptoHandleGenerator" handleTTL="1800">
+
+
+ <ReleasePolicyEngine arpTTL="300">
+ <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
+ <Path>/conf/arps/</Path>
+ </ArpRepository>
+ </ReleasePolicyEngine>
+
+ <name:NameMapping xmlns="urn:mace:shibboleth:namemapper:1.0" id="crypto" format="urn:mace:shibboleth:1.0:nameIdentifier" type="CryptoHandleGenerator" handleTTL="1800">
<KeyStorePath>/conf/handle.jks</KeyStorePath>
<KeyStorePassword>shibhs</KeyStorePassword>
<KeyStoreKeyAlias>handlekey</KeyStoreKeyAlias>
<KeyStoreKeyPassword>shibhs</KeyStoreKeyPassword>
</name:NameMapping>
+
+
<cred:Credentials>
<cred:KeyStoreResolver Id="foo" storeType="JKS">
<cred:Path>/conf/keystore.jks</cred:Path>
<cred:KeyPassword>shibhs</cred:KeyPassword>
</cred:KeyStoreResolver>
</cred:Credentials>
+
</ShibbolethOriginConfig>
package edu.internet2.middleware.shibboleth.aa;
+import org.apache.log4j.Logger;
import org.w3c.dom.Element;
import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
*/
public class AAConfig extends ShibbolethOriginConfig {
+ private static Logger log = Logger.getLogger(AAConfig.class.getName());
+
public AAConfig(Element config) throws ShibbolethConfigurationException {
super(config);
+ String attribute = ((Element) config).getAttribute("resolverConfig");
+ if (attribute == null || attribute.equals("")) {
+ log.error(
+ "Attribute Resolver config file not specified. Add a (resolverConfig) attribute to <ShibbolethOriginConfig>.");
+ throw new ShibbolethConfigurationException("Required configuration not specified.");
+ }
+ properties.setProperty(
+ "edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver.ResolverConfig",
+ attribute);
+
+ attribute = ((Element) config).getAttribute("passThruErros");
+ if (attribute == null || attribute.equals("")) {
+ properties.setProperty("edu.internet2.middleware.shibboleth.aa.AAServlet.passThruErrors", "false");
+ }
+ if (!attribute.equalsIgnoreCase("TRUE") && !attribute.equalsIgnoreCase("FALSE")) {
+ log.error("passThrue errors is a boolean property.");
+ properties.setProperty("edu.internet2.middleware.shibboleth.aa.AAServlet.passThruErrors", "false");
+ } else {
+ properties.setProperty("edu.internet2.middleware.shibboleth.aa.AAServlet.passThruErrors", attribute);
+ }
+
dumpPropertiesToLog();
}
package edu.internet2.middleware.shibboleth.aa;
-import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.io.PrintStream;
-import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
-import java.net.URL;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
-import java.util.Enumeration;
import java.util.Iterator;
-import java.util.List;
-import java.util.Properties;
import java.util.StringTokenizer;
import javax.servlet.ServletException;
import edu.internet2.middleware.shibboleth.common.ServiceProviderMapperException;
import edu.internet2.middleware.shibboleth.common.ShibResource;
import edu.internet2.middleware.shibboleth.common.ShibbolethConfigurationException;
-import edu.internet2.middleware.shibboleth.common.ShibbolethOriginConfig;
/**
* @author Walter Hoehn
log.info("Initializing Attribute Authority.");
try {
-
nameMapper = new NameMapper();
loadConfiguration();
- //TODO pass in real config
- ArpEngine arpEngine = new ArpEngine(null);
- AttributeResolver resolver = new AttributeResolver(null);
-
- responder = new AAResponder(arpEngine, resolver);
-
binding = SAMLBindingFactory.getInstance(SAMLBinding.SAML_SOAP_HTTPS);
log.info("Attribute Authority initialization complete.");
- } catch (ArpException ae) {
- log.fatal("The AA could not be initialized due to a problem with the ARP Engine configuration: " + ae);
- throw new UnavailableException("Attribute Authority failed to initialize.");
- } catch (AttributeResolverException ne) {
- log.fatal(
- "The AA could not be initialized due to a problem with the Attribute Resolver configuration: " + ne);
- throw new UnavailableException("Attribute Authority failed to initialize.");
} catch (ShibbolethConfigurationException ae) {
log.fatal("The AA could not be initialized: " + ae);
throw new UnavailableException("Attribute Authority failed to initialize.");
log.fatal("SAML SOAP binding could not be loaded: " + se);
throw new UnavailableException("Attribute Authority failed to initialize.");
}
-
}
protected void loadConfiguration() throws ShibbolethConfigurationException {
//Load relying party config
try {
- targetMapper =
- new ServiceProviderMapper(
- parser.getDocument().getDocumentElement(),
- configuration);
+ targetMapper = new ServiceProviderMapper(parser.getDocument().getDocumentElement(), configuration);
} catch (ServiceProviderMapperException e) {
log.error("Could not load origin configuration: " + e);
throw new ShibbolethConfigurationException("Could not load origin configuration.");
}
- /*
- * //Set defaults Properties defaultProps = new Properties();
- * defaultProps.setProperty(
- * "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository.Path",
- * "/conf/arps/"); defaultProps.setProperty(
- * "edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver.ResolverConfig",
- * "/conf/resolver.xml"); defaultProps.setProperty(
- * "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
- * "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository");
- * defaultProps.setProperty("edu.internet2.middleware.shibboleth.audiences",
- * "urn:mace:inqueue");
- * defaultProps.setProperty("edu.internet2.middleware.shibboleth.aa.AAServlet.passThruErrors",
- * "false");
- *
- * //Load from file Properties properties = new
- * Properties(defaultProps); String propertiesFileLocation =
- * getInitParameter("OriginPropertiesFile"); if (propertiesFileLocation ==
- * null) { propertiesFileLocation = "/conf/origin.properties"; } try {
- * log.debug("Loading Configuration from (" + propertiesFileLocation +
- * ")."); properties.load(new ShibResource(propertiesFileLocation,
- * this.getClass()).getInputStream());
- *
- * //Make sure we have all required parameters StringBuffer
- * missingProperties = new StringBuffer(); String[] requiredProperties = {
- * "edu.internet2.middleware.shibboleth.hs.HandleServlet.siteName",
- * "edu.internet2.middleware.shibboleth.aa.AAServlet.authorityName",
- * "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
- * "edu.internet2.middleware.shibboleth.audiences" };
- *
- */
+ try {
+ //Startup Attribute Resolver
+ AttributeResolver resolver = new AttributeResolver(configuration);
+
+ //Startup ARP Enginee
+ itemElements =
+ parser.getDocument().getDocumentElement().getElementsByTagNameNS(
+ NameIdentifierMapping.mappingNamespace,
+ "ReleasePolicyEngine");
+
+ if (itemElements.getLength() > 1) {
+ log.warn("Encountered multiple <ReleasePolicyEngine> configuration elements. Using first...");
+ }
+ ArpEngine arpEngine = new ArpEngine((Element) itemElements.item(0));
+
+ //Startup responder
+ responder = new AAResponder(arpEngine, resolver);
+
+ } catch (ArpException ae) {
+ log.fatal("The AA could not be initialized due to a problem with the ARP Engine configuration: " + ae);
+ throw new ShibbolethConfigurationException("Could not load ARP Engine.");
+ } catch (AttributeResolverException ne) {
+ log.fatal(
+ "The AA could not be initialized due to a problem with the Attribute Resolver configuration: " + ne);
+ throw new ShibbolethConfigurationException("Could not load Attribute Resolver.");
+ }
+
}
private DOMParser loadParser(boolean schemaChecking) throws ShibbolethConfigurationException {
import org.apache.log4j.Logger;
import org.apache.xml.serialize.OutputFormat;
import org.apache.xml.serialize.XMLSerializer;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
import edu.internet2.middleware.shibboleth.aa.arp.ArpAttributeSet.ArpAttributeIterator;
+import edu.internet2.middleware.shibboleth.common.ShibbolethOriginConfig;
/**
* Defines a processing engine for Attribute Release Policies.
}
}
- public ArpEngine(Properties properties) throws ArpException {
+ public ArpEngine(Element config) throws ArpException {
+
+ if (!config.getLocalName().equals("ReleasePolicyEngine")) {
+ throw new IllegalArgumentException();
+ }
+
+ NodeList itemElements =
+ config.getElementsByTagNameNS(ShibbolethOriginConfig.originConfigNamespace, "ArpRepository");
+
+ if (itemElements.getLength() > 1) {
+ log.warn(
+ "Encountered multiple <ArpRepository> configuration elements. Arp Engine currently only supports one. Using first...");
+ }
+
+ if (itemElements.getLength() == 0) {
+ //TODO setup a default
+ }
+
+ String implementation = ((Element) itemElements.item(0)).getAttribute("implementation");
+
+ //TODO make this work
+ //TODO pass in arpTTL
+
try {
- repository = ArpRepositoryFactory.getInstance(properties);
+ repository = ArpRepositoryFactory.getInstance(null);
} catch (ArpRepositoryException e) {
log.error("Could not start Arp Engine: " + e);
throw new ArpException("Could not start Arp Engine.");
}
}
- public ArpEngine(ArpRepository repository, Properties properties) throws ArpException {
- this.repository = repository;
- }
-
- /**
- * Lookup by identifier a function for matching ARP Target Components .
- * @param functionIdentifier the identifier for the function
- * @return the <code>Matchfunction</code> or null if not registered
- */
-
public static MatchFunction lookupMatchFunction(URI functionIdentifier) throws ArpException {
String className = null;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
+import edu.internet2.middleware.shibboleth.aa.AAConfig;
import edu.internet2.middleware.shibboleth.aa.attrresolv.ResolverAttributeSet.ResolverAttributeIterator;
import edu.internet2.middleware.shibboleth.aa.attrresolv.provider.ValueHandler;
import edu.internet2.middleware.shibboleth.common.ShibResource;
private ResolverCache resolverCache = new ResolverCache();
public static final String resolverNamespace = "urn:mace:shibboleth:resolver:1.0";
+ public AttributeResolver(AAConfig configuration) throws AttributeResolverException {
+ if (configuration == null
+ || configuration.getConfigProperty(
+ "edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver.ResolverConfig")
+ == null) {
+ log.error("No Attribute Resolver configuration file specified.");
+ throw new AttributeResolverException("No Attribute Resolver configuration file specified.");
+ }
+
+ loadConfig(
+ configuration.getConfigProperty(
+ "edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver.ResolverConfig"));
+ }
+
public AttributeResolver(Properties properties) throws AttributeResolverException {
- if (properties
- .getProperty("edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver.ResolverConfig")
- == null) {
+ if (properties == null
+ || properties.getProperty(
+ "edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver.ResolverConfig")
+ == null) {
log.error("No Attribute Resolver configuration file specified.");
throw new AttributeResolverException("No Attribute Resolver configuration file specified.");
}
- String configFile =
+ loadConfig(
properties.getProperty(
- "edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver.ResolverConfig");
+ "edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver.ResolverConfig"));
+ }
+ private void loadConfig(String configFile) throws AttributeResolverException {
try {
ShibResource config = new ShibResource(configFile, this.getClass());
DOMParser parser = new DOMParser();
protected String name;
protected String hsNameFormatId;
+ /**
+ * Constructor for use by Handle Service
+ */
public RelyingPartyImpl(
Element partyConfig,
ShibbolethOriginConfig globalConfig,
throw new ServiceProviderMapperException("Required configuration not specified.");
}
}
+
+ //Global overrides
+ String attribute = ((Element) partyConfig).getAttribute("AAUrl");
+ if (attribute != null && !attribute.equals("")) {
+ log.debug("Overriding AAUrl for Relying Pary (" + name + ") with (" + attribute + ").");
+ partyOverrides.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.AAUrl", attribute);
+ }
+
+ attribute = ((Element) partyConfig).getAttribute("defaultAuthMethod");
+ if (attribute != null && !attribute.equals("")) {
+ log.debug("Overriding defaultAuthMethod for Relying Pary (" + name + ") with (" + attribute + ").");
+ partyOverrides.setProperty(
+ "edu.internet2.middleware.shibboleth.hs.HandleServlet.defaultAuthMethod",
+ attribute);
+ }
+
identityProvider =
new RelyingPartyIdentityProvider(
getConfigProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.providerId"),
credential);
}
+ /**
+ * Shared constructor
+ */
public RelyingPartyImpl(Element partyConfig, ShibbolethOriginConfig globalConfig)
throws ServiceProviderMapperException {
attribute);
}
- attribute = ((Element) partyConfig).getAttribute("AAUrl");
+ attribute = ((Element) partyConfig).getAttribute("passThruErrors");
if (attribute != null && !attribute.equals("")) {
- log.debug("Overriding AAUrl for Relying Pary (" + name + ") with (" + attribute + ").");
- partyOverrides.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.AAUrl", attribute);
- }
-
- attribute = ((Element) partyConfig).getAttribute("defaultAuthMethod");
- if (attribute != null && !attribute.equals("")) {
- log.debug("Overriding defaultAuthMethod for Relying Pary (" + name + ") with (" + attribute + ").");
- partyOverrides.setProperty(
- "edu.internet2.middleware.shibboleth.hs.HandleServlet.defaultAuthMethod",
- attribute);
+ if (!attribute.equalsIgnoreCase("TRUE") && !attribute.equalsIgnoreCase("FALSE")) {
+ log.error("passThrue errors is a boolean property.");
+ } else {
+ log.debug("Overriding passThruErrors for Relying Pary (" + name + ") with (" + attribute + ").");
+ partyOverrides.setProperty(
+ "edu.internet2.middleware.shibboleth.aa.AAServlet.passThruErrors",
+ attribute);
+ }
}
identityProvider =
null);
}
-
public String getProviderId() {
return name;
}
public ShibbolethOriginConfig(Element config) throws ShibbolethConfigurationException {
- //TODO more generic
-
if (!config.getTagName().equals("ShibbolethOriginConfig")) {
throw new ShibbolethConfigurationException("Unexpected configuration data. <ShibbolethOriginConfig> is needed.");
}
public HSConfig(Element config) throws ShibbolethConfigurationException {
super(config);
- //Set defaults
//TODO need a way to set this
properties.setProperty("edu.internet2.middleware.shibboleth.hs.HandleServlet.username", "REMOTE_USER");
//TODO need a way to set this, remember to test for number format
projects / java-idp.git / commitdiff