/** * Gets entity id. * * @return the entity id */ public String getEntityId() { return this.entityDescriptor.getEntityID(); }
private EntityDescriptor buildMetadataEntityDescriptorElement( String defaultHostname, SamlPortConfig portConfig) { final EntityDescriptor entityDescriptor = build(EntityDescriptor.DEFAULT_ELEMENT_NAME); entityDescriptor.setEntityID(entityId); entityDescriptor.getRoleDescriptors().add(spSsoDescriptor); return entityDescriptor;
assertThat(metadata).isNotNull(); final SPSSODescriptor sp = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); assertThat(sp.isAuthnRequestsSigned()).isTrue(); assertThat(sp.getWantAssertionsSigned()).isTrue();
/** * Filters entity descriptor roles. * * @param descriptor entity descriptor to filter * * @throws FilterException thrown if an effective role name can not be determined */ protected void filterEntityDescriptor(@Nonnull final EntityDescriptor descriptor) throws FilterException { List<RoleDescriptor> roles = descriptor.getRoleDescriptors(); if (roles != null && !roles.isEmpty()) { Iterator<RoleDescriptor> rolesItr = roles.iterator(); QName roleName; while (rolesItr.hasNext()) { roleName = getRoleName(rolesItr.next()); if (!roleWhiteList.contains(roleName)) { log.trace("Filtering out role {} from entity {}", roleName, descriptor.getEntityID()); rolesItr.remove(); } } } }
protected Metadata resolveMetadata(EntityDescriptor parsed) { EntityDescriptor descriptor = parsed; List<? extends Provider> ssoProviders = getSsoProviders(descriptor); Metadata desc = getMetadata(ssoProviders); long duration = descriptor.getCacheDuration() != null ? descriptor.getCacheDuration() : -1; desc.setCacheDuration(toDuration(duration)); desc.setEntityId(descriptor.getEntityID()); desc.setEntityAlias(descriptor.getEntityID()); desc.setId(descriptor.getID()); desc.setValidUntil(descriptor.getValidUntil()); return desc; }
@Override public final EntityDescriptor buildEntityDescriptor() { final SAMLObjectBuilder<EntityDescriptor> builder = (SAMLObjectBuilder<EntityDescriptor>) this.builderFactory.getBuilder(EntityDescriptor.DEFAULT_ELEMENT_NAME); final EntityDescriptor descriptor = builder.buildObject(); descriptor.setEntityID(this.entityId); descriptor.setValidUntil(DateTime.now(DateTimeZone.UTC).plusYears(20)); descriptor.setID(SAML2Utils.generateID()); descriptor.setExtensions(generateMetadataExtensions()); descriptor.getRoleDescriptors().add(buildSPSSODescriptor()); return descriptor; }
for (RoleDescriptor roleDescriptor : descriptor.getRoleDescriptors()) { if (roleDescriptor instanceof SSODescriptor) { List<ArtifactResolutionService> arsList = ((SSODescriptor)roleDescriptor).getArtifactResolutionServices(); if (arsList != null && !arsList.isEmpty()) { QName role = descriptor.getSchemaType() != null ? roleDescriptor.getSchemaType() : roleDescriptor.getElementQName(); log.trace("Processing ArtifactResolutionService locations for entityID '{}' with role '{}'", descriptor.getEntityID(), role); new ArtifactSourceLocationMetadataIndexKey(ars.getLocation()); log.trace("For entityID '{}' produced artifact source location index key: {}", descriptor.getEntityID(), key); results.add(key);
final String entityID = entityDescriptor.getEntityID(); log.trace("Processing EntityDescriptor: {}", entityID); if (entityDescriptor.isSigned()) { verifySignature(entityDescriptor, entityID, false); final Iterator<RoleDescriptor> roleIter = entityDescriptor.getRoleDescriptors().iterator(); while (roleIter.hasNext()) { final RoleDescriptor roleChild = roleIter.next(); if (entityDescriptor.getAffiliationDescriptor() != null) { final AffiliationDescriptor affiliationDescriptor = entityDescriptor.getAffiliationDescriptor(); if (!affiliationDescriptor.isSigned()) { log.trace("AffiliationDescriptor member was not signed, skipping signature processing..."); "failed signature verification, removing from metadata provider", affiliationDescriptor.getOwnerID(), entityID); entityDescriptor.setAffiliationDescriptor(null);
String singleLogOutLocation) { EntityDescriptor entityDescriptor = entityDescriptorBuilder.buildObject(); entityDescriptor.setEntityID(entityId); IDPSSODescriptor idpssoDescriptor = idpssoDescriptorBuilder.buildObject(); entityDescriptor.getRoleDescriptors().add(idpssoDescriptor); entityDescriptor.setCacheDuration(getCacheDuration().toMillis());
/** {@inheritDoc} */ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject) throws UnmarshallingException { EntityDescriptor entityDescriptor = (EntityDescriptor) parentSAMLObject; if (childSAMLObject instanceof Extensions) { entityDescriptor.setExtensions((Extensions) childSAMLObject); } else if (childSAMLObject instanceof Signature) { entityDescriptor.setSignature((Signature) childSAMLObject); } else if (childSAMLObject instanceof RoleDescriptor) { entityDescriptor.getRoleDescriptors().add((RoleDescriptor) childSAMLObject); } else if (childSAMLObject instanceof AffiliationDescriptor) { entityDescriptor.setAffiliationDescriptor((AffiliationDescriptor) childSAMLObject); } else if (childSAMLObject instanceof Organization) { entityDescriptor.setOrganization((Organization) childSAMLObject); } else if (childSAMLObject instanceof ContactPerson) { entityDescriptor.getContactPersons().add((ContactPerson) childSAMLObject); } else if (childSAMLObject instanceof AdditionalMetadataLocation) { entityDescriptor.getAdditionalMetadataLocations().add((AdditionalMetadataLocation) childSAMLObject); } else { super.processChildElement(parentSAMLObject, childSAMLObject); } }
protected EntityDescriptor internalToXml(Metadata<? extends Metadata> metadata) { EntityDescriptor desc = getEntityDescriptor(); desc.setEntityID(metadata.getEntityId()); if (hasText(metadata.getId())) { desc.setID(metadata.getId()); } else { desc.setID(UUID.randomUUID().toString()); } List<RoleDescriptor> descriptors = getRoleDescriptors(metadata); desc.getRoleDescriptors().addAll(descriptors); if (metadata.getSigningKey() != null) { signObject(desc, metadata.getSigningKey(), metadata.getAlgorithm(), metadata.getDigest()); } return desc; }
Extensions exts = input.getExtensions(); if (exts != null) { final List<XMLObject> children = exts.getUnknownXMLObjects(EntityAttributes.DEFAULT_ELEMENT_NAME); EntitiesDescriptor group = (EntitiesDescriptor) input.getParent(); while (group != null) { exts = group.getExtensions(); log.debug("no EntityAttributes extension found for {}", input.getEntityID()); return false;
/** {@inheritDoc} */ public boolean apply(EntityDescriptor entityDescriptor) { if (entityDescriptor == null) { return false; } return ! entityDescriptor.getRoleDescriptors(role).isEmpty(); }
Extensions extensions = descriptor.getExtensions(); if (extensions == null) { extensions = extBuilder.buildObject(); descriptor.setExtensions(extensions); try { log.info("Adding EntityAttribute ({}) to EntityDescriptor ({})", attribute.getName(), descriptor.getEntityID()); final Attribute copy = XMLObjectSupport.cloneXMLObject(attribute); entityAttributes.getAttributes().add(copy);
set.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME)); val entitySp = chainingMetadataResolver.resolveSingle(set); if (entitySp != null && entitySp.getCacheDuration() != null) { LOGGER.debug("Located cache duration [{}] specified in SP metadata for [{}]", entitySp.getCacheDuration(), entitySp.getEntityID()); return TimeUnit.MILLISECONDS.toNanos(entitySp.getCacheDuration()); set.add(new EntityIdCriterion(service.getServiceId())); val entity = chainingMetadataResolver.resolveSingle(set); if (entity != null && entity.getCacheDuration() != null) { LOGGER.debug("Located cache duration [{}] specified in entity metadata for [{}]", entity.getCacheDuration(), entity.getEntityID()); return TimeUnit.MILLISECONDS.toNanos(entity.getCacheDuration());
/** {@inheritDoc} */ protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException { EntityDescriptor entityDescriptor = (EntityDescriptor) samlObject; if (attribute.getLocalName().equals(EntityDescriptor.ENTITY_ID_ATTRIB_NAME)) { entityDescriptor.setEntityID(attribute.getValue()); } else if (attribute.getLocalName().equals(EntityDescriptor.ID_ATTRIB_NAME)) { entityDescriptor.setID(attribute.getValue()); attribute.getOwnerElement().setIdAttributeNode(attribute, true); } else if (attribute.getLocalName().equals(TimeBoundSAMLObject.VALID_UNTIL_ATTRIB_NAME) && !Strings.isNullOrEmpty(attribute.getValue())) { entityDescriptor.setValidUntil(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC())); } else if (attribute.getLocalName().equals(CacheableSAMLObject.CACHE_DURATION_ATTRIB_NAME)) { entityDescriptor.setCacheDuration(DOMTypeSupport.durationToLong(attribute.getValue())); } else { processUnknownAttribute(entityDescriptor, attribute); } } }
while (entityIter.hasNext()) { final EntityDescriptor entityChild = entityIter.next(); if (!entityChild.isSigned()) { log.trace("EntityDescriptor member '{}' was not signed, skipping signature processing...", entityChild.getEntityID()); continue; } else { log.trace("Processing signed EntityDescriptor member: {}", entityChild.getEntityID()); } catch (final FilterException e) { log.error("EntityDescriptor '{}' failed signature verification, removing from metadata provider", entityChild.getEntityID()); toRemove.add(entityChild);
private void validateMetadata(EntityDescriptor root) { if (root.getCacheDuration() == null && root.getValidUntil() == null) { LOGGER.trace( "IDP metadata must either have cache duration or valid-until date." + " Defaulting IDP metadata cache duration to {}", SamlProtocol.getCacheDuration()); root.setCacheDuration(SamlProtocol.getCacheDuration().toMillis()); } } }
throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException { this.id = entityDescriptor.getEntityID(); this.idpTO = idpTO; IDPSSODescriptor idpdescriptor = entityDescriptor.getIDPSSODescriptor(SAMLConstants.SAML20P_NS);
Extensions extensions = entity.getExtensions(); if (null != extensions) { for (final XMLObject object : extensions.getUnknownXMLObjects(RegistrationInfo.DEFAULT_ELEMENT_NAME)) { EntitiesDescriptor group = (EntitiesDescriptor) entity.getParent(); while (null != group) { extensions = group.getExtensions();