org.opensaml.saml2.metadata.provider.MetadataProviderException Java Examples

The following examples show how to use org.opensaml.saml2.metadata.provider.MetadataProviderException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: SAML2AuthManagerImpl.java    From cloudstack with Apache License 2.0 6 votes vote down vote up
@Override
public void run() {
    if (_idpMetaDataProvider == null) {
        return;
    }
    s_logger.debug("Starting SAML IDP Metadata Refresh Task");

    Map <String, SAMLProviderMetadata> metadataMap = new HashMap<String, SAMLProviderMetadata>();
    try {
        discoverAndAddIdp(_idpMetaDataProvider.getMetadata(), metadataMap);
        _idpMetadataMap = metadataMap;
        expireTokens();
        s_logger.debug("Finished refreshing SAML Metadata and expiring old auth tokens");
    } catch (MetadataProviderException e) {
        s_logger.warn("SAML Metadata Refresh task failed with exception: " + e.getMessage());
    }

}
 
Example #2
Source File: MetadataCredentialResolver.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Get the list of metadata role descriptors which match the given entityID, role and protocol.
 * 
 * @param entityID entity ID of the credential owner
 * @param role role in which the entity is operating
 * @param protocol protocol over which the entity is operating (may be null)
 * @return a list of role descriptors matching the given parameters, or null
 * @throws SecurityException thrown if there is an error retrieving role descriptors from the metadata provider
 */
protected List<RoleDescriptor> getRoleDescriptors(String entityID, QName role, String protocol)
        throws SecurityException {
    try {
        if (log.isDebugEnabled()) {
            log.debug("Retrieving metadata for entity '{}' in role '{}' for protocol '{}'", 
                    new Object[] {entityID, role, protocol});
        }

        if (DatatypeHelper.isEmpty(protocol)) {
            return metadata.getRole(entityID, role);
        } else {
            RoleDescriptor roleDescriptor = metadata.getRole(entityID, role, protocol);
            if (roleDescriptor == null) {
                return null;
            }
            List<RoleDescriptor> roles = new ArrayList<RoleDescriptor>();
            roles.add(roleDescriptor);
            return roles;
        }
    } catch (MetadataProviderException e) {
        log.error("Unable to read metadata from provider", e);
        throw new SecurityException("Unable to read metadata provider", e);
    }
}
 
Example #3
Source File: BaseSAML1MessageDecoder.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Populates the peer's entity metadata if a metadata provide is present in the message context. Populates the
 * peer's role descriptor if the entity metadata was available and the role name is present in the message context.
 * 
 * @param messageContext current message context
 * 
 * @throws MessageDecodingException thrown if there is a problem populating the message context
 */
protected void populateRelyingPartyMetadata(SAMLMessageContext messageContext) throws MessageDecodingException {
    MetadataProvider metadataProvider = messageContext.getMetadataProvider();
    try {
        if (metadataProvider != null) {
            EntityDescriptor relyingPartyMD = metadataProvider.getEntityDescriptor(messageContext
                    .getInboundMessageIssuer());
            messageContext.setPeerEntityMetadata(relyingPartyMD);

            QName relyingPartyRole = messageContext.getPeerEntityRole();
            if (relyingPartyMD != null && relyingPartyRole != null) {
                List<RoleDescriptor> roles = relyingPartyMD.getRoleDescriptors(relyingPartyRole,
                        SAMLConstants.SAML11P_NS);
                if (roles != null && roles.size() > 0) {
                    messageContext.setPeerEntityRoleMetadata(roles.get(0));
                }
            }
        }
    } catch (MetadataProviderException e) {
        log.error("Error retrieving metadata for relying party " + messageContext.getInboundMessageIssuer(), e);
        throw new MessageDecodingException("Error retrieving metadata for relying party "
                + messageContext.getInboundMessageIssuer(), e);
    }
}
 
Example #4
Source File: BaseSAML2MessageDecoder.java    From lams with GNU General Public License v2.0 6 votes vote down vote up
/**
 * Populates the peer's entity metadata if a metadata provide is present in the message context. Populates the
 * peer's role descriptor if the entity metadata was available and the role name is present in the message context.
 * 
 * @param messageContext current message context
 * 
 * @throws MessageDecodingException thrown if there is a problem populating the message context
 */
protected void populateRelyingPartyMetadata(SAMLMessageContext messageContext) throws MessageDecodingException {
    MetadataProvider metadataProvider = messageContext.getMetadataProvider();
    try {
        if (metadataProvider != null) {
            EntityDescriptor relyingPartyMD = metadataProvider.getEntityDescriptor(messageContext
                    .getInboundMessageIssuer());
            messageContext.setPeerEntityMetadata(relyingPartyMD);

            QName relyingPartyRole = messageContext.getPeerEntityRole();
            if (relyingPartyMD != null && relyingPartyRole != null) {
                List<RoleDescriptor> roles = relyingPartyMD.getRoleDescriptors(relyingPartyRole,
                        SAMLConstants.SAML11P_NS);
                if (roles != null && roles.size() > 0) {
                    messageContext.setPeerEntityRoleMetadata(roles.get(0));
                }
            }
        }
    } catch (MetadataProviderException e) {
        log.error("Error retrieving metadata for relying party " + messageContext.getInboundMessageIssuer(), e);
        throw new MessageDecodingException("Error retrieving metadata for relying party "
                + messageContext.getInboundMessageIssuer(), e);
    }
}
 
Example #5
Source File: InsightsSecurityConfigurationAdapterSAML.java    From Insights with Apache License 2.0 6 votes vote down vote up
/**
 * Provide IDP Metadata
 * 
 * @return
 * @throws MetadataProviderException
 */
@Bean
@Conditional(InsightsSAMLBeanInitializationCondition.class)
public ExtendedMetadataDelegate idpMetadata() throws MetadataProviderException {

	Timer backgroundTaskTimer = new Timer(true);

	HTTPMetadataProvider httpMetadataProvider = new HTTPMetadataProvider(backgroundTaskTimer, new HttpClient(),
			singleSignOnConfig.getMetadataUrl());

	httpMetadataProvider.setParserPool(parserPool());

	ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(httpMetadataProvider,
			extendedMetadata());
	extendedMetadataDelegate.setMetadataTrustCheck(true);
	extendedMetadataDelegate.setMetadataRequireSignature(true);
	return extendedMetadataDelegate;
}
 
Example #6
Source File: MetadataDescriptorUtil.java    From MaxKey with Apache License 2.0 6 votes vote down vote up
public EntityDescriptor getEntityDescriptor(Element elementMetadata)
		throws Exception {
	try {
		DOMMetadataProvider dOMMetadataProvider = new DOMMetadataProvider(elementMetadata);
		dOMMetadataProvider.setRequireValidMetadata(true); // Enable
															// validation
		dOMMetadataProvider.setParserPool(new BasicParserPool());
		dOMMetadataProvider.initialize();
		EntityDescriptor entityDescriptor = (EntityDescriptorImpl) dOMMetadataProvider.getMetadata();
		return entityDescriptor;
	} catch (MetadataProviderException e) {
		logger.error("元数据解析出错", e);
		throw new Exception("元数据解析出错", e);
	}

}
 
Example #7
Source File: MetadataDescriptorUtil.java    From MaxKey with Apache License 2.0 6 votes vote down vote up
public EntityDescriptor getEntityDescriptor(File file)
		throws Exception {
	try {
		FilesystemMetadataProvider filesystemMetadataProvider = new FilesystemMetadataProvider(
				file);
		filesystemMetadataProvider.setRequireValidMetadata(true); // Enable
		// validation
		filesystemMetadataProvider.setParserPool(new BasicParserPool());
		filesystemMetadataProvider.initialize();
		EntityDescriptor entityDescriptor = (EntityDescriptorImpl) filesystemMetadataProvider.getMetadata();
		return entityDescriptor;
	} catch (MetadataProviderException e) {
		logger.error("元数据解析出错", e);
		throw new Exception("元数据文件解析出错", e);
	}

}
 
Example #8
Source File: WebSecurityConfig.java    From spring-tsers-auth with Apache License 2.0 5 votes vote down vote up
@Bean
@Qualifier("idp-ssocircle")
public ExtendedMetadataDelegate ssoCircleExtendedMetadataProvider()
        throws MetadataProviderException {


    AbstractMetadataProvider provider = new AbstractMetadataProvider() {
        @Override
        protected XMLObject doGetMetadata() throws MetadataProviderException {
            DefaultResourceLoader loader = new DefaultResourceLoader();
            Resource storeFile = loader.getResource("classPath:/saml/idp-metadata.xml");

            ParserPool parser = parserPool();
            try {
                Document mdDocument = parser.parse(storeFile.getInputStream());
                Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(mdDocument.getDocumentElement());
                return unmarshaller.unmarshall(mdDocument.getDocumentElement());
            } catch (Exception e) {
                e.printStackTrace();
                throw new MetadataProviderException();
            }


        }
    };
    ExtendedMetadataDelegate extendedMetadataDelegate =
            new ExtendedMetadataDelegate(provider, extendedMetadata());
    extendedMetadataDelegate.setMetadataTrustCheck(false);
    extendedMetadataDelegate.setMetadataRequireSignature(false);
    return extendedMetadataDelegate;
}
 
Example #9
Source File: WebSecurityConfig.java    From spring-boot-security-saml-sample with Apache License 2.0 5 votes vote down vote up
@Bean
@Qualifier("metadata")
public CachingMetadataManager metadata() throws MetadataProviderException {
    List<MetadataProvider> providers = new ArrayList<MetadataProvider>();
    providers.add(ssoCircleExtendedMetadataProvider());
    return new CachingMetadataManager(providers);
}
 
Example #10
Source File: WebSecurityConfig.java    From spring-boot-security-saml-sample with Apache License 2.0 5 votes vote down vote up
@Bean
@Qualifier("idp-ssocircle")
public ExtendedMetadataDelegate ssoCircleExtendedMetadataProvider()
		throws MetadataProviderException {
	String idpSSOCircleMetadataURL = "https://idp.ssocircle.com/meta-idp.xml";
	HTTPMetadataProvider httpMetadataProvider = new HTTPMetadataProvider(
			this.backgroundTaskTimer, httpClient(), idpSSOCircleMetadataURL);
	httpMetadataProvider.setParserPool(parserPool());
	ExtendedMetadataDelegate extendedMetadataDelegate = 
			new ExtendedMetadataDelegate(httpMetadataProvider, extendedMetadata());
	extendedMetadataDelegate.setMetadataTrustCheck(true);
	extendedMetadataDelegate.setMetadataRequireSignature(false);
	backgroundTaskTimer.purge();
	return extendedMetadataDelegate;
}
 
Example #11
Source File: MetadataController.java    From spring-security-saml-java-sp with Apache License 2.0 5 votes vote down vote up
/**
 * Displays stored metadata.
 *
 * @param entityId entity ID of metadata to display
 * @return model and view
 * @throws MetadataProviderException in case metadata can't be located
 * @throws MarshallingException      in case de-serialization into string fails
 */
@RequestMapping(value = "/display")
public ModelAndView displayMetadata(@RequestParam("entityId") String entityId) throws MetadataProviderException, MarshallingException {

    EntityDescriptor entityDescriptor = metadataManager.getEntityDescriptor(entityId);
    ExtendedMetadata extendedMetadata = metadataManager.getExtendedMetadata(entityId);

    if (entityDescriptor == null) {
        throw new MetadataProviderException("Metadata with ID " + entityId + " not found");
    }

    return displayMetadata(entityDescriptor, extendedMetadata);

}
 
Example #12
Source File: MetadataController.java    From spring-security-saml-java-sp with Apache License 2.0 5 votes vote down vote up
@RequestMapping(value = "/removeProvider")
public ModelAndView removeProvider(@RequestParam int providerIndex) throws MetadataProviderException {

    ExtendedMetadataDelegate delegate = metadataManager.getAvailableProviders().get(providerIndex);
    metadataManager.removeMetadataProvider(delegate);
    return metadataList();

}
 
Example #13
Source File: WebSecurityConfig.java    From spring-tsers-auth with Apache License 2.0 5 votes vote down vote up
@Bean
@Qualifier("metadata")
public CachingMetadataManager metadata() throws MetadataProviderException {
    List<MetadataProvider> providers = new ArrayList<MetadataProvider>();
    providers.add(ssoCircleExtendedMetadataProvider());
    return new CachingMetadataManager(providers);
}
 
Example #14
Source File: SAMLManager.java    From blackduck-alert with Apache License 2.0 5 votes vote down vote up
public void setupMetadataManager(String metadataURL, String entityId, String entityBaseUrl) throws MetadataProviderException {
    logger.debug("SAML Setup MetaData Manager");
    logger.debug("SAML - MetadataUrl: {}, EntityID: {}, EntityBaseUrl: {}", metadataURL, entityId, entityBaseUrl);
    metadataGenerator.setEntityId(entityId);
    metadataGenerator.setEntityBaseURL(entityBaseUrl);

    Optional<ExtendedMetadataDelegate> httpProvider = createHttpProvider(metadataURL);
    Optional<ExtendedMetadataDelegate> fileProvider = createFileProvider();
    List<MetadataProvider> providers = List.of(httpProvider, fileProvider).stream()
                                           .flatMap(Optional::stream)
                                           .collect(Collectors.toList());
    metadataManager.setProviders(providers);
    metadataManager.afterPropertiesSet();
}
 
Example #15
Source File: InsightsSecurityConfigurationAdapterSAML.java    From Insights with Apache License 2.0 5 votes vote down vote up
/**
 * used to provide Metadata Manager
 * 
 * @return
 * @throws MetadataProviderException
 */
@Bean
@Qualifier("metadata")
@Conditional(InsightsSAMLBeanInitializationCondition.class)
public CachingMetadataManager metadata() throws MetadataProviderException {
	List<MetadataProvider> providers = new ArrayList<>();
	providers.add(idpMetadata());
	return new CachingMetadataManager(providers);
}
 
Example #16
Source File: MetadataCredentialResolver.java    From lams with GNU General Public License v2.0 5 votes vote down vote up
/** {@inheritDoc} */
protected Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet) throws SecurityException {

    checkCriteriaRequirements(criteriaSet);

    String entityID = criteriaSet.get(EntityIDCriteria.class).getEntityID();
    MetadataCriteria mdCriteria = criteriaSet.get(MetadataCriteria.class);
    QName role = mdCriteria.getRole();
    String protocol = mdCriteria.getProtocol();
    UsageCriteria usageCriteria = criteriaSet.get(UsageCriteria.class);
    UsageType usage = null;
    if (usageCriteria != null) {
        usage = usageCriteria.getUsage();
    } else {
        usage = UsageType.UNSPECIFIED;
    }
    
    // See Jira issue SIDP-229.
    log.debug("Forcing on-demand metadata provider refresh if necessary");
    try {
        metadata.getMetadata();
    } catch (MetadataProviderException e) {
        // don't care about errors at this level
    }

    MetadataCacheKey cacheKey = new MetadataCacheKey(entityID, role, protocol, usage);
    Collection<Credential> credentials = retrieveFromCache(cacheKey);

    if (credentials == null) {
        credentials = retrieveFromMetadata(entityID, role, protocol, usage);
        cacheCredentials(cacheKey, credentials);
    }

    return credentials;
}
 
Example #17
Source File: SAMLManager.java    From blackduck-alert with Apache License 2.0 5 votes vote down vote up
public Optional<ExtendedMetadataDelegate> createFileProvider() throws MetadataProviderException {
    Timer backgroundTaskTimer = new Timer(true);
    if (!filePersistenceUtil.uploadFileExists(AuthenticationDescriptor.SAML_METADATA_FILE)) {
        return Optional.empty();
    }
    logger.debug("SAML - Create File Metadata provider.");
    File metadataFile = filePersistenceUtil.createUploadsFile(AuthenticationDescriptor.SAML_METADATA_FILE);
    FilesystemMetadataProvider provider = new FilesystemMetadataProvider(backgroundTaskTimer, metadataFile);
    provider.setParserPool(parserPool);
    return Optional.of(createDelegate(provider));
}
 
Example #18
Source File: SAMLManager.java    From blackduck-alert with Apache License 2.0 5 votes vote down vote up
public Optional<ExtendedMetadataDelegate> createHttpProvider(String metadataUrl) throws MetadataProviderException {
    if (StringUtils.isBlank(metadataUrl)) {
        return Optional.empty();
    }
    logger.debug("SAML - Create Http Metadata provider.");
    // The URL can not end in a '/' because it messes with the paths for saml
    String correctedMetadataURL = StringUtils.removeEnd(metadataUrl, "/");
    Timer backgroundTaskTimer = new Timer(true);
    HTTPMetadataProvider provider = new HTTPMetadataProvider(backgroundTaskTimer, new HttpClient(), correctedMetadataURL);
    provider.setParserPool(parserPool);
    return Optional.of(createDelegate(provider));
}
 
Example #19
Source File: SAMLConfigDefaults.java    From spring-boot-security-saml-samples with MIT License 4 votes vote down vote up
@Bean
public CachingMetadataManager metadataManager(List<MetadataProvider> metadataProviders) throws MetadataProviderException {
    return new CachingMetadataManager(metadataProviders);
}
 
Example #20
Source File: AuthenticationHandler.java    From blackduck-alert with Apache License 2.0 4 votes vote down vote up
@Bean
@Qualifier("metadata")
public CachingMetadataManager metadata() throws MetadataProviderException {
    return new CachingMetadataManager(Collections.emptyList());
}
 
Example #21
Source File: AuthenticationHandler.java    From blackduck-alert with Apache License 2.0 4 votes vote down vote up
@Bean
public SAMLManager samlManager() throws MetadataProviderException {
    return new SAMLManager(parserPool(), extendedMetadata(), metadata(), metadataGenerator(), filePersistenceUtil, samlContext());
}
 
Example #22
Source File: MetadataController.java    From spring-security-saml-java-sp with Apache License 2.0 3 votes vote down vote up
@RequestMapping
public ModelAndView metadataList() throws MetadataProviderException {

    ModelAndView model = new ModelAndView(new InternalResourceView("/WEB-INF/security/metadataList.jsp", true));

    model.addObject("hostedSP", metadataManager.getHostedSPName());
    model.addObject("spList", metadataManager.getSPEntityNames());
    model.addObject("idpList", metadataManager.getIDPEntityNames());
    model.addObject("metadata", metadataManager.getAvailableProviders());

    return model;

}
 
Example #23
Source File: MetadataController.java    From spring-security-saml-java-sp with Apache License 2.0 3 votes vote down vote up
@RequestMapping(value = "/refresh")
public ModelAndView refreshMetadata() throws MetadataProviderException {

    metadataManager.refreshMetadata();
    return metadataList();

}
 
Example #24
Source File: DSLMetadataManager.java    From spring-boot-security-saml with MIT License 2 votes vote down vote up
/**
 * Creates new metadata manager, automatically registers itself for notifications from metadata changes and calls
 * reload upon a change. Also registers timer which verifies whether metadata needs to be reloaded in a specified
 * time interval.
 * <p>
 * It is mandatory that method afterPropertiesSet is called after the construction.
 *
 * @param providers providers to include, mustn't be null or empty
 * @throws MetadataProviderException error during initialization
 */
public DSLMetadataManager(List<MetadataProvider> providers) throws MetadataProviderException {
    super(providers);
}