org.opensaml.saml2.metadata.provider.MetadataProviderException Java Examples
The following examples show how to use
org.opensaml.saml2.metadata.provider.MetadataProviderException.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SAML2AuthManagerImpl.java From cloudstack with Apache License 2.0 | 6 votes |
|
@Override
public void run() {
if (_idpMetaDataProvider == null) {
return;
}
s_logger.debug("Starting SAML IDP Metadata Refresh Task");
Map <String, SAMLProviderMetadata> metadataMap = new HashMap<String, SAMLProviderMetadata>();
try {
discoverAndAddIdp(_idpMetaDataProvider.getMetadata(), metadataMap);
_idpMetadataMap = metadataMap;
expireTokens();
s_logger.debug("Finished refreshing SAML Metadata and expiring old auth tokens");
} catch (MetadataProviderException e) {
s_logger.warn("SAML Metadata Refresh task failed with exception: " + e.getMessage());
}
}
Example #2
| Source File: MetadataCredentialResolver.java From lams with GNU General Public License v2.0 | 6 votes |
|
/**
* Get the list of metadata role descriptors which match the given entityID, role and protocol.
*
* @param entityID entity ID of the credential owner
* @param role role in which the entity is operating
* @param protocol protocol over which the entity is operating (may be null)
* @return a list of role descriptors matching the given parameters, or null
* @throws SecurityException thrown if there is an error retrieving role descriptors from the metadata provider
*/
protected List<RoleDescriptor> getRoleDescriptors(String entityID, QName role, String protocol)
throws SecurityException {
try {
if (log.isDebugEnabled()) {
log.debug("Retrieving metadata for entity '{}' in role '{}' for protocol '{}'",
new Object[] {entityID, role, protocol});
}
if (DatatypeHelper.isEmpty(protocol)) {
return metadata.getRole(entityID, role);
} else {
RoleDescriptor roleDescriptor = metadata.getRole(entityID, role, protocol);
if (roleDescriptor == null) {
return null;
}
List<RoleDescriptor> roles = new ArrayList<RoleDescriptor>();
roles.add(roleDescriptor);
return roles;
}
} catch (MetadataProviderException e) {
log.error("Unable to read metadata from provider", e);
throw new SecurityException("Unable to read metadata provider", e);
}
}
Example #3
| Source File: BaseSAML1MessageDecoder.java From lams with GNU General Public License v2.0 | 6 votes |
|
/**
* Populates the peer's entity metadata if a metadata provide is present in the message context. Populates the
* peer's role descriptor if the entity metadata was available and the role name is present in the message context.
*
* @param messageContext current message context
*
* @throws MessageDecodingException thrown if there is a problem populating the message context
*/
protected void populateRelyingPartyMetadata(SAMLMessageContext messageContext) throws MessageDecodingException {
MetadataProvider metadataProvider = messageContext.getMetadataProvider();
try {
if (metadataProvider != null) {
EntityDescriptor relyingPartyMD = metadataProvider.getEntityDescriptor(messageContext
.getInboundMessageIssuer());
messageContext.setPeerEntityMetadata(relyingPartyMD);
QName relyingPartyRole = messageContext.getPeerEntityRole();
if (relyingPartyMD != null && relyingPartyRole != null) {
List<RoleDescriptor> roles = relyingPartyMD.getRoleDescriptors(relyingPartyRole,
SAMLConstants.SAML11P_NS);
if (roles != null && roles.size() > 0) {
messageContext.setPeerEntityRoleMetadata(roles.get(0));
}
}
}
} catch (MetadataProviderException e) {
log.error("Error retrieving metadata for relying party " + messageContext.getInboundMessageIssuer(), e);
throw new MessageDecodingException("Error retrieving metadata for relying party "
+ messageContext.getInboundMessageIssuer(), e);
}
}
Example #4
| Source File: BaseSAML2MessageDecoder.java From lams with GNU General Public License v2.0 | 6 votes |
|
/**
* Populates the peer's entity metadata if a metadata provide is present in the message context. Populates the
* peer's role descriptor if the entity metadata was available and the role name is present in the message context.
*
* @param messageContext current message context
*
* @throws MessageDecodingException thrown if there is a problem populating the message context
*/
protected void populateRelyingPartyMetadata(SAMLMessageContext messageContext) throws MessageDecodingException {
MetadataProvider metadataProvider = messageContext.getMetadataProvider();
try {
if (metadataProvider != null) {
EntityDescriptor relyingPartyMD = metadataProvider.getEntityDescriptor(messageContext
.getInboundMessageIssuer());
messageContext.setPeerEntityMetadata(relyingPartyMD);
QName relyingPartyRole = messageContext.getPeerEntityRole();
if (relyingPartyMD != null && relyingPartyRole != null) {
List<RoleDescriptor> roles = relyingPartyMD.getRoleDescriptors(relyingPartyRole,
SAMLConstants.SAML11P_NS);
if (roles != null && roles.size() > 0) {
messageContext.setPeerEntityRoleMetadata(roles.get(0));
}
}
}
} catch (MetadataProviderException e) {
log.error("Error retrieving metadata for relying party " + messageContext.getInboundMessageIssuer(), e);
throw new MessageDecodingException("Error retrieving metadata for relying party "
+ messageContext.getInboundMessageIssuer(), e);
}
}
Example #5
| Source File: InsightsSecurityConfigurationAdapterSAML.java From Insights with Apache License 2.0 | 6 votes |
|
/**
* Provide IDP Metadata
*
* @return
* @throws MetadataProviderException
*/
@Bean
@Conditional(InsightsSAMLBeanInitializationCondition.class)
public ExtendedMetadataDelegate idpMetadata() throws MetadataProviderException {
Timer backgroundTaskTimer = new Timer(true);
HTTPMetadataProvider httpMetadataProvider = new HTTPMetadataProvider(backgroundTaskTimer, new HttpClient(),
singleSignOnConfig.getMetadataUrl());
httpMetadataProvider.setParserPool(parserPool());
ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(httpMetadataProvider,
extendedMetadata());
extendedMetadataDelegate.setMetadataTrustCheck(true);
extendedMetadataDelegate.setMetadataRequireSignature(true);
return extendedMetadataDelegate;
}
Example #6
| Source File: MetadataDescriptorUtil.java From MaxKey with Apache License 2.0 | 6 votes |
|
public EntityDescriptor getEntityDescriptor(Element elementMetadata)
throws Exception {
try {
DOMMetadataProvider dOMMetadataProvider = new DOMMetadataProvider(elementMetadata);
dOMMetadataProvider.setRequireValidMetadata(true); // Enable
// validation
dOMMetadataProvider.setParserPool(new BasicParserPool());
dOMMetadataProvider.initialize();
EntityDescriptor entityDescriptor = (EntityDescriptorImpl) dOMMetadataProvider.getMetadata();
return entityDescriptor;
} catch (MetadataProviderException e) {
logger.error("元数据解析出错", e);
throw new Exception("元数据解析出错", e);
}
}
Example #7
| Source File: MetadataDescriptorUtil.java From MaxKey with Apache License 2.0 | 6 votes |
|
public EntityDescriptor getEntityDescriptor(File file)
throws Exception {
try {
FilesystemMetadataProvider filesystemMetadataProvider = new FilesystemMetadataProvider(
file);
filesystemMetadataProvider.setRequireValidMetadata(true); // Enable
// validation
filesystemMetadataProvider.setParserPool(new BasicParserPool());
filesystemMetadataProvider.initialize();
EntityDescriptor entityDescriptor = (EntityDescriptorImpl) filesystemMetadataProvider.getMetadata();
return entityDescriptor;
} catch (MetadataProviderException e) {
logger.error("元数据解析出错", e);
throw new Exception("元数据文件解析出错", e);
}
}
Example #8
| Source File: WebSecurityConfig.java From spring-tsers-auth with Apache License 2.0 | 5 votes |
|
@Bean
@Qualifier("idp-ssocircle")
public ExtendedMetadataDelegate ssoCircleExtendedMetadataProvider()
throws MetadataProviderException {
AbstractMetadataProvider provider = new AbstractMetadataProvider() {
@Override
protected XMLObject doGetMetadata() throws MetadataProviderException {
DefaultResourceLoader loader = new DefaultResourceLoader();
Resource storeFile = loader.getResource("classPath:/saml/idp-metadata.xml");
ParserPool parser = parserPool();
try {
Document mdDocument = parser.parse(storeFile.getInputStream());
Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(mdDocument.getDocumentElement());
return unmarshaller.unmarshall(mdDocument.getDocumentElement());
} catch (Exception e) {
e.printStackTrace();
throw new MetadataProviderException();
}
}
};
ExtendedMetadataDelegate extendedMetadataDelegate =
new ExtendedMetadataDelegate(provider, extendedMetadata());
extendedMetadataDelegate.setMetadataTrustCheck(false);
extendedMetadataDelegate.setMetadataRequireSignature(false);
return extendedMetadataDelegate;
}
Example #9
| Source File: WebSecurityConfig.java From spring-boot-security-saml-sample with Apache License 2.0 | 5 votes |
|
@Bean
@Qualifier("metadata")
public CachingMetadataManager metadata() throws MetadataProviderException {
List<MetadataProvider> providers = new ArrayList<MetadataProvider>();
providers.add(ssoCircleExtendedMetadataProvider());
return new CachingMetadataManager(providers);
}
Example #10
| Source File: WebSecurityConfig.java From spring-boot-security-saml-sample with Apache License 2.0 | 5 votes |
|
@Bean
@Qualifier("idp-ssocircle")
public ExtendedMetadataDelegate ssoCircleExtendedMetadataProvider()
throws MetadataProviderException {
String idpSSOCircleMetadataURL = "https://idp.ssocircle.com/meta-idp.xml";
HTTPMetadataProvider httpMetadataProvider = new HTTPMetadataProvider(
this.backgroundTaskTimer, httpClient(), idpSSOCircleMetadataURL);
httpMetadataProvider.setParserPool(parserPool());
ExtendedMetadataDelegate extendedMetadataDelegate =
new ExtendedMetadataDelegate(httpMetadataProvider, extendedMetadata());
extendedMetadataDelegate.setMetadataTrustCheck(true);
extendedMetadataDelegate.setMetadataRequireSignature(false);
backgroundTaskTimer.purge();
return extendedMetadataDelegate;
}
Example #11
| Source File: MetadataController.java From spring-security-saml-java-sp with Apache License 2.0 | 5 votes |
|
/**
* Displays stored metadata.
*
* @param entityId entity ID of metadata to display
* @return model and view
* @throws MetadataProviderException in case metadata can't be located
* @throws MarshallingException in case de-serialization into string fails
*/
@RequestMapping(value = "/display")
public ModelAndView displayMetadata(@RequestParam("entityId") String entityId) throws MetadataProviderException, MarshallingException {
EntityDescriptor entityDescriptor = metadataManager.getEntityDescriptor(entityId);
ExtendedMetadata extendedMetadata = metadataManager.getExtendedMetadata(entityId);
if (entityDescriptor == null) {
throw new MetadataProviderException("Metadata with ID " + entityId + " not found");
}
return displayMetadata(entityDescriptor, extendedMetadata);
}
Example #12
| Source File: MetadataController.java From spring-security-saml-java-sp with Apache License 2.0 | 5 votes |
|
@RequestMapping(value = "/removeProvider")
public ModelAndView removeProvider(@RequestParam int providerIndex) throws MetadataProviderException {
ExtendedMetadataDelegate delegate = metadataManager.getAvailableProviders().get(providerIndex);
metadataManager.removeMetadataProvider(delegate);
return metadataList();
}
Example #13
| Source File: WebSecurityConfig.java From spring-tsers-auth with Apache License 2.0 | 5 votes |
|
@Bean
@Qualifier("metadata")
public CachingMetadataManager metadata() throws MetadataProviderException {
List<MetadataProvider> providers = new ArrayList<MetadataProvider>();
providers.add(ssoCircleExtendedMetadataProvider());
return new CachingMetadataManager(providers);
}
Example #14
| Source File: SAMLManager.java From blackduck-alert with Apache License 2.0 | 5 votes |
|
public void setupMetadataManager(String metadataURL, String entityId, String entityBaseUrl) throws MetadataProviderException {
logger.debug("SAML Setup MetaData Manager");
logger.debug("SAML - MetadataUrl: {}, EntityID: {}, EntityBaseUrl: {}", metadataURL, entityId, entityBaseUrl);
metadataGenerator.setEntityId(entityId);
metadataGenerator.setEntityBaseURL(entityBaseUrl);
Optional<ExtendedMetadataDelegate> httpProvider = createHttpProvider(metadataURL);
Optional<ExtendedMetadataDelegate> fileProvider = createFileProvider();
List<MetadataProvider> providers = List.of(httpProvider, fileProvider).stream()
.flatMap(Optional::stream)
.collect(Collectors.toList());
metadataManager.setProviders(providers);
metadataManager.afterPropertiesSet();
}
Example #15
| Source File: InsightsSecurityConfigurationAdapterSAML.java From Insights with Apache License 2.0 | 5 votes |
|
/**
* used to provide Metadata Manager
*
* @return
* @throws MetadataProviderException
*/
@Bean
@Qualifier("metadata")
@Conditional(InsightsSAMLBeanInitializationCondition.class)
public CachingMetadataManager metadata() throws MetadataProviderException {
List<MetadataProvider> providers = new ArrayList<>();
providers.add(idpMetadata());
return new CachingMetadataManager(providers);
}
Example #16
| Source File: MetadataCredentialResolver.java From lams with GNU General Public License v2.0 | 5 votes |
|
/** {@inheritDoc} */
protected Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet) throws SecurityException {
checkCriteriaRequirements(criteriaSet);
String entityID = criteriaSet.get(EntityIDCriteria.class).getEntityID();
MetadataCriteria mdCriteria = criteriaSet.get(MetadataCriteria.class);
QName role = mdCriteria.getRole();
String protocol = mdCriteria.getProtocol();
UsageCriteria usageCriteria = criteriaSet.get(UsageCriteria.class);
UsageType usage = null;
if (usageCriteria != null) {
usage = usageCriteria.getUsage();
} else {
usage = UsageType.UNSPECIFIED;
}
// See Jira issue SIDP-229.
log.debug("Forcing on-demand metadata provider refresh if necessary");
try {
metadata.getMetadata();
} catch (MetadataProviderException e) {
// don't care about errors at this level
}
MetadataCacheKey cacheKey = new MetadataCacheKey(entityID, role, protocol, usage);
Collection<Credential> credentials = retrieveFromCache(cacheKey);
if (credentials == null) {
credentials = retrieveFromMetadata(entityID, role, protocol, usage);
cacheCredentials(cacheKey, credentials);
}
return credentials;
}
Example #17
| Source File: SAMLManager.java From blackduck-alert with Apache License 2.0 | 5 votes |
|
public Optional<ExtendedMetadataDelegate> createFileProvider() throws MetadataProviderException {
Timer backgroundTaskTimer = new Timer(true);
if (!filePersistenceUtil.uploadFileExists(AuthenticationDescriptor.SAML_METADATA_FILE)) {
return Optional.empty();
}
logger.debug("SAML - Create File Metadata provider.");
File metadataFile = filePersistenceUtil.createUploadsFile(AuthenticationDescriptor.SAML_METADATA_FILE);
FilesystemMetadataProvider provider = new FilesystemMetadataProvider(backgroundTaskTimer, metadataFile);
provider.setParserPool(parserPool);
return Optional.of(createDelegate(provider));
}
Example #18
| Source File: SAMLManager.java From blackduck-alert with Apache License 2.0 | 5 votes |
|
public Optional<ExtendedMetadataDelegate> createHttpProvider(String metadataUrl) throws MetadataProviderException {
if (StringUtils.isBlank(metadataUrl)) {
return Optional.empty();
}
logger.debug("SAML - Create Http Metadata provider.");
// The URL can not end in a '/' because it messes with the paths for saml
String correctedMetadataURL = StringUtils.removeEnd(metadataUrl, "/");
Timer backgroundTaskTimer = new Timer(true);
HTTPMetadataProvider provider = new HTTPMetadataProvider(backgroundTaskTimer, new HttpClient(), correctedMetadataURL);
provider.setParserPool(parserPool);
return Optional.of(createDelegate(provider));
}
Example #19
| Source File: SAMLConfigDefaults.java From spring-boot-security-saml-samples with MIT License | 4 votes |
|
@Bean
public CachingMetadataManager metadataManager(List<MetadataProvider> metadataProviders) throws MetadataProviderException {
return new CachingMetadataManager(metadataProviders);
}
Example #20
| Source File: AuthenticationHandler.java From blackduck-alert with Apache License 2.0 | 4 votes |
|
@Bean
@Qualifier("metadata")
public CachingMetadataManager metadata() throws MetadataProviderException {
return new CachingMetadataManager(Collections.emptyList());
}
Example #21
| Source File: AuthenticationHandler.java From blackduck-alert with Apache License 2.0 | 4 votes |
|
@Bean
public SAMLManager samlManager() throws MetadataProviderException {
return new SAMLManager(parserPool(), extendedMetadata(), metadata(), metadataGenerator(), filePersistenceUtil, samlContext());
}
Example #22
| Source File: MetadataController.java From spring-security-saml-java-sp with Apache License 2.0 | 3 votes |
|
@RequestMapping
public ModelAndView metadataList() throws MetadataProviderException {
ModelAndView model = new ModelAndView(new InternalResourceView("/WEB-INF/security/metadataList.jsp", true));
model.addObject("hostedSP", metadataManager.getHostedSPName());
model.addObject("spList", metadataManager.getSPEntityNames());
model.addObject("idpList", metadataManager.getIDPEntityNames());
model.addObject("metadata", metadataManager.getAvailableProviders());
return model;
}
Example #23
| Source File: MetadataController.java From spring-security-saml-java-sp with Apache License 2.0 | 3 votes |
|
@RequestMapping(value = "/refresh")
public ModelAndView refreshMetadata() throws MetadataProviderException {
metadataManager.refreshMetadata();
return metadataList();
}
Example #24
| Source File: DSLMetadataManager.java From spring-boot-security-saml with MIT License | 2 votes |
|
/**
* Creates new metadata manager, automatically registers itself for notifications from metadata changes and calls
* reload upon a change. Also registers timer which verifies whether metadata needs to be reloaded in a specified
* time interval.
* <p>
* It is mandatory that method afterPropertiesSet is called after the construction.
*
* @param providers providers to include, mustn't be null or empty
* @throws MetadataProviderException error during initialization
*/
public DSLMetadataManager(List<MetadataProvider> providers) throws MetadataProviderException {
super(providers);
}
