Package com.sun.identity.saml2.meta

Class SAML2MetaManager

  • public class SAML2MetaManager
extends Object
    The SAML2MetaManager provides methods to manage both the standard entity descriptor and the extended entity configuration.

    • Field Detail

      • NAME_META_ALIAS_IN_URI

        public static final String NAME_META_ALIAS_IN_URI
        Constant used to identify meta alias.
        See Also:
        Constant Field Values

    • Constructor Detail

      • SAML2MetaManager

        public SAML2MetaManager​(Object callerToken)
                 throws SAML2MetaException
        Constructor for SAML2MetaManager.
        Parameters:
        callerToken - session token for the caller.
        Throws:
        SAML2MetaException - if unable to construct SAML2MetaManager

    • Method Detail

      • getEntityDescriptor

        public EntityDescriptorElement getEntityDescriptor​(String realm,
                                                   String entityId)
                                            throws SAML2MetaException
        Returns the standard metadata entity descriptor under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - ID of the entity to be retrieved.
        Returns:
        EntityDescriptorElement for the entity or null if not found.
        Throws:
        SAML2MetaException - if unable to retrieve the entity descriptor.

      • getSPSSODescriptor

        public SPSSODescriptorElement getSPSSODescriptor​(String realm,
                                                 String entityId)
                                          throws SAML2MetaException
        Returns first service provider's SSO descriptor in an entity under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - ID of the entity to be retrieved.
        Returns:
        SPSSODescriptorElement for the entity or null if not found.
        Throws:
        SAML2MetaException - if unable to retrieve the first service provider's SSO descriptor.

      • getAttributeAuthorityDescriptor

        public AttributeAuthorityDescriptorElement getAttributeAuthorityDescriptor​(String realm,
                                                                           String entityId)
                                                                    throws SAML2MetaException
        Returns attribute authority descriptor in an entity under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - ID of the entity to be retrieved.
        Returns:
        an AttributeAuthorityDescriptorElement object for the entity or null if not found.
        Throws:
        SAML2MetaException - if unable to retrieve attribute authority descriptor.

      • getAttributeQueryDescriptor

        public AttributeQueryDescriptorElement getAttributeQueryDescriptor​(String realm,
                                                                   String entityId)
                                                            throws SAML2MetaException
        Returns attribute query descriptor in an entity under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - ID of the entity to be retrieved.
        Returns:
        an AttributeQueryDescriptorElement object for the entity or null if not found.
        Throws:
        SAML2MetaException - if unable to retrieve attribute query descriptor.

      • getAuthnAuthorityDescriptor

        public AuthnAuthorityDescriptorElement getAuthnAuthorityDescriptor​(String realm,
                                                                   String entityId)
                                                            throws SAML2MetaException
        Returns authentication authority descriptor in an entity under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - ID of the entity to be retrieved.
        Returns:
        an AuthnAuthorityDescriptorElement object for the entity or null if not found.
        Throws:
        SAML2MetaException - if unable to retrieve authentication authority descriptor.

      • getPolicyDecisionPointDescriptor

        public XACMLPDPDescriptorElement getPolicyDecisionPointDescriptor​(String realm,
                                                                  String entityId)
                                                           throws SAML2MetaException
        Returns first policy decision point descriptor in an entity under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - ID of the entity to be retrieved.
        Returns:
        policy decision point descriptor.
        Throws:
        SAML2MetaException - if unable to retrieve the descriptor.

      • getPolicyEnforcementPointDescriptor

        public XACMLAuthzDecisionQueryDescriptorElement getPolicyEnforcementPointDescriptor​(String realm,
                                                                                    String entityId)
                                                                             throws SAML2MetaException
        Returns first policy enforcement point descriptor in an entity under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - ID of the entity to be retrieved.
        Returns:
        policy enforcement point descriptor.
        Throws:
        SAML2MetaException - if unable to retrieve the descriptor.

      • getIDPSSODescriptor

        public IDPSSODescriptorElement getIDPSSODescriptor​(String realm,
                                                   String entityId)
                                            throws SAML2MetaException
        Returns first identity provider's SSO descriptor in an entity under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - ID of the entity to be retrieved.
        Returns:
        IDPSSODescriptorElement for the entity or null if not found.
        Throws:
        SAML2MetaException - if unable to retrieve the first identity provider's SSO descriptor.

      • getAffiliationDescriptor

        public AffiliationDescriptorType getAffiliationDescriptor​(String realm,
                                                          String entityId)
                                                   throws SAML2MetaException
        Returns affiliation descriptor in an entity under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - ID of the entity to be retrieved.
        Returns:
        AffiliationDescriptorType for the entity or null if not found.
        Throws:
        SAML2MetaException - if unable to retrieve the affiliation descriptor.

      • setEntityDescriptor

        public void setEntityDescriptor​(String realm,
                                EntityDescriptorElement descriptor)
                         throws SAML2MetaException
        Sets the standard metadata entity descriptor under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        descriptor - The standard entity descriptor object to be set.
        Throws:
        SAML2MetaException - if unable to set the entity descriptor.

      • createEntityDescriptor

        public void createEntityDescriptor​(String realm,
                                   EntityDescriptorElement descriptor)
                            throws SAML2MetaException
        Creates the standard metadata entity descriptor under the realm.
        Parameters:
        realm - The realm under which the entity descriptor will be created.
        descriptor - The standard entity descriptor object to be created.
        Throws:
        SAML2MetaException - if unable to create the entity descriptor.

      • createEntity

        public void createEntity​(String realm,
                         EntityDescriptorElement descriptor,
                         EntityConfigElement config)
                  throws SAML2MetaException
        Creates the standard and extended metadata under the realm.
        Parameters:
        realm - The realm under which the entity descriptor will be created.
        descriptor - The standard entity descriptor object to be created.
        config - The extended entity config object to be created.
        Throws:
        SAML2MetaException - if unable to create the entity.

      • deleteEntityDescriptor

        public void deleteEntityDescriptor​(String realm,
                                   String entityId)
                            throws SAML2MetaException
        Deletes the standard metadata entity descriptor under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - The ID of the entity for whom the standard entity descriptor will be deleted.
        Throws:
        SAML2MetaException - if unable to delete the entity descriptor.

      • getEntityConfig

        public EntityConfigElement getEntityConfig​(String realm,
                                           String entityId)
                                    throws SAML2MetaException
        Returns extended entity configuration under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - ID of the entity to be retrieved.
        Returns:
        EntityConfigElement object for the entity or null if not found.
        Throws:
        SAML2MetaException - if unable to retrieve the entity configuration.

      • getSPSSOConfig

        public SPSSOConfigElement getSPSSOConfig​(String realm,
                                         String entityId)
                                  throws SAML2MetaException
        Returns first service provider's SSO configuration in an entity under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - ID of the entity to be retrieved.
        Returns:
        SPSSOConfigElement for the entity or null if not found.
        Throws:
        SAML2MetaException - if unable to retrieve the first service provider's SSO configuration.

      • getPolicyDecisionPointConfig

        public XACMLPDPConfigElement getPolicyDecisionPointConfig​(String realm,
                                                          String entityId)
                                                   throws SAML2MetaException
        Returns first policy decision point configuration in an entity under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - ID of the entity to be retrieved.
        Returns:
        policy decision point configuration or null if it is not found.
        Throws:
        SAML2MetaException - if unable to retrieve the configuration.

      • getPolicyEnforcementPointConfig

        public XACMLAuthzDecisionQueryConfigElement getPolicyEnforcementPointConfig​(String realm,
                                                                            String entityId)
                                                                     throws SAML2MetaException
        Returns first policy enforcement point configuration in an entity under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - ID of the entity to be retrieved.
        Returns:
        policy decision point configuration or null if it is not found.
        Throws:
        SAML2MetaException - if unable to retrieve the configuration.

      • getIDPSSOConfig

        public IDPSSOConfigElement getIDPSSOConfig​(String realm,
                                           String entityId)
                                    throws SAML2MetaException
        Returns first identity provider's SSO configuration in an entity under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - ID of the entity to be retrieved.
        Returns:
        IDPSSOConfigElement for the entity or null if not found.
        Throws:
        SAML2MetaException - if unable to retrieve the first identity provider's SSO configuration.

      • getAttributeAuthorityConfig

        public AttributeAuthorityConfigElement getAttributeAuthorityConfig​(String realm,
                                                                   String entityId)
                                                            throws SAML2MetaException
        Returns first attribute authority configuration in an entity under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - ID of the entity to be retrieved.
        Returns:
        AttributeAuthorityConfigElement for the entity or null if not found.
        Throws:
        SAML2MetaException - if unable to retrieve the first attribute authority configuration.

      • getAttributeQueryConfig

        public AttributeQueryConfigElement getAttributeQueryConfig​(String realm,
                                                           String entityId)
                                                    throws SAML2MetaException
        Returns first attribute query configuration in an entity under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - ID of the entity to be retrieved.
        Returns:
        AttributeQueryConfigElement for the entity or null if not found.
        Throws:
        SAML2MetaException - if unable to retrieve the first attribute query configuration.

      • getAuthnAuthorityConfig

        public AuthnAuthorityConfigElement getAuthnAuthorityConfig​(String realm,
                                                           String entityId)
                                                    throws SAML2MetaException
        Returns first authentication authority configuration in an entity under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - ID of the entity to be retrieved.
        Returns:
        AuthnAuthorityConfigElement for the entity or null if not found.
        Throws:
        SAML2MetaException - if unable to retrieve the first authentication authority configuration.

      • getAffiliationConfig

        public AffiliationConfigElement getAffiliationConfig​(String realm,
                                                     String entityId)
                                              throws SAML2MetaException
        Returns affiliation configuration in an entity under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - ID of the entity to be retrieved.
        Returns:
        AffiliationConfigElement for the entity or null if not found.
        Throws:
        SAML2MetaException - if unable to retrieve the affiliation configuration.

      • setEntityConfig

        public void setEntityConfig​(String realm,
                            EntityConfigElement config)
                     throws SAML2MetaException
        Sets the extended entity configuration under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        config - The extended entity configuration object to be set.
        Throws:
        SAML2MetaException - if unable to set the entity configuration.

      • createEntityConfig

        public void createEntityConfig​(String realm,
                               EntityConfigElement config)
                        throws SAML2MetaException
        Creates the extended entity configuration under the realm.
        Parameters:
        realm - The realm under which the entity configuration will be created.
        config - The extended entity configuration object to be created.
        Throws:
        SAML2MetaException - if unable to create the entity configuration.

      • deleteEntityConfig

        public void deleteEntityConfig​(String realm,
                               String entityId)
                        throws SAML2MetaException
        Deletes the extended entity configuration under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - The ID of the entity for whom the extended entity configuration will be deleted.
        Throws:
        SAML2MetaException - if unable to delete the entity descriptor.

      • getAllHostedEntities

        public List getAllHostedEntities​(String realm)
                          throws SAML2MetaException
        Returns all hosted entities under the realm.
        Parameters:
        realm - The realm under which the hosted entities reside.
        Returns:
        a List of entity ID String.
        Throws:
        SAML2MetaException - if unable to retrieve the entity ids.

      • getAllHostedServiceProviderEntities

        public List getAllHostedServiceProviderEntities​(String realm)
                                         throws SAML2MetaException
        Returns all hosted service provider entities under the realm.
        Parameters:
        realm - The realm under which the hosted service provider entities reside.
        Returns:
        a List of entity ID String.
        Throws:
        SAML2MetaException - if unable to retrieve the entity ids.

      • getAllHostedPolicyDecisionPointEntities

        public List getAllHostedPolicyDecisionPointEntities​(String realm)
                                             throws SAML2MetaException
        Returns all hosted policy decision point entities under the realm.
        Parameters:
        realm - The realm under which the hosted policy decision point entities reside.
        Returns:
        a list of entity ID.
        Throws:
        SAML2MetaException - if unable to retrieve the entity ids.

      • getAllRemotePolicyDecisionPointEntities

        public List getAllRemotePolicyDecisionPointEntities​(String realm)
                                             throws SAML2MetaException
        Returns all remote policy decision point entities under the realm.
        Parameters:
        realm - The realm under which the remote policy decision point entities reside.
        Returns:
        a list of entity ID.
        Throws:
        SAML2MetaException - if unable to retrieve the entity ids.

      • getAllHostedPolicyEnforcementPointEntities

        public List getAllHostedPolicyEnforcementPointEntities​(String realm)
                                                throws SAML2MetaException
        Returns all hosted policy enforcement point entities under the realm.
        Parameters:
        realm - The realm under which the hosted policy enforcement point entities reside.
        Returns:
        a list of entity ID.
        Throws:
        SAML2MetaException - if unable to retrieve the entity ids.

      • getAllRemotePolicyEnforcementPointEntities

        public List getAllRemotePolicyEnforcementPointEntities​(String realm)
                                                throws SAML2MetaException
        Returns all remote policy enforcement point entities under the realm.
        Parameters:
        realm - The realm under which the remote policy enforcement point entities reside.
        Returns:
        a list of entity ID.
        Throws:
        SAML2MetaException - if unable to retrieve the entity ids.

      • getAllHostedIdentityProviderEntities

        public List getAllHostedIdentityProviderEntities​(String realm)
                                          throws SAML2MetaException
        Returns all hosted identity provider entities under the realm.
        Parameters:
        realm - The realm under which the hosted identity provider entities reside.
        Returns:
        a List of entity ID String.
        Throws:
        SAML2MetaException - if unable to retrieve the entity ids.

      • getAllRemoteEntities

        public List getAllRemoteEntities​(String realm)
                          throws SAML2MetaException
        Returns all remote entities under the realm.
        Parameters:
        realm - The realm under which the hosted entities reside.
        Returns:
        a List of entity ID String.
        Throws:
        SAML2MetaException - if unable to retrieve the entity ids.

      • getAllRemoteServiceProviderEntities

        public List getAllRemoteServiceProviderEntities​(String realm)
                                         throws SAML2MetaException
        Returns all remote service provider entities under the realm.
        Parameters:
        realm - The realm under which the remote service provider entities reside.
        Returns:
        a List of entity ID String.
        Throws:
        SAML2MetaException - if unable to retrieve the entity ids.

      • getAllRemoteIdentityProviderEntities

        public List getAllRemoteIdentityProviderEntities​(String realm)
                                          throws SAML2MetaException
        Returns all remote identity provider entities under the realm.
        Parameters:
        realm - The realm under which the remote identity provider entities reside.
        Returns:
        a List of entity ID String.
        Throws:
        SAML2MetaException - if unable to retrieve the entity ids.

      • getEntityByMetaAlias

        public String getEntityByMetaAlias​(String metaAlias)
                            throws SAML2MetaException
        Returns entity ID associated with the metaAlias.
        Parameters:
        metaAlias - The metaAlias.
        Returns:
        entity ID associated with the metaAlias or null if not found.
        Throws:
        SAML2MetaException - if unable to retrieve the entity ids.

      • getAllHostedMetaAliasesByRealm

        public List<String> getAllHostedMetaAliasesByRealm​(String realm)
                                            throws SAML2MetaException
        Returns all the hosted entity metaAliases for a realm.
        Parameters:
        realm - The given realm.
        Returns:
        all the hosted entity metaAliases for a realm or an empty arrayList if not found.
        Throws:
        SAML2MetaException - if unable to retrieve the entity ids.

      • getRoleByMetaAlias

        public String getRoleByMetaAlias​(String metaAlias)
                          throws SAML2MetaException
        Returns role of an entity based on its metaAlias.
        Parameters:
        metaAlias - Meta alias of the entity.
        Returns:
        role of an entity either SAML2Constants.IDP_ROLE; or SAML2Constants.SP_ROLE or SAML2Constants.UNKNOWN_ROLE
        Throws:
        SAML2MetaException - if there are issues in getting the entity profile from the meta alias.

      • getAllHostedIdentityProviderMetaAliases

        public List getAllHostedIdentityProviderMetaAliases​(String realm)
                                             throws SAML2MetaException
        Returns metaAliases of all hosted identity providers under the realm.
        Parameters:
        realm - The realm under which the identity provider metaAliases reside.
        Returns:
        a List of metaAliases String.
        Throws:
        SAML2MetaException - if unable to retrieve meta aliases.

      • getAllHostedServiceProviderMetaAliases

        public List getAllHostedServiceProviderMetaAliases​(String realm)
                                            throws SAML2MetaException
        Returns metaAliases of all hosted service providers under the realm.
        Parameters:
        realm - The realm under which the service provider metaAliases reside.
        Returns:
        a List of metaAliases String.
        Throws:
        SAML2MetaException - if unable to retrieve meta aliases.

      • getAllHostedPolicyDecisionPointMetaAliases

        public List getAllHostedPolicyDecisionPointMetaAliases​(String realm)
                                                throws SAML2MetaException
        Returns meta aliases of all hosted policy decision point under the realm.
        Parameters:
        realm - The realm under which the policy decision point resides.
        Returns:
        list of meta aliases
        Throws:
        SAML2MetaException - if unable to retrieve meta aliases.

      • getAllHostedPolicyEnforcementPointMetaAliases

        public List getAllHostedPolicyEnforcementPointMetaAliases​(String realm)
                                                   throws SAML2MetaException
        Returns meta aliases of all hosted policy enforcement point under the realm.
        Parameters:
        realm - The realm under which the policy enforcement point resides.
        Returns:
        list of meta aliases
        Throws:
        SAML2MetaException - if unable to retrieve meta aliases.

      • isTrustedProvider

        public boolean isTrustedProvider​(String realm,
                                 String entityId,
                                 String trustedEntityId)
                          throws SAML2MetaException
        Determines whether two entities are in the same circle of trust under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - The ID of the entity
        trustedEntityId - The ID of the entity
        Throws:
        SAML2MetaException - if unable to determine the trusted relationship.

      • isTrustedXACMLProvider

        public boolean isTrustedXACMLProvider​(String realm,
                                      String entityId,
                                      String trustedEntityId,
                                      String role)
                               throws SAML2MetaException
        Determines whether two entities are in the same circle of trust under the realm. Returns true if entities are in same circle of trust. The entity can be a PDP or a PEP. If an entity role other then PEP or PDP is specified then a false will be returned.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - the hosted entity Identifier (PEP or PDP).
        trustedEntityId - the remote entity identifier (PEP or PDP).
        role - the role of the hosted entity.
        Throws:
        SAML2MetaException - if unable to determine the trusted relationship.

      • getAllEntities

        public Set getAllEntities​(String realm)
                   throws SAML2MetaException
        Returns all entities under the realm.
        Parameters:
        realm - The realm under which the entities reside.
        Returns:
        a Set of entity ID String.
        Throws:
        SAML2MetaException - if unable to retrieve the entity ids.

      • validateMetaAliasForNewEntity

        public void validateMetaAliasForNewEntity​(String realm,
                                          List<String> newMetaAliases)
                                   throws SAML2MetaException
        Checks that the provided metaAliases are valid for a new hosted entity in the specified realm. Will verify that the metaAliases do not already exist in the realm and that no duplicates are provided.
        Parameters:
        realm - The realm in which we are validating the metaAliases.
        newMetaAliases - values we are using to create the new metaAliases.
        Throws:
        SAML2MetaException - if duplicate values found.