diff --git a/e2e/sts/rest-sts-test.spec.mjs b/e2e/sts/rest-sts-test.spec.mjs new file mode 100644 index 0000000000..404c150da6 --- /dev/null +++ b/e2e/sts/rest-sts-test.spec.mjs @@ -0,0 +1,170 @@ +/* + * The contents of this file are subject to the terms of the Common Development and + * Distribution License (the License). You may not use this file except in compliance with the + * License. + * + * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the + * specific language governing permission and limitations under the License. + * + * When distributing Covered Software, include this CDDL Header Notice in each file and include + * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL + * Header, with the fields enclosed by brackets [] replaced by your own identifying + * information: "Portions copyright [year] [name of copyright owner]". + * + * Copyright 2026 3A Systems, LLC. + */ + +import { test, expect } from "@playwright/test"; +import { resolve } from "path"; +import { fileURLToPath } from "url"; + +// ─── Configuration ──────────────────────────────────────────────────────────── +const BASE_URL = process.env.OPENAM_BASE_URL ?? "http://openam.example.org:8080/openam"; +const ADMIN_USER = process.env.OPENAM_ADMIN_USER ?? "amadmin"; +const ADMIN_PASS = process.env.OPENAM_ADMIN_PASS ?? "ampassword"; + +const STS_INSTANCE_NAME = "openam-to-saml-sts"; +const SP_ENTITY_ID = "https://sp.example.com"; +const SP_ACS_URL = "https://sp.example.com/acs"; + +const __filename = fileURLToPath(import.meta.url); +const __dirname = resolve(__filename, ".."); + +// Get admin token +async function getAuthToken(request, username, password) { + const resp = await request.post(`${BASE_URL}/json/authenticate`, { + headers: { + "Content-Type": "application/json", + "X-OpenAM-Username": username, + "X-OpenAM-Password": password, + "Accept-API-Version": "resource=2.0, protocol=1.0", + } + }); + const json = await resp.json(); + return json.tokenId; +} + +// ─── Tests ──────────────────────────────────────────────────────────────────── +test.describe("REST STS - OpenAM Token → SAML2", () => { + + let adminToken; + + + async function stsExists(request) { + const response = await request.get(`${BASE_URL}/sts-publish/rest`, { + headers: { + "Content-Type": "application/json", + "iPlanetDirectoryPro": adminToken + }, + }); + + if(!response.ok()) { + return false; + } + const json = await response.json(); + return !!json[STS_INSTANCE_NAME] + } + + async function setupSts(request) { + const payload = { + invocation_context: "invocation_context_client_sdk", + instance_state: { + "deployment-config": { + "deployment-url-element": STS_INSTANCE_NAME, + "deployment-realm": "/", + "deployment-auth-target-mappings": {} + }, + "saml2-config": { + "issuer-name": `${BASE_URL}`, + "saml2-sp-entity-id": SP_ENTITY_ID, + "saml2-sp-acs-url": SP_ACS_URL, + "saml2-signature-key-alias": "test", + "saml2-sign-assertion": "false", + "saml2-encrypt-assertion": "false", + "saml2-encrypt-attributes": "false", + "saml2-encrypt-nameid": "false", + "saml2-name-id-format": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "saml2-token-lifetime-seconds": "600", + "saml2-encryption-algorithm-strength": "128", + "saml2-attribute-map": { + "email": "mail" + } + }, + "persist-issued-tokens-in-cts": "false", + "supported-token-transforms": [ + { + "inputTokenType": "OPENAM", + "outputTokenType": "SAML2", + "invalidateInterimOpenAMSession": false + } + ], + "token-lifetime": 600 + } + }; + + const response = await request.post(`${BASE_URL}/sts-publish/rest?_action=create`, { + headers: { + "Content-Type": "application/json", + "iPlanetDirectoryPro": adminToken + }, + data: payload + }); + + expect(response.ok()).toBeTruthy(); + const body = await response.json(); + console.log("REST STS instance created:", body); + expect(body).toHaveProperty("_id"); + } + + test.beforeAll(async ({ request }) => { + adminToken = await getAuthToken(request, ADMIN_USER, ADMIN_PASS); + expect(adminToken).toBeTruthy(); + console.log(`Admin token obtained: ${adminToken.slice(0, 20)}...`); + const haveSts = await stsExists(request) + if(!haveSts) { + await setupSts(request); + } + }); + + + test("should translate OpenAM token to SAML2 assertion", async ({ request }) => { + + const userSession = await getAuthToken(request, "demo", "changeit"); + + const translatePayload = { + input_token_state: { + token_type: "OPENAM", + session_id: userSession + }, + output_token_state: { + token_type: "SAML2", + subject_confirmation: "BEARER" + } + }; + + const response = await request.post( + `${BASE_URL}/rest-sts/${STS_INSTANCE_NAME}?_action=translate`, + { + headers: { + "Content-Type": "application/json", + "iPlanetDirectoryPro": userSession + }, + data: translatePayload + } + ); + + expect(response.ok()).toBeTruthy(); + const result = await response.json(); + + expect(result).toHaveProperty("issued_token"); + const assertion = result.issued_token; + + console.log(`SAML Assertion received: ${assertion.substring(0, 300)}...`,); + + // Basic XML validation + expect(assertion).toContain("${BASE_URL}`); + expect(assertion).toContain(SP_ENTITY_ID); + }); + +}); \ No newline at end of file diff --git a/openam-authentication/openam-auth-saml2/src/main/java/org/forgerock/openam/authentication/modules/saml2/SAML2.java b/openam-authentication/openam-auth-saml2/src/main/java/org/forgerock/openam/authentication/modules/saml2/SAML2.java index 15388f1483..a658caadd9 100644 --- a/openam-authentication/openam-auth-saml2/src/main/java/org/forgerock/openam/authentication/modules/saml2/SAML2.java +++ b/openam-authentication/openam-auth-saml2/src/main/java/org/forgerock/openam/authentication/modules/saml2/SAML2.java @@ -13,7 +13,7 @@ * * Copyright 2015-2016 ForgeRock AS. * Portions copyright 2019 Open Source Solution Technology Corporation - * Portions copyright 2025 3A Systems LLC. + * Portions copyright 2025-2026 3A Systems LLC. */ package org.forgerock.openam.authentication.modules.saml2; @@ -222,23 +222,23 @@ private int initiateSAMLLoginAtIDP(final HttpServletResponse response, final Htt bundle.getString("samlLocalConfigFailed")); } - List ssoServiceList = idpsso.getSingleSignOnService(); + List ssoServiceList = idpsso.getValue().getSingleSignOnService(); final SingleSignOnServiceElement endPoint = SPSSOFederate .getSingleSignOnServiceEndpoint(ssoServiceList, reqBinding); - if (endPoint == null || StringUtils.isEmpty(endPoint.getLocation())) { + if (endPoint == null || StringUtils.isEmpty(endPoint.getValue().getLocation())) { throw new SAML2Exception(SAML2Utils.bundle.getString("ssoServiceNotfound")); } if (reqBinding == null) { SAML2Utils.debug.message("SAML2 :: initiateSAMLLoginAtIDP() reqBinding is null using endpoint binding: {}", - endPoint.getBinding()); - reqBinding = endPoint.getBinding(); + endPoint.getValue().getBinding()); + reqBinding = endPoint.getValue().getBinding(); if (reqBinding == null) { throw new SAML2Exception(SAML2Utils.bundle.getString("UnableTofindBinding")); } } - String ssoURL = endPoint.getLocation(); + String ssoURL = endPoint.getValue().getLocation(); SAML2Utils.debug.message("SAML2 :: initiateSAMLLoginAtIDP() ssoURL : {}", ssoURL); final List extensionsList = SPSSOFederate.getExtensionsList(spEntityID, realm); @@ -619,7 +619,7 @@ private NameID getNameId() throws SAML2Exception, AuthLoginException { final EncryptedID encId = assertionSubject.getEncryptedID(); final String spName = metaManager.getEntityByMetaAlias(metaAlias); final SPSSOConfigElement spssoconfig = metaManager.getSPSSOConfig(realm, spName); - final Set decryptionKeys = KeyUtil.getDecryptionKeys(spssoconfig); + final Set decryptionKeys = KeyUtil.getDecryptionKeys(spssoconfig.getValue()); NameID nameId = assertionSubject.getNameID(); @@ -670,7 +670,7 @@ private void linkAttributeValues(Assertion assertion, String userName) SAML2Constants.WANT_ASSERTION_ENCRYPTED)); final boolean needAttributeEncrypted = SPACSUtils.getNeedAttributeEncrypted(needAssertionEncrypted, spssoconfig); - final Set decryptionKeys = KeyUtil.getDecryptionKeys(spssoconfig); + final Set decryptionKeys = KeyUtil.getDecryptionKeys(spssoconfig.getValue()); final List attrs = SPACSUtils.getAttrs(assertion, needAttributeEncrypted, decryptionKeys); final SPAttributeMapper attrMapper = SAML2Utils.getSPAttributeMapper(realm, spName); diff --git a/openam-authentication/openam-auth-saml2/src/main/java/org/forgerock/openam/authentication/modules/saml2/SAML2PostAuthenticationPlugin.java b/openam-authentication/openam-auth-saml2/src/main/java/org/forgerock/openam/authentication/modules/saml2/SAML2PostAuthenticationPlugin.java index 8d97973d1c..ec0631c36a 100644 --- a/openam-authentication/openam-auth-saml2/src/main/java/org/forgerock/openam/authentication/modules/saml2/SAML2PostAuthenticationPlugin.java +++ b/openam-authentication/openam-auth-saml2/src/main/java/org/forgerock/openam/authentication/modules/saml2/SAML2PostAuthenticationPlugin.java @@ -12,7 +12,7 @@ * information: "Portions copyright [year] [name of copyright owner]". * * Copyright 2015-2016 ForgeRock AS. - * Portions copyright 2025 3A Systems LLC. + * Portions copyright 2025-2026 3A Systems LLC. */ package org.forgerock.openam.authentication.modules.saml2; @@ -54,8 +54,11 @@ import java.util.Collections; import java.util.List; import java.util.Map; +import java.util.stream.Collectors; + import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; +import jakarta.xml.bind.JAXBElement; import org.forgerock.guice.core.InjectorHolder; import org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException; import org.forgerock.openam.saml2.SAML2Store; @@ -178,7 +181,8 @@ private void setupSingleLogOut(SSOToken ssoToken, String metaAlias, String sessi final String binding = SAML2Constants.HTTP_REDIRECT; final IDPSSODescriptorElement idpsso = sm.getIDPSSODescriptor(realm, idpEntityId); - final List slosList = idpsso.getSingleLogoutService(); + final List slosList = idpsso.getValue().getSingleLogoutService().stream() + .map(JAXBElement::getValue).collect(Collectors.toList()); EndpointType logoutEndpoint = null; for (EndpointType endpoint : slosList) { diff --git a/openam-authentication/openam-auth-saml2/src/test/java/org/forgerock/openam/authentication/modules/saml2/SAML2ProxyTest.java b/openam-authentication/openam-auth-saml2/src/test/java/org/forgerock/openam/authentication/modules/saml2/SAML2ProxyTest.java index b4217cecb1..a7c4a17651 100644 --- a/openam-authentication/openam-auth-saml2/src/test/java/org/forgerock/openam/authentication/modules/saml2/SAML2ProxyTest.java +++ b/openam-authentication/openam-auth-saml2/src/test/java/org/forgerock/openam/authentication/modules/saml2/SAML2ProxyTest.java @@ -12,7 +12,7 @@ * information: "Portions copyright [year] [name of copyright owner]". * * Copyright 2015-2016 ForgeRock AS. -* Portions copyright 2025 3A Systems LLC. +* Portions copyright 2025-2026 3A Systems LLC. */ package org.forgerock.openam.authentication.modules.saml2; @@ -23,7 +23,6 @@ import com.sun.identity.saml2.common.SAML2Constants; import com.sun.identity.shared.encode.URLEncDec; -import com.sun.xml.bind.StringInputStream; import jakarta.servlet.http.Cookie; import jakarta.servlet.http.HttpServletRequest; @@ -95,7 +94,8 @@ public void shouldEscapeMaliciousHtmlInputOnForm() { private String getFormAction(String html) { try { - final Document doc = XMLUtils.getSafeDocumentBuilder(false).parse(new StringInputStream(html)); + final Document doc = XMLUtils.getSafeDocumentBuilder(false).parse( + new java.io.ByteArrayInputStream(html.getBytes(java.nio.charset.StandardCharsets.UTF_8))); return XPathFactory.newInstance().newXPath().evaluate("string(//form/@action)", doc); } catch (Exception e) { throw new RuntimeException(e); diff --git a/openam-cli/openam-cli-impl/src/main/java/com/sun/identity/federation/cli/CreateMetaDataTemplate.java b/openam-cli/openam-cli-impl/src/main/java/com/sun/identity/federation/cli/CreateMetaDataTemplate.java index 958b1c1881..da9ddc68f8 100644 --- a/openam-cli/openam-cli-impl/src/main/java/com/sun/identity/federation/cli/CreateMetaDataTemplate.java +++ b/openam-cli/openam-cli-impl/src/main/java/com/sun/identity/federation/cli/CreateMetaDataTemplate.java @@ -25,6 +25,7 @@ * $Id: CreateMetaDataTemplate.java,v 1.38 2009/10/29 00:03:50 exu Exp $ * * Portions Copyrighted 2013-2016 ForgeRock AS. + * Portions Copyrighted 2026 3A Systems LLC. */ package com.sun.identity.federation.cli; @@ -60,7 +61,7 @@ import java.util.List; import java.util.Map; import java.util.Set; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; /** * Create Meta Data Template. diff --git a/openam-cli/openam-cli-impl/src/main/java/com/sun/identity/federation/cli/ExportMetaData.java b/openam-cli/openam-cli-impl/src/main/java/com/sun/identity/federation/cli/ExportMetaData.java index 72d25ae9fc..8d8948e3ba 100644 --- a/openam-cli/openam-cli-impl/src/main/java/com/sun/identity/federation/cli/ExportMetaData.java +++ b/openam-cli/openam-cli-impl/src/main/java/com/sun/identity/federation/cli/ExportMetaData.java @@ -28,6 +28,7 @@ /** * Portions Copyrighted 2013 ForgeRock AS + * Portions Copyrighted 2026 3A Systems LLC. */ package com.sun.identity.federation.cli; @@ -63,7 +64,7 @@ import java.io.OutputStream; import java.io.PrintWriter; import java.text.MessageFormat; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import org.w3c.dom.Document; import java.util.logging.Level; diff --git a/openam-cli/openam-cli-impl/src/main/java/com/sun/identity/federation/cli/ImportMetaData.java b/openam-cli/openam-cli-impl/src/main/java/com/sun/identity/federation/cli/ImportMetaData.java index 9da7f576b5..becac00328 100644 --- a/openam-cli/openam-cli-impl/src/main/java/com/sun/identity/federation/cli/ImportMetaData.java +++ b/openam-cli/openam-cli-impl/src/main/java/com/sun/identity/federation/cli/ImportMetaData.java @@ -25,6 +25,7 @@ * $Id: ImportMetaData.java,v 1.15 2009/10/29 00:03:50 exu Exp $ * * Portions Copyrighted 2012-2016 ForgeRock AS. + * Portions Copyrighted 2026 3A Systems LLC. */ package com.sun.identity.federation.cli; @@ -62,7 +63,10 @@ import java.util.ArrayList; import java.util.List; import java.util.logging.Level; -import javax.xml.bind.JAXBException; +import java.util.stream.Collectors; + +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.JAXBException; import org.forgerock.openam.utils.CollectionUtils; import org.forgerock.openam.utils.StringUtils; @@ -185,9 +189,10 @@ private void handleSAML2Request(RequestContext rc) * see note at the end of this class for how we decide * the realm value */ - if (configElt != null && configElt.isHosted()) { - List config = configElt. - getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); + if (configElt != null && Boolean.TRUE.equals(configElt.getValue().isHosted())) { + List config = configElt.getValue(). + getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig() + .stream().map(JAXBElement::getValue).collect(Collectors.toList()); if (CollectionUtils.isNotEmpty(config)) { realm = SAML2MetaUtils.getRealmByMetaAlias(config.get(0).getMetaAlias()); newMetaAliases = getMetaAliases(config); @@ -256,18 +261,18 @@ private void handleIDFFRequest(RequestContext rc) * see note at the end of this class for how we decide * the realm value */ - if ((configElt != null) && configElt.isHosted()) { + if ((configElt != null) && Boolean.TRUE.equals(configElt.getValue().isHosted())) { IDPDescriptorConfigElement idpConfig = IDFFMetaUtils.getIDPDescriptorConfig(configElt); if (idpConfig != null) { realm = SAML2MetaUtils.getRealmByMetaAlias( - idpConfig.getMetaAlias()); + idpConfig.getValue().getMetaAlias()); } else { SPDescriptorConfigElement spConfig = IDFFMetaUtils.getSPDescriptorConfig(configElt); if (spConfig != null) { realm = SAML2MetaUtils.getRealmByMetaAlias( - spConfig.getMetaAlias()); + spConfig.getValue().getMetaAlias()); } } } @@ -316,9 +321,10 @@ private void handleWSFedRequest(RequestContext rc) * see note at the end of this class for how we decide * the realm value */ - if (configElt != null && configElt.isHosted()) { + if (configElt != null && Boolean.TRUE.equals(configElt.getValue().isHosted())) { List config = - configElt.getIDPSSOConfigOrSPSSOConfig(); + configElt.getValue().getIDPSSOConfigOrSPSSOConfig() + .stream().map(JAXBElement::getValue).collect(Collectors.toList()); if (CollectionUtils.isNotEmpty(config)) { realm = WSFederationMetaUtils.getRealmByMetaAlias(config.get(0).getMetaAlias()); newMetaAliases = getMetaAliasesWsFed(config); @@ -454,7 +460,7 @@ private String importIDFFMetaData(String realm, IDFFMetaManager metaManager) descriptor = (com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement) obj; - entityID = descriptor.getProviderID(); + entityID = descriptor.getValue().getProviderID(); //TODO: signature //SAML2MetaSecurityUtils.verifySignature(doc); // @@ -514,14 +520,14 @@ private String importWSFedMetaData() if (obj instanceof com.sun.identity.wsfederation.jaxb.wsfederation.FederationMetadataElement) { // Just get the first element for now... // TODO - loop through Federation elements? - obj = ((com.sun.identity.wsfederation.jaxb.wsfederation.FederationMetadataElement)obj).getAny().get(0); + obj = ((com.sun.identity.wsfederation.jaxb.wsfederation.FederationMetadataElement)obj).getValue().getAny().get(0); } if (obj instanceof com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement) { com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement federation = (com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement)obj; - federationID = federation.getFederationID(); + federationID = federation.getValue().getFederationID(); if ( federationID == null ) { federationID = WSFederationConstants.DEFAULT_FEDERATION_ID; diff --git a/openam-clientsdk/pom.xml b/openam-clientsdk/pom.xml index 13d094bcf1..4dfa1ac209 100755 --- a/openam-clientsdk/pom.xml +++ b/openam-clientsdk/pom.xml @@ -13,7 +13,7 @@ * information: "Portions copyright [year] [name of copyright owner]". * * Copyright 2011-2016 ForgeRock AS. - * Portions copyright 2017-2023 3A Systems LLC + * Portions copyright 2017-2026 3A Systems LLC * --> @@ -143,9 +143,12 @@ joda-time:joda-time org.slf4j:slf4j-api external:jdmkrt - javax.xml.bind:jaxb-api - com.sun.xml.bind:jaxb-core - com.sun.xml.bind:jaxb-impl + jakarta.xml.bind:jakarta.xml.bind-api + org.glassfish.jaxb:jaxb-runtime + org.glassfish.jaxb:jaxb-core + com.sun.istack:istack-commons-runtime + org.glassfish.jaxb:txw2 + jakarta.activation:jakarta.activation-api diff --git a/openam-console/src/main/java/com/sun/identity/console/federation/SAMLv2SPServicesViewBean.java b/openam-console/src/main/java/com/sun/identity/console/federation/SAMLv2SPServicesViewBean.java index bdbb0f3b8e..4d20954bfd 100644 --- a/openam-console/src/main/java/com/sun/identity/console/federation/SAMLv2SPServicesViewBean.java +++ b/openam-console/src/main/java/com/sun/identity/console/federation/SAMLv2SPServicesViewBean.java @@ -23,7 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: SAMLv2SPServicesViewBean.java,v 1.5 2008/12/11 18:51:51 babysunil Exp $ - * + * + * Portions Copyrighted 2026 3A Systems LLC. */ package com.sun.identity.console.federation; @@ -161,15 +162,15 @@ private void populateAssertionConsumer(List assertionConServices) { AssertionConsumerServiceElement acsElem = (AssertionConsumerServiceElement) assertionConServices.get(i); tblAssertionConsumerModel.setValue( - TBL_DATA_DEFAULT, String.valueOf(acsElem.isIsDefault())); + TBL_DATA_DEFAULT, String.valueOf(Boolean.TRUE.equals(acsElem.getValue().isIsDefault()))); tblAssertionConsumerModel.setValue(TBL_DATA_TYPE, ( - (acsElem.getBinding()).substring(37))); + (acsElem.getValue().getBinding()).substring(37))); tblAssertionConsumerModel.setValue(TBL_DATA_LABEL, ( - (acsElem.getBinding()).substring(37))); + (acsElem.getValue().getBinding()).substring(37))); tblAssertionConsumerModel.setValue(TBL_DATA_LOCATION, - acsElem.getLocation()); + acsElem.getValue().getLocation()); tblAssertionConsumerModel.setValue(TBL_DATA_INDEX, - Integer.toString(acsElem.getIndex())); + Integer.toString(acsElem.getValue().getIndex())); } } @@ -251,10 +252,10 @@ private List updateWithAssertionServiceVlues() setInlineAlertMessage(CCAlert.TYPE_ERROR, "message.error", e.getMessage()); } - acsElem.setBinding(binding); - acsElem.setIsDefault(theValue); - acsElem.setIndex(Integer.parseInt(index)); - acsElem.setLocation(location); + acsElem.getValue().setBinding(binding); + acsElem.getValue().setIsDefault(theValue); + acsElem.getValue().setIndex(Integer.parseInt(index)); + acsElem.getValue().setLocation(location); asconsServiceList.add(acsElem); } diff --git a/openam-console/src/main/java/com/sun/identity/console/federation/model/CreateMetaDataModelImpl.java b/openam-console/src/main/java/com/sun/identity/console/federation/model/CreateMetaDataModelImpl.java index a52c054667..f43e6c904b 100644 --- a/openam-console/src/main/java/com/sun/identity/console/federation/model/CreateMetaDataModelImpl.java +++ b/openam-console/src/main/java/com/sun/identity/console/federation/model/CreateMetaDataModelImpl.java @@ -25,7 +25,7 @@ * $Id: CreateMetaDataModelImpl.java,v 1.7 2010/01/06 23:11:25 veiming Exp $ * * Portions Copyrighted 2015 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.console.federation.model; @@ -60,7 +60,7 @@ import java.util.Map; import java.util.Set; import jakarta.servlet.http.HttpServletRequest; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; public class CreateMetaDataModelImpl extends AMModelBase implements CreateMetaDataModel @@ -173,7 +173,7 @@ public void createWSFedProvider(String realm, String entityId, Map values) FederationElement elt = (FederationElement) WSFederationMetaUtils.convertStringToJAXB(metadata); - String federationID = elt.getFederationID(); + String federationID = elt.getValue().getFederationID(); if (federationID == null) { federationID = WSFederationConstants.DEFAULT_FEDERATION_ID; } diff --git a/openam-console/src/main/java/com/sun/identity/console/federation/model/EntityModelImpl.java b/openam-console/src/main/java/com/sun/identity/console/federation/model/EntityModelImpl.java index 130edaf882..df75476939 100644 --- a/openam-console/src/main/java/com/sun/identity/console/federation/model/EntityModelImpl.java +++ b/openam-console/src/main/java/com/sun/identity/console/federation/model/EntityModelImpl.java @@ -24,7 +24,7 @@ * * $Id: EntityModelImpl.java,v 1.20 2009/12/25 09:13:22 babysunil Exp $ * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. * */ @@ -397,7 +397,7 @@ public List getWSFedRoles(String entity, String realm) { FederationElement fedElem = metaManager.getEntityDescriptor(realm, entity); if (fedElem != null) { - for (Iterator iter = fedElem.getAny().iterator(); + for (Iterator iter = fedElem.getValue().getAny().iterator(); iter.hasNext(); ) { Object o = iter.next(); diff --git a/openam-console/src/main/java/com/sun/identity/console/federation/model/IDFFModelImpl.java b/openam-console/src/main/java/com/sun/identity/console/federation/model/IDFFModelImpl.java index f01b61e0c5..fa2558483b 100644 --- a/openam-console/src/main/java/com/sun/identity/console/federation/model/IDFFModelImpl.java +++ b/openam-console/src/main/java/com/sun/identity/console/federation/model/IDFFModelImpl.java @@ -61,43 +61,43 @@ import java.util.Map; import java.util.Set; import jakarta.servlet.http.HttpServletRequest; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; public class IDFFModelImpl extends EntityModelImpl implements IDFFModel { private IDFFMetaManager metaManager; - private static Map extendedMetaMap = new HashMap(24); - private static Map extendedMetaIdpMap = new HashMap(9); - private static Map extendedMetaSpMap = new HashMap(13); - private static List federationTerminationProfileList = new ArrayList(2); + private static Map extendedMetaMap = new HashMap<>(24); + private static Map extendedMetaIdpMap = new HashMap<>(9); + private static Map extendedMetaSpMap = new HashMap<>(13); + private static List federationTerminationProfileList = new ArrayList<>(2); static { federationTerminationProfileList.add("http://projectliberty.org/profiles/fedterm-sp-http"); federationTerminationProfileList.add("http://projectliberty.org/profiles/fedterm-sp-soap"); } - private static List singleLogoutProfileList = new ArrayList(3); + private static List singleLogoutProfileList = new ArrayList<>(3); static { singleLogoutProfileList.add("http://projectliberty.org/profiles/slo-sp-http"); singleLogoutProfileList.add("http://projectliberty.org/profiles/slo-idp-http-get"); singleLogoutProfileList.add("http://projectliberty.org/profiles/slo-sp-soap"); } - private static List nameRegistrationProfileList = new ArrayList(2); + private static List nameRegistrationProfileList = new ArrayList<>(2); static { nameRegistrationProfileList.add("http://projectliberty.org/profiles/rni-sp-http"); nameRegistrationProfileList.add("http://projectliberty.org/profiles/rni-sp-soap"); } - private static List federationProfileList = new ArrayList(3); + private static List federationProfileList = new ArrayList<>(3); static { federationProfileList.add("http://projectliberty.org/profiles/brws-post"); federationProfileList.add("http://projectliberty.org/profiles/brws-art"); federationProfileList.add("http://projectliberty.org/profiles/lecp"); } - private static List supportedSSOProfileList = new ArrayList(4); + private static List supportedSSOProfileList = new ArrayList<>(4); static { supportedSSOProfileList.add("http://projectliberty.org/profiles/brws-post"); @@ -238,9 +238,9 @@ public Map getCommonAttributeValues(String realm, String entityName) EntityDescriptorElement desc = manager.getEntityDescriptor( realm, entityName); values.put(ATTR_VALID_UNTIL, returnEmptySetIfValueIsNull( - desc.getValidUntil())); + desc.getValue().getValidUntil())); values.put(ATTR_CACHE_DURATION, returnEmptySetIfValueIsNull( - desc.getCacheDuration())); + desc.getValue().getCacheDuration())); logEvent("SUCCEED_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", param); } catch (IDFFMetaException e) { String[] paramsEx = {realm, entityName, "IDFF", "General", @@ -271,9 +271,9 @@ public void modifyEntityProfile(String realm, String entityName, Map map) EntityDescriptorElement desc = manager.getEntityDescriptor( realm, entityName); - desc.setValidUntil((String) AMAdminUtils.getValue( + desc.getValue().setValidUntil((String) AMAdminUtils.getValue( (Set) map.get(ATTR_VALID_UNTIL))); - desc.setCacheDuration((String) AMAdminUtils.getValue( + desc.getValue().setCacheDuration((String) AMAdminUtils.getValue( (Set) map.get(ATTR_CACHE_DURATION))); manager.setEntityDescriptor(realm, desc); @@ -421,8 +421,8 @@ public Map getEntitySPDescriptor(String realm, String entityName) returnEmptySetIfValueIsNull((String) pDesc.getRegisterNameIdentifierProtocolProfile().get(0))); // only for Service Provider - com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType.AssertionConsumerServiceURLType assertionType = - (com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType.AssertionConsumerServiceURLType) ((List) pDesc.getAssertionConsumerServiceURL()).get(0); + com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType.AssertionConsumerServiceURL assertionType = + (com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType.AssertionConsumerServiceURL) ((List) pDesc.getAssertionConsumerServiceURL()).get(0); if (assertionType != null) { map.put(ATTR_ASSERTION_CUSTOMER_SERVICE_URIID, returnEmptySetIfValueIsNull(assertionType.getId())); @@ -493,8 +493,10 @@ public Map getIDPEntityConfig( manager = getIDFFMetaManager(); String metaAlias = null; - BaseConfigType idpConfig = + IDPDescriptorConfigElement idpConfigElement = manager.getIDPDescriptorConfig(realm, entityName); + BaseConfigType idpConfig = (idpConfigElement != null) + ? idpConfigElement.getValue() : null; if (idpConfig != null) { map = IDFFMetaUtils.getAttributes(idpConfig); metaAlias = idpConfig.getMetaAlias(); @@ -561,8 +563,10 @@ public Map getSPEntityConfig( manager = getIDFFMetaManager(); String metaAlias = null; - BaseConfigType spConfig = + SPDescriptorConfigElement spConfigElement = manager.getSPDescriptorConfig(realm, entityName); + BaseConfigType spConfig = (spConfigElement != null) + ? spConfigElement.getValue() : null; if (spConfig != null) { map = IDFFMetaUtils.getAttributes(spConfig); metaAlias = spConfig.getMetaAlias(); @@ -734,8 +738,8 @@ public void updateEntitySPDescriptor( (Set) attrValues.get(ATTR_AUTHN_REQUESTS_SIGNED)); com.sun.identity.liberty.ws.meta.jaxb.ObjectFactory objFactory = new com.sun.identity.liberty.ws.meta.jaxb.ObjectFactory(); - com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType.AssertionConsumerServiceURLType assertionType = - objFactory.createSPDescriptorTypeAssertionConsumerServiceURLType(); + com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType.AssertionConsumerServiceURL assertionType = + objFactory.createSPDescriptorTypeAssertionConsumerServiceURL(); assertionType.setId(id); assertionType.setValue(value); if (isDefault.equals("true")) { @@ -751,8 +755,8 @@ public void updateEntitySPDescriptor( pDesc.setAuthnRequestsSigned(false); } - entityDescriptor.getSPDescriptor().clear(); - entityDescriptor.getSPDescriptor().add(pDesc); + entityDescriptor.getValue().getSPDescriptor().clear(); + entityDescriptor.getValue().getSPDescriptor().add(pDesc); idffManager.setEntityDescriptor(realm, entityDescriptor); logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params); } catch (IDFFMetaException e) { @@ -762,14 +766,6 @@ public void updateEntitySPDescriptor( {realm, entityName, "IDFF", "SP-Standard Metadata", strError}; logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx); throw new AMConsoleException(strError); - } catch (JAXBException e) { - debug.error("JAXBException, updateEntitySPDescriptor"); - String strError = getErrorString(e); - String[] paramsEx = - {realm, entityName, "IDFF", "SP-Standard Metadata", strError}; - logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx); - throw new AMConsoleException(strError); - } } @@ -896,8 +892,8 @@ public void updateEntityIDPDescriptor( } - entityDescriptor.getIDPDescriptor().clear(); - entityDescriptor.getIDPDescriptor().add(pDesc); + entityDescriptor.getValue().getIDPDescriptor().clear(); + entityDescriptor.getValue().getIDPDescriptor().add(pDesc); idffManager.setEntityDescriptor(realm, entityDescriptor); logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params); } catch (IDFFMetaException e) { @@ -916,11 +912,11 @@ private void updateAttrInConfig( List attrList = baseConfig.getAttribute(); for (Iterator i = attrList.iterator(); i.hasNext();) { AttributeElement avpnew = (AttributeElement) i.next(); - String name = avpnew.getName(); + String name = avpnew.getValue().getName(); Set set = (Set) values.get(name); if (set != null) { - avpnew.getValue().clear(); - avpnew.getValue().addAll(set); + avpnew.getValue().getValue().clear(); + avpnew.getValue().getValue().addAll(set); } } } @@ -954,7 +950,7 @@ public void updateIDPEntityConfig( throw new AMConsoleException("invalid.config.element"); } else { updateAttrInConfig( - idpDecConfigElement, + idpDecConfigElement.getValue(), attrValues, EntityModel.IDENTITY_PROVIDER); } @@ -1007,7 +1003,7 @@ public void updateSPEntityConfig( } else { // update sp entity config updateAttrInConfig( - spDecConfigElement, + spDecConfigElement.getValue(), attrValues, EntityModel.SERVICE_PROVIDER); //handle supported sso profile @@ -1024,7 +1020,7 @@ public void updateSPEntityConfig( } } updateAttrInConfig( - spDecConfigElement, + spDecConfigElement.getValue(), ATTR_SUPPORTED_SSO_PROFILE, supportedSSOProfileList); } @@ -1080,7 +1076,7 @@ public void updateIDPAuthenticationContexts( throw new AMConsoleException("invalid.config.element"); } else { updateAttrInConfig( - idpDecConfigElement, + idpDecConfigElement.getValue(), ATTR_IDP_AUTHN_CONTEXT_MAPPING, list); } @@ -1140,7 +1136,7 @@ public void updateSPAuthenticationContexts( } else { // update sp entity config updateAttrInConfig( - spDecConfigElement, + spDecConfigElement.getValue(), ATTR_SP_AUTHN_CONTEXT_MAPPING, list); } @@ -1170,10 +1166,10 @@ private void updateAttrInConfig( List attrList = baseConfig.getAttribute(); for (Iterator i = attrList.iterator(); i.hasNext();) { AttributeElement avpnew = (AttributeElement) i.next(); - String name = avpnew.getName(); + String name = avpnew.getValue().getName(); if (name.equals(attributeName)) { - avpnew.getValue().clear(); - avpnew.getValue().addAll(list); + avpnew.getValue().getValue().clear(); + avpnew.getValue().getValue().addAll(list); } } } @@ -1183,10 +1179,10 @@ private BaseConfigType addAttributeType(Map values, BaseConfigType bctype) ObjectFactory objFactory = new ObjectFactory(); for (Iterator iter = values.keySet().iterator(); iter.hasNext();) { - AttributeType avp = objFactory.createAttributeElement(); + AttributeElement avp = objFactory.createAttributeElement(objFactory.createAttributeType()); String key = (String) iter.next(); - avp.setName(key); - avp.getValue().addAll(Collections.EMPTY_LIST); + avp.getValue().setName(key); + avp.getValue().getValue().addAll(Collections.EMPTY_LIST); bctype.getAttribute().add(avp); } return bctype; @@ -1204,7 +1200,7 @@ private void updateAttrInConfig( BaseConfigType baseConfig, Map values, String role) throws JAXBException, AMConsoleException { - List attrList = baseConfig.getAttribute(); + List attrList = baseConfig.getAttribute(); if (role.equals(EntityModel.IDENTITY_PROVIDER)) { attrList.clear(); baseConfig = addAttributeType( @@ -1218,14 +1214,14 @@ private void updateAttrInConfig( baseConfig); attrList = baseConfig.getAttribute(); } - for (Iterator it = attrList.iterator(); it.hasNext();) { - AttributeElement avpnew = (AttributeElement) it.next(); - String name = avpnew.getName(); + for (Iterator it = attrList.iterator(); it.hasNext();) { + AttributeElement avpnew = it.next(); + String name = avpnew.getValue().getName(); if (values.keySet().contains(name)) { Set set = (Set) values.get(name); if (set != null) { - avpnew.getValue().clear(); - avpnew.getValue().addAll(set); + avpnew.getValue().getValue().clear(); + avpnew.getValue().getValue().addAll(set); } } } @@ -1249,8 +1245,10 @@ public IDFFAuthContexts getIDPAuthenticationContexts( IDFFMetaManager manager = getIDFFMetaManager(); Map map = new HashMap(); - BaseConfigType idpConfig = + IDPDescriptorConfigElement idpConfigElement = manager.getIDPDescriptorConfig(realm, entityName); + BaseConfigType idpConfig = (idpConfigElement != null) + ? idpConfigElement.getValue() : null; if (idpConfig != null) { map = IDFFMetaUtils.getAttributes(idpConfig); } else { @@ -1308,8 +1306,10 @@ public IDFFAuthContexts getSPAuthenticationContexts( IDFFMetaManager manager = getIDFFMetaManager(); Map map = new HashMap(); - BaseConfigType spConfig = + SPDescriptorConfigElement spConfigElement = manager.getSPDescriptorConfig(realm, entityName); + BaseConfigType spConfig = (spConfigElement != null) + ? spConfigElement.getValue() : null; if (spConfig != null) { map = IDFFMetaUtils.getAttributes(spConfig); } else { @@ -1353,13 +1353,13 @@ public void createEntityConfig( idffMetaMgr.getEntityConfig(realm, entityName); if (entityConfig == null) { entityConfig = - objFactory.createEntityConfigElement(); + objFactory.createEntityConfigElement(objFactory.createEntityConfigType()); // add to entityConfig - entityConfig.setEntityID(entityName); + entityConfig.getValue().setEntityID(entityName); if (location.equals("remote")) { - entityConfig.setHosted(false); + entityConfig.getValue().setHosted(false); } else { - entityConfig.setHosted(true); + entityConfig.getValue().setHosted(true); } } @@ -1370,29 +1370,29 @@ public void createEntityConfig( // It could have one sp and one idp. if ((role.equals(IFSConstants.SP)) && (IDFFMetaUtils.getSPDescriptor(entityDesc) != null)) { - baseCfgType = objFactory.createSPDescriptorConfigElement(); + baseCfgType = objFactory.createBaseConfigType(); - for (Iterator iter = extendedMetaMap.keySet().iterator(); - iter.hasNext();) { + for (Iterator iter = extendedMetaMap.keySet().iterator(); + iter.hasNext();) { AttributeType atype = objFactory.createAttributeType(); - String key = (String) iter.next(); + String key = iter.next(); atype.setName(key); atype.getValue().addAll(Collections.EMPTY_LIST); - baseCfgType.getAttribute().add(atype); + baseCfgType.getAttribute().add(objFactory.createAttributeElement(atype)); } - for (Iterator iter = extendedMetaSpMap.keySet().iterator(); - iter.hasNext();) { + for (Iterator iter = extendedMetaSpMap.keySet().iterator(); + iter.hasNext();) { AttributeType atype = objFactory.createAttributeType(); String key = (String) iter.next(); atype.setName(key); atype.getValue().addAll(Collections.EMPTY_LIST); - baseCfgType.getAttribute().add(atype); + baseCfgType.getAttribute().add(objFactory.createAttributeElement(atype)); } - entityConfig.getSPDescriptorConfig().add(baseCfgType); + entityConfig.getValue().getSPDescriptorConfig().add(objFactory.createSPDescriptorConfigElement(baseCfgType)); } else if ((role.equals(IFSConstants.IDP)) && (IDFFMetaUtils.getIDPDescriptor(entityDesc) != null)) { - baseCfgType = objFactory.createIDPDescriptorConfigElement(); + baseCfgType = objFactory.createBaseConfigType(); for (Iterator iter = extendedMetaMap.keySet().iterator(); iter.hasNext();) { @@ -1400,7 +1400,7 @@ public void createEntityConfig( String key = (String) iter.next(); atype.setName(key); atype.getValue().addAll(Collections.EMPTY_LIST); - baseCfgType.getAttribute().add(atype); + baseCfgType.getAttribute().add(objFactory.createAttributeElement(atype)); } for (Iterator iter = extendedMetaIdpMap.keySet().iterator(); @@ -1409,15 +1409,13 @@ public void createEntityConfig( String key = (String) iter.next(); atype.setName(key); atype.getValue().addAll(Collections.EMPTY_LIST); - baseCfgType.getAttribute().add(atype); + baseCfgType.getAttribute().add(objFactory.createAttributeElement(atype)); } - entityConfig.getIDPDescriptorConfig().add(baseCfgType); + entityConfig.getValue().getIDPDescriptorConfig().add(objFactory.createIDPDescriptorConfigElement(baseCfgType)); } idffMetaMgr.setEntityConfig(realm, entityConfig); } catch (IDFFMetaException e) { throw new AMConsoleException(getErrorString(e)); - } catch (JAXBException e) { - throw new AMConsoleException(getErrorString(e)); } } @@ -1498,10 +1496,12 @@ public Map getAffiliateProfileAttributeValues( values.put(ATTR_AFFILIATE_OWNER_ID, returnEmptySetIfValueIsNull(aDesc.getAffiliationOwnerID())); - BaseConfigType affiliationConfig = + com.sun.identity.federation.jaxb.entityconfig.AffiliationDescriptorConfigElement affiliationConfigElement = idffManager.getAffiliationDescriptorConfig( - realm, + realm, entityName); + BaseConfigType affiliationConfig = (affiliationConfigElement != null) + ? affiliationConfigElement.getValue() : null; if (affiliationConfig != null) { Map map = IDFFMetaUtils.getAttributes(affiliationConfig); @@ -1573,7 +1573,7 @@ public void updateAffiliateProfile( EntityDescriptorElement entityDescriptor = idffManager.getEntityDescriptor(realm, entityName); AffiliationDescriptorType aDesc = - entityDescriptor.getAffiliationDescriptor(); + entityDescriptor.getValue().getAffiliationDescriptor(); aDesc.setAffiliationOwnerID( (String) AMAdminUtils.getValue((Set) values.get( @@ -1596,7 +1596,7 @@ public void updateAffiliateProfile( aDesc.getAffiliateMember().add(newMember); } - entityDescriptor.setAffiliationDescriptor(aDesc); + entityDescriptor.getValue().setAffiliationDescriptor(aDesc); idffManager.setEntityDescriptor(realm, entityDescriptor); logEvent("SUCCEED_MODIFY_AFFILIATE_ENTITY_DESCRIPTOR", params); } catch (IDFFMetaException e) { diff --git a/openam-console/src/main/java/com/sun/identity/console/federation/model/ImportEntityModelImpl.java b/openam-console/src/main/java/com/sun/identity/console/federation/model/ImportEntityModelImpl.java index 378a2519f2..f3070c119a 100644 --- a/openam-console/src/main/java/com/sun/identity/console/federation/model/ImportEntityModelImpl.java +++ b/openam-console/src/main/java/com/sun/identity/console/federation/model/ImportEntityModelImpl.java @@ -25,7 +25,7 @@ * $Id: ImportEntityModelImpl.java,v 1.11 2009/11/10 01:19:49 exu Exp $ * * Portions Copyrighted 2012-2014 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.console.federation.model; @@ -46,7 +46,8 @@ import com.sun.identity.workflow.WorkflowException; import java.util.List; import java.util.Map; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.JAXBException; import jakarta.servlet.http.HttpServletRequest; import org.w3c.dom.Document; @@ -138,14 +139,14 @@ private void createSAMLv2Entity() throws AMConsoleException { if (extendedMetaData != null) { configElt = getEntityConfigElement(); - if (configElt != null && configElt.isHosted()) { - List config = - configElt.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); + if (configElt != null && Boolean.TRUE.equals(configElt.getValue().isHosted())) { + List> config = + configElt.getValue().getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); if (!config.isEmpty()) { - BaseConfigType bConfig = (BaseConfigType) - config.iterator().next(); - - // get the realm from the extended meta and use + BaseConfigType bConfig = + config.iterator().next().getValue(); + + // get the realm from the extended meta and use // for import realm = SAML2MetaUtils.getRealmByMetaAlias( bConfig.getMetaAlias()); @@ -189,7 +190,7 @@ private void importWSFedMetaData() Object obj = WSFederationMetaUtils.convertStringToJAXB(standardMetaData); if (obj instanceof com.sun.identity.wsfederation.jaxb.wsfederation.FederationMetadataElement) { - obj = ((com.sun.identity.wsfederation.jaxb.wsfederation.FederationMetadataElement)obj).getAny().get(0); + obj = ((com.sun.identity.wsfederation.jaxb.wsfederation.FederationMetadataElement)obj).getValue().getAny().get(0); } if (obj instanceof com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement) { @@ -236,18 +237,18 @@ private void createIDFFEntity() throws AMConsoleException { if (extendedMetaData != null) { configElt = getIDFFEntityConfigElement(); - if ((configElt != null) && configElt.isHosted()) { + if ((configElt != null) && Boolean.TRUE.equals(configElt.getValue().isHosted())) { IDPDescriptorConfigElement idpConfig = IDFFMetaUtils.getIDPDescriptorConfig(configElt); if (idpConfig != null) { SAML2MetaUtils.getRealmByMetaAlias( - idpConfig.getMetaAlias()); + idpConfig.getValue().getMetaAlias()); } else { SPDescriptorConfigElement spConfig = IDFFMetaUtils.getSPDescriptorConfig(configElt); if (spConfig != null) { SAML2MetaUtils.getRealmByMetaAlias( - spConfig.getMetaAlias()); + spConfig.getValue().getMetaAlias()); } } } @@ -310,12 +311,11 @@ private void createWSFedEntity() throws AMConsoleException { * see note at the end of this class for how we decide * the realm value */ - if (configElt != null && configElt.isHosted()) { - List config = configElt.getIDPSSOConfigOrSPSSOConfig(); + if (configElt != null && Boolean.TRUE.equals(configElt.getValue().isHosted())) { + List> config = configElt.getValue().getIDPSSOConfigOrSPSSOConfig(); if (!config.isEmpty()) { - com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType bConfig = - (com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType) - config.iterator().next(); + com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType bConfig = + config.iterator().next().getValue(); realm = WSFederationMetaUtils.getRealmByMetaAlias( bConfig.getMetaAlias()); } diff --git a/openam-console/src/main/java/com/sun/identity/console/federation/model/SAMLv2ModelImpl.java b/openam-console/src/main/java/com/sun/identity/console/federation/model/SAMLv2ModelImpl.java index 91d74539f1..bc2835eb48 100644 --- a/openam-console/src/main/java/com/sun/identity/console/federation/model/SAMLv2ModelImpl.java +++ b/openam-console/src/main/java/com/sun/identity/console/federation/model/SAMLv2ModelImpl.java @@ -26,7 +26,7 @@ * * Portions Copyrighted 2010-2015 ForgeRock AS. * Portions Copyrighted 2015 Nomura Research Institute, Ltd. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.console.federation.model; @@ -78,7 +78,8 @@ import com.sun.identity.saml2.jaxb.xmlenc.EncryptionMethodType; import com.sun.identity.shared.datastruct.OrderedSet; import com.sun.identity.console.federation.SAMLv2AuthContexts; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.JAXBException; import org.apache.xml.security.encryption.XMLCipher; import org.forgerock.openam.utils.StringUtils; @@ -495,24 +496,24 @@ public Map getStandardIdentityProviderAttributes( // retrieve WantAuthnRequestsSigned map.put(WANT_AUTHN_REQ_SIGNED,returnEmptySetIfValueIsNull( - idpssoDescriptor.isWantAuthnRequestsSigned())); + Boolean.TRUE.equals(idpssoDescriptor.getValue().isWantAuthnRequestsSigned()))); //retrieve ArtifactResolutionService map.put(ART_RES_LOCATION, Collections.EMPTY_SET); map.put(ART_RES_INDEX, Collections.EMPTY_SET); map.put(ART_RES_ISDEFAULT, Collections.EMPTY_SET); List artList = - idpssoDescriptor.getArtifactResolutionService(); + idpssoDescriptor.getValue().getArtifactResolutionService(); if (!artList.isEmpty()) { ArtifactResolutionServiceElement key = (ArtifactResolutionServiceElement)artList.get(0); map.put(ART_RES_LOCATION, - returnEmptySetIfValueIsNull(key.getLocation())); + returnEmptySetIfValueIsNull(key.getValue().getLocation())); map.put(ART_RES_INDEX, returnEmptySetIfValueIsNull(Integer.toString( - key.getIndex()))); + key.getValue().getIndex()))); map.put(ART_RES_ISDEFAULT, - returnEmptySetIfValueIsNull(key.isIsDefault())); + returnEmptySetIfValueIsNull(Boolean.TRUE.equals(key.getValue().isIsDefault()))); } //retrieve SingleLogoutService map.put(SINGLE_LOGOUT_HTTP_LOCATION, Collections.EMPTY_SET); @@ -523,11 +524,11 @@ public Map getStandardIdentityProviderAttributes( map.put(SINGLE_LOGOUT_SOAP_LOCATION, Collections.EMPTY_SET); map.put(SINGLE_LOGOUT_DEFAULT, Collections.EMPTY_SET); - List logoutList = idpssoDescriptor.getSingleLogoutService(); + List logoutList = idpssoDescriptor.getValue().getSingleLogoutService(); for (int i=0; i> getExtendedIdentityProviderAttributes( SAML2MetaManager samlManager = getSAML2MetaManager(); idpssoConfig = samlManager.getIDPSSOConfig(realm,entityName); if (idpssoConfig != null) { - BaseConfigType baseConfig = (BaseConfigType)idpssoConfig; + BaseConfigType baseConfig = idpssoConfig.getValue(); map = SAML2MetaUtils.getAttributes(baseConfig); } logEvent("SUCCEED_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params); @@ -718,13 +719,13 @@ public String getMetaalias( if (role.equals(EntityModel.IDENTITY_PROVIDER)) { idpssoConfig = samlManager.getIDPSSOConfig(realm,entityName); if (idpssoConfig != null) { - BaseConfigType baseConfig = (BaseConfigType)idpssoConfig; + BaseConfigType baseConfig = idpssoConfig.getValue(); metaAlias = baseConfig.getMetaAlias(); } } else if (role.equals(EntityModel.SERVICE_PROVIDER)) { spssoConfig = samlManager.getSPSSOConfig(realm,entityName); if (spssoConfig != null) { - BaseConfigType baseConfig = (BaseConfigType)spssoConfig; + BaseConfigType baseConfig = spssoConfig.getValue(); metaAlias = baseConfig.getMetaAlias(); } } @@ -767,10 +768,10 @@ public Map getStandardServiceProviderAttributes( // retrieve WantAuthnRequestsSigned map.put(IS_AUTHN_REQ_SIGNED, returnEmptySetIfValueIsNull( - spssoDescriptor.isAuthnRequestsSigned())); + Boolean.TRUE.equals(spssoDescriptor.getValue().isAuthnRequestsSigned()))); map.put(WANT_ASSERTIONS_SIGNED, returnEmptySetIfValueIsNull( - spssoDescriptor.isWantAssertionsSigned())); + Boolean.TRUE.equals(spssoDescriptor.getValue().isWantAssertionsSigned()))); //retrieve SingleLogoutService map.put(SP_SINGLE_LOGOUT_HTTP_LOCATION, Collections.EMPTY_SET); @@ -780,11 +781,11 @@ public Map getStandardServiceProviderAttributes( map.put(SP_SLO_POST_RESPLOC, Collections.EMPTY_SET); map.put(SP_SINGLE_LOGOUT_SOAP_LOCATION, Collections.EMPTY_SET); map.put(SP_LOGOUT_DEFAULT, Collections.EMPTY_SET); - List splogoutList = spssoDescriptor.getSingleLogoutService(); + List splogoutList = spssoDescriptor.getValue().getSingleLogoutService(); for (int i=0; i artList = idpssoDescriptor.getValue().getArtifactResolutionService(); if (artList.isEmpty()) { elem = - objFact.createArtifactResolutionServiceElement(); - elem.setBinding(soapBinding); - elem.setLocation(""); - elem.setIndex(0); - elem.setIsDefault(false); - idpssoDescriptor.getArtifactResolutionService().add(elem); + objFact.createArtifactResolutionServiceElement(objFact.createIndexedEndpointType()); + elem.getValue().setBinding(soapBinding); + elem.getValue().setLocation(""); + elem.getValue().setIndex(0); + elem.getValue().setIsDefault(false); + idpssoDescriptor.getValue().getArtifactResolutionService().add(elem); artList = - idpssoDescriptor.getArtifactResolutionService(); + idpssoDescriptor.getValue().getArtifactResolutionService(); } - elem = (ArtifactResolutionServiceElement)artList.get(0); - elem.setLocation(artLocation); - elem.setIndex(Integer.parseInt(indexValue)); - elem.setIsDefault(isDefault); - idpssoDescriptor. + elem = artList.get(0); + elem.getValue().setLocation(artLocation); + elem.getValue().setIndex(Integer.parseInt(indexValue)); + elem.getValue().setIsDefault(isDefault); + idpssoDescriptor.getValue(). getArtifactResolutionService().clear(); - idpssoDescriptor. + idpssoDescriptor.getValue(). getArtifactResolutionService().add(elem); } @@ -1067,7 +1059,7 @@ public void setIDPStdAttributeValues( } } - List logList = idpssoDescriptor.getSingleLogoutService(); + List logList = idpssoDescriptor.getValue().getSingleLogoutService(); if (!logList.isEmpty()) { logList.clear(); @@ -1123,7 +1115,7 @@ public void setIDPStdAttributeValues( } List manageNameIdList = - idpssoDescriptor.getManageNameIDService(); + idpssoDescriptor.getValue().getManageNameIDService(); if (!manageNameIdList.isEmpty()) { manageNameIdList.clear(); @@ -1156,30 +1148,30 @@ public void setIDPStdAttributeValues( idpStdValues, NAME_ID_MAPPPING); NameIDMappingServiceElement namidElem1 = null; List nameIDmappingList = - idpssoDescriptor.getNameIDMappingService(); + idpssoDescriptor.getValue().getNameIDMappingService(); if (nameIDmappingList.isEmpty()) { namidElem1 = - objFact.createNameIDMappingServiceElement(); - namidElem1.setBinding(soapBinding); - idpssoDescriptor.getNameIDMappingService(). + objFact.createNameIDMappingServiceElement(objFact.createEndpointType()); + namidElem1.getValue().setBinding(soapBinding); + idpssoDescriptor.getValue().getNameIDMappingService(). add(namidElem1); nameIDmappingList = - idpssoDescriptor.getNameIDMappingService(); + idpssoDescriptor.getValue().getNameIDMappingService(); } namidElem1 = (NameIDMappingServiceElement)nameIDmappingList.get(0); - namidElem1.setLocation(nameIDmappingloc); - idpssoDescriptor.getNameIDMappingService().clear(); - idpssoDescriptor.getNameIDMappingService().add( + namidElem1.getValue().setLocation(nameIDmappingloc); + idpssoDescriptor.getValue().getNameIDMappingService().clear(); + idpssoDescriptor.getValue().getNameIDMappingService().add( namidElem1); } //save nameid format if (idpStdValues.keySet().contains(NAMEID_FORMAT)) { - saveNameIdFormat(idpssoDescriptor, idpStdValues); + saveNameIdFormat(idpssoDescriptor.getValue(), idpStdValues); } //save for SingleSignOnService @@ -1192,7 +1184,7 @@ public void setIDPStdAttributeValues( idpStdValues, SINGLE_SIGNON_SOAP_LOCATION); String ssoSoapLocation = getResult( idpStdValues, SSO_SOAPS_LOC); - List signonList = idpssoDescriptor.getSingleSignOnService(); + List signonList = idpssoDescriptor.getValue().getSingleSignOnService(); if (!signonList.isEmpty()) { signonList.clear(); @@ -1202,9 +1194,9 @@ public void setIDPStdAttributeValues( ssohttpLocation.length() > 0) { SingleSignOnServiceElement slsElemRed = - objFact.createSingleSignOnServiceElement(); - slsElemRed.setBinding(httpRedirectBinding); - slsElemRed.setLocation(ssohttpLocation); + objFact.createSingleSignOnServiceElement(objFact.createEndpointType()); + slsElemRed.getValue().setBinding(httpRedirectBinding); + slsElemRed.getValue().setLocation(ssohttpLocation); signonList.add(slsElemRed); } @@ -1212,9 +1204,9 @@ public void setIDPStdAttributeValues( ssopostLocation.length() > 0) { SingleSignOnServiceElement slsElemPost = - objFact.createSingleSignOnServiceElement(); - slsElemPost.setBinding(httpPostBinding); - slsElemPost.setLocation(ssopostLocation); + objFact.createSingleSignOnServiceElement(objFact.createEndpointType()); + slsElemPost.getValue().setBinding(httpPostBinding); + slsElemPost.getValue().setLocation(ssopostLocation); signonList.add(slsElemPost); } @@ -1222,9 +1214,9 @@ public void setIDPStdAttributeValues( ssoSoapLocation.length() > 0) { SingleSignOnServiceElement slsElemSoap = - objFact.createSingleSignOnServiceElement(); - slsElemSoap.setBinding(soapBinding); - slsElemSoap.setLocation(ssoSoapLocation); + objFact.createSingleSignOnServiceElement(objFact.createEndpointType()); + slsElemSoap.getValue().setBinding(soapBinding); + slsElemSoap.getValue().setLocation(ssoSoapLocation); signonList.add(slsElemSoap); } } @@ -1285,7 +1277,7 @@ public void setIDPExtAttributeValues( IDPSSOConfigElement idpssoConfig = samlManager.getIDPSSOConfig(realm,entityName); if (idpssoConfig != null) { - updateBaseConfig(idpssoConfig, idpExtValues, role); + updateBaseConfig(idpssoConfig.getValue(), idpExtValues, role); } //saves the attributes by passing the new entityConfig object @@ -1369,7 +1361,7 @@ public void setSPStdAttributeValues( } } - List logList = spssoDescriptor.getSingleLogoutService(); + List logList = spssoDescriptor.getValue().getSingleLogoutService(); if (!logList.isEmpty()) { logList.clear(); @@ -1427,7 +1419,7 @@ public void setSPStdAttributeValues( } List manageNameIdList = - spssoDescriptor.getManageNameIDService(); + spssoDescriptor.getValue().getManageNameIDService(); if (!manageNameIdList.isEmpty()) { manageNameIdList.clear(); @@ -1463,7 +1455,7 @@ public void setSPStdAttributeValues( if (!assertionConsumer.isEmpty() && assertionConsumer.size() > 0) { List asconsServiceList = - spssoDescriptor.getAssertionConsumerService(); + spssoDescriptor.getValue().getAssertionConsumerService(); if (!asconsServiceList.isEmpty()) { asconsServiceList.clear(); @@ -1473,21 +1465,21 @@ public void setSPStdAttributeValues( //save nameid format if (spStdValues.keySet().contains(NAMEID_FORMAT)) { - saveNameIdFormat(spssoDescriptor, spStdValues); + saveNameIdFormat(spssoDescriptor.getValue(), spStdValues); } //save AuthnRequestsSigned if (spStdValues.keySet().contains(IS_AUTHN_REQ_SIGNED)) { boolean authnValue = setToBoolean( spStdValues, IS_AUTHN_REQ_SIGNED); - spssoDescriptor.setAuthnRequestsSigned(authnValue); + spssoDescriptor.getValue().setAuthnRequestsSigned(authnValue); } //save WantAssertionsSigned if (spStdValues.keySet().contains(WANT_ASSERTIONS_SIGNED)) { boolean assertValue = setToBoolean( spStdValues, WANT_ASSERTIONS_SIGNED); - spssoDescriptor.setWantAssertionsSigned(assertValue); + spssoDescriptor.getValue().setWantAssertionsSigned(assertValue); } samlManager.setEntityDescriptor(realm, entityDescriptor); @@ -1546,7 +1538,7 @@ public void setSPExtAttributeValues( SPSSOConfigElement spssoConfig = samlManager.getSPSSOConfig( realm,entityName); if (spssoConfig != null){ - updateBaseConfig(spssoConfig, spExtValues, role); + updateBaseConfig(spssoConfig.getValue(), spExtValues, role); } //saves the attributes by passing the new entityConfig object @@ -1611,12 +1603,12 @@ private void updateBaseConfig( for (Iterator it = attrList.iterator(); it.hasNext(); ) { AttributeElement avpnew = (AttributeElement)it.next(); - String name = avpnew.getName(); + String name = avpnew.getValue().getName(); if (values.keySet().contains(name)) { Set set = (Set)values.get(name); if (set != null) { - avpnew.getValue().clear(); - avpnew.getValue().addAll(set); + avpnew.getValue().getValue().clear(); + avpnew.getValue().getValue().addAll(set); } } } @@ -1682,10 +1674,10 @@ private void updateBaseConfig( for (Iterator it = attrList.iterator(); it.hasNext(); ) { AttributeElement avpnew = (AttributeElement)it.next(); - String name = avpnew.getName(); + String name = avpnew.getValue().getName(); if(name.equals(attributeName)){ - avpnew.getValue().clear(); - avpnew.getValue().addAll(list); + avpnew.getValue().getValue().clear(); + avpnew.getValue().getValue().addAll(list); } } @@ -1706,7 +1698,7 @@ private void saveNameIdFormat( (Set)values.get(NAMEID_FORMAT)); ssodescriptor.getNameIDFormat().clear(); for (int i=0; i> configList = + entityConfigElement.getValue(). getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); - + BaseConfigType baseConfigIDP = null; BaseConfigType baseConfigSP = null; - BaseConfigType baseConfigAuth = null; + BaseConfigType baseConfigAuth = null; AttributeAuthorityDescriptorElement attrauthDescriptor = samlManager.getAttributeAuthorityDescriptor(realm,entityName); AuthnAuthorityDescriptorElement authnauthDescriptor = @@ -1811,66 +1803,62 @@ private void createExtendedObject( realm, entityName); if (isDualRole(entityDescriptor)) { - baseConfigIDP = objFactory.createIDPSSOConfigElement(); - baseConfigSP = objFactory.createSPSSOConfigElement(); + baseConfigIDP = objFactory.createBaseConfigType(); + baseConfigSP = objFactory.createBaseConfigType(); baseConfigIDP = addAttributeType(extendedMetaIdpMap, baseConfigIDP); baseConfigSP = addAttributeType(extendedMetaSpMap, baseConfigSP); - configList.add(baseConfigIDP); - configList.add(baseConfigSP); + configList.add(objFactory.createIDPSSOConfigElement(baseConfigIDP)); + configList.add(objFactory.createSPSSOConfigElement(baseConfigSP)); }else if (role.equals(EntityModel.IDENTITY_PROVIDER) || (idpssoDesc != null)) { - baseConfigIDP = objFactory.createIDPSSOConfigElement(); + baseConfigIDP = objFactory.createBaseConfigType(); baseConfigIDP = addAttributeType(extendedMetaIdpMap, baseConfigIDP); - configList.add(baseConfigIDP); + configList.add(objFactory.createIDPSSOConfigElement(baseConfigIDP)); } else if (role.equals(EntityModel.SERVICE_PROVIDER) || (spssoDesc != null)) { - baseConfigSP = objFactory.createSPSSOConfigElement(); + baseConfigSP = objFactory.createBaseConfigType(); baseConfigSP = addAttributeType(extendedMetaSpMap, baseConfigSP); - configList.add(baseConfigSP); + configList.add(objFactory.createSPSSOConfigElement(baseConfigSP)); } if (role.equals(EntityModel.SAML_ATTRAUTHORITY) || (attrauthDescriptor != null)) { - baseConfigAuth = - objFactory.createAttributeAuthorityConfigElement(); + baseConfigAuth = objFactory.createBaseConfigType(); baseConfigAuth = addAttributeType(extAttrAuthMap, baseConfigAuth); - configList.add(baseConfigAuth); + configList.add(objFactory.createAttributeAuthorityConfigElement(baseConfigAuth)); } if (role.equals(EntityModel.SAML_AUTHNAUTHORITY) || (authnauthDescriptor != null)) { - baseConfigAuth = - objFactory.createAuthnAuthorityConfigElement(); + baseConfigAuth = objFactory.createBaseConfigType(); baseConfigAuth = addAttributeType(extAuthnAuthMap, baseConfigAuth); - configList.add(baseConfigAuth); + configList.add(objFactory.createAuthnAuthorityConfigElement(baseConfigAuth)); } if (role.equals(EntityModel.SAML_ATTRQUERY) || (attrQueryDescriptor != null)) { - baseConfigAuth = - objFactory.createAttributeQueryConfigElement(); + baseConfigAuth = objFactory.createBaseConfigType(); baseConfigAuth = addAttributeType(extattrQueryMap, baseConfigAuth); - configList.add(baseConfigAuth); + configList.add(objFactory.createAttributeQueryConfigElement(baseConfigAuth)); } if (role.equals(EntityModel.POLICY_DECISION_POINT_DESCRIPTOR) || (xacmlPDPDescriptor != null)) { - baseConfigAuth = - objFactory.createXACMLPDPConfigElement(); - baseConfigAuth = addAttributeType( - xacmlPDPExtendedMeta, baseConfigAuth); - configList.add(baseConfigAuth); + baseConfigAuth = objFactory.createBaseConfigType(); + + baseConfigAuth = addAttributeType(xacmlPDPExtendedMeta, baseConfigAuth); + configList.add(objFactory.createXACMLPDPConfigElement(baseConfigAuth)); } if (role.equals(EntityModel.POLICY_ENFORCEMENT_POINT_DESCRIPTOR) || (xacmlAuthzDescriptor != null)) { - baseConfigAuth = - objFactory.createXACMLAuthzDecisionQueryConfigElement(); + baseConfigAuth = objFactory.createBaseConfigType(); + baseConfigAuth = addAttributeType( xacmlPEPExtendedMeta, baseConfigAuth); - configList.add(baseConfigAuth); + configList.add(objFactory.createXACMLAuthzDecisionQueryConfigElement(baseConfigAuth)); } samlManager.setEntityConfig(realm, entityConfigElement); @@ -1881,10 +1869,10 @@ private BaseConfigType addAttributeType(Map values, BaseConfigType bctype) ObjectFactory objFactory = new ObjectFactory(); for (Iterator iter = values.keySet().iterator(); iter.hasNext(); ) { - AttributeType avp = objFactory.createAttributeElement(); + AttributeElement avp = objFactory.createAttributeElement(objFactory.createAttributeType()); String key = (String)iter.next(); - avp.setName(key); - avp.getValue().addAll(Collections.EMPTY_LIST); + avp.getValue().setName(key); + avp.getValue().getValue().addAll(Collections.EMPTY_LIST); bctype.getAttribute().add(avp); } return bctype; @@ -1937,8 +1925,8 @@ public Map getPEPDescriptor( //ProtocolSupportEnum data.put(ATTR_TXT_PROTOCOL_SUPPORT_ENUM, returnEmptySetIfValueIsNull( - xacmlAuthzDescriptor.getProtocolSupportEnumeration())); - if (xacmlAuthzDescriptor.isWantAssertionsSigned()) { + xacmlAuthzDescriptor.getValue().getProtocolSupportEnumeration())); + if (Boolean.TRUE.equals(xacmlAuthzDescriptor.getValue().isWantAssertionsSigned())) { data.put(ATTR_WANT_ASSERTION_SIGNED, "true"); } else { data.put(ATTR_WANT_ASSERTION_SIGNED, "false"); @@ -1984,18 +1972,18 @@ public Map getPDPDescriptor(String realm, String entityName) //ProtocolSupportEnum data.put(ATTR_TXT_PROTOCOL_SUPPORT_ENUM, returnEmptySetIfValueIsNull( - xacmlPDPDescriptor.getProtocolSupportEnumeration())); + xacmlPDPDescriptor.getValue().getProtocolSupportEnumeration())); List authzServiceList = - xacmlPDPDescriptor.getXACMLAuthzService(); + xacmlPDPDescriptor.getValue().getXACMLAuthzService(); if (authzServiceList.size() != 0) { XACMLAuthzServiceElement authzService = (XACMLAuthzServiceElement) authzServiceList.get(0); data.put(ATTR_XACML_AUTHZ_SERVICE_BINDING, returnEmptySetIfValueIsNull( - authzService.getBinding())); + authzService.getValue().getBinding())); data.put(ATTR_XACML_AUTHZ_SERVICE_LOCATION, returnEmptySetIfValueIsNull( - authzService.getLocation())); + authzService.getValue().getLocation())); } } logEvent("SUCCEED_GET_ENTITY_DESCRIPTOR_ATTR_VALUES", params); @@ -2039,11 +2027,11 @@ public Map getPEPConfig( if (xacmlAuthzConfigElement != null) { data = new HashMap(); - configList = xacmlAuthzConfigElement.getAttribute(); - metaAlias = xacmlAuthzConfigElement.getMetaAlias(); + configList = xacmlAuthzConfigElement.getValue().getAttribute(); + metaAlias = xacmlAuthzConfigElement.getValue().getMetaAlias(); int size = configList.size(); for (int i=0; i< size; i++) { - AttributeType atype = (AttributeType) configList.get(i); + AttributeType atype = ((AttributeElement) configList.get(i)).getValue(); String name = atype.getName(); java.util.List value = atype.getValue(); data.put(atype.getName(), @@ -2100,11 +2088,11 @@ public Map getPDPConfig( realm, entityName); if (xacmlPDPConfigElement != null) { data = new HashMap(); - configList = xacmlPDPConfigElement.getAttribute() ; - metaAlias = xacmlPDPConfigElement.getMetaAlias(); + configList = xacmlPDPConfigElement.getValue().getAttribute() ; + metaAlias = xacmlPDPConfigElement.getValue().getMetaAlias(); int size = configList.size(); for (int i=0; i< size; i++) { - AttributeType atype = (AttributeType) configList.get(i); + AttributeType atype = ((AttributeElement) configList.get(i)).getValue(); String name = atype.getName(); java.util.List value = atype.getValue(); data.put(atype.getName(), @@ -2160,11 +2148,11 @@ public void updatePDPDescriptor( entityName); if (pdpDescriptor != null) { - List authzServiceList = pdpDescriptor.getXACMLAuthzService(); + List authzServiceList = pdpDescriptor.getValue().getXACMLAuthzService(); if (authzServiceList.size() != 0) { XACMLAuthzServiceElement authzService = (XACMLAuthzServiceElement)authzServiceList.get(0); - authzService.setLocation((String)AMAdminUtils.getValue( + authzService.getValue().setLocation((String)AMAdminUtils.getValue( (Set)attrValues.get( ATTR_XACML_AUTHZ_SERVICE_LOCATION))); } @@ -2215,7 +2203,7 @@ public void updatePDPConfig( if (pdpEntityConfig == null) { throw new AMConsoleException("invalid.xacml.configuration"); } else { - updateBaseConfig(pdpEntityConfig, attrValues, role); + updateBaseConfig(pdpEntityConfig.getValue(), attrValues, role); } //saves the attributes by passing the new entityConfig object @@ -2287,7 +2275,7 @@ public void updatePEPConfig( if (pepEntityConfig == null) { throw new AMConsoleException("invalid.xacml.configuration"); } else { - updateBaseConfig(pepEntityConfig, attrValues, role); + updateBaseConfig(pepEntityConfig.getValue(), attrValues, role); } //saves the attributes by passing the new entityConfig object @@ -2328,8 +2316,10 @@ public SAMLv2AuthContexts getIDPAuthenticationContexts( SAML2MetaManager saml2MetaManager = getSAML2MetaManager(); Map map = new HashMap(); - BaseConfigType idpConfig= + IDPSSOConfigElement idpConfigElement = saml2MetaManager.getIDPSSOConfig(realm, entityName); + BaseConfigType idpConfig = (idpConfigElement != null) + ? idpConfigElement.getValue() : null; if (idpConfig != null){ map = SAML2MetaUtils.getAttributes(idpConfig) ; } else { @@ -2387,8 +2377,10 @@ public SAMLv2AuthContexts getSPAuthenticationContexts( SAML2MetaManager saml2MetaManager = getSAML2MetaManager(); Map map = new HashMap(); - BaseConfigType spConfig= + SPSSOConfigElement spConfigElement = saml2MetaManager.getSPSSOConfig(realm, entityName); + BaseConfigType spConfig = (spConfigElement != null) + ? spConfigElement.getValue() : null; if (spConfig != null){ map = SAML2MetaUtils.getAttributes(spConfig) ; } else { @@ -2456,7 +2448,7 @@ public void updateIDPAuthenticationContexts( throw new AMConsoleException("invalid.config.element"); } else { updateBaseConfig( - idpDecConfigElement, + idpDecConfigElement.getValue(), IDP_AUTHN_CONTEXT_CLASS_REF_MAPPING, list ); @@ -2512,7 +2504,7 @@ public void updateSPAuthenticationContexts( } else { // update sp entity config updateBaseConfig( - spDecConfigElement, + spDecConfigElement.getValue(), SP_AUTHN_CONTEXT_CLASS_REF_MAPPING, list ); @@ -2559,45 +2551,45 @@ public Map getStandardAttributeAuthorityAttributes( map.put(ATTR_SEFVICE_LOCATION, Collections.EMPTY_SET); if (attrauthDescriptor != null) { List artServiceList = - attrauthDescriptor.getAttributeService(); + attrauthDescriptor.getValue().getAttributeService(); for (int i = 0; i < artServiceList.size(); i++) { AttributeServiceElement key = (AttributeServiceElement)artServiceList.get(i); - if ((key.getLocation() != null) && - (key.isSupportsX509Query())) + if ((key.getValue().getLocation() != null) && + (Boolean.TRUE.equals(key.getValue().isSupportsX509Query()))) { map.put(SUPPORTS_X509, returnEmptySetIfValueIsNull( - key.isSupportsX509Query())); + Boolean.TRUE.equals(key.getValue().isSupportsX509Query()))); map.put(ATTR_SEFVICE_LOCATION, - returnEmptySetIfValueIsNull(key.getLocation())); + returnEmptySetIfValueIsNull(key.getValue().getLocation())); - } else if ((key.getLocation() != null) && - (key.getLocation().length()>0)) + } else if ((key.getValue().getLocation() != null) && + (key.getValue().getLocation().length()>0)) { map.put(ATTR_SEFVICE_DEFAULT_LOCATION, - returnEmptySetIfValueIsNull(key.getLocation())); + returnEmptySetIfValueIsNull(key.getValue().getLocation())); } } map.put(ASSERTION_ID_SAOP_LOC, Collections.EMPTY_SET); map.put(ASSERTION_ID_URI_LOC, Collections.EMPTY_SET); List assertionIDReqList = - attrauthDescriptor.getAssertionIDRequestService(); + attrauthDescriptor.getValue().getAssertionIDRequestService(); for (int i = 0; i < assertionIDReqList.size(); i++) { AssertionIDRequestServiceElement elem1 = (AssertionIDRequestServiceElement) assertionIDReqList.get(i); - if (elem1.getBinding().contains("SOAP")) { + if (elem1.getValue().getBinding().contains("SOAP")) { map.put(ASSERTION_ID_SAOP_LOC, - returnEmptySetIfValueIsNull(elem1.getLocation())); - } else if (elem1.getBinding().contains("URI")) { + returnEmptySetIfValueIsNull(elem1.getValue().getLocation())); + } else if (elem1.getValue().getBinding().contains("URI")) { map.put(ASSERTION_ID_URI_LOC, - returnEmptySetIfValueIsNull(elem1.getLocation())); + returnEmptySetIfValueIsNull(elem1.getValue().getLocation())); } } map.put(ATTRIBUTE_PROFILE, Collections.EMPTY_SET); List attrProfileList = - attrauthDescriptor.getAttributeProfile(); + attrauthDescriptor.getValue().getAttributeProfile(); if (!attrProfileList.isEmpty()) { String key = (String)attrProfileList.get(0); @@ -2643,7 +2635,7 @@ public Map getExtendedAttributeAuthorityAttributes( realm,entityName); if (attributeAuthorityConfig != null) { BaseConfigType baseConfig = - (BaseConfigType)attributeAuthorityConfig; + attributeAuthorityConfig.getValue(); map = SAML2MetaUtils.getAttributes(baseConfig); } logEvent("SUCCEED_GET_ATTR_AUTH_ATTR_VALUES", params); @@ -2684,28 +2676,28 @@ public Map getStandardAuthnAuthorityAttributes( if (authnauthDescriptor != null) { map.put(AUTHN_QUERY_SERVICE, Collections.EMPTY_SET); List authQueryServiceList = - authnauthDescriptor.getAuthnQueryService(); + authnauthDescriptor.getValue().getAuthnQueryService(); if (!authQueryServiceList.isEmpty()) { AuthnQueryServiceElement key = (AuthnQueryServiceElement)authQueryServiceList.get(0); map.put(AUTHN_QUERY_SERVICE, - returnEmptySetIfValueIsNull(key.getLocation())); + returnEmptySetIfValueIsNull(key.getValue().getLocation())); } map.put(ASSERTION_ID_SAOP_LOC, Collections.EMPTY_SET); map.put(ASSERTION_ID_URI_LOC, Collections.EMPTY_SET); List assertionIDReqList = - authnauthDescriptor.getAssertionIDRequestService(); + authnauthDescriptor.getValue().getAssertionIDRequestService(); for (int i = 0; i < assertionIDReqList.size(); i++) { AssertionIDRequestServiceElement elem1 = (AssertionIDRequestServiceElement) assertionIDReqList.get(i); - if (elem1.getBinding().contains("SOAP")) { + if (elem1.getValue().getBinding().contains("SOAP")) { map.put(ASSERTION_ID_SAOP_LOC, - returnEmptySetIfValueIsNull(elem1.getLocation())); - } else if (elem1.getBinding().contains("URI")) { + returnEmptySetIfValueIsNull(elem1.getValue().getLocation())); + } else if (elem1.getValue().getBinding().contains("URI")) { map.put(ASSERTION_ID_URI_LOC, - returnEmptySetIfValueIsNull(elem1.getLocation())); + returnEmptySetIfValueIsNull(elem1.getValue().getLocation())); } } } @@ -2747,7 +2739,7 @@ public Map getExtendedAuthnAuthorityAttributes( realm,entityName); if (authnAuthorityConfig != null) { BaseConfigType baseConfig = - (BaseConfigType)authnAuthorityConfig; + authnAuthorityConfig.getValue(); map = SAML2MetaUtils.getAttributes(baseConfig); } logEvent("SUCCEED_GET_AUTHN_AUTH_ATTR_VALUES", params); @@ -2785,8 +2777,8 @@ public Map getStandardAttrQueryAttributes( SAML2MetaManager samlManager = getSAML2MetaManager(); attrQueryDescriptor = samlManager.getAttributeQueryDescriptor(realm,entityName); - map.put(ATTR_NAMEID_FORMAT, (OrderedSet) convertListToSet( - attrQueryDescriptor.getNameIDFormat())); + map.put(ATTR_NAMEID_FORMAT, convertListToSet( + attrQueryDescriptor.getValue().getNameIDFormat())); logEvent("SUCCEED_GET_ATTR_QUERY_ATTR_VALUES", params); } catch (SAML2MetaException e) { @@ -2826,7 +2818,7 @@ public Map getExtendedAttrQueryAttributes( realm,entityName); if (attrQueryConfig != null) { BaseConfigType baseConfig = - (BaseConfigType)attrQueryConfig; + (BaseConfigType)attrQueryConfig.getValue(); map = SAML2MetaUtils.getAttributes(baseConfig); } logEvent("SUCCEED_GET_ATTR_QUERY_ATTR_VALUES", params); @@ -2877,26 +2869,26 @@ public void setStdAttributeAuthorityValues( attrAuthValues, ATTR_SEFVICE_LOCATION); AttributeServiceElement key1 = - objFact.createAttributeServiceElement(); + objFact.createAttributeServiceElement(objFact.createAttributeServiceType()); AttributeServiceElement key2 = - objFact.createAttributeServiceElement(); - key1.setBinding(soapBinding); - key1.setLocation(""); - key2.setBinding(soapBinding); - key2.setSupportsX509Query(false); - key2.setLocation(""); + objFact.createAttributeServiceElement(objFact.createAttributeServiceType()); + key1.getValue().setBinding(soapBinding); + key1.getValue().setLocation(""); + key2.getValue().setBinding(soapBinding); + key2.getValue().setSupportsX509Query(false); + key2.getValue().setLocation(""); if (defLocation != null && defLocation.length() > 0) { - key1.setLocation(defLocation); + key1.getValue().setLocation(defLocation); } if (x509Location != null && x509Location.length() > 0) { - key2.setLocation(x509Location); - key2.setSupportsX509Query(is509); + key2.getValue().setLocation(x509Location); + key2.getValue().setSupportsX509Query(is509); } - attrauthDescriptor.getAttributeService().clear(); - attrauthDescriptor.getAttributeService().add(key1); - attrauthDescriptor.getAttributeService().add(key2); + attrauthDescriptor.getValue().getAttributeService().clear(); + attrauthDescriptor.getValue().getAttributeService().add(key1); + attrauthDescriptor.getValue().getAttributeService().add(key2); //save assertion ID request @@ -2905,36 +2897,36 @@ public void setStdAttributeAuthorityValues( String uriLocation = getResult( attrAuthValues, ASSERTION_ID_URI_LOC); AssertionIDRequestServiceElement elem1 = - objFact.createAssertionIDRequestServiceElement(); + objFact.createAssertionIDRequestServiceElement(objFact.createEndpointType()); AssertionIDRequestServiceElement elem2 = - objFact.createAssertionIDRequestServiceElement(); + objFact.createAssertionIDRequestServiceElement(objFact.createEndpointType()); - elem1.setBinding(soapBinding); - elem2.setBinding(uriBinding); + elem1.getValue().setBinding(soapBinding); + elem2.getValue().setBinding(uriBinding); if (soapLocation != null) { - elem1.setLocation(soapLocation); + elem1.getValue().setLocation(soapLocation); } if (uriLocation != null) { - elem2.setLocation(uriLocation); + elem2.getValue().setLocation(uriLocation); } - attrauthDescriptor. + attrauthDescriptor.getValue(). getAssertionIDRequestService().clear(); - attrauthDescriptor. + attrauthDescriptor.getValue(). getAssertionIDRequestService().add(elem1); - attrauthDescriptor. + attrauthDescriptor.getValue(). getAssertionIDRequestService().add(elem2); //save attribute profile String attrProfile = getResult( attrAuthValues, ATTRIBUTE_PROFILE); List attrProfileList = - attrauthDescriptor.getAttributeProfile(); + attrauthDescriptor.getValue().getAttributeProfile(); if (!attrProfileList.isEmpty()) { - attrauthDescriptor.getAttributeProfile().clear(); + attrauthDescriptor.getValue().getAttributeProfile().clear(); } - attrauthDescriptor.getAttributeProfile(). + attrauthDescriptor.getValue().getAttributeProfile(). add(attrProfile); @@ -2951,13 +2943,6 @@ public void setStdAttributeAuthorityValues( logEvent("FEDERATION_EXCEPTION_MODIFY_ATTR_AUTH_ATTR_VALUES", paramsEx); throw new AMConsoleException(strError); - } catch (JAXBException e) { - debug.warning("SAMLv2ModelImpl.setStdAttributeAuthorityValues:", e); - String strError = getErrorString(e); - String[] paramsEx = - {realm, entityName, "SAMLv2", "AttribAuthority-Std", strError}; - logEvent("FEDERATION_EXCEPTION_MODIFY_ATTR_AUTH_ATTR_VALUES", - paramsEx); } } @@ -2994,7 +2979,7 @@ public void setExtAttributeAuthorityValues( samlManager.getAttributeAuthorityConfig( realm,entityName); if (attributeAuthorityConfig != null) { - updateBaseConfig(attributeAuthorityConfig, + updateBaseConfig(attributeAuthorityConfig.getValue(), attrAuthExtValues,role); } @@ -3054,15 +3039,15 @@ public void setStdAuthnAuthorityValues( authnAuthValues, AUTHN_QUERY_SERVICE); //save query service List authQueryServiceList = - authnauthDescriptor.getAuthnQueryService(); + authnauthDescriptor.getValue().getAuthnQueryService(); if (!authQueryServiceList.isEmpty()) { - authnauthDescriptor.getAuthnQueryService().clear(); + authnauthDescriptor.getValue().getAuthnQueryService().clear(); } AuthnQueryServiceElement key = - objFact.createAuthnQueryServiceElement(); - key.setBinding(soapBinding); - key.setLocation(queryService); - authnauthDescriptor.getAuthnQueryService().add(key); + objFact.createAuthnQueryServiceElement(objFact.createEndpointType()); + key.getValue().setBinding(soapBinding); + key.getValue().setLocation(queryService); + authnauthDescriptor.getValue().getAuthnQueryService().add(key); //save assertion ID request String soapLocation = getResult( @@ -3070,26 +3055,26 @@ public void setStdAuthnAuthorityValues( String uriLocation = getResult( authnAuthValues, ASSERTION_ID_URI_LOC); List assertionIDReqList = - authnauthDescriptor.getAssertionIDRequestService(); + authnauthDescriptor.getValue().getAssertionIDRequestService(); if (!assertionIDReqList.isEmpty()) { assertionIDReqList.clear(); } AssertionIDRequestServiceElement elem1 = - objFact.createAssertionIDRequestServiceElement(); - elem1.setBinding(soapBinding); + objFact.createAssertionIDRequestServiceElement(objFact.createEndpointType()); + elem1.getValue().setBinding(soapBinding); AssertionIDRequestServiceElement elem2 = - objFact.createAssertionIDRequestServiceElement(); - elem2.setBinding(uriBinding); + objFact.createAssertionIDRequestServiceElement(objFact.createEndpointType()); + elem2.getValue().setBinding(uriBinding); if (soapLocation != null) { - elem1.setLocation(soapLocation); + elem1.getValue().setLocation(soapLocation); } if (uriLocation != null) { - elem2.setLocation(uriLocation); + elem2.getValue().setLocation(uriLocation); } - authnauthDescriptor. + authnauthDescriptor.getValue(). getAssertionIDRequestService().add(elem1); - authnauthDescriptor. + authnauthDescriptor.getValue(). getAssertionIDRequestService().add(elem2); samlManager.setEntityDescriptor(realm, entityDescriptor); @@ -3104,13 +3089,6 @@ public void setStdAuthnAuthorityValues( logEvent("FEDERATION_EXCEPTION_MODIFY_AUTHN_AUTH_ATTR_VALUES", paramsEx); throw new AMConsoleException(strError); - } catch (JAXBException e) { - debug.warning("SAMLv2ModelImpl.setStdAttributeAuthorityValues:", e); - String strError = getErrorString(e); - String[] paramsEx = - {realm, entityName, "SAMLv2", "AttribAuthority-Std", strError}; - logEvent("FEDERATION_EXCEPTION_MODIFY_AUTHN_AUTH_ATTR_VALUES", - paramsEx); } } @@ -3149,7 +3127,7 @@ public void setExtauthnAuthValues( samlManager.getAuthnAuthorityConfig( realm,entityName); if (authnAuthorityConfig != null) { - updateBaseConfig(authnAuthorityConfig, + updateBaseConfig(authnAuthorityConfig.getValue(), authnAuthExtValues, role); } @@ -3206,16 +3184,16 @@ public void setStdAttributeQueryValues( //save nameid format List NameIdFormatList = - attrQueryDescriptor.getNameIDFormat(); + attrQueryDescriptor.getValue().getNameIDFormat(); if (!NameIdFormatList.isEmpty()) { - attrQueryDescriptor.getNameIDFormat().clear(); + attrQueryDescriptor.getValue().getNameIDFormat().clear(); } List listtoSave = convertSetToList( (Set)attrQueryValues.get(ATTR_NAMEID_FORMAT)); Iterator itt = listtoSave.listIterator(); while (itt.hasNext()) { String name =(String) itt.next(); - attrQueryDescriptor.getNameIDFormat().add(name); + attrQueryDescriptor.getValue().getNameIDFormat().add(name); } samlManager.setEntityDescriptor(realm, entityDescriptor); @@ -3269,7 +3247,7 @@ public void setExtAttributeQueryValues( samlManager.getAttributeQueryConfig( realm,entityName); if (attrQueryConfig != null) { - updateBaseConfig(attrQueryConfig, attrQueryExtValues, role); + updateBaseConfig(attrQueryConfig.getValue(), attrQueryExtValues, role); } //saves the attributes by passing the new entityConfig object @@ -3368,7 +3346,7 @@ public Map getExtendedAffiliationyAttributes( realm,entityName); if (atffilConfig != null) { BaseConfigType baseConfig = - (BaseConfigType)atffilConfig; + atffilConfig.getValue(); map = SAML2MetaUtils.getAttributes(baseConfig); Iterator it = map.entrySet().iterator(); while (it.hasNext()) { @@ -3494,10 +3472,10 @@ private void savehttpRedLogout ( ) throws JAXBException { if (lohttpLocation != null && lohttpLocation.length() > 0) { SingleLogoutServiceElement slsElemRed = - objFact.createSingleLogoutServiceElement(); - slsElemRed.setBinding(httpRedirectBinding); - slsElemRed.setLocation(lohttpLocation); - slsElemRed.setResponseLocation(lohttpRespLocation); + objFact.createSingleLogoutServiceElement(objFact.createEndpointType()); + slsElemRed.getValue().setBinding(httpRedirectBinding); + slsElemRed.getValue().setLocation(lohttpLocation); + slsElemRed.getValue().setResponseLocation(lohttpRespLocation); logList.add(slsElemRed); } } @@ -3519,10 +3497,10 @@ private void savepostLogout( ) throws JAXBException { if (postLocation != null && postLocation.length() > 0) { SingleLogoutServiceElement slsElemPost = - objFact.createSingleLogoutServiceElement(); - slsElemPost.setBinding(httpPostBinding); - slsElemPost.setLocation(postLocation); - slsElemPost.setResponseLocation(postRespLocation); + objFact.createSingleLogoutServiceElement(objFact.createEndpointType()); + slsElemPost.getValue().setBinding(httpPostBinding); + slsElemPost.getValue().setLocation(postLocation); + slsElemPost.getValue().setResponseLocation(postRespLocation); logList.add(slsElemPost); } } @@ -3542,9 +3520,9 @@ private void savesoapLogout( ) throws JAXBException { if (losoapLocation != null && losoapLocation.length() > 0) { SingleLogoutServiceElement slsElemSoap = - objFact.createSingleLogoutServiceElement(); - slsElemSoap.setBinding(soapBinding); - slsElemSoap.setLocation(losoapLocation); + objFact.createSingleLogoutServiceElement(objFact.createEndpointType()); + slsElemSoap.getValue().setBinding(soapBinding); + slsElemSoap.getValue().setLocation(losoapLocation); logList.add(slsElemSoap); } } @@ -3566,10 +3544,10 @@ private void savehttpRedMni ( ) throws JAXBException { if (mnihttpLocation != null && mnihttpLocation.length() > 0) { ManageNameIDServiceElement slsElemRed = - objFact.createManageNameIDServiceElement(); - slsElemRed.setBinding(httpRedirectBinding); - slsElemRed.setLocation(mnihttpLocation); - slsElemRed.setResponseLocation(mnihttpRespLocation); + objFact.createManageNameIDServiceElement(objFact.createEndpointType()); + slsElemRed.getValue().setBinding(httpRedirectBinding); + slsElemRed.getValue().setLocation(mnihttpLocation); + slsElemRed.getValue().setResponseLocation(mnihttpRespLocation); manageNameIdList.add(slsElemRed); } } @@ -3591,10 +3569,10 @@ private void savepostMni( ) throws JAXBException { if (mnipostLocation != null && mnipostLocation.length() > 0) { ManageNameIDServiceElement slsElemPost = - objFact.createManageNameIDServiceElement(); - slsElemPost.setBinding(httpPostBinding); - slsElemPost.setLocation(mnipostLocation); - slsElemPost.setResponseLocation(mnipostRespLocation); + objFact.createManageNameIDServiceElement(objFact.createEndpointType()); + slsElemPost.getValue().setBinding(httpPostBinding); + slsElemPost.getValue().setLocation(mnipostLocation); + slsElemPost.getValue().setResponseLocation(mnipostRespLocation); manageNameIdList.add(slsElemPost); } } @@ -3614,9 +3592,9 @@ private void savesoapMni( ) throws JAXBException { if (mnisoapLocation != null && mnisoapLocation.length() > 0) { ManageNameIDServiceElement slsElemSoap = - objFact.createManageNameIDServiceElement(); - slsElemSoap.setBinding(soapBinding); - slsElemSoap.setLocation(mnisoapLocation); + objFact.createManageNameIDServiceElement(objFact.createEndpointType()); + slsElemSoap.getValue().setBinding(soapBinding); + slsElemSoap.getValue().setLocation(mnisoapLocation); manageNameIdList.add(slsElemSoap); } } @@ -3638,10 +3616,10 @@ private void saveSPsoapMni( ) throws JAXBException { if (mnisoapLocation != null && mnisoapLocation.length() > 0) { ManageNameIDServiceElement slsElemSoap = - objFact.createManageNameIDServiceElement(); - slsElemSoap.setBinding(soapBinding); - slsElemSoap.setLocation(mnisoapLocation); - slsElemSoap.setResponseLocation(mnirespLoaction); + objFact.createManageNameIDServiceElement(objFact.createEndpointType()); + slsElemSoap.getValue().setBinding(soapBinding); + slsElemSoap.getValue().setLocation(mnisoapLocation); + slsElemSoap.getValue().setResponseLocation(mnirespLoaction); manageNameIdList.add(slsElemSoap); } } diff --git a/openam-console/src/main/java/com/sun/identity/console/federation/model/WSFedPropertiesModelImpl.java b/openam-console/src/main/java/com/sun/identity/console/federation/model/WSFedPropertiesModelImpl.java index 3286b8206f..3a065e895b 100644 --- a/openam-console/src/main/java/com/sun/identity/console/federation/model/WSFedPropertiesModelImpl.java +++ b/openam-console/src/main/java/com/sun/identity/console/federation/model/WSFedPropertiesModelImpl.java @@ -25,13 +25,14 @@ * $Id: WSFedPropertiesModelImpl.java,v 1.14 2009/11/10 01:19:50 exu Exp $ * * Portions copyright 2012-2016 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.console.federation.model; import com.sun.identity.console.base.model.AMConsoleException; +import com.sun.identity.wsfederation.jaxb.wsfederation.AttributeExtensibleURI; import com.sun.identity.wsfederation.meta.WSFederationMetaManager; import com.sun.identity.wsfederation.meta.WSFederationMetaException; import com.sun.identity.wsfederation.meta.WSFederationMetaUtils; @@ -50,7 +51,9 @@ import com.sun.identity.wsfederation.jaxb.wsfederation.TokenIssuerNameElement; import com.sun.identity.wsfederation.jaxb.entityconfig.ObjectFactory; import java.util.Set; -import javax.xml.bind.JAXBException; + +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.JAXBException; import jakarta.servlet.http.HttpServletRequest; import java.util.Collections; import java.util.HashMap; @@ -164,7 +167,7 @@ public Map getServiceProviderAttributes(String realm, String fedId) SPSSOConfigElement spconfig = metaManager.getSPSSOConfig(realm,fedId); if (spconfig != null) { - SPAttributes = WSFederationMetaUtils.getAttributes(spconfig); + SPAttributes = WSFederationMetaUtils.getAttributes(spconfig.getValue()); } } catch (WSFederationMetaException e) { debug.warning( @@ -192,7 +195,7 @@ public Map getIdentityProviderAttributes(String realm, String fedId) IDPSSOConfigElement idpconfig = metaManager.getIDPSSOConfig(realm,fedId); if (idpconfig != null) { - IDPAttributes = WSFederationMetaUtils.getAttributes(idpconfig); + IDPAttributes = WSFederationMetaUtils.getAttributes(idpconfig.getValue()); } } catch (WSFederationMetaException e) { debug.warning( @@ -286,7 +289,7 @@ public String getClaimType(FederationElement fedElem) { if(UriNamedclaimTypes != null) { int iClaim = 0; int arr = 0; - claimList = UriNamedclaimTypes.getClaimType(); + claimList = UriNamedclaimTypes.getValue().getClaimType(); for(iClaim = 0; iClaim < claimList.size(); iClaim += 1) { ClaimType claimType = (ClaimType)claimList.get(iClaim); displayName = claimType.getDisplayName().getValue(); @@ -375,15 +378,17 @@ public void setGenAttributeValues( } throw new AMConsoleException("invalid.federation.element"); } else { - for (Iterator iter = fedElem.getAny().iterator(); + for (Iterator iter = fedElem.getValue().getAny().iterator(); iter.hasNext(); ) { Object o = iter.next(); if (o instanceof TokenIssuerEndpointElement) { - ((TokenIssuerEndpointElement)o).getAddress(). + ((TokenIssuerEndpointElement)o).getValue().getAddress(). setValue(tknissEndPt); } else if (o instanceof TokenIssuerNameElement) { - ((TokenIssuerNameElement)o).setValue(tknissName); + AttributeExtensibleURI attr = new AttributeExtensibleURI(); + attr.setValue(tknissName); + ((TokenIssuerNameElement)o).setValue(attr); } } metaManager.setFederation(realm, fedElem); @@ -425,7 +430,7 @@ public void setSPExtAttributeValues( } SPSSOConfigElement spsso = getspsso(fed); if (spsso != null) { - BaseConfigType baseConfig = (BaseConfigType)spsso; + BaseConfigType baseConfig = spsso.getValue(); updateBaseConfig(baseConfig, spExtvalues, role); } //saves the attributes by passing the new fed object @@ -468,8 +473,8 @@ public void setIDPExtAttributeValues( } IDPSSOConfigElement idpsso = getidpsso(fed); if (idpsso != null){ - BaseConfigType baseConfig = (BaseConfigType)idpsso; - updateBaseConfig(idpsso, idpExtValues, role); + BaseConfigType baseConfig = idpsso.getValue(); + updateBaseConfig(idpsso.getValue(), idpExtValues, role); } //saves the new configuration by passing new fed element created @@ -519,7 +524,7 @@ public void setIDPSTDAttributeValues( if(UriNamedclaimTypes != null) { int iClaim = 0; - claimList = UriNamedclaimTypes.getClaimType(); + claimList = UriNamedclaimTypes.getValue().getClaimType(); for(iClaim = 0; iClaim < claimList.size(); iClaim += 1) { claimType = (ClaimType)claimList.get(iClaim); displayName = claimType.getDisplayName(); @@ -578,13 +583,13 @@ public void setIDPSTDAttributeValues( * @return the corresponding IDPSSOConfigType Object. */ private IDPSSOConfigElement getidpsso(FederationConfigElement fed) { - List listFed = fed.getIDPSSOConfigOrSPSSOConfig(); + List> listFed = fed.getValue().getIDPSSOConfigOrSPSSOConfig(); IDPSSOConfigElement idpsso = null; - Iterator i = listFed.iterator(); + Iterator> i = listFed.iterator(); //TBD -- one config will have only one instance of //IDPSSOConfigElement ????? while (i.hasNext()) { - BaseConfigType bc = (BaseConfigType) i.next(); + JAXBElement bc = i.next(); if (bc instanceof IDPSSOConfigElement) { idpsso = (IDPSSOConfigElement) bc; break; @@ -600,13 +605,13 @@ private IDPSSOConfigElement getidpsso(FederationConfigElement fed) { * @return the corresponding SPSSOConfigType Object. */ private SPSSOConfigElement getspsso(FederationConfigElement fed) { - List listFed = fed.getIDPSSOConfigOrSPSSOConfig(); + List> listFed = fed.getValue().getIDPSSOConfigOrSPSSOConfig(); SPSSOConfigElement spsso = null; - Iterator i = listFed.iterator(); + Iterator> i = listFed.iterator(); //TBD -- one config will have only one instance of //SPSSOConfigElement ????? while (i.hasNext()) { - BaseConfigType bc = (BaseConfigType) i.next(); + JAXBElement bc = i.next(); if (bc instanceof SPSSOConfigElement) { spsso = (SPSSOConfigElement) bc; break; @@ -639,12 +644,12 @@ private void updateBaseConfig( } for (Iterator it = attrList.iterator(); it.hasNext(); ) { AttributeElement avpnew = (AttributeElement)it.next(); - String name = avpnew.getName(); + String name = avpnew.getValue().getName(); if (values.keySet().contains(name)) { Set set = (Set)values.get(name); if (set != null) { - avpnew.getValue().clear(); - avpnew.getValue().addAll(set); + avpnew.getValue().getValue().clear(); + avpnew.getValue().getValue().addAll(set); } } } @@ -688,12 +693,12 @@ private void createExtendedObject( if (eConfig == null) { BaseConfigType bctype = null; FederationConfigElement ele = - objFactory.createFederationConfigElement(); - ele.setFederationID(fedId); + objFactory.createFederationConfigElement(objFactory.createFederationConfigType()); + ele.getValue().setFederationID(fedId); if (location.equals("remote")) { - ele.setHosted(false); + ele.getValue().setHosted(false); } - List ll = ele.getIDPSSOConfigOrSPSSOConfig(); + List> ll = ele.getValue().getIDPSSOConfigOrSPSSOConfig(); // Decide which role EntityDescriptorElement includes // Right now, it is either an SP or an IdP or dual role if (isDualRole(edes)) { @@ -701,27 +706,24 @@ private void createExtendedObject( //for dual role create both idp and sp config objects BaseConfigType bctype_idp = null; BaseConfigType bctype_sp = null; - bctype_idp = objFactory.createIDPSSOConfigElement(); + bctype_idp = objFactory.createBaseConfigType(); bctype_idp = createAttributeElement(keys, bctype_idp); - bctype_sp = objFactory.createSPSSOConfigElement(); + bctype_sp = objFactory.createBaseConfigType(); bctype_sp = createAttributeElement(keys, bctype_sp); - ll.add(bctype_idp); - ll.add(bctype_sp); + ll.add(objFactory.createIDPSSOConfigElement(bctype_idp)); + ll.add(objFactory.createSPSSOConfigElement(bctype_sp)); } else if (role.equals(IDENTITY_PROVIDER)) { - bctype = objFactory.createIDPSSOConfigElement(); + bctype = objFactory.createBaseConfigType(); //bctype.getAttribute().add(atype); bctype = createAttributeElement(keys, bctype); - ll.add(bctype); + ll.add(objFactory.createIDPSSOConfigElement(bctype)); } else if (role.equals(SERVICE_PROVIDER)) { - bctype = objFactory.createSPSSOConfigElement(); + bctype = objFactory.createBaseConfigType(); bctype = createAttributeElement(keys, bctype); - ll.add(bctype); + ll.add(objFactory.createSPSSOConfigElement(bctype)); } metaManager.setEntityConfig(realm,ele); } - } catch (JAXBException e) { - debug.warning("WSFedPropertiesModelImpl.createExtendedObject", e); - throw new AMConsoleException(getErrorString(e)); } catch (WSFederationMetaException e) { debug.warning("WSFedPropertiesModelImpl.createExtendedObject", e); throw new AMConsoleException(getErrorString(e)); @@ -739,19 +741,13 @@ private BaseConfigType createAttributeElement( Map values, BaseConfigType bconfig )throws AMConsoleException { - try { - ObjectFactory objFactory = new ObjectFactory(); - for (Iterator iter=values.keySet().iterator(); - iter.hasNext();) { - AttributeElement avp = objFactory.createAttributeElement(); - String key = (String)iter.next(); - avp.setName(key); - bconfig.getAttribute().add(avp); - } - } catch (JAXBException e) { - debug.warning - ("WSFedPropertiesModelImpl.createAttributeElement", e); - throw new AMConsoleException(e.getMessage()); + ObjectFactory objFactory = new ObjectFactory(); + for (Iterator iter=values.keySet().iterator(); + iter.hasNext();) { + AttributeElement avp = objFactory.createAttributeElement(objFactory.createAttributeType()); + String key = (String)iter.next(); + avp.getValue().setName(key); + bconfig.getAttribute().add(avp); } return bconfig; } @@ -767,7 +763,7 @@ private boolean isDualRole(FederationElement edes) { int cnt = 0; boolean dual = false; if (edes != null) { - for (Iterator iter = edes.getAny().iterator(); iter.hasNext(); ) { + for (Iterator iter = edes.getValue().getAny().iterator(); iter.hasNext(); ) { Object o = iter.next(); if (o instanceof TokenIssuerEndpointElement) { cnt++; diff --git a/openam-console/src/main/java/com/sun/identity/console/service/model/SMDiscoEntryData.java b/openam-console/src/main/java/com/sun/identity/console/service/model/SMDiscoEntryData.java index 8179bd8bdd..cc08a1d1c7 100644 --- a/openam-console/src/main/java/com/sun/identity/console/service/model/SMDiscoEntryData.java +++ b/openam-console/src/main/java/com/sun/identity/console/service/model/SMDiscoEntryData.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: SMDiscoEntryData.java,v 1.2 2008/06/25 05:49:46 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -37,6 +39,7 @@ import com.sun.identity.liberty.ws.disco.jaxb.DescriptionType; import com.sun.identity.liberty.ws.disco.jaxb.DirectiveType; import com.sun.identity.liberty.ws.disco.jaxb.EncryptResourceIDElement; +import com.sun.identity.liberty.ws.disco.jaxb.InsertEntryType; import com.sun.identity.liberty.ws.disco.jaxb.OptionsType; import com.sun.identity.liberty.ws.disco.jaxb.ResourceIDType; import com.sun.identity.liberty.ws.disco.jaxb.ResourceOfferingType; @@ -53,9 +56,10 @@ import java.util.HashSet; import java.util.Map; import java.util.Set; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Marshaller; +import jakarta.xml.bind.JAXBContext; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.JAXBException; +import jakarta.xml.bind.Marshaller; import javax.xml.namespace.QName; /* - NEED NOT LOG - */ @@ -136,8 +140,8 @@ public void setDiscoStr(boolean isUserView) res.setOptions(createOptionsEntry()); } - DiscoEntryElement de = entryFac.createDiscoEntryElement(); - de.setResourceOffering(res); + DiscoEntryElement de = entryFac.createDiscoEntryElement(new InsertEntryType()); + de.getValue().setResourceOffering(DiscoUtils.getDiscoFactory().createResourceOfferingElement(res)); createDirectivesEntry(de, descriptionTypeList); String str = convertDiscoEntryToXmlStr(de); @@ -208,32 +212,32 @@ private void createDirectivesEntry( if (dName.equals(DiscoConstants.AUTHN_DIRECTIVE)) { AuthenticateRequesterElement authenticateRequester = - discoFac.createAuthenticateRequesterElement(); + discoFac.createAuthenticateRequesterElement(discoFac.createDirectiveType()); createDirectiveEntry(de, authenticateRequester, idRefs, descriptionTypeList); } else if (dName.equals(DiscoConstants.ENCRYPT_DIRECTIVE)) { EncryptResourceIDElement encryptResourceId = - discoFac.createEncryptResourceIDElement(); + discoFac.createEncryptResourceIDElement(discoFac.createDirectiveType()); createDirectiveEntry(de, encryptResourceId, idRefs, descriptionTypeList); } else if (dName.equals(DiscoConstants.SESSION_DIRECTIVE)) { AuthenticateSessionContextElement authSessionCntx = - discoFac.createAuthenticateSessionContextElement(); + discoFac.createAuthenticateSessionContextElement(discoFac.createDirectiveType()); createDirectiveEntry(de, authSessionCntx, idRefs, descriptionTypeList); } else if (dName.equals(DiscoConstants.AUTHZ_DIRECTIVE)) { AuthorizeRequesterElement authorizeRequester = - discoFac.createAuthorizeRequesterElement(); + discoFac.createAuthorizeRequesterElement(discoFac.createDirectiveType()); createDirectiveEntry(de, authorizeRequester, idRefs, descriptionTypeList); } else if (dName.equals(DiscoConstants.BEARER_DIRECTIVE)) { GenerateBearerTokenElement bearer = - disco11Fac.createGenerateBearerTokenElement(); + disco11Fac.createGenerateBearerTokenElement(discoFac.createDirectiveType()); createDirectiveEntry(de, bearer, idRefs, descriptionTypeList); } else if (dName.equals(DiscoConstants.LOGOUT_DIRECTIVE)) { SendSingleLogOutElement logout = - disco11Fac.createSendSingleLogOutElement(); + disco11Fac.createSendSingleLogOutElement(discoFac.createDirectiveType()); createDirectiveEntry(de, logout, idRefs, descriptionTypeList); } @@ -243,10 +247,11 @@ private void createDirectivesEntry( private void createDirectiveEntry( DiscoEntryElement de, - DirectiveType dType, + JAXBElement directiveElement, List idRefs, List descriptionTypeList ) throws AMConsoleException { + DirectiveType dType = directiveElement.getValue(); if (idRefs != null && !idRefs.isEmpty()) { for (Iterator iter = idRefs.iterator(); iter.hasNext(); ) { String idRef = (String)iter.next(); @@ -261,7 +266,7 @@ private void createDirectiveEntry( } } - de.getAny().add(dType); + de.getValue().getAny().add(directiveElement); } private DescriptionType getDescriptionType(String id, List list) { diff --git a/openam-console/src/main/java/com/sun/identity/console/service/model/SMDiscoveryServiceData.java b/openam-console/src/main/java/com/sun/identity/console/service/model/SMDiscoveryServiceData.java index a0cc4af404..4a43311aa0 100644 --- a/openam-console/src/main/java/com/sun/identity/console/service/model/SMDiscoveryServiceData.java +++ b/openam-console/src/main/java/com/sun/identity/console/service/model/SMDiscoveryServiceData.java @@ -27,6 +27,7 @@ */ /** * Portions Copyrighted 2012 ForgeRock Inc + * Portions Copyrighted 2026 3A Systems LLC. */ package com.sun.identity.console.service.model; @@ -58,9 +59,9 @@ import java.util.List; import java.util.Map; import java.util.Set; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Unmarshaller; +import jakarta.xml.bind.JAXBContext; +import jakarta.xml.bind.JAXBException; +import jakarta.xml.bind.Unmarshaller; import org.xml.sax.InputSource; /* - NEED NOT LOG - */ @@ -329,7 +330,7 @@ private static void setDiscoEntryData( DiscoEntryElement entry, SMDiscoEntryData smDisco) { - ResourceOfferingType resOff = entry.getResourceOffering(); + ResourceOfferingType resOff = entry.getValue().getResourceOffering().getValue(); ResourceIDType resourceIdType = resOff.getResourceID(); ServiceInstanceType serviceInstance = resOff.getServiceInstance(); String providerID = serviceInstance.getProviderID(); @@ -401,7 +402,7 @@ public String getAbstractValue(String discoStr) { */ public static Map getDirectiveEntry(DiscoEntryElement entry) { Map map = Collections.EMPTY_MAP; - List directiveList = entry.getAny(); + List directiveList = entry.getValue().getAny(); if ((directiveList != null) && !directiveList.isEmpty()) { map = new HashMap(directiveList.size() *2); @@ -412,32 +413,32 @@ public static Map getDirectiveEntry(DiscoEntryElement entry) { if (obj instanceof AuthenticateRequesterElement) { AuthenticateRequesterElement dType = (AuthenticateRequesterElement)obj; - setDirectiveData(dType, map, + setDirectiveData(dType.getValue(), map, DiscoConstants.AUTHN_DIRECTIVE); } else if (obj instanceof EncryptResourceIDElement) { EncryptResourceIDElement dType = (EncryptResourceIDElement)obj; - setDirectiveData(dType, map, + setDirectiveData(dType.getValue(), map, DiscoConstants.ENCRYPT_DIRECTIVE); } else if (obj instanceof AuthenticateSessionContextElement) { AuthenticateSessionContextElement dType = (AuthenticateSessionContextElement)obj; - setDirectiveData(dType, map, + setDirectiveData(dType.getValue(), map, DiscoConstants.SESSION_DIRECTIVE); } else if (obj instanceof AuthorizeRequesterElement) { AuthorizeRequesterElement dType = (AuthorizeRequesterElement)obj; - setDirectiveData(dType, map, + setDirectiveData(dType.getValue(), map, DiscoConstants.AUTHZ_DIRECTIVE); } else if (obj instanceof GenerateBearerTokenElement) { GenerateBearerTokenElement dType = (GenerateBearerTokenElement)obj; - setDirectiveData(dType, map, + setDirectiveData(dType.getValue(), map, DiscoConstants.BEARER_DIRECTIVE); } else if (obj instanceof SendSingleLogOutElement) { SendSingleLogOutElement dType = (SendSingleLogOutElement)obj; - setDirectiveData(dType, map, + setDirectiveData(dType.getValue(), map, DiscoConstants.LOGOUT_DIRECTIVE); } else { debug.error("unsupported directive type"); diff --git a/openam-console/src/main/java/com/sun/identity/console/task/model/TaskModelImpl.java b/openam-console/src/main/java/com/sun/identity/console/task/model/TaskModelImpl.java index 0902727e69..068639d611 100644 --- a/openam-console/src/main/java/com/sun/identity/console/task/model/TaskModelImpl.java +++ b/openam-console/src/main/java/com/sun/identity/console/task/model/TaskModelImpl.java @@ -28,7 +28,7 @@ /* * Portions Copyrighted 2011-2013 ForgeRock Inc. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.console.task.model; @@ -221,7 +221,7 @@ private Set getEntities( String entityId = (String) i.next(); EntityConfigElement elm = mgr.getEntityConfig(realm, entityId); // elm could be null due to OPENAM-269 - if (elm != null && elm.isHosted() == hosted) { + if (elm != null && Boolean.TRUE.equals(elm.getValue().isHosted()) == hosted) { EntityDescriptorElement desc = mgr.getEntityDescriptor( realm, entityId); @@ -286,14 +286,14 @@ public Map getConfigureGoogleAppsURLs(String realm, String entityId) String signinPageURL = null; if (idpssoDescriptor != null) { - List signonList = idpssoDescriptor.getSingleSignOnService(); + List signonList = idpssoDescriptor.getValue().getSingleSignOnService(); for (int i = 0; i < signonList.size(); i++) { SingleSignOnServiceElement signElem = (SingleSignOnServiceElement) signonList.get(i); - String tmp = signElem.getBinding(); + String tmp = signElem.getValue().getBinding(); if (tmp.contains("HTTP-Redirect")) { - signinPageURL = signElem.getLocation(); + signinPageURL = signElem.getValue().getLocation(); map.put("SigninPageURL", returnEmptySetIfValueIsNull( signinPageURL)); @@ -325,7 +325,7 @@ public Map getConfigureGoogleAppsURLs(String realm, String entityId) Map extValueMap = new HashMap(); IDPSSOConfigElement idpssoConfig = samlManager.getIDPSSOConfig(realm, entityId); if (idpssoConfig != null) { - BaseConfigType baseConfig = (BaseConfigType) idpssoConfig; + BaseConfigType baseConfig = idpssoConfig.getValue(); extValueMap = SAML2MetaUtils.getAttributes(baseConfig); } List aList = (List) extValueMap.get("signingCertAlias"); @@ -366,7 +366,7 @@ public Map getConfigureSalesForceAppsURLs( IDPSSOConfigElement idpssoConfig = samlManager.getIDPSSOConfig(realm, entityId); if (idpssoConfig != null) { - BaseConfigType baseConfig = (BaseConfigType) idpssoConfig; + BaseConfigType baseConfig = idpssoConfig.getValue(); extValueMap = SAML2MetaUtils.getAttributes(baseConfig); } List aList = (List) extValueMap.get("signingCertAlias"); @@ -436,13 +436,13 @@ public void setAcsUrl( samlManager.getSPSSODescriptor(realm, entityId); if (spssoDescriptor != null) { List asconsServiceList = - spssoDescriptor.getAssertionConsumerService(); + spssoDescriptor.getValue().getAssertionConsumerService(); for (Iterator i = asconsServiceList.listIterator(); i.hasNext();) { AssertionConsumerServiceElement acsElem = (AssertionConsumerServiceElement) i.next(); - if (acsElem.getBinding().contains("HTTP-POST")) { - acsElem.setLocation(acsUrl); + if (acsElem.getValue().getBinding().contains("HTTP-POST")) { + acsElem.getValue().setLocation(acsUrl); } } diff --git a/openam-core/pom.xml b/openam-core/pom.xml index 059c613b3c..236bd9e3a8 100755 --- a/openam-core/pom.xml +++ b/openam-core/pom.xml @@ -455,18 +455,14 @@ openam-i18n - + - javax.xml.bind - jaxb-api + jakarta.xml.bind + jakarta.xml.bind-api - com.sun.xml.bind - jaxb-core - - - com.sun.xml.bind - jaxb-impl + org.glassfish.jaxb + jaxb-runtime org.testng diff --git a/openam-entitlements/src/main/java/com/sun/identity/entitlement/xacml3/XACMLPrivilegeUtils.java b/openam-entitlements/src/main/java/com/sun/identity/entitlement/xacml3/XACMLPrivilegeUtils.java index fc8dd33006..2774ef5f69 100755 --- a/openam-entitlements/src/main/java/com/sun/identity/entitlement/xacml3/XACMLPrivilegeUtils.java +++ b/openam-entitlements/src/main/java/com/sun/identity/entitlement/xacml3/XACMLPrivilegeUtils.java @@ -47,11 +47,11 @@ import java.util.Set; import java.util.TimeZone; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Marshaller; -import javax.xml.bind.Unmarshaller; +import jakarta.xml.bind.JAXBContext; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.JAXBException; +import jakarta.xml.bind.Marshaller; +import jakarta.xml.bind.Unmarshaller; import javax.xml.namespace.QName; import org.forgerock.util.annotations.VisibleForTesting; diff --git a/openam-entitlements/src/main/java/com/sun/identity/entitlement/xacml3/XACMLReaderWriter.java b/openam-entitlements/src/main/java/com/sun/identity/entitlement/xacml3/XACMLReaderWriter.java index 7d20616f86..a9fc45e802 100644 --- a/openam-entitlements/src/main/java/com/sun/identity/entitlement/xacml3/XACMLReaderWriter.java +++ b/openam-entitlements/src/main/java/com/sun/identity/entitlement/xacml3/XACMLReaderWriter.java @@ -27,7 +27,7 @@ import java.util.HashMap; import java.util.Map; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import org.forgerock.openam.entitlement.ResourceType; import org.json.JSONException; diff --git a/openam-entitlements/src/main/java/com/sun/identity/entitlement/xacml3/XACMLSchemaFactory.java b/openam-entitlements/src/main/java/com/sun/identity/entitlement/xacml3/XACMLSchemaFactory.java index 9e774b80fa..00ef69509e 100644 --- a/openam-entitlements/src/main/java/com/sun/identity/entitlement/xacml3/XACMLSchemaFactory.java +++ b/openam-entitlements/src/main/java/com/sun/identity/entitlement/xacml3/XACMLSchemaFactory.java @@ -12,6 +12,7 @@ * information: "Portions copyright [year] [name of copyright owner]". * * Copyright 2014 ForgeRock AS. + * Portions Copyrighted 2026 3A Systems LLC. */ package com.sun.identity.entitlement.xacml3; @@ -24,7 +25,7 @@ import com.sun.identity.entitlement.xacml3.core.EffectType; import com.sun.identity.entitlement.xacml3.core.ObjectFactory; -import javax.xml.bind.JAXBElement; +import jakarta.xml.bind.JAXBElement; import java.util.HashSet; import java.util.List; import java.util.Set; diff --git a/openam-entitlements/src/test/java/com/sun/identity/entitlement/xacml3/FactoryMethods.java b/openam-entitlements/src/test/java/com/sun/identity/entitlement/xacml3/FactoryMethods.java index 9456a3c913..0becc9c34d 100644 --- a/openam-entitlements/src/test/java/com/sun/identity/entitlement/xacml3/FactoryMethods.java +++ b/openam-entitlements/src/test/java/com/sun/identity/entitlement/xacml3/FactoryMethods.java @@ -12,6 +12,7 @@ * information: "Portions copyright [year] [name of copyright owner]". * * Copyright 2014 ForgeRock AS. + * Portions copyright 2026 3A Systems LLC. */ package com.sun.identity.entitlement.xacml3; @@ -32,7 +33,7 @@ import java.util.Map; import java.util.Set; import java.util.TimeZone; -import javax.xml.bind.JAXBElement; +import jakarta.xml.bind.JAXBElement; import org.forgerock.openam.entitlement.conditions.environment.SessionCondition; import static org.forgerock.openam.utils.CollectionUtils.asSet; import org.json.JSONException; diff --git a/openam-entitlements/src/test/java/com/sun/identity/entitlement/xacml3/XACMLPrivilegeUtilsTest.java b/openam-entitlements/src/test/java/com/sun/identity/entitlement/xacml3/XACMLPrivilegeUtilsTest.java index a2c568b68a..6f3ad87653 100644 --- a/openam-entitlements/src/test/java/com/sun/identity/entitlement/xacml3/XACMLPrivilegeUtilsTest.java +++ b/openam-entitlements/src/test/java/com/sun/identity/entitlement/xacml3/XACMLPrivilegeUtilsTest.java @@ -14,7 +14,7 @@ * Copyright 2014 Nomura Research Institute, Ltd. * * Portions Copyrighted 2014-2016 ForgeRock AS. - * Portions copyright 2025 3A Systems LLC. + * Portions copyright 2025-2026 3A Systems LLC. */ package com.sun.identity.entitlement.xacml3; @@ -28,7 +28,7 @@ import org.json.JSONException; import org.testng.annotations.Test; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import java.util.ArrayList; import java.util.List; import java.util.Set; diff --git a/openam-entitlements/src/test/java/com/sun/identity/entitlement/xacml3/XACMLSchemaFactoryTest.java b/openam-entitlements/src/test/java/com/sun/identity/entitlement/xacml3/XACMLSchemaFactoryTest.java index a9573de258..aa5d73b694 100644 --- a/openam-entitlements/src/test/java/com/sun/identity/entitlement/xacml3/XACMLSchemaFactoryTest.java +++ b/openam-entitlements/src/test/java/com/sun/identity/entitlement/xacml3/XACMLSchemaFactoryTest.java @@ -12,6 +12,7 @@ * information: "Portions copyright [year] [name of copyright owner]". * * Copyright 2014 ForgeRock AS. + * Portions copyright 2026 3A Systems LLC. */ package com.sun.identity.entitlement.xacml3; @@ -29,7 +30,7 @@ import org.testng.annotations.BeforeMethod; import org.testng.annotations.Test; -import javax.xml.bind.JAXBElement; +import jakarta.xml.bind.JAXBElement; import javax.xml.namespace.QName; import java.util.Arrays; import java.util.HashSet; diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/classloader/FAMClassLoader.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/classloader/FAMClassLoader.java index 1938724ca1..bd4e17d1e1 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/classloader/FAMClassLoader.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/classloader/FAMClassLoader.java @@ -28,7 +28,7 @@ /** * Portions Copyrighted 2013 ForgeRock AS - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.classloader; @@ -210,8 +210,7 @@ private static void setSystemProperties() { "com.sun.codemodel.", "com.sun.relaxng.", "com.sun.xml.xsom.", - "com.sun.xml.bind.", - "com.sun.xml.bind.v2.", + "org.glassfish.jaxb.", "com.sun.xml.messaging.", "com.sun.xml.ws.", "com.sun.xml.ws.addressing.", @@ -222,7 +221,7 @@ private static void setSystemProperties() { "com.sun.xml.wss.", "com.sun.xml.security.", "com.sun.xml.xwss.", - "javax.xml.bind.", + "jakarta.xml.bind.", "javax.xml.ws.", "javax.jws.", "javax.jws.soap.", @@ -250,8 +249,7 @@ private static void setSystemProperties() { "com.sun.codemodel.", "com.sun.relaxng.", "com.sun.xml.xsom.", - "com.sun.xml.bind.", - "com.sun.xml.bind.v2.", + "org.glassfish.jaxb.", "com.sun.xml.messaging.", "com.sun.xml.ws.", "com.sun.xml.ws.addressing.", @@ -262,7 +260,7 @@ private static void setSystemProperties() { "com.sun.xml.wss.", "com.sun.xml.security.", "com.sun.xml.xwss.", - "javax.xml.bind.", + "jakarta.xml.bind.", "javax.xml.ws.", "javax.jws.", "javax.jws.soap.", @@ -288,10 +286,10 @@ private static void setSystemProperties() { * classLoader from loading. */ public static String[] maskedResouces = new String[]{ - "META-INF/services/javax.xml.bind.JAXBContext", + "META-INF/services/jakarta.xml.bind.JAXBContext", "META-INF/services", "/META-INF/services", - "javax/xml/bind/", + "jakarta/xml/bind/", "com/sun/xml/ws/", "com/sun/xml/wss/", "com/sun/xml/bind/", diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/configuration/ConfigFedMonitoring.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/configuration/ConfigFedMonitoring.java index c86dd6fb46..6b441544f5 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/configuration/ConfigFedMonitoring.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/configuration/ConfigFedMonitoring.java @@ -25,6 +25,7 @@ * $Id: ConfigFedMonitoring.java,v 1.2 2009/10/29 00:03:51 exu Exp $ * * Portions Copyrighted 2011-2016 ForgeRock AS. + * Portions Copyrighted 2026 3A Systems LLC. */ package com.sun.identity.configuration; @@ -326,7 +327,7 @@ public List getWSFedRoles(String entity, String realm) { FederationElement fedElem = metaManager.getEntityDescriptor(realm, entity); if (fedElem != null) { - for (Iterator iter = fedElem.getAny().iterator(); + for (Iterator iter = fedElem.getValue().getAny().iterator(); iter.hasNext(); ) { Object o = iter.next(); diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/federation/plugins/FSDefaultSPAdapter.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/federation/plugins/FSDefaultSPAdapter.java index 51bd9095b8..86d8326f5c 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/federation/plugins/FSDefaultSPAdapter.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/federation/plugins/FSDefaultSPAdapter.java @@ -24,7 +24,7 @@ * * $Id: FSDefaultSPAdapter.java,v 1.6 2008/06/25 05:49:54 qcheng Exp $ * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.federation.plugins; @@ -297,7 +297,7 @@ public boolean postSSOFederationSuccess( metaManager.getSPDescriptorConfig( realm, hostedEntityID); if (spConfig != null) { - metaAlias = spConfig.getMetaAlias(); + metaAlias = spConfig.getValue().getMetaAlias(); } } } catch (IDFFMetaException ie) { diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/liberty/ws/disco/plugins/DiscoEntryHandlerImplUtils.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/liberty/ws/disco/plugins/DiscoEntryHandlerImplUtils.java index f9857d5bc9..a6b4e4d325 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/liberty/ws/disco/plugins/DiscoEntryHandlerImplUtils.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/liberty/ws/disco/plugins/DiscoEntryHandlerImplUtils.java @@ -27,6 +27,7 @@ */ /** * Portions Copyrighted 2012 ForgeRock Inc + * Portions Copyrighted 2026 3A Systems LLC */ package com.sun.identity.liberty.ws.disco.plugins; @@ -42,9 +43,7 @@ import java.util.Map; import java.util.Set; -import javax.xml.transform.stream.StreamSource; -import javax.xml.bind.JAXBException; - +import com.sun.identity.liberty.ws.disco.jaxb.QueryType; import com.sun.identity.shared.debug.Debug; import com.sun.identity.liberty.ws.disco.common.DiscoConstants; import com.sun.identity.liberty.ws.disco.common.DiscoServiceManager; @@ -57,14 +56,12 @@ import com.sun.identity.liberty.ws.disco.jaxb.RemoveEntryType; import com.sun.identity.liberty.ws.disco.jaxb.ResourceIDType; import com.sun.identity.liberty.ws.disco.jaxb.ResourceOfferingType; -import - com.sun.identity.liberty.ws.disco.jaxb.QueryType.RequestedServiceTypeType; +import com.sun.identity.liberty.ws.disco.jaxb.QueryType.RequestedServiceType; import com.sun.identity.liberty.ws.disco.jaxb11.GenerateBearerTokenElement; import com.sun.identity.liberty.ws.disco.plugins.jaxb.DiscoEntryElement; import com.sun.identity.plugin.datastore.DataStoreProvider; import com.sun.identity.saml.common.SAMLUtils; import com.sun.identity.idm.AMIdentity; -import com.sun.identity.liberty.ws.interfaces.ResourceIDMapper; import com.sun.identity.shared.xml.XMLUtils; import org.xml.sax.InputSource; @@ -89,12 +86,12 @@ public static boolean getUserDiscoEntries( DataStoreProvider store, String userID, String attrName, - Map discoEntries) + Map discoEntries) throws Exception { boolean needStore = false; - Set attr = store.getAttribute(userID, attrName); - Iterator i = attr.iterator(); + Set attr = store.getAttribute(userID, attrName); + Iterator i = attr.iterator(); DiscoEntryElement entry = null; String entryID = null; String entryStr = null; @@ -104,10 +101,10 @@ public static boolean getUserDiscoEntries( entry = (DiscoEntryElement) DiscoUtils.getDiscoUnmarshaller().unmarshal( XMLUtils.createSAXSource(new InputSource(new StringReader(entryStr)))); - entryID = entry.getResourceOffering().getEntryID(); + entryID = entry.getValue().getResourceOffering().getValue().getEntryID(); if ((entryID == null) || (entryID.length() == 0)) { entryID = SAMLUtils.generateID(); - entry.getResourceOffering().setEntryID(entryID); + entry.getValue().getResourceOffering().getValue().setEntryID(entryID); needStore = true; } discoEntries.put(entryID, entry); @@ -173,11 +170,11 @@ public static boolean setUserDiscoEntries( * @return Map of matching discovery entries. In this map, * key is entryId, value is DiscoEntryElement. */ - public static Map getQueryResults( - Map discoEntries, - List reqServiceTypes) + public static Map getQueryResults( + Map discoEntries, + List reqServiceTypes) { - Map results = null; + Map results = null; if ((reqServiceTypes == null) || (reqServiceTypes.size() == 0)) { if (debug.messageEnabled()) { debug.message("DiscoEntryHandlerImplUtils.getQueryResults: " @@ -185,30 +182,30 @@ public static Map getQueryResults( } results = discoEntries; } else { - results = new HashMap(); - Iterator i = discoEntries.keySet().iterator(); + results = new HashMap<>(); + Iterator i = discoEntries.keySet().iterator(); while (i.hasNext()) { - String curKey = (String) i.next(); + String curKey = i.next(); DiscoEntryElement cur = - (DiscoEntryElement) discoEntries.get(curKey); - ResourceOfferingType offering = cur.getResourceOffering(); + discoEntries.get(curKey); + ResourceOfferingType offering = cur.getValue().getResourceOffering().getValue(); String serviceType = offering.getServiceInstance().getServiceType(); - List options = null; + List options = null; if (offering.getOptions() != null) { options = offering.getOptions().getOption(); } - Iterator j = reqServiceTypes.iterator(); + Iterator j = reqServiceTypes.iterator(); while (j.hasNext()) { - RequestedServiceTypeType curReqType = - (RequestedServiceTypeType)j.next(); + RequestedServiceType curReqType = + j.next(); String requestedServiceType = curReqType.getServiceType(); if (!requestedServiceType.equals(serviceType)) { continue; } - List queryOptions = null; + List queryOptions = null; if (curReqType.getOptions() != null) { queryOptions = curReqType.getOptions().getOption(); } @@ -325,16 +322,9 @@ public static Map handleInserts(Set discoEntries, List inserts) { List newEntryIDs = new LinkedList(); while (i.hasNext()) { insertEntry = (InsertEntryType) i.next(); - try { - de = DiscoUtils.getDiscoEntryFactory(). - createDiscoEntryElement(); - } catch (JAXBException je) { - debug.error( - "DiscoEntryHandlerImplUtils.handleInserts: couldn't " - + "create DiscoEntry: ", je); - return insertResults; - } - resOff = insertEntry.getResourceOffering(); + de = DiscoUtils.getDiscoEntryFactory(). + createDiscoEntryElement(new InsertEntryType()); + resOff = insertEntry.getResourceOffering().getValue(); String newEntryID = SAMLUtils.generateID(); if (debug.messageEnabled()) { debug.message( @@ -342,7 +332,7 @@ public static Map handleInserts(Set discoEntries, List inserts) { } resOff.setEntryID(newEntryID); newEntryIDs.add(newEntryID); - de.setResourceOffering(resOff); + de.getValue().setResourceOffering(DiscoUtils.getDiscoFactory().createResourceOfferingElement(resOff)); List dirs = insertEntry.getAny(); if ((dirs != null) && !dirs.isEmpty()) { @@ -395,7 +385,7 @@ public static Map handleInserts(Set discoEntries, List inserts) { return insertResults; } } - de.getAny().addAll(dirs); + de.getValue().getAny().addAll(dirs); } if (!discoEntries.add(de)) { @@ -447,7 +437,7 @@ public static void getGlobalDiscoEntries(AMIdentity amIdentity, entry = (DiscoEntryElement) DiscoUtils.getDiscoUnmarshaller().unmarshal( XMLUtils.createSAXSource(new InputSource(new StringReader(entryStr)))); - resOff = entry.getResourceOffering(); + resOff = entry.getValue().getResourceOffering().getValue(); entryID = resOff.getEntryID(); if(entryID == null) { entryID = SAMLUtils.generateID(); @@ -463,7 +453,7 @@ public static void getGlobalDiscoEntries(AMIdentity amIdentity, resID.setValue(DiscoConstants.IMPLIED_RESOURCE); resOff.setResourceID(resID); } - entry.setResourceOffering(resOff); + entry.getValue().setResourceOffering(DiscoUtils.getDiscoFactory().createResourceOfferingElement(resOff)); discoEntries.put(entryID, entry); } catch (Exception e) { debug.error("DiscoEntryHandlerImplUtils.getServiceDiscoEntries:" diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/liberty/ws/disco/plugins/GlobalDiscoEntryHandler.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/liberty/ws/disco/plugins/GlobalDiscoEntryHandler.java index c67c38784c..12b34a6f04 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/liberty/ws/disco/plugins/GlobalDiscoEntryHandler.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/liberty/ws/disco/plugins/GlobalDiscoEntryHandler.java @@ -24,6 +24,8 @@ * * $Id: GlobalDiscoEntryHandler.java,v 1.2 2008/06/25 05:49:56 qcheng Exp $ * + * Portions Copyrighted 2026 3A Systems LLC. + * */ package com.sun.identity.liberty.ws.disco.plugins; @@ -36,15 +38,15 @@ import com.iplanet.sso.SSOToken; import com.iplanet.sso.SSOException; -import com.iplanet.am.util.SystemProperties; import com.sun.identity.idm.AMIdentity; import com.sun.identity.idm.AMIdentityRepository; import com.sun.identity.idm.IdRepoException; import com.sun.identity.liberty.ws.disco.common.DiscoConstants; import com.sun.identity.liberty.ws.disco.common.DiscoUtils; import com.sun.identity.liberty.ws.disco.DiscoveryException; +import com.sun.identity.liberty.ws.disco.jaxb.QueryType; +import com.sun.identity.liberty.ws.disco.plugins.jaxb.DiscoEntryElement; import com.sun.identity.security.AdminTokenAction; -import com.sun.identity.common.SystemConfigurationUtil; /* * The class GlobalDiscoEntryHandler provides an @@ -128,9 +130,9 @@ private static void registerDiscoveryService() * for this user. For each DiscoEntry element in the List, * the entryId attribute of ResourceOffering need to be set. */ - public Map getDiscoEntries(String userID, List reqServiceTypes) { + public Map getDiscoEntries(String userID, List reqServiceTypes) { DiscoUtils.debug.message("in GlobalDiscoEntryHandler.getDiscoEntries"); - Map results = new HashMap(); + Map results = new HashMap<>(); try { DiscoEntryHandlerImplUtils.getGlobalDiscoEntries( getRealmIdentity(), DYNAMIC_ATTR_NAME, results, userID); diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/liberty/ws/disco/plugins/UserDiscoEntryHandler.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/liberty/ws/disco/plugins/UserDiscoEntryHandler.java index 597f89b9e1..81101c2b6f 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/liberty/ws/disco/plugins/UserDiscoEntryHandler.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/liberty/ws/disco/plugins/UserDiscoEntryHandler.java @@ -24,6 +24,8 @@ * * $Id: UserDiscoEntryHandler.java,v 1.2 2008/06/25 05:49:56 qcheng Exp $ * + * Portions Copyrighted 2026 3A Systems LLC. + * */ package com.sun.identity.liberty.ws.disco.plugins; @@ -34,6 +36,8 @@ import java.util.Map; import java.util.Set; import com.sun.identity.liberty.ws.disco.common.DiscoConstants; +import com.sun.identity.liberty.ws.disco.jaxb.QueryType; +import com.sun.identity.liberty.ws.disco.plugins.jaxb.DiscoEntryElement; import com.sun.identity.plugin.datastore.DataStoreProvider; import com.sun.identity.plugin.datastore.DataStoreProviderManager; @@ -69,16 +73,16 @@ public UserDiscoEntryHandler() { * List, the entryId attribute of ResourceOffering need to * be set. */ - public Map getDiscoEntries(String userID, List reqServiceTypes) { + public Map getDiscoEntries(String userID, List reqServiceTypes) { DiscoEntryHandlerImplUtils.debug.message( "in UserDiscoEntryHandler.getDiscoEntries"); - Map results = new HashMap(); + Map results = new HashMap<>(); try { DataStoreProvider store = DataStoreProviderManager.getInstance(). getDataStoreProvider(DISCO); if (DiscoEntryHandlerImplUtils.getUserDiscoEntries( - store, userID, USER_ATTR_NAME,results)) + store, userID, USER_ATTR_NAME, results)) { // this is the case when the DiscoEntry is set through console // or amadmin, and entryID was not set diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/ConfigureGoogleApps.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/ConfigureGoogleApps.java index a1d2e4ff9c..b7c7d60784 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/ConfigureGoogleApps.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/ConfigureGoogleApps.java @@ -28,6 +28,7 @@ /** * Portions Copyrighted 2012 ForgeRock Inc + * Portions Copyrighted 2026 3A Systems LLC */ package com.sun.identity.workflow; @@ -46,7 +47,7 @@ import java.util.Locale; import java.util.Map; import java.util.StringTokenizer; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; /** ** Configure GoogleApps. @@ -90,20 +91,20 @@ private void updateIDPMeta(String realm, String entityId) samlManager.getEntityConfig(realm, entityId); IDPSSOConfigElement idpssoConfig = samlManager.getIDPSSOConfig(realm, entityId); - List attrList = idpssoConfig.getAttribute(); if (idpssoConfig != null) { + List attrList = idpssoConfig.getValue().getAttribute(); for (Iterator it = attrList.iterator(); it.hasNext();) { AttributeElement avpnew = (AttributeElement) it.next(); - String name = avpnew.getName(); + String name = avpnew.getValue().getName(); if (name.equals("nameIDFormatMap")) { - for (Iterator itt = avpnew.getValue().listIterator(); + for (Iterator itt = avpnew.getValue().getValue().listIterator(); itt.hasNext();) { String temp = (String) itt.next(); if (temp.contains("unspecified")) { itt.remove(); } } - avpnew.getValue().add(0, nameidMapping); + avpnew.getValue().getValue().add(0, nameidMapping); } } } @@ -132,7 +133,7 @@ private void updateSPMeta(String realm, String cot, String domainId) try { EntityDescriptorElement e = SAML2MetaUtils.getEntityDescriptorElement(metadata); - String eId = e.getEntityID(); + String eId = e.getValue().getEntityID(); String metaAlias = generateMetaAliasForSP(realm); Map map = new HashMap(); map.put(MetaTemplateParameters.P_SP, metaAlias); diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/ConfigureSalesForceApps.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/ConfigureSalesForceApps.java index a5e6c940eb..4a1c123d1c 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/ConfigureSalesForceApps.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/ConfigureSalesForceApps.java @@ -28,11 +28,13 @@ /** * Portions Copyrighted 2012-2013 ForgeRock Inc + * Portions Copyrighted 2026 3A Systems LLC */ package com.sun.identity.workflow; import com.sun.identity.cot.COTException; import com.sun.identity.saml2.common.SAML2Constants; +import com.sun.identity.saml2.jaxb.entityconfig.AttributeElement; import com.sun.identity.saml2.jaxb.entityconfig.AttributeType; import com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement; import com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory; @@ -46,7 +48,7 @@ import java.util.List; import java.util.Locale; import java.util.Map; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; /** ** Configure SalesForceApps. @@ -103,7 +105,7 @@ private void updateSPMeta(String entityId, String realm, String cot, List attrMa localMetadata = METADATA.replace(ENTITY_ID_PLACEHOLDER, entityId); EntityDescriptorElement e = SAML2MetaUtils.getEntityDescriptorElement(localMetadata); - String eId = e.getEntityID(); + String eId = e.getValue().getEntityID(); String metaAlias = generateMetaAliasForSP(realm); Map map = new HashMap(); map.put(MetaTemplateParameters.P_SP, metaAlias); @@ -136,18 +138,16 @@ private void updateSPMeta(String entityId, String realm, String cot, List attrMa if (ssoConfig != null) { ObjectFactory objFactory = new ObjectFactory(); - AttributeType avp = objFactory.createAttributeElement(); + AttributeElement avp = objFactory.createAttributeElement(objFactory.createAttributeType()); String key = SAML2Constants.ATTRIBUTE_MAP; - avp.setName(key); - avp.getValue().addAll(attrMapping); - ssoConfig.getAttribute().add(avp); + avp.getValue().setName(key); + avp.getValue().getValue().addAll(attrMapping); + ssoConfig.getValue().getAttribute().add(avp); } manager.setEntityConfig(realm, config); } } catch (SAML2MetaException e) { throw new WorkflowException(e.getMessage()); - } catch (JAXBException e) { - throw new WorkflowException(e.getMessage()); } } diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/CreateHostedIDP.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/CreateHostedIDP.java index 60ffae231c..93042f9a45 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/CreateHostedIDP.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/CreateHostedIDP.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: CreateHostedIDP.java,v 1.9 2008/06/25 05:50:01 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC * */ @@ -114,7 +116,7 @@ public String execute(Locale locale, Map params) IDPSSOConfigElement ssoConfig = manager.getIDPSSOConfig(realm, entityId); - Map attribConfig = SAML2MetaUtils.getAttributes(ssoConfig); + Map attribConfig = SAML2MetaUtils.getAttributes(ssoConfig.getValue()); List mappedAttributes = (List)attribConfig.get( SAML2Constants.ATTRIBUTE_MAP); mappedAttributes.addAll(attrMapping); diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/CreateHostedSP.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/CreateHostedSP.java index 529235d8a0..e02b5f5176 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/CreateHostedSP.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/CreateHostedSP.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: CreateHostedSP.java,v 1.9 2010/01/04 19:10:50 veiming Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC * */ @@ -122,7 +124,7 @@ public String execute(Locale locale, Map params) realm, entityId); SPSSOConfigElement ssoConfig = manager.getSPSSOConfig( realm, entityId); - Map attribConfig = SAML2MetaUtils.getAttributes(ssoConfig); + Map attribConfig = SAML2MetaUtils.getAttributes(ssoConfig.getValue()); List mappedAttributes = (List) attribConfig.get( SAML2Constants.ATTRIBUTE_MAP); mappedAttributes.addAll(attrMapping); diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/CreateRemoteSP.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/CreateRemoteSP.java index 33c5852e32..fbf7ce9fc8 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/CreateRemoteSP.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/CreateRemoteSP.java @@ -28,11 +28,13 @@ /* * Portions Copyrighted 2012 ForgeRock Inc + * Portions Copyrighted 2026 3A Systems LLC */ package com.sun.identity.workflow; import com.sun.identity.cot.COTException; import com.sun.identity.saml2.common.SAML2Constants; +import com.sun.identity.saml2.jaxb.entityconfig.AttributeElement; import com.sun.identity.saml2.jaxb.entityconfig.AttributeType; import com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement; import com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory; @@ -44,7 +46,7 @@ import java.util.List; import java.util.Locale; import java.util.Map; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; /** * Creates Remote Service Provider. @@ -75,7 +77,7 @@ public String execute(Locale locale, Map params) try { EntityDescriptorElement e = SAML2MetaUtils.getEntityDescriptorElement(metadata); - String eId = e.getEntityID(); + String eId = e.getValue().getEntityID(); extendedMeta = createExtendedDataTemplate( eId, false); @@ -108,18 +110,16 @@ public String execute(Locale locale, Map params) if (ssoConfig != null) { ObjectFactory objFactory = new ObjectFactory(); - AttributeType avp = objFactory.createAttributeElement(); + AttributeElement avp = objFactory.createAttributeElement(objFactory.createAttributeType()); String key = SAML2Constants.ATTRIBUTE_MAP; - avp.setName(key); - avp.getValue().addAll(attrMapping); - ssoConfig.getAttribute().add(avp); + avp.getValue().setName(key); + avp.getValue().getValue().addAll(attrMapping); + ssoConfig.getValue().getAttribute().add(avp); } manager.setEntityConfig(realm, config); } } catch (SAML2MetaException e) { throw new WorkflowException(e.getMessage()); - } catch (JAXBException e) { - throw new WorkflowException(e.getMessage()); } return getMessage("sp.configured", locale); diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/CreateWSFedMetaDataTemplate.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/CreateWSFedMetaDataTemplate.java index 392d810e9c..2c66b4e2ca 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/CreateWSFedMetaDataTemplate.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/CreateWSFedMetaDataTemplate.java @@ -25,6 +25,7 @@ * $Id: CreateWSFedMetaDataTemplate.java,v 1.9 2009/12/14 23:42:49 mallas Exp $ * * Portions Copyrighted 2016 ForgeRock AS. + * Portions Copyrighted 2026 3A Systems LLC */ package com.sun.identity.workflow; @@ -35,7 +36,9 @@ import com.sun.identity.saml2.key.KeyUtil; import com.sun.identity.saml2.meta.SAML2MetaManager; import com.sun.identity.wsfederation.common.WSFederationConstants; +import com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType; import com.sun.identity.wsfederation.jaxb.entityconfig.FederationConfigElement; +import com.sun.identity.wsfederation.jaxb.wsaddr.EndpointReferenceType; import com.sun.identity.wsfederation.jaxb.wsfederation.ClaimType; import com.sun.identity.wsfederation.jaxb.wsfederation.DisplayNameType; import com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement; @@ -46,13 +49,14 @@ import com.sun.identity.wsfederation.jaxb.wsfederation.TokenType; import com.sun.identity.wsfederation.jaxb.wsfederation.TokenTypesOfferedElement; import com.sun.identity.wsfederation.jaxb.wsfederation.UriNamedClaimTypesOfferedElement; +import com.sun.identity.wsfederation.jaxb.wsse.SecurityTokenReferenceType; import com.sun.identity.wsfederation.meta.WSFederationMetaUtils; import java.io.StringWriter; import java.security.cert.CertificateEncodingException; import java.util.Map; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Marshaller; +import jakarta.xml.bind.JAXBContext; +import jakarta.xml.bind.JAXBException; +import jakarta.xml.bind.Marshaller; import com.sun.identity.wsfederation.jaxb.wsse.SecurityTokenReferenceElement; import com.sun.identity.wsfederation.jaxb.xmlsig.X509DataElement; import com.sun.identity.wsfederation.jaxb.xmlsig.X509DataType.X509Certificate; @@ -76,8 +80,8 @@ public static String createStandardMetaTemplate( objFactory = new com.sun.identity.wsfederation.jaxb.wsfederation.ObjectFactory(); - FederationElement fed = objFactory.createFederationElement(); - fed.setFederationID(entityId); + FederationElement fed = objFactory.createFederationElement(objFactory.createFederationType()); + fed.getValue().setFederationID(entityId); String idpAlias = (String)mapParams.get(MetaTemplateParameters.P_IDP); if (idpAlias != null) { @@ -124,42 +128,42 @@ private static void addWSFedIdentityProviderTemplate( com.sun.identity.wsfederation.jaxb.xmlsig.ObjectFactory(); TokenSigningKeyInfoElement tski = - objFactory.createTokenSigningKeyInfoElement(); + objFactory.createTokenSigningKeyInfoElement(objFactory.createTokenKeyInfoType()); SecurityTokenReferenceElement str = - secextObjFactory.createSecurityTokenReferenceElement(); - X509DataElement x509Data = dsObjectFactory.createX509DataElement(); + secextObjFactory.createSecurityTokenReferenceElement(secextObjFactory.createSecurityTokenReferenceType()); + X509DataElement x509Data = dsObjectFactory.createX509DataElement(dsObjectFactory.createX509DataType()); X509Certificate x509Cert = - dsObjectFactory.createX509DataTypeX509Certificate(); + dsObjectFactory.createX509DataTypeX509Certificate(new byte[]{}); x509Cert.setValue( KeyUtil.getKeyProviderInstance().getX509Certificate(idpSCertAlias).getEncoded()); - x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(x509Cert); - str.getAny().add(x509Data); - tski.setSecurityTokenReference(str); - fed.getAny().add(tski); + x509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().add(x509Cert); + str.getValue().getAny().add(x509Data); + tski.getValue().setSecurityTokenReference(str); + fed.getValue().getAny().add(tski); } - TokenIssuerNameElement tin = objFactory.createTokenIssuerNameElement(); - tin.setValue(entityId); - fed.getAny().add(tin); + TokenIssuerNameElement tin = objFactory.createTokenIssuerNameElement(objFactory.createAttributeExtensibleURI()); + tin.getValue().setValue(entityId); + fed.getValue().getAny().add(tin); TokenIssuerEndpointElement tie = - objFactory.createTokenIssuerEndpointElement(); + objFactory.createTokenIssuerEndpointElement(new EndpointReferenceType()); com.sun.identity.wsfederation.jaxb.wsaddr.ObjectFactory addrObjFactory = new com.sun.identity.wsfederation.jaxb.wsaddr.ObjectFactory(); AttributedURIType auri = addrObjFactory.createAttributedURIType(); auri.setValue(url + "/WSFederationServlet" + maStr); - tie.setAddress(auri); - fed.getAny().add(tie); + tie.getValue().setAddress(auri); + fed.getValue().getAny().add(tie); TokenTypesOfferedElement tto = - objFactory.createTokenTypesOfferedElement(); + objFactory.createTokenTypesOfferedElement(objFactory.createTokenTypesOfferedType()); TokenType tt = objFactory.createTokenType(); tt.setUri(WSFederationConstants.URN_OASIS_NAMES_TC_SAML_11); - tto.getTokenType().add(tt); - fed.getAny().add(tto); + tto.getValue().getTokenType().add(tt); + fed.getValue().getAny().add(tto); UriNamedClaimTypesOfferedElement uncto = - objFactory.createUriNamedClaimTypesOfferedElement(); + objFactory.createUriNamedClaimTypesOfferedElement(objFactory.createUriNamedClaimTypesOfferedType()); ClaimType ct = objFactory.createClaimType(); ct.setUri(WSFederationConstants.NAMED_CLAIM_TYPES[ WSFederationConstants.NAMED_CLAIM_UPN]); @@ -167,8 +171,8 @@ private static void addWSFedIdentityProviderTemplate( dnt.setValue(WSFederationConstants.NAMED_CLAIM_DISPLAY_NAMES[ WSFederationConstants.NAMED_CLAIM_UPN]); ct.setDisplayName(dnt); - uncto.getClaimType().add(ct); - fed.getAny().add(uncto); + uncto.getValue().getClaimType().add(ct); + fed.getValue().getAny().add(uncto); } private static void addWSFedServiceProviderTemplate( @@ -185,25 +189,25 @@ private static void addWSFedServiceProviderTemplate( String spAlias = (String)mapParams.get(MetaTemplateParameters.P_SP); String maStr = buildMetaAliasInURI(spAlias); - TokenIssuerNameElement tin = objFactory.createTokenIssuerNameElement(); - tin.setValue(entityId); - fed.getAny().add(tin); + TokenIssuerNameElement tin = objFactory.createTokenIssuerNameElement(objFactory.createAttributeExtensibleURI()); + tin.getValue().setValue(entityId); + fed.getValue().getAny().add(tin); TokenIssuerEndpointElement tie = - objFactory.createTokenIssuerEndpointElement(); + objFactory.createTokenIssuerEndpointElement(new EndpointReferenceType()); com.sun.identity.wsfederation.jaxb.wsaddr.ObjectFactory addrObjFactory = new com.sun.identity.wsfederation.jaxb.wsaddr.ObjectFactory(); AttributedURIType auri = addrObjFactory.createAttributedURIType(); auri.setValue(url + "/WSFederationServlet" + maStr); - tie.setAddress(auri); - fed.getAny().add(tie); + tie.getValue().setAddress(auri); + fed.getValue().getAny().add(tie); SingleSignOutNotificationEndpointElement ssne = - objFactory.createSingleSignOutNotificationEndpointElement(); + objFactory.createSingleSignOutNotificationEndpointElement(new EndpointReferenceType()); AttributedURIType ssneUri = addrObjFactory.createAttributedURIType(); ssneUri.setValue(url + "/WSFederationServlet" + maStr); - ssne.setAddress(auri); - fed.getAny().add(ssne); + ssne.getValue().setAddress(ssneUri); + fed.getValue().getAny().add(ssne); } public static String createExtendedMetaTemplate( @@ -215,10 +219,10 @@ public static String createExtendedMetaTemplate( objFactory = new com.sun.identity.wsfederation.jaxb.entityconfig.ObjectFactory(); FederationConfigElement fedConfig = - objFactory.createFederationConfigElement(); + objFactory.createFederationConfigElement(objFactory.createFederationConfigType()); - fedConfig.setFederationID(entityId); - fedConfig.setHosted(true); + fedConfig.getValue().setFederationID(entityId); + fedConfig.getValue().setHosted(true); String idpAlias = (String)mapParams.get(MetaTemplateParameters.P_IDP); if (idpAlias != null) { @@ -271,23 +275,23 @@ private static void buildWSFedIDPConfigTemplate( }; com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement - idpSSOConfig = objFactory.createIDPSSOConfigElement(); + idpSSOConfig = objFactory.createIDPSSOConfigElement(objFactory.createBaseConfigType()); - idpSSOConfig.setMetaAlias(idpAlias); + idpSSOConfig.getValue().setMetaAlias(idpAlias); for ( int i = 0; i < configDefaults.length; i++ ) { com.sun.identity.wsfederation.jaxb.entityconfig.AttributeElement - attribute = objFactory.createAttributeElement(); - attribute.setName(configDefaults[i][0]); + attribute = objFactory.createAttributeElement(objFactory.createAttributeType()); + attribute.getValue().setName(configDefaults[i][0]); if (configDefaults[i][1] != null) { - attribute.getValue().add(configDefaults[i][1]); + attribute.getValue().getValue().add(configDefaults[i][1]); } - idpSSOConfig.getAttribute().add(attribute); + idpSSOConfig.getValue().getAttribute().add(attribute); } - fedConfig.getIDPSSOConfigOrSPSSOConfig().add(idpSSOConfig); + fedConfig.getValue().getIDPSSOConfigOrSPSSOConfig().add(idpSSOConfig); } private static void buildWSFedSPConfigTemplate( @@ -333,23 +337,23 @@ private static void buildWSFedSPConfigTemplate( }; com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement - spSSOConfig = objFactory.createSPSSOConfigElement(); + spSSOConfig = objFactory.createSPSSOConfigElement(objFactory.createBaseConfigType()); - spSSOConfig.setMetaAlias(spAlias); + spSSOConfig.getValue().setMetaAlias(spAlias); for ( int i = 0; i < configDefaults.length; i++ ) { com.sun.identity.wsfederation.jaxb.entityconfig.AttributeElement - attribute = objFactory.createAttributeElement(); - attribute.setName(configDefaults[i][0]); + attribute = objFactory.createAttributeElement(objFactory.createAttributeType()); + attribute.getValue().setName(configDefaults[i][0]); if (configDefaults[i][1] != null) { - attribute.getValue().add(configDefaults[i][1]); + attribute.getValue().getValue().add(configDefaults[i][1]); } - spSSOConfig.getAttribute().add(attribute); + spSSOConfig.getValue().getAttribute().add(attribute); } - fedConfig.getIDPSSOConfigOrSPSSOConfig().add(spSSOConfig); + fedConfig.getValue().getIDPSSOConfigOrSPSSOConfig().add(spSSOConfig); } private static String getHostURL() { diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/ExportSAML2MetaData.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/ExportSAML2MetaData.java index 79d6bec1dd..306e0fb85b 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/ExportSAML2MetaData.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/ExportSAML2MetaData.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: ExportSAML2MetaData.java,v 1.4 2009/09/21 17:27:04 exu Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC * */ @@ -35,7 +37,7 @@ import com.sun.identity.saml2.meta.SAML2MetaUtils; import java.io.ByteArrayOutputStream; import java.io.OutputStream; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; /** * Export SAML2 Metadata. diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/GetCircleOfTrusts.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/GetCircleOfTrusts.java index bf23ad3598..1a23d1cdaf 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/GetCircleOfTrusts.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/GetCircleOfTrusts.java @@ -28,6 +28,7 @@ /* * Portions Copyrighted 2014 ForgeRock AS. * Portions Copyrighted 2014 Nomura Research Institute, Ltd. + * Portions Copyrighted 2026 3A Systems LLC */ package com.sun.identity.workflow; @@ -36,6 +37,7 @@ import com.sun.identity.cot.COTException; import com.sun.identity.saml2.meta.SAML2MetaUtils; import com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType; +import jakarta.xml.bind.JAXBElement; import com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement; import java.io.UnsupportedEncodingException; import java.util.Iterator; @@ -43,7 +45,7 @@ import java.util.Locale; import java.util.Map; import java.util.Set; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import org.forgerock.openam.utils.StringUtils; @@ -111,12 +113,12 @@ private String getRealmFromExtData(String xml) EntityConfigElement configElt = (obj instanceof EntityConfigElement) ? (EntityConfigElement)obj : null; - if (configElt != null && configElt.isHosted()) { - List config = - configElt.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); + if (configElt != null && Boolean.TRUE.equals(configElt.getValue().isHosted())) { + List> config = + configElt.getValue().getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); if (!config.isEmpty()) { - BaseConfigType bConfig = (BaseConfigType) - config.iterator().next(); + BaseConfigType bConfig = + config.iterator().next().getValue(); realm = SAML2MetaUtils.getRealmByMetaAlias( bConfig.getMetaAlias()); } diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/GetHostedIDPs.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/GetHostedIDPs.java index 807a387048..c11e21efad 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/GetHostedIDPs.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/GetHostedIDPs.java @@ -28,6 +28,7 @@ /* * Portions Copyrighted 2011 ForgeRock AS + * Portions Copyrighted 2026 3A Systems LLC */ package com.sun.identity.workflow; @@ -68,7 +69,7 @@ public String execute(Locale locale, Map params) String entityId = (String) i.next(); EntityConfigElement elm = mgr.getEntityConfig(realm, entityId); // elm could be null due to OPENAM-269 - if (elm != null && elm.isHosted()) { + if (elm != null && Boolean.TRUE.equals(elm.getValue().isHosted())) { EntityDescriptorElement desc = mgr.getEntityDescriptor( realm, entityId); if (SAML2MetaUtils.getIDPSSODescriptor(desc) != null) { diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/GetIDPSPPairingInCOT.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/GetIDPSPPairingInCOT.java index 6e2f101297..149eabe77a 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/GetIDPSPPairingInCOT.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/GetIDPSPPairingInCOT.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: GetIDPSPPairingInCOT.java,v 1.3 2009/01/09 17:42:55 veiming Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC * */ @@ -99,7 +101,7 @@ private List getHostedIDPMetaAlias(String realm, List hostedIDP) for (Iterator i = hostedIDP.iterator(); i.hasNext();) { String e = (String) i.next(); IDPSSOConfigElement cfg = mgr.getIDPSSOConfig(realm, e); - list.add(e + "(" + cfg.getMetaAlias() + ")"); + list.add(e + "(" + cfg.getValue().getMetaAlias() + ")"); } return list; } catch (SAML2MetaException ex) { @@ -115,7 +117,7 @@ private List getHostedSPMetaAlias(String realm, List hostedSP) for (Iterator i = hostedSP.iterator(); i.hasNext();) { String e = (String) i.next(); SPSSOConfigElement cfg = mgr.getSPSSOConfig(realm, e); - list.add(e + "(" + cfg.getMetaAlias() + ")"); + list.add(e + "(" + cfg.getValue().getMetaAlias() + ")"); } return list; } catch (SAML2MetaException ex) { @@ -182,7 +184,7 @@ private List getEntities( for (Iterator i = entities.iterator(); i.hasNext();) { String entityId = (String) i.next(); EntityConfigElement elm = mgr.getEntityConfig(realm, entityId); - if (elm.isHosted() == hosted) { + if (Boolean.TRUE.equals(elm.getValue().isHosted()) == hosted) { EntityDescriptorElement desc = mgr.getEntityDescriptor( realm, entityId); diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/ImportSAML2MetaData.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/ImportSAML2MetaData.java index 515569cfdb..85ac07c291 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/ImportSAML2MetaData.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/ImportSAML2MetaData.java @@ -25,6 +25,7 @@ * $Id: ImportSAML2MetaData.java,v 1.5 2008/07/08 01:12:01 exu Exp $ * * Portions Copyrighted 2011-2014 ForgeRock AS. + * Portions Copyrighted 2026 3A Systems LLC */ package com.sun.identity.workflow; @@ -36,7 +37,8 @@ import com.sun.identity.shared.debug.Debug; import com.sun.identity.shared.xml.XMLUtils; import java.util.List; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.JAXBException; import org.w3c.dom.Document; /** @@ -72,12 +74,12 @@ public static String[] importData( Object obj = SAML2MetaUtils.convertStringToJAXB(extended); configElt = (obj instanceof EntityConfigElement) ? (EntityConfigElement)obj : null; - if (configElt != null && configElt.isHosted()) { - List config = - configElt.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); + if (configElt != null && Boolean.TRUE.equals(configElt.getValue().isHosted())) { + List> config = + configElt.getValue().getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); if (!config.isEmpty()) { - BaseConfigType bConfig = (BaseConfigType) - config.iterator().next(); + BaseConfigType bConfig = + config.iterator().next().getValue(); realm = SAML2MetaUtils.getRealmByMetaAlias( bConfig.getMetaAlias()); } diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/ValidateSAML2.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/ValidateSAML2.java index 92bc28e6d3..58546328d5 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/ValidateSAML2.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/workflow/ValidateSAML2.java @@ -25,6 +25,7 @@ * $Id: ValidateSAML2.java,v 1.4 2009/11/20 22:45:57 ggennaro Exp $ * * Portions Copyrighted 2014-2016 ForgeRock AS. + * Portions Copyrighted 2026 3A Systems LLC */ package com.sun.identity.workflow; @@ -98,14 +99,14 @@ private void validateIDP() Object[] param = {idpEntityId}; throw new WorkflowException("cannot.locate.idp", param); } else { - if (!idpConfig.getMetaAlias().equals(idpMetaAlias)) { + if (!idpConfig.getValue().getMetaAlias().equals(idpMetaAlias)) { Object[] param = {idpEntityId}; throw new WorkflowException("cannot.locate.idp", param); } } } - List ssoServiceList = elt.getSingleSignOnService(); + List ssoServiceList = elt.getValue().getSingleSignOnService(); idpBaseURL = getIDPBaseURL(ssoServiceList); if (idpBaseURL == null) { Object[] param = {idpEntityId}; @@ -127,8 +128,8 @@ private String getIDPBaseURL(List ssoServiceList) { i.hasNext() && (url == null);) { SingleSignOnServiceElement sso = (SingleSignOnServiceElement) i.next(); - if ((sso != null) && (sso.getBinding() != null)) { - String ssoURL = sso.getLocation(); + if ((sso != null) && (sso.getValue().getBinding() != null)) { + String ssoURL = sso.getValue().getLocation(); int loc = ssoURL.indexOf("/metaAlias/"); if (loc != -1) { String tmp = ssoURL.substring(0, loc); @@ -159,13 +160,13 @@ private void validateSP() Object[] param = {spEntityId}; throw new WorkflowException("cannot.locate.sp", param); } else { - if (!spConfig.getMetaAlias().equals(spMetaAlias)) { + if (!spConfig.getValue().getMetaAlias().equals(spMetaAlias)) { Object[] param = {spEntityId}; throw new WorkflowException("cannot.locate.sp", param); } } } - List sloServiceList = elt.getSingleLogoutService(); + List sloServiceList = elt.getValue().getSingleLogoutService(); spBaseURL = getSPBaseURL(sloServiceList); if (spBaseURL == null) { bFedlet = true; @@ -203,8 +204,8 @@ private String getSPBaseURL(List sloServiceList) { i.hasNext() && (url == null);) { SingleLogoutServiceElement sso = (SingleLogoutServiceElement) i.next(); - if ((sso != null) && (sso.getBinding() != null)) { - String ssoURL = sso.getLocation(); + if ((sso != null) && (sso.getValue().getBinding() != null)) { + String ssoURL = sso.getValue().getLocation(); int loc = ssoURL.indexOf("/metaAlias/"); if (loc != -1) { String tmp = ssoURL.substring(0, loc); diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/wsfederation/plugins/DefaultADFSPartnerAccountMapper.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/wsfederation/plugins/DefaultADFSPartnerAccountMapper.java index 5c20b37f70..a0c65f8f0d 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/wsfederation/plugins/DefaultADFSPartnerAccountMapper.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/wsfederation/plugins/DefaultADFSPartnerAccountMapper.java @@ -24,6 +24,8 @@ * * $Id: DefaultADFSPartnerAccountMapper.java,v 1.5 2009/10/29 00:03:49 exu Exp $ * + * Portions Copyrighted 2026 3A Systems LLC + * */ package com.sun.identity.wsfederation.plugins; @@ -84,16 +86,16 @@ protected Map getSearchParameters(NameIdentifier nameID, throw new WSFederationException(wsfme); } - String nameIdAttribute = WSFederationMetaUtils.getAttribute(idpConfig, + String nameIdAttribute = WSFederationMetaUtils.getAttribute(idpConfig.getValue(), WSFederationConstants.NAMEID_ATTRIBUTE); // Search on uid by default if ( nameIdAttribute == null || nameIdAttribute.length() == 0) { nameIdAttribute = WSFederationConstants.UID; } - String domainAttribute = WSFederationMetaUtils.getAttribute(idpConfig, + String domainAttribute = WSFederationMetaUtils.getAttribute(idpConfig.getValue(), WSFederationConstants.DOMAIN_ATTRIBUTE); String strNameIncludesDomain = - WSFederationMetaUtils.getAttribute(idpConfig, + WSFederationMetaUtils.getAttribute(idpConfig.getValue(), WSFederationConstants.NAME_INCLUDES_DOMAIN); boolean nameIncludesDomain = Boolean.valueOf(strNameIncludesDomain); diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/wss/policy/NamespacePrefixMapperImpl.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/wss/policy/NamespacePrefixMapperImpl.java index d899485f6a..b96f73f1a3 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/wss/policy/NamespacePrefixMapperImpl.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/wss/policy/NamespacePrefixMapperImpl.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: NamespacePrefixMapperImpl.java,v 1.1 2009/09/17 05:49:29 mallas Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC * */ @@ -32,7 +34,7 @@ import java.util.Map; import java.util.HashMap; -import com.sun.xml.bind.marshaller.NamespacePrefixMapper; +import org.glassfish.jaxb.runtime.marshaller.NamespacePrefixMapper; /** diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/wss/policy/WSSPolicyManager.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/wss/policy/WSSPolicyManager.java index f385df9859..02d9ce443c 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/wss/policy/WSSPolicyManager.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/wss/policy/WSSPolicyManager.java @@ -23,12 +23,14 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: WSSPolicyManager.java,v 1.2 2009/12/19 00:09:41 asyhuang Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC * * Portions Copyrighted 2026 3A Systems, LLC */ package com.sun.identity.wss.policy; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import javax.xml.namespace.QName; import java.util.List; import java.util.Iterator; @@ -55,16 +57,14 @@ import com.sun.identity.wsfederation.jaxb.wsspolicy.LayoutElement; import com.sun.identity.wsfederation.jaxb.wsspolicy.ProtectionTokenElement; import com.sun.identity.wsfederation.jaxb.wsspolicy.KerberosTokenElement; -import com.sun.identity.wsfederation.jaxb.wsspolicy. - WssKerberosV5ApReqToken11Element; +import com.sun.identity.wsfederation.jaxb.wsspolicy.WssKerberosV5ApReqToken11Element; import com.sun.identity.wsfederation.jaxb.wsspolicy.SignedPartsElement; import com.sun.identity.wsfederation.jaxb.wsspolicy.EncryptedPartsElement; import com.sun.identity.wsfederation.jaxb.wsspolicy.HeaderType; import com.sun.identity.wsfederation.jaxb.wsspolicy.IssuedTokenElement; import com.sun.identity.wsfederation.jaxb.wsaddr.EndpointReferenceElement; import com.sun.identity.wsfederation.jaxb.wsaddr.AttributedURIType; -import com.sun.identity.wsfederation.jaxb.wsspolicy. - RequestSecurityTokenTemplateType; +import com.sun.identity.wsfederation.jaxb.wsspolicy.RequestSecurityTokenTemplateType; import com.sun.identity.wss.provider.ProviderConfig; import com.sun.identity.wss.security.SecurityMechanism; import com.sun.identity.wss.security.WSSConstants; @@ -118,7 +118,7 @@ public String getPolicy(ProviderConfig providerConfig) try { PolicyElement policyElement = wsPolicyFactory.createPolicyElement(); ExactlyOneElement exactlyOneElement = - wsPolicyFactory.createExactlyOneElement(); + wsPolicyFactory.createExactlyOneElement(wsPolicyFactory.createOperatorContentType()); //TODO - Need to add a config in the WSP config and then create the // issued token policy. boolean useIssuedTokenPolicy = false; @@ -129,14 +129,14 @@ public String getPolicy(ProviderConfig providerConfig) } for (Iterator iter = securityMech.iterator(); iter.hasNext();) { String secMech = (String)iter.next(); - AllElement allElement = wsPolicyFactory.createAllElement(); + AllElement allElement = wsPolicyFactory.createAllElement(wsPolicyFactory.createOperatorContentType()); if(SecurityMechanism.WSS_NULL_KERBEROS_TOKEN_URI.equals( secMech)) { SymmetricBindingElement sbe = - wssPolicyFactory.createSymmetricBindingElement(); + wssPolicyFactory.createSymmetricBindingElement(wssPolicyFactory.createNestedPolicyType()); PolicyElement policyElement1 = wsPolicyFactory.createPolicyElement(); - sbe.setPolicy(policyElement1); + sbe.getValue().setPolicy(policyElement1); ProtectionTokenElement pte = createProtectionTokenElement(secMech); policyElement1.getPolicyOrAllOrExactlyOne().add(pte); @@ -152,17 +152,17 @@ public String getPolicy(ProviderConfig providerConfig) policyElement1.getPolicyOrAllOrExactlyOne().add( createLayoutElement()); policyElement1.getPolicyOrAllOrExactlyOne().add( - wssPolicyFactory.createIncludeTimestampElement()); + wssPolicyFactory.createIncludeTimestamp(wssPolicyFactory.createQNameAssertionType())); policyElement1.getPolicyOrAllOrExactlyOne().add( wssPolicyFactory. - createOnlySignEntireHeadersAndBodyElement()); - allElement.getPolicyOrAllOrExactlyOne().add(sbe); + createOnlySignEntireHeadersAndBody(wssPolicyFactory.createQNameAssertionType())); + allElement.getValue().getPolicyOrAllOrExactlyOne().add(sbe); } else if (useIssuedTokenPolicy) { AsymmetricBindingElement abe = - wssPolicyFactory.createAsymmetricBindingElement(); + wssPolicyFactory.createAsymmetricBindingElement(wssPolicyFactory.createNestedPolicyType()); PolicyElement policyElement1 = wsPolicyFactory.createPolicyElement(); - abe.setPolicy(policyElement1); + abe.getValue().setPolicy(policyElement1); IssuedTokenElement ite = createIssuedTokenElement(); policyElement1.getPolicyOrAllOrExactlyOne().add(ite); @@ -179,20 +179,20 @@ public String getPolicy(ProviderConfig providerConfig) policyElement1.getPolicyOrAllOrExactlyOne().add( createLayoutElement()); policyElement1.getPolicyOrAllOrExactlyOne().add( - wssPolicyFactory.createIncludeTimestampElement()); + wssPolicyFactory.createIncludeTimestamp(wssPolicyFactory.createQNameAssertionType())); policyElement1.getPolicyOrAllOrExactlyOne().add( wssPolicyFactory. - createOnlySignEntireHeadersAndBodyElement()); - allElement.getPolicyOrAllOrExactlyOne().add(abe); - exactlyOneElement.getPolicyOrAllOrExactlyOne().add( + createOnlySignEntireHeadersAndBody(wssPolicyFactory.createQNameAssertionType())); + allElement.getValue().getPolicyOrAllOrExactlyOne().add(abe); + exactlyOneElement.getValue().getPolicyOrAllOrExactlyOne().add( allElement); break; } else { AsymmetricBindingElement abe = - wssPolicyFactory.createAsymmetricBindingElement(); + wssPolicyFactory.createAsymmetricBindingElement(wssPolicyFactory.createNestedPolicyType()); PolicyElement policyElement1 = wsPolicyFactory.createPolicyElement(); - abe.setPolicy(policyElement1); + abe.getValue().setPolicy(policyElement1); InitiatorTokenElement ite = createInitiatorTokenElement(secMech); @@ -211,13 +211,13 @@ public String getPolicy(ProviderConfig providerConfig) policyElement1.getPolicyOrAllOrExactlyOne().add( createLayoutElement()); policyElement1.getPolicyOrAllOrExactlyOne().add( - wssPolicyFactory.createIncludeTimestampElement()); + wssPolicyFactory.createIncludeTimestamp(wssPolicyFactory.createQNameAssertionType())); policyElement1.getPolicyOrAllOrExactlyOne().add( wssPolicyFactory. - createOnlySignEntireHeadersAndBodyElement()); - allElement.getPolicyOrAllOrExactlyOne().add(abe); + createOnlySignEntireHeadersAndBody(wssPolicyFactory.createQNameAssertionType())); + allElement.getValue().getPolicyOrAllOrExactlyOne().add(abe); } - exactlyOneElement.getPolicyOrAllOrExactlyOne().add(allElement); + exactlyOneElement.getValue().getPolicyOrAllOrExactlyOne().add(allElement); } policyElement.getPolicyOrAllOrExactlyOne().add(exactlyOneElement); @@ -248,24 +248,24 @@ public String getInputPolicy(ProviderConfig providerConfig) try { PolicyElement policyElement = wsPolicyFactory.createPolicyElement(); ExactlyOneElement exactlyOneElement = - wsPolicyFactory.createExactlyOneElement(); - AllElement allElement = wsPolicyFactory.createAllElement(); + wsPolicyFactory.createExactlyOneElement(wsPolicyFactory.createOperatorContentType()); + AllElement allElement = wsPolicyFactory.createAllElement(wsPolicyFactory.createOperatorContentType()); policyElement.getPolicyOrAllOrExactlyOne().add(exactlyOneElement); if(providerConfig.isRequestSignEnabled()) { SignedPartsElement signedParts = - wssPolicyFactory.createSignedPartsElement(); - signedParts.setBody(wssPolicyFactory.createEmptyType()); - allElement.getPolicyOrAllOrExactlyOne().add(signedParts); + wssPolicyFactory.createSignedPartsElement(wssPolicyFactory.createSePartsType()); + signedParts.getValue().setBody(wssPolicyFactory.createEmptyType()); + allElement.getValue().getPolicyOrAllOrExactlyOne().add(signedParts); } if(providerConfig.isRequestEncryptEnabled() || providerConfig.isRequestHeaderEncryptEnabled()) { EncryptedPartsElement encryptedParts = - wssPolicyFactory.createEncryptedPartsElement(); + wssPolicyFactory.createEncryptedPartsElement(wssPolicyFactory.createSePartsType()); if(providerConfig.isRequestEncryptEnabled()) { - encryptedParts.setBody(wssPolicyFactory.createEmptyType()); + encryptedParts.getValue().setBody(wssPolicyFactory.createEmptyType()); } if(providerConfig.isRequestHeaderEncryptEnabled()) { HeaderType headerType = @@ -273,11 +273,11 @@ public String getInputPolicy(ProviderConfig providerConfig) headerType.setName( new QName(WSSConstants.WSSE_SECURITY_LNAME)); headerType.setNamespace(WSSConstants.WSSE11_NS); - encryptedParts.getHeader().add(headerType); + encryptedParts.getValue().getHeader().add(headerType); } - allElement.getPolicyOrAllOrExactlyOne().add(encryptedParts); + allElement.getValue().getPolicyOrAllOrExactlyOne().add(encryptedParts); } - exactlyOneElement.getPolicyOrAllOrExactlyOne().add(allElement); + exactlyOneElement.getValue().getPolicyOrAllOrExactlyOne().add(allElement); return WSSPolicyUtils.convertJAXBToString(policyElement); } catch (JAXBException je) { WSSUtils.debug.error("WSSPolicyManager.getInputPolicy: " + @@ -302,25 +302,25 @@ public String getOutputPolicy(ProviderConfig providerConfig) try { PolicyElement policyElement = wsPolicyFactory.createPolicyElement(); ExactlyOneElement exactlyOneElement = - wsPolicyFactory.createExactlyOneElement(); - AllElement allElement = wsPolicyFactory.createAllElement(); + wsPolicyFactory.createExactlyOneElement(wsPolicyFactory.createOperatorContentType()); + AllElement allElement = wsPolicyFactory.createAllElement(wsPolicyFactory.createOperatorContentType()); policyElement.getPolicyOrAllOrExactlyOne().add(exactlyOneElement); if(providerConfig.isResponseSignEnabled()) { SignedPartsElement signedParts = - wssPolicyFactory.createSignedPartsElement(); - signedParts.setBody(wssPolicyFactory.createEmptyType()); - allElement.getPolicyOrAllOrExactlyOne().add(signedParts); + wssPolicyFactory.createSignedPartsElement(wssPolicyFactory.createSePartsType()); + signedParts.getValue().setBody(wssPolicyFactory.createEmptyType()); + allElement.getValue().getPolicyOrAllOrExactlyOne().add(signedParts); } if(providerConfig.isResponseEncryptEnabled()) { EncryptedPartsElement encryptedParts = - wssPolicyFactory.createEncryptedPartsElement(); - encryptedParts.setBody(wssPolicyFactory.createEmptyType()); - allElement.getPolicyOrAllOrExactlyOne().add(encryptedParts); + wssPolicyFactory.createEncryptedPartsElement(wssPolicyFactory.createSePartsType()); + encryptedParts.getValue().setBody(wssPolicyFactory.createEmptyType()); + allElement.getValue().getPolicyOrAllOrExactlyOne().add(encryptedParts); } - exactlyOneElement.getPolicyOrAllOrExactlyOne().add(allElement); + exactlyOneElement.getValue().getPolicyOrAllOrExactlyOne().add(allElement); return WSSPolicyUtils.convertJAXBToString(policyElement); } catch (JAXBException je) { WSSUtils.debug.error("WSSPolicyManager.geOutputPolicy: " + @@ -367,251 +367,215 @@ public String getSTSOutputPolicy() throws WSSPolicyException { private InitiatorTokenElement createInitiatorTokenElement( String secMech) throws WSSPolicyException { - - try { - InitiatorTokenElement ite = - wssPolicyFactory.createInitiatorTokenElement(); - PolicyElement policyElement1 = + + InitiatorTokenElement ite = + wssPolicyFactory.createInitiatorTokenElement(wssPolicyFactory.createNestedPolicyType()); + PolicyElement policyElement1 = + wsPolicyFactory.createPolicyElement(); + ite.getValue().setPolicy(policyElement1); + if(SecurityMechanism.WSS_NULL_X509_TOKEN_URI.equals(secMech)) { + X509TokenElement x509Token = + wssPolicyFactory.createX509TokenElement(wssPolicyFactory.createTokenAssertionType()); + x509Token.getValue().setIncludeToken(INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT); + policyElement1.getPolicyOrAllOrExactlyOne().add(x509Token); + + PolicyElement policyElement2 = + wsPolicyFactory.createPolicyElement(); + x509Token.getValue().getAny().add(policyElement2); + + WssX509V3Token10Element wssX509v3TokenElement = + wssPolicyFactory.createWssX509V3Token10Element(wssPolicyFactory.createQNameAssertionType()); + policyElement2.getPolicyOrAllOrExactlyOne().add( + wssX509v3TokenElement); + } else if(SecurityMechanism.WSS_NULL_USERNAME_TOKEN_URI. + equals(secMech)) { + UsernameTokenElement userNameTokenElement = + wssPolicyFactory.createUsernameTokenElement(wssPolicyFactory.createTokenAssertionType()); + userNameTokenElement.getValue().setIncludeToken( + INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT); + policyElement1.getPolicyOrAllOrExactlyOne().add( + userNameTokenElement); + + PolicyElement policyElement2 = + wsPolicyFactory.createPolicyElement(); + userNameTokenElement.getValue().getAny().add(policyElement2); + + WssUsernameToken10Element wssUserTokenElement = + wssPolicyFactory.createWssUsernameToken10Element(wssPolicyFactory.createQNameAssertionType()); + policyElement2.getPolicyOrAllOrExactlyOne().add( + wssUserTokenElement); + } else if(SecurityMechanism.WSS_NULL_SAML2_HK_URI.equals(secMech)|| + SecurityMechanism.WSS_NULL_SAML2_SV_URI.equals(secMech)) { + SamlTokenElement samlTokenElement = + wssPolicyFactory.createSamlTokenElement(wssPolicyFactory.createTokenAssertionType()); + samlTokenElement.getValue().setIncludeToken( + INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT); + policyElement1.getPolicyOrAllOrExactlyOne().add( + samlTokenElement); + + PolicyElement policyElement2 = wsPolicyFactory.createPolicyElement(); - ite.setPolicy(policyElement1); - if(SecurityMechanism.WSS_NULL_X509_TOKEN_URI.equals(secMech)) { - X509TokenElement x509Token = - wssPolicyFactory.createX509TokenElement(); - x509Token.setIncludeToken(INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT); - policyElement1.getPolicyOrAllOrExactlyOne().add(x509Token); - - PolicyElement policyElement2 = - wsPolicyFactory.createPolicyElement(); - x509Token.getAny().add(policyElement2); - - WssX509V3Token10Element wssX509v3TokenElement = - wssPolicyFactory.createWssX509V3Token10Element(); - policyElement2.getPolicyOrAllOrExactlyOne().add( - wssX509v3TokenElement); - } else if(SecurityMechanism.WSS_NULL_USERNAME_TOKEN_URI. - equals(secMech)) { - UsernameTokenElement userNameTokenElement = - wssPolicyFactory.createUsernameTokenElement(); - userNameTokenElement.setIncludeToken( - INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT); - policyElement1.getPolicyOrAllOrExactlyOne().add( - userNameTokenElement); - - PolicyElement policyElement2 = - wsPolicyFactory.createPolicyElement(); - userNameTokenElement.getAny().add(policyElement2); - - WssUsernameToken10Element wssUserTokenElement = - wssPolicyFactory.createWssUsernameToken10Element(); - policyElement2.getPolicyOrAllOrExactlyOne().add( - wssUserTokenElement); - } else if(SecurityMechanism.WSS_NULL_SAML2_HK_URI.equals(secMech)|| - SecurityMechanism.WSS_NULL_SAML2_SV_URI.equals(secMech)) { - SamlTokenElement samlTokenElement = - wssPolicyFactory.createSamlTokenElement(); - samlTokenElement.setIncludeToken( - INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT); - policyElement1.getPolicyOrAllOrExactlyOne().add( - samlTokenElement); - - PolicyElement policyElement2 = - wsPolicyFactory.createPolicyElement(); - samlTokenElement.getAny().add(policyElement2); - - WssSamlV20Token11Element wssSaml20TokenElement = - wssPolicyFactory.createWssSamlV20Token11Element(); - policyElement2.getPolicyOrAllOrExactlyOne().add( - wssSaml20TokenElement); - - } else if(SecurityMechanism.WSS_NULL_SAML_HK_URI.equals(secMech)|| - SecurityMechanism.WSS_NULL_SAML_SV_URI.equals(secMech)) { - SamlTokenElement samlTokenElement = - wssPolicyFactory.createSamlTokenElement(); - samlTokenElement.setIncludeToken( - INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT); - policyElement1.getPolicyOrAllOrExactlyOne().add( - samlTokenElement); - - PolicyElement policyElement2 = - wsPolicyFactory.createPolicyElement(); - samlTokenElement.getAny().add(policyElement2); - - WssSamlV11Token11Element wssSaml11TokenElement = - wssPolicyFactory.createWssSamlV11Token11Element(); - policyElement2.getPolicyOrAllOrExactlyOne().add( - wssSaml11TokenElement); - - } - - return ite; - } catch (JAXBException je) { - WSSUtils.debug.error("WSSPolicyManager.createInitiateTokenElement: " - + " JAXB Exception "); - throw new WSSPolicyException (je.getMessage()); + samlTokenElement.getValue().getAny().add(policyElement2); + + WssSamlV20Token11Element wssSaml20TokenElement = + wssPolicyFactory.createWssSamlV20Token11Element(wssPolicyFactory.createQNameAssertionType()); + policyElement2.getPolicyOrAllOrExactlyOne().add( + wssSaml20TokenElement); + + } else if(SecurityMechanism.WSS_NULL_SAML_HK_URI.equals(secMech)|| + SecurityMechanism.WSS_NULL_SAML_SV_URI.equals(secMech)) { + SamlTokenElement samlTokenElement = + wssPolicyFactory.createSamlTokenElement(wssPolicyFactory.createTokenAssertionType()); + samlTokenElement.getValue().setIncludeToken( + INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT); + policyElement1.getPolicyOrAllOrExactlyOne().add( + samlTokenElement); + + PolicyElement policyElement2 = + wsPolicyFactory.createPolicyElement(); + samlTokenElement.getValue().getAny().add(policyElement2); + + WssSamlV11Token11Element wssSaml11TokenElement = + wssPolicyFactory.createWssSamlV11Token11Element(wssPolicyFactory.createQNameAssertionType()); + policyElement2.getPolicyOrAllOrExactlyOne().add( + wssSaml11TokenElement); + } - + + return ite; + } private RecipientTokenElement createRecipientTokenElement() throws WSSPolicyException { - - try { - RecipientTokenElement rte = - wssPolicyFactory.createRecipientTokenElement(); - PolicyElement policyElement1 = - wsPolicyFactory.createPolicyElement(); - rte.setPolicy(policyElement1); - X509TokenElement x509Token = - wssPolicyFactory.createX509TokenElement(); - x509Token.setIncludeToken(INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT); - policyElement1.getPolicyOrAllOrExactlyOne().add(x509Token); - - PolicyElement policyElement2 = - wsPolicyFactory.createPolicyElement(); - x509Token.getAny().add(policyElement2); - - WssX509V3Token10Element wssX509v3TokenElement = - wssPolicyFactory.createWssX509V3Token10Element(); - policyElement2.getPolicyOrAllOrExactlyOne().add( - wssX509v3TokenElement); - return rte; - } catch (JAXBException je) { - WSSUtils.debug.error("WSSPolicyManager.createRecipientTokenElement:" - + " JAXB Exception "); - throw new WSSPolicyException (je.getMessage()); - } + + RecipientTokenElement rte = + wssPolicyFactory.createRecipientTokenElement(wssPolicyFactory.createNestedPolicyType()); + PolicyElement policyElement1 = + wsPolicyFactory.createPolicyElement(); + rte.getValue().setPolicy(policyElement1); + X509TokenElement x509Token = + wssPolicyFactory.createX509TokenElement(wssPolicyFactory.createTokenAssertionType()); + x509Token.getValue().setIncludeToken(INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT); + policyElement1.getPolicyOrAllOrExactlyOne().add(x509Token); + + PolicyElement policyElement2 = + wsPolicyFactory.createPolicyElement(); + x509Token.getValue().getAny().add(policyElement2); + + WssX509V3Token10Element wssX509v3TokenElement = + wssPolicyFactory.createWssX509V3Token10Element(wssPolicyFactory.createQNameAssertionType()); + policyElement2.getPolicyOrAllOrExactlyOne().add( + wssX509v3TokenElement); + return rte; } private AlgorithmSuiteElement createAlgorithmSuiteElement( ProviderConfig config) throws WSSPolicyException { - - try { - AlgorithmSuiteElement ase = - wssPolicyFactory.createAlgorithmSuiteElement(); - PolicyElement policyElement1 = - wsPolicyFactory.createPolicyElement(); - ase.setPolicy(policyElement1); - String encAlg = config.getEncryptionAlgorithm(); - int keyStrength = config.getEncryptionStrength(); - if("AES".equals(encAlg)) { - if(keyStrength == 128) { - Basic128Element basic128Element = - wssPolicyFactory.createBasic128Element(); - policyElement1.getPolicyOrAllOrExactlyOne().add( - basic128Element); - } else if (keyStrength == 192) { - Basic192Element basic192Element = - wssPolicyFactory.createBasic192Element(); - policyElement1.getPolicyOrAllOrExactlyOne().add( - basic192Element); - } else if (keyStrength == 256) { - Basic256Element basic256Element = - wssPolicyFactory.createBasic256Element(); - policyElement1.getPolicyOrAllOrExactlyOne().add( - basic256Element); - } else { - if(WSSUtils.debug.warningEnabled()) { - WSSUtils.debug.warning("WSSPolicyManager.create" + - "AlgorithmSuite: Invalid key strenghth for AES" + - keyStrength); - } - } - } else if ("DESede".equals(encAlg)) { - TripleDesElement tripleDesElement = - wssPolicyFactory.createTripleDesElement(); - policyElement1.getPolicyOrAllOrExactlyOne().add( - tripleDesElement); - } else { - return null; - } - return ase; - } catch (JAXBException je) { - WSSUtils.debug.error("WSSPolicyManager.createAlgorithmSuite: " - + " JAXB Exception "); - throw new WSSPolicyException (je.getMessage()); + + AlgorithmSuiteElement ase = + wssPolicyFactory.createAlgorithmSuiteElement(wssPolicyFactory.createNestedPolicyType()); + PolicyElement policyElement1 = + wsPolicyFactory.createPolicyElement(); + ase.getValue().setPolicy(policyElement1); + String encAlg = config.getEncryptionAlgorithm(); + int keyStrength = config.getEncryptionStrength(); + if("AES".equals(encAlg)) { + if(keyStrength == 128) { + Basic128Element basic128Element = + wssPolicyFactory.createBasic128Element(wssPolicyFactory.createQNameAssertionType()); + policyElement1.getPolicyOrAllOrExactlyOne().add( + basic128Element); + } else if (keyStrength == 192) { + Basic192Element basic192Element = + wssPolicyFactory.createBasic192Element(wssPolicyFactory.createQNameAssertionType()); + policyElement1.getPolicyOrAllOrExactlyOne().add( + basic192Element); + } else if (keyStrength == 256) { + Basic256Element basic256Element = + wssPolicyFactory.createBasic256Element(wssPolicyFactory.createQNameAssertionType()); + policyElement1.getPolicyOrAllOrExactlyOne().add( + basic256Element); + } else { + if(WSSUtils.debug.warningEnabled()) { + WSSUtils.debug.warning("WSSPolicyManager.create" + + "AlgorithmSuite: Invalid key strenghth for AES" + + keyStrength); + } + } + } else if ("DESede".equals(encAlg)) { + TripleDesElement tripleDesElement = + wssPolicyFactory.createTripleDesElement(wssPolicyFactory.createQNameAssertionType()); + policyElement1.getPolicyOrAllOrExactlyOne().add( + tripleDesElement); + } else { + return null; } + return ase; } private LayoutElement createLayoutElement() throws WSSPolicyException { - try { - LayoutElement le = - wssPolicyFactory.createLayoutElement(); - PolicyElement policyElement1 = - wsPolicyFactory.createPolicyElement(); - le.setPolicy(policyElement1); - policyElement1.getPolicyOrAllOrExactlyOne().add( - wssPolicyFactory.createLaxElement()); - return le; - } catch (JAXBException je) { - WSSUtils.debug.error("WSSPolicyManager.createLayout: " - + " JAXB Exception "); - throw new WSSPolicyException (je.getMessage()); - } - + LayoutElement le = + wssPolicyFactory.createLayoutElement(wssPolicyFactory.createNestedPolicyType()); + PolicyElement policyElement1 = + wsPolicyFactory.createPolicyElement(); + le.getValue().setPolicy(policyElement1); + policyElement1.getPolicyOrAllOrExactlyOne().add( + wssPolicyFactory.createLax(wssPolicyFactory.createQNameAssertionType())); + return le; + } private ProtectionTokenElement createProtectionTokenElement( String secMech) throws WSSPolicyException { - - try { - ProtectionTokenElement protectionElement = - wssPolicyFactory.createProtectionTokenElement(); - PolicyElement policyElement1 = - wsPolicyFactory.createPolicyElement(); - protectionElement.setPolicy(policyElement1); - - if(SecurityMechanism.WSS_NULL_KERBEROS_TOKEN_URI.equals(secMech)) { - KerberosTokenElement kerberosTokenElement = - wssPolicyFactory.createKerberosTokenElement(); - kerberosTokenElement.setIncludeToken( - INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT); - policyElement1.getPolicyOrAllOrExactlyOne().add( - kerberosTokenElement); - - PolicyElement policyElement2 = - wsPolicyFactory.createPolicyElement(); - kerberosTokenElement.getAny().add(policyElement2); - - WssKerberosV5ApReqToken11Element wssKrbElement = - wssPolicyFactory.createWssKerberosV5ApReqToken11Element(); - policyElement2.getPolicyOrAllOrExactlyOne().add( - wssKrbElement); - } - - return protectionElement; - } catch (JAXBException je) { - WSSUtils.debug.error("WSSPolicyManager.createProtectionToken: " - + " JAXB Exception "); - throw new WSSPolicyException (je.getMessage()); + + ProtectionTokenElement protectionElement = + wssPolicyFactory.createProtectionTokenElement(wssPolicyFactory.createNestedPolicyType()); + PolicyElement policyElement1 = + wsPolicyFactory.createPolicyElement(); + protectionElement.getValue().setPolicy(policyElement1); + + if(SecurityMechanism.WSS_NULL_KERBEROS_TOKEN_URI.equals(secMech)) { + KerberosTokenElement kerberosTokenElement = + wssPolicyFactory.createKerberosTokenElement(wssPolicyFactory.createTokenAssertionType()); + kerberosTokenElement.getValue().setIncludeToken( + INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT); + policyElement1.getPolicyOrAllOrExactlyOne().add( + kerberosTokenElement); + + PolicyElement policyElement2 = + wsPolicyFactory.createPolicyElement(); + kerberosTokenElement.getValue().getAny().add(policyElement2); + + WssKerberosV5ApReqToken11Element wssKrbElement = + wssPolicyFactory.createWssKerberosV5ApReqToken11Element(wssPolicyFactory.createQNameAssertionType()); + policyElement2.getPolicyOrAllOrExactlyOne().add( + wssKrbElement); } + + return protectionElement; } private IssuedTokenElement createIssuedTokenElement() throws WSSPolicyException { - - try { - IssuedTokenElement issuedTokenElement = - wssPolicyFactory.createIssuedTokenElement(); - issuedTokenElement.setIncludeToken( - INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT); - EndpointReferenceElement epr = - wsAddressingFactory.createEndpointReferenceElement(); - AttributedURIType uriType = - wsAddressingFactory.createAttributedURIType(); - uriType.setValue("SunSTS"); - epr.setAddress(uriType); - issuedTokenElement.setIssuer(epr); - RequestSecurityTokenTemplateType rstTemplate = - wssPolicyFactory.createRequestSecurityTokenTemplateType(); - issuedTokenElement.setRequestSecurityTokenTemplate(rstTemplate); - return issuedTokenElement; - } catch (JAXBException je) { - WSSUtils.debug.error("WSSPolicyManager.createIssuedTokenElement: " - + " JAXB Exception "); - throw new WSSPolicyException (je.getMessage()); - } - + + IssuedTokenElement issuedTokenElement = + wssPolicyFactory.createIssuedTokenElement(wssPolicyFactory.createIssuedTokenType()); + issuedTokenElement.getValue().setIncludeToken( + INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT); + EndpointReferenceElement epr = + wsAddressingFactory.createEndpointReferenceElement(wsAddressingFactory.createEndpointReferenceType()); + AttributedURIType uriType = + wsAddressingFactory.createAttributedURIType(); + uriType.setValue("SunSTS"); + epr.getValue().setAddress(uriType); + issuedTokenElement.getValue().setIssuer(epr.getValue()); + RequestSecurityTokenTemplateType rstTemplate = + wssPolicyFactory.createRequestSecurityTokenTemplateType(); + issuedTokenElement.getValue().setRequestSecurityTokenTemplate(rstTemplate); + return issuedTokenElement; + } private ProviderConfig getSTSConfig() throws WSSPolicyException { diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/wss/policy/WSSPolicyUtils.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/wss/policy/WSSPolicyUtils.java index 442d2985d5..4d929e1dc4 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/wss/policy/WSSPolicyUtils.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/wss/policy/WSSPolicyUtils.java @@ -23,15 +23,17 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: WSSPolicyUtils.java,v 1.1 2009/09/17 05:49:29 mallas Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC * */ package com.sun.identity.wss.policy; import java.io.StringWriter; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Marshaller; -import javax.xml.bind.Unmarshaller; +import jakarta.xml.bind.JAXBContext; +import jakarta.xml.bind.JAXBException; +import jakarta.xml.bind.Marshaller; +import jakarta.xml.bind.Unmarshaller; import javax.xml.transform.stream.StreamSource; public class WSSPolicyUtils { @@ -49,7 +51,7 @@ public class WSSPolicyUtils { private static final String PROP_JAXB_FORMATTED_OUTPUT = "jaxb.formatted.output"; private static final String PROP_NAMESPACE_PREFIX_MAPPER = - "com.sun.xml.bind.namespacePrefixMapper"; + "org.glassfish.jaxb.namespacePrefixMapper"; private static NamespacePrefixMapperImpl nsPrefixMapper = new NamespacePrefixMapperImpl(); diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/wss/provider/ProviderConfig.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/wss/provider/ProviderConfig.java index 0ca1617677..33d27e8158 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/wss/provider/ProviderConfig.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/wss/provider/ProviderConfig.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: ProviderConfig.java,v 1.31 2009/11/16 21:52:58 mallas Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC * */ package com.sun.identity.wss.provider; @@ -79,7 +81,7 @@ public abstract class ProviderConfig { public static final String WSS_PROVIDER_CONFIG_PLUGIN = "com.sun.identity.wss.provider.config.plugin"; - protected List secMech = null; + protected List secMech = null; protected String serviceURI = null; protected String providerName = null; protected String wspEndpoint = null; @@ -134,7 +136,7 @@ public abstract class ProviderConfig { * * @return list of security mechanisms. */ - public List getSecurityMechanisms() { + public List getSecurityMechanisms() { return secMech; } diff --git a/openam-federation/OpenFM/src/main/java/com/sun/identity/wss/provider/plugins/AgentProvider.java b/openam-federation/OpenFM/src/main/java/com/sun/identity/wss/provider/plugins/AgentProvider.java index 339f8d8c8b..8109633953 100644 --- a/openam-federation/OpenFM/src/main/java/com/sun/identity/wss/provider/plugins/AgentProvider.java +++ b/openam-federation/OpenFM/src/main/java/com/sun/identity/wss/provider/plugins/AgentProvider.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyght owner]" * * $Id: AgentProvider.java,v 1.41 2009/11/16 21:52:58 mallas Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC * */ @@ -531,11 +533,11 @@ public void store() throws ProviderException { config.put(SERVICE_TYPE, serviceType); } - Set secMechSet = new HashSet(); + Set secMechSet = new HashSet<>(); if(secMech != null) { - Iterator iter = secMech.iterator(); + Iterator iter = secMech.iterator(); while(iter.hasNext()) { - secMechSet.add((String)iter.next()); + secMechSet.add(iter.next()); } } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/common/SystemConfigurationUtil.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/common/SystemConfigurationUtil.java index e643025797..d87bd5fc40 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/common/SystemConfigurationUtil.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/common/SystemConfigurationUtil.java @@ -25,7 +25,7 @@ * $Id: SystemConfigurationUtil.java,v 1.7 2008/08/06 17:26:14 exu Exp $ * * Portions Copyrighted 2010-2016 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.common; @@ -116,7 +116,7 @@ public static Set getCookieDomainsForRequest(HttpServletRequest request) * @return list of server names. * @throws SystemConfigurationException if unable to get the server list. */ - public static List getServerList() throws SystemConfigurationException { + public static List getServerList() throws SystemConfigurationException { if (!platformNamingInitialized) { initPlatformNaming(); } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/cot/CircleOfTrustManager.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/cot/CircleOfTrustManager.java index 4a78a82b4e..5fb037b6cf 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/cot/CircleOfTrustManager.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/cot/CircleOfTrustManager.java @@ -29,7 +29,7 @@ */ package com.sun.identity.cot; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import com.sun.identity.federation.meta.IDFFCOTUtils; import com.sun.identity.federation.meta.IDFFMetaException; import com.sun.identity.federation.meta.IDFFMetaManager; diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/accountmgmt/FSAccountManager.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/accountmgmt/FSAccountManager.java index aadd23b01e..cee089c6b1 100755 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/accountmgmt/FSAccountManager.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/accountmgmt/FSAccountManager.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: FSAccountManager.java,v 1.5 2008/06/25 05:46:39 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC * * Portions Copyrighted 2026 3A Systems, LLC */ @@ -88,12 +90,12 @@ private FSAccountManager(String metaAlias) BaseConfigType hostedConfig = null; if (role != null && role.equalsIgnoreCase(IFSConstants.IDP)) { hostedConfig = - metaManager.getIDPDescriptorConfig(realm, hostedEntityID); + metaManager.getIDPDescriptorConfig(realm, hostedEntityID).getValue(); } else if (role != null && role.equalsIgnoreCase(IFSConstants.SP)) { hostedConfig = - metaManager.getSPDescriptorConfig(realm, hostedEntityID); + metaManager.getSPDescriptorConfig(realm, hostedEntityID).getValue(); SP_PROVIDER_ID = hostedEntityID; SP_FILTER = "|" + SP_PROVIDER_ID + "|"; } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/key/KeyUtil.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/key/KeyUtil.java index c9ea678af5..7d27c8b915 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/key/KeyUtil.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/key/KeyUtil.java @@ -25,6 +25,7 @@ * $Id: KeyUtil.java,v 1.5 2009/06/08 23:41:03 madan_ranganath Exp $ * * Portions Copyrighted 2013-2016 ForgeRock AS + * Portions Copyrighted 2026 3A Systems LLC */ package com.sun.identity.federation.key; @@ -39,6 +40,7 @@ import java.security.PrivateKey; import java.security.cert.X509Certificate; +import com.sun.identity.liberty.ws.meta.jaxb.KeyDescriptorElement; import org.apache.xml.security.encryption.XMLCipher; import com.sun.identity.common.SystemConfigurationUtil; @@ -288,14 +290,14 @@ public static KeyDescriptorType getKeyDescriptor( return null; } - List list = providerDescriptor.getKeyDescriptor(); - Iterator iter = list.iterator(); - KeyDescriptorType kd = null; + List list = providerDescriptor.getKeyDescriptor(); + Iterator iter = list.iterator(); + KeyDescriptorElement kd = null; String use = null; - KeyDescriptorType noUsageKD = null; + KeyDescriptorElement noUsageKD = null; while (iter.hasNext()) { - kd = (KeyDescriptorType)iter.next(); - use = kd.getUse(); + kd = iter.next(); + use = (kd.getValue().getUse() == null) ? null : kd.getValue().getUse().value(); if ((use == null) || (use.trim().length() == 0)) { if (noUsageKD == null) { noUsageKD = kd; @@ -309,9 +311,9 @@ public static KeyDescriptorType getKeyDescriptor( } } if (kd != null) { - return kd; + return kd.getValue(); } else { - return noUsageKD; + return (noUsageKD == null) ? null : noUsageKD.getValue(); } } @@ -351,7 +353,7 @@ public static X509Certificate getCert(KeyDescriptorType kd) { X509DataElement data = (X509DataElement) ki.getContent().get(0); byte[] bt = ((com.sun.identity.liberty.ws.common.jaxb.xmlsig.X509DataType.X509Certificate) - data.getX509IssuerSerialOrX509SKIOrX509SubjectName().get(0)). + data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().get(0)). getValue(); CertificateFactory cf = null; try { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/login/FSPostLogin.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/login/FSPostLogin.java index a36187d298..6d072951e7 100755 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/login/FSPostLogin.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/login/FSPostLogin.java @@ -24,7 +24,7 @@ * * $Id: FSPostLogin.java,v 1.6 2008/07/31 00:55:33 exu Exp $ * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.federation.login; @@ -324,13 +324,13 @@ private void setMetaInfo(String metaAlias,HttpServletRequest request) providerRole.equals(IFSConstants.IDP)) { isIDP = true; - hostedConfig = metaManager.getIDPDescriptorConfig( - realm, entityID); + hostedConfig = IDFFMetaUtils.unwrap(metaManager.getIDPDescriptorConfig( + realm, entityID)); } else if (providerRole != null && providerRole.equalsIgnoreCase(IFSConstants.SP)) { - hostedConfig = metaManager.getSPDescriptorConfig( - realm, entityID); + hostedConfig = IDFFMetaUtils.unwrap(metaManager.getSPDescriptorConfig( + realm, entityID)); } } catch (IDFFMetaException ie) { FSUtils.debug.error("FSPostLogin::setMetaInfo: exception:",ie); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/login/FSPreLogin.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/login/FSPreLogin.java index ac2dfe378c..f9320acfe4 100755 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/login/FSPreLogin.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/login/FSPreLogin.java @@ -25,7 +25,7 @@ * $Id: FSPreLogin.java,v 1.6 2008/08/19 19:11:04 veiming Exp $ * * Portions Copyrighted 2015 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.federation.login; @@ -258,12 +258,12 @@ private void setMetaInfo(String metaAlias, if (hostedProviderRole != null) { if (hostedProviderRole.equals(IFSConstants.SP)) { hostedConfig = - metaManager.getSPDescriptorConfig( - realm, hostedEntityID); + IDFFMetaUtils.unwrap(metaManager.getSPDescriptorConfig( + realm, hostedEntityID)); } else if (hostedProviderRole.equals(IFSConstants.IDP)) { hostedConfig = - metaManager.getIDPDescriptorConfig( - realm, hostedEntityID); + IDFFMetaUtils.unwrap(metaManager.getIDPDescriptorConfig( + realm, hostedEntityID)); } } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/message/common/EncryptedNameIdentifier.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/message/common/EncryptedNameIdentifier.java index 657365f93b..9d33a554b5 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/message/common/EncryptedNameIdentifier.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/message/common/EncryptedNameIdentifier.java @@ -24,6 +24,7 @@ * * $Id: EncryptedNameIdentifier.java,v 1.4 2008/06/25 05:46:46 qcheng Exp $ * Portions Copyrighted 2014 ForgeRock AS + * Portions Copyrighted 2026 3A Systems LLC */ package com.sun.identity.federation.message.common; @@ -32,6 +33,8 @@ import com.sun.identity.federation.common.FSUtils; import com.sun.identity.federation.common.IFSConstants; import com.sun.identity.federation.jaxb.entityconfig.BaseConfigType; +import com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement; +import com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement; import com.sun.identity.federation.key.EncInfo; import com.sun.identity.federation.key.KeyUtil; import com.sun.identity.federation.meta.IDFFMetaException; @@ -221,11 +224,13 @@ public static NameIdentifier getDecryptedNameIdentifier( BaseConfigType providerConfig = null; try { - providerConfig = FSUtils.getIDFFMetaManager(). + SPDescriptorConfigElement spConfigElem = FSUtils.getIDFFMetaManager(). getSPDescriptorConfig(realm, providerID); + providerConfig = (spConfigElem == null) ? null : spConfigElem.getValue(); if (providerConfig == null) { - providerConfig = FSUtils.getIDFFMetaManager(). + IDPDescriptorConfigElement idpConfigElem = FSUtils.getIDFFMetaManager(). getIDPDescriptorConfig(realm, providerID); + providerConfig = (idpConfigElem == null) ? null : idpConfigElem.getValue(); } } catch (Exception ae) { FSUtils.debug.error("EncryptedNameIdentifier.getDecryptedName" + diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/meta/IDFFCOTUtils.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/meta/IDFFCOTUtils.java index 704814b24e..6d1d4a7901 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/meta/IDFFCOTUtils.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/meta/IDFFCOTUtils.java @@ -23,18 +23,23 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: IDFFCOTUtils.java,v 1.6 2009/10/28 23:58:57 exu Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC * * Portions Copyrighted 2026 3A Systems, LLC */ package com.sun.identity.federation.meta; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.JAXBException; import com.sun.identity.cot.COTConstants; -import com.sun.identity.federation.jaxb.entityconfig.AffiliationDescriptorConfigElement; +import com.sun.identity.federation.jaxb.entityconfig.AttributeElement; import com.sun.identity.federation.jaxb.entityconfig.AttributeType; import com.sun.identity.federation.jaxb.entityconfig.BaseConfigType; import com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement; +import com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement; import com.sun.identity.federation.jaxb.entityconfig.ObjectFactory; +import com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement; import com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement; import com.sun.identity.shared.debug.Debug; import java.util.ArrayList; @@ -94,39 +99,43 @@ public void updateEntityConfig(String realm, String cotName,String entityID) atype.setName(COT_LIST); atype.getValue().add(cotName); // add to entityConfig - entityConfig = objFactory.createEntityConfigElement(); - entityConfig.setEntityID(entityID); - entityConfig.setHosted(false); + entityConfig = objFactory.createEntityConfigElement(objFactory.createEntityConfigType()); + entityConfig.getValue().setEntityID(entityID); + entityConfig.getValue().setHosted(false); // Decide which role EntityDescriptorElement includes // It could have one sp and one idp. if (IDFFMetaUtils.getSPDescriptor(entityDesc) != null) { - IDFFCOTUtils = objFactory.createSPDescriptorConfigElement(); - IDFFCOTUtils.getAttribute().add(atype); - entityConfig.getSPDescriptorConfig().add(IDFFCOTUtils); + IDFFCOTUtils = new BaseConfigType() {}; + IDFFCOTUtils.getAttribute().add(objFactory.createAttributeElement(atype)); + entityConfig.getValue().getSPDescriptorConfig().add( + objFactory.createSPDescriptorConfigElement(IDFFCOTUtils)); } if (IDFFMetaUtils.getIDPDescriptor(entityDesc) != null) { - IDFFCOTUtils = objFactory.createIDPDescriptorConfigElement(); - IDFFCOTUtils.getAttribute().add(atype); - entityConfig.getIDPDescriptorConfig().add(IDFFCOTUtils); + IDFFCOTUtils = new BaseConfigType() {}; + IDFFCOTUtils.getAttribute().add(objFactory.createAttributeElement(atype)); + entityConfig.getValue().getIDPDescriptorConfig().add( + objFactory.createIDPDescriptorConfigElement(IDFFCOTUtils)); } - if (entityDesc.getAffiliationDescriptor() != null) { - IDFFCOTUtils = - objFactory.createAffiliationDescriptorConfigElement(); - IDFFCOTUtils.getAttribute().add(atype); - entityConfig.setAffiliationDescriptorConfig(IDFFCOTUtils); + if (entityDesc.getValue().getAffiliationDescriptor() != null) { + IDFFCOTUtils = + new BaseConfigType() {}; + IDFFCOTUtils.getAttribute().add(objFactory.createAttributeElement(atype)); + entityConfig.getValue().setAffiliationDescriptorConfig( + objFactory.createAffiliationDescriptorConfigElement(IDFFCOTUtils)); } idffMetaMgr.setEntityConfig(realm, entityConfig); } else { // update the sp and idp entity config - List spConfigList = entityConfig.getSPDescriptorConfig(); - List idpConfigList = entityConfig.getIDPDescriptorConfig(); + List spConfigList = entityConfig.getValue().getSPDescriptorConfig(); + List idpConfigList = entityConfig.getValue().getIDPDescriptorConfig(); updateCOTAttrInConfig( realm,spConfigList,cotName,entityConfig,objFactory,idffMetaMgr); updateCOTAttrInConfig( realm, idpConfigList,cotName,entityConfig,objFactory, idffMetaMgr); - BaseConfigType affiConfig = - entityConfig.getAffiliationDescriptorConfig(); + BaseConfigType affiConfig = + (entityConfig.getValue().getAffiliationDescriptorConfig() == null) ? null + : entityConfig.getValue().getAffiliationDescriptorConfig().getValue(); if (affiConfig != null) { List affiConfigList = new ArrayList(); affiConfigList.add(affiConfig); @@ -164,14 +173,15 @@ public void removeFromEntityConfig( EntityConfigElement entityConfig = idffMetaMgr.getEntityConfig(realm, entityID); if (entityConfig != null) { - List spConfigList = entityConfig.getSPDescriptorConfig(); - List idpConfigList = entityConfig.getIDPDescriptorConfig(); + List spConfigList = entityConfig.getValue().getSPDescriptorConfig(); + List idpConfigList = entityConfig.getValue().getIDPDescriptorConfig(); removeCOTNameFromConfig(realm, spConfigList,cotName, entityConfig,idffMetaMgr); removeCOTNameFromConfig(realm, idpConfigList,cotName, entityConfig,idffMetaMgr); - BaseConfigType affiConfig = - entityConfig.getAffiliationDescriptorConfig(); + BaseConfigType affiConfig = + (entityConfig.getValue().getAffiliationDescriptorConfig() == null) ? null + : entityConfig.getValue().getAffiliationDescriptorConfig().getValue(); if (affiConfig != null) { List affiConfigList = new ArrayList(); affiConfigList.add(affiConfig); @@ -216,10 +226,10 @@ private void updateCOTAttrInConfig(String realm, throws IDFFMetaException,JAXBException { boolean foundCOT = false; for (Iterator iter = configList.iterator(); iter.hasNext();) { - BaseConfigType bConfig = (BaseConfigType)iter.next(); + BaseConfigType bConfig = getBaseConfig(iter.next()); List list = bConfig.getAttribute(); for (Iterator iter2 = list.iterator(); iter2.hasNext();) { - AttributeType avp = (AttributeType)iter2.next(); + AttributeType avp = ((AttributeElement)iter2.next()).getValue(); if (avp.getName().trim().equalsIgnoreCase(COT_LIST)) { foundCOT = true; List avpl = avp.getValue(); @@ -235,7 +245,7 @@ private void updateCOTAttrInConfig(String realm, AttributeType atype = objFactory.createAttributeType(); atype.setName(COT_LIST); atype.getValue().add(cotName); - list.add(atype); + list.add(objFactory.createAttributeElement(atype)); idffMetaMgr.setEntityConfig(realm, entityConfig); } } @@ -253,10 +263,10 @@ private void removeCOTNameFromConfig( IDFFMetaManager idffMetaMgr) throws IDFFMetaException { for (Iterator iter = configList.iterator(); iter.hasNext();) { - BaseConfigType bConfig = (BaseConfigType)iter.next(); + BaseConfigType bConfig = getBaseConfig(iter.next()); List list = bConfig.getAttribute(); for (Iterator iter2 = list.iterator(); iter2.hasNext();) { - AttributeType avp = (AttributeType)iter2.next(); + AttributeType avp = ((AttributeElement)iter2.next()).getValue(); if (avp.getName().trim().equalsIgnoreCase(COT_LIST)) { List avpl = avp.getValue(); if (avpl != null && !avpl.isEmpty() && @@ -269,4 +279,17 @@ private void removeCOTNameFromConfig( } } } + + /** + * Unwraps a descriptor config list entry to its {@link BaseConfigType}. + * The SP/IDP descriptor config lists hold {@code JAXBElement} wrappers + * (e.g. {@code SPDescriptorConfigElement}), while the affiliation config + * is passed in unwrapped, so both shapes are handled here. + */ + private static BaseConfigType getBaseConfig(Object item) { + if (item instanceof JAXBElement) { + return (BaseConfigType) ((JAXBElement) item).getValue(); + } + return (BaseConfigType) item; + } } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/meta/IDFFMetaManager.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/meta/IDFFMetaManager.java index 431ae93ac7..82a854b23d 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/meta/IDFFMetaManager.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/meta/IDFFMetaManager.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: IDFFMetaManager.java,v 1.9 2009/10/28 23:58:57 exu Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC * */ @@ -58,7 +60,7 @@ import java.util.Set; import java.util.logging.Level; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; /** * The IDFFMetaManager provides methods to manage the Service and @@ -163,7 +165,7 @@ public void createEntityDescriptor( LogUtil.error(Level.INFO, LogUtil.NULL_ENTITY_DESCRIPTOR, null); throw new IDFFMetaException("nullEntityDescriptor",null); } else { - entityId = entityDescriptor.getProviderID(); + entityId = entityDescriptor.getValue().getProviderID(); if (entityId == null) { debug.error(classMethod + "Entity ID is null"); LogUtil.error(Level.INFO, LogUtil.NULL_ENTITY_ID, null); @@ -179,13 +181,13 @@ public void createEntityDescriptor( realm,entityId); if (descriptor != null) { - List idps = descriptor.getIDPDescriptor(); + List idps = descriptor.getValue().getIDPDescriptor(); boolean hasIDP = (idps != null) && !idps.isEmpty(); - List sps = descriptor.getSPDescriptor(); + List sps = descriptor.getValue().getSPDescriptor(); boolean hasSP = (sps != null) && !sps.isEmpty(); - List newIDPs = entityDescriptor.getIDPDescriptor(); - List newSPs = entityDescriptor.getSPDescriptor(); + List newIDPs = entityDescriptor.getValue().getIDPDescriptor(); + List newSPs = entityDescriptor.getValue().getSPDescriptor(); if ((newIDPs != null) && !newIDPs.isEmpty() && hasIDP) { LogUtil.error(Level.INFO, LogUtil.SET_ENTITY_FAILED, args); @@ -317,7 +319,7 @@ public void setEntityDescriptor( throws IDFFMetaException { String classMethod = "IDFFMetaManager:setEntityDescriptor"; if (entityDescriptor != null) { - String entityID = entityDescriptor.getProviderID(); + String entityID = entityDescriptor.getValue().getProviderID(); if ((realm == null) || (realm.length() == 0)) { realm = ROOT_REALM; } @@ -506,7 +508,7 @@ public AffiliationDescriptorType getAffiliationDescriptor( EntityDescriptorElement entityDescriptor = getEntityDescriptor(realm, entityID); if (entityDescriptor != null) { - affiliationDescriptor = entityDescriptor.getAffiliationDescriptor(); + affiliationDescriptor = entityDescriptor.getValue().getAffiliationDescriptor(); } return affiliationDescriptor; } @@ -528,7 +530,7 @@ public void createEntityConfig( LogUtil.error(Level.INFO, LogUtil.NULL_ENTITY_CONFIG, null); throw new IDFFMetaException("nullEntityConfig",null); } else { - entityID = entityConfig.getEntityID(); + entityID = entityConfig.getValue().getEntityID(); if (entityID == null) { LogUtil.error(Level.INFO, LogUtil.NULL_ENTITY_ID, null); debug.error( classMethod + "entity ID is null"); @@ -676,7 +678,7 @@ public void setEntityConfig(String realm, EntityConfigElement entityConfig) throws IDFFMetaException { String classMethod = "IDFFMetaManager:setEntityConfig"; if (entityConfig != null) { - String entityID = entityConfig.getEntityID(); + String entityID = entityConfig.getValue().getEntityID(); if ((realm == null) || (realm.length() == 0)) { realm = ROOT_REALM; } @@ -783,7 +785,7 @@ public IDPDescriptorConfigElement getIDPDescriptorConfig( if (entityConfig != null) { affiliationDesConfig = (AffiliationDescriptorConfigElement) - entityConfig.getAffiliationDescriptorConfig(); + entityConfig.getValue().getAffiliationDescriptorConfig(); } return affiliationDesConfig; } @@ -832,7 +834,7 @@ public List getAllHostedEntities(String realm) throws IDFFMetaException { String entityID = (String) entityIterator.next(); EntityConfigElement entityConfig = getEntityConfig(realm, entityID); - if (entityConfig != null && entityConfig.isHosted()) { + if (entityConfig != null && Boolean.TRUE.equals(entityConfig.getValue().isHosted())) { hostedEntityList.add(entityID); } } @@ -867,7 +869,7 @@ public List getAllRemoteEntities(String realm) throws IDFFMetaException { String entityID = (String) entityIterator.next(); EntityConfigElement entityConfig = getEntityConfig(realm, entityID); - if (entityConfig != null && !entityConfig.isHosted()) { + if (entityConfig != null && !Boolean.TRUE.equals(entityConfig.getValue().isHosted())) { remoteEntityList.add(entityID); } } @@ -998,12 +1000,12 @@ public boolean isTrustedProvider( SPDescriptorConfigElement spConfig = getSPDescriptorConfig(realm, entityID); if (spConfig != null) { - isTrusted = isSameCircleOfTrust(spConfig,realm, entityID); + isTrusted = isSameCircleOfTrust(spConfig.getValue(),realm, entityID); } else { IDPDescriptorConfigElement idpConfig = getIDPDescriptorConfig(realm, entityID); if (idpConfig != null) { - isTrusted = isSameCircleOfTrust(idpConfig,realm, entityID); + isTrusted = isSameCircleOfTrust(idpConfig.getValue(),realm, entityID); } } } catch (IDFFMetaException ide) { @@ -1202,7 +1204,7 @@ public String getEntityIDByMetaAlias(String metaAlias) SPDescriptorConfigElement spconfig = getSPDescriptorConfig(realm, tmpId); if (spconfig != null) { - String tmpMetaAlias = spconfig.getMetaAlias(); + String tmpMetaAlias = spconfig.getValue().getMetaAlias(); if (tmpMetaAlias != null && tmpMetaAlias.length() > 0) { if (metaAlias.equals(tmpMetaAlias)) { // remember this and continue to process others, @@ -1224,7 +1226,7 @@ public String getEntityIDByMetaAlias(String metaAlias) IDPDescriptorConfigElement idpconfig = getIDPDescriptorConfig(realm, tmpId); if (idpconfig != null) { - String tmpMetaAlias = idpconfig.getMetaAlias(); + String tmpMetaAlias = idpconfig.getValue().getMetaAlias(); if (tmpMetaAlias != null && tmpMetaAlias.length() > 0) { if (metaAlias.equals(tmpMetaAlias)) { // remember this and continue to process others, @@ -1460,13 +1462,13 @@ private void addEntityToCOT(String realm, String entityID) IDPDescriptorConfigElement idpConfig = getIDPDescriptorConfig(realm, entityID); if (idpConfig !=null) { - addToCircleOfTrust(idpConfig, realm, entityID); + addToCircleOfTrust(idpConfig.getValue(), realm, entityID); } SPDescriptorConfigElement spConfig = getSPDescriptorConfig( realm, entityID); if (spConfig != null) { - addToCircleOfTrust(spConfig,realm, entityID); + addToCircleOfTrust(spConfig.getValue(),realm, entityID); } } @@ -1482,19 +1484,19 @@ private void removeEntityFromCOT(String realm, String entityID) IDPDescriptorConfigElement idpConfig = getIDPDescriptorConfig(realm, entityID); if (idpConfig != null) { - removeFromCircleOfTrust(idpConfig, realm, entityID); + removeFromCircleOfTrust(idpConfig.getValue(), realm, entityID); } SPDescriptorConfigElement spConfig = getSPDescriptorConfig( realm, entityID); if (spConfig != null) { - removeFromCircleOfTrust(spConfig, realm, entityID); + removeFromCircleOfTrust(spConfig.getValue(), realm, entityID); } AffiliationDescriptorConfigElement affiConfig = getAffiliationDescriptorConfig(realm, entityID); if (affiConfig != null) { - removeFromCircleOfTrust(affiConfig, realm, entityID); + removeFromCircleOfTrust(affiConfig.getValue(), realm, entityID); } } } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/meta/IDFFMetaSecurityUtils.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/meta/IDFFMetaSecurityUtils.java index 73e880adca..d740bb174d 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/meta/IDFFMetaSecurityUtils.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/meta/IDFFMetaSecurityUtils.java @@ -25,11 +25,13 @@ * $Id: IDFFMetaSecurityUtils.java,v 1.5 2009/06/08 23:40:42 madan_ranganath Exp $ * * Portions Copyrighted 2011-2014 ForgeRock AS + * Portions Copyrighted 2026 3A Systems LLC */ package com.sun.identity.federation.meta; import com.sun.identity.federation.common.FSUtils; +import com.sun.identity.federation.jaxb.entityconfig.AttributeElement; import com.sun.identity.federation.jaxb.entityconfig.AttributeType; import com.sun.identity.federation.jaxb.entityconfig.BaseConfigType; import com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement; @@ -56,7 +58,7 @@ import java.util.HashSet; import java.util.Iterator; import java.util.Set; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; /** * The IDFFMetaSecurityUtils class provides metadata security @@ -154,7 +156,7 @@ public static void updateProviderKeyInfo(String realm, IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager(); EntityConfigElement config = metaManager.getEntityConfig(realm, entityID); - if (!config.isHosted()) { + if (!Boolean.TRUE.equals(config.getValue().isHosted())) { String[] args = {entityID, realm}; throw new IDFFMetaException("entityNotHosted", args); } @@ -175,10 +177,10 @@ public static void updateProviderKeyInfo(String realm, // remove key info removeKeyDescriptor(idpDesp, isSigning); if (isSigning) { - setExtendedAttributeValue(idpConfig, + setExtendedAttributeValue(idpConfig.getValue(), IFSConstants.SIGNING_CERT_ALIAS, null); } else { - setExtendedAttributeValue(idpConfig, + setExtendedAttributeValue(idpConfig.getValue(), IFSConstants.ENCRYPTION_CERT_ALIAS, null); } } else { @@ -189,10 +191,10 @@ public static void updateProviderKeyInfo(String realm, Set value = new HashSet(); value.add(certAlias); if (isSigning) { - setExtendedAttributeValue(idpConfig, + setExtendedAttributeValue(idpConfig.getValue(), IFSConstants.SIGNING_CERT_ALIAS, value); } else { - setExtendedAttributeValue(idpConfig, + setExtendedAttributeValue(idpConfig.getValue(), IFSConstants.ENCRYPTION_CERT_ALIAS, value); } } @@ -212,10 +214,10 @@ public static void updateProviderKeyInfo(String realm, // remove key info removeKeyDescriptor(spDesp, isSigning); if (isSigning) { - setExtendedAttributeValue(spConfig, + setExtendedAttributeValue(spConfig.getValue(), IFSConstants.SIGNING_CERT_ALIAS, null); } else { - setExtendedAttributeValue(spConfig, + setExtendedAttributeValue(spConfig.getValue(), IFSConstants.ENCRYPTION_CERT_ALIAS, null); } } else { @@ -226,10 +228,10 @@ public static void updateProviderKeyInfo(String realm, Set value = new HashSet(); value.add(certAlias); if (isSigning) { - setExtendedAttributeValue(spConfig, + setExtendedAttributeValue(spConfig.getValue(), IFSConstants.SIGNING_CERT_ALIAS, value); } else { - setExtendedAttributeValue(spConfig, + setExtendedAttributeValue(spConfig.getValue(), IFSConstants.ENCRYPTION_CERT_ALIAS, value); } } @@ -243,10 +245,10 @@ private static void updateKeyDescriptor(ProviderDescriptorType desp, // NOTE : we only support one signing and one encryption key right now // the code need to be change if we need to support multiple signing // and/or encryption keys in one entity - List keys = desp.getKeyDescriptor(); - for (Iterator iter = keys.iterator(); iter.hasNext();) { - KeyDescriptorElement key = (KeyDescriptorElement) iter.next(); - if (key.getUse().equalsIgnoreCase(newKey.getUse())) { + List keys = desp.getKeyDescriptor(); + for (Iterator iter = keys.iterator(); iter.hasNext();) { + KeyDescriptorElement key = iter.next(); + if (key.getValue().getUse().value().equalsIgnoreCase(newKey.getValue().getUse().value())) { iter.remove(); } } @@ -255,14 +257,14 @@ private static void updateKeyDescriptor(ProviderDescriptorType desp, private static void removeKeyDescriptor(ProviderDescriptorType desp, boolean isSigningUse) { - List keys = desp.getKeyDescriptor(); + List keys = desp.getKeyDescriptor(); String keyUse = "encryption"; if (isSigningUse) { keyUse = "signing"; } - for (Iterator iter = keys.iterator(); iter.hasNext();) { - KeyDescriptorElement key = (KeyDescriptorElement) iter.next(); - if (key.getUse().equalsIgnoreCase(keyUse)) { + for (Iterator iter = keys.iterator(); iter.hasNext();) { + KeyDescriptorElement key = iter.next(); + if (key.getValue().getUse().value().equalsIgnoreCase(keyUse)) { iter.remove(); } } @@ -271,23 +273,19 @@ private static void removeKeyDescriptor(ProviderDescriptorType desp, private static void setExtendedAttributeValue( BaseConfigType config, String attrName, Set attrVal) throws IDFFMetaException { - try { - List attributes = config.getAttribute(); - for(Iterator iter = attributes.iterator(); iter.hasNext();) { - AttributeType avp = (AttributeType)iter.next(); - if (avp.getName().trim().equalsIgnoreCase(attrName)) { - iter.remove(); - } - } - if (attrVal != null) { - ObjectFactory factory = new ObjectFactory(); - AttributeType atype = factory.createAttributeType(); - atype.setName(attrName); - atype.getValue().addAll(attrVal); - config.getAttribute().add(atype); + List attributes = config.getAttribute(); + for(Iterator iter = attributes.iterator(); iter.hasNext();) { + AttributeType avp = ((AttributeElement)iter.next()).getValue(); + if (avp.getName().trim().equalsIgnoreCase(attrName)) { + iter.remove(); } - } catch (JAXBException e) { - throw new IDFFMetaException(e); + } + if (attrVal != null) { + ObjectFactory factory = new ObjectFactory(); + AttributeType atype = factory.createAttributeType(); + atype.setName(attrName); + atype.getValue().addAll(attrVal); + config.getAttribute().add(factory.createAttributeElement(atype)); } } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/meta/IDFFMetaUtils.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/meta/IDFFMetaUtils.java index c77ac1ff67..a02f05f81c 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/meta/IDFFMetaUtils.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/meta/IDFFMetaUtils.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: IDFFMetaUtils.java,v 1.5 2008/11/10 22:56:57 veiming Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC * * Portions Copyrighted 2026 3A Systems, LLC */ @@ -37,6 +39,7 @@ package com.sun.identity.federation.meta; import com.sun.identity.federation.common.IFSConstants; +import com.sun.identity.federation.jaxb.entityconfig.AttributeElement; import com.sun.identity.federation.jaxb.entityconfig.AttributeType; import com.sun.identity.federation.jaxb.entityconfig.BaseConfigType; import com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement; @@ -57,10 +60,11 @@ import java.util.Map; import java.util.Set; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Marshaller; -import javax.xml.bind.Unmarshaller; +import jakarta.xml.bind.JAXBContext; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.JAXBException; +import jakarta.xml.bind.Marshaller; +import jakarta.xml.bind.Unmarshaller; import org.w3c.dom.Node; import org.xml.sax.InputSource; @@ -91,7 +95,7 @@ public class IDFFMetaUtils { private static final String PROP_JAXB_FORMATTED_OUTPUT = "jaxb.formatted.output"; private static final String PROP_NAMESPACE_PREFIX_MAPPER = - "com.sun.xml.bind.namespacePrefixMapper"; + "org.glassfish.jaxb.namespacePrefixMapper"; private static NamespacePrefixMapperImpl nsPrefixMapper = new NamespacePrefixMapperImpl(); @@ -191,7 +195,7 @@ public static SPDescriptorType getSPDescriptor( EntityDescriptorElement entityDescriptor) { SPDescriptorType spDescriptor = null; if (entityDescriptor != null) { - List spList = entityDescriptor.getSPDescriptor(); + List spList = entityDescriptor.getValue().getSPDescriptor(); if (spList != null && !spList.isEmpty()) { Iterator spIterator = spList.iterator(); while (spIterator.hasNext()) { @@ -217,7 +221,7 @@ public static IDPDescriptorType getIDPDescriptor( EntityDescriptorElement entityDescriptor) { IDPDescriptorType idpDescriptor = null; if (entityDescriptor != null) { - List idpList = entityDescriptor.getIDPDescriptor(); + List idpList = entityDescriptor.getValue().getIDPDescriptor(); if (idpList != null && !idpList.isEmpty()) { Iterator idpIterator = idpList.iterator(); while (idpIterator.hasNext()) { @@ -244,7 +248,7 @@ public static SPDescriptorConfigElement getSPDescriptorConfig( EntityConfigElement entityConfig) { SPDescriptorConfigElement spEntityConfig = null; if (entityConfig != null) { - List spCfgList = entityConfig.getSPDescriptorConfig(); + List spCfgList = entityConfig.getValue().getSPDescriptorConfig(); if (spCfgList != null && !spCfgList.isEmpty()) { Iterator spCfgIterator = spCfgList.iterator(); while (spCfgIterator.hasNext()) { @@ -271,7 +275,7 @@ public static IDPDescriptorConfigElement getIDPDescriptorConfig( EntityConfigElement entityConfig) { IDPDescriptorConfigElement idpEntityConfig = null; if (entityConfig != null) { - List idpCfgList = entityConfig.getIDPDescriptorConfig(); + List idpCfgList = entityConfig.getValue().getIDPDescriptorConfig(); if (idpCfgList != null && !idpCfgList.isEmpty()) { Iterator idpCfgIterator = idpCfgList.iterator(); while (idpCfgIterator.hasNext()) { @@ -297,7 +301,7 @@ public static Map getAttributes(BaseConfigType config) { Map attrMap = new HashMap(); List list = config.getAttribute(); for(Iterator iter = list.iterator(); iter.hasNext();) { - AttributeType avp = (AttributeType)iter.next(); + AttributeType avp = ((AttributeElement)iter.next()).getValue(); attrMap.put(avp.getName(), avp.getValue()); } @@ -352,7 +356,7 @@ public static String getFirstAttributeValueFromIDPConfig( IDPDescriptorConfigElement idpConfig = metaManager.getIDPDescriptorConfig(realm, idpEntityID); if (idpConfig != null) { - Map attributes = getAttributes(idpConfig); + Map attributes = getAttributes(idpConfig.getValue()); returnVal = getFirstAttributeValue(attributes, attrName); } } catch (IDFFMetaException e) { @@ -465,6 +469,19 @@ public static String getMetaAlias( return null; } + /** + * Null-safely unwraps a {@link JAXBElement}, returning {@code null} when the element itself is + * {@code null}. Restores the pre-JAXB3 semantics where a nullable config element was passed + * straight through to null-tolerant consumers instead of throwing an NPE. + * + * @param element the (possibly {@code null}) JAXB element + * @param the wrapped value type + * @return the unwrapped value, or {@code null} if {@code element} is {@code null} + */ + public static T unwrap(JAXBElement element) { + return (element == null) ? null : element.getValue(); + } + /** * Obtains provider's extended meta. * @param realm the realm in which the provider resides @@ -482,11 +499,11 @@ public static BaseConfigType getExtendedConfig( if (metaManager != null && providerRole != null) { try { if (providerRole.equalsIgnoreCase(IFSConstants.IDP)) { - providerConfig = metaManager.getIDPDescriptorConfig( - realm, providerId); + providerConfig = unwrap(metaManager.getIDPDescriptorConfig( + realm, providerId)); } else if (providerRole.equalsIgnoreCase(IFSConstants.SP)) { - providerConfig = metaManager.getSPDescriptorConfig( - realm, providerId); + providerConfig = unwrap(metaManager.getSPDescriptorConfig( + realm, providerId)); } } catch (IDFFMetaException ie) { debug.error( diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/meta/NamespacePrefixMapperImpl.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/meta/NamespacePrefixMapperImpl.java index 426210a7fe..720b980b52 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/meta/NamespacePrefixMapperImpl.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/meta/NamespacePrefixMapperImpl.java @@ -23,13 +23,15 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: NamespacePrefixMapperImpl.java,v 1.2 2008/06/25 05:46:49 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC * */ package com.sun.identity.federation.meta; -import com.sun.xml.bind.marshaller.NamespacePrefixMapper; +import org.glassfish.jaxb.runtime.marshaller.NamespacePrefixMapper; public class NamespacePrefixMapperImpl extends NamespacePrefixMapper { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSAssertionManager.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSAssertionManager.java index 7ddfeafeb4..e6342ef148 100755 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSAssertionManager.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSAssertionManager.java @@ -187,8 +187,8 @@ private FSAssertionManager(String metaAlias) assertionTimeout = IFSConstants.ASSERTION_TIMEOUT_DEFAULT * 1000; artifactTimeout = IFSConstants.ARTIFACT_TIMEOUT_DEFAULT * 1000; try { - BaseConfigType idpConfig = FSUtils.getIDFFMetaManager(). - getIDPDescriptorConfig(realm, hostEntityId); + BaseConfigType idpConfig = IDFFMetaUtils.unwrap(FSUtils.getIDFFMetaManager(). + getIDPDescriptorConfig(realm, hostEntityId)); attributes = IDFFMetaUtils.getAttributes(idpConfig); try { cleanupInterval = Integer.parseInt( @@ -493,7 +493,7 @@ public FSAssertion createFSAssertion( BaseConfigType idpConfig = null; try { idpConfig = metaManager.getIDPDescriptorConfig( - realm, hostEntityId); + realm, hostEntityId).getValue(); } catch (IDFFMetaException e) { if (FSUtils.debug.messageEnabled()) { FSUtils.debug.message( diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSAuthnDecisionHandler.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSAuthnDecisionHandler.java index fdbdc25489..7b4e125652 100755 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSAuthnDecisionHandler.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSAuthnDecisionHandler.java @@ -24,7 +24,7 @@ * * $Id: FSAuthnDecisionHandler.java,v 1.4 2008/06/25 05:46:53 qcheng Exp $ * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ @@ -97,7 +97,7 @@ private void getIDPAuthContextInfo(String realm, String entityID) { if (entityConfig == null) { return; } - Map attributes = IDFFMetaUtils.getAttributes(entityConfig); + Map attributes = IDFFMetaUtils.getAttributes(entityConfig.getValue()); List mappings = (List) attributes.get( IFSConstants.IDP_AUTHNCONTEXT_MAPPING); if (mappings != null && !mappings.isEmpty()) { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSDefaultAttributeMapper.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSDefaultAttributeMapper.java index b9e9135916..e7fdf1d0bc 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSDefaultAttributeMapper.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSDefaultAttributeMapper.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: FSDefaultAttributeMapper.java,v 1.3 2008/06/25 05:46:53 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC * */ @@ -90,7 +92,7 @@ public Map getAttributes( SPDescriptorConfigElement spConfig = metaManager.getSPDescriptorConfig("/", hostEntityId); if (spConfig != null) { - Map attributes = IDFFMetaUtils.getAttributes(spConfig); + Map attributes = IDFFMetaUtils.getAttributes(spConfig.getValue()); configMap = FSServiceUtils.parseAttributeConfig((List) attributes.get(IFSConstants.SP_ATTRIBUTE_MAP)); } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSDefaultAttributePlugin.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSDefaultAttributePlugin.java index ad8200ef8d..e14bb53010 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSDefaultAttributePlugin.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSDefaultAttributePlugin.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: FSDefaultAttributePlugin.java,v 1.4 2008/11/10 22:56:58 veiming Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC * * Portions Copyrighted 2026 3A Systems, LLC */ @@ -113,7 +115,7 @@ public List getAttributeStatements( IDPDescriptorConfigElement idpConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId); if (idpConfig != null) { - Map attributes = IDFFMetaUtils.getAttributes(idpConfig); + Map attributes = IDFFMetaUtils.getAttributes(idpConfig.getValue()); attributeMap = FSServiceUtils.parseAttributeConfig((List) attributes.get(IFSConstants.IDP_ATTRIBUTE_MAP)); } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSDefaultRealmAttributeMapper.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSDefaultRealmAttributeMapper.java index 56077d484f..07e889b614 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSDefaultRealmAttributeMapper.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSDefaultRealmAttributeMapper.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: FSDefaultRealmAttributeMapper.java,v 1.2 2008/06/25 05:46:53 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC * */ @@ -92,7 +94,7 @@ public Map getAttributes( SPDescriptorConfigElement spConfig = metaManager.getSPDescriptorConfig(realm, hostEntityId); if (spConfig != null) { - Map attributes = IDFFMetaUtils.getAttributes(spConfig); + Map attributes = IDFFMetaUtils.getAttributes(spConfig.getValue()); configMap = FSServiceUtils.parseAttributeConfig((List) attributes.get(IFSConstants.SP_ATTRIBUTE_MAP)); } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSDefaultRealmAttributePlugin.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSDefaultRealmAttributePlugin.java index 1147e32490..3fdfbcd69b 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSDefaultRealmAttributePlugin.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSDefaultRealmAttributePlugin.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: FSDefaultRealmAttributePlugin.java,v 1.2 2008/06/25 05:46:53 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC * * Portions Copyrighted 2026 3A Systems, LLC */ @@ -92,7 +94,7 @@ public List getAttributeStatements( IDPDescriptorConfigElement idpConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId); if (idpConfig != null) { - Map attributes = IDFFMetaUtils.getAttributes(idpConfig); + Map attributes = IDFFMetaUtils.getAttributes(idpConfig.getValue()); attributeMap = FSServiceUtils.parseAttributeConfig((List) attributes.get(IFSConstants.IDP_ATTRIBUTE_MAP)); } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSDiscoveryBootStrap.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSDiscoveryBootStrap.java index 379ef3bdaf..487a73cfb1 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSDiscoveryBootStrap.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSDiscoveryBootStrap.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: FSDiscoveryBootStrap.java,v 1.4 2008/12/05 00:18:00 exu Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC * */ @@ -140,7 +142,7 @@ private Document getResourceOffering( } try { - ResourceOfferingType offering = discoEntry.getResourceOffering(); + ResourceOfferingType offering = discoEntry.getValue().getResourceOffering().getValue(); ServiceInstanceType serviceInstance = offering.getServiceInstance(); String providerID = serviceInstance.getProviderID(); if (!DiscoServiceManager.useImpliedResource()) { @@ -169,7 +171,7 @@ private Document getResourceOffering( offering.setResourceID(resourceID); } - List discoEntryList = new ArrayList(); + List discoEntryList = new ArrayList<>(); discoEntryList.add(discoEntry); SessionSubject sessionSubject = null; if (DiscoServiceManager.encryptNIinSessionContext()) { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSIDPProxyImpl.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSIDPProxyImpl.java index da33e21014..0fa0442e30 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSIDPProxyImpl.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSIDPProxyImpl.java @@ -24,7 +24,7 @@ * * $Id: FSIDPProxyImpl.java,v 1.3 2008/06/25 05:46:54 qcheng Exp $ * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ @@ -79,7 +79,7 @@ public String getPreferredIDP( try { Map attributes = IDFFMetaUtils.getAttributes( FSUtils.getIDFFMetaManager().getSPDescriptorConfig( - "/", authnRequest.getProviderId())); + "/", authnRequest.getProviderId()).getValue()); String useIntroductionForProxying = IDFFMetaUtils.getFirstAttributeValue( attributes, IFSConstants.USE_INTRODUCTION_FOR_IDP_PROXY); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSLoginHelper.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSLoginHelper.java index 85424b9f83..d4f883e1dc 100755 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSLoginHelper.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSLoginHelper.java @@ -25,7 +25,7 @@ * $Id: FSLoginHelper.java,v 1.5 2008/06/25 05:46:54 qcheng Exp $ * * Portions Copyrighted 2015 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.federation.services; @@ -139,7 +139,7 @@ private void setMetaInfo(String metaAlias, String authLevel) hostDescriptor = metaManager.getSPDescriptor( realm, hostEntityID); hostConfig = metaManager.getSPDescriptorConfig( - realm, hostEntityID); + realm, hostEntityID).getValue(); } else { FSUtils.debug.error("FSLoginHelper::setMetaInfo " + "could not get meta manager handle " @@ -498,8 +498,8 @@ private Set getIDPs(String metaAlias) { while (it.hasNext()) { provider = (String) it.next(); providerDesc = metaManager.getIDPDescriptor(realm,provider); - providerConfig = - metaManager.getIDPDescriptorConfig(realm, provider); + providerConfig = + IDFFMetaUtils.unwrap(metaManager.getIDPDescriptorConfig(realm, provider)); if (providerDesc == null || providerConfig == null) { continue; } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSRealmIDPProxyImpl.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSRealmIDPProxyImpl.java index 5ea442d59f..044c5bb993 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSRealmIDPProxyImpl.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSRealmIDPProxyImpl.java @@ -24,7 +24,7 @@ * * $Id: FSRealmIDPProxyImpl.java,v 1.2 2008/06/25 05:46:55 qcheng Exp $ * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ @@ -79,7 +79,7 @@ public String getPreferredIDP( try { Map attributes = IDFFMetaUtils.getAttributes( FSUtils.getIDFFMetaManager().getSPDescriptorConfig( - realm, authnRequest.getProviderId())); + realm, authnRequest.getProviderId()).getValue()); String useIntroductionForProxying = IDFFMetaUtils.getFirstAttributeValue( attributes, IFSConstants.USE_INTRODUCTION_FOR_IDP_PROXY); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSSOAPReceiver.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSSOAPReceiver.java index 437bc12854..daa0d788b0 100755 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSSOAPReceiver.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSSOAPReceiver.java @@ -216,7 +216,7 @@ public void onMessage(HttpServletRequest request, metaManager.getIDPDescriptor(realm, hostedEntityId); BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig( - realm, hostedEntityId); + realm, hostedEntityId).getValue(); FSServiceManager sm = FSServiceManager.getInstance(); FSSSOBrowserArtifactProfileHandler handler = (FSSSOBrowserArtifactProfileHandler)sm @@ -410,14 +410,14 @@ public void onMessage(HttpServletRequest request, getIDPDescriptor(realm, hostedEntityId); hostedConfig = metaManager. getIDPDescriptorConfig( - realm, hostedEntityId); + realm, hostedEntityId).getValue(); } else if (hostedRole != null && hostedRole.equals(IFSConstants.SP)) { hostedProviderDesc = metaManager. getSPDescriptor(realm, hostedEntityId); hostedConfig = metaManager. - getSPDescriptorConfig(realm,hostedEntityId); + getSPDescriptorConfig(realm,hostedEntityId).getValue(); } if (hostedProviderDesc == null) { @@ -563,7 +563,7 @@ public void onMessage(HttpServletRequest request, ProviderDescriptorType hostedDesc = metaManager.getIDPDescriptor(realm, hostedEntityId); BaseConfigType hostedConfig = - metaManager.getIDPDescriptorConfig(realm, hostedEntityId); + metaManager.getIDPDescriptorConfig(realm, hostedEntityId).getValue(); FSNameIdentifierMappingRequest mappingRequest = new FSNameIdentifierMappingRequest(elt); if (FSServiceUtils.isSigningOn()) { @@ -705,7 +705,7 @@ public void onMessage(HttpServletRequest request, realm, hostedEntityId); hostedConfig = metaManager.getIDPDescriptorConfig( - realm, hostedEntityId); + realm, hostedEntityId).getValue(); } else if (hostedRole.equalsIgnoreCase( IFSConstants.SP)) { @@ -714,7 +714,7 @@ public void onMessage(HttpServletRequest request, realm, hostedEntityId); hostedConfig = metaManager.getSPDescriptorConfig( - realm, hostedEntityId); + realm, hostedEntityId).getValue(); } } } catch (Exception e){ @@ -1043,14 +1043,14 @@ private boolean handleTerminationRequest( hostedProviderDesc = metaManager.getIDPDescriptor( realm, hostedEntityId); hostedConfig = metaManager.getIDPDescriptorConfig( - realm, hostedEntityId); + realm, hostedEntityId).getValue(); remoteDesc = metaManager.getSPDescriptor( realm, remoteEntityId); } else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) { hostedProviderDesc = metaManager.getSPDescriptor( realm, hostedEntityId); hostedConfig = metaManager.getSPDescriptorConfig( - realm, hostedEntityId); + realm, hostedEntityId).getValue(); remoteDesc = metaManager.getIDPDescriptor( realm, remoteEntityId); } @@ -1451,7 +1451,7 @@ private void handleLECPRequest( handler.setHostedDescriptor( metaManager.getIDPDescriptor(realm, hostedEntityId)); handler.setHostedDescriptorConfig( - metaManager.getIDPDescriptorConfig(realm, hostedEntityId)); + metaManager.getIDPDescriptorConfig(realm, hostedEntityId).getValue()); handler.setRealm(realm); handler.processLECPAuthnRequest(authnRequest); } catch(Exception se) { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSServiceManager.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSServiceManager.java index f936168c91..2a7b9bd9b2 100755 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSServiceManager.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/FSServiceManager.java @@ -24,7 +24,7 @@ * * $Id: FSServiceManager.java,v 1.5 2008/06/25 05:46:56 qcheng Exp $ * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.federation.services; @@ -243,7 +243,7 @@ public FSSSOAndFedHandler getSSOAndFedHandler( SPDescriptorType spDescriptor = metaManager.getSPDescriptor(realm, spEntityId); BaseConfigType spConfig = - metaManager.getSPDescriptorConfig(realm, spEntityId); + IDFFMetaUtils.unwrap(metaManager.getSPDescriptorConfig(realm, spEntityId)); String relayState = authnRequest.getRelayState(); if (FSUtils.debug.messageEnabled()) { @@ -379,7 +379,7 @@ public FSSSOLECPProfileHandler getLECPProfileHandler( response, authnRequest, metaManager.getSPDescriptor(realm, spEntityId), - metaManager.getSPDescriptorConfig(realm, spEntityId), + IDFFMetaUtils.unwrap(metaManager.getSPDescriptorConfig(realm, spEntityId)), spEntityId, authnRequest.getRelayState()); } catch(IDFFMetaException ex){ @@ -710,12 +710,12 @@ public FSNameRegistrationHandler getNameRegistrationHandler( remoteDesc = metaManager.getSPDescriptor( realm, remoteEntityId); remoteConfig = metaManager.getSPDescriptorConfig( - realm, remoteEntityId); + realm, remoteEntityId).getValue(); } else { remoteDesc = metaManager.getIDPDescriptor( realm, remoteEntityId); remoteConfig = metaManager.getIDPDescriptorConfig( - realm, remoteEntityId); + realm, remoteEntityId).getValue(); } handlerRegistration.setRealm(realm); handlerRegistration.setRemoteEntityId(remoteEntityId); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSAssertionArtifactHandler.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSAssertionArtifactHandler.java index 231b5b01e8..f69b85d1d6 100755 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSAssertionArtifactHandler.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSAssertionArtifactHandler.java @@ -25,7 +25,7 @@ * $Id: FSAssertionArtifactHandler.java,v 1.14 2009/11/03 00:49:49 madan_ranganath Exp $ * * Portions Copyrighted 2015-2016 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.federation.services.fednsso; @@ -1904,7 +1904,7 @@ protected void sendProxyResponse(String requestID) { BaseConfigType proxySPConfig = null; try { proxySPConfig = metaManager.getSPDescriptorConfig( - realm, proxySPEntityId); + realm, proxySPEntityId).getValue(); } catch (Exception e) { FSUtils.debug.error("FSAssertionArtifactHandler.sendProxyResponse:" + "Couldn't obtain proxy sp meta:", e); @@ -1920,7 +1920,7 @@ protected void sendProxyResponse(String requestID) { try { localIDPDesc = metaManager.getIDPDescriptor(realm, hostEntityId); localIDPConfig = metaManager.getIDPDescriptorConfig( - realm, hostEntityId); + realm, hostEntityId).getValue(); localIDPMetaAlias = localIDPConfig.getMetaAlias(); } catch (Exception e) { FSUtils.debug.error("FSAssertionartifactHandler.sendProxyResponse:" diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSAssertionConsumerService.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSAssertionConsumerService.java index b86dd86898..e3f0fc1447 100755 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSAssertionConsumerService.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSAssertionConsumerService.java @@ -126,7 +126,7 @@ public void doGet( hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias); hostDesc = metaManager.getSPDescriptor(realm, hostEntityId); hostConfig = metaManager.getSPDescriptorConfig( - realm, hostEntityId); + realm, hostEntityId).getValue(); } catch (Exception e) { FSUtils.debug.error("FSAssertionConsumerService.doGet: ", e); FSUtils.forwardRequest(request, response, framedPageURL); @@ -253,7 +253,7 @@ public void doPost( try { hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias); hostDesc = metaManager.getSPDescriptor(realm, hostEntityId); - hostConfig = metaManager.getSPDescriptorConfig(realm, hostEntityId); + hostConfig = metaManager.getSPDescriptorConfig(realm, hostEntityId).getValue(); } catch (Exception e) { FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Exception when obtain host meta data:", e); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSIDPFinderService.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSIDPFinderService.java index e19002eac7..5d3b1afd51 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSIDPFinderService.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSIDPFinderService.java @@ -128,8 +128,8 @@ public void doGet( IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager(); try { if (metaManager != null ) { - hostConfig = metaManager.getIDPDescriptorConfig( - realm, entityID); + hostConfig = IDFFMetaUtils.unwrap(metaManager.getIDPDescriptorConfig( + realm, entityID)); if (hostConfig != null) { hostMetaAlias = hostConfig.getMetaAlias(); } @@ -244,7 +244,7 @@ private String getCommonDomainIDP( List cotList = null; if (metaManager != null) { BaseConfigType spConfig = - metaManager.getSPDescriptorConfig(realm, entityID); + metaManager.getSPDescriptorConfig(realm, entityID).getValue(); cotList = IDFFMetaUtils.getAttributeValueFromConfig( spConfig, IFSConstants.COT_LIST); } @@ -348,7 +348,7 @@ private String getLoginURL( IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager(); idpDescriptor = metaManager.getIDPDescriptor(realm, hostProviderID); idpConfig = metaManager.getIDPDescriptorConfig( - realm, hostProviderID); + realm, hostProviderID).getValue(); } catch (Exception e) { FSUtils.debug.error("FSIDPFinderServer.getLoginURL : exception "+ "while retrieving meta config", e); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSIntersiteTransferService.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSIntersiteTransferService.java index 052698f1d7..a3f8e8aa6e 100755 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSIntersiteTransferService.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSIntersiteTransferService.java @@ -419,7 +419,7 @@ public void doGet( SPDescriptorType hostDesc = metaManager.getSPDescriptor(realm, hostEntityId); BaseConfigType hostConfig = - metaManager.getSPDescriptorConfig(realm, hostEntityId); + metaManager.getSPDescriptorConfig(realm, hostEntityId).getValue(); if (IDFFMetaUtils.getBooleanAttributeValueFromConfig( hostConfig, IFSConstants.ENABLE_AFFILIATION)) { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSSSOAndFedHandler.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSSSOAndFedHandler.java index 54c925d01b..80813c6f11 100755 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSSSOAndFedHandler.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSSSOAndFedHandler.java @@ -25,7 +25,7 @@ * $Id: FSSSOAndFedHandler.java,v 1.12 2009/11/04 00:06:11 exu Exp $ * * Portions Copyrighted 2015 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.federation.services.fednsso; @@ -1150,7 +1150,7 @@ public void processAuthnRequest( try { spDescriptor = metaManager.getSPDescriptor(realm, spEntityId); - spConfig = metaManager.getSPDescriptorConfig(realm, spEntityId); + spConfig = metaManager.getSPDescriptorConfig(realm, spEntityId).getValue(); if (!metaManager.isTrustedProvider( realm, hostedEntityId, spEntityId)) { @@ -1513,7 +1513,7 @@ protected void sendProxyAuthnRequest ( localDescriptor = metaManager.getSPDescriptor( realm, hostedEntityId); localDescriptorConfig = - metaManager.getSPDescriptorConfig(realm, hostedEntityId); + metaManager.getSPDescriptorConfig(realm, hostedEntityId).getValue(); } catch (Exception e) { FSUtils.debug.error( "FSSSOAndFedHandler.sendProxyAuthnRequest:",e); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSSSOAndFedService.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSSSOAndFedService.java index 7c8ba38319..c3c1a539a9 100755 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSSSOAndFedService.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/fednsso/FSSSOAndFedService.java @@ -245,7 +245,7 @@ public void doGet( hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias); hostedDesc = metaManager.getIDPDescriptor(realm, hostEntityId); hostedConfig = metaManager.getIDPDescriptorConfig( - realm, hostEntityId); + realm, hostEntityId).getValue(); } catch (Exception e) { if (FSUtils.debug.messageEnabled()) { FSUtils.debug.message( @@ -371,7 +371,7 @@ public void doPost( hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias); hostedDesc = metaManager.getIDPDescriptor(realm, hostEntityId); hostedConfig = metaManager.getIDPDescriptorConfig( - realm, hostEntityId); + realm, hostEntityId).getValue(); } catch (Exception e) { if (FSUtils.debug.messageEnabled()) { FSUtils.debug.message( @@ -430,7 +430,7 @@ private void handleAuthnRequest( try { hostedDesc = metaManager.getIDPDescriptor(realm, hostEntityId); hostedConfig = metaManager.getIDPDescriptorConfig( - realm, hostEntityId); + realm, hostEntityId).getValue(); if (hostedConfig != null) { metaAlias = hostedConfig.getMetaAlias(); } @@ -727,7 +727,7 @@ public void onMessage(HttpServletRequest request, IDPDescriptorType hostedDesc = metaManager.getIDPDescriptor(realm, hostEntityId); BaseConfigType hostedConfig = - metaManager.getIDPDescriptorConfig(realm, hostEntityId); + metaManager.getIDPDescriptorConfig(realm, hostEntityId).getValue(); FSSessionManager sessionService = FSSessionManager.getInstance(metaAlias); sessionService.setAuthnRequest( diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/logout/FSLogoutUtil.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/logout/FSLogoutUtil.java index a48cf1527c..5145c1f7f1 100755 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/logout/FSLogoutUtil.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/logout/FSLogoutUtil.java @@ -25,7 +25,7 @@ * $Id: FSLogoutUtil.java,v 1.12 2008/11/10 22:56:58 veiming Exp $ * * Portions Copyrighted 2015 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.federation.services.logout; @@ -1037,12 +1037,12 @@ protected static void sendErrorPage(HttpServletRequest request, IFSConstants.IDP.equalsIgnoreCase(hostedRole)) { hostedConfig = metaManager.getIDPDescriptorConfig( - realm, hostedEntityId); + realm, hostedEntityId).getValue(); } else if (hostedEntityId != null && IFSConstants.SP.equalsIgnoreCase(hostedRole)) { hostedConfig = metaManager.getSPDescriptorConfig( - realm, hostedEntityId); + realm, hostedEntityId).getValue(); } retURL = FSServiceUtils.getLogoutDonePageURL( request, hostedConfig, providerAlias); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/logout/FSProcessLogoutServlet.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/logout/FSProcessLogoutServlet.java index 6e06e8e268..2bc093d6d7 100755 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/logout/FSProcessLogoutServlet.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/logout/FSProcessLogoutServlet.java @@ -166,12 +166,12 @@ private void doGetPost(HttpServletRequest request, hostedProviderDesc = metaManager.getIDPDescriptor( realm, hostedEntityId); hostedConfig = metaManager.getIDPDescriptorConfig( - realm, hostedEntityId); + realm, hostedEntityId).getValue(); } else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) { hostedProviderDesc = metaManager.getSPDescriptor( realm, hostedEntityId); hostedConfig = metaManager.getSPDescriptorConfig( - realm, hostedEntityId); + realm, hostedEntityId).getValue(); } } if (hostedProviderDesc == null){ diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/logout/FSReturnLogoutServlet.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/logout/FSReturnLogoutServlet.java index d348854052..888f6dfe84 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/logout/FSReturnLogoutServlet.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/logout/FSReturnLogoutServlet.java @@ -184,11 +184,11 @@ private void doGetPost(HttpServletRequest request, hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias); if (hostedRole != null) { if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) { - hostedConfig = metaManager.getIDPDescriptorConfig( - realm, hostedEntityId); + hostedConfig = IDFFMetaUtils.unwrap(metaManager.getIDPDescriptorConfig( + realm, hostedEntityId)); } else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) { - hostedConfig = metaManager.getSPDescriptorConfig( - realm, hostedEntityId); + hostedConfig = IDFFMetaUtils.unwrap(metaManager.getSPDescriptorConfig( + realm, hostedEntityId)); } } if (hostedConfig == null) { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/logout/FSSingleLogoutHandler.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/logout/FSSingleLogoutHandler.java index d147ecc9e1..61d92334b7 100755 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/logout/FSSingleLogoutHandler.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/logout/FSSingleLogoutHandler.java @@ -1777,9 +1777,9 @@ private FSLogoutStatus handleIDPProxyLogout(String sourceEntityId) // check to see if original SP is idp proxy enabled if (metaManager != null) { try { - BaseConfigType sourceSPConfig = - metaManager.getSPDescriptorConfig( - realm, sourceEntityId); + BaseConfigType sourceSPConfig = + IDFFMetaUtils.unwrap(metaManager.getSPDescriptorConfig( + realm, sourceEntityId)); String enabledString = IDFFMetaUtils.getFirstAttributeValueFromConfig( sourceSPConfig, IFSConstants.ENABLE_IDP_PROXY); @@ -1809,7 +1809,7 @@ private FSLogoutStatus handleIDPProxyLogout(String sourceEntityId) FSSingleLogoutHandler handler = new FSSingleLogoutHandler(); proxySPConfig = metaManager.getSPDescriptorConfig( - realm, hostedEntityId); + realm, hostedEntityId).getValue(); proxySPDescriptor = metaManager.getSPDescriptor( realm, hostedEntityId); handler.setHostedDescriptor(proxySPDescriptor); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/registration/FSRegistrationInitiationServlet.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/registration/FSRegistrationInitiationServlet.java index da689ace61..429da25954 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/registration/FSRegistrationInitiationServlet.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/registration/FSRegistrationInitiationServlet.java @@ -181,14 +181,14 @@ private void doGetPost( hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId); hostedConfig = - metaManager.getSPDescriptorConfig(realm, hostedEntityId); + metaManager.getSPDescriptorConfig(realm, hostedEntityId).getValue(); } else if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.IDP)) { hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId); hostedConfig = - metaManager.getIDPDescriptorConfig(realm, hostedEntityId); + metaManager.getIDPDescriptorConfig(realm, hostedEntityId).getValue(); } if (hostedProviderDesc == null) { throw new IDFFMetaException((String) null); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/registration/FSRegistrationRequestServlet.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/registration/FSRegistrationRequestServlet.java index d5a2f0e294..db74880171 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/registration/FSRegistrationRequestServlet.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/registration/FSRegistrationRequestServlet.java @@ -178,14 +178,14 @@ private void doGetPost( hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId); hostedConfig = - metaManager.getIDPDescriptorConfig(realm, hostedEntityId); + metaManager.getIDPDescriptorConfig(realm, hostedEntityId).getValue(); } else if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) { hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId); hostedConfig = - metaManager.getSPDescriptorConfig(realm, hostedEntityId); + metaManager.getSPDescriptorConfig(realm, hostedEntityId).getValue(); } if (hostedProviderDesc == null) { throw new IDFFMetaException((String) null); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/registration/FSRegistrationReturnServlet.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/registration/FSRegistrationReturnServlet.java index bf553bfa02..0491d06fcc 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/registration/FSRegistrationReturnServlet.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/registration/FSRegistrationReturnServlet.java @@ -165,14 +165,14 @@ private void doGetPost(HttpServletRequest request, hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId); hostedConfig = - metaManager.getIDPDescriptorConfig(realm, hostedEntityId); + metaManager.getIDPDescriptorConfig(realm, hostedEntityId).getValue(); } else if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) { hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId); hostedConfig = - metaManager.getSPDescriptorConfig(realm, hostedEntityId); + metaManager.getSPDescriptorConfig(realm, hostedEntityId).getValue(); } if (hostedProviderDesc == null) { throw new IDFFMetaException((String) null); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/termination/FSTerminationInitiationServlet.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/termination/FSTerminationInitiationServlet.java index 551c90dcae..e965dc5211 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/termination/FSTerminationInitiationServlet.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/termination/FSTerminationInitiationServlet.java @@ -159,14 +159,14 @@ private void doGetPost( hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId); hostedConfig = - metaManager.getSPDescriptorConfig(realm, hostedEntityId); + metaManager.getSPDescriptorConfig(realm, hostedEntityId).getValue(); } else if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.IDP)) { hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId); hostedConfig = - metaManager.getIDPDescriptorConfig(realm, hostedEntityId); + metaManager.getIDPDescriptorConfig(realm, hostedEntityId).getValue(); } if (hostedProviderDesc == null) { throw new IDFFMetaException((String) null); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/termination/FSTerminationRequestServlet.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/termination/FSTerminationRequestServlet.java index 62900443d4..6a3a1e5c8a 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/termination/FSTerminationRequestServlet.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/termination/FSTerminationRequestServlet.java @@ -172,14 +172,14 @@ private void doGetPost( hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId); hostedConfig = - metaManager.getIDPDescriptorConfig(realm, hostedEntityId); + metaManager.getIDPDescriptorConfig(realm, hostedEntityId).getValue(); } else if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) { hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId); hostedConfig = - metaManager.getSPDescriptorConfig(realm, hostedEntityId); + metaManager.getSPDescriptorConfig(realm, hostedEntityId).getValue(); } if (hostedProviderDesc == null) { throw new IDFFMetaException((String) null); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/termination/FSTerminationReturnServlet.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/termination/FSTerminationReturnServlet.java index eb28f308f6..21757699d8 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/termination/FSTerminationReturnServlet.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/termination/FSTerminationReturnServlet.java @@ -24,7 +24,7 @@ * * $Id: FSTerminationReturnServlet.java,v 1.4 2008/12/19 06:50:48 exu Exp $ * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ @@ -139,12 +139,12 @@ private void doGetPost( String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias); if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.IDP)) { - hostedConfig = metaManager.getIDPDescriptorConfig( - realm, hostedEntityId); + hostedConfig = IDFFMetaUtils.unwrap(metaManager.getIDPDescriptorConfig( + realm, hostedEntityId)); } else if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP)) { - hostedConfig = metaManager.getSPDescriptorConfig( - realm, hostedEntityId); + hostedConfig = IDFFMetaUtils.unwrap(metaManager.getSPDescriptorConfig( + realm, hostedEntityId)); } if (hostedRole == null || hostedConfig == null) { throw new IDFFMetaException((String) null); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/util/FSAttributeStatementHelper.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/util/FSAttributeStatementHelper.java index c59c6f7199..474200eb2c 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/util/FSAttributeStatementHelper.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/util/FSAttributeStatementHelper.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: FSAttributeStatementHelper.java,v 1.3 2008/06/25 05:47:04 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -80,7 +82,7 @@ public static AttributeStatement getAutoFedAttributeStatement( BaseConfigType hostConfig = null; try { if (metaManager != null) { - hostConfig = metaManager.getIDPDescriptorConfig(realm,entityID); + hostConfig = IDFFMetaUtils.unwrap(metaManager.getIDPDescriptorConfig(realm,entityID)); } } catch (IDFFMetaException fae) { FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/util/FSServiceUtils.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/util/FSServiceUtils.java index 27d1ed6eea..54a4253510 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/util/FSServiceUtils.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/federation/services/util/FSServiceUtils.java @@ -60,7 +60,6 @@ import org.w3c.dom.Document; -import com.sun.identity.common.SystemConfigurationException; import com.sun.identity.common.SystemConfigurationUtil; import com.sun.identity.federation.accountmgmt.FSAccountFedInfo; import com.sun.identity.federation.accountmgmt.FSAccountManager; @@ -177,10 +176,10 @@ public static String getCommonLoginPageURL ( if (role != null) { if (role.equalsIgnoreCase(IFSConstants.SP)) { hostConfig = metaManager.getSPDescriptorConfig( - realm, entityId); + realm, entityId).getValue(); } else if (role.equalsIgnoreCase(IFSConstants.IDP)) { hostConfig = metaManager.getIDPDescriptorConfig( - realm, entityId); + realm, entityId).getValue(); } } }catch(Exception e){ @@ -934,13 +933,12 @@ public static String getAssertionConsumerServiceURL( String matching = null; String defaultValue = null; String first = null; - List urls = spDescriptor.getAssertionConsumerServiceURL(); + List urls = spDescriptor.getAssertionConsumerServiceURL(); if (urls != null && !urls.isEmpty()) { - Iterator iter = urls.iterator(); - SPDescriptorType.AssertionConsumerServiceURLType curUrl = null; + Iterator iter = urls.iterator(); + SPDescriptorType.AssertionConsumerServiceURL curUrl = null; while (iter.hasNext()) { - curUrl = (SPDescriptorType.AssertionConsumerServiceURLType) - iter.next(); + curUrl = iter.next(); String curId = curUrl.getId(); String curValue = curUrl.getValue(); if (id != null && curId != null && curId.equals(id)) { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/authnsvc/AuthnSvcUtils.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/authnsvc/AuthnSvcUtils.java index 8459f1bf76..dae5bac073 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/authnsvc/AuthnSvcUtils.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/authnsvc/AuthnSvcUtils.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: AuthnSvcUtils.java,v 1.5 2008/12/05 00:18:02 exu Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -117,7 +119,7 @@ public static boolean setResourceOfferingAndCredentials( try { DiscoEntryElement discoEntry = (DiscoEntryElement) DiscoServiceManager.getBootstrappingDiscoEntry(); - ResourceOfferingType offering = discoEntry.getResourceOffering(); + ResourceOfferingType offering = discoEntry.getValue().getResourceOffering().getValue(); if (!DiscoServiceManager.useImpliedResource()) { ServiceInstanceType serviceInstance = offering.getServiceInstance(); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/DiscoveryService.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/DiscoveryService.java index 8d42f70c2b..193991c618 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/DiscoveryService.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/DiscoveryService.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: DiscoveryService.java,v 1.5 2008/12/05 00:18:30 exu Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * * Portions Copyrighted 2026 3A Systems, LLC */ @@ -38,7 +40,9 @@ import java.util.Collection; import java.util.logging.Level; -import javax.xml.bind.JAXBException; +import com.sun.identity.liberty.ws.disco.plugins.jaxb.DiscoEntryElement; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.JAXBException; import org.w3c.dom.*; import com.sun.identity.shared.xml.XMLUtils; @@ -167,12 +171,18 @@ public Message processRequest(Message request) throws Exception { } Object body = bodies.iterator().next(); - if (body instanceof QueryType) { + if(!(body instanceof JAXBElement)) { + DiscoUtils.debug.error("DiscoService.processRequest: SOAPBody " + + "is not a Disco message."); + throw new Exception(DiscoUtils.bundle.getString("bodyNotDisco")); + } + JAXBElement jaxbElement = (JAXBElement)body; + if (jaxbElement.getValue() instanceof QueryType) { message.setSOAPBody( - lookup((QueryType) body, request)); - } else if (body instanceof ModifyType) { + lookup((QueryType) jaxbElement.getValue(), request)); + } else if (jaxbElement.getValue() instanceof ModifyType) { message.setSOAPBody( - Utils.convertJAXBToElement(update((ModifyType) body,request))); + Utils.convertJAXBToElement(update((ModifyType) jaxbElement.getValue(),request))); } else { DiscoUtils.debug.error("DiscoService.processRequest: SOAPBody " + "is not a Disco message."); @@ -261,9 +271,9 @@ private org.w3c.dom.Element lookup( resp.toString(), null).getDocumentElement(); } - Map discoEntriesMap = entryHandler.getDiscoEntries(userDN, + Map discoEntriesMap = entryHandler.getDiscoEntries(userDN, query.getRequestedServiceType()); - Collection results = discoEntriesMap.values(); + Collection results = discoEntriesMap.values(); Map returnMap = null; if (results.size() == 0) { @@ -340,16 +350,11 @@ private com.sun.identity.liberty.ws.disco.jaxb.ModifyResponseElement update( DiscoUtils.debug.message("in update."); ModifyResponseElement resp = null; StatusType status = null; - try { - resp = - DiscoUtils.getDiscoFactory().createModifyResponseElement(); - status = DiscoUtils.getDiscoFactory().createStatusType(); - resp.setStatus(status); - } catch (JAXBException je) { - DiscoUtils.debug.error("DiscoService.update: couldn't form " - + "ModifyResponse."); - throw je; - } + resp = + DiscoUtils.getDiscoFactory().createModifyResponseElement( + DiscoUtils.getDiscoFactory().createModifyResponseType()); + status = DiscoUtils.getDiscoFactory().createStatusType(); + resp.getValue().setStatus(DiscoUtils.getDiscoFactory().createStatusElement(status)); String providerID = DiscoServiceManager.getDiscoProviderID(); String resourceID = null; @@ -437,7 +442,7 @@ private com.sun.identity.liberty.ws.disco.jaxb.ModifyResponseElement update( List entryIds = (List) results.get( DiscoEntryHandler.NEW_ENTRY_IDS); if ((entryIds != null) && (entryIds.size() != 0)) { - resp.getNewEntryIDs().addAll(entryIds); + resp.getValue().getNewEntryIDs().addAll(entryIds); } String[] data = { logMsg }; LogUtil.access(Level.INFO, @@ -484,8 +489,8 @@ private boolean isUpdateAllowed(String userDN, Message message, } if (!authorizer.isAuthorized(message.getToken(), DiscoConstants.ACTION_UPDATE, - ((InsertEntryType) entryMap.get(entryID)). - getResourceOffering(), + ((DiscoEntryElement) entryMap.get(entryID)).getValue() + .getResourceOffering().getValue(), env)) { DiscoUtils.debug.error("DiscoveryService.isUpdateAllowed: " @@ -508,7 +513,7 @@ private boolean isUpdateAllowed(String userDN, Message message, } if (!authorizer.isAuthorized(message.getToken(), DiscoConstants.ACTION_UPDATE, - ((InsertEntryType) j.next()).getResourceOffering(), + ((InsertEntryType) j.next()).getResourceOffering().getValue(), env)) { DiscoUtils.debug.error("DiscoveryService.isUpdateAllowed: " @@ -521,7 +526,7 @@ private boolean isUpdateAllowed(String userDN, Message message, return true; } - private String getResourceID(EncryptedResourceIDType encryptResID, + private String getResourceID(EncryptedResourceIDElement encryptResID, String providerID) { if ((encryptResID == null) || (providerID == null)) { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/common/DiscoSDKUtils.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/common/DiscoSDKUtils.java index 8c107f312f..68fa12f05f 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/common/DiscoSDKUtils.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/common/DiscoSDKUtils.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: DiscoSDKUtils.java,v 1.3 2008/08/06 17:28:08 exu Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -38,10 +40,10 @@ import org.w3c.dom.Node; import org.w3c.dom.NodeList; import javax.xml.namespace.QName; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Marshaller; -import javax.xml.bind.Unmarshaller; +import jakarta.xml.bind.JAXBContext; +import jakarta.xml.bind.JAXBException; +import jakarta.xml.bind.Marshaller; +import jakarta.xml.bind.Unmarshaller; import java.util.ResourceBundle; import com.sun.identity.shared.debug.Debug; diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/common/DiscoServiceManager.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/common/DiscoServiceManager.java index 924bcf2a33..4a5ed2d6b9 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/common/DiscoServiceManager.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/common/DiscoServiceManager.java @@ -28,6 +28,7 @@ /** * Portions Copyrighted 2012 ForgeRock Inc + * Portions Copyrighted 2026 3A Systems LLC. */ package com.sun.identity.liberty.ws.disco.common; @@ -39,7 +40,7 @@ import java.util.StringTokenizer; import javax.xml.transform.stream.StreamSource; -import javax.xml.bind.*; +import jakarta.xml.bind.*; import com.sun.identity.common.SystemConfigurationUtil; import com.sun.identity.liberty.ws.disco.plugins.Default64ResourceIDMapper; diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/common/DiscoUtils.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/common/DiscoUtils.java index 6fd520dff4..6066057f52 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/common/DiscoUtils.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/common/DiscoUtils.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: DiscoUtils.java,v 1.5 2008/06/25 05:47:12 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * * Portions Copyrighted 2026 3A Systems, LLC */ @@ -40,19 +42,17 @@ import java.util.Iterator; import java.util.BitSet; +import com.sun.identity.liberty.ws.disco.jaxb11.GenerateBearerTokenElement; +import com.sun.identity.liberty.ws.disco.plugins.jaxb.DiscoEntryElement; import com.sun.identity.saml.assertion.NameIdentifier; import com.sun.identity.saml.assertion.Statement; -import com.sun.identity.liberty.ws.disco.DiscoveryException; import com.sun.identity.liberty.ws.disco.EncryptedResourceID; import com.sun.identity.liberty.ws.disco.ResourceOffering; import com.sun.identity.liberty.ws.disco.ResourceID; import com.sun.identity.liberty.ws.disco.Description; import com.sun.identity.liberty.ws.disco.jaxb.*; -import com.sun.identity.liberty.ws.disco.jaxb11.*; import com.sun.identity.liberty.ws.disco.plugins.NameIdentifierMapper; -import com.sun.identity.liberty.ws.disco.plugins.jaxb.*; import com.sun.identity.liberty.ws.interfaces.Authorizer; -import com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType; import com.sun.identity.liberty.ws.security.*; import com.sun.identity.liberty.ws.soapbinding.Message; import com.sun.identity.liberty.ws.soapbinding.ProviderHeader; @@ -61,6 +61,7 @@ import com.sun.identity.liberty.ws.util.ProviderUtil; import com.sun.identity.federation.message.common.EncryptedNameIdentifier; import com.sun.identity.federation.message.common.IDPProvidedNameIdentifier; +import jakarta.xml.bind.JAXBElement; /** * Provides utility methods to discovery service. @@ -92,23 +93,23 @@ private DiscoUtils() { * Value: List of credentials (<code>Assertion</code>s) * */ - public static Map checkPolicyAndHandleDirectives( - String userDN, Message message, - Collection results, Authorizer authorizer, - SessionContext invoSession, String wscID, - Object token) + public static Map checkPolicyAndHandleDirectives( + String userDN, Message message, + Collection results, Authorizer authorizer, + SessionContext invoSession, String wscID, + Object token) { DiscoUtils.debug.message("DiscoService.checkPolicyAndHandleDirectives"); - List offerings = new LinkedList(); + List offerings = new LinkedList<>(); List credentials = new LinkedList(); - Map env = null; - Iterator k = results.iterator(); + Map env = null; + Iterator k = results.iterator(); while (k.hasNext()) { - InsertEntryType entry = (InsertEntryType) k.next(); + InsertEntryType entry = k.next().getValue(); if (authorizer != null) { if (env == null) { - env = new HashMap(); + env = new HashMap<>(); env.put(Authorizer.USER_ID, userDN); env.put(Authorizer.AUTH_TYPE, message.getAuthenticationMechanism()); @@ -116,7 +117,7 @@ public static Map checkPolicyAndHandleDirectives( } if (!authorizer.isAuthorized(message.getToken(), DiscoConstants.ACTION_LOOKUP, - entry.getResourceOffering(), + entry.getResourceOffering().getValue(), env)) { DiscoUtils.debug.error("DiscoveryService.checkPolicyAndHan" @@ -134,7 +135,7 @@ public static Map checkPolicyAndHandleDirectives( ex); continue; } - List directives = entry.getAny(); + List directives = entry.getAny(); if ((directives == null) || directives.isEmpty()) { DiscoUtils.debug.message("DiscoService: no directives."); offerings.add(current); @@ -145,7 +146,7 @@ public static Map checkPolicyAndHandleDirectives( } } - Map returnMap = new HashMap(); + Map returnMap = new HashMap(); returnMap.put(OFFERINGS, offerings); returnMap.put(CREDENTIALS, credentials); return returnMap; @@ -178,9 +179,8 @@ private static void handleDirectives(ResourceOffering current, } Iterator iter0 = directives.iterator(); while(iter0.hasNext()) { - Object directive = iter0.next(); - List descIDRefs = - ((DirectiveType) directive).getDescriptionIDRefs(); + JAXBElement directive =(JAXBElement) iter0.next(); + List descIDRefs = directive.getValue().getDescriptionIDRefs(); if (directive instanceof EncryptResourceIDElement) { debug.message("DiscoService: has encrypt D"); current = doEncryption(current); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/plugins/DiscoEntryHandler.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/plugins/DiscoEntryHandler.java index 086f72103d..40f36c3fb4 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/plugins/DiscoEntryHandler.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/plugins/DiscoEntryHandler.java @@ -24,11 +24,16 @@ * * $Id: DiscoEntryHandler.java,v 1.2 2008/06/25 05:47:12 qcheng Exp $ * + * Portions Copyrighted 2026 3A Systems LLC. + * */ package com.sun.identity.liberty.ws.disco.plugins; +import com.sun.identity.liberty.ws.disco.jaxb.QueryType; +import com.sun.identity.liberty.ws.disco.plugins.jaxb.DiscoEntryElement; + import java.util.Map; import java.util.List; @@ -70,7 +75,7 @@ public interface DiscoEntryHandler { * in the List, the entryId attribute of * ResourceOffering should be set. */ - public Map getDiscoEntries(String userID, List reqServiceTypes); + public Map getDiscoEntries(String userID, List reqServiceTypes); /** diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/plugins/IDFFNameIdentifierMapper.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/plugins/IDFFNameIdentifierMapper.java index d306f1432a..19420dfe77 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/plugins/IDFFNameIdentifierMapper.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/disco/plugins/IDFFNameIdentifierMapper.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: IDFFNameIdentifierMapper.java,v 1.3 2008/06/25 05:47:12 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * * Portions Copyrighted 2026 3A Systems, LLC */ @@ -106,7 +108,7 @@ public NameIdentifier getNameIdentifier(String spProviderID, IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager(); String metaAlias = metaManager.getIDPDescriptorConfig( - "/", idpProviderID).getMetaAlias(); + "/", idpProviderID).getValue().getMetaAlias(); FSAccountManager fsaccountmgr = FSAccountManager.getInstance(metaAlias); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/PPRequestHandler.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/PPRequestHandler.java index 1b5c342e98..1203cf547e 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/PPRequestHandler.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/PPRequestHandler.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: PPRequestHandler.java,v 1.2 2008/06/25 05:47:14 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * * Portions Copyrighted 2026 3A Systems, LLC */ @@ -30,6 +32,9 @@ package com.sun.identity.liberty.ws.idpp; +import jakarta.xml.bind.JAXBElement; +import com.sun.identity.liberty.ws.idpp.jaxb.ResponseType; +import com.sun.identity.liberty.ws.interaction.jaxb.InquiryElementType; import com.sun.identity.shared.xml.XMLUtils; import com.sun.identity.liberty.ws.idpp.jaxb.QueryResponseElement; import com.sun.identity.liberty.ws.idpp.jaxb.QueryElement; @@ -69,7 +74,9 @@ import java.util.Date; import java.util.logging.Level; import javax.xml.namespace.QName; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; +import jakarta.xml.bind.Marshaller; + import org.w3c.dom.Document; //Interaction imports @@ -130,18 +137,20 @@ public Object processDSTRequest( if(request instanceof QueryElement) { QueryElement query = (QueryElement)request; Document doc = IDPPUtils.getDocumentBuilder().newDocument(); - IDPPUtils.getMarshaller().setProperty( - "com.sun.xml.bind.namespacePrefixMapper", + Marshaller marshaller = IDPPUtils.getMarshaller(); + marshaller.setProperty( + "org.glassfish.jaxb.namespacePrefixMapper", new NamespacePrefixMapperImpl()); - IDPPUtils.getMarshaller().marshal(query, doc); + marshaller.marshal(query, doc); return processQueryRequest(query, providerID, requestMsg, doc); } else if (request instanceof ModifyElement) { ModifyElement modify = (ModifyElement)request; Document doc = IDPPUtils.getDocumentBuilder().newDocument(); - IDPPUtils.getMarshaller().setProperty( - "com.sun.xml.bind.namespacePrefixMapper", + Marshaller marshaller = IDPPUtils.getMarshaller(); + marshaller.setProperty( + "org.glassfish.jaxb.namespacePrefixMapper", new NamespacePrefixMapperImpl()); - IDPPUtils.getMarshaller().marshal(modify, doc); + marshaller.marshal(modify, doc); return processModifyRequest(modify, providerID, requestMsg, doc); } else { IDPPUtils.debug.error("PPRequestHandler:processRequest:invalid" + @@ -191,9 +200,12 @@ public Object processDSTRequest( IDPPUtils.debug.message("PPRequestHandler:processQueryRequest:" + "request received:" + XMLUtils.print(request.getDocumentElement())); } - Object resObj = query.getResourceID(); + Object resObj = query.getValue().getResourceID(); if(resObj == null) { - resObj = query.getEncryptedResourceID(); + resObj = query.getValue().getEncryptedResourceID(); + } + if(resObj instanceof JAXBElement) { + resObj = ((JAXBElement)resObj).getValue(); } QueryResponseElement response = getQueryResponse(query); String resourceID = getResourceID(resObj, providerID, @@ -203,8 +215,9 @@ public Object processDSTRequest( IDPPUtils.debug.message("PPRequestHandler:processQuery" + "Request: resource id is invalid."); } - response.setStatus(setStatusType(false, DSTConstants.NO_RESOURCE, - IDPPUtils.bundle.getString("invalidResourceID"), null)); + StatusType status = setStatusType(false, DSTConstants.NO_RESOURCE, + IDPPUtils.bundle.getString("invalidResourceID"), null); + response.getValue().setStatus(IDPPUtils.getIDPPFactory().createStatusElement(status)); return response; } if(LogUtil.isLogEnabled()) { @@ -216,15 +229,16 @@ public Object processDSTRequest( "securityMechID") + "=" + requestMsg.getAuthenticationMechanism() + " "; } - List queryItems = query.getQueryItem(); + List queryItems = query.getValue().getQueryItem(); if (queryItems.size() == 0) { if(IDPPUtils.debug.warningEnabled()) { IDPPUtils.debug.warning("PPRequestHandler:processQuery" + "Request: The request does not have any query items."); } - response.setStatus(setStatusType(false, - DSTConstants.UNEXPECTED_ERROR, - IDPPUtils.bundle.getString("nullQueryItems"), null)); + StatusType status = setStatusType(false, + DSTConstants.UNEXPECTED_ERROR, + IDPPUtils.bundle.getString("nullQueryItems"), null); + response.getValue().setStatus(IDPPUtils.getIDPPFactory().createStatusElement(status)); return response; } @@ -235,8 +249,8 @@ public Object processDSTRequest( int queryItemsSize = queryItems.size(); for(int i= 0; i < queryItemsSize; i++) { boolean isQueryItemValid = true; - QueryType.QueryItemType item = - (QueryType.QueryItemType)queryItems.get(i); + QueryType.QueryItem item = + (QueryType.QueryItem)queryItems.get(i); String select = item.getSelect(); String ref = item.getItemID(); if(ref == null || ref.length() == 0) { @@ -248,9 +262,9 @@ public Object processDSTRequest( IDPPUtils.debug.warning("PPRequestHandler:process"+ "QueryRequest: There is no Select in the request."); } - response.setStatus( - setStatusType(false, DSTConstants.MISSING_SELECT, - IDPPUtils.bundle.getString("missingSelect"), ref)); + StatusType status = setStatusType(false, DSTConstants.MISSING_SELECT, + IDPPUtils.bundle.getString("missingSelect"), ref); + response.getValue().setStatus(IDPPUtils.getIDPPFactory().createStatusElement(status)); isQueryItemValid = false; } @@ -259,9 +273,10 @@ public Object processDSTRequest( IDPPUtils.debug.warning("PPRequestHandler:process"+ "QueryRequest: Data not supported"); } - response.setStatus(setStatusType(false, - DSTConstants.INVALID_SELECT, - IDPPUtils.bundle.getString("invalidSelect"), ref)); + StatusType status = setStatusType(false, + DSTConstants.INVALID_SELECT, + IDPPUtils.bundle.getString("invalidSelect"), ref); + response.getValue().setStatus(IDPPUtils.getIDPPFactory().createStatusElement(status)); isQueryItemValid = false; } @@ -273,9 +288,10 @@ public Object processDSTRequest( if(authZAction == null || authZAction.equalsIgnoreCase( IDPPConstants.AUTHZ_DENY)) { - response.setStatus(setStatusType(false, - DSTConstants.NOT_AUTHORIZED, - IDPPUtils.bundle.getString("notAuthorized"), ref)); + StatusType status = setStatusType(false, + DSTConstants.NOT_AUTHORIZED, + IDPPUtils.bundle.getString("notAuthorized"), ref); + response.getValue().setStatus(IDPPUtils.getIDPPFactory().createStatusElement(status)); if(LogUtil.isLogEnabled()) { String[] data = {resourceID}; LogUtil.error(Level.INFO,LogUtil.PP_QUERY_FAILURE,data); @@ -295,9 +311,10 @@ public Object processDSTRequest( LogUtil.error(Level.INFO, LogUtil.PP_INTERACTION_FAILURE,data); } - response.setStatus(setStatusType(false, - DSTConstants.NOT_AUTHORIZED, - IDPPUtils.bundle.getString("interactionFailed"),ref)); + StatusType status = setStatusType(false, + DSTConstants.NOT_AUTHORIZED, + IDPPUtils.bundle.getString("interactionFailed"), ref); + response.getValue().setStatus(IDPPUtils.getIDPPFactory().createStatusElement(status)); isQueryItemValid = false; } } else { @@ -317,9 +334,10 @@ public Object processDSTRequest( LogUtil.error(Level.INFO, LogUtil.PP_INTERACTION_FAILURE,data); } - response.setStatus(setStatusType(false, - DSTConstants.NOT_AUTHORIZED, - IDPPUtils.bundle.getString("interactionFailed"),ref)); + StatusType status = setStatusType(false, + DSTConstants.NOT_AUTHORIZED, + IDPPUtils.bundle.getString("interactionFailed"), ref); + response.getValue().setStatus(IDPPUtils.getIDPPFactory().createStatusElement(status)); isQueryItemValid = false; } else { interactedData.putAll(intrData); @@ -353,7 +371,7 @@ public Object processDSTRequest( dstQueryItems, interactedData, request); List data = getData(queryResults); if(data != null && !data.isEmpty()) { - response.getData().addAll(data); + response.getValue().getData().addAll(data); } if(LogUtil.isLogEnabled()) { String[] msgData = { resourceID }; @@ -375,15 +393,9 @@ private List getData(Map queryResults) throws IDPPException { Set queryItems = queryResults.keySet(); Iterator iter = queryItems.iterator(); while(iter.hasNext()) { - QueryResponseType.DataType data = null; - try { - data = IDPPUtils.getIDPPFactory(). - createQueryResponseTypeDataType(); - } catch (JAXBException je) { - IDPPUtils.debug.error("PPRequestHandler:getData:jaxb fail", je); - throw new IDPPException( - IDPPUtils.bundle.getString("jaxbFailure")); - } + QueryResponseType.Data data = null; + data = IDPPUtils.getIDPPFactory(). + createQueryResponseTypeData(); DSTQueryItem dstQueryItem = (DSTQueryItem)iter.next(); List values = (List)queryResults.get(dstQueryItem); if(values.isEmpty()) { @@ -414,34 +426,28 @@ private StatusType setStatusType(boolean success, throw new IDPPException( IDPPUtils.bundle.getString("nullInputParams")); } - try { - StatusType status = IDPPUtils.getIDPPFactory().createStatusType(); - if(success) { - QName qName = new QName(IDPPConstants.XMLNS_IDPP, statusCode); - status.setCode(qName); - } else { - QName qName = - new QName(IDPPConstants.XMLNS_IDPP, DSTConstants.FAILED); - status.setCode(qName); - - StatusType secondStatus = - IDPPUtils.getIDPPFactory().createStatusType(); - QName secondQ = new QName(IDPPConstants.XMLNS_IDPP, statusCode); - secondStatus.setCode(secondQ); - if(comment != null) { - secondStatus.setComment(comment); - } - if(ref != null) { - secondStatus.setRef(ref); - } - status.getStatus().add(secondStatus); - } - return status; - } catch (JAXBException je) { - IDPPUtils.debug.error("PPRequestHandler:setStatusType:" + - "jaxb failure:" , je); - throw new IDPPException(IDPPUtils.bundle.getString("jaxbFailure")); + StatusType status = IDPPUtils.getIDPPFactory().createStatusType(); + if(success) { + QName qName = new QName(IDPPConstants.XMLNS_IDPP, statusCode); + status.setCode(qName); + } else { + QName qName = + new QName(IDPPConstants.XMLNS_IDPP, DSTConstants.FAILED); + status.setCode(qName); + + StatusType secondStatus = + IDPPUtils.getIDPPFactory().createStatusType(); + QName secondQ = new QName(IDPPConstants.XMLNS_IDPP, statusCode); + secondStatus.setCode(secondQ); + if(comment != null) { + secondStatus.setComment(comment); + } + if(ref != null) { + secondStatus.setRef(ref); + } + status.getStatus().add(IDPPUtils.getIDPPFactory().createStatusElement(secondStatus)); } + return status; } /** @@ -475,9 +481,12 @@ public ModifyResponseElement processModifyRequest( Map interactedData = new HashMap(); ModifyResponseElement response = getModifyResponse(modify); - Object resObj = modify.getResourceID(); + Object resObj = modify.getValue().getResourceID(); if(resObj == null) { - resObj = modify.getEncryptedResourceID(); + resObj = modify.getValue().getEncryptedResourceID(); + } + if(resObj instanceof JAXBElement) { + resObj = ((JAXBElement)resObj).getValue(); } String resourceID = getResourceID(resObj, providerID, IDPPConstants.XMLNS_IDPP); @@ -486,8 +495,9 @@ public ModifyResponseElement processModifyRequest( IDPPUtils.debug.warning("PPRequestHandler:processModify" + "Request: resource id is invalid."); } - response.setStatus(setStatusType(false, DSTConstants.NO_RESOURCE, - IDPPUtils.bundle.getString("invalidResourceID"), null)); + StatusType status = setStatusType(false, DSTConstants.NO_RESOURCE, + IDPPUtils.bundle.getString("invalidResourceID"), null); + response.getValue().setStatus(IDPPUtils.getIDPPFactory().createStatusElement(status)); return response; } if(LogUtil.isLogEnabled()) { @@ -499,13 +509,14 @@ public ModifyResponseElement processModifyRequest( "securityMechID") + "=" + requestMsg.getAuthenticationMechanism() + " "; } - List modificationElements = modify.getModification(); + List modificationElements = modify.getValue().getModification(); if(modificationElements.size() == 0) { IDPPUtils.debug.error("PPRequestHandler:process" + "ModifyRequest: Modification elements are null"); - response.setStatus(setStatusType(false, - DSTConstants.UNEXPECTED_ERROR, - IDPPUtils.bundle.getString("nullModifications"),null)); + StatusType status = setStatusType(false, + DSTConstants.UNEXPECTED_ERROR, + IDPPUtils.bundle.getString("nullModifications"), null); + response.getValue().setStatus(IDPPUtils.getIDPPFactory().createStatusElement(status)); return response; } @@ -513,8 +524,8 @@ public ModifyResponseElement processModifyRequest( List dstModifications = new ArrayList(); int size = modificationElements.size(); for (int i=0; i < size; i++) { - ModifyType.ModificationType modificationType = - (ModifyType.ModificationType)modificationElements.get(i); + ModifyType.Modification modificationType = + modificationElements.get(i); String select = modificationType.getSelect(); String ref = modificationType.getId(); @@ -524,9 +535,10 @@ public ModifyResponseElement processModifyRequest( IDPPUtils.debug.warning("PersonalProfileService:process"+ "ModifyRequest: select is null"); } - response.setStatus(setStatusType(false, - DSTConstants.MISSING_SELECT, - IDPPUtils.bundle.getString("missingSelect"), ref)); + StatusType status = setStatusType(false, + DSTConstants.MISSING_SELECT, + IDPPUtils.bundle.getString("missingSelect"), ref); + response.getValue().setStatus(IDPPUtils.getIDPPFactory().createStatusElement(status)); return response; } if(!pp.isSelectDataSupported(select)){ @@ -534,9 +546,10 @@ public ModifyResponseElement processModifyRequest( IDPPUtils.debug.warning("PersonalProfileService:process"+ "ModifyRequest: Data not supported"); } - response.setStatus(setStatusType(false, - DSTConstants.INVALID_SELECT, - IDPPUtils.bundle.getString("invalidSelect"), ref)); + StatusType status = setStatusType(false, + DSTConstants.INVALID_SELECT, + IDPPUtils.bundle.getString("invalidSelect"), ref); + response.getValue().setStatus(IDPPUtils.getIDPPFactory().createStatusElement(status)); return response; } //Check for authorization & interaction. @@ -547,9 +560,10 @@ public ModifyResponseElement processModifyRequest( if(authZAction == null || authZAction.equalsIgnoreCase( IDPPConstants.AUTHZ_DENY)) { - response.setStatus(setStatusType(false, - DSTConstants.NOT_AUTHORIZED, - IDPPUtils.bundle.getString("notAuthorized"), ref)); + StatusType status = setStatusType(false, + DSTConstants.NOT_AUTHORIZED, + IDPPUtils.bundle.getString("notAuthorized"), ref); + response.getValue().setStatus(IDPPUtils.getIDPPFactory().createStatusElement(status)); if(LogUtil.isLogEnabled()) { String[] data = { resourceID }; LogUtil.error(Level.INFO,LogUtil.PP_MODIFY_FAILURE,data); @@ -573,9 +587,10 @@ public ModifyResponseElement processModifyRequest( LogUtil.error(Level.INFO, LogUtil.PP_INTERACTION_FAILURE,data); } - response.setStatus(setStatusType(false, - DSTConstants.NOT_AUTHORIZED, - IDPPUtils.bundle.getString("interactionFailed"), ref)); + StatusType status = setStatusType(false, + DSTConstants.NOT_AUTHORIZED, + IDPPUtils.bundle.getString("interactionFailed"), ref); + response.getValue().setStatus(IDPPUtils.getIDPPFactory().createStatusElement(status)); return response; } } else { @@ -596,9 +611,10 @@ public ModifyResponseElement processModifyRequest( LogUtil.error(Level.INFO, LogUtil.PP_INTERACTION_FAILURE,data); } - response.setStatus(setStatusType(false, - DSTConstants.NOT_AUTHORIZED, - IDPPUtils.bundle.getString("interactionFailed"), ref)); + StatusType status = setStatusType(false, + DSTConstants.NOT_AUTHORIZED, + IDPPUtils.bundle.getString("interactionFailed"), ref); + response.getValue().setStatus(IDPPUtils.getIDPPFactory().createStatusElement(status)); return response; } else { interactedData.putAll(intrData); @@ -609,7 +625,7 @@ public ModifyResponseElement processModifyRequest( } boolean override = modificationType.isOverrideAllowed(); - ModifyType.ModificationType.NewDataType newData = + ModifyType.Modification.NewData newData = modificationType.getNewData(); DSTModification dstModification = new DSTModification(); dstModification.setSelect(select); @@ -635,9 +651,10 @@ public ModifyResponseElement processModifyRequest( } return response; } else { - response.setStatus(setStatusType(false, - DSTConstants.UNEXPECTED_ERROR, - IDPPUtils.bundle.getString("modifyFailed"), null)); + StatusType status = setStatusType(false, + DSTConstants.UNEXPECTED_ERROR, + IDPPUtils.bundle.getString("modifyFailed"), null); + response.getValue().setStatus(IDPPUtils.getIDPPFactory().createStatusElement(status)); if(LogUtil.isLogEnabled()) { String[] data = { logMsg }; @@ -675,18 +692,13 @@ public QueryResponseElement getQueryResponse(QueryElement query) throw new IDPPException( IDPPUtils.bundle.getString("nullInputParams")); } - try { - QueryResponseElement response = - IDPPUtils.getIDPPFactory().createQueryResponseElement(); - response.setStatus(setStatusType(true, DSTConstants.OK, null,null)); - response.setId(SAMLUtils.generateID()); - response.setItemIDRef(query.getItemID()); - return response; - } catch (JAXBException je) { - IDPPUtils.debug.error("PPRequestHandler:getQueryResponse:" + - "JAXB failure.", je); - throw new IDPPException(IDPPUtils.bundle.getString("jaxbFailure")); - } + QueryResponseType response = + IDPPUtils.getIDPPFactory().createQueryResponseType(); + StatusType status = setStatusType(true, DSTConstants.OK, null, null); + response.setStatus(IDPPUtils.getIDPPFactory().createStatusElement(status)); + response.setId(SAMLUtils.generateID()); + response.setItemIDRef(query.getValue().getItemID()); + return IDPPUtils.getIDPPFactory().createQueryResponseElement(response); } @@ -704,18 +716,13 @@ public ModifyResponseElement getModifyResponse(ModifyElement modify) throw new IDPPException( IDPPUtils.bundle.getString("nullInputParams")); } - try { - ModifyResponseElement response = - IDPPUtils.getIDPPFactory().createModifyResponseElement(); - response.setStatus(setStatusType(true, DSTConstants.OK, null,null)); - response.setId(SAMLUtils.generateID()); - response.setItemIDRef(modify.getItemID()); - return response; - } catch (JAXBException je) { - IDPPUtils.debug.error("PPRequestHandler:getModifyResponse:" + - "JAXB failure.", je); - throw new IDPPException(IDPPUtils.bundle.getString("jaxbFailure")); - } + ResponseType response = + IDPPUtils.getIDPPFactory().createResponseType(); + StatusType status = setStatusType(true, DSTConstants.OK, null, null); + response.setStatus(IDPPUtils.getIDPPFactory().createStatusElement(status)); + response.setId(SAMLUtils.generateID()); + response.setItemIDRef(modify.getValue().getItemID()); + return IDPPUtils.getIDPPFactory().createModifyResponseElement(response); } @@ -762,11 +769,11 @@ private void initInteraction(boolean isQuery, Map interactResourceMap, try { //Create Interaction inquiry element InquiryElement inquiry = - JAXBObjectFactory.getObjectFactory().createInquiryElement(); - inquiry.setTitle(IDPPUtils.bundle.getString( + JAXBObjectFactory.getObjectFactory().createInquiryElement(JAXBObjectFactory.getObjectFactory().createInquiryType()); + inquiry.getValue().setTitle(IDPPUtils.bundle.getString( IDPPConstants.INTERACTION_TITLE)); - List selectElements = inquiry.getSelectOrConfirmOrText(); + List selectElements = inquiry.getValue().getSelectOrConfirmOrText(); Set inquirySelects = interactResourceMap.keySet(); Iterator iter = inquirySelects.iterator(); while(iter.hasNext()) { @@ -829,13 +836,13 @@ private Confirm getInteractConfirmElement( try { Confirm confirmElement = - JAXBObjectFactory.getObjectFactory().createInquiryTypeConfirm(); - PPInteractionHelper helper = + JAXBObjectFactory.getObjectFactory().createInquiryTypeConfirm(new InquiryElementType() {}); + PPInteractionHelper helper = new PPInteractionHelper(getLanguage(msg)); - confirmElement.setName(resource); - confirmElement.setLabel( + confirmElement.getValue().setName(resource); + confirmElement.getValue().setLabel( helper.getInteractForConsentQuestion(isQuery, resource)); - confirmElement.setHint( + confirmElement.getValue().setHint( helper.getInteractForConsentQuestion(isQuery, resource)); return confirmElement; @@ -882,11 +889,12 @@ private List getInteractTextElements( while(iter.hasNext()) { String resourceKey = (String)iter.next(); TextElement textElement = - JAXBObjectFactory.getObjectFactory().createTextElement(); - textElement.setName(resourceKey); - textElement.setLabel((String)interactQueries.get(resourceKey)); - textElement.setMinChars(helper.getTextMinChars(resourceKey)); - textElement.setMaxChars(helper.getTextMaxChars(resourceKey)); + JAXBObjectFactory.getObjectFactory().createTextElement( + JAXBObjectFactory.getObjectFactory().createTextType()); + textElement.getValue().setName(resourceKey); + textElement.getValue().setLabel((String)interactQueries.get(resourceKey)); + textElement.getValue().setMinChars(helper.getTextMinChars(resourceKey)); + textElement.getValue().setMaxChars(helper.getTextMaxChars(resourceKey)); textElements.add(textElement); } return textElements; diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/PersonalProfile.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/PersonalProfile.java index 6ff0a88032..1d46b51671 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/PersonalProfile.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/PersonalProfile.java @@ -40,7 +40,7 @@ import java.util.StringTokenizer; import java.util.Iterator; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import org.w3c.dom.Node; import org.w3c.dom.Document; diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/common/IDPPUtils.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/common/IDPPUtils.java index dab1164e2a..13ea242e7e 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/common/IDPPUtils.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/common/IDPPUtils.java @@ -28,6 +28,7 @@ /** * Portions Copyrighted 2012 ForgeRock Inc + * Portions Copyrighted 2026 3A Systems LLC. */ package com.sun.identity.liberty.ws.idpp.common; @@ -40,6 +41,8 @@ import java.util.HashMap; import java.util.Iterator; import java.security.SecureRandom; + +import com.sun.identity.liberty.ws.disco.jaxb.ResourceIDType; import com.sun.identity.shared.debug.Debug; import com.sun.identity.shared.locale.Locale; import com.sun.identity.shared.encode.Base64; @@ -57,11 +60,11 @@ import com.sun.identity.plugin.datastore.DataStoreProviderManager; import com.sun.identity.saml.common.SAMLUtils; import com.sun.identity.shared.xml.XMLUtils; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import javax.xml.parsers.DocumentBuilder; -import javax.xml.bind.Marshaller; -import javax.xml.bind.Unmarshaller; -import javax.xml.bind.JAXBContext; +import jakarta.xml.bind.Marshaller; +import jakarta.xml.bind.Unmarshaller; +import jakarta.xml.bind.JAXBContext; import javax.xml.parsers.ParserConfigurationException; /** @@ -187,23 +190,23 @@ public static QueryElement createQueryElement(List queryExpressions, String resourceID, boolean includeCommonAttr) throws JAXBException, IDPPException { - QueryElement query = idppFactory.createQueryElement(); + QueryElement query = idppFactory.createQueryElement(idppFactory.createQueryType()); if(queryExpressions == null || resourceID == null || queryExpressions.size() == 0) { debug.error("IDPPUtils:createQueryElement: Either query" + " expressions or resource id is null."); throw new IDPPException("ResourceID or query expressions are null"); } - query.setResourceID(createResourceIDElement(resourceID)); - query.setId(SAMLUtils.generateID()); + query.getValue().setResourceID(createResourceIDElement(resourceID)); + query.getValue().setId(SAMLUtils.generateID()); for (int i =0; i < queryExpressions.size(); i++) { - QueryType.QueryItemType item = - idppFactory.createQueryTypeQueryItemType(); + QueryType.QueryItem item = + idppFactory.createQueryTypeQueryItem(); item.setId(SAMLUtils.generateID()); item.setIncludeCommonAttributes(includeCommonAttr); item.setItemID(SAMLUtils.generateID()); item.setSelect(addIDPPPrefix((String)queryExpressions.get(i))); - query.getQueryItem().add(item); + query.getValue().getQueryItem().add(item); } return query; } @@ -219,7 +222,7 @@ public static List getQueryDataElements(QueryResponseElement response) debug.error("IDPPUtils:getQueryDataElements:response is null"); throw new IDPPException("response is null"); } - return response.getData(); + return response.getValue().getData(); } /** @@ -234,8 +237,8 @@ public static ResourceIDElement createResourceIDElement (String resourceID) throw new IDPPException("ResourceID is null"); } ResourceIDElement resourceIDElement = - idppFactory.createResourceIDElement(); - resourceIDElement.setValue(resourceID); + idppFactory.createResourceIDElement(new ResourceIDType()); + resourceIDElement.getValue().setValue(resourceID); return resourceIDElement; } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPAddressCard.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPAddressCard.java index b1c2544ae7..cd95e6143e 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPAddressCard.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPAddressCard.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: IDPPAddressCard.java,v 1.2 2008/06/25 05:47:15 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * * Portions Copyrighted 2026 3A Systems, LLC */ @@ -30,7 +32,7 @@ package com.sun.identity.liberty.ws.idpp.container; import com.sun.identity.shared.datastruct.CollectionHelper; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import java.util.Set; import java.util.HashSet; import java.util.Iterator; @@ -71,7 +73,7 @@ public Object getContainerObject(Map userMap) throws IDPPException { IDPPUtils.debug.message("IDPPAddressCard:getContainerObject:Init"); try { - PPType ppType = IDPPUtils.getIDPPFactory().createPPElement(); + PPType ppType = IDPPUtils.getIDPPFactory().createPPType(); Set addressCards = (Set)userMap.get( getAttributeMapper().getDSAttribute( @@ -117,7 +119,8 @@ private AddressCardElement parseEntry(String entry, Map userMap) } AddressCardElement ace = - IDPPUtils.getIDPPFactory().createAddressCardElement(); + IDPPUtils.getIDPPFactory().createAddressCardElement( + IDPPUtils.getIDPPFactory().createAddressCardType()); StringTokenizer st = new StringTokenizer(entry, IDPPConstants.ATTRIBUTE_SEPARATOR); @@ -183,18 +186,18 @@ private AddressCardElement parseEntry(String entry, Map userMap) return null; } - AddressType ae = IDPPUtils.getIDPPFactory().createAddressElement(); + AddressType ae = IDPPUtils.getIDPPFactory().createAddressType(); ae.setC(getDSTString(country)); ae.setSt(getDSTString(state)); ae.setL(getDSTString(city)); ae.setPostalAddress(getDSTString(postalAddress)); ae.setPostalCode(getDSTString(postalCode)); - ace.setNick(getDSTString(nick)); - ace.getAddrType().add(getDSTURI(addrType)); - ace.setAddress(ae); - ace.setLComment(getDSTString(lComment)); - ace.setId(id); + ace.getValue().setNick(getDSTString(nick)); + ace.getValue().getAddrType().add(getDSTURI(addrType)); + ace.getValue().setAddress(IDPPUtils.getIDPPFactory().createAddressElement(ae)); + ace.getValue().setLComment(getDSTString(lComment)); + ace.getValue().setId(id); return ace; } @@ -306,7 +309,7 @@ private Map getDataMap(String expContext, Object dataElement) } else if(dataElement instanceof AddressCardElement) { AddressCardElement addr = (AddressCardElement)dataElement; if(addressType == null || addressType.length() == 0) { - List list = addr.getAddrType(); + List list = addr.getValue().getAddrType(); if(list != null && list.size() != 0) { DSTURI addressURI = (DSTURI)list.get(0); addressType = addressURI.getValue(); @@ -420,7 +423,7 @@ private String createAddressCard(AddressCardElement ace, StringBuffer sb = new StringBuffer(); sb.append("AddrType").append("=").append(addressType).append("|"); - AddressType ae = ace.getAddress(); + AddressType ae = jaxbValue(ace.getValue().getAddress()); if(ae == null) { IDPPUtils.debug.error("IDPPAddressContainer.createAddressCard:" + "Address Element is null"); @@ -432,12 +435,12 @@ private String createAddressCard(AddressCardElement ace, sb.append(address); } - DSTString nickName = ace.getNick(); + DSTString nickName = ace.getValue().getNick(); if(nickName != null) { sb.append("Nick=").append(nickName.getValue()).append("|"); } - DSTString comment = ace.getLComment(); + DSTString comment = ace.getValue().getLComment(); if(comment != null) { sb.append("LComment=").append(comment.getValue()); } @@ -495,7 +498,7 @@ private String modifyAddress(String entry, AddressElement ae) { if(ae == null) { continue; } - DSTString postalAddress = ae.getPostalAddress(); + DSTString postalAddress = ae.getValue().getPostalAddress(); if(postalAddress != null) { sb.append("PostalAddress") .append("=").append(postalAddress.getValue()).append("|"); @@ -506,7 +509,7 @@ private String modifyAddress(String entry, AddressElement ae) { if(ae == null) { continue; } - DSTString postalCode = ae.getPostalCode(); + DSTString postalCode = ae.getValue().getPostalCode(); if(postalCode != null) { sb.append("PostalCode") .append("=").append(postalCode.getValue()).append("|"); @@ -517,7 +520,7 @@ private String modifyAddress(String entry, AddressElement ae) { if(ae == null) { continue; } - DSTString city = ae.getL(); + DSTString city = ae.getValue().getL(); if(city != null) { sb.append("L") .append("=").append(city.getValue()).append("|"); @@ -528,7 +531,7 @@ private String modifyAddress(String entry, AddressElement ae) { if(ae == null) { continue; } - DSTString state = ae.getSt(); + DSTString state = ae.getValue().getSt(); if(state != null) { sb.append("St") .append("=").append(state.getValue()).append("|"); @@ -540,7 +543,7 @@ private String modifyAddress(String entry, AddressElement ae) { if(ae == null) { continue; } - DSTString country = ae.getC(); + DSTString country = ae.getValue().getC(); if(country != null) { sb.append("C") .append("=").append(country.getValue()).append("|"); @@ -562,7 +565,7 @@ private String modifyAddressCard(String entry, AddressCardElement ace) { StringBuffer sb = new StringBuffer(100); - AddressElement ae = (AddressElement)ace.getAddress(); + AddressElement ae = ace.getValue().getAddress(); String address = modifyAddress(entry, ae); StringTokenizer st = new StringTokenizer(address, "|"); @@ -570,7 +573,7 @@ private String modifyAddressCard(String entry, AddressCardElement ace) { String token = st.nextToken(); if(token.startsWith("Nick")) { - DSTString nick = ace.getNick(); + DSTString nick = ace.getValue().getNick(); if(nick != null) { sb.append("Nick") .append("=").append(nick.getValue()).append("|"); @@ -578,7 +581,7 @@ private String modifyAddressCard(String entry, AddressCardElement ace) { sb.append(token).append("|"); } } else if(token.startsWith("LComment")) { - DSTString lComment = ace.getLComment(); + DSTString lComment = ace.getValue().getLComment(); if(lComment != null) { sb.append("LComment") .append("=").append(lComment.getValue()).append("|"); @@ -586,7 +589,7 @@ private String modifyAddressCard(String entry, AddressCardElement ace) { sb.append(token).append("|"); } } else if(token.startsWith("id")) { - String id = ace.getId(); + String id = ace.getValue().getId(); if(id != null) { sb.append("id").append("=").append(id).append("|"); } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPBaseContainer.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPBaseContainer.java index 9aa80ce767..d60e76c5f3 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPBaseContainer.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPBaseContainer.java @@ -33,7 +33,10 @@ import static org.forgerock.openam.utils.Time.*; import com.sun.identity.shared.datastruct.CollectionHelper; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.JAXBException; +import javax.xml.datatype.DatatypeFactory; +import javax.xml.datatype.XMLGregorianCalendar; import java.util.Set; import java.util.HashSet; import java.util.Map; @@ -44,6 +47,8 @@ import java.util.Iterator; import java.lang.NumberFormatException; import java.math.BigInteger; + +import org.w3._2001.xmlschema.Adapter1; import org.w3c.dom.Document; import com.sun.identity.liberty.ws.idpp.common.*; import com.sun.identity.liberty.ws.idpp.jaxb.*; @@ -121,11 +126,14 @@ protected Map getAttributeMap(String attr, Object obj, Map map) { Iterator iter = list.iterator(); while(iter.hasNext()) { Object ob = iter.next(); + if(ob instanceof JAXBElement) { + ob = ((JAXBElement)ob).getValue(); + } if(ob instanceof DSTString) { DSTString str = (DSTString)ob; String val = str.getValue(); values.add(val); - } else if(obj instanceof DSTURI) { + } else if(ob instanceof DSTURI) { DSTURI uri = (DSTURI)ob; String val = uri.getValue(); values.add(val); @@ -134,6 +142,9 @@ protected Map getAttributeMap(String attr, Object obj, Map map) { map.put(attrKey, values); return map; } + if(obj instanceof JAXBElement) { + obj = ((JAXBElement)obj).getValue(); + } String value = null; if(obj instanceof DSTString) { DSTString str = (DSTString)obj; @@ -143,9 +154,11 @@ protected Map getAttributeMap(String attr, Object obj, Map map) { value = uri.getValue(); } else if (obj instanceof DSTDate) { DSTDate date = (DSTDate)obj; - Calendar cal = date.getValue(); - if(cal != null) { - value = DateFormat.getDateInstance().format(cal.getTime()); + if(date.getValue() != null) { + Calendar cal = date.getValue().toGregorianCalendar(); + if(cal != null) { + value = DateFormat.getDateInstance().format(cal.getTime()); + } } } else if (obj instanceof DSTInteger) { @@ -154,7 +167,9 @@ protected Map getAttributeMap(String attr, Object obj, Map map) { } else if (obj instanceof DSTMonthDay) { DSTMonthDay dstMon = (DSTMonthDay)obj; - value = dstMon.getValue(); + if(dstMon.getValue() != null) { + value = dstMon.getValue().toXMLFormat(); + } } if(value != null) { @@ -203,14 +218,9 @@ protected DSTString getDSTString(String value) { IDPPUtils.debug.message("IDPPBaseContainer:getDSTString:null vals"); return null; } - try { - DSTString dstString = IDPPUtils.getIDPPFactory().createDSTString(); - dstString.setValue(value); - return dstString; - } catch (JAXBException je) { - IDPPUtils.debug.error("IDPPBaseContainer:getDSTString:jaxbFail",je); - return null; - } + DSTString dstString = IDPPUtils.getIDPPFactory().createDSTString(); + dstString.setValue(value); + return dstString; } /** @@ -227,8 +237,7 @@ protected DSTDate getDSTDate(String value) { DSTDate dstDate = IDPPUtils.getIDPPFactory().createDSTDate(); Date date = DateFormat.getDateInstance(DateFormat.MEDIUM).parse(value); - Calendar cal = getCalendarInstance(); - cal.setTime(date); + XMLGregorianCalendar cal = getXMLGregorianCalendarInstance(date); dstDate.setValue(cal); return dstDate; } catch(Exception e) { @@ -248,9 +257,10 @@ protected DSTMonthDay getDSTMonthDay(String value) { return null; } try { - DSTMonthDay dstMonthDay = + DSTMonthDay dstMonthDay = IDPPUtils.getIDPPFactory().createDSTMonthDay(); - dstMonthDay.setValue(value); + XMLGregorianCalendar cal = DatatypeFactory.newInstance().newXMLGregorianCalendar(value); + dstMonthDay.setValue(cal); return dstMonthDay; } catch(Exception e) { IDPPUtils.debug.error("IDPPBaseContainer:getDSTMonthDay: " + @@ -270,15 +280,25 @@ protected DSTURI getDSTURI(String value) { IDPPUtils.debug.message("IDPPBaseContainer:getDSTURI:null vals"); return null; } - try { - DSTURI dstURI = IDPPUtils.getIDPPFactory().createDSTURI(); - dstURI.setValue(value); - return dstURI; - } catch(JAXBException je) { - IDPPUtils.debug.error("IDPPBaseContainer:getDSTURI: Exception", je); + DSTURI dstURI = IDPPUtils.getIDPPFactory().createDSTURI(); + dstURI.setValue(value); + return dstURI; + } + + /** + * Gets a JAXB DSTURI object. + * @param value a String representing the value. + * @return DSTURI JAXB object. + */ + protected MsgTechnologyElement getMsgTechnology(String value) { + if(value == null) { + IDPPUtils.debug.message("IDPPBaseContainer:getDSTURI:null vals"); return null; } - } + MsgTechnologyElement dstURI = IDPPUtils.getIDPPFactory().createMsgTechnologyElement(); + dstURI.setValue(value); + return dstURI; + } /** * Gets a JAXB DSTInteger object. @@ -295,9 +315,6 @@ protected DSTInteger getDSTInteger(String value) { IDPPUtils.getIDPPFactory().createDSTInteger(); dstInteger.setValue(new BigInteger(value)); return dstInteger; - } catch(JAXBException je) { - IDPPUtils.debug.error("IDPPBaseContainer:getDSTInteger:Error", je); - return null; } catch(NumberFormatException nfe) { IDPPUtils.debug.error("IDPPBaseContainer:getDSTInteger: " + "Invalid number", nfe); @@ -316,50 +333,43 @@ protected AnalyzedNameType getAnalyzedName(Map userMap) throws IDPPException { IDPPUtils.debug.message("IDPPContainers:getAnalyzedName:Init"); AnalyzedNameType analyzedName = null; - try { - analyzedName = IDPPUtils.getIDPPFactory().createAnalyzedNameType(); + analyzedName = IDPPUtils.getIDPPFactory().createAnalyzedNameType(); - String value = CollectionHelper.getMapAttr( - userMap, getAttributeMapper().getDSAttribute( - IDPPConstants.SN_ELEMENT).toLowerCase()); - if(value != null) { - analyzedName.setSN(getDSTString(value)); - } + String value = CollectionHelper.getMapAttr( + userMap, getAttributeMapper().getDSAttribute( + IDPPConstants.SN_ELEMENT).toLowerCase()); + if(value != null) { + analyzedName.setSN(IDPPUtils.getIDPPFactory().createSNElement(getDSTString(value))); + } - value = CollectionHelper.getMapAttr( - userMap, getAttributeMapper().getDSAttribute( - IDPPConstants.FN_ELEMENT).toLowerCase()); - if(value != null) { - analyzedName.setFN(getDSTString(value)); - } + value = CollectionHelper.getMapAttr( + userMap, getAttributeMapper().getDSAttribute( + IDPPConstants.FN_ELEMENT).toLowerCase()); + if(value != null) { + analyzedName.setFN(IDPPUtils.getIDPPFactory().createFNElement(getDSTString(value))); + } - value = CollectionHelper.getMapAttr( - userMap, getAttributeMapper().getDSAttribute( - IDPPConstants.PT_ELEMENT).toLowerCase()); - if(value != null) { - analyzedName.setPersonalTitle(getDSTString(value)); - } + value = CollectionHelper.getMapAttr( + userMap, getAttributeMapper().getDSAttribute( + IDPPConstants.PT_ELEMENT).toLowerCase()); + if(value != null) { + analyzedName.setPersonalTitle(IDPPUtils.getIDPPFactory().createPersonalTitleElement(getDSTString(value))); + } - value = CollectionHelper.getMapAttr( - userMap, getAttributeMapper().getDSAttribute( - IDPPConstants.MN_ELEMENT).toLowerCase()); + value = CollectionHelper.getMapAttr( + userMap, getAttributeMapper().getDSAttribute( + IDPPConstants.MN_ELEMENT).toLowerCase()); - String nameScheme = - IDPPServiceManager.getInstance().getNameScheme(); - if(nameScheme != null) { - analyzedName.setNameScheme(nameScheme); - } - if(nameScheme != null && nameScheme.equals( - IDPPConstants.NAME_SCHEME_MIDDLE) && value != null) { - analyzedName.setMN(getDSTString(value)); - } - return analyzedName; - } catch (JAXBException je) { - IDPPUtils.debug.error("IDPPContainers:getAnalyzedName: " + - "JAXB failure", je); - throw new IDPPException( - IDPPUtils.bundle.getString("jaxbFailure")); - } + String nameScheme = + IDPPServiceManager.getInstance().getNameScheme(); + if(nameScheme != null) { + analyzedName.setNameScheme(nameScheme); + } + if(nameScheme != null && nameScheme.equals( + IDPPConstants.NAME_SCHEME_MIDDLE) && value != null) { + analyzedName.setMN(IDPPUtils.getIDPPFactory().createMNElement(getDSTString(value))); + } + return analyzedName; } /** @@ -378,7 +388,11 @@ public Document toXMLDocument(Map userMap) } Document doc = IDPPUtils.getDocumentBuilder().newDocument(); try { - IDPPUtils.getMarshaller().marshal(getContainerObject(userMap),doc); + Object containerObject = getContainerObject(userMap); + if (containerObject instanceof PPType) { + containerObject = IDPPUtils.getIDPPFactory().createPP((PPType) containerObject); + } + IDPPUtils.getMarshaller().marshal(containerObject, doc); return doc; } catch (JAXBException je) { IDPPUtils.debug.error("IDPPBaseContainer:toXMLDocument:"+ @@ -422,10 +436,10 @@ protected Map getAnalyzedNameMap(Object obj, Map map) throws IDPPException{ if(obj != null) { if(obj instanceof AnalyzedNameType) { AnalyzedNameType analyzedName = (AnalyzedNameType)obj; - fn = analyzedName.getFN(); - sn = analyzedName.getSN(); - mn = analyzedName.getMN(); - pt = analyzedName.getPersonalTitle(); + fn = jaxbValue(analyzedName.getFN()); + sn = jaxbValue(analyzedName.getSN()); + mn = jaxbValue(analyzedName.getMN()); + pt = jaxbValue(analyzedName.getPersonalTitle()); } else { throw new IDPPException( IDPPUtils.bundle.getString("invalid Element")); @@ -442,6 +456,18 @@ protected Map getAnalyzedNameMap(Object obj, Map map) throws IDPPException{ getAttributeMap(IDPPConstants.PT_ELEMENT, pt, map); return map; } + + /** + * Returns the value wrapped by a JAXB element, or null if the + * element itself is absent. Under JAXB 3 optional global elements are + * exposed as possibly-null {@link JAXBElement} wrappers, so callers must + * guard against a null wrapper before unwrapping. + * @param element the JAXB element wrapper, may be null + * @return the wrapped value, or null if the wrapper is null + */ + protected static T jaxbValue(JAXBElement element) { + return (element == null) ? null : element.getValue(); + } /** * Gets Attribute Mapper diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPCommonName.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPCommonName.java index 7ef6ff87c6..8ad0c6d27e 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPCommonName.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPCommonName.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: IDPPCommonName.java,v 1.2 2008/06/25 05:47:15 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * * Portions Copyrighted 2026 3A Systems, LLC */ @@ -30,7 +32,8 @@ package com.sun.identity.liberty.ws.idpp.container; import com.sun.identity.shared.datastruct.CollectionHelper; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.JAXBException; import java.util.Set; import java.util.HashSet; import java.util.Iterator; @@ -68,9 +71,10 @@ public Object getContainerObject(Map userMap) throws IDPPException { IDPPUtils.debug.message("IDPPContainers:getContainerObject:Init"); try { - PPType ppType = IDPPUtils.getIDPPFactory().createPPElement(); + PPType ppType = IDPPUtils.getIDPPFactory().createPPType(); CommonNameElement ce = - IDPPUtils.getIDPPFactory().createCommonNameElement(); + IDPPUtils.getIDPPFactory().createCommonNameElement( + IDPPUtils.getIDPPFactory().createCommonNameType()); String cn = CollectionHelper.getMapAttr( userMap, getAttributeMapper().getDSAttribute( @@ -78,7 +82,7 @@ userMap, getAttributeMapper().getDSAttribute( if(cn != null) { DSTString dstString = getDSTString(cn); - ce.setCN(dstString); + ce.getValue().setCN(IDPPUtils.getIDPPFactory().createCNElement(dstString)); } Set altCNs = (Set)userMap.get(getAttributeMapper().getDSAttribute( @@ -87,20 +91,15 @@ userMap, getAttributeMapper().getDSAttribute( Iterator iter = altCNs.iterator(); while(iter.hasNext()) { DSTString dstString = getDSTString((String)iter.next()); - ce.getAltCN().add(dstString); + ce.getValue().getAltCN().add(dstString); } } AnalyzedNameType analyzedName = getAnalyzedName(userMap); - ce.setAnalyzedName(analyzedName); + ce.getValue().setAnalyzedName(analyzedName); ppType.setCommonName(ce); return ppType; - } catch (JAXBException je) { - IDPPUtils.debug.error( - "IDPPContainers:getContainerObject: JAXB failure", je); - throw new IDPPException( - IDPPUtils.bundle.getString("jaxbFailure")); } catch (IDPPException ie) { IDPPUtils.debug.error("IDPPContainers:getContainerObject:" + "Error while creating common name.", ie); @@ -264,10 +263,13 @@ private Map getCommonNameMap(Object obj, Map map) DSTString cn = null; List altCNs = null; if(obj != null) { + if(obj instanceof JAXBElement) { + obj = ((JAXBElement)obj).getValue(); + } if(obj instanceof CommonNameType) { CommonNameType cnType = (CommonNameType)obj; analyzedName = cnType.getAnalyzedName(); - cn = cnType.getCN(); + cn = jaxbValue(cnType.getCN()); altCNs = cnType.getAltCN(); } else { throw new IDPPException( diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPDemographics.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPDemographics.java index 659950a98c..df9fddc238 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPDemographics.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPDemographics.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: IDPPDemographics.java,v 1.2 2008/06/25 05:47:16 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * * Portions Copyrighted 2026 3A Systems, LLC */ @@ -30,7 +32,8 @@ package com.sun.identity.liberty.ws.idpp.container; import com.sun.identity.shared.datastruct.CollectionHelper; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.JAXBException; import java.util.Set; import java.util.HashSet; import java.util.Iterator; @@ -68,57 +71,54 @@ public Object getContainerObject(Map userMap) throws IDPPException { IDPPUtils.debug.message("IDPPDemographics:getContainerObject:Init"); - try { - PPType ppType = IDPPUtils.getIDPPFactory().createPPElement(); - DemographicsElement de = - IDPPUtils.getIDPPFactory().createDemographicsElement(); - - String displayLang = CollectionHelper.getMapAttr(userMap, - getAttributeMapper().getDSAttribute( - IDPPConstants.DEMO_GRAPHICS_DISPLAY_LANG_ELEMENT).toLowerCase()); - - if(displayLang != null) { - de.setDisplayLanguage(getDSTString(displayLang)); - } - - Set languages = (Set)userMap.get( - getAttributeMapper().getDSAttribute( - IDPPConstants.DEMO_GRAPHICS_LANGUAGE_ELEMENT).toLowerCase()); - Iterator iter = languages.iterator(); - while(iter.hasNext()) { - de.getLanguage().add(getDSTString((String)iter.next())); - } - - String birthDay = CollectionHelper.getMapAttr(userMap, - getAttributeMapper().getDSAttribute( - IDPPConstants.DEMO_GRAPHICS_BIRTH_DAY_ELEMENT).toLowerCase()); - if(birthDay != null) { - de.setBirthday(getDSTMonthDay(birthDay)); - } - - String age = CollectionHelper.getMapAttr(userMap, - getAttributeMapper().getDSAttribute( - IDPPConstants.DEMO_GRAPHICS_AGE_ELEMENT).toLowerCase()); - if(age != null) { - de.setAge(getDSTInteger(age)); - } - - String timeZone = CollectionHelper.getMapAttr(userMap, - getAttributeMapper().getDSAttribute( - IDPPConstants.DEMO_GRAPHICS_TIME_ZONE_ELEMENT).toLowerCase()); - if(timeZone != null) { - de.setTimeZone(getDSTString(timeZone)); - } - - ppType.setDemographics(de); - - return ppType; - } catch (JAXBException je) { - IDPPUtils.debug.error( - "IDPPDemographics:getContainerObject: JAXB failure", je); - throw new IDPPException( - IDPPUtils.bundle.getString("jaxbFailure")); + PPType ppType = IDPPUtils.getIDPPFactory().createPPType(); + DemographicsElement de = + IDPPUtils.getIDPPFactory().createDemographicsElement( + IDPPUtils.getIDPPFactory().createDemographicsType()); + + String displayLang = CollectionHelper.getMapAttr(userMap, + getAttributeMapper().getDSAttribute( + IDPPConstants.DEMO_GRAPHICS_DISPLAY_LANG_ELEMENT).toLowerCase()); + + if(displayLang != null) { + de.getValue().setDisplayLanguage( + IDPPUtils.getIDPPFactory().createDisplayLanguageElement(getDSTString(displayLang))); + } + + Set languages = (Set)userMap.get( + getAttributeMapper().getDSAttribute( + IDPPConstants.DEMO_GRAPHICS_LANGUAGE_ELEMENT).toLowerCase()); + Iterator iter = languages.iterator(); + while(iter.hasNext()) { + de.getValue().getLanguage().add( + IDPPUtils.getIDPPFactory().createLanguageElement(getDSTString((String)iter.next()))); + } + + String birthDay = CollectionHelper.getMapAttr(userMap, + getAttributeMapper().getDSAttribute( + IDPPConstants.DEMO_GRAPHICS_BIRTH_DAY_ELEMENT).toLowerCase()); + if(birthDay != null) { + de.getValue().setBirthday( + IDPPUtils.getIDPPFactory().createBirthdayElement(getDSTMonthDay(birthDay))); } + + String age = CollectionHelper.getMapAttr(userMap, + getAttributeMapper().getDSAttribute( + IDPPConstants.DEMO_GRAPHICS_AGE_ELEMENT).toLowerCase()); + if(age != null) { + de.getValue().setAge(IDPPUtils.getIDPPFactory().createAgeElement(getDSTInteger(age))); + } + + String timeZone = CollectionHelper.getMapAttr(userMap, + getAttributeMapper().getDSAttribute( + IDPPConstants.DEMO_GRAPHICS_TIME_ZONE_ELEMENT).toLowerCase()); + if(timeZone != null) { + de.getValue().setTimeZone(getDSTString(timeZone)); + } + + ppType.setDemographics(de); + + return ppType; } /** @@ -272,15 +272,18 @@ private Map getDemographicsMap(Object obj, Map map) DSTString displayLang = null; DSTInteger age = null; DSTMonthDay birthDay = null; - List languages = null; + List languages = null; DSTString timeZone = null; if(obj != null) { + if(obj instanceof JAXBElement) { + obj = ((JAXBElement)obj).getValue(); + } if(obj instanceof DemographicsType) { DemographicsType demoGraphs = (DemographicsType)obj; - displayLang = demoGraphs.getDisplayLanguage(); - age = demoGraphs.getAge(); - birthDay = demoGraphs.getBirthday(); + displayLang = jaxbValue(demoGraphs.getDisplayLanguage()); + age = jaxbValue(demoGraphs.getAge()); + birthDay = jaxbValue(demoGraphs.getBirthday()); languages = demoGraphs.getLanguage(); timeZone = demoGraphs.getTimeZone(); } else { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPEmergencyContact.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPEmergencyContact.java index 0a18b24660..a9d8a6a0a4 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPEmergencyContact.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPEmergencyContact.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: IDPPEmergencyContact.java,v 1.2 2008/06/25 05:47:16 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * * Portions Copyrighted 2026 3A Systems, LLC */ @@ -30,7 +32,7 @@ package com.sun.identity.liberty.ws.idpp.container; import com.sun.identity.shared.datastruct.CollectionHelper; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import java.util.Set; import java.util.HashSet; import java.util.Map; @@ -64,22 +66,20 @@ public IDPPEmergencyContact() { */ public Object getContainerObject(Map userMap) throws IDPPException { IDPPUtils.debug.message("IDPPEmergencyContact:getContainerObject:Init"); - try { - PPType ppType = IDPPUtils.getIDPPFactory().createPPElement(); - EmergencyContactElement ec = - IDPPUtils.getIDPPFactory().createEmergencyContactElement(); - String emergencyContact = CollectionHelper.getMapAttr(userMap, - getAttributeMapper().getDSAttribute( - IDPPConstants.EMERGENCY_CONTACT_ELEMENT).toLowerCase()); - ec.setValue(emergencyContact); - ppType.setEmergencyContact(ec); - return ppType; - } catch (JAXBException je) { - IDPPUtils.debug.error( - "IDPPEmergencyContact:getContainerObject: JAXB failure", je); - throw new IDPPException( - IDPPUtils.bundle.getString("jaxbFailure")); - } + PPType ppType = IDPPUtils.getIDPPFactory().createPPType(); + EmergencyContactElement ec = + IDPPUtils.getIDPPFactory().createEmergencyContactElement( + IDPPUtils.getIDPPFactory().createDSTString() + ); + String emergencyContact = CollectionHelper.getMapAttr(userMap, + getAttributeMapper().getDSAttribute( + IDPPConstants.EMERGENCY_CONTACT_ELEMENT).toLowerCase()); + DSTString emergencyContactDstString = IDPPUtils.getIDPPFactory().createDSTString(); + emergencyContactDstString.setValue(emergencyContact); + + ec.setValue(emergencyContactDstString); + ppType.setEmergencyContact(ec); + return ppType; } /** diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPEmploymentIdentity.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPEmploymentIdentity.java index 82b267eaf6..5245dbb733 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPEmploymentIdentity.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPEmploymentIdentity.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: IDPPEmploymentIdentity.java,v 1.2 2008/06/25 05:47:16 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * * Portions Copyrighted 2026 3A Systems, LLC */ @@ -30,7 +32,8 @@ package com.sun.identity.liberty.ws.idpp.container; import com.sun.identity.shared.datastruct.CollectionHelper; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.JAXBException; import java.util.Set; import java.util.HashSet; import java.util.Iterator; @@ -64,42 +67,37 @@ public IDPPEmploymentIdentity() { */ public Object getContainerObject(Map userMap) throws IDPPException { IDPPUtils.debug.message("IDPPEmploymentIdentity:getContainerObj:Init"); - try { - PPType ppType = IDPPUtils.getIDPPFactory().createPPElement(); - EmploymentIdentityElement ei = - IDPPUtils.getIDPPFactory().createEmploymentIdentityElement(); - String jobTitle = CollectionHelper.getMapAttr( - userMap, getAttributeMapper().getDSAttribute( - IDPPConstants.JOB_TITLE_ELEMENT).toLowerCase()); - if(jobTitle != null) { - DSTString dstString = getDSTString(jobTitle); - ei.setJobTitle(dstString); - } - - String org = CollectionHelper.getMapAttr(userMap, - getAttributeMapper().getDSAttribute( - IDPPConstants.O_ELEMENT).toLowerCase()); - if(org != null) { - DSTString dstString = getDSTString(org); - ei.setO(dstString); - } - - Set altOs = (Set)userMap.get( - getAttributeMapper().getDSAttribute( - IDPPConstants.ALT_O_ELEMENT).toLowerCase()); - Iterator iter = altOs.iterator(); - while(iter.hasNext()) { - DSTString dstString = getDSTString((String)iter.next()); - ei.getAltO().add(dstString); - } - ppType.setEmploymentIdentity(ei); - return ppType; - } catch (JAXBException je) { - IDPPUtils.debug.error( - "IDPPContainers:getContainerObject: JAXB failure", je); - throw new IDPPException( - IDPPUtils.bundle.getString("jaxbFailure")); + PPType ppType = IDPPUtils.getIDPPFactory().createPPType(); + EmploymentIdentityElement ei = + IDPPUtils.getIDPPFactory().createEmploymentIdentityElement( + IDPPUtils.getIDPPFactory().createEmploymentIdentityType() + ); + String jobTitle = CollectionHelper.getMapAttr( + userMap, getAttributeMapper().getDSAttribute( + IDPPConstants.JOB_TITLE_ELEMENT).toLowerCase()); + if(jobTitle != null) { + DSTString dstString = getDSTString(jobTitle); + ei.getValue().setJobTitle(IDPPUtils.getIDPPFactory().createJobTitleElement(dstString)); + } + + String org = CollectionHelper.getMapAttr(userMap, + getAttributeMapper().getDSAttribute( + IDPPConstants.O_ELEMENT).toLowerCase()); + if(org != null) { + DSTString dstString = getDSTString(org); + ei.getValue().setO(IDPPUtils.getIDPPFactory().createOElement(dstString)); } + + Set altOs = (Set)userMap.get( + getAttributeMapper().getDSAttribute( + IDPPConstants.ALT_O_ELEMENT).toLowerCase()); + Iterator iter = altOs.iterator(); + while(iter.hasNext()) { + DSTString dstString = getDSTString((String)iter.next()); + ei.getValue().getAltO().add(dstString); + } + ppType.setEmploymentIdentity(ei); + return ppType; } /** @@ -210,10 +208,13 @@ private Map getEmploymentIdentityMap(Object obj, Map map) DSTString jobTitle = null, org = null; List altO = null; if(obj != null) { + if(obj instanceof JAXBElement) { + obj = ((JAXBElement)obj).getValue(); + } if(obj instanceof EmploymentIdentityType) { EmploymentIdentityType eiType = (EmploymentIdentityType)obj; - jobTitle = eiType.getJobTitle(); - org = eiType.getO(); + jobTitle = jaxbValue(eiType.getJobTitle()); + org = jaxbValue(eiType.getO()); altO = eiType.getAltO(); } else { throw new IDPPException( diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPEncryptKey.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPEncryptKey.java index fb72e10c2b..a1e75a7d96 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPEncryptKey.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPEncryptKey.java @@ -23,23 +23,23 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: IDPPEncryptKey.java,v 1.2 2008/06/25 05:47:16 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * * Portions Copyrighted 2026 3A Systems, LLC */ package com.sun.identity.liberty.ws.idpp.container; -import javax.xml.bind.JAXBException; import java.util.Set; import java.util.HashSet; import java.util.Map; import java.util.HashMap; import java.util.List; import java.util.Iterator; -import org.w3c.dom.Document; + import com.sun.identity.liberty.ws.idpp.common.*; import com.sun.identity.liberty.ws.idpp.jaxb.*; -import com.sun.identity.liberty.ws.idpp.plugin.*; /** @@ -64,39 +64,34 @@ public IDPPEncryptKey() { */ public Object getContainerObject(Map userMap) throws IDPPException { IDPPUtils.debug.message("IDPPEncryptKey:getContainerObject:Init"); - try { - PPType ppType = IDPPUtils.getIDPPFactory().createPPElement(); - EncryptKeyElement encryptKey = - IDPPUtils.getIDPPFactory().createEncryptKeyElement(); - byte[][] certBytes = (byte[][]) userMap.get( - getAttributeMapper().getDSAttribute( - IDPPConstants.ENCRYPT_KEY_ELEMENT).toLowerCase()); - - if(certBytes != null) { - com.sun.identity.liberty.ws.common.jaxb.xmlsig.ObjectFactory of = - new com.sun.identity.liberty.ws.common.jaxb.xmlsig. - ObjectFactory(); - - com.sun.identity.liberty.ws.common.jaxb.xmlsig.X509DataType - x509DataType = of.createX509DataElement(); - - com.sun.identity.liberty.ws.common.jaxb.xmlsig.X509DataType. - X509Certificate cert = of.createX509DataTypeX509Certificate( - certBytes[0]); - - x509DataType. - getX509IssuerSerialOrX509SKIOrX509SubjectName().add(cert); - encryptKey.getContent().add(x509DataType); - } - - ppType.setEncryptKey(encryptKey); - return ppType; - } catch (JAXBException je) { - IDPPUtils.debug.error( - "IDPPEncryptKey:getEncryptKey: JAXB failure", je); - throw new IDPPException( - IDPPUtils.bundle.getString("jaxbFailure")); - } + PPType ppType = IDPPUtils.getIDPPFactory().createPPType(); + EncryptKeyElement encryptKey = + IDPPUtils.getIDPPFactory().createEncryptKeyElement( + IDPPUtils.getIDPPFactory().createKeyInfoType() + ); + byte[][] certBytes = (byte[][]) userMap.get( + getAttributeMapper().getDSAttribute( + IDPPConstants.ENCRYPT_KEY_ELEMENT).toLowerCase()); + + if(certBytes != null) { + com.sun.identity.liberty.ws.common.jaxb.xmlsig.ObjectFactory of = + new com.sun.identity.liberty.ws.common.jaxb.xmlsig. + ObjectFactory(); + + com.sun.identity.liberty.ws.common.jaxb.xmlsig.X509DataType + x509DataType = of.createX509DataType(); + + com.sun.identity.liberty.ws.common.jaxb.xmlsig.X509DataType. + X509Certificate cert = of.createX509DataTypeX509Certificate( + certBytes[0]); + + x509DataType. + getX509IssuerSerialOrX509SKIOrX509SubjectName().add(cert); + encryptKey.getValue().getContent().add(of.createX509DataElement(x509DataType)); + } + + ppType.setEncryptKey(encryptKey); + return ppType; } /** @@ -146,7 +141,7 @@ public Map getDataMapForSelect(String select, List data) if(dataElement instanceof EncryptKeyElement) { byte[] certBytes = null; EncryptKeyElement encryptKey = (EncryptKeyElement)dataElement; - List contents = encryptKey.getContent(); + List contents = encryptKey.getValue().getContent(); if(contents == null || contents.size() == 0) { map.put(getAttributeMapper().getDSAttribute( @@ -163,8 +158,8 @@ public Map getDataMapForSelect(String select, List data) com.sun.identity.liberty.ws.common.jaxb.xmlsig.X509DataElement x509Data = (com.sun.identity.liberty.ws.common.jaxb. xmlsig.X509DataElement)obj; - List certs = - x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName(); + List certs = + x509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName(); if(certs == null || certs.size() == 0) { IDPPUtils.debug.error("IDPPEncryptKey.getDataMapForSelect:" + diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPExtensionContainer.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPExtensionContainer.java index df82e28e03..2809176742 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPExtensionContainer.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPExtensionContainer.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: IDPPExtensionContainer.java,v 1.2 2008/06/25 05:47:16 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * * Portions Copyrighted 2026 3A Systems, LLC */ @@ -30,7 +32,7 @@ package com.sun.identity.liberty.ws.idpp.container; import com.sun.identity.shared.datastruct.CollectionHelper; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import java.util.Set; import java.util.HashSet; import java.util.Map; @@ -69,42 +71,37 @@ public IDPPExtensionContainer() { */ public Object getContainerObject(Map userMap) throws IDPPException { IDPPUtils.debug.message("IDPPContainers:getContainerObject:Init"); - try { - PPType ppType = IDPPUtils.getIDPPFactory().createPPElement(); - ExtensionElement ee = - IDPPUtils.getIDPPFactory().createExtensionElement(); + PPType ppType = IDPPUtils.getIDPPFactory().createPPType(); + ExtensionElement ee = + IDPPUtils.getIDPPFactory().createExtensionElement( + IDPPUtils.getIDPPFactory().createExtensionType() + ); + + IDPPExtension extension = getExtensionContainerClass(); + if(extension != null) { + ee.getValue().getAny().addAll(extension.getExtAttributes()); + ppType.setExtension(ee); + return ppType; + } - IDPPExtension extension = getExtensionContainerClass(); - if(extension != null) { - ee.getAny().addAll(extension.getExtAttributes()); - ppType.setExtension(ee); - return ppType; - } + Set extensionAttributes = getExtensionContainerAttributes(); + if(extensionAttributes == null || extensionAttributes.isEmpty()) { + ppType.setExtension(ee); + return ppType; + } - Set extensionAttributes = getExtensionContainerAttributes(); - if(extensionAttributes == null || extensionAttributes.isEmpty()) { - ppType.setExtension(ee); - return ppType; - } - - Iterator iter = extensionAttributes.iterator(); - while(iter.hasNext()) { - String extName = (String)iter.next(); - String extValue = CollectionHelper.getMapAttr(userMap, - getAttributeMapper().getDSAttribute(extName).toLowerCase()); - if(extValue != null) { - ee.getAny().add(getISExtension(extName, extValue)); - } + Iterator iter = extensionAttributes.iterator(); + while(iter.hasNext()) { + String extName = (String)iter.next(); + String extValue = CollectionHelper.getMapAttr(userMap, + getAttributeMapper().getDSAttribute(extName).toLowerCase()); + if(extValue != null) { + ee.getValue().getAny().add(getISExtension(extName, extValue)); } + } - ppType.setExtension(ee); - return ppType; - } catch (JAXBException je) { - IDPPUtils.debug.error( - "IDPPExtensionContainer:getContainerObject: JAXB failure", je); - throw new IDPPException( - IDPPUtils.bundle.getString("jaxbFailure")); - } + ppType.setExtension(ee); + return ppType; } /** @@ -237,18 +234,12 @@ public Map getDataMapForSelect(String select, List data) private PPISExtensionElement getISExtension( String attrName, String attrValue) throws IDPPException { IDPPUtils.debug.message("IDPPExtensionContainer.getISExtension:Init"); - try { - com.sun.identity.liberty.ws.idpp.plugin.jaxb.ObjectFactory fac = - new com.sun.identity.liberty.ws.idpp.plugin.jaxb.ObjectFactory(); - PPISExtensionElement ext = fac.createPPISExtensionElement(); - ext.setName(attrName); - ext.setValue(attrValue); - return ext; - } catch (JAXBException je) { - IDPPUtils.debug.error("IDPPExtensionContainer.getISExtension:" + - "Fails in creating PP Extension element.", je); - throw new IDPPException(IDPPUtils.bundle.getString("jaxbFailure")); - } + com.sun.identity.liberty.ws.idpp.plugin.jaxb.ObjectFactory fac = + new com.sun.identity.liberty.ws.idpp.plugin.jaxb.ObjectFactory(); + PPISExtensionElement ext = fac.createPPISExtensionElement(); + ext.setName(attrName); + ext.setValue(attrValue); + return ext; } /** diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPFacade.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPFacade.java index e525df29eb..70c972eb42 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPFacade.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPFacade.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: IDPPFacade.java,v 1.2 2008/06/25 05:47:16 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * * Portions Copyrighted 2026 3A Systems, LLC */ @@ -30,7 +32,7 @@ package com.sun.identity.liberty.ws.idpp.container; import com.sun.identity.shared.datastruct.CollectionHelper; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import java.util.Set; import java.util.HashSet; import java.util.Iterator; @@ -67,55 +69,54 @@ public IDPPFacade() { public Object getContainerObject(Map userMap) throws IDPPException { IDPPUtils.debug.message("IDPPFacade:getContainerObject:Init"); - try { - PPType ppType = IDPPUtils.getIDPPFactory().createPPElement(); - FacadeElement fe = - IDPPUtils.getIDPPFactory().createFacadeElement(); + PPType ppType = IDPPUtils.getIDPPFactory().createPPType(); + FacadeElement fe = + IDPPUtils.getIDPPFactory().createFacadeElement( + IDPPUtils.getIDPPFactory().createFacadeType() + ); - String mugShot = CollectionHelper.getMapAttr( - userMap, getAttributeMapper().getDSAttribute( - IDPPConstants.MUGSHOT_ELEMENT).toLowerCase()); + String mugShot = CollectionHelper.getMapAttr( + userMap, getAttributeMapper().getDSAttribute( + IDPPConstants.MUGSHOT_ELEMENT).toLowerCase()); - if(mugShot != null) { - fe.setMugShot(getDSTURI(mugShot)); - } - - String webSite = CollectionHelper.getMapAttr( - userMap, getAttributeMapper().getDSAttribute( - IDPPConstants.WEBSITE_ELEMENT).toLowerCase()); - if(webSite != null) { - fe.setWebSite(getDSTURI(webSite)); - } + if(mugShot != null) { + fe.getValue().setMugShot( + IDPPUtils.getIDPPFactory().createMugShotElement(getDSTURI(mugShot))); + } - String namePronounced = CollectionHelper.getMapAttr( - userMap, getAttributeMapper().getDSAttribute( - IDPPConstants.NAME_PRONOUNCED_ELEMENT).toLowerCase()); - if(namePronounced != null) { - fe.setNamePronounced(getDSTURI(namePronounced)); - } + String webSite = CollectionHelper.getMapAttr( + userMap, getAttributeMapper().getDSAttribute( + IDPPConstants.WEBSITE_ELEMENT).toLowerCase()); + if(webSite != null) { + fe.getValue().setWebSite( + IDPPUtils.getIDPPFactory().createWebSiteElement(getDSTURI(webSite))); + } - String greetSound = CollectionHelper.getMapAttr( - userMap, getAttributeMapper().getDSAttribute( - IDPPConstants.GREET_SOUND_ELEMENT).toLowerCase()); - if(greetSound != null) { - fe.setGreetSound(getDSTURI(greetSound)); - } + String namePronounced = CollectionHelper.getMapAttr( + userMap, getAttributeMapper().getDSAttribute( + IDPPConstants.NAME_PRONOUNCED_ELEMENT).toLowerCase()); + if(namePronounced != null) { + fe.getValue().setNamePronounced(IDPPUtils.getIDPPFactory().createNamePronouncedElement(getDSTURI(namePronounced))); + } - String greetMeSound = CollectionHelper.getMapAttr( - userMap, getAttributeMapper().getDSAttribute( - IDPPConstants.GREET_ME_SOUND_ELEMENT).toLowerCase()); - if(greetMeSound != null) { - fe.setGreetMeSound(getDSTURI(greetMeSound)); - } - ppType.setFacade(fe); + String greetSound = CollectionHelper.getMapAttr( + userMap, getAttributeMapper().getDSAttribute( + IDPPConstants.GREET_SOUND_ELEMENT).toLowerCase()); + if(greetSound != null) { + fe.getValue().setGreetSound(IDPPUtils.getIDPPFactory().createGreetSoundElement(getDSTURI(greetSound))); + } - return ppType; - } catch (JAXBException je) { - IDPPUtils.debug.error( - "IDPPFacade:getContainerObject: JAXB failure", je); - throw new IDPPException( - IDPPUtils.bundle.getString("jaxbFailure")); + String greetMeSound = CollectionHelper.getMapAttr( + userMap, getAttributeMapper().getDSAttribute( + IDPPConstants.GREET_ME_SOUND_ELEMENT).toLowerCase()); + if(greetMeSound != null) { + fe.getValue().setGreetMeSound( + IDPPUtils.getIDPPFactory().createGreetMeSoundElement(getDSTURI(greetMeSound)) + ); } + ppType.setFacade(fe); + + return ppType; } /** @@ -256,11 +257,11 @@ private Map getFacadeMap(Object obj, Map map) { DSTURI greetMeSound = null; if(obj != null) { FacadeElement fe = (FacadeElement)obj; - mugShot = fe.getMugShot(); - webSite = fe.getWebSite(); - namePronounced = fe.getNamePronounced(); - greetSound = fe.getGreetSound(); - greetMeSound = fe.getGreetMeSound(); + mugShot = jaxbValue(fe.getValue().getMugShot()); + webSite = jaxbValue(fe.getValue().getWebSite()); + namePronounced = jaxbValue(fe.getValue().getNamePronounced()); + greetSound = jaxbValue(fe.getValue().getGreetSound()); + greetMeSound = jaxbValue(fe.getValue().getGreetMeSound()); } getAttributeMap(IDPPConstants.MUGSHOT_ELEMENT, mugShot, map); getAttributeMap(IDPPConstants.WEBSITE_ELEMENT, webSite, map); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPInformalName.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPInformalName.java index 5ce698704c..543fe96c8f 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPInformalName.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPInformalName.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: IDPPInformalName.java,v 1.2 2008/06/25 05:47:16 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * * Portions Copyrighted 2026 3A Systems, LLC */ @@ -30,7 +32,7 @@ package com.sun.identity.liberty.ws.idpp.container; import com.sun.identity.shared.datastruct.CollectionHelper; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import java.util.Set; import java.util.HashSet; import java.util.Map; @@ -62,24 +64,21 @@ public IDPPInformalName() { */ public Object getContainerObject(Map userMap) throws IDPPException { IDPPUtils.debug.message("IDPPInformalName:getInformalName:Init"); - try { - PPType ppType = IDPPUtils.getIDPPFactory().createPPElement(); - InformalNameElement in = - IDPPUtils.getIDPPFactory().createInformalNameElement(); + PPType ppType = IDPPUtils.getIDPPFactory().createPPType(); + InformalNameElement in = + IDPPUtils.getIDPPFactory().createInformalNameElement( + IDPPUtils.getIDPPFactory().createDSTString() + ); - String informalName = CollectionHelper.getMapAttr( - userMap, getAttributeMapper().getDSAttribute( - IDPPConstants.INFORMAL_NAME_ELEMENT).toLowerCase()); - in.setValue(informalName); + String informalName = CollectionHelper.getMapAttr( + userMap, getAttributeMapper().getDSAttribute( + IDPPConstants.INFORMAL_NAME_ELEMENT).toLowerCase()); + DSTString dstStringInformalName = IDPPUtils.getIDPPFactory().createDSTString(); + dstStringInformalName.setValue(informalName); + in.setValue(dstStringInformalName); - ppType.setInformalName(in); - return ppType; - } catch (JAXBException je) { - IDPPUtils.debug.error( - "IDPPInformalName:getContainerObject: JAXB failure", je); - throw new IDPPException( - IDPPUtils.bundle.getString("jaxbFailure")); - } + ppType.setInformalName(in); + return ppType; } /** diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPLegalIdentity.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPLegalIdentity.java index 3f064bed18..178e51daec 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPLegalIdentity.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPLegalIdentity.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: IDPPLegalIdentity.java,v 1.2 2008/06/25 05:47:16 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * * Portions Copyrighted 2026 3A Systems, LLC */ @@ -30,7 +32,8 @@ package com.sun.identity.liberty.ws.idpp.container; import com.sun.identity.shared.datastruct.CollectionHelper; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.JAXBException; import java.util.Set; import java.util.HashSet; import java.util.Iterator; @@ -67,23 +70,23 @@ public Object getContainerObject(Map userMap) throws IDPPException { IDPPUtils.debug.message("IDPPLegalIdentity:getContainerObject:Init"); try { - PPType ppType = IDPPUtils.getIDPPFactory().createPPElement(); - LegalIdentityElement lIdentity = - IDPPUtils.getIDPPFactory().createLegalIdentityElement(); + PPType ppType = IDPPUtils.getIDPPFactory().createPPType(); + LegalIdentityType lIdentity = IDPPUtils.getIDPPFactory().createLegalIdentityType(); + String value = CollectionHelper.getMapAttr(userMap, getAttributeMapper().getDSAttribute( IDPPConstants.LEGAL_NAME_ELEMENT).toLowerCase()); if(value != null) { DSTString dstString = getDSTString(value); - lIdentity.setLegalName(dstString); + lIdentity.setLegalName(IDPPUtils.getIDPPFactory().createLegalNameElement(dstString)); } value = CollectionHelper.getMapAttr( userMap, getAttributeMapper().getDSAttribute( IDPPConstants.DOB_ELEMENT).toLowerCase()); if(value != null) { DSTDate date = getDSTDate(value); - lIdentity.setDOB(date); + lIdentity.setDOB(IDPPUtils.getIDPPFactory().createDOBElement(date)); } value = CollectionHelper.getMapAttr( @@ -91,19 +94,20 @@ userMap, getAttributeMapper().getDSAttribute( IDPPConstants.GENDER_ELEMENT).toLowerCase()); if(value != null) { DSTURI gender = getDSTURI(value); - lIdentity.setGender(gender); + lIdentity.setGender(IDPPUtils.getIDPPFactory().createGenderElement(gender)); } value = CollectionHelper.getMapAttr( userMap, getAttributeMapper().getDSAttribute( IDPPConstants.MARITAL_STATUS_ELEMENT).toLowerCase()); if(value != null) { DSTURI mStatus = getDSTURI(value); - lIdentity.setMaritalStatus(mStatus); + lIdentity.setMaritalStatus(IDPPUtils.getIDPPFactory().createMaritalStatusElement(mStatus)); } - AltIDType altID = getAltID(userMap); - if(altID != null) { - List list = new ArrayList(); + AltIDType altIDValue = getAltID(userMap); + if(altIDValue != null) { + AltIDElement altID = IDPPUtils.getIDPPFactory().createAltIDElement(altIDValue); + List list = new ArrayList<>(); list.add(altID); lIdentity.getAltID().addAll(list); } @@ -116,14 +120,10 @@ userMap, getAttributeMapper().getDSAttribute( AnalyzedNameType analyzedName = getAnalyzedName(userMap); if(analyzedName != null) { lIdentity.setAnalyzedName(analyzedName); - } - ppType.setLegalIdentity(lIdentity); + } + LegalIdentityElement lIdentityElement = IDPPUtils.getIDPPFactory().createLegalIdentityElement(lIdentity); + ppType.setLegalIdentity(lIdentityElement); return ppType; - } catch (JAXBException je) { - IDPPUtils.debug.error( - "IDPPContainers:getContainerObject: JAXB failure", je); - throw new IDPPException( - IDPPUtils.bundle.getString("jaxbFailure")); } catch (IDPPException ie) { IDPPUtils.debug.error("IDPPContainers:getContainerObject:" + "Error while creating legal identity.", ie); @@ -140,36 +140,30 @@ userMap, getAttributeMapper().getDSAttribute( private AltIDType getAltID(Map userMap) throws IDPPException { IDPPUtils.debug.message("IDPPLegalIdentity:getAltID:Init"); AltIDType altID = null; - try { - altID = IDPPUtils.getIDPPFactory().createAltIDType(); - String altIDType = CollectionHelper.getMapAttr( - userMap, getAttributeMapper().getDSAttribute( - IDPPConstants.ALT_ID_TYPE_ELEMENT).toLowerCase()); - - if(altIDType != null) { - DSTURI uri = getDSTURI(altIDType); - altID.setIDType(uri); - } + altID = IDPPUtils.getIDPPFactory().createAltIDType(); + String altIDType = CollectionHelper.getMapAttr( + userMap, getAttributeMapper().getDSAttribute( + IDPPConstants.ALT_ID_TYPE_ELEMENT).toLowerCase()); + + if(altIDType != null) { + DSTURI uri = getDSTURI(altIDType); + altID.setIDType(uri); + } - String altIDValue = CollectionHelper.getMapAttr( - userMap, getAttributeMapper().getDSAttribute( - IDPPConstants.ALT_ID_VALUE_ELEMENT).toLowerCase()); + String altIDValue = CollectionHelper.getMapAttr( + userMap, getAttributeMapper().getDSAttribute( + IDPPConstants.ALT_ID_VALUE_ELEMENT).toLowerCase()); - if(altIDValue != null) { - DSTString str = getDSTString(altIDValue); - altID.setIDValue(str); - } + if(altIDValue != null) { + DSTString str = getDSTString(altIDValue); + altID.setIDValue(IDPPUtils.getIDPPFactory().createIDValueElement(str)); + } - if(altIDType != null && altIDValue != null) { - return altID; - } + if(altIDType != null && altIDValue != null) { + return altID; + } - return null; - } catch (JAXBException je) { - IDPPUtils.debug.error("IDPPContainers:getAltID: JAXB failure", je); - throw new IDPPException( - IDPPUtils.bundle.getString("jaxbFailure")); - } + return null; } /** @@ -181,32 +175,26 @@ userMap, getAttributeMapper().getDSAttribute( private VATType getVAT(Map userMap) throws IDPPException { IDPPUtils.debug.message("IDPPLegalIdentity:getVATType:Init"); VATType vType = null; - try { - vType = IDPPUtils.getIDPPFactory().createVATType(); - String value = CollectionHelper.getMapAttr( - userMap, getAttributeMapper().getDSAttribute( - IDPPConstants.ID_TYPE_ELEMENT).toLowerCase()); - if(value != null) { - DSTURI uri = getDSTURI(value); - vType.setIDType(uri); - } - value = CollectionHelper.getMapAttr( - userMap, getAttributeMapper().getDSAttribute( - IDPPConstants.ID_VALUE_ELEMENT).toLowerCase()); - if(value != null) { - DSTString str = getDSTString(value); - vType.setIDValue(str); - } else { - IDPPUtils.debug.message("IDPPContainers:getVAT: VAT value" + - "is not configured in legal dentity"); - return null; - } - return vType; - } catch (JAXBException je) { - IDPPUtils.debug.error("IDPPContainers:getVAT: JAXB failure", je); - throw new IDPPException( - IDPPUtils.bundle.getString("jaxbFailure")); - } + vType = IDPPUtils.getIDPPFactory().createVATType(); + String value = CollectionHelper.getMapAttr( + userMap, getAttributeMapper().getDSAttribute( + IDPPConstants.ID_TYPE_ELEMENT).toLowerCase()); + if(value != null) { + DSTURI uri = getDSTURI(value); + vType.setIDType(uri); + } + value = CollectionHelper.getMapAttr( + userMap, getAttributeMapper().getDSAttribute( + IDPPConstants.ID_VALUE_ELEMENT).toLowerCase()); + if(value != null) { + DSTString str = getDSTString(value); + vType.setIDValue(IDPPUtils.getIDPPFactory().createIDValueElement(str)); + } else { + IDPPUtils.debug.message("IDPPContainers:getVAT: VAT value" + + "is not configured in legal dentity"); + return null; + } + return vType; } /** @@ -373,7 +361,7 @@ public Map getDataMapForSelect(String select, List data) String idTypeKey = null; String idValueKey = null; - DSTString idValue = (DSTString)dataElement; + DSTString idValue = ((IDValueElement)dataElement).getValue(); if(select.indexOf("AltID") != -1) { idTypeKey = getAttributeMapper().getDSAttribute( @@ -462,15 +450,18 @@ private Map getLegalIdentityMap(Object obj, Map map) DSTDate dob = null; DSTString lName = null; if(obj != null) { + if(obj instanceof JAXBElement) { + obj = ((JAXBElement)obj).getValue(); + } if(obj instanceof LegalIdentityType) { LegalIdentityType lType = (LegalIdentityType)obj; analyzedName = lType.getAnalyzedName(); vat = lType.getVAT(); altIDs = lType.getAltID(); - dob = lType.getDOB(); - mStatus = lType.getMaritalStatus(); - gender = lType.getGender(); - lName = lType.getLegalName(); + dob = jaxbValue(lType.getDOB()); + mStatus = jaxbValue(lType.getMaritalStatus()); + gender = jaxbValue(lType.getGender()); + lName = jaxbValue(lType.getLegalName()); } else { throw new IDPPException( IDPPUtils.bundle.getString("invalid Element")); @@ -502,9 +493,11 @@ private Map getAltIDMap(List dataObject, Map map) throws IDPPException { for(int i= 0; i < size; i++) { Object dataElement = dataObject.get(i); if(dataElement instanceof AltIDElement) { - AltIDType altID = (AltIDType)dataElement; - altIDType = altID.getIDType(); - altIDValue = altID.getIDValue(); + AltIDType altID = ((AltIDElement)dataElement).getValue(); + altIDType = altID.getIDType(); + if(altID.getIDValue() != null) { + altIDValue = altID.getIDValue().getValue(); + } } else { throw new IDPPException( IDPPUtils.bundle.getString("invalid Element")); @@ -527,10 +520,15 @@ private Map getVATMap(Object obj, Map map) throws IDPPException { DSTURI idType = null; DSTString idValue = null; if(obj != null) { + if(obj instanceof JAXBElement) { + obj = ((JAXBElement)obj).getValue(); + } if(obj instanceof VATType) { VATType vType = (VATType)obj; idType = vType.getIDType(); - idValue = vType.getIDValue(); + if(vType.getIDValue() != null) { + idValue = vType.getIDValue().getValue(); + } } else { throw new IDPPException( IDPPUtils.bundle.getString("invalid Element")); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPMsgContact.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPMsgContact.java index 94ad62ad40..861c64070b 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPMsgContact.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPMsgContact.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: IDPPMsgContact.java,v 1.3 2008/06/25 05:47:16 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * * Portions Copyrighted 2026 3A Systems, LLC */ @@ -30,7 +32,7 @@ package com.sun.identity.liberty.ws.idpp.container; import com.sun.identity.shared.datastruct.CollectionHelper; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import java.util.Set; import java.util.HashSet; import java.util.Map; @@ -66,7 +68,7 @@ public IDPPMsgContact() { public Object getContainerObject(Map userMap) throws IDPPException { IDPPUtils.debug.message("IDPPMsgContact:getContainerObject:Init"); try { - PPType ppType = IDPPUtils.getIDPPFactory().createPPElement(); + PPType ppType = IDPPUtils.getIDPPFactory().createPPType(); Set msgContacts = (Set)userMap.get( getAttributeMapper().getDSAttribute( IDPPConstants.MSG_CONTACT_ELEMENT).toLowerCase()); @@ -117,7 +119,8 @@ private MsgContactElement parseEntry(String entry, Map userMap) } MsgContactElement mse = - IDPPUtils.getIDPPFactory().createMsgContactElement(); + IDPPUtils.getIDPPFactory().createMsgContactElement( + IDPPUtils.getIDPPFactory().createMsgContactType()); StringTokenizer st = new StringTokenizer(entry, IDPPConstants.ATTRIBUTE_SEPARATOR); @@ -150,23 +153,23 @@ private MsgContactElement parseEntry(String entry, Map userMap) } if(attribute.equals("MsgType")) { - mse.getMsgType().add(getDSTURI(value)); + mse.getValue().getMsgType().add(getDSTURI(value)); } else if(attribute.equals("Nick")) { - mse.setNick(getDSTString(value)); + mse.getValue().setNick(getDSTString(value)); } else if(attribute.equals("LComment")) { - mse.setLComment(getDSTString(value)); + mse.getValue().setLComment(getDSTString(value)); } else if(attribute.equals("MsgMethod")) { - mse.getMsgMethod().add(getDSTURI(value)); + mse.getValue().getMsgMethod().add(getDSTURI(value)); } else if(attribute.equals("MsgTechnology")) { - mse.getMsgTechnology().add(getDSTURI(value)); + mse.getValue().getMsgTechnology().add(getMsgTechnology(value)); } else if(attribute.equals("MsgAccount")) { - mse.setMsgAccount(getDSTString(value)); + mse.getValue().setMsgAccount(getDSTString(value)); } else if(attribute.equals("MsgSubAccount")) { - mse.setMsgSubaccount(getDSTString(value)); + mse.getValue().setMsgSubaccount(getDSTString(value)); } else if(attribute.equals("MsgProvider")) { - mse.setMsgProvider(getDSTString(value)); + mse.getValue().setMsgProvider(getDSTString(value)); } else if(attribute.equals("id")) { - mse.setId(value); + mse.getValue().setId(value); } } return mse; @@ -301,55 +304,55 @@ private String modifyEntry(String entry, MsgContactElement mse) { StringBuffer sb = new StringBuffer(200); - DSTString dstString = mse.getNick(); + DSTString dstString = mse.getValue().getNick(); if(dstString != null) { sb.append("Nick").append("=") .append(dstString.getValue()).append("|"); } - dstString = mse.getLComment(); + dstString = mse.getValue().getLComment(); if(dstString != null) { sb.append("LComment").append("=") .append(dstString.getValue()).append("|"); } - dstString = mse.getMsgProvider(); + dstString = mse.getValue().getMsgProvider(); if(dstString != null) { sb.append("MsgProvider").append("=") .append(dstString.getValue()).append("|"); } - dstString = mse.getMsgAccount(); + dstString = mse.getValue().getMsgAccount(); if(dstString != null) { sb.append("MsgAccount").append("=") .append(dstString.getValue()).append("|"); } - dstString = mse.getMsgSubaccount(); + dstString = mse.getValue().getMsgSubaccount(); if(dstString != null) { sb.append("MsgSubAccount").append("=") .append(dstString.getValue()).append("|"); } - DSTURI dstURI = (DSTURI)mse.getMsgType().get(0); + DSTURI dstURI = (DSTURI)mse.getValue().getMsgType().get(0); if(dstURI != null) { sb.append("MsgType").append("=") .append(dstURI.getValue()).append("|"); } - dstURI = (DSTURI)mse.getMsgMethod().get(0); + dstURI = (DSTURI)mse.getValue().getMsgMethod().get(0); if(dstURI != null) { sb.append("MsgMethod").append("=") .append(dstURI.getValue()).append("|"); } - dstURI = (DSTURI)mse.getMsgTechnology().get(0); + dstURI = mse.getValue().getMsgTechnology().get(0); if(dstURI != null) { sb.append("MsgTechnology").append("=") .append(dstURI.getValue()); } - String id = mse.getId(); + String id = mse.getValue().getId(); if(id != null) { sb.append("id").append("=").append(id); } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPSignKey.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPSignKey.java index 4b0f4b533c..cc7a73b965 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPSignKey.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/idpp/container/IDPPSignKey.java @@ -23,23 +23,23 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: IDPPSignKey.java,v 1.2 2008/06/25 05:47:16 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * * Portions Copyrighted 2026 3A Systems, LLC */ package com.sun.identity.liberty.ws.idpp.container; -import javax.xml.bind.JAXBException; import java.util.Set; import java.util.HashSet; import java.util.Map; import java.util.HashMap; import java.util.List; import java.util.Iterator; -import org.w3c.dom.Document; + import com.sun.identity.liberty.ws.idpp.common.*; import com.sun.identity.liberty.ws.idpp.jaxb.*; -import com.sun.identity.liberty.ws.idpp.plugin.*; /** @@ -64,41 +64,34 @@ public IDPPSignKey() { */ public Object getContainerObject(Map userMap) throws IDPPException { IDPPUtils.debug.message("IDPPSignKey:getContainerObject:Init"); - try { - PPType ppType = IDPPUtils.getIDPPFactory().createPPElement(); - SignKeyElement signKey = - IDPPUtils.getIDPPFactory().createSignKeyElement(); - byte[][] certBytes = (byte[][]) userMap.get( - getAttributeMapper().getDSAttribute( - IDPPConstants.SIGN_KEY_ELEMENT).toLowerCase()); - - if(IDPPUtils.debug.messageEnabled()) { - IDPPUtils.debug.message("IDPPSignKey.getContainerObject: " + - "SignKey Value" + certBytes); - } - com.sun.identity.liberty.ws.common.jaxb.xmlsig.ObjectFactory of = - new com.sun.identity.liberty.ws.common.jaxb.xmlsig.ObjectFactory(); - - com.sun.identity.liberty.ws.common.jaxb.xmlsig.X509DataType - x509DataType = of.createX509DataElement(); - - com.sun.identity.liberty.ws.common.jaxb.xmlsig.X509DataType. - X509Certificate cert = of.createX509DataTypeX509Certificate( - certBytes[0]); - - x509DataType. - getX509IssuerSerialOrX509SKIOrX509SubjectName().add(cert); - - signKey.getContent().add(x509DataType); - - ppType.setSignKey(signKey); - return ppType; - } catch (JAXBException je) { - IDPPUtils.debug.error( - "IDPPContainers:getInformalName: JAXB failure", je); - throw new IDPPException( - IDPPUtils.bundle.getString("jaxbFailure")); - } + PPType ppType = IDPPUtils.getIDPPFactory().createPPType(); + KeyInfoType signKey = IDPPUtils.getIDPPFactory().createKeyInfoType(); + + byte[][] certBytes = (byte[][]) userMap.get( + getAttributeMapper().getDSAttribute( + IDPPConstants.SIGN_KEY_ELEMENT).toLowerCase()); + + if(IDPPUtils.debug.messageEnabled()) { + IDPPUtils.debug.message("IDPPSignKey.getContainerObject: " + + "SignKey Value" + certBytes); + } + com.sun.identity.liberty.ws.common.jaxb.xmlsig.ObjectFactory of = + new com.sun.identity.liberty.ws.common.jaxb.xmlsig.ObjectFactory(); + + com.sun.identity.liberty.ws.common.jaxb.xmlsig.X509DataType + x509DataType = of.createX509DataType(); + + com.sun.identity.liberty.ws.common.jaxb.xmlsig.X509DataType. + X509Certificate cert = of.createX509DataTypeX509Certificate( + certBytes[0]); + + x509DataType. + getX509IssuerSerialOrX509SKIOrX509SubjectName().add(cert); + + signKey.getContent().add(of.createX509DataElement(x509DataType)); + SignKeyElement signKeyElement = IDPPUtils.getIDPPFactory().createSignKeyElement(signKey); + ppType.setSignKey(signKeyElement); + return ppType; } /** @@ -149,7 +142,7 @@ public Map getDataMapForSelect(String select, List data) if(dataElement instanceof SignKeyElement) { byte[] certBytes = null; SignKeyElement signKey = (SignKeyElement)dataElement; - List contents = signKey.getContent(); + List contents = signKey.getValue().getContent(); if(contents == null || contents.size() == 0) { return getAttributeMap( @@ -166,8 +159,8 @@ public Map getDataMapForSelect(String select, List data) com.sun.identity.liberty.ws.common.jaxb.xmlsig.X509DataElement x509Data = (com.sun.identity.liberty.ws.common.jaxb. xmlsig.X509DataElement)obj; - List certs = - x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName(); + List certs = + x509Data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName(); if(certs == null || certs.size() == 0) { IDPPUtils.debug.error("IDPPSignKey.getDataMapForSelect:" + diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/interaction/InteractionManager.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/interaction/InteractionManager.java index 5f62d56ec7..d14d145837 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/interaction/InteractionManager.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/interaction/InteractionManager.java @@ -72,7 +72,7 @@ import java.util.Map; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import javax.xml.namespace.QName; import org.w3c.dom.Element; @@ -292,19 +292,17 @@ public Message sendRequest(Message requestMessage, UserInteractionElement ue = createUserInteractionElement( acceptLanguages); String id = SAMLUtils.generateID(); - ue.setId(id); - if (ue != null) { - try { - Element element = Utils.convertJAXBToElement(ue); - requestMessage.setOtherSOAPHeader( - element, - id); - - } catch (JAXBException je) { - debug.error("InteractionManager.sendRequest():" - + "not setting userInteractionHeader:" - + "can not convert JAXBObject to Element", je); - } + ue.getValue().setId(id); + try { + Element element = Utils.convertJAXBToElement(ue); + requestMessage.setOtherSOAPHeader( + element, + id); + + } catch (JAXBException je) { + debug.error("InteractionManager.sendRequest():" + + "not setting userInteractionHeader:" + + "can not convert JAXBObject to Element", je); } } @@ -693,7 +691,7 @@ public Message handleInteraction(Message requestMessage, } //Check WSC is willing to redirect - if (ue.isRedirect() == false) { + if (ue.getValue().isRedirect() == false) { SOAPFaultException sfe = newRedirectFaultError( QNAME_INTERACTION_REQUIRED); if (debug.warningEnabled()) { @@ -708,7 +706,7 @@ public Message handleInteraction(Message requestMessage, } //Check WSC allowed interaction - if (ue.getInteract().equals(QNAME_DO_NOT_INTERACT)) { + if (ue.getValue().getInteract().equals(QNAME_DO_NOT_INTERACT)) { SOAPFaultException sfe = newRedirectFaultError( QNAME_INTERACTION_REQUIRED); if (debug.warningEnabled()) { @@ -724,7 +722,7 @@ public Message handleInteraction(Message requestMessage, //Check WSC allowed interaction for data if (interactionConfig.wspRedirectsForData() - && ue.getInteract().equals( + && ue.getValue().getInteract().equals( QNAME_DO_NOT_INTERACT_FOR_DATA)) { SOAPFaultException sfe = newRedirectFaultError( QNAME_INTERACTION_REQUIRED_FOR_DATA); @@ -740,7 +738,7 @@ public Message handleInteraction(Message requestMessage, } //Check WSP will not exceed maxInteractionTime specified by WSC - BigInteger uemi = ue.getMaxInteractTime(); + BigInteger uemi = ue.getValue().getMaxInteractTime(); if ( (uemi != null) && (interactionConfig.getWSPRedirectTime() > uemi.intValue()) ) { SOAPFaultException sfe = newRedirectFaultError( @@ -750,7 +748,7 @@ public Message handleInteraction(Message requestMessage, + "WSP inteaction time =" + interactionConfig.getWSPRedirectTime() + " exceeds WSC maxInteractTime= " - + ue.getMaxInteractTime()); + + ue.getValue().getMaxInteractTime()); debug.warning("InteractionManager.handleInteraction():" + "throwing InteractionSOAPFaultException=" + sfe); @@ -1039,21 +1037,16 @@ String getLanguage(String messageID) { private UserInteractionElement createUserInteractionElement( List acceptLanguages) { - UserInteractionElement ue = null; - try { - ue =objectFactory.createUserInteractionElement(); - - ue.setInteract(interactionConfig - .getWSCSpecifiedInteractionChoice()); - ue.setRedirect(interactionConfig.wscSupportsRedirect()); - ue.setMaxInteractTime( - java.math.BigInteger.valueOf(interactionConfig - .getWSCSpecifiedMaxInteractionTime())); - ue.getLanguage().addAll(acceptLanguages); - } catch (JAXBException je) { - debug.error("InteractionManager.createUserInteractionElement():" - + " can not create UserInteractionElement", je); - } + UserInteractionElement ue = null; + ue =objectFactory.createUserInteractionElement(objectFactory.createUserInteractionHeaderType()); + + ue.getValue().setInteract(interactionConfig + .getWSCSpecifiedInteractionChoice()); + ue.getValue().setRedirect(interactionConfig.wscSupportsRedirect()); + ue.getValue().setMaxInteractTime( + BigInteger.valueOf(interactionConfig + .getWSCSpecifiedMaxInteractionTime())); + ue.getValue().getLanguage().addAll(acceptLanguages); return ue; } @@ -1082,13 +1075,7 @@ static UserInteractionElement getUserInteractionElement( private SOAPFaultException newRedirectFault(String messageID) { RedirectRequestElement re = null; - try{ - re = objectFactory.createRedirectRequestElement(); - - } catch (JAXBException je) { - debug.error("InteractionManager.newRedirectFault():" - + " can not create RedirectRequestElement", je); - } + re = objectFactory.createRedirectRequestElement(objectFactory.createRedirectRequestType()); CorrelationHeader ch = new CorrelationHeader(); String responseID = ch.getMessageID(); @@ -1119,7 +1106,7 @@ private SOAPFaultException newRedirectFault(String messageID) { + redirectUrl); } } - re.setRedirectURL(redirectUrl); + re.getValue().setRedirectURL(redirectUrl); List details = new ArrayList(); try { details.add(Utils.convertJAXBToElement(re)); @@ -1141,15 +1128,9 @@ private SOAPFaultException newRedirectFault(String messageID) { private SOAPFaultException newRedirectFaultError(QName errorCode) { StatusElement se = null; - try{ - se = objectFactory.createStatusElement(); - - } catch (JAXBException je) { - debug.error("InteractionManager.newRedirectFaultError():" - + " can not create StatusElement", je); - } + se = objectFactory.createStatusElement(objectFactory.createStatusType()); - se.setCode(errorCode); + se.getValue().setCode(errorCode); List details = new ArrayList(); try { details.add(Utils.convertJAXBToElement(se)); @@ -1186,7 +1167,7 @@ String getRedirectURL(SOAPFaultException sfe) throws SOAPFaultException { RedirectRequestElement rre = (RedirectRequestElement)details.get(0); if (rre != null) { - redirectURL = rre.getRedirectURL(); + redirectURL = rre.getValue().getRedirectURL(); } } if (redirectURL == null) { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/interaction/InteractionUtils.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/interaction/InteractionUtils.java index 0df5e7665d..5d49cdcbd8 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/interaction/InteractionUtils.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/interaction/InteractionUtils.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: InteractionUtils.java,v 1.2 2008/06/25 05:47:18 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -58,13 +60,13 @@ private InteractionUtils() {} * name String objects. Values in the map are parameter value * String objects */ - public static Map getParameters( + public static Map getParameters( InteractionResponseElement interactionResponseElement) { - List parameters = interactionResponseElement.getParameter(); - Map pm = new HashMap(); - Iterator iter = parameters.iterator(); + List parameters = interactionResponseElement.getValue().getParameter(); + Map pm = new HashMap<>(); + Iterator iter = parameters.iterator(); while (iter.hasNext()) { - ParameterType pt = (ParameterType) iter.next(); + ParameterType pt = iter.next(); pm.put(pt.getName(), pt.getValue()); } return pm; @@ -89,7 +91,7 @@ public static List getInteractionLangauge(Message message) { UserInteractionElement ue = InteractionManager.getUserInteractionElement(message); if (ue != null) { - languages = ue.getLanguage(); + languages = ue.getValue().getLanguage(); } if (languages == null) { languages = Collections.EMPTY_LIST; diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/interaction/WSPRedirectHandlerServlet.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/interaction/WSPRedirectHandlerServlet.java index 6168102808..74cb44d1b1 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/interaction/WSPRedirectHandlerServlet.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/interaction/WSPRedirectHandlerServlet.java @@ -46,7 +46,6 @@ import java.io.OutputStream; import java.io.PrintWriter; import java.net.URL; -import java.net.URLConnection; import java.net.HttpURLConnection; import java.net.MalformedURLException; import java.util.Enumeration; @@ -62,9 +61,9 @@ import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.ServletConfig; import jakarta.servlet.ServletException; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Marshaller; +import jakarta.xml.bind.JAXBContext; +import jakarta.xml.bind.JAXBException; +import jakarta.xml.bind.Marshaller; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.Transformer; @@ -524,12 +523,14 @@ private void sendInteractionResponsePage(String messageID, //read and save query parameters; InteractionResponseElement interactionResponseElement = JAXBObjectFactory.getObjectFactory() - .createInteractionResponseElement(); - List list = interactionResponseElement.getParameter(); - Enumeration parameterNames = httpRequest.getParameterNames(); + .createInteractionResponseElement( + JAXBObjectFactory.getObjectFactory().createInteractionResponseType() + ); + List list = interactionResponseElement.getValue().getParameter(); + Enumeration parameterNames = httpRequest.getParameterNames(); while ( parameterNames.hasMoreElements()) { String parameterName - = (String)parameterNames.nextElement(); + = parameterNames.nextElement(); /* ParameterType parameterType = JAXBObjectFactory.getObjectFactory() @@ -591,13 +592,6 @@ private void sendInteractionResponsePage(String messageID, LogUtil.access(Level.INFO,LogUtil.IS_REDIRECTED_USER_AGENT_BACK, objs); } - } catch (JAXBException je) { - debug.error( - "WSPRedirectHandlerServlet.sendInteractionResponsePage():" - + "catching JAXBException =", je); - showErrorPage(httpRequest, httpResponse, - "Error createing JAXBObject:" - + je.getMessage()); } catch (Exception e) { debug.error( "WSPRedirectHandlerServlet.sendInteractionResponsePage():" diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/soapbinding/Message.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/soapbinding/Message.java index 1586b85eff..05e6b4e345 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/soapbinding/Message.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/soapbinding/Message.java @@ -24,7 +24,7 @@ * * $Id: Message.java,v 1.3 2008/06/25 05:47:22 qcheng Exp $ * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ @@ -47,10 +47,10 @@ import java.util.List; import jakarta.xml.soap.SOAPMessage; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Marshaller; -import javax.xml.bind.Unmarshaller; +import jakarta.xml.bind.JAXBContext; +import jakarta.xml.bind.JAXBException; +import jakarta.xml.bind.Marshaller; +import jakarta.xml.bind.Unmarshaller; import javax.xml.transform.stream.StreamSource; import com.sun.identity.liberty.ws.common.wsse.BinarySecurityToken; import com.sun.identity.liberty.ws.common.wsse.WSSEConstants; diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/soapbinding/NamespacePrefixMapperImpl.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/soapbinding/NamespacePrefixMapperImpl.java index 6e8f1288df..df2b142aed 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/soapbinding/NamespacePrefixMapperImpl.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/soapbinding/NamespacePrefixMapperImpl.java @@ -23,13 +23,15 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: NamespacePrefixMapperImpl.java,v 1.2 2008/06/25 05:47:22 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * */ package com.sun.identity.liberty.ws.soapbinding; -import com.sun.xml.bind.marshaller.NamespacePrefixMapper; +import org.glassfish.jaxb.runtime.marshaller.NamespacePrefixMapper; /** * This class is the implementation of the NamespacePrefixMapper. diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/soapbinding/SOAPFault.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/soapbinding/SOAPFault.java index 0d1790b2f8..6ed2fa6013 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/soapbinding/SOAPFault.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/soapbinding/SOAPFault.java @@ -24,7 +24,7 @@ * * $Id: SOAPFault.java,v 1.2 2008/06/25 05:47:23 qcheng Exp $ * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ @@ -36,7 +36,7 @@ import java.util.Iterator; import java.util.List; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import javax.xml.namespace.QName; diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/soapbinding/SOAPFaultDetail.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/soapbinding/SOAPFaultDetail.java index 657404639e..141be1ce5e 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/soapbinding/SOAPFaultDetail.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/soapbinding/SOAPFaultDetail.java @@ -24,7 +24,7 @@ * * $Id: SOAPFaultDetail.java,v 1.2 2008/06/25 05:47:23 qcheng Exp $ * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ @@ -48,10 +48,10 @@ import org.w3c.dom.NodeList; import jakarta.xml.soap.SOAPMessage; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Marshaller; -import javax.xml.bind.Unmarshaller; +import jakarta.xml.bind.JAXBContext; +import jakarta.xml.bind.JAXBException; +import jakarta.xml.bind.Marshaller; +import jakarta.xml.bind.Unmarshaller; import javax.xml.namespace.QName; import javax.xml.transform.stream.StreamSource; diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/soapbinding/Utils.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/soapbinding/Utils.java index 813f54ebc9..2823bc3bce 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/soapbinding/Utils.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/soapbinding/Utils.java @@ -25,7 +25,7 @@ * $Id: Utils.java,v 1.9 2008/11/10 22:56:59 veiming Exp $ * * Portions Copyright 2013-2016 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.liberty.ws.soapbinding; @@ -47,14 +47,14 @@ import java.util.Set; import java.util.StringTokenizer; -import javax.xml.bind.Marshaller; -import javax.xml.bind.Unmarshaller; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; -import javax.xml.bind.NotIdentifiableEvent; -import javax.xml.bind.PropertyException; -import javax.xml.bind.ValidationEvent; -import javax.xml.bind.helpers.DefaultValidationEventHandler; +import jakarta.xml.bind.Marshaller; +import jakarta.xml.bind.Unmarshaller; +import jakarta.xml.bind.JAXBContext; +import jakarta.xml.bind.JAXBException; +import jakarta.xml.bind.NotIdentifiableEvent; +import jakarta.xml.bind.PropertyException; +import jakarta.xml.bind.ValidationEvent; +import jakarta.xml.bind.helpers.DefaultValidationEventHandler; import javax.xml.namespace.QName; import jakarta.xml.soap.MessageFactory; import jakarta.xml.soap.SOAPMessage; @@ -326,7 +326,7 @@ public static Element convertJAXBToElement(Object jaxbObj) throws JAXBException { Marshaller m = jc.createMarshaller(); try { - m.setProperty("com.sun.xml.bind.namespacePrefixMapper", + m.setProperty("org.glassfish.jaxb.namespacePrefixMapper", new NamespacePrefixMapperImpl()); } catch(PropertyException ex) { debug.error("Utils.convertJAXBToElement", ex); @@ -353,7 +353,7 @@ public static Element convertJAXBToElement(Object jaxbObj, boolean checkIdref) throws JAXBException { Marshaller m = jc.createMarshaller(); try { - m.setProperty("com.sun.xml.bind.namespacePrefixMapper", + m.setProperty("org.glassfish.jaxb.namespacePrefixMapper", new NamespacePrefixMapperImpl()); } catch(PropertyException ex) { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/util/IDFFProviderManager.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/util/IDFFProviderManager.java index 4ef3bc3a90..be37b50750 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/util/IDFFProviderManager.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/liberty/ws/util/IDFFProviderManager.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: IDFFProviderManager.java,v 1.3 2008/06/25 05:47:24 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -37,6 +39,8 @@ import com.sun.identity.federation.common.IFSConstants; import com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement; import com.sun.identity.federation.jaxb.entityconfig.BaseConfigType; +import com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement; +import com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement; import com.sun.identity.federation.key.EncInfo; import com.sun.identity.federation.key.KeyUtil; import com.sun.identity.federation.meta.IDFFMetaException; @@ -123,10 +127,13 @@ public boolean isNameIDEncryptionEnabled(String providerID) { return false; } - BaseConfigType baseConfig = + SPDescriptorConfigElement spEl = IDFFMetaUtils.getSPDescriptorConfig(entityConfig); + BaseConfigType baseConfig = (spEl == null) ? null : spEl.getValue(); if (baseConfig == null) { - baseConfig = IDFFMetaUtils.getIDPDescriptorConfig(entityConfig); + IDPDescriptorConfigElement idpEl = + IDFFMetaUtils.getIDPDescriptorConfig(entityConfig); + baseConfig = (idpEl == null) ? null : idpEl.getValue(); if (baseConfig == null) { return false; } @@ -183,11 +190,13 @@ public String getEncryptionKeyAlgorithm(String providerID) { public PrivateKey getDecryptionKey(String providerID) { BaseConfigType providerConfig = null; try { - providerConfig = idffMetaManager.getSPDescriptorConfig( + SPDescriptorConfigElement spEl = idffMetaManager.getSPDescriptorConfig( ROOT_REALM, providerID); + providerConfig = (spEl == null) ? null : spEl.getValue(); if (providerConfig == null) { - providerConfig = idffMetaManager. + IDPDescriptorConfigElement idpEl = idffMetaManager. getIDPDescriptorConfig(ROOT_REALM, providerID); + providerConfig = (idpEl == null) ? null : idpEl.getValue(); } } catch (IDFFMetaException imex) { ProviderUtil.debug.error("IDFFProviderManager.getDecryptionKey", @@ -209,11 +218,13 @@ public PrivateKey getDecryptionKey(String providerID) { public String getSigningKeyAlias(String providerID) { BaseConfigType config = null; try { - config = idffMetaManager.getSPDescriptorConfig( + SPDescriptorConfigElement spEl = idffMetaManager.getSPDescriptorConfig( ROOT_REALM, providerID); + config = (spEl == null) ? null : spEl.getValue(); if (config == null) { - config = idffMetaManager.getIDPDescriptorConfig( + IDPDescriptorConfigElement idpEl = idffMetaManager.getIDPDescriptorConfig( ROOT_REALM, providerID); + config = (idpEl == null) ? null : idpEl.getValue(); } } catch(IDFFMetaException imex) { ProviderUtil.debug.error( diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/multiprotocol/IDFFSingleLogoutHandler.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/multiprotocol/IDFFSingleLogoutHandler.java index 8fe3ee552a..b61458ec5f 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/multiprotocol/IDFFSingleLogoutHandler.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/multiprotocol/IDFFSingleLogoutHandler.java @@ -24,7 +24,7 @@ * * $Id: IDFFSingleLogoutHandler.java,v 1.6 2008/11/10 22:56:59 veiming Exp $ * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.multiprotocol; @@ -222,8 +222,10 @@ private int handleSOAPInitiatedSingleLogout(Set userSession, String userID, if (currentSessionProvider != null) { ProviderDescriptorType hostedProviderDesc = metaManager.getIDPDescriptor(realm, idpEntityId); - BaseConfigType hostedConfig = + IDPDescriptorConfigElement hostedConfigElt = metaManager.getIDPDescriptorConfig(realm, idpEntityId); + BaseConfigType hostedConfig = + (hostedConfigElt == null) ? null : hostedConfigElt.getValue(); FSSingleLogoutHandler handlerObj = new FSSingleLogoutHandler(); handlerObj.setHostedDescriptor(hostedProviderDesc); handlerObj.setHostedDescriptorConfig(hostedConfig); @@ -301,7 +303,7 @@ private String findIDPMetaAlias(String idpEntityID, String spEntityID, } IDPDescriptorConfigElement config = idffManager.getIDPDescriptorConfig(realm, idpId); - return config.getMetaAlias(); + return config.getValue().getMetaAlias(); } } } catch (Exception e) { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/multiprotocol/SAML2SingleLogoutHandler.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/multiprotocol/SAML2SingleLogoutHandler.java index c7ec30f2cb..3007d758fa 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/multiprotocol/SAML2SingleLogoutHandler.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/multiprotocol/SAML2SingleLogoutHandler.java @@ -24,7 +24,7 @@ * * $Id: SAML2SingleLogoutHandler.java,v 1.6 2008/11/10 22:57:00 veiming Exp $ * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.multiprotocol; @@ -38,6 +38,7 @@ import com.sun.identity.saml2.common.SAML2Utils; import com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement; import com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement; +import com.sun.identity.saml2.jaxb.metadata.EndpointType; import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement; import com.sun.identity.saml2.meta.SAML2MetaManager; import com.sun.identity.saml2.meta.SAML2MetaUtils; @@ -51,6 +52,8 @@ import java.util.Iterator; import java.util.List; import java.util.Set; +import java.util.stream.Collectors; +import jakarta.xml.bind.JAXBElement; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; @@ -245,7 +248,7 @@ private String findIDPMetaAlias(String idpEntityID, String spEntityID, } IDPSSOConfigElement config = saml2Manager.getIDPSSOConfig(realm, idpId); - return config.getMetaAlias(); + return config.getValue().getMetaAlias(); } } } catch (Exception e) { @@ -342,8 +345,9 @@ private int handleSOAPInitiatedSingleLogout(Set userSession, String userID, SPSSODescriptorElement sp = null; sp = SAML2Utils.getSAML2MetaManager(). getSPSSODescriptor(realm, spEntityID); - List slosList = sp.getSingleLogoutService(); - + List slosList = sp.getValue().getSingleLogoutService().stream() + .map(JAXBElement::getValue).collect(Collectors.toList()); + // get IDP entity config for basic auth info SPSSOConfigElement spConfig = SAML2Utils. getSAML2MetaManager().getSPSSOConfig(realm, spEntityID); @@ -353,7 +357,7 @@ private int handleSOAPInitiatedSingleLogout(Set userSession, String userID, LogoutUtil.doLogout(idpMetaAlias, spEntityID, slosList, null, SAML2Constants.SOAP, relayState, sessIndex[0], pair.getNameID(), request, - response, paramsMap, spConfig); + response, paramsMap, spConfig.getValue()); } catch (SAML2Exception ex) { debug.error("SAML2SLOHandler:handleSOAPSLO.doLogout" , ex); soapFailCount++; diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/multiprotocol/SingleLogoutManager.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/multiprotocol/SingleLogoutManager.java index 322775e4ed..2c1b6ecea8 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/multiprotocol/SingleLogoutManager.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/multiprotocol/SingleLogoutManager.java @@ -24,7 +24,7 @@ * * $Id: SingleLogoutManager.java,v 1.8 2008/11/10 22:57:00 veiming Exp $ * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.multiprotocol; @@ -32,6 +32,7 @@ import com.sun.identity.federation.common.FSUtils; import com.sun.identity.federation.common.IFSConstants; import com.sun.identity.federation.jaxb.entityconfig.BaseConfigType; +import com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement; import com.sun.identity.federation.message.FSLogoutResponse; import com.sun.identity.federation.message.common.FSMsgException; import com.sun.identity.federation.meta.IDFFMetaException; @@ -688,8 +689,10 @@ void sendLogoutResponse(HttpServletRequest request, Element elem = XMLUtils.toDOMDocument(logoutResponseXML, SingleLogoutManager.debug).getDocumentElement(); FSLogoutResponse responseLogout = new FSLogoutResponse(elem); - BaseConfigType hostedConfig = + IDPDescriptorConfigElement hostedConfigElt = metaManager.getIDPDescriptorConfig(realm, idpEntityID); + BaseConfigType hostedConfig = + (hostedConfigElt == null) ? null : hostedConfigElt.getValue(); logoutDoneURL = FSServiceUtils.getLogoutDonePageURL(request, hostedConfig, null); Status status = responseLogout.getStatus(); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/multiprotocol/WSFederationSingleLogoutHandler.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/multiprotocol/WSFederationSingleLogoutHandler.java index 02aa72b2bb..06a556d11a 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/multiprotocol/WSFederationSingleLogoutHandler.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/multiprotocol/WSFederationSingleLogoutHandler.java @@ -24,7 +24,7 @@ * * $Id: WSFederationSingleLogoutHandler.java,v 1.4 2009/10/28 23:58:57 exu Exp $ * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.multiprotocol; @@ -222,7 +222,7 @@ private String findIDPMetaAlias(String idpEntityID, String spEntityID, } IDPSSOConfigElement config = metaManager.getIDPSSOConfig(realm, idpId); - return config.getMetaAlias(); + return config.getValue().getMetaAlias(); } } } catch (Exception e) { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/plugin/configuration/impl/FedletConfigurationImpl.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/plugin/configuration/impl/FedletConfigurationImpl.java index a7ecccf45e..817ce1283f 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/plugin/configuration/impl/FedletConfigurationImpl.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/plugin/configuration/impl/FedletConfigurationImpl.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: FedletConfigurationImpl.java,v 1.5 2010/01/26 21:31:59 madan_ranganath Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -54,7 +56,7 @@ import java.util.HashMap; import java.util.Map; import java.util.Set; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -278,7 +280,7 @@ private String getEntityID(String metaXML) { try { Object obj = SAML2MetaUtils.convertStringToJAXB(metaXML); if (obj instanceof EntityDescriptorElement) { - return ((EntityDescriptorElement) obj).getEntityID(); + return ((EntityDescriptorElement) obj).getValue().getEntityID(); } } catch (JAXBException jaxbe) { debug.error("FedletConfigImpl.getEntityID: " + metaXML, jaxbe); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/common/SAML2Utils.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/common/SAML2Utils.java index b95e6cdf13..2bf059be83 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/common/SAML2Utils.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/common/SAML2Utils.java @@ -139,6 +139,7 @@ import jakarta.servlet.http.Cookie; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; +import jakarta.xml.bind.JAXBElement; import jakarta.xml.soap.MimeHeader; import jakarta.xml.soap.MimeHeaders; import org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException; @@ -433,7 +434,7 @@ public static Map verifyResponse( throw new SAML2Exception(sme); } if (idpSSODescriptor != null) { - Set verificationCerts = KeyUtil.getVerificationCerts(idpSSODescriptor, idpEntityId, + Set verificationCerts = KeyUtil.getVerificationCerts(idpSSODescriptor.getValue(), idpEntityId, SAML2Constants.IDP_ROLE); if (CollectionUtils.isEmpty(verificationCerts) || !response.isSignatureValid(verificationCerts)) { debug.error(method + "Response is not signed or signature is not valid."); @@ -472,7 +473,7 @@ public static Map verifyResponse( Set decryptionKeys; List encAssertions = response.getEncryptedAssertion(); if (encAssertions != null) { - decryptionKeys = KeyUtil.getDecryptionKeys(spConfig); + decryptionKeys = KeyUtil.getDecryptionKeys(spConfig.getValue()); for (EncryptedAssertion encAssertion : encAssertions) { Assertion assertion = encAssertion.decrypt(decryptionKeys); if (assertions == null) { @@ -491,7 +492,7 @@ public static Map verifyResponse( throw new SAML2Exception(SAML2Utils.bundle.getString("missingAssertion")); } - boolean wantAssertionsSigned = spDesc.isWantAssertionsSigned(); + boolean wantAssertionsSigned = Boolean.TRUE.equals(spDesc.getValue().isWantAssertionsSigned()); if (debug.messageEnabled()) { debug.message(method + "wantAssertionsSigned is :" + wantAssertionsSigned); } @@ -552,7 +553,7 @@ public static Map verifyResponse( if (verificationCerts == null) { idp = saml2MetaManager.getIDPSSODescriptor( orgName, idpEntityId); - verificationCerts = KeyUtil.getVerificationCerts(idp, idpEntityId, SAML2Constants.IDP_ROLE); + verificationCerts = KeyUtil.getVerificationCerts(unwrap(idp), idpEntityId, SAML2Constants.IDP_ROLE); } if (CollectionUtils.isEmpty(verificationCerts) || !assertion.isSignatureValid(verificationCerts)) { debug.error(method + @@ -568,7 +569,7 @@ public static Map verifyResponse( } else { allAssertionsSigned = false; } - List authnStmts = assertion.getAuthnStatements(); + List authnStmts = assertion.getAuthnStatements(); if (authnStmts != null && !authnStmts.isEmpty()) { Subject subject = assertion.getSubject(); if (subject == null) { @@ -798,9 +799,9 @@ public static void validateRecipient(SPSSODescriptorElement spDesc, String asser throw new SAML2Exception(bundle.getString("missingRecipient")); } boolean foundMatch = false; - for (Object o : spDesc.getAssertionConsumerService()) { + for (Object o : spDesc.getValue().getAssertionConsumerService()) { AssertionConsumerServiceElement acs = (AssertionConsumerServiceElement) o; - if (recipient.equals(acs.getLocation())) { + if (recipient.equals(acs.getValue().getLocation())) { foundMatch = true; break; } @@ -1000,7 +1001,7 @@ public static String getAttributeValueFromSPSSOConfig( if (config == null) { return null; } - Map attrs = SAML2MetaUtils.getAttributes(config); + Map attrs = SAML2MetaUtils.getAttributes(config.getValue()); List value = (List) attrs.get(attrName); if (value != null && value.size() != 0) { result = ((String) value.iterator().next()).trim(); @@ -2190,21 +2191,21 @@ public static List getAllAttributeValueFromSSOConfig(String realm, try { BaseConfigType config = null; if (entityRole.equalsIgnoreCase(SAML2Constants.SP_ROLE)) { - config = saml2MetaManager.getSPSSOConfig(realm, hostEntityId); + config = unwrap(saml2MetaManager.getSPSSOConfig(realm, hostEntityId)); } else if (entityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) { - config = saml2MetaManager.getIDPSSOConfig(realm, hostEntityId); + config = unwrap(saml2MetaManager.getIDPSSOConfig(realm, hostEntityId)); } else if (entityRole.equalsIgnoreCase( SAML2Constants.ATTR_AUTH_ROLE)) { - config = saml2MetaManager.getAttributeAuthorityConfig(realm, - hostEntityId); + config = unwrap(saml2MetaManager.getAttributeAuthorityConfig(realm, + hostEntityId)); } else if (entityRole.equalsIgnoreCase( SAML2Constants.AUTHN_AUTH_ROLE)) { - config = saml2MetaManager.getAuthnAuthorityConfig(realm, - hostEntityId); + config = unwrap(saml2MetaManager.getAuthnAuthorityConfig(realm, + hostEntityId)); } else if (entityRole.equalsIgnoreCase( SAML2Constants.ATTR_QUERY_ROLE)) { - config = saml2MetaManager.getAttributeQueryConfig(realm, - hostEntityId); + config = unwrap(saml2MetaManager.getAttributeQueryConfig(realm, + hostEntityId)); } if (config == null) { @@ -2221,6 +2222,16 @@ public static List getAllAttributeValueFromSSOConfig(String realm, return null; } + /** + * Returns the value contained in the given JAXB element, or {@code null} + * if the element itself is {@code null}. The metadata/config lookups + * return {@code null} when the requested role or config is absent, so + * this guards against a {@code NullPointerException} on {@code getValue()}. + */ + private static T unwrap(JAXBElement element) { + return (element == null) ? null : element.getValue(); + } + /** * Returns the role of host entity. * @@ -2402,11 +2413,11 @@ public static boolean verifyQueryString(String queryString, String realm, if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) { SPSSODescriptorElement spSSODesc = saml2MetaManager.getSPSSODescriptor(realm, remoteEntity); - signingCerts = KeyUtil.getVerificationCerts(spSSODesc, remoteEntity, SAML2Constants.SP_ROLE); + signingCerts = KeyUtil.getVerificationCerts(spSSODesc.getValue(), remoteEntity, SAML2Constants.SP_ROLE); } else { IDPSSODescriptorElement idpSSODesc = saml2MetaManager.getIDPSSODescriptor(realm, remoteEntity); - signingCerts = KeyUtil.getVerificationCerts(idpSSODesc, remoteEntity, SAML2Constants.IDP_ROLE); + signingCerts = KeyUtil.getVerificationCerts(idpSSODesc.getValue(), remoteEntity, SAML2Constants.IDP_ROLE); } if (debug.messageEnabled()) { @@ -2638,7 +2649,7 @@ public static String getReaderURL(String spMetaAlias) { saml2MetaManager.getSPSSOConfig(realm, spEntityID); Map spConfigAttrsMap = null; if (spEntityCfg != null) { - spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg); + spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg.getValue()); List cotList = (List) spConfigAttrsMap.get("cotlist"); String cotListStr = (String) cotList.iterator().next(); CircleOfTrustDescriptor cotDesc = @@ -3215,7 +3226,7 @@ public static Map getSAEAttrs( if (spConfig == null) { return null; } - attrs = SAML2MetaUtils.getAttributes(spConfig); + attrs = SAML2MetaUtils.getAttributes(spConfig.getValue()); } else { idpConfig = saml2MetaManager.getIDPSSOConfig(realm, entityId); @@ -3223,7 +3234,7 @@ public static Map getSAEAttrs( debug.message("SAML2Utils.getSAEAttrs: idpconfig is null"); return null; } - attrs = SAML2MetaUtils.getAttributes(idpConfig); + attrs = SAML2MetaUtils.getAttributes(idpConfig.getValue()); } if (attrs == null) { @@ -3414,14 +3425,14 @@ public static String getAttributeValueFromXACMLConfig( pepConfig = saml2MetaManager.getPolicyEnforcementPointConfig( realm, entityID); if (pepConfig != null) { - attrs = SAML2MetaUtils.getAttributes(pepConfig); + attrs = SAML2MetaUtils.getAttributes(pepConfig.getValue()); } } else { pdpConfig = saml2MetaManager.getPolicyDecisionPointConfig(realm, entityID); if (pdpConfig != null) { - attrs = SAML2MetaUtils.getAttributes(pdpConfig); + attrs = SAML2MetaUtils.getAttributes(pdpConfig.getValue()); } } @@ -3553,9 +3564,9 @@ public static Map getConfigAttributeMap(String realm, String hostEntityID, try { BaseConfigType config = null; if (role.equals(SAML2Constants.SP_ROLE)) { - config = saml2MetaManager.getSPSSOConfig(realm, hostEntityID); + config = unwrap(saml2MetaManager.getSPSSOConfig(realm, hostEntityID)); } else if (role.equals(SAML2Constants.IDP_ROLE)) { - config = saml2MetaManager.getIDPSSOConfig(realm, hostEntityID); + config = unwrap(saml2MetaManager.getIDPSSOConfig(realm, hostEntityID)); } @@ -3707,12 +3718,12 @@ public static String verifyNameIDFormat(String nameIDFormat, SPSSODescriptorElement spsso, IDPSSODescriptorElement idpsso) throws SAML2Exception { - List spNameIDFormatList = spsso.getNameIDFormat(); + List spNameIDFormatList = spsso.getValue().getNameIDFormat(); List idpNameIDFormatList = null; // idpsso is null for ECP case if (idpsso != null) { - idpNameIDFormatList = idpsso.getNameIDFormat(); + idpNameIDFormatList = idpsso.getValue().getNameIDFormat(); } if ((nameIDFormat == null) || (nameIDFormat.length() == 0)) { @@ -4085,18 +4096,18 @@ public static boolean isSPProfileBindingSupported( try { SPSSODescriptorElement spDescriptor = saml2MetaManager.getSPSSODescriptor(realm, spEntityID); - List services = null; + List> services = null; if (SAML2Constants.ACS_SERVICE.equals(profile)) { - services = spDescriptor.getAssertionConsumerService(); + services = spDescriptor.getValue().getAssertionConsumerService(); } else if (SAML2Constants.SLO_SERVICE.equals(profile)) { - services = spDescriptor.getSingleLogoutService(); + services = spDescriptor.getValue().getSingleLogoutService(); } else if (SAML2Constants.MNI_SERVICE.equals(profile)) { - services = spDescriptor.getManageNameIDService(); + services = spDescriptor.getValue().getManageNameIDService(); } if ((services != null) && (!services.isEmpty())) { - Iterator iter = services.iterator(); + Iterator> iter = services.iterator(); while (iter.hasNext()) { - EndpointType endpoint = (EndpointType) iter.next(); + EndpointType endpoint = iter.next().getValue(); if (binding.equals(endpoint.getBinding())) { return true; } @@ -4128,30 +4139,30 @@ public static boolean isIDPProfileBindingSupported( try { IDPSSODescriptorElement idpDescriptor = saml2MetaManager.getIDPSSODescriptor(realm, idpEntityID); - List services = null; + List> services = null; if (SAML2Constants.SSO_SERVICE.equals(profile)) { - services = idpDescriptor.getSingleSignOnService(); + services = idpDescriptor.getValue().getSingleSignOnService(); } else if (SAML2Constants.NAMEID_MAPPING_SERVICE.equals(profile)) { - services = idpDescriptor.getNameIDMappingService(); + services = idpDescriptor.getValue().getNameIDMappingService(); } else if ( SAML2Constants.ASSERTION_ID_REQUEST_SERVICE.equals(profile)) { services = saml2MetaManager. - getAuthnAuthorityDescriptor(realm, idpEntityID). + getAuthnAuthorityDescriptor(realm, idpEntityID).getValue(). getAssertionIDRequestService(); } else if ( SAML2Constants.ARTIFACT_RESOLUTION_SERVICE.equals(profile)) { - services = idpDescriptor.getArtifactResolutionService(); + services = idpDescriptor.getValue().getArtifactResolutionService(); } else if ( SAML2Constants.SLO_SERVICE.equals(profile)) { - services = idpDescriptor.getSingleLogoutService(); + services = idpDescriptor.getValue().getSingleLogoutService(); } else if ( SAML2Constants.MNI_SERVICE.equals(profile)) { - services = idpDescriptor.getManageNameIDService(); + services = idpDescriptor.getValue().getManageNameIDService(); } if ((services != null) && (!services.isEmpty())) { - Iterator iter = services.iterator(); + Iterator> iter = services.iterator(); while (iter.hasNext()) { - EndpointType endpoint = (EndpointType) iter.next(); + EndpointType endpoint = iter.next().getValue(); if (binding.equals(endpoint.getBinding())) { return true; } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/key/KeyUtil.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/key/KeyUtil.java index 56c0a7d16d..38b7065e3a 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/key/KeyUtil.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/key/KeyUtil.java @@ -25,6 +25,7 @@ * $Id: KeyUtil.java,v 1.10 2009/08/28 23:42:14 exu Exp $ * * Portions Copyrighted 2013-2016 ForgeRock AS. + * Portions Copyrighted 2026 3A Systems LLC. */ package com.sun.identity.saml2.key; @@ -42,6 +43,9 @@ import java.util.Set; import com.sun.identity.saml2.common.SAML2Utils; +import com.sun.identity.saml2.jaxb.metadata.EncryptionMethodElement; +import com.sun.identity.saml2.jaxb.metadata.KeyDescriptorElement; +import com.sun.identity.saml2.jaxb.metadata.KeyTypes; import org.apache.xml.security.encryption.XMLCipher; import com.sun.identity.common.SystemConfigurationUtil; @@ -224,7 +228,7 @@ public static Set getVerificationCerts(RoleDescriptorType roleD ); return null; } - List keyDescriptors = getKeyDescriptors(roleDescriptor, SAML2Constants.SIGNING); + List keyDescriptors = getKeyDescriptors(roleDescriptor, SAML2Constants.SIGNING); if (keyDescriptors.isEmpty()) { SAML2SDKUtils.debug.error( classMethod+ @@ -234,7 +238,7 @@ public static Set getVerificationCerts(RoleDescriptorType roleD return certificates; } - for (KeyDescriptorType keyDescriptor : keyDescriptors) { + for (KeyDescriptorElement keyDescriptor : keyDescriptors) { certificates.add(getCert(keyDescriptor)); } if (certificates.isEmpty()) { @@ -288,7 +292,7 @@ public static EncInfo getEncInfo( ); return null; } - KeyDescriptorType kd = + KeyDescriptorElement kd = getKeyDescriptor(roled, SAML2Constants.ENCRYPTION); if (kd == null) { SAML2SDKUtils.debug.error( @@ -307,12 +311,12 @@ public static EncInfo getEncInfo( ); return null; } - List emList = kd.getEncryptionMethod(); + List emList = kd.getValue().getEncryptionMethod(); EncryptionMethodType em = null; String algorithm = null; int keySize = 0; if (emList != null && !emList.isEmpty()) { - em = (EncryptionMethodType)emList.get(0); + em = emList.get(0).getValue(); if (em != null) { algorithm = em.getAlgorithm(); List cList = em.getContent(); @@ -353,16 +357,16 @@ public static EncInfo getEncInfo( * @param usage Type of the {@link KeyDescriptorType}s to be retrieved. Its value is "encryption" or "signing". * @return {@link KeyDescriptorType}s in {@link RoleDescriptorType} that matched the usage type. */ - public static List getKeyDescriptors(RoleDescriptorType roleDescriptor, String usage) { - List keyDescriptors = roleDescriptor.getKeyDescriptor(); - List matches = new ArrayList<>(keyDescriptors.size()); - List keyDescriptorsWithoutUsage = new ArrayList<>(keyDescriptors.size()); - - for (KeyDescriptorType keyDescriptor : keyDescriptors) { - String use = keyDescriptor.getUse(); - if (StringUtils.isBlank(use)) { + public static List getKeyDescriptors(RoleDescriptorType roleDescriptor, String usage) { + List keyDescriptors = roleDescriptor.getKeyDescriptor(); + List matches = new ArrayList<>(keyDescriptors.size()); + List keyDescriptorsWithoutUsage = new ArrayList<>(keyDescriptors.size()); + + for (KeyDescriptorElement keyDescriptor : keyDescriptors) { + KeyTypes use = keyDescriptor.getValue().getUse(); + if (use == null || StringUtils.isBlank(use.value())) { keyDescriptorsWithoutUsage.add(keyDescriptor); - } else if (use.trim().toLowerCase().equals(usage)) { + } else if (use.value().trim().toLowerCase().equals(usage)) { matches.add(keyDescriptor); } } @@ -381,11 +385,11 @@ public static List getKeyDescriptors(RoleDescriptorType roleD * @return KeyDescriptorType in RoleDescriptorType that matched * the usage type. */ - public static KeyDescriptorType getKeyDescriptor( + public static KeyDescriptorElement getKeyDescriptor( RoleDescriptorType roled, String usage ) { - final List keyDescriptors = getKeyDescriptors(roled, usage); + final List keyDescriptors = getKeyDescriptors(roled, usage); return CollectionUtils.getFirstItem(keyDescriptors, null); } @@ -396,11 +400,11 @@ public static KeyDescriptorType getKeyDescriptor( * null if no certificate is included. */ public static java.security.cert.X509Certificate getCert( - KeyDescriptorType kd + KeyDescriptorElement kd ) { String classMethod = "KeyUtil.getCert: "; - KeyInfoType ki = kd.getKeyInfo(); + KeyInfoType ki = kd.getValue().getKeyInfo(); if (ki == null) { SAML2SDKUtils.debug.error(classMethod + "No KeyInfo."); @@ -421,7 +425,7 @@ public static java.security.cert.X509Certificate getCert( return null; } //iterate and search the X509Certificate node - it = data.getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator(); + it = data.getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator(); com.sun.identity.saml2.jaxb.xmlsig.X509DataType.X509Certificate cert = null; while ((cert == null) && it.hasNext()) { Object content = it.next(); @@ -471,7 +475,7 @@ public static java.security.cert.X509Certificate getCert( */ public static Set getPEPVerificationCerts(XACMLAuthzDecisionQueryDescriptorElement pepDescriptor, String entityID) { - return getVerificationCerts(pepDescriptor, entityID, SAML2Constants.PEP_ROLE); + return getVerificationCerts(pepDescriptor.getValue(), entityID, SAML2Constants.PEP_ROLE); } /** @@ -513,7 +517,7 @@ public static EncInfo getPEPEncInfo( ); return null; } - KeyDescriptorType kd = getKeyDescriptor(pepDesc,SAML2Constants.ENCRYPTION); + KeyDescriptorElement kd = getKeyDescriptor(pepDesc.getValue(), SAML2Constants.ENCRYPTION); if (kd == null) { SAML2SDKUtils.debug.error( classMethod+ @@ -533,7 +537,7 @@ public static EncInfo getPEPEncInfo( * @param role the role of the entity . Value can be PEP or PDP. * @return EncInfo the encryption info. */ - private static EncInfo getEncryptionInfo(KeyDescriptorType kd, + private static EncInfo getEncryptionInfo(KeyDescriptorElement kd, String entityID, String role) { String classMethod = "KeyUtil:getEncryptionInfo:"; java.security.cert.X509Certificate cert = getCert(kd); @@ -545,12 +549,12 @@ private static EncInfo getEncryptionInfo(KeyDescriptorType kd, ); return null; } - List emList = kd.getEncryptionMethod(); + List emList = kd.getValue().getEncryptionMethod(); EncryptionMethodType em = null; String algorithm = null; int keySize = 0; if (emList != null && !emList.isEmpty()) { - em = (EncryptionMethodType)emList.get(0); + em = emList.get(0).getValue(); if (em != null) { algorithm = em.getAlgorithm(); List cList = em.getContent(); @@ -586,7 +590,7 @@ private static EncInfo getEncryptionInfo(KeyDescriptorType kd, */ public static Set getPDPVerificationCerts(XACMLPDPDescriptorElement pdpDescriptor, String entityID) { - return getVerificationCerts(pdpDescriptor, entityID, SAML2Constants.PDP_ROLE); + return getVerificationCerts(pdpDescriptor.getValue(), entityID, SAML2Constants.PDP_ROLE); } /** diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/meta/NamespacePrefixMapperImpl.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/meta/NamespacePrefixMapperImpl.java index e8d2e9f521..466e385e00 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/meta/NamespacePrefixMapperImpl.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/meta/NamespacePrefixMapperImpl.java @@ -23,13 +23,15 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: NamespacePrefixMapperImpl.java,v 1.3 2008/06/25 05:47:49 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * */ package com.sun.identity.saml2.meta; -import com.sun.xml.bind.marshaller.NamespacePrefixMapper; +import org.glassfish.jaxb.runtime.marshaller.NamespacePrefixMapper; public class NamespacePrefixMapperImpl extends NamespacePrefixMapper { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/meta/SAML2COTUtils.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/meta/SAML2COTUtils.java index e692d6ffab..f7505f58cc 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/meta/SAML2COTUtils.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/meta/SAML2COTUtils.java @@ -23,21 +23,21 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: SAML2COTUtils.java,v 1.8 2009/10/28 23:58:58 exu Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * */ package com.sun.identity.saml2.meta; -import javax.xml.bind.JAXBException; +import com.sun.identity.saml2.jaxb.entityconfig.AttributeElement; +import jakarta.xml.bind.JAXBException; import java.util.Iterator; import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.HashSet; -import java.util.logging.Level; + +import com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType; import com.sun.identity.shared.debug.Debug; -import com.sun.identity.saml2.logging.LogUtil; import com.sun.identity.saml2.common.SAML2Constants; import com.sun.identity.saml2.jaxb.entityconfig.AffiliationConfigElement; import com.sun.identity.saml2.jaxb.entityconfig.AttributeType; @@ -52,6 +52,8 @@ import com.sun.identity.saml2.jaxb.metadata.XACMLAuthzDecisionQueryDescriptorElement; import com.sun.identity.saml2.jaxb.metadataextquery.AttributeQueryDescriptorElement; import com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement; +import jakarta.xml.bind.JAXBElement; + import java.util.ArrayList; /** @@ -125,81 +127,80 @@ public void updateEntityConfig(String realm, String name, String entityId) atype.setName(SAML2Constants.COT_LIST); atype.getValue().add(name); // add to eConfig - EntityConfigElement ele =objFactory.createEntityConfigElement(); - ele.setEntityID(entityId); - ele.setHosted(false); + EntityConfigElement ele = objFactory.createEntityConfigElement(objFactory.createEntityConfigType()); + ele.getValue().setEntityID(entityId); + ele.getValue().setHosted(false); if (isAffiliation) { // handle affiliation case - bctype = objFactory.createAffiliationConfigElement(); - bctype.getAttribute().add(atype); - ele.setAffiliationConfig(bctype); + bctype = new BaseConfigType() {}; + bctype.getAttribute().add(objFactory.createAttributeElement(atype)); + ele.getValue().setAffiliationConfig(objFactory.createAffiliationConfigElement(bctype)); } else { - List ll = - ele.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); + List> ll = + ele.getValue().getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); // Decide which role EntityDescriptorElement includes - List list = - edes.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); + List> list = + edes.getValue().getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); - for(Iterator iter = list.iterator(); iter.hasNext();) { + for(Iterator> iter = list.iterator(); iter.hasNext();) { Object obj = iter.next(); if (obj instanceof SPSSODescriptorElement) { - bctype = objFactory.createSPSSOConfigElement(); - bctype.getAttribute().add(atype); - ll.add(bctype); + bctype = new BaseConfigType() {}; + bctype.getAttribute().add(objFactory.createAttributeElement(atype)); + ll.add(objFactory.createSPSSOConfigElement(bctype)); } else if (obj instanceof IDPSSODescriptorElement) { - bctype = objFactory.createIDPSSOConfigElement(); - bctype.getAttribute().add(atype); - ll.add(bctype); + bctype = new BaseConfigType() {}; + bctype.getAttribute().add(objFactory.createAttributeElement(atype)); + ll.add(objFactory.createIDPSSOConfigElement(bctype)); } else if (obj instanceof XACMLPDPDescriptorElement) { - bctype = objFactory.createXACMLPDPConfigElement(); - bctype.getAttribute().add(atype); - ll.add(bctype); + bctype = new BaseConfigType() {}; + bctype.getAttribute().add(objFactory.createAttributeElement(atype)); + ll.add(objFactory.createXACMLPDPConfigElement(bctype)); } else if (obj instanceof XACMLAuthzDecisionQueryDescriptorElement) { - bctype = - objFactory.createXACMLAuthzDecisionQueryConfigElement(); - bctype.getAttribute().add(atype); - ll.add(bctype); + bctype = new BaseConfigType() {}; + + bctype.getAttribute().add(objFactory.createAttributeElement(atype)); + ll.add(objFactory.createXACMLAuthzDecisionQueryConfigElement(bctype)); } else if (obj instanceof AttributeAuthorityDescriptorElement) { - bctype = - objFactory.createAttributeAuthorityConfigElement(); - bctype.getAttribute().add(atype); - ll.add(bctype); + bctype = new BaseConfigType() {}; + bctype.getAttribute().add(objFactory.createAttributeElement(atype)); + ll.add(objFactory.createAttributeAuthorityConfigElement(bctype)); } else if (obj instanceof AttributeQueryDescriptorElement){ - bctype = objFactory.createAttributeQueryConfigElement(); - bctype.getAttribute().add(atype); - ll.add(bctype); + bctype = new BaseConfigType() {}; + bctype.getAttribute().add(objFactory.createAttributeElement(atype)); + ll.add(objFactory.createAttributeQueryConfigElement(bctype)); } else if (obj instanceof AuthnAuthorityDescriptorElement) { - bctype = objFactory.createAuthnAuthorityConfigElement(); - bctype.getAttribute().add(atype); - ll.add(bctype); + bctype = new BaseConfigType() {}; + bctype.getAttribute().add(objFactory.createAttributeElement(atype)); + ll.add(objFactory.createAuthnAuthorityConfigElement(bctype)); } } } metaManager.setEntityConfig(realm,ele); } else { boolean needToSave = true; - List elist = null; + List> elist = null; if (isAffiliation) { AffiliationConfigElement affiliationCfgElm = metaManager.getAffiliationConfig(realm, entityId); - elist = new ArrayList(); + elist = new ArrayList<>(); elist.add(affiliationCfgElm); } else { - elist = eConfig. + elist = eConfig.getValue(). getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); } - for (Iterator iter = elist.iterator(); iter.hasNext();) { + for (Iterator> iter = elist.iterator(); iter.hasNext();) { boolean foundCOT = false; - BaseConfigType bConfig = (BaseConfigType)iter.next(); - List list = bConfig.getAttribute(); - for (Iterator iter2 = list.iterator(); iter2.hasNext();) { - AttributeType avp = (AttributeType)iter2.next(); + BaseConfigType bConfig = iter.next().getValue(); + List list = bConfig.getAttribute(); + for (Iterator iter2 = list.iterator(); iter2.hasNext();) { + AttributeType avp = iter2.next().getValue(); if (avp.getName().trim().equalsIgnoreCase( SAML2Constants.COT_LIST)) { foundCOT = true; - List avpl = avp.getValue(); + List avpl = avp.getValue(); if (avpl.isEmpty() ||!containsValue(avpl,name)) { avpl.add(name); needToSave = true; @@ -212,7 +213,7 @@ public void updateEntityConfig(String realm, String name, String entityId) AttributeType atype = objFactory.createAttributeType(); atype.setName(SAML2Constants.COT_LIST); atype.getValue().add(name); - list.add(atype); + list.add(objFactory.createAttributeElement(atype)); needToSave = true; } } @@ -222,9 +223,9 @@ public void updateEntityConfig(String realm, String name, String entityId) } } - private boolean containsValue(List list, String name) { - for (Iterator iter = list.iterator(); iter.hasNext();) { - if (((String) iter.next()).trim().equalsIgnoreCase(name)) { + private boolean containsValue(List list, String name) { + for (Iterator iter = list.iterator(); iter.hasNext();) { + if (iter.next().trim().equalsIgnoreCase(name)) { return true; } } @@ -273,26 +274,26 @@ public void removeFromEntityConfig(String realm,String name,String entityId) } if (eConfig != null) { - List elist = null; + List> elist = null; if (isAffiliation) { AffiliationConfigElement affiliationCfgElm = metaManager.getAffiliationConfig(realm, entityId); - elist = new ArrayList(); + elist = new ArrayList<>(); elist.add(affiliationCfgElm); } else { - elist = eConfig. + elist = eConfig.getValue(). getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); } boolean needToSave = false; - for (Iterator iter = elist.iterator(); iter.hasNext();) { - BaseConfigType bConfig = (BaseConfigType)iter.next(); - List list = bConfig.getAttribute(); - for (Iterator iter2 = list.iterator(); iter2.hasNext();) { - AttributeType avp = (AttributeType)iter2.next(); + for (Iterator> iter = elist.iterator(); iter.hasNext();) { + BaseConfigType bConfig = iter.next().getValue(); + List list = bConfig.getAttribute(); + for (Iterator iter2 = list.iterator(); iter2.hasNext();) { + AttributeType avp = iter2.next().getValue(); if (avp.getName().trim().equalsIgnoreCase( SAML2Constants.COT_LIST)) { - List avpl = avp.getValue(); + List avpl = avp.getValue(); if (avpl != null && !avpl.isEmpty() && containsValue(avpl,name)) { avpl.remove(name); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/meta/SAML2MetaManager.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/meta/SAML2MetaManager.java index c022570ac6..9529342027 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/meta/SAML2MetaManager.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/meta/SAML2MetaManager.java @@ -38,8 +38,9 @@ import java.util.Map; import java.util.Set; import java.util.logging.Level; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBElement; import org.forgerock.openam.utils.CollectionUtils; import org.forgerock.openam.utils.StringUtils; @@ -375,7 +376,7 @@ public AffiliationDescriptorType getAffiliationDescriptor( entityId); return (eDescriptor == null ? null : - eDescriptor.getAffiliationDescriptor()); + eDescriptor.getValue().getAffiliationDescriptor()); } /** @@ -389,7 +390,7 @@ public void setEntityDescriptor( EntityDescriptorElement descriptor) throws SAML2MetaException { - String entityId = descriptor.getEntityID(); + String entityId = descriptor.getValue().getEntityID(); if (entityId == null) { debug.error( "SAML2MetaManager.setEntityDescriptor: entity ID is null"); @@ -466,9 +467,9 @@ public void createEntity( } String entityId = null; if (descriptor != null) { - entityId = descriptor.getEntityID(); + entityId = descriptor.getValue().getEntityID(); } else { - entityId = config.getEntityID(); + entityId = config.getValue().getEntityID(); } if (realm == null) { @@ -527,10 +528,10 @@ public void createEntity( } if (oldDescriptor != null) { if (descriptor != null) { - List currentRoles = oldDescriptor. + List currentRoles = oldDescriptor.getValue(). getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); Set currentRolesTypes = getEntityRolesTypes(currentRoles); - List newRoles = descriptor. + List newRoles = descriptor.getValue(). getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); for (Iterator i = newRoles.iterator(); i.hasNext(); ) { Object role = i.next(); @@ -573,10 +574,10 @@ public void createEntity( objs); } if (oldConfig != null) { - List currentRoles = oldConfig. + List currentRoles = oldConfig.getValue(). getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); Set currentRolesTypes = getEntityRolesTypes(currentRoles); - List newRoles = config. + List newRoles = config.getValue(). getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); for (Iterator i = newRoles.iterator(); i.hasNext(); ) { Object role = i.next(); @@ -819,9 +820,9 @@ public SPSSOConfigElement getSPSSOConfig(String realm, String entityId) return null; } - List list = - eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); - for(Iterator iter = list.iterator(); iter.hasNext();) { + List> list = + eConfig.getValue().getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); + for(Iterator> iter = list.iterator(); iter.hasNext();) { Object obj = iter.next(); if (obj instanceof SPSSOConfigElement) { return (SPSSOConfigElement)obj; @@ -846,10 +847,10 @@ public XACMLPDPConfigElement getPolicyDecisionPointConfig( EntityConfigElement eConfig = getEntityConfig(realm, entityId); if (eConfig != null) { - List list = - eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); - for (Iterator i = list.iterator(); i.hasNext() && (elm == null);) { - Object obj = i.next(); + List> list = + eConfig.getValue().getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); + for (Iterator> i = list.iterator(); i.hasNext() && (elm == null);) { + JAXBElement obj = i.next(); if (obj instanceof XACMLPDPConfigElement) { elm = (XACMLPDPConfigElement)obj; } @@ -873,10 +874,10 @@ public XACMLAuthzDecisionQueryConfigElement getPolicyEnforcementPointConfig( EntityConfigElement eConfig = getEntityConfig(realm, entityId); if (eConfig != null) { - List list = - eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); - for (Iterator i = list.iterator(); i.hasNext() && (elm == null);) { - Object obj = i.next(); + List> list = + eConfig.getValue().getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); + for (Iterator> i = list.iterator(); i.hasNext() && (elm == null);) { + JAXBElement obj = i.next(); if (obj instanceof XACMLAuthzDecisionQueryConfigElement) { elm = (XACMLAuthzDecisionQueryConfigElement)obj; } @@ -902,10 +903,10 @@ public IDPSSOConfigElement getIDPSSOConfig(String realm, String entityId) return null; } - List list = - eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); - for(Iterator iter = list.iterator(); iter.hasNext();) { - Object obj = iter.next(); + List> list = + eConfig.getValue().getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); + for(Iterator> iter = list.iterator(); iter.hasNext();) { + JAXBElement obj = iter.next(); if (obj instanceof IDPSSOConfigElement) { return (IDPSSOConfigElement)obj; } @@ -932,10 +933,10 @@ public AttributeAuthorityConfigElement getAttributeAuthorityConfig( return null; } - List list = - eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); - for(Iterator iter = list.iterator(); iter.hasNext();) { - Object obj = iter.next(); + List> list = + eConfig.getValue().getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); + for(Iterator> iter = list.iterator(); iter.hasNext();) { + JAXBElement obj = iter.next(); if (obj instanceof AttributeAuthorityConfigElement) { return (AttributeAuthorityConfigElement)obj; } @@ -962,10 +963,10 @@ public AttributeQueryConfigElement getAttributeQueryConfig( return null; } - List list = - eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); - for(Iterator iter = list.iterator(); iter.hasNext();) { - Object obj = iter.next(); + List> list = + eConfig.getValue().getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); + for(Iterator> iter = list.iterator(); iter.hasNext();) { + JAXBElement obj = iter.next(); if (obj instanceof AttributeQueryConfigElement) { return (AttributeQueryConfigElement)obj; } @@ -993,7 +994,7 @@ public AuthnAuthorityConfigElement getAuthnAuthorityConfig( } List list = - eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); + eConfig.getValue().getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); for(Iterator iter = list.iterator(); iter.hasNext();) { Object obj = iter.next(); if (obj instanceof AuthnAuthorityConfigElement) { @@ -1021,7 +1022,7 @@ public AffiliationConfigElement getAffiliationConfig( return null; } - return (AffiliationConfigElement)eConfig.getAffiliationConfig(); + return (AffiliationConfigElement)eConfig.getValue().getAffiliationConfig(); } /** @@ -1033,7 +1034,7 @@ public AffiliationConfigElement getAffiliationConfig( public void setEntityConfig(String realm, EntityConfigElement config) throws SAML2MetaException { - String entityId = config.getEntityID(); + String entityId = config.getValue().getEntityID(); if (entityId == null) { debug.error("SAML2MetaManager.setEntityConfig: " + "entity ID is null"); @@ -1102,15 +1103,15 @@ private void addToCircleOfTrust( { try { if (eConfig != null) { - List elist = eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); + List> elist = eConfig.getValue().getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); // Use first one to add the entity to COT, if this is present in the config // Typically found in the proprietary extended metadata, not standard SAML2 entity metadata - BaseConfigType config = (BaseConfigType) elist.iterator().next(); - Map attr = SAML2MetaUtils.getAttributes(config); - List cotList = (List) attr.get(SAML2Constants.COT_LIST); + BaseConfigType config = elist.iterator().next().getValue(); + Map> attr = SAML2MetaUtils.getAttributes(config); + List cotList = attr.get(SAML2Constants.COT_LIST); if (CollectionUtils.isNotEmpty(cotList)) { - for (Iterator iter = cotList.iterator(); iter.hasNext();) { - String cotName = ((String) iter.next()).trim(); + for (Iterator iter = cotList.iterator(); iter.hasNext();) { + String cotName = iter.next().trim(); if (StringUtils.isNotEmpty(cotName)) { cotm.addCircleOfTrustMember(realm, cotName, COTConstants.SAML2, entityId, false); } @@ -1187,25 +1188,25 @@ private void removeFromCircleOfTrust(String realm, String entityId) { } if (eConfig != null) { - List elist = null; + List> elist = null; if (isAffiliation) { AffiliationConfigElement affiliationCfgElm = getAffiliationConfig(realm, entityId); - elist = new ArrayList(); + elist = new ArrayList<>(); elist.add(affiliationCfgElm); } else { - elist = eConfig. + elist = eConfig.getValue(). getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); } // use first one to delete the entity from COT - BaseConfigType config = (BaseConfigType)elist.iterator().next(); - Map attr = SAML2MetaUtils.getAttributes(config); - List cotAttr = (List) attr.get(SAML2Constants.COT_LIST); - List cotList = new ArrayList(cotAttr); + BaseConfigType config = elist.iterator().next().getValue(); + Map> attr = SAML2MetaUtils.getAttributes(config); + List cotAttr = attr.get(SAML2Constants.COT_LIST); + List cotList = new ArrayList<>(cotAttr); if ((cotList != null) && !cotList.isEmpty()) { - for (Iterator iter = cotList.iterator(); iter.hasNext();) { - String cotName = ((String) iter.next()).trim(); + for (Iterator iter = cotList.iterator(); iter.hasNext();) { + String cotName = iter.next().trim(); if ((cotName != null) && (!cotName.equals(""))) { cotm.removeCircleOfTrustMember(realm, cotName, COTConstants.SAML2, entityId, false); @@ -1236,7 +1237,7 @@ public List getAllHostedEntities(String realm) String entityId = (String)iter.next(); EntityConfigElement config = getEntityConfig(realm, entityId); - if (config != null && config.isHosted()) { + if (config != null && Boolean.TRUE.equals(config.getValue().isHosted())) { hostedEntityIds.add(entityId); } } @@ -1407,7 +1408,7 @@ public List getAllRemoteEntities(String realm) String entityId = (String)iter.next(); EntityConfigElement config = getEntityConfig(realm, entityId); - if (config == null || !config.isHosted()) { + if (config == null || !Boolean.TRUE.equals(config.getValue().isHosted())) { remoteEntityIds.add(entityId); } } @@ -1491,13 +1492,13 @@ public String getEntityByMetaAlias(String metaAlias) for (Iterator iter = entityIds.iterator(); iter.hasNext();) { String entityId = (String)iter.next(); EntityConfigElement config = getEntityConfig(realm, entityId); - if ((config == null) || !config.isHosted()) { + if ((config == null) || !Boolean.TRUE.equals(config.getValue().isHosted())) { continue; } - List list = - config.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); - for(Iterator iter2 = list.iterator(); iter2.hasNext();) { - BaseConfigType bConfig = (BaseConfigType)iter2.next(); + List> list = + config.getValue().getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); + for(Iterator> iter2 = list.iterator(); iter2.hasNext();) { + BaseConfigType bConfig = iter2.next().getValue(); String cMetaAlias = bConfig.getMetaAlias(); if (cMetaAlias != null && cMetaAlias.equals(metaAlias)) { return entityId; @@ -1529,12 +1530,12 @@ public List getAllHostedMetaAliasesByRealm(String realm) throws SAML2Met } for (String entityId : entityIds) { EntityConfigElement config = getEntityConfig(realm, entityId); - if (config == null || !config.isHosted()) { + if (config == null || !Boolean.TRUE.equals(config.getValue().isHosted())) { continue; } - List configList = config.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); - for (BaseConfigType bConfigType : configList) { - String curMetaAlias = bConfigType.getMetaAlias(); + List> configList = config.getValue().getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); + for (JAXBElement bConfigType : configList) { + String curMetaAlias = bConfigType.getValue().getMetaAlias(); if (curMetaAlias != null && !curMetaAlias.isEmpty()) { metaAliases.add(curMetaAlias); } @@ -1573,22 +1574,22 @@ public String getRoleByMetaAlias(String metaAlias) getPolicyEnforcementPointConfig(realm, entityId); if (idpConfig != null) { - String m = idpConfig.getMetaAlias(); + String m = idpConfig.getValue().getMetaAlias(); if ((m != null) && m.equals(metaAlias)) { role = SAML2Constants.IDP_ROLE; } } else if (spConfig != null) { - String m = spConfig.getMetaAlias(); + String m = spConfig.getValue().getMetaAlias(); if ((m != null) && m.equals(metaAlias)) { role = SAML2Constants.SP_ROLE; } } else if (pdpConfig != null) { - String m = pdpConfig.getMetaAlias(); + String m = pdpConfig.getValue().getMetaAlias(); if ((m != null) && m.equals(metaAlias)) { role = SAML2Constants.PDP_ROLE; } } else if (pepConfig != null) { - String m = pepConfig.getMetaAlias(); + String m = pepConfig.getValue().getMetaAlias(); if ((m != null) && m.equals(metaAlias)) { role = SAML2Constants.PEP_ROLE; } @@ -1614,7 +1615,7 @@ public List getAllHostedIdentityProviderMetaAliases(String realm) for(Iterator iter = hostedEntityIds.iterator(); iter.hasNext();) { String entityId = (String)iter.next(); if ((idpConfig = getIDPSSOConfig(realm, entityId)) != null) { - metaAliases.add(idpConfig.getMetaAlias()); + metaAliases.add(idpConfig.getValue().getMetaAlias()); } } @@ -1637,7 +1638,7 @@ public List getAllHostedServiceProviderMetaAliases(String realm) for(Iterator iter = hostedEntityIds.iterator(); iter.hasNext();) { String entityId = (String)iter.next(); if ((spConfig = getSPSSOConfig(realm, entityId)) != null) { - metaAliases.add(spConfig.getMetaAlias()); + metaAliases.add(spConfig.getValue().getMetaAlias()); } } @@ -1660,7 +1661,7 @@ public List getAllHostedPolicyDecisionPointMetaAliases(String realm) XACMLPDPConfigElement elm = getPolicyDecisionPointConfig( realm, entityId); if (elm != null) { - metaAliases.add(elm.getMetaAlias()); + metaAliases.add(elm.getValue().getMetaAlias()); } } return metaAliases; @@ -1685,7 +1686,7 @@ public List getAllHostedPolicyEnforcementPointMetaAliases(String realm) XACMLAuthzDecisionQueryConfigElement elm = getPolicyEnforcementPointConfig(realm, entityId); if (elm != null) { - metaAliases.add(elm.getMetaAlias()); + metaAliases.add(elm.getValue().getMetaAlias()); } } return metaAliases; @@ -1708,7 +1709,7 @@ public boolean isTrustedProvider(String realm, String entityId, SPSSOConfigElement spconfig = getSPSSOConfig(realm, entityId); if (spconfig != null) { - result = isSameCircleOfTrust(spconfig, realm, + result = isSameCircleOfTrust(spconfig.getValue(), realm, trustedEntityId); } if (result) { @@ -1717,7 +1718,7 @@ public boolean isTrustedProvider(String realm, String entityId, IDPSSOConfigElement idpconfig = getIDPSSOConfig(realm, entityId); if (idpconfig !=null) { - return (isSameCircleOfTrust(idpconfig, realm, + return (isSameCircleOfTrust(idpconfig.getValue(), realm, trustedEntityId)); } return false; @@ -1748,13 +1749,15 @@ public boolean isTrustedXACMLProvider(String realm, String entityId, XACMLPDPConfigElement pdpConfig = getPolicyDecisionPointConfig(realm,entityId); if (pdpConfig != null) { - result = isSameCircleOfTrust(pdpConfig,realm, + result = isSameCircleOfTrust(pdpConfig.getValue(),realm, trustedEntityId); } } else if (role.equals(SAML2Constants.PEP_ROLE)) { - XACMLAuthzDecisionQueryConfigElement pepConfig = + XACMLAuthzDecisionQueryConfigElement pepConfig = getPolicyEnforcementPointConfig(realm,entityId); - result = isSameCircleOfTrust(pepConfig,realm,trustedEntityId); + if (pepConfig != null) { + result = isSameCircleOfTrust(pepConfig.getValue(),realm,trustedEntityId); + } } } return result; diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/meta/SAML2MetaSecurityUtils.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/meta/SAML2MetaSecurityUtils.java index a84ed74e14..0d891dd718 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/meta/SAML2MetaSecurityUtils.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/meta/SAML2MetaSecurityUtils.java @@ -38,8 +38,10 @@ import java.util.HashSet; import java.util.Iterator; import java.util.Set; +import java.util.stream.Collectors; -import javax.xml.bind.JAXBException; +import com.sun.identity.saml2.jaxb.metadata.KeyTypes; +import jakarta.xml.bind.JAXBException; import com.sun.identity.saml.xmlsig.AMSignatureProvider; import com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType; @@ -68,6 +70,7 @@ import com.sun.identity.saml.xmlsig.XMLSignatureException; import com.sun.identity.saml.xmlsig.XMLSignatureManager; +import com.sun.identity.saml2.jaxb.entityconfig.AttributeElement; import com.sun.identity.saml2.jaxb.entityconfig.AttributeType; import com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType; import com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement; @@ -176,13 +179,13 @@ public static Document sign(String realm, EntityDescriptorElement descriptor) SAML2MetaManager metaManager = new SAML2MetaManager(); - EntityConfigElement cfgElem = metaManager.getEntityConfig(realm, descriptor.getEntityID()); + EntityConfigElement cfgElem = metaManager.getEntityConfig(realm, descriptor.getValue().getEntityID()); boolean isHosted; if (cfgElem == null) { //if there is no EntityConfig, this is considered as a remote entity isHosted = false; } else { - isHosted = cfgElem.isHosted(); + isHosted = Boolean.TRUE.equals(cfgElem.getValue().isHosted()); } String signingCert = getRealmSetting(METADATA_SIGNING_KEY, realm); @@ -474,7 +477,7 @@ public static void updateProviderKeyInfo(String realm, SAML2MetaManager metaManager = new SAML2MetaManager(); EntityConfigElement config = metaManager.getEntityConfig(realm, entityID); - if (!config.isHosted()) { + if (!Boolean.TRUE.equals(config.getValue().isHosted())) { String[] args = {entityID, realm}; throw new SAML2MetaException("entityNotHosted", args); } @@ -482,15 +485,19 @@ public static void updateProviderKeyInfo(String realm, BaseConfigType baseConfig; RoleDescriptorType descriptor; if (isIDP) { - baseConfig = SAML2MetaUtils.getIDPSSOConfig(config); - descriptor = SAML2MetaUtils.getIDPSSODescriptor(desp); + IDPSSOConfigElement baseConfigElem = SAML2MetaUtils.getIDPSSOConfig(config); + IDPSSODescriptorElement descriptorElem = SAML2MetaUtils.getIDPSSODescriptor(desp); + baseConfig = (baseConfigElem == null) ? null : baseConfigElem.getValue(); + descriptor = (descriptorElem == null) ? null : descriptorElem.getValue(); if (baseConfig == null || descriptor == null) { String[] args = {entityID, realm}; throw new SAML2MetaException("entityNotIDP", args); } } else { - baseConfig = SAML2MetaUtils.getSPSSOConfig(config); - descriptor = SAML2MetaUtils.getSPSSODescriptor(desp); + SPSSOConfigElement baseConfigElem = SAML2MetaUtils.getSPSSOConfig(config); + SPSSODescriptorElement descriptorElem = SAML2MetaUtils.getSPSSODescriptor(desp); + baseConfig = (baseConfigElem == null) ? null : baseConfigElem.getValue(); + descriptor = (descriptorElem == null) ? null : descriptorElem.getValue(); if (baseConfig == null || descriptor == null) { String[] args = {entityID, realm}; throw new SAML2MetaException("entityNotSP", args); @@ -509,7 +516,7 @@ public static void updateProviderKeyInfo(String realm, } else { Set keyDescriptors = new LinkedHashSet<>(certAliases.size()); for (String certAlias : certAliases) { - keyDescriptors.add(getKeyDescriptor(certAlias, isSigning, encAlgo, keySize)); + keyDescriptors.add(getKeyDescriptor(certAlias, isSigning, encAlgo, keySize).getValue()); } updateKeyDescriptor(descriptor, keyDescriptors); @@ -525,18 +532,22 @@ public static void updateProviderKeyInfo(String realm, } private static void updateKeyDescriptor(RoleDescriptorType desp, Set keyDescriptors) { - String use = keyDescriptors.iterator().next().getUse(); - List keys = desp.getKeyDescriptor(); + KeyTypes keyTypes = keyDescriptors.iterator().next().getUse(); + String use = keyTypes != null ? keyTypes.value() : null; + List keys = desp.getKeyDescriptor(); - Iterator iterator = keys.iterator(); + Iterator iterator = keys.iterator(); while (iterator.hasNext()) { - final KeyDescriptorType keyDescriptor = iterator.next(); - if (keyDescriptor.getUse().equalsIgnoreCase(use)) { + final KeyDescriptorElement keyDescriptor = iterator.next(); + if (keyDescriptor.getValue().getUse().value().equalsIgnoreCase(use)) { iterator.remove(); } } - - desp.getKeyDescriptor().addAll(keyDescriptors); + com.sun.identity.saml2.jaxb.metadata.ObjectFactory of + = new com.sun.identity.saml2.jaxb.metadata.ObjectFactory(); + List newDesc = + keyDescriptors.stream().map(of::createKeyDescriptorElement).collect(Collectors.toList()); + desp.getKeyDescriptor().addAll(newDesc); } private static void removeKeyDescriptor(RoleDescriptorType desp, @@ -548,8 +559,8 @@ private static void removeKeyDescriptor(RoleDescriptorType desp, if (isSigningUse) { keyUse = "signing"; } - if ((key.getUse() != null) && - key.getUse().equalsIgnoreCase(keyUse)) { + if (key.getValue() != null && (key.getValue().getUse() != null) && + key.getValue().getUse().value().equalsIgnoreCase(keyUse)) { iter.remove(); } } @@ -558,23 +569,19 @@ private static void removeKeyDescriptor(RoleDescriptorType desp, private static void setExtendedAttributeValue( BaseConfigType config, String attrName, Set attrVal) throws SAML2MetaException { - try { - List attributes = config.getAttribute(); - for(Iterator iter = attributes.iterator(); iter.hasNext();) { - AttributeType avp = (AttributeType)iter.next(); - if (avp.getName().trim().equalsIgnoreCase(attrName)) { - iter.remove(); - } - } - if (attrVal != null) { - ObjectFactory factory = new ObjectFactory(); - AttributeType atype = factory.createAttributeType(); - atype.setName(attrName); - atype.getValue().addAll(attrVal); - config.getAttribute().add(atype); + List attributes = config.getAttribute(); + for(Iterator iter = attributes.iterator(); iter.hasNext();) { + AttributeType avp = ((AttributeElement)iter.next()).getValue(); + if (avp.getName().trim().equalsIgnoreCase(attrName)) { + iter.remove(); } - } catch (JAXBException e) { - throw new SAML2MetaException(e); + } + if (attrVal != null) { + ObjectFactory factory = new ObjectFactory(); + AttributeType atype = factory.createAttributeType(); + atype.setName(attrName); + atype.getValue().addAll(attrVal); + config.getAttribute().add(factory.createAttributeElement(atype)); } } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/meta/SAML2MetaUtils.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/meta/SAML2MetaUtils.java index b233c45c56..5a137c298a 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/meta/SAML2MetaUtils.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/meta/SAML2MetaUtils.java @@ -41,10 +41,12 @@ import java.util.ResourceBundle; import java.util.Set; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Marshaller; -import javax.xml.bind.Unmarshaller; +import com.sun.identity.saml2.jaxb.entityconfig.AttributeElement; +import jakarta.xml.bind.JAXBContext; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.JAXBException; +import jakarta.xml.bind.Marshaller; +import jakarta.xml.bind.Unmarshaller; import org.w3c.dom.Document; import org.w3c.dom.Node; @@ -55,7 +57,6 @@ import com.sun.identity.shared.xml.XMLUtils; import com.sun.identity.saml2.common.SAML2Constants; -import com.sun.identity.saml2.jaxb.entityconfig.AttributeType; import com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType; import com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement; import com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement; @@ -82,16 +83,16 @@ public final class SAML2MetaUtils { "com.sun.identity.saml2.jaxb.xmlsig:" + "com.sun.identity.saml2.jaxb.assertion:" + "com.sun.identity.saml2.jaxb.metadata:" + - "com.sun.identity.saml2.jaxb.metadataattr:" + - "com.sun.identity.saml2.jaxb.entityconfig:" + - "com.sun.identity.saml2.jaxb.schema"; + "com.sun.identity.saml2.jaxb.metadataattr:" + + "com.sun.identity.saml2.jaxb.metadataextquery:" + + "com.sun.identity.saml2.jaxb.entityconfig"; private static final String JAXB_PACKAGE_LIST_PROP = "com.sun.identity.liberty.ws.jaxb.packageList"; private static JAXBContext jaxbContext = null; private static final String PROP_JAXB_FORMATTED_OUTPUT = "jaxb.formatted.output"; private static final String PROP_NAMESPACE_PREFIX_MAPPER = - "com.sun.xml.bind.namespacePrefixMapper"; + "org.glassfish.jaxb.namespacePrefixMapper"; private static NamespacePrefixMapperImpl nsPrefixMapper = new NamespacePrefixMapperImpl(); @@ -128,6 +129,19 @@ public static JAXBContext getMetaJAXBContext() { return jaxbContext; } + /** + * Null-safely unwraps a {@link JAXBElement}, returning {@code null} when the element itself is + * {@code null}. Restores the pre-JAXB3 semantics where a nullable config/metadata element was + * passed straight through to null-tolerant consumers instead of throwing an NPE. + * + * @param element the (possibly {@code null}) JAXB element + * @param the wrapped value type + * @return the unwrapped value, or {@code null} if {@code element} is {@code null} + */ + public static T unwrap(JAXBElement element) { + return (element == null) ? null : element.getValue(); + } + /** * Converts a String object to a JAXB object. * @param str a String object @@ -216,12 +230,12 @@ public static void convertJAXBToOutputStream(Object jaxbObj, * converted from the JAXB object. * @exception JAXBException if an error occurs while converting JAXB object */ - protected static Map convertJAXBToAttrMap(String attrName, Object jaxbObj) + protected static Map> convertJAXBToAttrMap(String attrName, Object jaxbObj) throws JAXBException { String xmlString = convertJAXBToString(jaxbObj); - Map attrs = new HashMap(); - Set values = new HashSet(); + Map> attrs = new HashMap<>(); + Set values = new HashSet<>(); values.add(xmlString); attrs.put(attrName, values); @@ -237,9 +251,9 @@ protected static Map convertJAXBToAttrMap(String attrName, Object jaxbObj) */ public static Map> getAttributes(BaseConfigType config) { Map> attrMap = new HashMap<>(); - List list = config.getAttribute(); - for (AttributeType avp : list) { - attrMap.put(avp.getName(), avp.getValue()); + List list = config.getAttribute(); + for (AttributeElement avp : list) { + attrMap.put(avp.getValue().getName(), avp.getValue().getValue()); } return attrMap; @@ -298,13 +312,13 @@ public static XACMLPDPDescriptorElement getPolicyDecisionPointDescriptor( XACMLPDPDescriptorElement descriptor = null; if (eDescriptor != null) { - List list = - eDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); + List> list = + eDescriptor.getValue().getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); - for (Iterator i = list.iterator(); - i.hasNext() && (descriptor == null); + for (Iterator> i = list.iterator(); + i.hasNext() && (descriptor == null); ) { - Object obj = i.next(); + JAXBElement obj = i.next(); if (obj instanceof XACMLPDPDescriptorElement) { descriptor = (XACMLPDPDescriptorElement)obj; } @@ -329,13 +343,13 @@ public static XACMLPDPDescriptorElement getPolicyDecisionPointDescriptor( XACMLAuthzDecisionQueryDescriptorElement descriptor = null; if (eDescriptor != null) { - List list = - eDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); + List> list = + eDescriptor.getValue().getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); - for (Iterator i = list.iterator(); - i.hasNext() && (descriptor == null); + for (Iterator> i = list.iterator(); + i.hasNext() && (descriptor == null); ) { - Object obj = i.next(); + JAXBElement obj = i.next(); if (obj instanceof XACMLAuthzDecisionQueryDescriptorElement) { descriptor = (XACMLAuthzDecisionQueryDescriptorElement)obj; } @@ -359,10 +373,10 @@ public static SPSSODescriptorElement getSPSSODescriptor( return null; } - List list = - eDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); - for(Iterator iter = list.iterator(); iter.hasNext();) { - Object obj = iter.next(); + List> list = + eDescriptor.getValue().getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); + for(Iterator> iter = list.iterator(); iter.hasNext();) { + JAXBElement obj = iter.next(); // TODO: may need to cache to avoid using instanceof if (obj instanceof SPSSODescriptorElement) { return (SPSSODescriptorElement)obj; @@ -386,10 +400,10 @@ public static IDPSSODescriptorElement getIDPSSODescriptor( return null; } - List list = - eDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); - for(Iterator iter = list.iterator(); iter.hasNext();) { - Object obj = iter.next(); + List> list + = eDescriptor.getValue().getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); + for(Iterator> iter = list.iterator(); iter.hasNext();) { + JAXBElement obj = iter.next(); if (obj instanceof IDPSSODescriptorElement) { return (IDPSSODescriptorElement)obj; } @@ -412,11 +426,11 @@ public static IDPSSODescriptorElement getIDPSSODescriptor( return null; } - List list = - eDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); + List> list = + eDescriptor.getValue().getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); - for(Iterator iter = list.iterator(); iter.hasNext();) { - Object obj = iter.next(); + for(Iterator> iter = list.iterator(); iter.hasNext();) { + JAXBElement obj = iter.next(); if (obj instanceof AttributeAuthorityDescriptorElement) { return (AttributeAuthorityDescriptorElement)obj; } @@ -439,11 +453,11 @@ public static IDPSSODescriptorElement getIDPSSODescriptor( return null; } - List list = - eDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); + List> list + = eDescriptor.getValue().getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); - for(Iterator iter = list.iterator(); iter.hasNext();) { - Object obj = iter.next(); + for(Iterator> iter = list.iterator(); iter.hasNext();) { + JAXBElement obj = iter.next(); if (obj instanceof AttributeQueryDescriptorElement) { return (AttributeQueryDescriptorElement)obj; } @@ -466,11 +480,11 @@ public static IDPSSODescriptorElement getIDPSSODescriptor( return null; } - List list = - eDescriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); + List> list = + eDescriptor.getValue().getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); - for(Iterator iter = list.iterator(); iter.hasNext();) { - Object obj = iter.next(); + for(Iterator> iter = list.iterator(); iter.hasNext();) { + JAXBElement obj = iter.next(); if (obj instanceof AuthnAuthorityDescriptorElement) { return (AuthnAuthorityDescriptorElement)obj; } @@ -535,10 +549,9 @@ public static SPSSOConfigElement getSPSSOConfig(EntityConfigElement eConfig) return null; } - List list = - eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); - for(Iterator iter = list.iterator(); iter.hasNext();) { - Object obj = iter.next(); + List> list = eConfig.getValue().getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); + for(Iterator> iter = list.iterator(); iter.hasNext();) { + JAXBElement obj = iter.next(); if (obj instanceof SPSSOConfigElement) { return (SPSSOConfigElement)obj; } @@ -562,10 +575,9 @@ public static IDPSSOConfigElement getIDPSSOConfig( return null; } - List list = - eConfig.getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); - for(Iterator iter = list.iterator(); iter.hasNext();) { - Object obj = iter.next(); + List> list = eConfig.getValue().getIDPSSOConfigOrSPSSOConfigOrAuthnAuthorityConfig(); + for(Iterator> iter = list.iterator(); iter.hasNext();) { + JAXBElement obj = iter.next(); if (obj instanceof IDPSSOConfigElement) { return (IDPSSOConfigElement)obj; } @@ -688,13 +700,13 @@ private static Object preProcessSAML2Document(Document doc) throws SAML2MetaExce private static List importSAML2Entites(SAML2MetaManager metaManager, String realm, EntitiesDescriptorElement descriptor) throws SAML2MetaException { - List result = new ArrayList(); + List result = new ArrayList<>(); - List descriptors = descriptor.getEntityDescriptorOrEntitiesDescriptor(); + List> descriptors = descriptor.getValue().getEntityDescriptorOrEntitiesDescriptor(); if (descriptors != null && !descriptors.isEmpty()) { - Iterator entities = descriptors.iterator(); + Iterator> entities = descriptors.iterator(); while (entities.hasNext()) { - Object o = entities.next(); + JAXBElement o = entities.next(); if (o instanceof EntityDescriptorElement) { String entityId = importSAML2Entity(metaManager, realm, (EntityDescriptorElement) o); @@ -713,16 +725,17 @@ private static String importSAML2Entity(SAML2MetaManager metaManager, String rea String result = null; - List roles = descriptor.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); - Iterator it = roles.iterator(); + List> roles + = descriptor.getValue().getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); + Iterator> it = roles.iterator(); while (it.hasNext()) { - RoleDescriptorType role = (RoleDescriptorType)it.next(); - List protocols = role.getProtocolSupportEnumeration(); + RoleDescriptorType role = it.next().getValue(); + List protocols = role.getProtocolSupportEnumeration(); if (!protocols.contains(SAML2Constants.PROTOCOL_NAMESPACE)) { if (debug.messageEnabled()) { debug.message("SAML2MetaUtils.importSAML2Entity: " + "Removing non-SAML2 role from entity " - + descriptor.getEntityID()); + + descriptor.getValue().getEntityID()); } it.remove(); } @@ -730,7 +743,7 @@ private static String importSAML2Entity(SAML2MetaManager metaManager, String rea if (roles.size() > 0) { metaManager.createEntityDescriptor(realm, descriptor); - result = descriptor.getEntityID(); + result = descriptor.getValue().getEntityID(); } return result; diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/DefaultAccountMapper.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/DefaultAccountMapper.java index 9b723f62a8..09c7e51725 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/DefaultAccountMapper.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/DefaultAccountMapper.java @@ -25,6 +25,7 @@ * $Id: DefaultAccountMapper.java,v 1.4 2008/06/25 05:47:50 qcheng Exp $ * * Portions Copyrighted 2015 ForgeRock AS. + * Portions Copyrighted 2026 3A Systems LLC. */ package com.sun.identity.saml2.plugins; @@ -207,9 +208,9 @@ protected String getAttribute(String realm, protected final BaseConfigType getSSOConfig(String realm, String entityID) throws SAML2MetaException { if (IDP.equals(role)) { - return metaManager.getIDPSSOConfig(realm, entityID); + return metaManager.getIDPSSOConfig(realm, entityID).getValue(); } else { - return metaManager.getSPSSOConfig(realm, entityID); + return metaManager.getSPSSOConfig(realm, entityID).getValue(); } } } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/DefaultFedletAdapter.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/DefaultFedletAdapter.java index 204417ef83..47f9084c72 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/DefaultFedletAdapter.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/DefaultFedletAdapter.java @@ -24,7 +24,7 @@ * * $Id: DefaultFedletAdapter.java,v 1.2 2009/06/17 03:09:13 exu Exp $ * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.saml2.plugins; @@ -102,7 +102,7 @@ public boolean doFedletSLO ( try { if (logoutUrl == null) { BaseConfigType spConfig = SAML2Utils.getSAML2MetaManager() - .getSPSSOConfig("/", hostedEntityID); + .getSPSSOConfig("/", hostedEntityID).getValue(); List appLogoutURL = (List) SAML2MetaUtils.getAttributes( spConfig).get(SAML2Constants.APP_LOGOUT_URL); if ((appLogoutURL != null) && !appLogoutURL.isEmpty()) { @@ -262,7 +262,7 @@ private void onFedletSLOSuccessOrFailure( try { if (logoutUrl == null) { BaseConfigType spConfig = SAML2Utils.getSAML2MetaManager() - .getSPSSOConfig("/", hostedEntityID); + .getSPSSOConfig("/", hostedEntityID).getValue(); List appLogoutURL = (List) SAML2MetaUtils.getAttributes( spConfig).get(SAML2Constants.APP_LOGOUT_URL); if ((appLogoutURL != null) && !appLogoutURL.isEmpty()) { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/ECPIDPFinder.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/ECPIDPFinder.java index 9198141893..1c7f0c70bb 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/ECPIDPFinder.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/ECPIDPFinder.java @@ -24,7 +24,7 @@ * * $Id: ECPIDPFinder.java,v 1.2 2008/06/25 05:47:51 qcheng Exp $ * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.saml2.plugins; @@ -63,7 +63,7 @@ public List getPreferredIDP(AuthnRequest authnRequest, SPSSOConfigElement spssoconfig = SAML2Utils.getSAML2MetaManager() .getSPSSOConfig(realm, hostProviderID); - Map attributes = SAML2MetaUtils.getAttributes(spssoconfig); + Map attributes = SAML2MetaUtils.getAttributes(spssoconfig.getValue()); List idps = (List)attributes.get(SAML2Constants.ECP_REQUEST_IDP_LIST); if ((idps == null) || (idps.isEmpty())) { return null; diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/SAML2IDPProxyFRImpl.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/SAML2IDPProxyFRImpl.java index 5158935a90..03f849d848 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/SAML2IDPProxyFRImpl.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/SAML2IDPProxyFRImpl.java @@ -21,7 +21,7 @@ * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.saml2.plugins; @@ -59,6 +59,7 @@ import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpSession; +import jakarta.xml.bind.JAXBElement; import org.apache.commons.lang3.StringUtils; /** @@ -143,7 +144,7 @@ public List getPreferredIDP( sm.getSPSSOConfig(realm, authnRequest.getIssuer().getValue()); Map spConfigAttrsMap = null; if (spEntityCfg != null) { - spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg); + spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg.getValue()); } // Check if the local configuration of the remote SP wants to use @@ -341,7 +342,7 @@ private String selectIDPBasedOnLOA(List idpList, String realm, AuthnRequ debugMessage(classMethod, "IDP is: " + idp); idpDesc = SAML2Utils.getSAML2MetaManager().getEntityDescriptor(realm, idp); if (idpDesc != null) { - ExtensionsType et = idpDesc.getExtensions(); + ExtensionsType et = idpDesc.getValue().getExtensions(); if (et != null) { debugMessage(classMethod, "Extensions found for idp: " + idp); List idpExtensions = et.getAny(); @@ -352,24 +353,27 @@ private String selectIDPBasedOnLOA(List idpList, String realm, AuthnRequ EntityAttributesElement eael = (EntityAttributesElement) idpExtensionsI.next(); if (eael != null) { debugMessage(classMethod, "Entity Attributes found for idp: " + idp); - List attribL = eael.getAttributeOrAssertion(); + List> attribL = eael.getValue().getAttributeOrAssertion(); if (attribL != null || !attribL.isEmpty()) { Iterator attrI = attribL.iterator(); while (attrI.hasNext()) { AttributeElement ae = (AttributeElement) attrI.next(); // TODO: Verify what type of element this is (Attribute or assertion) // For validation purposes - List av = ae.getAttributeValue(); + List av = ae.getValue().getAttributeValue(); if (av != null || !av.isEmpty()) { debugMessage(classMethod, "Attribute Values found for idp: " + idp); - Iterator avI = av.iterator(); + Iterator avI = av.iterator(); while (avI.hasNext()) { - AttributeValueElement ave = (AttributeValueElement) avI.next(); - if (ave != null) { - List contentL = ave.getContent(); + AttributeValueElement ave = avI.next(); + if (ave != null && ave.getValue() != null) { + Object content = ave.getValue(); + List contentL = (content instanceof List) + ? (List) content + : java.util.Collections.singletonList(content); debugMessage(classMethod, "Attribute Value Elements found for idp: " + idp + "-->" + contentL); - if (contentL != null || !contentL.isEmpty()) { + if (!contentL.isEmpty()) { Set idpContextSet = trimmedListToSet(contentL); debugMessage(classMethod, "idpContextSet = " + idpContextSet); idpContextSet.retainAll(authnRequestContextSet); @@ -625,7 +629,7 @@ public List getAttributeListValueFromIDPSSOConfig( IDPSSOConfigElement config = SAML2Utils.getSAML2MetaManager().getIDPSSOConfig( realm, hostEntityId); - Map attrs = SAML2MetaUtils.getAttributes(config); + Map attrs = SAML2MetaUtils.getAttributes(config.getValue()); List value = (List) attrs.get(attrName); if (value != null && value.size() != 0) { result = value; diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/SAML2IDPProxyImpl.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/SAML2IDPProxyImpl.java index acf324ac51..754b7d999b 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/SAML2IDPProxyImpl.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/SAML2IDPProxyImpl.java @@ -24,7 +24,7 @@ * * $Id: SAML2IDPProxyImpl.java,v 1.5 2009/03/12 20:33:40 huacui Exp $ * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.saml2.plugins; @@ -94,7 +94,7 @@ public List getPreferredIDP ( sm.getSPSSOConfig(realm, authnRequest.getIssuer().getValue()); Map spConfigAttrsMap = null; if (spEntityCfg != null) { - spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg); + spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg.getValue()); } String useIntroductionForProxying = SPSSOFederate.getParameter(spConfigAttrsMap, diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/SAML2ProviderManager.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/SAML2ProviderManager.java index 2dcf0498b4..7d2a9cb29b 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/SAML2ProviderManager.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/plugins/SAML2ProviderManager.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: SAML2ProviderManager.java,v 1.3 2008/06/25 05:47:52 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -37,6 +39,7 @@ import com.sun.identity.saml2.common.SAML2Constants; import com.sun.identity.saml2.common.SAML2Utils; import com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType; +import jakarta.xml.bind.JAXBElement; import com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement; import com.sun.identity.saml2.jaxb.metadata.SSODescriptorType; import com.sun.identity.saml2.key.EncInfo; @@ -92,9 +95,9 @@ public boolean isAffiliationMember(String providerID, String affID) { public boolean isNameIDEncryptionEnabled(String providerID) { BaseConfigType config = null; try { - config = metaManager.getSPSSOConfig("/", providerID); + config = unwrap(metaManager.getSPSSOConfig("/", providerID)); if (config == null) { - config = metaManager.getIDPSSOConfig("/", providerID); + config = unwrap(metaManager.getIDPSSOConfig("/", providerID)); } } catch (SAML2MetaException smex) { SAML2Utils.debug.error( @@ -163,9 +166,9 @@ public String getEncryptionKeyAlgorithm(String providerID) { public PrivateKey getDecryptionKey(String providerID) { BaseConfigType providerConfig = null; try { - providerConfig = metaManager.getSPSSOConfig("/", providerID); + providerConfig = unwrap(metaManager.getSPSSOConfig("/", providerID)); if (providerConfig == null) { - providerConfig = metaManager.getIDPSSOConfig("/", providerID); + providerConfig = unwrap(metaManager.getIDPSSOConfig("/", providerID)); } } catch (SAML2MetaException smex) { SAML2Utils.debug.error("SAML2ProviderManager.getDecryptionKey", @@ -187,9 +190,9 @@ public PrivateKey getDecryptionKey(String providerID) { public String getSigningKeyAlias(String providerID) { BaseConfigType config = null; try { - config = metaManager.getSPSSOConfig("/", providerID); + config = unwrap(metaManager.getSPSSOConfig("/", providerID)); if (config == null) { - config = metaManager.getIDPSSOConfig("/", providerID); + config = unwrap(metaManager.getIDPSSOConfig("/", providerID)); } } catch (SAML2MetaException smex) { SAML2Utils.debug.error( @@ -212,9 +215,9 @@ public String getSigningKeyAlias(String providerID) { private EncInfo getEncInfo(String providerID) { SSODescriptorType ssod = null; try { - ssod = metaManager.getSPSSODescriptor("/", providerID); + ssod = unwrap(metaManager.getSPSSODescriptor("/", providerID)); if (ssod == null) { - ssod = metaManager.getIDPSSODescriptor("/", providerID); + ssod = unwrap(metaManager.getIDPSSODescriptor("/", providerID)); } } catch (SAML2MetaException smex) { SAML2Utils.debug.error( @@ -231,4 +234,14 @@ private EncInfo getEncInfo(String providerID) { return KeyUtil.getEncInfo(ssod, providerID, SAML2Constants.SP_ROLE); } + + /** + * Returns the value contained in the given JAXB element, or {@code null} + * if the element itself is {@code null}. Guards the SP-role lookups whose + * getter returns {@code null} for an IDP-only entity so the IDP fallback + * can run instead of throwing a {@code NullPointerException}. + */ + private static T unwrap(JAXBElement element) { + return (element == null) ? null : element.getValue(); + } } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/AssertionIDRequestUtil.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/AssertionIDRequestUtil.java index f18d473bef..0eba95038f 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/AssertionIDRequestUtil.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/AssertionIDRequestUtil.java @@ -72,6 +72,7 @@ import com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement; import com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement; import com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType; +import jakarta.xml.bind.JAXBElement; import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement; import com.sun.identity.saml2.key.KeyUtil; import com.sun.identity.saml2.meta.SAML2MetaException; @@ -402,14 +403,14 @@ public static Response processAssertionIDRequest( RoleDescriptorType roled = null; try { if (SAML2Constants.IDP_ROLE.equals(role)) { - roled = metaManager.getIDPSSODescriptor(realm, - samlAuthorityEntityID); + roled = unwrap(metaManager.getIDPSSODescriptor(realm, + samlAuthorityEntityID)); } else if (SAML2Constants.AUTHN_AUTH_ROLE.equals(role)) { - roled = metaManager.getAuthnAuthorityDescriptor(realm, - samlAuthorityEntityID); + roled = unwrap(metaManager.getAuthnAuthorityDescriptor(realm, + samlAuthorityEntityID)); } else if (SAML2Constants.ATTR_AUTH_ROLE.equals(role)) { - roled = metaManager.getAttributeAuthorityDescriptor(realm, - samlAuthorityEntityID); + roled = unwrap(metaManager.getAttributeAuthorityDescriptor(realm, + samlAuthorityEntityID)); } } catch (SAML2MetaException sme) { SAML2Utils.debug.error("AssertionIDRequestUtil." + @@ -503,8 +504,8 @@ private static RoleDescriptorType getRoleDescriptorAndLocation( throw new SAML2Exception(SAML2Utils.bundle.getString( "idpNotFound")); } - aIDReqServices = idpd.getAssertionIDRequestService(); - roled = idpd; + aIDReqServices = idpd.getValue().getAssertionIDRequestService(); + roled = idpd.getValue(); } else if (role.equals(SAML2Constants.AUTHN_AUTH_ROLE)) { AuthnAuthorityDescriptorElement attrd = metaManager.getAuthnAuthorityDescriptor(realm, @@ -513,8 +514,8 @@ private static RoleDescriptorType getRoleDescriptorAndLocation( throw new SAML2Exception(SAML2Utils.bundle.getString( "authnAuthorityNotFound")); } - aIDReqServices = attrd.getAssertionIDRequestService(); - roled = attrd; + aIDReqServices = attrd.getValue().getAssertionIDRequestService(); + roled = attrd.getValue(); } else if (role.equals(SAML2Constants.ATTR_AUTH_ROLE)) { AttributeAuthorityDescriptorElement aad = metaManager.getAttributeAuthorityDescriptor(realm, @@ -523,8 +524,8 @@ private static RoleDescriptorType getRoleDescriptorAndLocation( throw new SAML2Exception(SAML2Utils.bundle.getString( "attrAuthorityNotFound")); } - aIDReqServices = aad.getAssertionIDRequestService(); - roled = aad; + aIDReqServices = aad.getValue().getAssertionIDRequestService(); + roled = aad.getValue(); } else { throw new SAML2Exception(SAML2Utils.bundle.getString( "unsupportedRole")); @@ -549,8 +550,8 @@ private static RoleDescriptorType getRoleDescriptorAndLocation( for(Iterator iter = aIDReqServices.iterator(); iter.hasNext(); ) { AssertionIDRequestServiceElement aIDReqService = (AssertionIDRequestServiceElement)iter.next(); - if (binding.equalsIgnoreCase(aIDReqService.getBinding())) { - location.append(aIDReqService.getLocation()); + if (binding.equalsIgnoreCase(aIDReqService.getValue().getBinding())) { + location.append(aIDReqService.getValue().getLocation()); break; } } @@ -603,7 +604,7 @@ private static void verifyAssertionIDRequest( "assertionIDRequestIssuerNotFound")); } - Set verificationCerts = KeyUtil.getVerificationCerts(spSSODesc, requestedEntityID, + Set verificationCerts = KeyUtil.getVerificationCerts(spSSODesc.getValue(), requestedEntityID, SAML2Constants.SP_ROLE); if (!verificationCerts.isEmpty()) { @@ -646,20 +647,30 @@ private static void signResponse(Response response, } } + /** + * Returns the value contained in the given JAXB element, or {@code null} + * if the element itself is {@code null}. The metadata lookups return + * {@code null} when the requested role descriptor is absent, so this + * guards against a {@code NullPointerException} on {@code getValue()}. + */ + private static T unwrap(JAXBElement element) { + return (element == null) ? null : element.getValue(); + } + private static String fillInBasicAuthInfo(String location, String realm, String samlAuthorityEntityID, String role) { BaseConfigType config = null; try { if (role.equals(SAML2Constants.IDP_ROLE)) { - config = metaManager.getIDPSSOConfig(realm, - samlAuthorityEntityID); + config = unwrap(metaManager.getIDPSSOConfig(realm, + samlAuthorityEntityID)); } else if (role.equals(SAML2Constants.AUTHN_AUTH_ROLE)) { - config = metaManager.getAuthnAuthorityConfig(realm, - samlAuthorityEntityID); + config = unwrap(metaManager.getAuthnAuthorityConfig(realm, + samlAuthorityEntityID)); } else if (role.equals(SAML2Constants.ATTR_AUTH_ROLE)) { - config = metaManager.getAttributeAuthorityConfig(realm, - samlAuthorityEntityID); + config = unwrap(metaManager.getAttributeAuthorityConfig(realm, + samlAuthorityEntityID)); } } catch (SAML2MetaException sme) { if (SAML2Utils.debug.messageEnabled()) { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/AttributeQueryUtil.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/AttributeQueryUtil.java index 8c46b56db7..ca84dcaea4 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/AttributeQueryUtil.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/AttributeQueryUtil.java @@ -25,14 +25,13 @@ * $Id: AttributeQueryUtil.java,v 1.11 2009/07/24 22:51:48 madan_ranganath Exp $ * * Portions copyright 2010-2016 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.saml2.profile; import static org.forgerock.openam.utils.Time.*; import java.util.ArrayList; -import java.util.Date; import java.util.HashMap; import java.util.HashSet; import java.util.Hashtable; @@ -335,7 +334,7 @@ public static Response processAttributeQuery(AttributeQuery attrQuery, desiredAttrs = attrQuery.getAttributes(); } try { - desiredAttrs = verifyDesiredAttributes(aad.getAttribute(), + desiredAttrs = verifyDesiredAttributes(aad.getValue().getAttribute(), desiredAttrs); } catch (SAML2Exception se) { return SAML2Utils.getErrorResponse(attrQuery, @@ -507,7 +506,7 @@ public static void verifyAttrQuerySignature(AttributeQuery attrQuery, throw new SAML2Exception(SAML2Utils.bundle.getString( "attrQueryIssuerNotFound")); } - Set signingCerts = KeyUtil.getVerificationCerts(attrqDesc, requestedEntityID, + Set signingCerts = KeyUtil.getVerificationCerts(attrqDesc.getValue(), requestedEntityID, SAML2Constants.ATTR_QUERY_ROLE); if (!signingCerts.isEmpty()) { @@ -607,7 +606,7 @@ public static String getIdentity(AttributeQuery attrQuery, IDPSSOConfigElement config = SAML2Utils.getSAML2MetaManager().getIDPSSOConfig( realm, attrAuthorityEntityID); - Map attrs = SAML2MetaUtils.getAttributes(config); + Map attrs = SAML2MetaUtils.getAttributes(config.getValue()); List nimAttrs = (List)attrs.get(SAML2Constants.NAME_ID_FORMAT_MAP); @@ -820,7 +819,7 @@ private static EncryptedAssertion encryptAssertion(Assertion assertion, Encrypte AttributeQueryDescriptorElement aqd = metaManager.getAttributeQueryDescriptor(realm, requesterEntityID); - EncInfo encInfo = KeyUtil.getEncInfo(aqd, requesterEntityID, + EncInfo encInfo = KeyUtil.getEncInfo(aqd.getValue(), requesterEntityID, SAML2Constants.ATTR_QUERY_ROLE); Element el = EncManager.getEncInstance().encrypt( @@ -866,26 +865,25 @@ private static List verifyDesiredAttributes(List su return desiredAttrs; } - private static List convertAttributes(List jaxbAttrs) + private static List convertAttributes(List jaxbAttrs) throws SAML2Exception { - List resultAttrs = new ArrayList(); - for(Iterator iter = jaxbAttrs.iterator(); iter.hasNext(); ) { - AttributeElement jaxbAttr = (AttributeElement)iter.next(); + List resultAttrs = new ArrayList<>(); + for(Iterator iter = jaxbAttrs.iterator(); iter.hasNext(); ) { + AttributeElement jaxbAttr = iter.next(); Attribute attr = AssertionFactory.getInstance().createAttribute(); - attr.setName(jaxbAttr.getName()); - attr.setNameFormat(jaxbAttr.getNameFormat()); - attr.setFriendlyName(jaxbAttr.getFriendlyName()); + attr.setName(jaxbAttr.getValue().getName()); + attr.setNameFormat(jaxbAttr.getValue().getNameFormat()); + attr.setFriendlyName(jaxbAttr.getValue().getFriendlyName()); - List jaxbValues = jaxbAttr.getAttributeValue(); + List jaxbValues = jaxbAttr.getValue().getAttributeValue(); if ((jaxbValues != null) && (!jaxbValues.isEmpty())) { - List newValues = new ArrayList(); - for(Iterator iterV = jaxbValues.iterator(); iterV.hasNext();) { - AttributeValueElement jaxbValeu = - (AttributeValueElement)iter.next(); - List content = jaxbValeu.getContent(); - if ((content != null) && (!content.isEmpty())) { - newValues.add(content.get(0)); + List newValues = new ArrayList<>(); + for(Iterator iterV = jaxbValues.iterator(); iterV.hasNext();) { + AttributeValueElement jaxbValeu = iterV.next(); + Object content = jaxbValeu.getValue(); + if (content != null) { + newValues.add(content); } } if (!newValues.isEmpty()) { @@ -989,8 +987,8 @@ private static Attribute filterAttributeValues(Attribute attr, } private static boolean isSameAttribute(Attribute desired, AttributeElement supported) { - return desired.getName().equals(supported.getName()) - && isNameFormatMatching(desired.getNameFormat(), supported.getNameFormat()); + return desired.getName().equals(supported.getValue().getName()) + && isNameFormatMatching(desired.getNameFormat(), supported.getValue().getNameFormat()); } /** @@ -1021,16 +1019,16 @@ private static boolean isValueValid(Attribute desiredAttr, if ((valuesD == null) || (valuesD.isEmpty())) { return true; } - List attrValuesS = supportedAttr.getAttributeValue(); + List attrValuesS = supportedAttr.getValue().getAttributeValue(); if ((attrValuesS == null) || (attrValuesS.isEmpty())) { return true; } - List valuesS = new ArrayList(); - for(Iterator iter = attrValuesS.iterator(); iter.hasNext(); ) { + List valuesS = new ArrayList<>(); + for(Iterator iter = attrValuesS.iterator(); iter.hasNext(); ) { AttributeValueElement attrValueElem = - (AttributeValueElement)iter.next(); - valuesS.addAll(attrValueElem.getContent()); + iter.next(); + valuesS.add(attrValueElem.getValue()); } try { @@ -1126,7 +1124,7 @@ private static void verifyResponse(Response response, "responseNotSigned")); } - Set signingCerts = KeyUtil.getVerificationCerts(aad, attrAuthorityEntityID, + Set signingCerts = KeyUtil.getVerificationCerts(aad.getValue(), attrAuthorityEntityID, SAML2Constants.ATTR_AUTH_ROLE); if (!signingCerts.isEmpty()) { @@ -1151,7 +1149,7 @@ private static String findLocation( AttributeAuthorityDescriptorElement aad, String binding, String attrQueryProfile, String attrProfile) { SAML2Utils.debug.message("AttributeQueryUtil.findLocation entering..."); - List attrProfiles = aad.getAttributeProfile(); + List attrProfiles = aad.getValue().getAttributeProfile(); if ((attrProfiles == null) || (attrProfiles.isEmpty())) { SAML2Utils.debug.message("AttributeQueryUtil.findLocation: attrProfiles is null or empty"); if (attrProfile != null) { @@ -1164,14 +1162,14 @@ private static String findLocation( } SAML2Utils.debug.message("AttributeQueryUtil.findLocation: entering..."); - List attrServices = aad.getAttributeService(); - for(Iterator iter = attrServices.iterator(); iter.hasNext(); ) { + List attrServices = aad.getValue().getAttributeService(); + for(Iterator iter = attrServices.iterator(); iter.hasNext(); ) { AttributeServiceElement attrService = - (AttributeServiceElement)iter.next(); + iter.next(); if (isValidAttributeService(binding, attrService, attrQueryProfile)) { SAML2Utils.debug.message("AttributeQueryUtil.findLocation: found valid service"); - return attrService.getLocation(); + return attrService.getValue().getLocation(); } } SAML2Utils.debug.message("AttributeQueryUtil.findLocation: nothing found, leaving last line with null"); @@ -1182,7 +1180,7 @@ private static String findLocation( private static boolean isValidAttributeService(String binding, AttributeServiceElement attrService, String attrQueryProfile) { - if (!binding.equalsIgnoreCase(attrService.getBinding())) { + if (!binding.equalsIgnoreCase(attrService.getValue().getBinding())) { return false; } @@ -1193,7 +1191,7 @@ private static boolean isValidAttributeService(String binding, return ((attrQueryProfile.equals( SAML2Constants.DEFAULT_ATTR_QUERY_PROFILE)) || (SAML2Constants.X509_SUBJECT_ATTR_QUERY_PROFILE.equals( - attrQueryProfile) && attrService.isSupportsX509Query())); + attrQueryProfile) && Boolean.TRUE.equals(attrService.getValue().isSupportsX509Query()))); } /** @@ -1257,11 +1255,14 @@ private static String getAttributeValueFromAttrAuthorityConfig( AttributeAuthorityConfigElement config = metaManager.getAttributeAuthorityConfig(realm, attrAuthorityEntityID); - Map attrs = SAML2MetaUtils.getAttributes(config); + if (config == null) { + return null; + } + Map> attrs = SAML2MetaUtils.getAttributes(config.getValue()); String value = null; - List values = (List) attrs.get(attrName); + List values = attrs.get(attrName); if ((values != null) && (!values.isEmpty())) { - value = ((String)values.iterator().next()).trim(); + value = values.iterator().next().trim(); } return value; } catch (SAML2MetaException sme) { @@ -1348,7 +1349,7 @@ public static Map> getAttributesForFedlet(String spEntityID, return null; } - String attrqMetaAlias = attrQueryConfig.getMetaAlias(); + String attrqMetaAlias = attrQueryConfig.getValue().getMetaAlias(); if (attrqMetaAlias == null) { if (SAML2Utils.debug.messageEnabled()) { SAML2Utils.debug.message(classMethod + "Attribute Query MetaAlias is null"); @@ -1498,7 +1499,7 @@ private static AttributeQuery constructAttrQueryForFedlet( AttributeAuthorityDescriptorElement aad = metaManager.getAttributeAuthorityDescriptor("/", idpEntityID); - EncInfo encInfo = KeyUtil.getEncInfo(aad, idpEntityID, + EncInfo encInfo = KeyUtil.getEncInfo(aad.getValue(), idpEntityID, SAML2Constants.ATTR_AUTH_ROLE); EncryptedID encryptedID = nameID.encrypt(encInfo.getWrappingKey(), diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/AuthnQueryUtil.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/AuthnQueryUtil.java index 16e2a5a754..ffe7acb287 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/AuthnQueryUtil.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/AuthnQueryUtil.java @@ -25,14 +25,13 @@ * $Id: AuthnQueryUtil.java,v 1.8 2008/12/03 00:32:31 hengming Exp $ * * Portions Copyrighted 2010-2016 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.saml2.profile; import static org.forgerock.openam.utils.Time.*; import java.util.ArrayList; -import java.util.Date; import java.util.Iterator; import java.util.List; import java.security.PrivateKey; @@ -133,12 +132,12 @@ public static Response sendAuthnQuery(AuthnQuery authnQuery, } String location = null; - List authnService = aad.getAuthnQueryService(); - for(Iterator iter = authnService.iterator(); iter.hasNext(); ) { + List authnService = aad.getValue().getAuthnQueryService(); + for(Iterator iter = authnService.iterator(); iter.hasNext(); ) { AuthnQueryServiceElement authnService1 = - (AuthnQueryServiceElement)iter.next(); - if (binding.equalsIgnoreCase(authnService1.getBinding())) { - location = authnService1.getLocation(); + iter.next(); + if (binding.equalsIgnoreCase(authnService1.getValue().getBinding())) { + location = authnService1.getValue().getLocation(); break; } } @@ -395,7 +394,8 @@ private static void verifyAuthnQuery(AuthnQuery authnQuery, throw new SAML2Exception(SAML2Utils.bundle.getString( "authnQueryIssuerNotFound")); } - Set signingCerts = KeyUtil.getVerificationCerts(spSSODesc, spEntityID, SAML2Constants.SP_ROLE); + Set signingCerts = KeyUtil.getVerificationCerts( + spSSODesc.getValue(), spEntityID, SAML2Constants.SP_ROLE); if (!signingCerts.isEmpty()) { boolean valid = authnQuery.isSignatureValid(signingCerts); @@ -451,7 +451,8 @@ private static Response sendAuthnQuerySOAP(AuthnQuery authnQuery, AuthnAuthorityConfigElement config = metaManager.getAuthnAuthorityConfig(realm, authnAuthorityEntityID); - authnServiceURL = SAML2Utils.fillInBasicAuthInfo(config, + authnServiceURL = SAML2Utils.fillInBasicAuthInfo( + (config == null) ? null : config.getValue(), authnServiceURL); SOAPMessage resMsg = null; @@ -507,7 +508,7 @@ private static void verifyResponse(Response response, "responseNotSigned")); } - Set signingCerts = KeyUtil.getVerificationCerts(aad, authnAuthorityEntityID, + Set signingCerts = KeyUtil.getVerificationCerts(aad.getValue(), authnAuthorityEntityID, SAML2Constants.AUTHN_AUTH_ROLE); if (signingCerts.isEmpty()) { @@ -544,7 +545,7 @@ private static void verifyResponse(Response response, return; } - signingCerts = KeyUtil.getVerificationCerts(aad, authnAuthorityEntityID, SAML2Constants.IDP_ROLE); + signingCerts = KeyUtil.getVerificationCerts(aad.getValue(), authnAuthorityEntityID, SAML2Constants.IDP_ROLE); for(Iterator iter = assertions.iterator(); iter.hasNext(); ) { Assertion assertion = (Assertion)iter.next(); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/DiscoveryBootstrap.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/DiscoveryBootstrap.java index 27f870e8f7..32352a23a6 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/DiscoveryBootstrap.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/DiscoveryBootstrap.java @@ -165,7 +165,7 @@ private String getResourceOffering(String authnContextClassRef, String univID = values[0]; try { - ResourceOfferingType offering = discoEntry.getResourceOffering(); + ResourceOfferingType offering = discoEntry.getValue().getResourceOffering().getValue(); ServiceInstanceType serviceInstance = offering.getServiceInstance(); String providerID = serviceInstance.getProviderID(); if (!DiscoServiceManager.useImpliedResource()) { @@ -202,7 +202,7 @@ private String getResourceOffering(String authnContextClassRef, IDPSSODescriptorElement idpSSODesc = SAML2Utils .getSAML2MetaManager().getIDPSSODescriptor(realm, providerID); - EncInfo encInfo = KeyUtil.getEncInfo(idpSSODesc, wscID, + EncInfo encInfo = KeyUtil.getEncInfo(idpSSODesc.getValue(), wscID, SAML2Constants.IDP_ROLE); NameIdentifier ni = diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/DoManageNameID.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/DoManageNameID.java index 4c3e14dc59..264705fd4e 100755 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/DoManageNameID.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/DoManageNameID.java @@ -25,7 +25,7 @@ * $Id: DoManageNameID.java,v 1.26 2009/11/24 21:53:27 madan_ranganath Exp $ * * Portions copyright 2013-2016 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.saml2.profile; @@ -34,10 +34,8 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.OutputStream; -import java.security.Key; import java.security.PrivateKey; import java.security.cert.X509Certificate; -import java.util.Date; import java.util.Enumeration; import java.util.Iterator; import java.util.List; @@ -76,6 +74,8 @@ import com.sun.identity.saml2.common.SAML2SDKUtils; import com.sun.identity.saml2.common.SAML2Utils; import com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType; +import com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement; +import com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement; import com.sun.identity.saml2.jaxb.metadata.AffiliationDescriptorType; import com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement; import com.sun.identity.saml2.jaxb.metadata.ManageNameIDServiceElement; @@ -231,7 +231,7 @@ public static void initiateManageNameIDRequest( getMNIServiceElement(realm, remoteEntityID, hostEntityRole, binding); if (binding == null) { - binding = mniService.getBinding(); + binding = mniService.getValue().getBinding(); } if (binding == null) { @@ -242,7 +242,7 @@ public static void initiateManageNameIDRequest( String mniURL = null; if (mniService != null) { - mniURL = mniService.getLocation(); + mniURL = mniService.getValue().getLocation(); } if (mniURL == null) { @@ -291,9 +291,11 @@ public static void initiateManageNameIDRequest( BaseConfigType config = null; if (hostEntityRole.equalsIgnoreCase(SAML2Constants.SP_ROLE)) { - config = metaManager.getIDPSSOConfig(realm, remoteEntityID); + IDPSSOConfigElement configElem = metaManager.getIDPSSOConfig(realm, remoteEntityID); + config = (configElem == null) ? null : configElem.getValue(); } else { - config = metaManager.getSPSSOConfig(realm, remoteEntityID); + SPSSOConfigElement configElem = metaManager.getSPSSOConfig(realm, remoteEntityID); + config = (configElem == null) ? null : configElem.getValue(); } mniURL = SAML2Utils.fillInBasicAuthInfo(config, mniURL); if (!doMNIBySOAP(mniRequest, mniURL, metaAlias, hostEntityRole, @@ -368,7 +370,7 @@ public static String getMNIBindingInfo(HttpServletRequest request, getMNIServiceElement(realm, remoteEntityID, hostEntityRole, null); if (mniService != null) { - binding = mniService.getBinding(); + binding = mniService.getValue().getBinding(); } } } catch (SessionException e) { @@ -478,10 +480,10 @@ private static boolean verifyMNIRequest(ManageNameIDRequest mniRequest, Set signingCerts; if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) { SPSSODescriptorElement spSSODesc = metaManager.getSPSSODescriptor(realm, remoteEntity); - signingCerts = KeyUtil.getVerificationCerts(spSSODesc, remoteEntity, SAML2Constants.SP_ROLE); + signingCerts = KeyUtil.getVerificationCerts(spSSODesc.getValue(), remoteEntity, SAML2Constants.SP_ROLE); } else { IDPSSODescriptorElement idpSSODesc = metaManager.getIDPSSODescriptor(realm, remoteEntity); - signingCerts = KeyUtil.getVerificationCerts(idpSSODesc, remoteEntity, SAML2Constants.IDP_ROLE); + signingCerts = KeyUtil.getVerificationCerts(idpSSODesc.getValue(), remoteEntity, SAML2Constants.IDP_ROLE); } if (!signingCerts.isEmpty()) { @@ -591,10 +593,10 @@ private static boolean verifyMNIResponse(ManageNameIDResponse mniResponse, Set signingCerts; if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) { SPSSODescriptorElement spSSODesc = metaManager.getSPSSODescriptor(realm, remoteEntity); - signingCerts = KeyUtil.getVerificationCerts(spSSODesc, remoteEntity, SAML2Constants.SP_ROLE); + signingCerts = KeyUtil.getVerificationCerts(spSSODesc.getValue(), remoteEntity, SAML2Constants.SP_ROLE); } else { IDPSSODescriptorElement idpSSODesc = metaManager.getIDPSSODescriptor(realm, remoteEntity); - signingCerts = KeyUtil.getVerificationCerts(idpSSODesc, remoteEntity, SAML2Constants.IDP_ROLE); + signingCerts = KeyUtil.getVerificationCerts(idpSSODesc.getValue(), remoteEntity, SAML2Constants.IDP_ROLE); } if (!signingCerts.isEmpty()) { @@ -745,9 +747,9 @@ public static void processHttpRequest(HttpServletRequest request, ManageNameIDServiceElement mniService = getMNIServiceElement(realm, remoteEntityID, hostRole, SAML2Constants.HTTP_REDIRECT); - String mniURL = mniService.getResponseLocation(); + String mniURL = mniService.getValue().getResponseLocation(); if (mniURL == null){ - mniURL = mniService.getLocation(); + mniURL = mniService.getValue().getLocation(); } ManageNameIDResponse mniResponse = processManageNameIDRequest( mniRequest, metaAlias, remoteEntityID, paramsMap, mniURL, @@ -1852,12 +1854,12 @@ static private void setNameIDForMNIRequest(ManageNameIDRequest mniRequest, if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) { SPSSODescriptorElement spSSODesc = metaManager.getSPSSODescriptor(realm, remoteEntity); - encInfo = KeyUtil.getEncInfo(spSSODesc, remoteEntity, + encInfo = KeyUtil.getEncInfo(spSSODesc.getValue(), remoteEntity, SAML2Constants.SP_ROLE); } else { IDPSSODescriptorElement idpSSODesc = metaManager.getIDPSSODescriptor(realm, remoteEntity); - encInfo = KeyUtil.getEncInfo(idpSSODesc, remoteEntity, + encInfo = KeyUtil.getEncInfo(idpSSODesc.getValue(), remoteEntity, SAML2Constants.IDP_ROLE); } @@ -1974,16 +1976,16 @@ static public ManageNameIDServiceElement getIDPManageNameIDConfig( return null; } - List list = idpSSODesc.getManageNameIDService(); + List list = idpSSODesc.getValue().getManageNameIDService(); if ((list != null) && !list.isEmpty()) { if (binding == null) { - return (ManageNameIDServiceElement)list.get(0); + return list.get(0); } - Iterator it = list.iterator(); + Iterator it = list.iterator(); while (it.hasNext()) { - mni = (ManageNameIDServiceElement)it.next(); - if (binding.equalsIgnoreCase(mni.getBinding())) { + mni = it.next(); + if (binding.equalsIgnoreCase(mni.getValue().getBinding())) { break; } } @@ -2015,7 +2017,7 @@ static public ManageNameIDServiceElement getSPManageNameIDConfig( return null; } - List list = spSSODesc.getManageNameIDService(); + List list = spSSODesc.getValue().getManageNameIDService(); if ((list != null) && !list.isEmpty()) { if (binding == null) { @@ -2024,7 +2026,7 @@ static public ManageNameIDServiceElement getSPManageNameIDConfig( Iterator it = list.iterator(); while (it.hasNext()) { mni = (ManageNameIDServiceElement)it.next(); - if (binding.equalsIgnoreCase(mni.getBinding())) { + if (binding.equalsIgnoreCase(mni.getValue().getBinding())) { break; } } @@ -2290,9 +2292,9 @@ public static void processPOSTRequest(HttpServletRequest request, } ManageNameIDServiceElement mniService = getMNIServiceElement(realm, remoteEntityID, hostEntityRole, SAML2Constants.HTTP_POST); - String mniURL = mniService.getResponseLocation(); + String mniURL = mniService.getValue().getResponseLocation(); if (mniURL == null){ - mniURL = mniService.getLocation(); + mniURL = mniService.getValue().getLocation(); } ///common for post, redirect, soap diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPArtifactResolution.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPArtifactResolution.java index cdefbe2ebf..d71bdf32ad 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPArtifactResolution.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPArtifactResolution.java @@ -25,7 +25,7 @@ * $Id: IDPArtifactResolution.java,v 1.13 2009/11/20 21:41:16 exu Exp $ * * Portions Copyrighted 2012-2016 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.saml2.profile; @@ -333,7 +333,7 @@ public static SOAPMessage onMessage(SOAPMessage message, return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "ArtifactResolveNotSigned", null); } - Set verificationCerts = KeyUtil.getVerificationCerts(spSSODescriptor, spEntityID, + Set verificationCerts = KeyUtil.getVerificationCerts(spSSODescriptor.getValue(), spEntityID, SAML2Constants.SP_ROLE); if (!artResolve.isSignatureValid(verificationCerts)) { SAML2Utils.debug.error(classMethod + @@ -469,7 +469,7 @@ public static SOAPMessage onMessage(SOAPMessage message, } // check if need to sign the assertion - boolean signAssertion = spSSODescriptor.isWantAssertionsSigned(); + boolean signAssertion = Boolean.TRUE.equals(spSSODescriptor.getValue().isWantAssertionsSigned()); if (signAssertion) { if (SAML2Utils.debug.messageEnabled()) { SAML2Utils.debug.message(classMethod + diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPProxyUtil.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPProxyUtil.java index 63d4954b3d..47e0e03adb 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPProxyUtil.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPProxyUtil.java @@ -25,7 +25,7 @@ * $Id: IDPProxyUtil.java,v 1.18 2009/11/20 21:41:16 exu Exp $ * * Portions Copyrighted 2010-2016 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.saml2.profile; @@ -38,6 +38,7 @@ import com.sun.identity.saml2.common.SAML2FailoverUtils; import com.sun.identity.saml2.common.SOAPCommunicator; +import com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement; import com.sun.identity.saml2.logging.LogUtil; import com.sun.identity.saml2.protocol.RequesterID; import com.sun.identity.saml2.protocol.impl.RequesterIDImpl; @@ -74,7 +75,6 @@ import com.sun.identity.saml2.protocol.Scoping; import java.io.IOException; import java.security.PrivateKey; -import java.util.Date; import java.util.Iterator; import java.util.List; import java.util.ArrayList; @@ -184,14 +184,14 @@ public static void sendProxyAuthnRequest( String binding; try { idpDescriptor = IDPSSOUtil.metaManager.getIDPSSODescriptor(realm, preferredIDP); - List ssoServiceList = idpDescriptor.getSingleSignOnService(); + List ssoServiceList = idpDescriptor.getValue().getSingleSignOnService(); SingleSignOnServiceElement endpoint = getMatchingSSOEndpoint(ssoServiceList, originalBinding); if (endpoint == null) { SAML2Utils.debug.error(classMethod + "Single Sign-on service is not found for the proxying IDP."); throw new SAML2Exception(SAML2Utils.bundle.getString("ssoServiceNotFoundIDPProxy")); } - binding = endpoint.getBinding(); - destination = endpoint.getLocation(); + binding = endpoint.getValue().getBinding(); + destination = endpoint.getValue().getLocation(); localDescriptor = IDPSSOUtil.metaManager.getSPSSODescriptor(realm, hostedEntityId); localDescriptorConfig = IDPSSOUtil.metaManager.getSPSSOConfig(realm, hostedEntityId); @@ -219,7 +219,8 @@ public static void sendProxyAuthnRequest( IDPCache.proxySPAuthnReqCache.put(requestID, authnRequest); - boolean signingNeeded = idpDescriptor.isWantAuthnRequestsSigned() || localDescriptor.isAuthnRequestsSigned(); + boolean signingNeeded = Boolean.TRUE.equals(idpDescriptor.getValue().isWantAuthnRequestsSigned()) + || Boolean.TRUE.equals(localDescriptor.getValue().isAuthnRequestsSigned()); // check if relayState is present and get the unique // id which will be appended to the SSO URL before @@ -233,7 +234,7 @@ public static void sendProxyAuthnRequest( if (binding.equals(SAML2Constants.HTTP_POST)) { if (signingNeeded) { String certAlias = SPSSOFederate.getParameter( - SAML2MetaUtils.getAttributes(localDescriptorConfig), + SAML2MetaUtils.getAttributes(localDescriptorConfig.getValue()), SAML2Constants.SIGNING_CERT_ALIAS); SPSSOFederate.signAuthnRequest(certAlias,newAuthnRequest); } @@ -269,7 +270,7 @@ public static void sendProxyAuthnRequest( if (signingNeeded) { String certAlias = SPSSOFederate.getParameter( - SAML2MetaUtils.getAttributes(localDescriptorConfig), + SAML2MetaUtils.getAttributes(localDescriptorConfig.getValue()), SAML2Constants.SIGNING_CERT_ALIAS); String signedQueryStr = SPSSOFederate.signQueryString( queryString.toString(),certAlias); @@ -314,7 +315,7 @@ private static SingleSignOnServiceElement getMatchingSSOEndpoint(List the incoming request //did not contained a Scoping field SPSSOConfigElement spConfig = getSPSSOConfigByAuthnRequest(realm, origRequest); - Map> spConfigAttrMap = SAML2MetaUtils.getAttributes(spConfig); + Map> spConfigAttrMap = SAML2MetaUtils.getAttributes(spConfig.getValue()); scoping = ProtocolFactory.getInstance().createScoping(); String proxyCountParam = SPSSOFederate.getParameter(spConfigAttrMap, SAML2Constants.IDP_PROXY_COUNT); @@ -479,7 +480,7 @@ public static boolean isIDPProxyEnabled(AuthnRequest authnRequest, //let's check if always IdP proxy and IdP Proxy itself is enabled spConfig = getSPSSOConfigByAuthnRequest(realm, authnRequest); if (spConfig != null) { - spConfigAttrsMap = SAML2MetaUtils.getAttributes(spConfig); + spConfigAttrsMap = SAML2MetaUtils.getAttributes(spConfig.getValue()); Boolean alwaysEnabled = SPSSOFederate.getAttrValueFromMap( spConfigAttrsMap, SAML2Constants.ALWAYS_IDP_PROXY); Boolean proxyEnabled = SPSSOFederate.getAttrValueFromMap( @@ -508,7 +509,7 @@ public static boolean isIDPProxyEnabled(AuthnRequest authnRequest, IDPSSOUtil.metaManager.getSPSSOConfig(realm, authnRequest.getIssuer().getValue()); if (spConfig != null) { - spConfigAttrsMap = SAML2MetaUtils.getAttributes(spConfig); + spConfigAttrsMap = SAML2MetaUtils.getAttributes(spConfig.getValue()); } Boolean enabledString = SPSSOFederate.getAttrValueFromMap( spConfigAttrsMap, SAML2Constants.ENABLE_IDP_PROXY); @@ -672,7 +673,8 @@ private static String getNameIDFormat(Response res, String metaAlias) { String realm = SAML2Utils.getRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAlias)); try { String hostEntityId = sm.getEntityByMetaAlias(metaAlias); - Set decryptionKeys = KeyUtil.getDecryptionKeys(sm.getSPSSOConfig(realm, hostEntityId)); + Set decryptionKeys = KeyUtil.getDecryptionKeys( + sm.getSPSSOConfig(realm, hostEntityId).getValue()); assertion = encryptedAssertions.get(0).decrypt(decryptionKeys); } catch (SAML2Exception ex) { SAML2Utils.debug.error("getNameIDFormat failed decrypting EncryptedAssertion", ex); @@ -808,7 +810,7 @@ public static String getLocation (String realm, String idpEntityID, throw new SAML2Exception( SAML2Utils.bundle.getString("metaDataError")); } - List slosList = idpsso.getSingleLogoutService(); + List slosList = idpsso.getValue().getSingleLogoutService(); if (slosList == null) { String[] data = {idpEntityID}; LogUtil.error(Level.INFO,LogUtil.SLO_NOT_FOUND,data, @@ -1081,7 +1083,7 @@ public static void sendIDPInitProxyLogoutRequest( String logoutAll = request.getParameter(SAML2Constants.LOGOUT_ALL); HashMap paramsMap = new HashMap(); IDPSSOConfigElement config = sm.getIDPSSOConfig(realm, spEntityID); - paramsMap.put("metaAlias", config.getMetaAlias()); + paramsMap.put("metaAlias", config.getValue().getMetaAlias()); paramsMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE); paramsMap.put(SAML2Constants.BINDING, SAML2Constants.HTTP_REDIRECT); paramsMap.put("Destination", request.getParameter("Destination")); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPSSOUtil.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPSSOUtil.java index 43fa3bb1cd..8d0e8d83d9 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPSSOUtil.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPSSOUtil.java @@ -1229,7 +1229,8 @@ private static AuthnStatement getAuthnStatement( if (CollectionUtils.isNotEmpty(encryptedAssertions)) { boolean firstAssertion = true; String hostEntityId = metaManager.getEntityByMetaAlias(metaAlias); - Set decryptionKeys = KeyUtil.getDecryptionKeys(metaManager.getSPSSOConfig(realm, hostEntityId)); + Set decryptionKeys = KeyUtil.getDecryptionKeys( + metaManager.getSPSSOConfig(realm, hostEntityId).getValue()); for (EncryptedAssertion encryptedAssertion : encryptedAssertions) { Assertion assertion = encryptedAssertion.decrypt(decryptionKeys); authenticatingAuthorities.addAll(extractAuthenticatingAuthorities(assertion)); @@ -1853,7 +1854,7 @@ public static String getDefaultACSurl( String classMethod = "IDPSSOUtil.getDefaultACSurl: "; SPSSODescriptorElement spSSODescriptorElement = getSPSSODescriptor( realm, spEntityID, classMethod); - List acsList = spSSODescriptorElement.getAssertionConsumerService(); + List acsList = spSSODescriptorElement.getValue().getAssertionConsumerService(); AssertionConsumerServiceElement acs = null; String acsURL = null; String binding = null; @@ -1861,13 +1862,13 @@ public static String getDefaultACSurl( String firstBinding = null; for (int i = 0; i < acsList.size(); i++) { acs = (AssertionConsumerServiceElement) acsList.get(i); - if (acs.isIsDefault()) { - acsURL = acs.getLocation(); - binding = acs.getBinding(); + if (Boolean.TRUE.equals(acs.getValue().isIsDefault())) { + acsURL = acs.getValue().getLocation(); + binding = acs.getValue().getBinding(); } if (i == 0) { - firstAcsURL = acs.getLocation(); - firstBinding = acs.getBinding(); + firstAcsURL = acs.getValue().getLocation(); + firstBinding = acs.getValue().getBinding(); } } @@ -1898,14 +1899,14 @@ public static String getBindingForAcsUrl( String classMethod = "IDPSSOUtil.getBindingForAcsUrl: "; SPSSODescriptorElement spSSODescriptorElement = getSPSSODescriptor( realm, spEntityID, classMethod); - List acsList = spSSODescriptorElement.getAssertionConsumerService(); + List acsList = spSSODescriptorElement.getValue().getAssertionConsumerService(); AssertionConsumerServiceElement acs = null; String binding = null; for (int i = 0; i < acsList.size(); i++) { acs = (AssertionConsumerServiceElement) acsList.get(i); - String location = acs.getLocation(); + String location = acs.getValue().getLocation(); if (location != null && location.equals(acsURL)) { - return acs.getBinding(); + return acs.getValue().getBinding(); } } return null; @@ -1933,7 +1934,7 @@ public static String getACSurlFromMetaByBinding( String classMethod = "IDPSSOUtil.getACSurlFromMetaByBinding: "; SPSSODescriptorElement spSSODescriptorElement = getSPSSODescriptor( realm, spEntityID, classMethod); - List acsList = spSSODescriptorElement.getAssertionConsumerService(); + List acsList = spSSODescriptorElement.getValue().getAssertionConsumerService(); String acsURL = null; String binding = null; String defaultAcsURL = null; @@ -1944,18 +1945,18 @@ public static String getACSurlFromMetaByBinding( for (int i = 0; i < acsList.size(); i++) { acs = (AssertionConsumerServiceElement) acsList.get(i); - binding = acs.getBinding(); + binding = acs.getValue().getBinding(); if (binding.equals(desiredBinding)) { - acsURL = acs.getLocation(); + acsURL = acs.getValue().getLocation(); break; } - if (acs.isIsDefault()) { - defaultAcsURL = acs.getLocation(); - defaultBinding = acs.getBinding(); + if (Boolean.TRUE.equals(acs.getValue().isIsDefault())) { + defaultAcsURL = acs.getValue().getLocation(); + defaultBinding = acs.getValue().getBinding(); } if (i == 0) { - firstAcsURL = acs.getLocation(); - firstBinding = acs.getBinding(); + firstAcsURL = acs.getValue().getLocation(); + firstBinding = acs.getValue().getBinding(); } } if (acsURL == null || acsURL.length() == 0) { @@ -2003,7 +2004,7 @@ public static String getACSurlFromMetaByIndex( SPSSODescriptorElement spSSODescriptorElement = getSPSSODescriptor( realm, spEntityID, classMethod); - List acsList = spSSODescriptorElement.getAssertionConsumerService(); + List acsList = spSSODescriptorElement.getValue().getAssertionConsumerService(); int index; String acsURL = null; String binding = null; @@ -2015,20 +2016,20 @@ public static String getACSurlFromMetaByIndex( for (int i = 0; i < acsList.size(); i++) { acs = (AssertionConsumerServiceElement) acsList.get(i); - index = acs.getIndex(); - binding = acs.getBinding(); + index = acs.getValue().getIndex(); + binding = acs.getValue().getBinding(); if (index == acsIndex) { - acsURL = acs.getLocation(); - binding = acs.getBinding(); + acsURL = acs.getValue().getLocation(); + binding = acs.getValue().getBinding(); break; } - if (acs.isIsDefault()) { - defaultAcsURL = acs.getLocation(); - defaultBinding = acs.getBinding(); + if (Boolean.TRUE.equals(acs.getValue().isIsDefault())) { + defaultAcsURL = acs.getValue().getLocation(); + defaultBinding = acs.getValue().getBinding(); } if (i == 0) { - firstAcsURL = acs.getLocation(); - firstBinding = acs.getBinding(); + firstAcsURL = acs.getValue().getLocation(); + firstBinding = acs.getValue().getBinding(); } } if (acsURL == null || acsURL.length() == 0) { @@ -2100,7 +2101,7 @@ public static void sendResponseArtifact(HttpServletRequest request, ArtifactResolutionServiceElement ars = (ArtifactResolutionServiceElement) - idpSSODescriptorElement.getArtifactResolutionService().get(0); + idpSSODescriptorElement.getValue().getArtifactResolutionService().get(0); if (ars == null) { SAML2Utils.debug.error(classMethod + "Unable to get ArtifactResolutionServiceElement from meta."); @@ -2115,7 +2116,7 @@ public static void sendResponseArtifact(HttpServletRequest request, try { art = ProtocolFactory.getInstance().createArtifact( null, - ars.getIndex(), + ars.getValue().getIndex(), SAML2Utils.generateSourceID(idpEntityID), SAML2Utils.generateMessageHandleWithServerID() ); @@ -2343,7 +2344,7 @@ public static String getAttributeValueFromIDPSSOConfig( try { IDPSSOConfigElement config = metaManager.getIDPSSOConfig( realm, hostEntityId); - Map attrs = SAML2MetaUtils.getAttributes(config); + Map attrs = SAML2MetaUtils.getAttributes(config.getValue()); List value = (List) attrs.get(attrName); if (value != null && value.size() != 0) { result = (String) value.get(0); @@ -2586,7 +2587,7 @@ static void signAndEncryptResponseComponents(String realm, SPSSODescriptorElement spSSODescriptorElement = getSPSSODescriptor( realm, spEntityID, classMethod); // get the encryption information - EncInfo encInfo = KeyUtil.getEncInfo(spSSODescriptorElement, + EncInfo encInfo = KeyUtil.getEncInfo(spSSODescriptorElement.getValue(), spEntityID, SAML2Constants.SP_ROLE); if (encInfo == null) { SAML2Utils.debug.error(classMethod + @@ -2715,7 +2716,7 @@ private static String getWriterURL(String realm, metaManager.getIDPSSOConfig(realm, idpEntityID); Map idpConfigAttrsMap = null; if (idpEntityCfg != null) { - idpConfigAttrsMap = SAML2MetaUtils.getAttributes(idpEntityCfg); + idpConfigAttrsMap = SAML2MetaUtils.getAttributes(idpEntityCfg.getValue()); } if ((idpConfigAttrsMap == null) || (idpConfigAttrsMap.size() == 0)) { return null; @@ -2731,7 +2732,7 @@ private static String getWriterURL(String realm, metaManager.getSPSSOConfig(realm, spEntityID); Map spConfigAttrsMap = null; if (spEntityCfg != null) { - spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg); + spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg.getValue()); } if ((spConfigAttrsMap == null) || (spConfigAttrsMap.size() == 0)) { return null; @@ -2981,12 +2982,12 @@ private static boolean isACSurlValidInMetadataSP(String acsURL, SPSSODescriptorElement spSSODescriptorElement = getSPSSODescriptor( realm, spEntityID, classMethod); - List acsList = spSSODescriptorElement.getAssertionConsumerService(); + List acsList = spSSODescriptorElement.getValue().getAssertionConsumerService(); AssertionConsumerServiceElement acs = null; for (int i = 0; i < acsList.size(); i++) { acs = (AssertionConsumerServiceElement) acsList.get(i); - String acsInMeta = acs.getLocation(); + String acsInMeta = acs.getValue().getLocation(); if (acsInMeta.equalsIgnoreCase(acsURL)) { isValidACSurl = true; SAML2Utils.debug.message(classMethod + " acsURL=" + acsURL + @@ -3013,7 +3014,7 @@ private static boolean wantAssertionsSigned(String realm, String spEntityID) thr SAML2Utils.debug.message(method + ": realm - " + realm + "/: spEntityID - " + spEntityID); } SPSSODescriptorElement spSSODescriptor = getSPSSODescriptor(spEntityID, realm, method); - return spSSODescriptor.isWantAssertionsSigned(); + return Boolean.TRUE.equals(spSSODescriptor.getValue().isWantAssertionsSigned()); } /** diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPSessionListener.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPSessionListener.java index f8e3836fac..7a65b6434a 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPSessionListener.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPSessionListener.java @@ -25,6 +25,7 @@ * $Id: IDPSessionListener.java,v 1.10 2009/09/23 22:28:31 bigfatrat Exp $ * * Portions Copyrighted 2014-2015 ForgeRock AS. + * Portions Copyrighted 2026 3A Systems LLC. */ package com.sun.identity.saml2.profile; @@ -33,6 +34,7 @@ import java.util.Map; import java.util.HashMap; import java.util.logging.Level; +import java.util.stream.Collectors; import com.sun.identity.plugin.monitoring.FedMonAgent; import com.sun.identity.plugin.monitoring.FedMonSAML2Svc; @@ -47,6 +49,7 @@ import com.sun.identity.saml2.common.SAML2FailoverUtils; import com.sun.identity.saml2.common.SAML2Utils; import com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType; +import com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement; import com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement; import com.sun.identity.saml2.jaxb.metadata.EndpointType; import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement; @@ -55,6 +58,7 @@ import com.sun.identity.saml2.meta.SAML2MetaManager; import com.sun.identity.saml2.meta.SAML2MetaUtils; import com.sun.identity.shared.debug.Debug; +import jakarta.xml.bind.JAXBElement; import org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException; @@ -153,8 +157,10 @@ public void sessionInvalidated(Object session) String spEntityID = pair.getSPEntityID(); NameID nameID = pair.getNameID(); - BaseConfigType idpConfig = + IDPSSOConfigElement idpConfigElem = sm.getIDPSSOConfig(realm, idpEntityID); + BaseConfigType idpConfig = + (idpConfigElem == null) ? null : idpConfigElem.getValue(); if (idpConfig != null) { List idpSessionSyncList = @@ -296,7 +302,8 @@ private void initiateIDPSingleLogout(String sessionIndex, String metaAlias, Stri throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError")); } - List slosList = spsso.getSingleLogoutService(); + List slosList = spsso.getValue().getSingleLogoutService().stream() + .map(JAXBElement::getValue).collect(Collectors.toList()); String location = LogoutUtil.getSLOServiceLocation(slosList, SAML2Constants.SOAP); if (location == null) { @@ -310,6 +317,6 @@ private void initiateIDPSingleLogout(String sessionIndex, String metaAlias, Stri SPSSOConfigElement spConfig = sm.getSPSSOConfig(realm, spEntityID); LogoutUtil.doLogout(metaAlias, spEntityID, slosList, null, binding, null, sessionIndex, nameID, null, null, - paramsMap, spConfig); + paramsMap, (spConfig == null) ? null : spConfig.getValue()); } } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPSingleLogout.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPSingleLogout.java index da2ecadf3d..07c85507d3 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPSingleLogout.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/IDPSingleLogout.java @@ -305,10 +305,11 @@ public static void initiateLogoutRequest(HttpServletRequest request, HttpServlet } StringBuffer requestID = null; try { - requestID = LogoutUtil.doLogout(metaAlias, spEntityID, extensionsList, logoutEndpoint, relayState, - idpSessionIndex, pair.getNameID(), request, response, paramsMap, spConfig); + requestID = LogoutUtil.doLogout(metaAlias, spEntityID, extensionsList, logoutEndpoint.getValue(), relayState, + idpSessionIndex, pair.getNameID(), request, response, paramsMap, + (spConfig == null) ? null : spConfig.getValue()); } catch (SAML2Exception ex) { - if (logoutEndpoint.getBinding().equals(SAML2Constants.SOAP)) { + if (logoutEndpoint.getValue().getBinding().equals(SAML2Constants.SOAP)) { debug.error( "IDPSingleLogout.initiateLogoutRequest:" , ex); soapFailCount++; @@ -319,7 +320,7 @@ public static void initiateLogoutRequest(HttpServletRequest request, HttpServlet } String requestIDStr = requestID.toString(); - String bindingUsed = logoutEndpoint.getBinding(); + String bindingUsed = logoutEndpoint.getValue().getBinding(); if (debug.messageEnabled()) { debug.message("\nIDPSLO.requestIDStr = " + requestIDStr + "\nbinding = " + bindingUsed); } @@ -507,7 +508,7 @@ public static void processLogoutRequest( sm.getIDPSSODescriptor(realm, idpEntityID); String loc = null; if (idpsso != null) { - List sloList = idpsso.getSingleLogoutService(); + List sloList = idpsso.getValue().getSingleLogoutService(); if ((sloList != null) && (!sloList.isEmpty())) { loc = LogoutUtil.getSLOResponseServiceLocation( sloList, binding); @@ -561,7 +562,7 @@ && isMisroutedRequest(request, response, out, session)) { // this is the case where there is no more SP session // participant SingleLogoutServiceElement endpoint = getLogoutResponseEndpoint(realm, spEntityID, binding); - binding = endpoint.getBinding(); + binding = endpoint.getValue().getBinding(); String location = getResponseLocation(endpoint); logoutRes.setDestination(XMLUtils.escapeSpecialCharacters(location)); @@ -617,7 +618,7 @@ private static SingleLogoutServiceElement getLogoutResponseEndpoint(String realm debug.error("Unable to find the SP's single logout response service with " + binding + " binding"); throw new SAML2Exception(SAML2Utils.bundle.getString("sloResponseServiceLocationNotfound")); } - if (SAML2Constants.SOAP.equals(endpoint.getBinding())) { + if (SAML2Constants.SOAP.equals(endpoint.getValue().getBinding())) { debug.error("Unable to send logout response with SOAP binding"); throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding")); } @@ -625,9 +626,9 @@ private static SingleLogoutServiceElement getLogoutResponseEndpoint(String realm } private static String getResponseLocation(SingleLogoutServiceElement endpoint) { - String location = endpoint.getResponseLocation(); + String location = endpoint.getValue().getResponseLocation(); if (StringUtils.isBlank(location)) { - location = endpoint.getLocation(); + location = endpoint.getValue().getLocation(); } return location; } @@ -784,7 +785,7 @@ public static boolean processLogoutResponse(HttpServletRequest request, HttpServ sm.getIDPSSODescriptor(realm, idpEntityID); String loc = null; if (idpsso != null) { - List sloList = idpsso.getSingleLogoutService(); + List sloList = idpsso.getValue().getSingleLogoutService(); if (sloList != null && !sloList.isEmpty()) { loc = LogoutUtil.getSLOResponseServiceLocation( sloList, binding); @@ -903,9 +904,10 @@ static boolean processLogoutResponse(HttpServletRequest request, HttpServletResp if (logoutEndpoint == null) { continue; } - StringBuffer requestID = LogoutUtil.doLogout(metaAlias, spEntityID, extensionsList, logoutEndpoint, - relayState, idpSessionIndex, pair.getNameID(), request, response, paramsMap, spConfig); - String bindingUsed = logoutEndpoint.getBinding(); + StringBuffer requestID = LogoutUtil.doLogout(metaAlias, spEntityID, extensionsList, logoutEndpoint.getValue(), + relayState, idpSessionIndex, pair.getNameID(), request, response, paramsMap, + (spConfig == null) ? null : spConfig.getValue()); + String bindingUsed = logoutEndpoint.getValue().getBinding(); if (bindingUsed.equals(SAML2Constants.HTTP_REDIRECT) || bindingUsed.equals(SAML2Constants.HTTP_POST)) { String requestIDStr = requestID.toString(); if (debug.messageEnabled()) { @@ -1091,7 +1093,7 @@ public static LogoutResponse processLogoutRequest(LogoutRequest logoutReq, HttpS session = idpSession.getSession(); // handle external application logout if configured BaseConfigType idpConfig = SAML2Utils.getSAML2MetaManager() - .getIDPSSOConfig(realm, idpEntityID); + .getIDPSSOConfig(realm, idpEntityID).getValue(); List appLogoutURL = (List) SAML2MetaUtils.getAttributes( idpConfig).get(SAML2Constants.APP_LOGOUT_URL); if (debug.messageEnabled()) { @@ -1197,10 +1199,11 @@ public static LogoutResponse processLogoutRequest(LogoutRequest logoutReq, HttpS continue; } try { - requestID = LogoutUtil.doLogout(metaAlias, spEntityID, null, logoutEndpoint, relayState, - sessionIndex, pair.getNameID(), request, response, paramsMap, spConfig); + requestID = LogoutUtil.doLogout(metaAlias, spEntityID, null, logoutEndpoint.getValue(), relayState, + sessionIndex, pair.getNameID(), request, response, paramsMap, + (spConfig == null) ? null : spConfig.getValue()); } catch (SAML2Exception ex) { - if (logoutEndpoint.getBinding().equals(SAML2Constants.SOAP)) { + if (logoutEndpoint.getValue().getBinding().equals(SAML2Constants.SOAP)) { debug.error( "IDPSingleLogout.initiateLogoutRequest:" , ex); soapFailCount++; @@ -1210,7 +1213,7 @@ public static LogoutResponse processLogoutRequest(LogoutRequest logoutReq, HttpS } } - String bindingUsed = logoutEndpoint.getBinding(); + String bindingUsed = logoutEndpoint.getValue().getBinding(); if (bindingUsed.equals(SAML2Constants.HTTP_REDIRECT) || bindingUsed.equals(SAML2Constants.HTTP_POST)) { String requestIDStr = requestID.toString(); @@ -1592,7 +1595,7 @@ private static void sendAlreadyLogedOutResp(HttpServletResponse response, HttpSe realm, SAML2Constants.IDP_ROLE, logoutReq.getIssuer().getSPProvidedID()); SingleLogoutServiceElement endpoint = getLogoutResponseEndpoint(realm, spEntityID, binding); - binding = endpoint.getBinding(); + binding = endpoint.getValue().getBinding(); String location = getResponseLocation(endpoint); debug.message(classMethod + "Location found: " + location + " for binding " + binding); logRes.setDestination(XMLUtils.escapeSpecialCharacters(location)); @@ -1775,6 +1778,6 @@ public static List getSPSLOServiceEndpoints( throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError")); } - return spsso.getSingleLogoutService(); + return spsso.getValue().getSingleLogoutService(); } } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/LogoutUtil.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/LogoutUtil.java index 424a36f9be..7b8cd71bdb 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/LogoutUtil.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/LogoutUtil.java @@ -25,7 +25,7 @@ * $Id: LogoutUtil.java,v 1.16 2009/11/20 21:41:16 exu Exp $ * * Portions Copyrighted 2012-2016 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.saml2.profile; @@ -45,6 +45,7 @@ import java.util.Set; import java.util.logging.Level; +import com.sun.identity.saml2.jaxb.metadata.KeyDescriptorElement; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import jakarta.xml.soap.SOAPException; @@ -70,7 +71,6 @@ import com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType; import com.sun.identity.saml2.jaxb.metadata.EndpointType; import com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement; -import com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType; import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement; import com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement; import com.sun.identity.saml2.key.EncInfo; @@ -604,7 +604,7 @@ public static SingleLogoutServiceElement getMostAppropriateSLOServiceLocation( Map sloBindings = new HashMap(sloList.size()); for (SingleLogoutServiceElement sloEndpoint : sloList) { - sloBindings.put(sloEndpoint.getBinding(), sloEndpoint); + sloBindings.put(sloEndpoint.getValue().getBinding(), sloEndpoint); } SingleLogoutServiceElement endpoint = sloBindings.get(preferredBinding); @@ -651,7 +651,7 @@ public static String getSLOServiceLocation( for (int i=0; i signingCerts; if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) { SPSSODescriptorElement spSSODesc = metaManager.getSPSSODescriptor(realm, remoteEntity); - signingCerts = KeyUtil.getVerificationCerts(spSSODesc, remoteEntity, SAML2Constants.SP_ROLE); + signingCerts = KeyUtil.getVerificationCerts(spSSODesc.getValue(), remoteEntity, SAML2Constants.SP_ROLE); } else { IDPSSODescriptorElement idpSSODesc = metaManager.getIDPSSODescriptor(realm, remoteEntity); - signingCerts = KeyUtil.getVerificationCerts(idpSSODesc, remoteEntity, SAML2Constants.IDP_ROLE); + signingCerts = KeyUtil.getVerificationCerts(idpSSODesc.getValue(), remoteEntity, SAML2Constants.IDP_ROLE); } if (!signingCerts.isEmpty()) { @@ -1018,10 +1018,10 @@ public static boolean verifySLOResponse(LogoutResponse sloResponse, Set signingCerts; if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) { SPSSODescriptorElement spSSODesc = metaManager.getSPSSODescriptor(realm, remoteEntity); - signingCerts = KeyUtil.getVerificationCerts(spSSODesc, remoteEntity, SAML2Constants.SP_ROLE); + signingCerts = KeyUtil.getVerificationCerts(spSSODesc.getValue(), remoteEntity, SAML2Constants.SP_ROLE); } else { IDPSSODescriptorElement idpSSODesc = metaManager.getIDPSSODescriptor(realm, remoteEntity); - signingCerts = KeyUtil.getVerificationCerts(idpSSODesc, remoteEntity, SAML2Constants.IDP_ROLE); + signingCerts = KeyUtil.getVerificationCerts(idpSSODesc.getValue(), remoteEntity, SAML2Constants.IDP_ROLE); } if (!signingCerts.isEmpty()) { @@ -1063,18 +1063,18 @@ public static void setNameIDForSLORequest(LogoutRequest request, } EncInfo encryptInfo = null; - KeyDescriptorType keyDescriptor = null; + KeyDescriptorElement keyDescriptor = null; if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) { SPSSODescriptorElement spSSODesc = metaManager.getSPSSODescriptor(realm, remoteEntity); - keyDescriptor = KeyUtil.getKeyDescriptor(spSSODesc, "encryption"); - encryptInfo = KeyUtil.getEncInfo(spSSODesc, remoteEntity, + keyDescriptor = KeyUtil.getKeyDescriptor(spSSODesc.getValue(), "encryption"); + encryptInfo = KeyUtil.getEncInfo(spSSODesc.getValue(), remoteEntity, SAML2Constants.SP_ROLE); } else { IDPSSODescriptorElement idpSSODesc = metaManager.getIDPSSODescriptor(realm, remoteEntity); - keyDescriptor = KeyUtil.getKeyDescriptor(idpSSODesc, "encryption"); - encryptInfo = KeyUtil.getEncInfo(idpSSODesc, remoteEntity, + keyDescriptor = KeyUtil.getKeyDescriptor(idpSSODesc.getValue(), "encryption"); + encryptInfo = KeyUtil.getEncInfo(idpSSODesc.getValue(), remoteEntity, SAML2Constants.IDP_ROLE); } @@ -1252,7 +1252,7 @@ public static String getSLOBindingInfo(HttpServletRequest request, getSLOServiceElement(realm, remoteEntityID, hostEntityRole, null); if (sloService != null) { - binding = sloService.getBinding(); + binding = sloService.getValue().getBinding(); } } } catch (SessionException e) { @@ -1320,16 +1320,16 @@ static public SingleLogoutServiceElement getIDPSLOConfig( return null; } - List list = idpSSODesc.getSingleLogoutService(); + List list = idpSSODesc.getValue().getSingleLogoutService(); if ((list != null) && !list.isEmpty()) { if (binding == null) { - return (SingleLogoutServiceElement)list.get(0); + return list.get(0); } - Iterator it = list.iterator(); + Iterator it = list.iterator(); while (it.hasNext()) { - slo = (SingleLogoutServiceElement)it.next(); - if (binding.equalsIgnoreCase(slo.getBinding())) { + slo = it.next(); + if (binding.equalsIgnoreCase(slo.getValue().getBinding())) { break; } } @@ -1361,7 +1361,7 @@ static public SingleLogoutServiceElement getSPSLOConfig( return null; } - List list = spSSODesc.getSingleLogoutService(); + List list = spSSODesc.getValue().getSingleLogoutService(); if ((list != null) && !list.isEmpty()) { if (binding == null) { @@ -1370,7 +1370,7 @@ static public SingleLogoutServiceElement getSPSLOConfig( Iterator it = list.iterator(); while (it.hasNext()) { slo = (SingleLogoutServiceElement)it.next(); - if (binding.equalsIgnoreCase(slo.getBinding())) { + if (binding.equalsIgnoreCase(slo.getValue().getBinding())) { break; } } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/NameIDMapping.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/NameIDMapping.java index c4e136424e..b22a84086c 100755 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/NameIDMapping.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/NameIDMapping.java @@ -183,7 +183,7 @@ public static NameIDMappingResponse initiateNameIDMappingRequest( getNameIDMappingService(realm, idpEntityID, binding); if (nameIDMappingService != null) { - nimURL = nameIDMappingService.getLocation(); + nimURL = nameIDMappingService.getValue().getLocation(); } } if (SAML2Utils.debug.messageEnabled()) { @@ -203,8 +203,9 @@ public static NameIDMappingResponse initiateNameIDMappingRequest( signNIMRequest(nimRequest, realm, spEntityID, true); - BaseConfigType config = metaManager.getIDPSSOConfig(realm, + IDPSSOConfigElement configElem = metaManager.getIDPSSOConfig(realm, idpEntityID); + BaseConfigType config = (configElem == null) ? null : configElem.getValue(); nimURL = SAML2SDKUtils.fillInBasicAuthInfo(config, nimURL); @@ -447,7 +448,7 @@ static public NameIDMappingServiceElement getNameIDMappingService( return null; } - List list = idpSSODesc.getNameIDMappingService(); + List list = idpSSODesc.getValue().getNameIDMappingService(); NameIDMappingServiceElement nimService = null; if ((list != null) && !list.isEmpty()) { @@ -457,7 +458,7 @@ static public NameIDMappingServiceElement getNameIDMappingService( Iterator it = list.iterator(); while (it.hasNext()) { nimService = (NameIDMappingServiceElement)it.next(); - if (binding.equalsIgnoreCase(nimService.getBinding())) { + if (binding.equalsIgnoreCase(nimService.getValue().getBinding())) { return nimService; } } @@ -471,9 +472,9 @@ static EncryptedID getEncryptedID(NameID nameID, String realm, RoleDescriptorType roled = null; if (role.equals(SAML2Constants.SP_ROLE)) { - roled = metaManager.getSPSSODescriptor(realm, entityID); + roled = metaManager.getSPSSODescriptor(realm, entityID).getValue(); } else { - roled = metaManager.getIDPSSODescriptor(realm, entityID); + roled = metaManager.getIDPSSODescriptor(realm, entityID).getValue(); } EncInfo encInfo = KeyUtil.getEncInfo(roled, entityID, role); @@ -569,7 +570,7 @@ private static boolean verifyNIMResponse(NameIDMappingResponse nimResponse, IDPSSODescriptorElement idpSSODesc = metaManager.getIDPSSODescriptor( realm, idpEntityID); - Set signingCerts = KeyUtil.getVerificationCerts(idpSSODesc, idpEntityID, + Set signingCerts = KeyUtil.getVerificationCerts(idpSSODesc.getValue(), idpEntityID, SAML2Constants.IDP_ROLE); if (!signingCerts.isEmpty()) { @@ -590,7 +591,7 @@ private static NameID getNameID(NameIDMappingRequest nimRequest, String realm, S EncryptedID encryptedID = nimRequest.getEncryptedID(); try { final IDPSSOConfigElement idpSsoConfig = metaManager.getIDPSSOConfig(realm, idpEntityID); - nameID = encryptedID.decrypt(KeyUtil.getDecryptionKeys(idpSsoConfig)); + nameID = encryptedID.decrypt(KeyUtil.getDecryptionKeys(idpSsoConfig.getValue())); } catch (SAML2Exception ex) { if (SAML2Utils.debug.messageEnabled()) { SAML2Utils.debug.message("NameIDMapping.getNameID:", ex); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/SPACSUtils.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/SPACSUtils.java index 01c30e1eda..48dfa02be7 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/SPACSUtils.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/SPACSUtils.java @@ -393,7 +393,7 @@ private static Response getResponseFromArtifact(String samlArt, IDPSSOConfigElement config = null; config = sm.getIDPSSOConfig(orgName, idpEntityID); location = SAML2Utils.fillInBasicAuthInfo( - config, location); + config == null ? null : config.getValue(), location); resMsg = con.call(msg, location); } catch (SAML2Exception s2e) { SAML2Utils.debug.error("SPACSUtils.getResponseFromArtifact: " @@ -497,7 +497,7 @@ private static String getIDPArtifactResolutionServiceUrl( throws SAML2Exception,IOException { // find the artifact resolution service url - List arsList=idp.getArtifactResolutionService(); + List arsList=idp.getValue().getArtifactResolutionService(); ArtifactResolutionServiceElement ars = null; String location = null; String defaultLocation = null; @@ -506,10 +506,10 @@ private static String getIDPArtifactResolutionServiceUrl( boolean isDefault = false; for (int i=0; i verificationCerts = KeyUtil.getVerificationCerts(idp, idpEntityID, + Set verificationCerts = KeyUtil.getVerificationCerts(idp.getValue(), idpEntityID, SAML2Constants.IDP_ROLE); if (!artiResp.isSigned() || !artiResp.isSignatureValid(verificationCerts)) { if (SAML2Utils.debug.messageEnabled()) { @@ -835,7 +835,7 @@ private static ResponseInfo getResponseFromPostECP( throw se; } - Set certificates = KeyUtil.getVerificationCerts(idpDesc, idpEntityID, SAML2Constants.IDP_ROLE); + Set certificates = KeyUtil.getVerificationCerts(idpDesc.getValue(), idpEntityID, SAML2Constants.IDP_ROLE); List assertions = resp.getAssertion(); if ((assertions != null) && (!assertions.isEmpty())) { for(Iterator iter = assertions.iterator(); iter.hasNext(); ) { @@ -1056,7 +1056,7 @@ public static Object processResponse( boolean needAttributeEncrypted = getNeedAttributeEncrypted(needAssertionEncrypted, spssoconfig); boolean needNameIDEncrypted = getNeedNameIDEncrypted(needAssertionEncrypted, spssoconfig); - Set decryptionKeys = KeyUtil.getDecryptionKeys(spssoconfig); + Set decryptionKeys = KeyUtil.getDecryptionKeys(spssoconfig.getValue()); if (needNameIDEncrypted && encId == null) { SAML2Utils.debug.error(classMethod + "process: NameID was not encrypted."); @@ -1097,7 +1097,7 @@ public static Object processResponse( } String nameIDFormat = nameId.getFormat(); if (nameIDFormat != null) { - List spNameIDFormatList = spDesc.getNameIDFormat(); + List spNameIDFormatList = spDesc.getValue().getNameIDFormat(); if ((spNameIDFormatList != null) && (!spNameIDFormatList.isEmpty()) && (!spNameIDFormatList.contains(nameIDFormat))) { @@ -1816,7 +1816,7 @@ private static String getAttributeValueFromSPSSOConfig(String orgName, if (config == null) { return null; } - Map attrs = SAML2MetaUtils.getAttributes(config); + Map attrs = SAML2MetaUtils.getAttributes(config.getValue()); List value = (List) attrs.get(attrName); if (value != null && value.size() != 0) { result = ((String) value.iterator().next()).trim(); @@ -2077,7 +2077,7 @@ public static String getPrincipalWithoutLogin(Subject assertionSubject, Assertio final EncryptedID encId = assertionSubject.getEncryptedID(); final SPSSOConfigElement spssoconfig = metaManager.getSPSSOConfig(realm, spEntityId); - final Set decryptionKeys = KeyUtil.getDecryptionKeys(spssoconfig); + final Set decryptionKeys = KeyUtil.getDecryptionKeys(spssoconfig.getValue()); final SPAccountMapper acctMapper = SAML2Utils.getSPAccountMapper(realm, spEntityId); boolean needNameIDEncrypted = false; @@ -2112,7 +2112,7 @@ public static String getPrincipalWithoutLogin(Subject assertionSubject, Assertio final String nameIDFormat = nameId.getFormat(); if (nameIDFormat != null) { - List spNameIDFormatList = spDesc.getNameIDFormat(); + List spNameIDFormatList = spDesc.getValue().getNameIDFormat(); if (CollectionUtils.isNotEmpty(spNameIDFormatList) && !spNameIDFormatList.contains(nameIDFormat)) { Object[] args = {nameIDFormat}; diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/SPSSOFederate.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/SPSSOFederate.java index 588960f065..c324ee5e0f 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/SPSSOFederate.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/SPSSOFederate.java @@ -250,21 +250,21 @@ private static void initiateAuthnRequest( } String binding = getParameter(paramsMap, SAML2Constants.REQ_BINDING); - List ssoServiceList = idpsso.getSingleSignOnService(); + List ssoServiceList = idpsso.getValue().getSingleSignOnService(); final SingleSignOnServiceElement endPoint = getSingleSignOnServiceEndpoint(ssoServiceList, binding); - if (endPoint == null || StringUtils.isEmpty(endPoint.getLocation())) { + if (endPoint == null || StringUtils.isEmpty(endPoint.getValue().getLocation())) { String[] data = { idpEntityID }; LogUtil.error(Level.INFO, LogUtil.SSO_NOT_FOUND, data, null); throw new SAML2Exception(SAML2Utils.bundle.getString("ssoServiceNotfound")); } - String ssoURL = endPoint.getLocation(); + String ssoURL = endPoint.getValue().getLocation(); SAML2Utils.debug.message("SPSSOFederate: SingleSignOnService URL : {}", ssoURL); if (binding == null) { SAML2Utils.debug.message("SPSSOFederate: reqBinding is null using endpoint binding: {} ", - endPoint.getBinding()); - binding = endPoint.getBinding(); + endPoint.getValue().getBinding()); + binding = endPoint.getValue().getBinding(); if (binding == null) { String[] data = { idpEntityID }; LogUtil.error(Level.INFO, LogUtil.NO_RETURN_BINDING, data, null); @@ -374,7 +374,8 @@ public static String getRedirect(String authReqXMLString, String relayStateID, S StringBuilder redirectURL = new StringBuilder().append(ssoURL).append(ssoURL.contains("?") ? "&" : "?"); // sign the query string - if (idpsso.isWantAuthnRequestsSigned() || spsso.isAuthnRequestsSigned()) { + if (Boolean.TRUE.equals(idpsso.getValue().isWantAuthnRequestsSigned()) + || Boolean.TRUE.equals(spsso.getValue().isAuthnRequestsSigned())) { String certAlias = getParameter(spConfigAttrsMap, SAML2Constants.SIGNING_CERT_ALIAS); String signedQueryStr = signQueryString(queryString.toString(), certAlias); redirectURL.append(signedQueryStr); @@ -412,7 +413,7 @@ public static Map> getAttrsMapForAuthnReq(String real Map spConfigAttrsMap = null; if (spEntityCfg != null) { - spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg); + spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg.getValue()); } return spConfigAttrsMap; @@ -445,7 +446,8 @@ public static String getPostBindingMsg(IDPSSODescriptorElement idpsso, SPSSODesc Map spConfigAttrsMap, AuthnRequest authnRequest) throws SAML2Exception { - if (idpsso.isWantAuthnRequestsSigned() || spsso.isAuthnRequestsSigned()) { + if (Boolean.TRUE.equals(idpsso.getValue().isWantAuthnRequestsSigned()) + || Boolean.TRUE.equals(spsso.getValue().isAuthnRequestsSigned())) { String certAlias = getParameter(spConfigAttrsMap, SAML2Constants.SIGNING_CERT_ALIAS); signAuthnRequest(certAlias, authnRequest); } @@ -503,7 +505,7 @@ public static void initiateECPRequest(HttpServletRequest request, sm.getSPSSOConfig(realm,spEntityID); Map spConfigAttrsMap=null; if (spEntityCfg != null) { - spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg); + spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg.getValue()); } // get SPSSODescriptor SPSSODescriptorElement spsso = @@ -586,12 +588,12 @@ public static void initiateECPRequest(HttpServletRequest request, realm, idpEntityID, SAML2Constants.IDP_ROLE, SAML2Constants.ENTITY_DESCRIPTION); idpEntry.setName(description); - List ssoServiceList = idpDesc.getSingleSignOnService(); + List ssoServiceList = idpDesc.getValue().getSingleSignOnService(); SingleSignOnServiceElement endPoint = getSingleSignOnServiceEndpoint(ssoServiceList, SAML2Constants.SOAP); - if (endPoint == null || StringUtils.isEmpty(endPoint.getLocation())) { + if (endPoint == null || StringUtils.isEmpty(endPoint.getValue().getLocation())) { throw new SAML2Exception(SAML2Utils.bundle.getString("ssoServiceNotfound")); } - String ssoURL = endPoint.getLocation(); + String ssoURL = endPoint.getValue().getLocation(); SAML2Utils.debug.message("SPSSOFederate.initiateECPRequest URL : {}", ssoURL); idpEntry.setLoc(ssoURL); if (idpEntries == null) { @@ -605,7 +607,7 @@ public static void initiateECPRequest(HttpServletRequest request, .createIDPList(); idpList.setIDPEntries(idpEntries); ecpRequest.setIDPList(idpList); - Map attrs = SAML2MetaUtils.getAttributes(spEntityCfg); + Map attrs = SAML2MetaUtils.getAttributes(spEntityCfg.getValue()); List values = (List)attrs.get( SAML2Constants.ECP_REQUEST_IDP_LIST_GET_COMPLETE); if ((values != null) && (!values.isEmpty())) { @@ -965,11 +967,11 @@ public static SingleSignOnServiceElement getSingleSignOnServiceEndpoint( SingleSignOnServiceElement preferredEndpoint = null; boolean noPreferredBinding = StringUtils.isEmpty(binding); for (SingleSignOnServiceElement endpoint : ssoServiceList) { - if (noPreferredBinding && (SAML2Constants.HTTP_REDIRECT.equals(endpoint.getBinding()) - || SAML2Constants.HTTP_POST.equals(endpoint.getBinding()))) { + if (noPreferredBinding && (SAML2Constants.HTTP_REDIRECT.equals(endpoint.getValue().getBinding()) + || SAML2Constants.HTTP_POST.equals(endpoint.getValue().getBinding()))) { preferredEndpoint = endpoint; break; - } else if (binding.equals(endpoint.getBinding())) { + } else if (binding.equals(endpoint.getValue().getBinding())) { preferredEndpoint = endpoint; break; } @@ -990,21 +992,21 @@ static OrderedSet getACSUrl(SPSSODescriptorElement spsso, new StringBuffer().append(SAML2Constants.BINDING_PREFIX) .append(binding).toString(); } - List acsList = spsso.getAssertionConsumerService(); + List acsList = spsso.getValue().getAssertionConsumerService(); String acsURL=null; if (acsList != null && !acsList.isEmpty()) { Iterator ac = acsList.iterator(); while (ac.hasNext()) { AssertionConsumerServiceElement ace = (AssertionConsumerServiceElement) ac.next(); - if ((ace != null && ace.isIsDefault()) && + if ((ace != null && Boolean.TRUE.equals(ace.getValue().isIsDefault())) && (responseBinding == null || responseBinding.length() ==0 )) { - acsURL = ace.getLocation(); - responseBinding = ace.getBinding(); + acsURL = ace.getValue().getLocation(); + responseBinding = ace.getValue().getBinding(); break; } else if ((ace != null) && - (ace.getBinding().equals(responseBinding))) { - acsURL = ace.getLocation(); + (ace.getValue().getBinding().equals(responseBinding))) { + acsURL = ace.getValue().getLocation(); break; } } @@ -1165,7 +1167,7 @@ public static List getExtensionsList(String entityID,String realm) { EntityDescriptorElement ed = sm.getEntityDescriptor(realm,entityID); if (ed != null) { com.sun.identity.saml2.jaxb.metadata.ExtensionsType ext = - ed.getExtensions(); + ed.getValue().getExtensions(); if (ext != null) { extensionsList = ext.getAny(); } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/SPSessionListener.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/SPSessionListener.java index 137b9ba092..9290bcc6eb 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/SPSessionListener.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/SPSessionListener.java @@ -25,6 +25,7 @@ * $Id: SPSessionListener.java,v 1.6 2009/09/23 22:28:32 bigfatrat Exp $ * * Portions Copyrighted 2014-2015 ForgeRock AS. + * Portions Copyrighted 2026 3A Systems LLC. */ package com.sun.identity.saml2.profile; @@ -33,6 +34,7 @@ import java.util.Map; import java.util.HashMap; import java.util.logging.Level; +import java.util.stream.Collectors; import com.sun.identity.plugin.monitoring.FedMonAgent; import com.sun.identity.plugin.monitoring.FedMonSAML2Svc; @@ -54,6 +56,7 @@ import com.sun.identity.saml2.meta.SAML2MetaManager; import com.sun.identity.saml2.meta.SAML2MetaUtils; import com.sun.identity.shared.debug.Debug; +import jakarta.xml.bind.JAXBElement; /** @@ -142,7 +145,7 @@ public void sessionInvalidated(Object session) SAML2MetaUtils.getRealmByMetaAlias(metaAlias)); BaseConfigType spConfig = - sm.getSPSSOConfig(realm, spEntityID); + SAML2MetaUtils.unwrap(sm.getSPSSOConfig(realm, spEntityID)); if (spConfig != null) { List spSessionSyncList = (List) SAML2MetaUtils.getAttributes(spConfig). @@ -240,7 +243,8 @@ private static void initiateSPSingleLogout(String metaAlias, String realm, Strin throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError")); } - List slosList = idpsso.getSingleLogoutService(); + List slosList = idpsso.getValue().getSingleLogoutService() + .stream().map(JAXBElement::getValue).collect(Collectors.toList()); String location = LogoutUtil.getSLOServiceLocation(slosList, SAML2Constants.SOAP); if (location == null) { @@ -255,6 +259,6 @@ private static void initiateSPSingleLogout(String metaAlias, String realm, Strin IDPSSOConfigElement idpConfig = sm.getIDPSSOConfig(realm, nameIdInfoKey.getRemoteEntityID()); LogoutUtil.doLogout(metaAlias, nameIdInfoKey.getRemoteEntityID(), slosList, null, binding, null, - fedSession.idpSessionIndex, fedSession.info.getNameID(), null, null, paramsMap, idpConfig); + fedSession.idpSessionIndex, fedSession.info.getNameID(), null, null, paramsMap, idpConfig.getValue()); } } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/SPSingleLogout.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/SPSingleLogout.java index a057221d6d..a4c306226a 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/SPSingleLogout.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/profile/SPSingleLogout.java @@ -25,7 +25,7 @@ * $Id: SPSingleLogout.java,v 1.29 2009/11/24 21:53:28 madan_ranganath Exp $ * * Portions Copyrighted 2013-2015 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.saml2.profile; @@ -48,6 +48,7 @@ import com.sun.identity.saml2.common.SAML2Utils; import com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType; import com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement; +import com.sun.identity.saml2.jaxb.metadata.EndpointType; import com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement; import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement; import com.sun.identity.saml2.logging.LogUtil; @@ -69,6 +70,8 @@ import java.util.Iterator; import java.util.List; import java.util.ListIterator; +import java.util.stream.Collectors; +import jakarta.xml.bind.JAXBElement; import java.util.Map; import java.util.StringTokenizer; import java.util.logging.Level; @@ -447,7 +450,8 @@ private static String prepareForLogout(String realm, SAML2Utils.bundle.getString("metaDataError")); } - List slosList = idpsso.getSingleLogoutService(); + List slosList = idpsso.getValue().getSingleLogoutService().stream() + .map(JAXBElement::getValue).collect(Collectors.toList()); if (slosList == null) { String[] data = {nameIdInfoKey.getRemoteEntityID()}; LogUtil.error(Level.INFO,LogUtil.SLO_NOT_FOUND,data, @@ -476,7 +480,7 @@ private static String prepareForLogout(String realm, request, response, paramsMap, - idpConfig); + (idpConfig == null) ? null : idpConfig.getValue()); String requestIDStr = requestID.toString(); if (debug.messageEnabled()) { @@ -906,7 +910,7 @@ public static void processLogoutRequest( SAML2Utils.bundle.getString("metaDataError")); } - List slosList = idpsso.getSingleLogoutService(); + List slosList = idpsso.getValue().getSingleLogoutService(); if (slosList == null) { String[] data = {idpEntityID}; LogUtil.error(Level.INFO,LogUtil.SLO_NOT_FOUND,data, @@ -1191,7 +1195,7 @@ public static LogoutResponse processLogoutRequest( // get application logout URL BaseConfigType spConfig = SAML2Utils.getSAML2MetaManager() - .getSPSSOConfig(realm, spEntityID); + .getSPSSOConfig(realm, spEntityID).getValue(); List appLogoutURL = (List) SAML2MetaUtils.getAttributes( spConfig).get(SAML2Constants.APP_LOGOUT_URL); if (debug.messageEnabled()) { @@ -1462,7 +1466,7 @@ private static String getSLOResponseLocationOrLocation( SPSSODescriptorElement spsso, String binding) { String location = null; if (spsso != null) { - List sloList = spsso.getSingleLogoutService(); + List sloList = spsso.getValue().getSingleLogoutService(); if (sloList != null && !sloList.isEmpty()) { location = LogoutUtil.getSLOResponseServiceLocation( sloList, binding); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/soapbinding/QueryClient.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/soapbinding/QueryClient.java index d74fee7ddc..1ae1e4d83a 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/soapbinding/QueryClient.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/soapbinding/QueryClient.java @@ -190,7 +190,7 @@ public static Response processXACMLQuery(RequestAbstract request, endPoint = SAML2SDKUtils.fillInBasicAuthInfo( - pepConfig,endPoint); + (pepConfig == null) ? null : pepConfig.getValue(),endPoint); String[] urls = { endPoint }; SOAPClient soapClient = new SOAPClient(urls); if (debug.messageEnabled()) { @@ -423,7 +423,7 @@ private static String getPDPEndPoint(String pdpEntityID) getPolicyDecisionPointDescriptor(null, pdpEntityID); if (pdpDescriptor != null) { - List xacmlPDP = pdpDescriptor.getXACMLAuthzService(); + List xacmlPDP = pdpDescriptor.getValue().getXACMLAuthzService(); if (xacmlPDP != null) { Iterator i = xacmlPDP.iterator(); while (i.hasNext()) { @@ -431,7 +431,7 @@ private static String getPDPEndPoint(String pdpEntityID) if (o instanceof XACMLAuthzServiceElement) { XACMLAuthzServiceElement xType = (XACMLAuthzServiceElement) o; - endPoint = xType.getLocation(); + endPoint = xType.getValue().getLocation(); if (debug.messageEnabled()) { debug.message(classMethod + "EndPoint :" + endPoint); @@ -590,7 +590,7 @@ private static Response verifyResponse(String realm,String pepEntityID, Set decryptionKeys; List encAssertions = samlResponse.getEncryptedAssertion(); if (encAssertions != null) { - decryptionKeys = KeyUtil.getDecryptionKeys(pepConfig); + decryptionKeys = KeyUtil.getDecryptionKeys(pepConfig.getValue()); for (EncryptedAssertion encAssertion : encAssertions) { Assertion assertion = encAssertion.decrypt(decryptionKeys); if (assertions == null) { @@ -740,7 +740,7 @@ private static String getAttributeValueFromPEPConfig( } String result = null; - Map attrs = SAML2MetaUtils.getAttributes(pepConfig); + Map attrs = SAML2MetaUtils.getAttributes(pepConfig.getValue()); if (attrs != null) { List value = (List) attrs.get(attrName); @@ -774,7 +774,7 @@ private static String getAttributeValueFromPDPConfig( } String result = null; - Map attrs = SAML2MetaUtils.getAttributes(pdpConfig); + Map attrs = SAML2MetaUtils.getAttributes(pdpConfig.getValue()); if (attrs != null) { List value = (List) attrs.get(attrName); @@ -808,7 +808,7 @@ private static boolean wantAssertionSigned(String realm,String pepEntityID) getPolicyEnforcementPointDescriptor(realm, pepEntityID); - return pepDescriptor.isWantAssertionsSigned(); + return Boolean.TRUE.equals(pepDescriptor.getValue().isWantAssertionsSigned()); } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/soapbinding/QueryHandlerServlet.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/soapbinding/QueryHandlerServlet.java index 5bb2e088c6..7cd425ed91 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/soapbinding/QueryHandlerServlet.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/saml2/soapbinding/QueryHandlerServlet.java @@ -418,7 +418,7 @@ Response processXACMLResponse(String realm,String pdpEntityID, pepEntityID); EncInfo encInfo = null; - boolean wantAssertionSigned=pepDescriptor.isWantAssertionsSigned(); + boolean wantAssertionSigned=Boolean.TRUE.equals(pepDescriptor.getValue().isWantAssertionsSigned()); if (debug.messageEnabled()) { debug.message(classMethod + diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/common/WSFederationUtils.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/common/WSFederationUtils.java index 23eff6934d..8594079823 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/common/WSFederationUtils.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/common/WSFederationUtils.java @@ -25,7 +25,7 @@ * $Id: WSFederationUtils.java,v 1.6 2009/10/28 23:58:58 exu Exp $ * * Portions Copyrighted 2015-2016 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.wsfederation.common; @@ -521,8 +521,8 @@ public static SAML11RequestedSecurityToken createSAML11Token(String realm, Strin throw new WSFederationException(se); } - IDPAttributeMapper attrMapper = getIDPAttributeMapper(WSFederationMetaUtils.getAttributes(idpConfig)); - IDPAccountMapper accountMapper = getIDPAccountMapper(WSFederationMetaUtils.getAttributes(idpConfig)); + IDPAttributeMapper attrMapper = getIDPAttributeMapper(WSFederationMetaUtils.getAttributes(idpConfig.getValue())); + IDPAccountMapper accountMapper = getIDPAccountMapper(WSFederationMetaUtils.getAttributes(idpConfig.getValue())); List attributes = attrMapper.getAttributes(session, idpEntityId, spEntityId, realm); @@ -539,13 +539,13 @@ public static SAML11RequestedSecurityToken createSAML11Token(String realm, Strin NameIdentifier nameIdentifier = accountMapper.getNameID(session, realm, idpEntityId, spEntityId); - int notBeforeSkew = WSFederationMetaUtils.getIntAttribute(idpConfig, + int notBeforeSkew = WSFederationMetaUtils.getIntAttribute(idpConfig.getValue(), SAML2Constants.ASSERTION_NOTBEFORE_SKEW_ATTRIBUTE, SAML2Constants.NOTBEFORE_ASSERTION_SKEW_DEFAULT); - int effectiveTime = WSFederationMetaUtils.getIntAttribute(idpConfig, + int effectiveTime = WSFederationMetaUtils.getIntAttribute(idpConfig.getValue(), SAML2Constants.ASSERTION_EFFECTIVE_TIME_ATTRIBUTE, SAML2Constants.ASSERTION_EFFECTIVE_TIME); - String certAlias = WSFederationMetaUtils.getAttribute(idpConfig, SAML2Constants.SIGNING_CERT_ALIAS); + String certAlias = WSFederationMetaUtils.getAttribute(idpConfig.getValue(), SAML2Constants.SIGNING_CERT_ALIAS); if (wantAssertionSigned && certAlias == null) { // SP wants us to sign the assertion, but we don't have a signing cert diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/meta/NamespacePrefixMapperImpl.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/meta/NamespacePrefixMapperImpl.java index 26384ba2a5..1aebb4a7f1 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/meta/NamespacePrefixMapperImpl.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/meta/NamespacePrefixMapperImpl.java @@ -23,13 +23,15 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: NamespacePrefixMapperImpl.java,v 1.3 2008/06/25 05:48:05 qcheng Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * */ package com.sun.identity.wsfederation.meta; -import com.sun.xml.bind.marshaller.NamespacePrefixMapper; +import org.glassfish.jaxb.runtime.marshaller.NamespacePrefixMapper; /** * Stub implementation - need this for JAXB marshalling diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/meta/WSFederationCOTUtils.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/meta/WSFederationCOTUtils.java index c6c07c46ef..8a8cea5715 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/meta/WSFederationCOTUtils.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/meta/WSFederationCOTUtils.java @@ -23,22 +23,26 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: WSFederationCOTUtils.java,v 1.5 2009/10/28 23:58:59 exu Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * */ package com.sun.identity.wsfederation.meta; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import java.util.Iterator; import java.util.List; import com.sun.identity.shared.debug.Debug; import com.sun.identity.saml2.common.SAML2Constants; +import com.sun.identity.wsfederation.jaxb.entityconfig.AttributeElement; import com.sun.identity.wsfederation.jaxb.entityconfig.AttributeType; import com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType; import com.sun.identity.wsfederation.jaxb.entityconfig.FederationConfigElement; import com.sun.identity.wsfederation.jaxb.entityconfig.ObjectFactory; import com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement; +import jakarta.xml.bind.JAXBElement; /** * WSFederationCOTUtils provides utility methods to update @@ -93,44 +97,44 @@ public void updateEntityConfig(String realm, String name, FederationConfigElement eConfig = metaManager.getEntityConfig(realm, entityId); if (eConfig == null) { - BaseConfigType bctype = null; + JAXBElement bctype = null; AttributeType atype = objFactory.createAttributeType(); atype.setName(SAML2Constants.COT_LIST); atype.getValue().add(name); // add to eConfig FederationConfigElement ele = - objFactory.createFederationConfigElement(); - ele.setFederationID(entityId); - ele.setHosted(false); - List ll = - ele.getIDPSSOConfigOrSPSSOConfig(); + objFactory.createFederationConfigElement(objFactory.createFederationConfigType()); + ele.getValue().setFederationID(entityId); + ele.getValue().setHosted(false); + List> ll = + ele.getValue().getIDPSSOConfigOrSPSSOConfig(); // Decide which role EntityDescriptorElement includes // Right now, it is either an SP or an IdP // IdP will have UriNamedClaimTypesOffered if (metaManager.getUriNamedClaimTypesOffered(edes) != null) { - bctype = objFactory.createIDPSSOConfigElement(); - bctype.getAttribute().add(atype); + bctype = objFactory.createIDPSSOConfigElement(objFactory.createBaseConfigType()); + bctype.getValue().getAttribute().add(objFactory.createAttributeElement(atype)); ll.add(bctype); } else { - bctype = objFactory.createSPSSOConfigElement(); - bctype.getAttribute().add(atype); + bctype = objFactory.createSPSSOConfigElement(objFactory.createBaseConfigType()); + bctype.getValue().getAttribute().add(objFactory.createAttributeElement(atype)); ll.add(bctype); } metaManager.setEntityConfig(realm,ele); } else { - List elist = eConfig. + List> elist = eConfig.getValue(). getIDPSSOConfigOrSPSSOConfig(); - for (Iterator iter = elist.iterator(); iter.hasNext();) { - BaseConfigType bConfig = (BaseConfigType)iter.next(); - List list = bConfig.getAttribute(); + for (Iterator> iter = elist.iterator(); iter.hasNext();) { + BaseConfigType bConfig = iter.next().getValue(); + List list = bConfig.getAttribute(); boolean foundCOT = false; - for (Iterator iter2 = list.iterator(); iter2.hasNext();) { - AttributeType avp = (AttributeType)iter2.next(); + for (Iterator iter2 = list.iterator(); iter2.hasNext();) { + AttributeType avp = iter2.next().getValue(); if (avp.getName().trim().equalsIgnoreCase( SAML2Constants.COT_LIST)) { foundCOT = true; - List avpl = avp.getValue(); + List avpl = avp.getValue(); if (avpl.isEmpty() ||!containsValue(avpl,name)) { avpl.add(name); metaManager.setEntityConfig(realm, @@ -141,9 +145,9 @@ public void updateEntityConfig(String realm, String name, } // no cot_list in the original entity config if (!foundCOT) { - AttributeType atype = objFactory.createAttributeType(); - atype.setName(SAML2Constants.COT_LIST); - atype.getValue().add(name); + AttributeElement atype = objFactory.createAttributeElement(objFactory.createAttributeType()); + atype.getValue().setName(SAML2Constants.COT_LIST); + atype.getValue().getValue().add(name); list.add(atype); metaManager.setEntityConfig(realm, eConfig); } @@ -193,13 +197,13 @@ public void removeFromEntityConfig(String realm, String name, FederationConfigElement eConfig = metaManager.getEntityConfig(realm, entityId); if (eConfig != null) { - List elist = eConfig. + List> elist = eConfig.getValue(). getIDPSSOConfigOrSPSSOConfig(); - for (Iterator iter = elist.iterator(); iter.hasNext();) { - BaseConfigType bConfig = (BaseConfigType)iter.next(); - List list = bConfig.getAttribute(); - for (Iterator iter2 = list.iterator(); iter2.hasNext();) { - AttributeType avp = (AttributeType)iter2.next(); + for (Iterator> iter = elist.iterator(); iter.hasNext();) { + BaseConfigType bConfig = iter.next().getValue(); + List list = bConfig.getAttribute(); + for (Iterator iter2 = list.iterator(); iter2.hasNext();) { + AttributeType avp = iter2.next().getValue(); if (avp.getName().trim().equalsIgnoreCase( SAML2Constants.COT_LIST)) { List avpl = avp.getValue(); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/meta/WSFederationMetaManager.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/meta/WSFederationMetaManager.java index 47cbe39aac..4633af6161 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/meta/WSFederationMetaManager.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/meta/WSFederationMetaManager.java @@ -46,7 +46,7 @@ import java.util.Map; import java.util.Set; import java.util.logging.Level; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import com.sun.identity.cot.CircleOfTrustManager; import com.sun.identity.cot.COTException; @@ -63,6 +63,7 @@ import com.sun.identity.wsfederation.jaxb.wsse.SecurityTokenReferenceType; import com.sun.identity.wsfederation.jaxb.xmlsig.X509DataType; import com.sun.identity.wsfederation.jaxb.xmlsig.X509DataType.X509Certificate; +import jakarta.xml.bind.JAXBElement; /** * The WSFederationMetaManager provides methods to manage both the @@ -236,7 +237,7 @@ public FederationElement getEntityDescriptor(String realm, public void setFederation(String realm, FederationElement federation) throws WSFederationMetaException { - String federationId = federation.getFederationID(); + String federationId = federation.getValue().getFederationID(); if (federationId == null) { federationId = WSFederationConstants.DEFAULT_FEDERATION_ID; } @@ -287,7 +288,7 @@ public void createFederation(String realm, FederationElement federation) throws WSFederationMetaException { - String federationId = federation.getFederationID(); + String federationId = federation.getValue().getFederationID(); if (federationId == null) { federationId = WSFederationConstants.DEFAULT_FEDERATION_ID; } @@ -348,13 +349,13 @@ public void deleteFederation(String realm, String federationId) IDPSSOConfigElement idpconfig = getIDPSSOConfig(realm, federationId); if (idpconfig !=null) { - removeFromCircleOfTrust(idpconfig, realm, federationId); + removeFromCircleOfTrust(idpconfig.getValue(), realm, federationId); } SPSSOConfigElement spconfig = getSPSSOConfig(realm, federationId); if (spconfig != null) { - removeFromCircleOfTrust(spconfig, realm, federationId); + removeFromCircleOfTrust(spconfig.getValue(), realm, federationId); } // end of remove entity from cot configInst.deleteConfiguration(realm, federationId, null); @@ -478,10 +479,10 @@ public SPSSOConfigElement getSPSSOConfig(String realm, return null; } - List list = - eConfig.getIDPSSOConfigOrSPSSOConfig(); - for(Iterator iter = list.iterator(); iter.hasNext();) { - Object obj = iter.next(); + List> list = + eConfig.getValue().getIDPSSOConfigOrSPSSOConfig(); + for(Iterator> iter = list.iterator(); iter.hasNext();) { + JAXBElement obj = iter.next(); if (obj instanceof SPSSOConfigElement) { return (SPSSOConfigElement)obj; } @@ -509,9 +510,9 @@ public IDPSSOConfigElement getIDPSSOConfig(String realm, return null; } - List list = - eConfig.getIDPSSOConfigOrSPSSOConfig(); - for(Iterator iter = list.iterator(); iter.hasNext();) { + List> list = + eConfig.getValue().getIDPSSOConfigOrSPSSOConfig(); + for(Iterator> iter = list.iterator(); iter.hasNext();) { Object obj = iter.next(); if (obj instanceof IDPSSOConfigElement) { return (IDPSSOConfigElement)obj; @@ -540,7 +541,7 @@ public BaseConfigType getBaseConfig(String realm, return null; } - return (BaseConfigType)eConfig.getIDPSSOConfigOrSPSSOConfig().get(0); + return (BaseConfigType)eConfig.getValue().getIDPSSOConfigOrSPSSOConfig().get(0).getValue(); } /** @@ -555,7 +556,7 @@ public void setEntityConfig(String realm, FederationConfigElement config) throws WSFederationMetaException { - String federationId = config.getFederationID(); + String federationId = config.getValue().getFederationID(); if (federationId == null) { debug.error("WSFederationMetaManager.setEntityConfig: " + "entity ID is null"); @@ -613,7 +614,7 @@ public void createEntityConfig(String realm, FederationConfigElement config) throws WSFederationMetaException { - String federationId = config.getFederationID(); + String federationId = config.getValue().getFederationID(); if (federationId == null) { debug.error("WSFederationMetaManager.createEntityConfig: " + "entity ID is null"); @@ -660,12 +661,12 @@ public void createEntityConfig(String realm, SPSSOConfigElement spconfig = getSPSSOConfig(realm, federationId); if (spconfig != null) { - addToCircleOfTrust(spconfig, realm, federationId); + addToCircleOfTrust(spconfig.getValue(), realm, federationId); } IDPSSOConfigElement idpconfig = getIDPSSOConfig(realm, federationId); if (idpconfig !=null) { - addToCircleOfTrust(idpconfig, realm, federationId); + addToCircleOfTrust(idpconfig.getValue(), realm, federationId); } } catch (ConfigurationException e) { debug.error("WSFederationMetaManager.createEntityConfig:", e); @@ -742,13 +743,13 @@ public void deleteEntityConfig(String realm, String federationId) IDPSSOConfigElement idpconfig = getIDPSSOConfig(realm, federationId); if (idpconfig !=null) { - removeFromCircleOfTrust(idpconfig, realm, federationId); + removeFromCircleOfTrust(idpconfig.getValue(), realm, federationId); } SPSSOConfigElement spconfig = getSPSSOConfig(realm, federationId); if (spconfig != null) { - removeFromCircleOfTrust(spconfig, realm, federationId); + removeFromCircleOfTrust(spconfig.getValue(), realm, federationId); } Set attr = new HashSet(); @@ -831,12 +832,12 @@ public List getAllHostedMetaAliasesByRealm(String realm) throws WSFedera } for (String entityId : entityIds) { FederationConfigElement config = getEntityConfig(realm, entityId); - if (config == null || !config.isHosted()) { + if (config == null || !Boolean.TRUE.equals(config.getValue().isHosted())) { continue; } - List configList = config.getIDPSSOConfigOrSPSSOConfig(); - for (BaseConfigType bConfigType : configList) { - String curMetaAlias = bConfigType.getMetaAlias(); + List> configList = config.getValue().getIDPSSOConfigOrSPSSOConfig(); + for (JAXBElement bConfigType : configList) { + String curMetaAlias = bConfigType.getValue().getMetaAlias(); if (curMetaAlias != null && !curMetaAlias.isEmpty()) { metaAliases.add(curMetaAlias); } @@ -894,7 +895,7 @@ public List getAllHostedEntities(String realm) String federationId = (String)iter.next(); FederationConfigElement config = getEntityConfig(realm, federationId); - if (config != null && config.isHosted()) { + if (config != null && Boolean.TRUE.equals(config.getValue().isHosted())) { hostedEntityIds.add(federationId); } } @@ -971,7 +972,7 @@ public List getAllHostedIdentityProviderEntities( public List getAllRemoteEntities(String realm) throws WSFederationMetaException { - List remoteEntityIds = new ArrayList(); + List remoteEntityIds = new ArrayList<>(); String[] objs = { realm }; try { Set entityIds = configInst.getAllConfigurationNames(realm); @@ -980,7 +981,7 @@ public List getAllRemoteEntities(String realm) String federationId = (String)iter.next(); FederationConfigElement config = getEntityConfig(realm, federationId); - if (config == null || !config.isHosted()) { + if (config == null || !Boolean.TRUE.equals(config.getValue().isHosted())) { remoteEntityIds.add(federationId); } } @@ -1070,10 +1071,10 @@ public String getEntityByMetaAlias(String metaAlias) if (config == null) { continue; } - List list = - config.getIDPSSOConfigOrSPSSOConfig(); - for(Iterator iter2 = list.iterator(); iter2.hasNext();) { - BaseConfigType bConfig = (BaseConfigType)iter2.next(); + List> list = + config.getValue().getIDPSSOConfigOrSPSSOConfig(); + for(Iterator> iter2 = list.iterator(); iter2.hasNext();) { + BaseConfigType bConfig = iter2.next().getValue(); String cMetaAlias = bConfig.getMetaAlias(); if (cMetaAlias != null && cMetaAlias.equals(metaAlias)) { return federationId; @@ -1143,22 +1144,22 @@ public String getRoleByMetaAlias(String metaAlias) SPSSOConfigElement spConfig = getSPSSOConfig(realm, federationId); if (idpConfig == null) { - String m = spConfig.getMetaAlias(); + String m = spConfig.getValue().getMetaAlias(); if ((m != null) && m.equals(metaAlias)) { role = SAML2Constants.SP_ROLE; } } else if (spConfig == null) { - String m = idpConfig.getMetaAlias(); + String m = idpConfig.getValue().getMetaAlias(); if ((m != null) && m.equals(metaAlias)) { role = SAML2Constants.IDP_ROLE; } } else { //Assuming that sp and idp cannot have the same metaAlias - String m = spConfig.getMetaAlias(); + String m = spConfig.getValue().getMetaAlias(); if ((m != null) && m.equals(metaAlias)) { role = SAML2Constants.SP_ROLE; } else { - m = idpConfig.getMetaAlias(); + m = idpConfig.getValue().getMetaAlias(); if ((m != null) && m.equals(metaAlias)) { role = SAML2Constants.IDP_ROLE; } @@ -1187,7 +1188,7 @@ public List getAllHostedIdentityProviderMetaAliases( = getAllHostedIdentityProviderEntities(realm); for(String federationId : hostedEntityIds) { if ((idpConfig = getIDPSSOConfig(realm, federationId)) != null) { - metaAliases.add(idpConfig.getMetaAlias()); + metaAliases.add(idpConfig.getValue().getMetaAlias()); } } return metaAliases; @@ -1211,7 +1212,7 @@ public List getAllHostedServiceProviderMetaAliases( realm); for(String federationId : hostedEntityIds) { if ((spConfig = getSPSSOConfig(realm, federationId)) != null) { - metaAliases.add(spConfig.getMetaAlias()); + metaAliases.add(spConfig.getValue().getMetaAlias()); } } return metaAliases; @@ -1235,7 +1236,7 @@ public boolean isTrustedProvider(String realm, String federationId, SPSSOConfigElement spconfig = getSPSSOConfig(realm, federationId); if (spconfig != null) { - result = isSameCircleOfTrust(spconfig, realm, + result = isSameCircleOfTrust(spconfig.getValue(), realm, trustedEntityId); } if (result) { @@ -1244,7 +1245,7 @@ public boolean isTrustedProvider(String realm, String federationId, IDPSSOConfigElement idpconfig = getIDPSSOConfig(realm, federationId); if (idpconfig !=null) { - return (isSameCircleOfTrust(idpconfig, realm, + return (isSameCircleOfTrust(idpconfig.getValue(), realm, trustedEntityId)); } return false; @@ -1316,11 +1317,11 @@ public Set getAllEntities(String realm) public String getTokenIssuerEndpoint(FederationElement fed) { // Just return first TokenIssuerEndpoint in the Federation - for ( Object o: fed.getAny() ) + for ( Object o: fed.getValue().getAny() ) { if ( o instanceof TokenIssuerEndpointElement ) { - return ((TokenIssuerEndpointElement)o).getAddress().getValue(); + return ((TokenIssuerEndpointElement)o).getValue().getAddress().getValue(); } } @@ -1336,11 +1337,11 @@ public String getTokenIssuerEndpoint(FederationElement fed) public String getTokenIssuerName(FederationElement fed) { // Just return first TokenIssuerName in the Federation - for ( Object o: fed.getAny() ) + for ( Object o: fed.getValue().getAny() ) { if ( o instanceof TokenIssuerNameElement ) { - return ((TokenIssuerNameElement)o).getValue(); + return ((TokenIssuerNameElement)o).getValue().getValue(); } } @@ -1357,12 +1358,12 @@ public String getTokenIssuerName(FederationElement fed) public byte[] getTokenSigningCertificate(FederationElement fed) { // Just return first TokenIssuerName in the Federation - for ( Object o: fed.getAny() ) + for ( Object o: fed.getValue().getAny() ) { if ( o instanceof TokenSigningKeyInfoElement ) { SecurityTokenReferenceType str = - ((TokenSigningKeyInfoElement)o).getSecurityTokenReference(); + ((TokenSigningKeyInfoElement)o).getValue().getSecurityTokenReference().getValue(); for ( Object o1: str.getAny() ) { if ( o1 instanceof X509DataType ) @@ -1396,7 +1397,7 @@ public UriNamedClaimTypesOfferedElement getUriNamedClaimTypesOffered( FederationElement fed) { // Just return first TokenIssuerName in the Federation - for ( Object o: fed.getAny() ) + for ( Object o: fed.getValue().getAny() ) { if ( o instanceof UriNamedClaimTypesOfferedElement ) { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/meta/WSFederationMetaSecurityUtils.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/meta/WSFederationMetaSecurityUtils.java index 554b45dad5..43f5655472 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/meta/WSFederationMetaSecurityUtils.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/meta/WSFederationMetaSecurityUtils.java @@ -38,9 +38,10 @@ import java.util.List; import java.util.Set; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import com.sun.identity.saml.xmlsig.AMSignatureProvider; +import com.sun.identity.wsfederation.jaxb.entityconfig.AttributeElement; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -469,7 +470,7 @@ public static void updateProviderKeyInfo(String realm, WSFederationMetaManager metaManager = new WSFederationMetaManager(); FederationConfigElement config = metaManager.getEntityConfig(realm, entityID); - if (!config.isHosted()) { + if (!Boolean.TRUE.equals(config.getValue().isHosted())) { String[] args = {entityID, realm}; throw new WSFederationMetaException("entityNotHosted", args); } @@ -486,7 +487,7 @@ public static void updateProviderKeyInfo(String realm, if ((certAlias == null) || (certAlias.length() == 0)) { // remove key info removeKeyDescriptor(desp); - setExtendedAttributeValue(idpConfig, + setExtendedAttributeValue(idpConfig.getValue(), SAML2Constants.SIGNING_CERT_ALIAS, null); } else { TokenSigningKeyInfoElement kde = getKeyDescriptor(certAlias); @@ -494,7 +495,7 @@ public static void updateProviderKeyInfo(String realm, // update extended metadata Set value = new HashSet(); value.add(certAlias); - setExtendedAttributeValue(idpConfig, + setExtendedAttributeValue(idpConfig.getValue(), SAML2Constants.SIGNING_CERT_ALIAS, value); } } else { @@ -508,7 +509,7 @@ public static void updateProviderKeyInfo(String realm, if ((certAlias == null) || (certAlias.length() == 0)) { // remove key info removeKeyDescriptor(desp); - setExtendedAttributeValue(spConfig, + setExtendedAttributeValue(spConfig.getValue(), SAML2Constants.SIGNING_CERT_ALIAS, null); } else { TokenSigningKeyInfoElement kde = getKeyDescriptor(certAlias); @@ -516,7 +517,7 @@ public static void updateProviderKeyInfo(String realm, // update extended metadata Set value = new HashSet(); value.add(certAlias); - setExtendedAttributeValue(spConfig, + setExtendedAttributeValue(spConfig.getValue(), SAML2Constants.SIGNING_CERT_ALIAS, value); } } @@ -529,22 +530,22 @@ private static void updateKeyDescriptor(FederationElement desp, // NOTE : we only support one signing and one encryption key right now // the code need to be change if we need to support multiple signing // and/or encryption keys in one entity - List objList = desp.getAny(); + List objList = desp.getValue().getAny(); for (Iterator iter = objList.iterator(); iter.hasNext();) { Object o = iter.next(); if (o instanceof TokenSigningKeyInfoElement) { iter.remove(); } } - desp.getAny().add(0,newKey); + desp.getValue().getAny().add(0,newKey); } private static void removeKeyDescriptor(FederationElement desp) { // NOTE : we only support one signing and one encryption key right now // the code need to be change if we need to support multiple signing // and/or encryption keys in one entity - List objList = desp.getAny(); - for (Iterator iter = objList.iterator(); iter.hasNext();) { + List objList = desp.getValue().getAny(); + for (Iterator iter = objList.iterator(); iter.hasNext();) { Object o = iter.next(); if (o instanceof TokenSigningKeyInfoElement) { iter.remove(); @@ -554,23 +555,19 @@ private static void removeKeyDescriptor(FederationElement desp) { private static void setExtendedAttributeValue(BaseConfigType config, String attrName, Set attrVal) throws WSFederationMetaException { - try { - List attributes = config.getAttribute(); - for(Iterator iter = attributes.iterator(); iter.hasNext();) { - AttributeType avp = (AttributeType)iter.next(); - if (avp.getName().trim().equalsIgnoreCase(attrName)) { - iter.remove(); - } - } - if (attrVal != null) { - ObjectFactory factory = new ObjectFactory(); - AttributeType atype = factory.createAttributeType(); - atype.setName(attrName); - atype.getValue().addAll(attrVal); - config.getAttribute().add(atype); + List attributes = config.getAttribute(); + for(Iterator iter = attributes.iterator(); iter.hasNext();) { + AttributeType avp = iter.next().getValue(); + if (avp.getName().trim().equalsIgnoreCase(attrName)) { + iter.remove(); } - } catch (JAXBException e) { - throw new WSFederationMetaException(e); + } + if (attrVal != null) { + ObjectFactory factory = new ObjectFactory(); + AttributeType atype = factory.createAttributeType(); + atype.setName(attrName); + atype.getValue().addAll(attrVal); + config.getAttribute().add(factory.createAttributeElement(atype)); } } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/meta/WSFederationMetaUtils.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/meta/WSFederationMetaUtils.java index 75ca934f21..c3bfe68258 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/meta/WSFederationMetaUtils.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/meta/WSFederationMetaUtils.java @@ -25,7 +25,7 @@ * $Id: WSFederationMetaUtils.java,v 1.5 2009/10/28 23:58:59 exu Exp $ * * Portions Copyrighted 2012-2016 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.wsfederation.meta; @@ -44,10 +44,10 @@ import java.util.Set; import jakarta.servlet.http.HttpServletRequest; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Marshaller; -import javax.xml.bind.Unmarshaller; +import jakarta.xml.bind.JAXBContext; +import jakarta.xml.bind.JAXBException; +import jakarta.xml.bind.Marshaller; +import jakarta.xml.bind.Unmarshaller; import org.forgerock.openam.utils.CollectionUtils; import org.forgerock.openam.utils.StringUtils; @@ -93,7 +93,7 @@ public final class WSFederationMetaUtils { private static final String PROP_JAXB_FORMATTED_OUTPUT = "jaxb.formatted.output"; private static final String PROP_NAMESPACE_PREFIX_MAPPER = - "com.sun.xml.bind.namespacePrefixMapper"; + "org.glassfish.jaxb.namespacePrefixMapper"; private static NamespacePrefixMapperImpl nsPrefixMapper = new NamespacePrefixMapperImpl(); @@ -234,7 +234,7 @@ public static Map> getAttributes(BaseConfigType config) Map> attrMap = new HashMap>(); List list = config.getAttribute(); for(Iterator iter = list.iterator(); iter.hasNext();) { - AttributeType avp = (AttributeType)iter.next(); + AttributeType avp = ((AttributeElement)iter.next()).getValue(); attrMap.put(avp.getName(), avp.getValue()); } @@ -268,7 +268,7 @@ public static void setAttributes(BaseConfigType config, objFactory = new com.sun.identity.wsfederation.jaxb.entityconfig.ObjectFactory(); - List attributeList = config.getAttribute(); + List attributeList = config.getAttribute(); attributeList.clear(); @@ -276,9 +276,9 @@ public static void setAttributes(BaseConfigType config, for (String key : map.keySet()) { AttributeElement - avp = objFactory.createAttributeElement(); - avp.setName(key); - avp.getValue().addAll(map.get(key)); + avp = objFactory.createAttributeElement(objFactory.createAttributeType()); + avp.getValue().setName(key); + avp.getValue().getValue().addAll(map.get(key)); attributeList.add(avp); } @@ -295,8 +295,8 @@ public static String getAttribute(BaseConfigType config, String key) List list = config.getAttribute(); for (AttributeElement avp : list) { - if (avp.getName().equals(key)) { - return CollectionUtils.getFirstItem(avp.getValue()); + if (avp.getValue().getName().equals(key)) { + return CollectionUtils.getFirstItem(avp.getValue().getValue()); } } @@ -431,7 +431,7 @@ public static void fillEntriesInSet(Map attrMap, String key, String value) { * @return The Base URL of the OpenAM deployment. */ public static String getEndpointBaseUrl(IDPSSOConfigElement idpConfig, HttpServletRequest request) { - String endpointBaseUrl = getAttribute(idpConfig, WSFederationConstants.ENDPOINT_BASE_URL); + String endpointBaseUrl = getAttribute(idpConfig.getValue(), WSFederationConstants.ENDPOINT_BASE_URL); if (StringUtils.isEmpty(endpointBaseUrl)) { endpointBaseUrl = request.getScheme() + "://" + request.getServerName() + ":" + request.getServerPort() + request.getContextPath(); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/plugins/DefaultAccountMapper.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/plugins/DefaultAccountMapper.java index eca9354fa7..4ac156394c 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/plugins/DefaultAccountMapper.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/plugins/DefaultAccountMapper.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: DefaultAccountMapper.java,v 1.5 2009/10/28 23:58:59 exu Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * * Portions Copyrighted 2026 3A Systems, LLC */ @@ -150,12 +152,12 @@ protected String getAttribute(String realm, BaseConfigType config = null; if(role.equals(IDP)) { config = WSFederationUtils.getMetaManager().getIDPSSOConfig( - realm, entityID); + realm, entityID).getValue(); } else { config = WSFederationUtils.getMetaManager().getSPSSOConfig( - realm, entityID); + realm, entityID).getValue(); } - Map attributes = WSFederationMetaUtils.getAttributes(config); + Map> attributes = WSFederationMetaUtils.getAttributes(config); if(attributes == null || attributes.isEmpty()) { if(debug.messageEnabled()) { @@ -166,9 +168,9 @@ protected String getAttribute(String realm, return null; } - List list = (List)attributes.get(attributeName); + List list = attributes.get(attributeName); if(list != null && list.size() > 0) { - return (String)list.iterator().next(); + return list.iterator().next(); } if(debug.messageEnabled()) { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/plugins/DefaultAttributeMapper.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/plugins/DefaultAttributeMapper.java index cd56217357..3e57f859b6 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/plugins/DefaultAttributeMapper.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/plugins/DefaultAttributeMapper.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: DefaultAttributeMapper.java,v 1.4 2009/10/28 23:58:59 exu Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * * Portions Copyrighted 2026 3A Systems, LLC */ @@ -37,6 +39,8 @@ import com.sun.identity.wsfederation.common.WSFederationException; import com.sun.identity.wsfederation.common.WSFederationUtils; import com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType; +import com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement; +import com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement; import com.sun.identity.wsfederation.meta.WSFederationMetaException; import com.sun.identity.wsfederation.meta.WSFederationMetaUtils; @@ -95,11 +99,17 @@ public Map getConfigAttributeMap( try { BaseConfigType config = null; if(role.equals(SP)) { - config = WSFederationUtils.getMetaManager().getSPSSOConfig( + SPSSOConfigElement configElt = WSFederationUtils.getMetaManager().getSPSSOConfig( realm, hostEntityID); + if(configElt != null) { + config = configElt.getValue(); + } } else { - config = WSFederationUtils.getMetaManager().getIDPSSOConfig( + IDPSSOConfigElement configElt = WSFederationUtils.getMetaManager().getIDPSSOConfig( realm, hostEntityID); + if(configElt != null) { + config = configElt.getValue(); + } } if(config == null) { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/plugins/DefaultIDPAccountMapper.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/plugins/DefaultIDPAccountMapper.java index f42650c506..1a1b9d68f8 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/plugins/DefaultIDPAccountMapper.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/plugins/DefaultIDPAccountMapper.java @@ -25,6 +25,7 @@ * $Id: DefaultIDPAccountMapper.java,v 1.7 2009/10/28 23:58:59 exu Exp $ * * Portions Copyrighted 2016 ForgeRock AS. + * Portions Copyrighted 2026 3A Systems LLC. */ package com.sun.identity.wsfederation.plugins; @@ -102,7 +103,7 @@ public NameIdentifier getNameID( String name2 = null; try { - String attrName = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.NAMEID_ATTRIBUTE); + String attrName = WSFederationMetaUtils.getAttribute(idpConfig.getValue(), WSFederationConstants.NAMEID_ATTRIBUTE); if (StringUtils.isEmpty(attrName)) { attrName = WSFederationConstants.UID; } @@ -126,7 +127,7 @@ public NameIdentifier getNameID( throw new WSFederationException(dspe); } - String nameIdFormat = WSFederationMetaUtils.getAttribute(idpConfig, + String nameIdFormat = WSFederationMetaUtils.getAttribute(idpConfig.getValue(), WSFederationConstants.NAMEID_FORMAT); if ( nameIdFormat == null || nameIdFormat.length() == 0 ) { nameIdFormat = WSFederationConstants.NAMED_CLAIM_TYPES[ @@ -134,7 +135,7 @@ public NameIdentifier getNameID( } String strNameIncludesDomain = - WSFederationMetaUtils.getAttribute(idpConfig, + WSFederationMetaUtils.getAttribute(idpConfig.getValue(), WSFederationConstants.NAME_INCLUDES_DOMAIN); boolean nameIncludesDomain = Boolean.valueOf(strNameIncludesDomain); @@ -144,7 +145,7 @@ public NameIdentifier getNameID( // Need to get a domain from somewhere and append it to name2 // Try user profile first String domainAttribute = - WSFederationMetaUtils.getAttribute(idpConfig, + WSFederationMetaUtils.getAttribute(idpConfig.getValue(), WSFederationConstants.DOMAIN_ATTRIBUTE); String upnDomain = null; if ( domainAttribute != null && domainAttribute.length() > 0 ) @@ -162,7 +163,7 @@ public NameIdentifier getNameID( if ( upnDomain == null || upnDomain.length() == 0 ) { // Nothing on the user profile - get from config - upnDomain = WSFederationMetaUtils.getAttribute(idpConfig, + upnDomain = WSFederationMetaUtils.getAttribute(idpConfig.getValue(), WSFederationConstants.UPN_DOMAIN); } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/plugins/DefaultIDPAuthenticationMethodMapper.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/plugins/DefaultIDPAuthenticationMethodMapper.java index 106ede7882..8bce9c25c1 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/plugins/DefaultIDPAuthenticationMethodMapper.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/plugins/DefaultIDPAuthenticationMethodMapper.java @@ -23,6 +23,8 @@ * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: DefaultIDPAuthenticationMethodMapper.java,v 1.4 2009/10/28 23:58:59 exu Exp $ + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -90,7 +92,7 @@ public IDPAuthenticationTypeInfo getIDPAuthnContextInfo( IDPSSOConfigElement config = WSFederationUtils.getMetaManager().getIDPSSOConfig( realm, idpEntityID); - attrs = WSFederationMetaUtils.getAttributes(config); + attrs = WSFederationMetaUtils.getAttributes(config.getValue()); } catch (WSFederationMetaException sme) { debug.error(classMethod + "get IDPSSOConfig failed:", sme); diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/plugins/whitelist/ValidWReplyExtractor.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/plugins/whitelist/ValidWReplyExtractor.java index 268d065678..090df4d30e 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/plugins/whitelist/ValidWReplyExtractor.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/plugins/whitelist/ValidWReplyExtractor.java @@ -12,6 +12,7 @@ * information: "Portions copyright [year] [name of copyright owner]". * * Copyright 2014-2016 ForgeRock AS. + * Portions copyright 2026 3A Systems LLC */ package com.sun.identity.wsfederation.plugins.whitelist; @@ -27,6 +28,8 @@ import com.sun.identity.wsfederation.common.WSFederationConstants; import com.sun.identity.wsfederation.common.WSFederationUtils; import com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType; +import com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement; +import com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement; import com.sun.identity.wsfederation.meta.WSFederationMetaException; import com.sun.identity.wsfederation.meta.WSFederationMetaUtils; @@ -45,9 +48,13 @@ public Collection extractValidDomains(final WSFederationEntityInfo entit if (SAML2Constants.SP_ROLE.equalsIgnoreCase(entityInfo.role)) { - config = WSFederationUtils.getMetaManager().getSPSSOConfig(entityInfo.realm, entityInfo.entityID); + SPSSOConfigElement configElt = + WSFederationUtils.getMetaManager().getSPSSOConfig(entityInfo.realm, entityInfo.entityID); + config = (configElt == null) ? null : configElt.getValue(); } else { - config = WSFederationUtils.getMetaManager().getIDPSSOConfig(entityInfo.realm, entityInfo.entityID); + IDPSSOConfigElement configElt = + WSFederationUtils.getMetaManager().getIDPSSOConfig(entityInfo.realm, entityInfo.entityID); + config = (configElt == null) ? null : configElt.getValue(); } if (config == null) { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/profile/IDPSSOUtil.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/profile/IDPSSOUtil.java index b987cc9eb6..e97b846d67 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/profile/IDPSSOUtil.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/profile/IDPSSOUtil.java @@ -24,7 +24,7 @@ * * $Id: IDPSSOUtil.java,v 1.3 2009/10/28 23:58:59 exu Exp $ * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ @@ -85,7 +85,7 @@ public static String getAuthenticationServiceURL( IDPSSOConfigElement config = WSFederationUtils.getMetaManager().getIDPSSOConfig( realm, hostEntityId); - authUrl = WSFederationMetaUtils.getAttribute(config, + authUrl = WSFederationMetaUtils.getAttribute(config.getValue(), SAML2Constants.AUTH_URL); } catch (WSFederationMetaException sme) { if (debug.messageEnabled()) { @@ -143,14 +143,14 @@ public static String getACSurl(String entityId, String realm, { // Check that wreply is registered on this SP // Just return first TokenIssuerEndpoint in the Federation - for ( Object o: sp.getAny() ) + for ( Object o: sp.getValue().getAny() ) { if ( o instanceof TokenIssuerEndpointElement ) { try { URL replyUrl = new URL(wreply); URL thisUrl = new URL( - ((TokenIssuerEndpointElement)o).getAddress(). + ((TokenIssuerEndpointElement)o).getValue().getAddress(). getValue()); if ( replyUrl.equals(thisUrl)) return wreply; diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/profile/SAML11RequestedSecurityToken.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/profile/SAML11RequestedSecurityToken.java index a8d8e40622..bc85f3f7cf 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/profile/SAML11RequestedSecurityToken.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/profile/SAML11RequestedSecurityToken.java @@ -25,6 +25,7 @@ * $Id: SAML11RequestedSecurityToken.java,v 1.7 2009/12/14 23:42:48 mallas Exp $ * * Portions Copyrighted 2016 ForgeRock AS. + * Portions Copyrighted 2026 3A Systems LLC */ package com.sun.identity.wsfederation.profile; @@ -368,7 +369,7 @@ public Map verifyToken(String realm, String hostEntityId, } String strWantAssertionSigned = - WSFederationMetaUtils.getAttribute(spConfig, + WSFederationMetaUtils.getAttribute(spConfig.getValue(), WSFederationConstants.WANT_ASSERTION_SIGNED); // By default, we want to sign assertions diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/ActiveRequest.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/ActiveRequest.java index d18552b7c0..5ee71018f2 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/ActiveRequest.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/ActiveRequest.java @@ -12,7 +12,7 @@ * information: "Portions copyright [year] [name of copyright owner]". * * Copyright 2016 ForgeRock AS. - * Portions copyright 2025 3A Systems LLC. + * Portions copyright 2025-2026 3A Systems LLC. */ package com.sun.identity.wsfederation.servlet; @@ -125,7 +125,7 @@ public void process() throws ServletException, IOException, WSFederationExceptio throw new WSFederationException(BUNDLE_NAME, "unableToFindIDPConfiguration", null); } - final boolean activeRequestorEnabled = Boolean.parseBoolean(WSFederationMetaUtils.getAttribute(idpConfig, + final boolean activeRequestorEnabled = Boolean.parseBoolean(WSFederationMetaUtils.getAttribute(idpConfig.getValue(), ACTIVE_REQUESTOR_PROFILE_ENABLED)); if (!activeRequestorEnabled) { @@ -150,7 +150,7 @@ public void process() throws ServletException, IOException, WSFederationExceptio StandardCharsets.UTF_8))); } parseAndValidateRequest(soapMessage, idpConfig); - ssoToken = authenticateEndUser(soapMessage, WSFederationMetaUtils.getAttribute(idpConfig, + ssoToken = authenticateEndUser(soapMessage, WSFederationMetaUtils.getAttribute(idpConfig.getValue(), AUTHENTICATOR_CLASS, "org.forgerock.openam.saml2.plugins.DefaultWsFedAuthenticator")); final SAML11RequestedSecurityToken requestedSecurityToken = WSFederationUtils.createSAML11Token(realm, idpEntityId, address, ssoToken, address, SAMLConstants.AUTH_METHOD_PASSWORD_URI, true); @@ -238,7 +238,7 @@ private void parseAndValidateRequest(SOAPMessage soapMessage, IDPSSOConfigElemen } final String stsEndpoint = WSFederationMetaUtils.getEndpointBaseUrl(idpConfig, request) - + "/WSFederationServlet/sts/metaAlias" + idpConfig.getMetaAlias(); + + "/WSFederationServlet/sts/metaAlias" + idpConfig.getValue().getMetaAlias(); final Date expiresDate; try { expiresDate = DateUtils.stringToDate(expires); @@ -269,7 +269,7 @@ private void parseAndValidateRequest(SOAPMessage soapMessage, IDPSSOConfigElemen } address = getSingleElement(soapBody, WSA_NAMESPACE, "Address"); - final List trustedAddresses = WSFederationMetaUtils.getAttributes(idpConfig, TRUSTED_ADDRESSES); + final List trustedAddresses = WSFederationMetaUtils.getAttributes(idpConfig.getValue(), TRUSTED_ADDRESSES); if (trustedAddresses == null || !trustedAddresses.contains(address)) { throw newReceiverException("invalidReceiver"); } diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/IPSigninRequest.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/IPSigninRequest.java index fd8529efdf..a3c4c56cb5 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/IPSigninRequest.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/IPSigninRequest.java @@ -25,7 +25,7 @@ * $Id: IPSigninRequest.java,v 1.8 2009/10/28 23:59:00 exu Exp $ * * Portions Copyrighted 2014-2016 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.wsfederation.servlet; @@ -280,7 +280,7 @@ private void sendResponse(Object session, String idpEntityId, throw new WSFederationException(se); } - String strWantAssertionSigned = WSFederationMetaUtils.getAttribute(spConfig, + String strWantAssertionSigned = WSFederationMetaUtils.getAttribute(spConfig.getValue(), WSFederationConstants.WANT_ASSERTION_SIGNED); // By default, we want to sign assertions boolean wantAssertionSigned = strWantAssertionSigned != null ? Boolean.parseBoolean(strWantAssertionSigned) diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/MetadataRequest.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/MetadataRequest.java index b8575dc688..ce4f5f06b8 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/MetadataRequest.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/MetadataRequest.java @@ -24,7 +24,7 @@ * * $Id: MetadataRequest.java,v 1.2 2009/10/28 23:59:00 exu Exp $ * - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.wsfederation.servlet; @@ -41,7 +41,7 @@ import java.util.List; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; /** diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/MexRequest.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/MexRequest.java index 3cac0e51a3..8cbcc19746 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/MexRequest.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/MexRequest.java @@ -12,7 +12,7 @@ * information: "Portions copyright [year] [name of copyright owner]". * * Copyright 2016 ForgeRock AS. - * Portions copyright 2025 3A Systems LLC. + * Portions copyright 2025-2026 3A Systems LLC. */ package com.sun.identity.wsfederation.servlet; @@ -93,7 +93,7 @@ public void process() throws ServletException, IOException, WSFederationExceptio throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "unableToFindIDPConfiguration", null); } - final boolean activeRequestorEnabled = Boolean.parseBoolean(WSFederationMetaUtils.getAttribute(idpConfig, + final boolean activeRequestorEnabled = Boolean.parseBoolean(WSFederationMetaUtils.getAttribute(idpConfig.getValue(), WSFederationConstants.ACTIVE_REQUESTOR_PROFILE_ENABLED)); if (!activeRequestorEnabled) { diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/RPSigninRequest.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/RPSigninRequest.java index 13c470123b..88a77cce56 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/RPSigninRequest.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/RPSigninRequest.java @@ -25,7 +25,7 @@ * $Id: RPSigninRequest.java,v 1.9 2009/11/03 00:48:54 madan_ranganath Exp $ * * Portions Copyrighted 2015-2016 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems LLC. + * Portions Copyrighted 2025-2026 3A Systems LLC. */ package com.sun.identity.wsfederation.servlet; @@ -133,7 +133,7 @@ public void process() throws WSFederationException, IOException } Map> spConfigAttributes = - WSFederationMetaUtils.getAttributes(spConfig); + WSFederationMetaUtils.getAttributes(spConfig.getValue()); String accountRealmSelection = spConfigAttributes.get( diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/RPSigninResponse.java b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/RPSigninResponse.java index 26e9d40faa..9deab12d36 100644 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/RPSigninResponse.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/identity/wsfederation/servlet/RPSigninResponse.java @@ -147,7 +147,7 @@ public void process() throws WSFederationException, IOException { metaManager.getSPSSOConfig(realm, spEntityId); int timeskew = SAML2Constants.ASSERTION_TIME_SKEW_DEFAULT; - String timeskewStr = WSFederationMetaUtils.getAttribute(spssoconfig, + String timeskewStr = WSFederationMetaUtils.getAttribute(spssoconfig.getValue(), SAML2Constants.ASSERTION_TIME_SKEW); if (timeskewStr != null && timeskewStr.trim().length() > 0) { timeskew = Integer.parseInt(timeskewStr); @@ -173,7 +173,7 @@ public void process() throws WSFederationException, IOException { assert smap != null; - Map attributes = WSFederationMetaUtils.getAttributes(spssoconfig); + Map attributes = WSFederationMetaUtils.getAttributes(spssoconfig.getValue()); SPAccountMapper acctMapper = getSPAccountMapper(attributes); SPAttributeMapper attrMapper = getSPAttributeMapper(attributes); @@ -236,7 +236,7 @@ public void process() throws WSFederationException, IOException { if (wctx != null) { target = WSFederationUtils.removeReplyURL(wctx); } else { - target = WSFederationMetaUtils.getAttribute(spssoconfig, + target = WSFederationMetaUtils.getAttribute(spssoconfig.getValue(), SAML2Constants.DEFAULT_RELAY_STATE); } @@ -349,7 +349,7 @@ public static void setAttrMapInSession( } private boolean isAssertionCacheEnabled(SPSSOConfigElement spssoconfig) { - String enabled = WSFederationMetaUtils.getAttribute(spssoconfig, + String enabled = WSFederationMetaUtils.getAttribute(spssoconfig.getValue(), SAML2Constants.ASSERTION_CACHE_ENABLED); if(enabled == null) { //TODO: until the console/cli is fixed for this attribute, diff --git a/openam-federation/openam-federation-library/src/main/java/com/sun/liberty/LibertyManager.java b/openam-federation/openam-federation-library/src/main/java/com/sun/liberty/LibertyManager.java index 36ad20fe49..24f9570f18 100755 --- a/openam-federation/openam-federation-library/src/main/java/com/sun/liberty/LibertyManager.java +++ b/openam-federation/openam-federation-library/src/main/java/com/sun/liberty/LibertyManager.java @@ -59,6 +59,7 @@ import com.sun.identity.federation.common.IFSConstants; import com.sun.identity.federation.common.FSUtils; import com.sun.identity.federation.jaxb.entityconfig.BaseConfigType; +import com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement; import com.sun.identity.federation.message.common.FSMsgException; import com.sun.identity.federation.message.FSNameIdentifierMappingRequest; import com.sun.identity.federation.message.FSNameIdentifierMappingResponse; @@ -1275,8 +1276,10 @@ public static String getNewRequest(HttpServletRequest request) { if (targetURL == null || targetURL.length() <= 0 ) { try { if (metaManager != null) { - BaseConfigType providerConfig = + SPDescriptorConfigElement spConfigElem = metaManager.getSPDescriptorConfig(realm, entityID); + BaseConfigType providerConfig = + (spConfigElem == null) ? null : spConfigElem.getValue(); homePage = IDFFMetaUtils.getFirstAttributeValue( IDFFMetaUtils.getAttributes(providerConfig), IFSConstants.PROVIDER_HOME_PAGE_URL); @@ -2024,8 +2027,9 @@ public static NameIdentifier getMappedNameIdentifier( try { hostedDescriptor = metaManager.getSPDescriptor( realm, hostedEntityID); - hostedConfig = metaManager.getSPDescriptorConfig( + SPDescriptorConfigElement hostedConfigElem = metaManager.getSPDescriptorConfig( realm, hostedEntityID); + hostedConfig = (hostedConfigElem == null) ? null : hostedConfigElem.getValue(); } catch (IDFFMetaException ie) { debug.error(classMethod + "couldn't obtain hosted meta:", ie); return null; diff --git a/openam-federation/openam-federation-library/src/main/java/org/forgerock/openam/saml2/UtilProxySAMLAuthenticator.java b/openam-federation/openam-federation-library/src/main/java/org/forgerock/openam/saml2/UtilProxySAMLAuthenticator.java index f48f832256..4aa9d3ebf8 100644 --- a/openam-federation/openam-federation-library/src/main/java/org/forgerock/openam/saml2/UtilProxySAMLAuthenticator.java +++ b/openam-federation/openam-federation-library/src/main/java/org/forgerock/openam/saml2/UtilProxySAMLAuthenticator.java @@ -158,8 +158,8 @@ public void authenticate() throws FederatedSSOException, IOException { SAML2Utils.debug.error(classMethod, sme); } - if (idpSSODescriptor.isWantAuthnRequestsSigned() - || (spSSODescriptor != null && spSSODescriptor.isAuthnRequestsSigned())) { + if (Boolean.TRUE.equals(idpSSODescriptor.getValue().isWantAuthnRequestsSigned()) + || (spSSODescriptor != null && Boolean.TRUE.equals(spSSODescriptor.getValue().isAuthnRequestsSigned()))) { // need to verify the query string containing authnRequest if (StringUtils.isBlank(data.getSpEntityID())) { throw new ClientFaultException(data.getIdpAdapter(), INVALID_SAML_REQUEST); @@ -170,7 +170,7 @@ public void authenticate() throws FederatedSSOException, IOException { throw new ServerFaultException(data.getIdpAdapter(), METADATA_ERROR); } - Set certificates = KeyUtil.getVerificationCerts(spSSODescriptor, data.getSpEntityID(), + Set certificates = KeyUtil.getVerificationCerts(spSSODescriptor.getValue(), data.getSpEntityID(), SAML2Constants.SP_ROLE); try { @@ -192,20 +192,20 @@ public void authenticate() throws FederatedSSOException, IOException { // In ECP profile, sp doesn't know idp. if (!isFromECP) { // verify Destination - List ssoServiceList = idpSSODescriptor.getSingleSignOnService(); + List ssoServiceList = idpSSODescriptor.getValue().getSingleSignOnService(); SingleSignOnServiceElement endPoint = SPSSOFederate.getSingleSignOnServiceEndpoint(ssoServiceList, binding); - if (endPoint == null || StringUtils.isEmpty(endPoint.getLocation())) { + if (endPoint == null || StringUtils.isEmpty(endPoint.getValue().getLocation())) { SAML2Utils.debug .error("{} authn request unable to get endpoint location for IdpEntity: {} MetaAlias: {} ", classMethod, data.getIdpEntityID(), data.getIdpMetaAlias()); throw new ClientFaultException(data.getIdpAdapter(), "invalidDestination"); } if (!SAML2Utils - .verifyDestination(data.getAuthnRequest().getDestination(), endPoint.getLocation())) { + .verifyDestination(data.getAuthnRequest().getDestination(), endPoint.getValue().getLocation())) { SAML2Utils.debug .error("{} authn request destination verification failed for IdpEntity: {} MetaAlias: {} Destination: {} Location: {}", classMethod, data.getIdpEntityID(), data.getIdpMetaAlias(), - data.getAuthnRequest().getDestination(), endPoint.getLocation()); + data.getAuthnRequest().getDestination(), endPoint.getValue().getLocation()); throw new ClientFaultException(data.getIdpAdapter(), "invalidDestination"); } } diff --git a/openam-federation/openam-federation-library/src/main/java/org/forgerock/openam/saml2/plugins/ValidRelayStateExtractor.java b/openam-federation/openam-federation-library/src/main/java/org/forgerock/openam/saml2/plugins/ValidRelayStateExtractor.java index 5ddde6ac68..68666fefb7 100644 --- a/openam-federation/openam-federation-library/src/main/java/org/forgerock/openam/saml2/plugins/ValidRelayStateExtractor.java +++ b/openam-federation/openam-federation-library/src/main/java/org/forgerock/openam/saml2/plugins/ValidRelayStateExtractor.java @@ -12,11 +12,14 @@ * information: "Portions copyright [year] [name of copyright owner]". * * Copyright 2014 ForgeRock AS. + * Portions copyright 2026 3A Systems LLC */ package org.forgerock.openam.saml2.plugins; import com.sun.identity.saml2.common.SAML2Constants; import com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType; +import com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement; +import com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement; import com.sun.identity.saml2.meta.SAML2MetaException; import com.sun.identity.saml2.meta.SAML2MetaManager; import com.sun.identity.saml2.meta.SAML2MetaUtils; @@ -42,9 +45,11 @@ public Collection extractValidDomains(final SAMLEntityInfo entityInfo) { final SAML2MetaManager metaManager = new SAML2MetaManager(); if (SAML2Constants.SP_ROLE.equalsIgnoreCase(entityInfo.role)) { - config = metaManager.getSPSSOConfig(entityInfo.realm, entityInfo.entityID); + SPSSOConfigElement configElem = metaManager.getSPSSOConfig(entityInfo.realm, entityInfo.entityID); + config = (configElem == null) ? null : configElem.getValue(); } else { - config = metaManager.getIDPSSOConfig(entityInfo.realm, entityInfo.entityID); + IDPSSOConfigElement configElem = metaManager.getIDPSSOConfig(entityInfo.realm, entityInfo.entityID); + config = (configElem == null) ? null : configElem.getValue(); } if (config == null) { diff --git a/openam-federation/openam-federation-library/src/test/java/com/sun/identity/saml2/key/KeyUtilTest.java b/openam-federation/openam-federation-library/src/test/java/com/sun/identity/saml2/key/KeyUtilTest.java index 913739420c..f3769d4e01 100644 --- a/openam-federation/openam-federation-library/src/test/java/com/sun/identity/saml2/key/KeyUtilTest.java +++ b/openam-federation/openam-federation-library/src/test/java/com/sun/identity/saml2/key/KeyUtilTest.java @@ -12,6 +12,8 @@ * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL * Header, with the fields enclosed by brackets [] replaced by your own identifying * information: "Portions copyright [year] [name of copyright owner]". + * + * Portions copyright 2026 3A Systems LLC */ package com.sun.identity.saml2.key; @@ -22,10 +24,12 @@ import com.sun.identity.saml2.jaxb.metadata.*; import com.sun.identity.shared.xml.XMLUtils; import java.util.List; + +import jakarta.xml.bind.JAXBElement; import org.testng.Assert; import org.testng.annotations.Test; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; public class KeyUtilTest { @@ -43,10 +47,10 @@ public void testNoUseKeyDescriptorEntityDescriptor() throws SAML2MetaException, XMLUtils.toDOMDocument(ClassLoader.getSystemResourceAsStream(XML_DOCUMENT_TO_LOAD), SAML2Utils.debug), "UTF-8"); EntityDescriptorElement element = SAML2MetaUtils.getEntityDescriptorElement(idpMetadata); - List descriptors = element.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); - for (Object descriptor : descriptors) { - if (descriptor instanceof IDPSSODescriptorElement) { - KeyDescriptorType type = KeyUtil.getKeyDescriptor((IDPSSODescriptorElement)descriptor, "signing"); + List> descriptors = element.getValue().getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor(); + for (JAXBElement descriptor : descriptors) { + if (descriptor.getValue() instanceof IDPSSODescriptorType) { + KeyDescriptorElement type = KeyUtil.getKeyDescriptor(descriptor.getValue(), "signing"); Assert.assertNotNull(type); break; } diff --git a/openam-federation/openam-federation-library/src/test/java/com/sun/identity/saml2/meta/SAML2MetaUtilsTest.java b/openam-federation/openam-federation-library/src/test/java/com/sun/identity/saml2/meta/SAML2MetaUtilsTest.java index da389c3515..0fa80edbcf 100644 --- a/openam-federation/openam-federation-library/src/test/java/com/sun/identity/saml2/meta/SAML2MetaUtilsTest.java +++ b/openam-federation/openam-federation-library/src/test/java/com/sun/identity/saml2/meta/SAML2MetaUtilsTest.java @@ -12,17 +12,29 @@ * information: "Portions copyright [year] [name of copyright owner]". * * Copyright 2014 ForgeRock AS. + * Portions copyright 2026 3A Systems LLC. */ package com.sun.identity.saml2.meta; import static org.testng.Assert.*; + +import com.sun.identity.saml2.jaxb.entityconfig.EntityConfigElement; +import com.sun.identity.saml2.jaxb.metadata.AssertionConsumerServiceElement; +import com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement; +import com.sun.identity.saml2.jaxb.metadata.EntityDescriptorType; +import com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorType; +import jakarta.xml.bind.JAXBElement; import org.testng.annotations.Test; import org.testng.annotations.AfterClass; import org.testng.annotations.AfterMethod; import org.testng.annotations.BeforeClass; import org.testng.annotations.BeforeMethod; +import java.io.IOException; +import java.io.InputStream; +import java.util.List; + public class SAML2MetaUtilsTest { private static final String PATH_SEPARATOR = "/"; @@ -66,6 +78,63 @@ public void testGetMetaDataByURI_SubRealm() { + PATH_SEPARATOR + TEST_ENTITY; final String result = SAML2MetaUtils.getMetaAliasByUri(uri); assertEquals(result, PATH_SEPARATOR + TEST_SUB_REALM + PATH_SEPARATOR + TEST_ENTITY); - } - + } + + @Test + public void convertInputStreamToJaxbTest() throws Exception { + try(InputStream is = getClass().getClassLoader().getResourceAsStream("idp-extended.xml")) { + Object jaxb = SAML2MetaUtils.convertInputStreamToJAXB(is); + assertNotNull(jaxb); + assertTrue(jaxb instanceof EntityConfigElement); + } + + try(InputStream is = getClass().getClassLoader().getResourceAsStream("idp-metadata.xml")) { + Object jaxb = SAML2MetaUtils.convertInputStreamToJAXB(is); + assertNotNull(jaxb); + assertTrue(jaxb instanceof EntityDescriptorElement); + } + } + + /** + * Metadata that omits the optional boolean attributes (WantAssertionsSigned, + * AuthnRequestsSigned, AssertionConsumerService/@isDefault) must unmarshal + * to nullable {@code Boolean} getters that return {@code null} rather than a + * primitive {@code false}. This locks in the JAXB 3 generated shape so the + * {@code Boolean.TRUE.equals(...)} guards on the SSO paths stay necessary + * and correct (absent attribute is treated as {@code false}, never an NPE). + */ + @Test + public void optionalBooleanAttributesUnmarshalAsNull() throws Exception { + try (InputStream is = getClass().getClassLoader() + .getResourceAsStream("sp-metadata-no-optional-booleans.xml")) { + Object jaxb = SAML2MetaUtils.convertInputStreamToJAXB(is); + assertTrue(jaxb instanceof EntityDescriptorElement); + + EntityDescriptorType entity = ((EntityDescriptorElement) jaxb).getValue(); + SPSSODescriptorType spsso = null; + for (Object role : entity.getRoleDescriptorOrIDPSSODescriptorOrSPSSODescriptor()) { + Object value = (role instanceof JAXBElement) ? ((JAXBElement) role).getValue() : role; + if (value instanceof SPSSODescriptorType) { + spsso = (SPSSODescriptorType) value; + break; + } + } + assertNotNull(spsso); + + // Absent optional attributes -> nullable Boolean returns null. + assertNull(spsso.isWantAssertionsSigned()); + assertNull(spsso.isAuthnRequestsSigned()); + // Migration-safe idiom: null is treated as false, no unboxing NPE. + assertFalse(Boolean.TRUE.equals(spsso.isWantAssertionsSigned())); + assertFalse(Boolean.TRUE.equals(spsso.isAuthnRequestsSigned())); + + List acsList = spsso.getAssertionConsumerService(); + assertFalse(acsList.isEmpty()); + for (AssertionConsumerServiceElement acs : acsList) { + assertNull(acs.getValue().isIsDefault()); + assertFalse(Boolean.TRUE.equals(acs.getValue().isIsDefault())); + } + } + } + } diff --git a/openam-federation/openam-federation-library/src/test/java/com/sun/identity/saml2/profile/SLOLocationTest.java b/openam-federation/openam-federation-library/src/test/java/com/sun/identity/saml2/profile/SLOLocationTest.java index 872080cea3..da59e68f6a 100644 --- a/openam-federation/openam-federation-library/src/test/java/com/sun/identity/saml2/profile/SLOLocationTest.java +++ b/openam-federation/openam-federation-library/src/test/java/com/sun/identity/saml2/profile/SLOLocationTest.java @@ -12,12 +12,13 @@ * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL * Header, with the fields enclosed by brackets [] replaced by your own identifying * information: "Portions copyright [year] [name of copyright owner]". + * + * Portions copyright 2026 3A Systems LLC */ package com.sun.identity.saml2.profile; import static com.sun.identity.saml2.common.SAML2Constants.*; import com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement; -import com.sun.identity.saml2.jaxb.metadata.impl.SingleLogoutServiceElementImpl; import java.util.ArrayList; import java.util.List; import static org.assertj.core.api.Assertions.*; @@ -32,11 +33,11 @@ public void sameBindingReturnedWhenAvailable() { endpoints.add(endpointFor(HTTP_POST, "post")); endpoints.add(endpointFor(SOAP, "soap")); SingleLogoutServiceElement result = LogoutUtil.getMostAppropriateSLOServiceLocation(endpoints, HTTP_REDIRECT); - assertThat(result.getBinding()).isEqualTo(HTTP_REDIRECT); + assertThat(result.getValue().getBinding()).isEqualTo(HTTP_REDIRECT); result = LogoutUtil.getMostAppropriateSLOServiceLocation(endpoints, HTTP_POST); - assertThat(result.getBinding()).isEqualTo(HTTP_POST); + assertThat(result.getValue().getBinding()).isEqualTo(HTTP_POST); result = LogoutUtil.getMostAppropriateSLOServiceLocation(endpoints, SOAP); - assertThat(result.getBinding()).isEqualTo(SOAP); + assertThat(result.getValue().getBinding()).isEqualTo(SOAP); } public void asynchronousBindingIsPreferredOverSynchronous() { @@ -44,10 +45,10 @@ public void asynchronousBindingIsPreferredOverSynchronous() { endpoints.add(endpointFor(HTTP_POST, "post")); endpoints.add(endpointFor(SOAP, "soap")); SingleLogoutServiceElement result = LogoutUtil.getMostAppropriateSLOServiceLocation(endpoints, HTTP_REDIRECT); - assertThat(result.getBinding()).isEqualTo(HTTP_POST); + assertThat(result.getValue().getBinding()).isEqualTo(HTTP_POST); endpoints.set(0, endpointFor(HTTP_REDIRECT, "redirect")); result = LogoutUtil.getMostAppropriateSLOServiceLocation(endpoints, HTTP_POST); - assertThat(result.getBinding()).isEqualTo(HTTP_REDIRECT); + assertThat(result.getValue().getBinding()).isEqualTo(HTTP_REDIRECT); } public void asynchronousBindingsAreNotReturnedWhenRequestingSynchronous() { @@ -72,15 +73,19 @@ public void synchronousBindingReturnedIfNoAsynchronousAvailable() { List endpoints = new ArrayList(); endpoints.add(endpointFor(SOAP, "soap")); SingleLogoutServiceElement result = LogoutUtil.getMostAppropriateSLOServiceLocation(endpoints, HTTP_REDIRECT); - assertThat(result.getBinding()).isEqualTo(SOAP); + assertThat(result.getValue().getBinding()).isEqualTo(SOAP); result = LogoutUtil.getMostAppropriateSLOServiceLocation(endpoints, HTTP_POST); - assertThat(result.getBinding()).isEqualTo(SOAP); + assertThat(result.getValue().getBinding()).isEqualTo(SOAP); } private SingleLogoutServiceElement endpointFor(String binding, String location) { - SingleLogoutServiceElement ret = new SingleLogoutServiceElementImpl(); - ret.setBinding(binding); - ret.setLocation(location); + + com.sun.identity.saml2.jaxb.metadata.ObjectFactory of + = new com.sun.identity.saml2.jaxb.metadata.ObjectFactory(); + + SingleLogoutServiceElement ret = of.createSingleLogoutServiceElement(of.createEndpointType()); + ret.getValue().setBinding(binding); + ret.getValue().setLocation(location); return ret; } } diff --git a/openam-federation/openam-federation-library/src/test/resources/idp-extended.xml b/openam-federation/openam-federation-library/src/test/resources/idp-extended.xml new file mode 100644 index 0000000000..43fac0cd99 --- /dev/null +++ b/openam-federation/openam-federation-library/src/test/resources/idp-extended.xml @@ -0,0 +1,111 @@ + + + + + + + + test + + + + + + false + + + + + + + + + false + + + + + + 600 + + + com.sun.identity.saml2.plugins.DefaultIDPAuthnContextMapper + + + urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|0||default + + + com.sun.identity.saml2.plugins.DefaultIDPAccountMapper + + + false + + + com.sun.identity.saml2.plugins.DefaultIDPAttributeMapper + + + com.sun.identity.saml2.plugins.DefaultAssertionIDRequestMapper + + + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress=mail + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName= + urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName= + urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos= + urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified= + + + com.sun.identity.saml2.plugins.DefaultIDPECPSessionMapper + + + uid=uid + + + + + + + + + + + + + + + + + + + + + + + false + + + false + + + 600 + + + + + http://openam.example.org:8080/openam/idpsaehandler/metaAlias/idp + + + + + + + + + false + + + + + diff --git a/openam-federation/openam-federation-library/src/test/resources/idp-metadata.xml b/openam-federation/openam-federation-library/src/test/resources/idp-metadata.xml new file mode 100644 index 0000000000..ff6be7af7f --- /dev/null +++ b/openam-federation/openam-federation-library/src/test/resources/idp-metadata.xml @@ -0,0 +1,97 @@ + + + + + + + MIIDaDCCAlCgAwIBAgIDcB/YMA0GCSqGSIb3DQEBCwUAMGUxCzAJBgNVBAYTAlVLMRAwDgYDVQQI + EwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sxDzANBgNVBAsT + Bk9wZW5BTTENMAsGA1UEAxMEdGVzdDAeFw0xNjAzMTgxMTU2MjhaFw0yNjAzMTYxMTU2MjhaMGUx + CzAJBgNVBAYTAlVLMRAwDgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQK + EwlGb3JnZVJvY2sxDzANBgNVBAsTBk9wZW5BTTENMAsGA1UEAxMEdGVzdDCCASIwDQYJKoZIhvcN + AQEBBQADggEPADCCAQoCggEBAKNbl89eP6B8kZATNSPe3+OZ3esLx31hjX+dakHtPwXCAaCKqJFw + jwKdxyRuPdsVG+8Dbk3PGhk26aJrSE93EpxeqmQqxNPMeD+N0/8pjkuVYWwPIQ/ts2iTiWOVn7wz + lE4ASfvupqOR5pjuYMWNo/pd4L7QNjUCKoAt9H11HMyiP+6roo/EYgX4AH7OAhfUMncYsopWhkW/ + ze9z8wTXc8BAEgDmt8zFCez1CtqJB/MlSBUGDgk8oHYDsHKmx05baBaOBQ8LRGP5SULSbRtu34eL + FootBIn0FvUZSnwTiSpbaHHRgWrMOVm07oSLWBuO3h/bj38zBuuqqVsAK8YuyoECAwEAAaMhMB8w + HQYDVR0OBBYEFHxfAbr6PQ5Xgc+jVx+AGTPnnpWZMA0GCSqGSIb3DQEBCwUAA4IBAQAZBMJ29/2i + dv1ztC6ArHtB4kw/nHHwthXFwtWAN7sRPB8tLW7fD8aJ43RQr5107Bg1Lgkmt+FZxpafqUC/mukj + IzGzbW0COMSOTcWUGss+HxK6M6Fl9aOzKJMct1uOSpPFgjItcGqydGZXR2FH93vXWoAotUwtZ119 + IixIdxpOJwYJg0HFn+GEfpU1PmiLfq2/uwqJ0hGCNfNcm9puagzhQrcDFOnolxjnYPSfSkU5wxlG + o99yE5eJwoHXXU7csaZVttmx7sPj1lUENogXUM6JMqzSyEIm1XCOCL8rZJkZ781W5CwZhuJTNzV3 + 1sBREs8FaaCeksu7Y48BmkUqw6E9 + + + + + + + + + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + + + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + + + urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + + + urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName + + + urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos + + + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName + + + + + + + + + diff --git a/openam-federation/openam-federation-library/src/test/resources/sp-metadata-no-optional-booleans.xml b/openam-federation/openam-federation-library/src/test/resources/sp-metadata-no-optional-booleans.xml new file mode 100644 index 0000000000..9d551079b1 --- /dev/null +++ b/openam-federation/openam-federation-library/src/test/resources/sp-metadata-no-optional-booleans.xml @@ -0,0 +1,44 @@ + + + + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + + + + + diff --git a/openam-oauth2-saml2/src/main/java/org/forgerock/openam/oauth2/saml2/core/Saml2GrantTypeHandler.java b/openam-oauth2-saml2/src/main/java/org/forgerock/openam/oauth2/saml2/core/Saml2GrantTypeHandler.java index 0c3c4417be..4163be4cfe 100644 --- a/openam-oauth2-saml2/src/main/java/org/forgerock/openam/oauth2/saml2/core/Saml2GrantTypeHandler.java +++ b/openam-oauth2-saml2/src/main/java/org/forgerock/openam/oauth2/saml2/core/Saml2GrantTypeHandler.java @@ -12,7 +12,7 @@ * information: "Portions copyright [year] [name of copyright owner]". * * Copyright 2014-2016 ForgeRock AS. - * Portions copyright 2025 3A Systems LLC. + * Portions copyright 2025-2026 3A Systems LLC. */ package org.forgerock.openam.oauth2.saml2.core; @@ -179,7 +179,11 @@ private void validateAssertion(Assertion assertion, ClientRegistration clientReg final Set verificationCerts; SAML2MetaManager metaManager = new SAML2MetaManager(); final IDPSSODescriptorElement idpSsoDescriptor = metaManager.getIDPSSODescriptor(realm, idpEntityID); - verificationCerts = KeyUtil.getVerificationCerts(idpSsoDescriptor, idpEntityID, SAML2Constants.IDP_ROLE); + if (idpSsoDescriptor == null) { + logger.error("Saml2GrantTypeHandler.isValidAssertion(): No IDP descriptor found for issuer {}", idpEntityID); + throw new InvalidGrantException("Unknown assertion issuer"); + } + verificationCerts = KeyUtil.getVerificationCerts(idpSsoDescriptor.getValue(), idpEntityID, SAML2Constants.IDP_ROLE); // The Assertion MUST be digitally signed or have a Message Authentication Code (MAC) applied by the issuer. diff --git a/openam-oauth2/src/main/java/org/forgerock/oauth2/core/ResourceOwnerSessionValidator.java b/openam-oauth2/src/main/java/org/forgerock/oauth2/core/ResourceOwnerSessionValidator.java index 32bffaceeb..34a74f1a5e 100644 --- a/openam-oauth2/src/main/java/org/forgerock/oauth2/core/ResourceOwnerSessionValidator.java +++ b/openam-oauth2/src/main/java/org/forgerock/oauth2/core/ResourceOwnerSessionValidator.java @@ -11,13 +11,9 @@ * Header, with the fields enclosed by brackets [] replaced by your own identifying * information: "Portions copyright [year] [name of copyright owner]". * -<<<<<<< HEAD * Copyright 2014-2016 ForgeRock AS. -======= - * Copyright 2014 ForgeRock AS. * Portions Copyrighted 2019 Open Source Solution Technology Corporation ->>>>>>> 675e7a8ddd... Issue #42 acr_values not working if the user is login in more than one chain (#101) -* Portions copyright 2025 3A Systems LLC. + * Portions copyright 2025 3A Systems LLC. */ package org.forgerock.oauth2.core; diff --git a/openam-schema/openam-idsvcs-schema/src/license/THIRD-PARTY.properties b/openam-schema/openam-idsvcs-schema/src/license/THIRD-PARTY.properties index 6e5422a87d..69b70f8457 100644 --- a/openam-schema/openam-idsvcs-schema/src/license/THIRD-PARTY.properties +++ b/openam-schema/openam-idsvcs-schema/src/license/THIRD-PARTY.properties @@ -1,4 +1,5 @@ # Generated by org.codehaus.mojo.license.AddThirdPartyMojo +# Portions Copyrighted 2026 3A Systems, LLC. #------------------------------------------------------------------------------- # Already used licenses in project : # - Apache Software License, Version 2.0 @@ -17,8 +18,6 @@ # #Wed Dec 23 14:33:39 GMT 2015 com.sun.msv.datatype.xsd--xsdlib--20060615=CDDL -com.sun.xml.bind--jaxb-libs--1.0.6=CDDL -com.sun.xml.bind--jaxb1-impl--2.0.2=CDDL com.sun.xml.rpc--jaxrpc-spi--1.1.3_01=CDDL external--jaxrpc-impl--1.1.3_01-041406=CDDL isorelax--isorelax--20030108=MIT diff --git a/openam-schema/openam-jaxrpc-schema/src/license/THIRD-PARTY.properties b/openam-schema/openam-jaxrpc-schema/src/license/THIRD-PARTY.properties index 8a9c2e17fe..0873767495 100644 --- a/openam-schema/openam-jaxrpc-schema/src/license/THIRD-PARTY.properties +++ b/openam-schema/openam-jaxrpc-schema/src/license/THIRD-PARTY.properties @@ -1,4 +1,5 @@ # Generated by org.codehaus.mojo.license.AddThirdPartyMojo +# Portions Copyrighted 2026 3A Systems, LLC. #------------------------------------------------------------------------------- # Already used licenses in project : # - Apache Software License, Version 2.0 @@ -26,10 +27,6 @@ com.iplanet.jato--jato--2005-05-04=CDDL com.sleepycat--je--5.0.104=SleepyCat com.sun.msv.datatype.xsd--xsdlib--20060615=CDDL com.sun.web.ui--cc--2008-08-08=CDDL -com.sun.xml.bind--jaxb-impl--1.0.6=CDDL -com.sun.xml.bind--jaxb-libs--1.0.6=CDDL -com.sun.xml.bind--jaxb-xjc--1.0.6=CDDL -com.sun.xml.bind--jaxb1-impl--2.0.2=CDDL com.sun.xml.rpc--jaxrpc-spi--1.1.3_01=CDDL external--esapiport--2013-12-04=BSD external--jaxrpc-impl--1.1.3_01-041406=CDDL diff --git a/openam-schema/openam-liberty-schema/pom.xml b/openam-schema/openam-liberty-schema/pom.xml index 15c95cf144..24c4eec5b7 100644 --- a/openam-schema/openam-liberty-schema/pom.xml +++ b/openam-schema/openam-liberty-schema/pom.xml @@ -13,6 +13,7 @@ * information: "Portions copyright [year] [name of copyright owner]". * * Copyright 2011-2016 ForgeRock AS. + * Portions copyright 2026 3A Systems LLC --> 4.0.0 @@ -33,6 +34,38 @@ + + org.jvnet.jaxb + jaxb-maven-plugin + + + + generate + + + + + src/main/xsd + + lib-id-sis-pp.xsd + lib-arch-metadata.xsd + idff-entity-config-schema.xsd + lib-arch-disco-svc.xsd + lib-arch-interact-svc.xsd + lib-arch-paos.xsd + lib-arch-soap-binding.xsd + lib-arch-security-fmwk.xsd + secext.xsd + discoentry.xsd + ppextension.xsd + lib-idwsf-authn-svc.xsd + liberty-idwsf-disco-svc-v1.1.xsd + liberty-idwsf-soap-binding-v1.1.xsd + + src/main/xjb + true + + - + + + + + + + @@ -69,6 +84,22 @@ + + + + + + + + + + + + + + + + @@ -96,6 +127,32 @@ + + + + + + + + + + + + + + + + + + + + + + @@ -110,6 +167,12 @@ + + + + + + @@ -124,6 +187,28 @@ + + + + + + + + + + + + + + + + + + + + + + @@ -138,6 +223,12 @@ + + + + + + @@ -222,6 +313,130 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -291,6 +506,12 @@ + + + + + + @@ -305,6 +526,9 @@ + + + diff --git a/openam-schema/openam-liberty-schema/src/main/xsd/idff-entity-config-schema.xsd b/openam-schema/openam-liberty-schema/src/main/xsd/idff-entity-config-schema.xsd index 23ce5e318e..7b30080046 100644 --- a/openam-schema/openam-liberty-schema/src/main/xsd/idff-entity-config-schema.xsd +++ b/openam-schema/openam-liberty-schema/src/main/xsd/idff-entity-config-schema.xsd @@ -23,6 +23,8 @@ your own identifying information: "Portions Copyrighted [year] [name of copyright owner]" + Portions Copyrighted 2026 3A Systems LLC + $Id: idff-entity-config-schema.xsd,v 1.2 2008/06/25 05:48:40 qcheng Exp $ --> @@ -58,7 +60,7 @@ - + diff --git a/openam-schema/openam-saml2-schema/pom.xml b/openam-schema/openam-saml2-schema/pom.xml index 3d4f9a113f..79aee13d9b 100644 --- a/openam-schema/openam-saml2-schema/pom.xml +++ b/openam-schema/openam-saml2-schema/pom.xml @@ -13,6 +13,7 @@ * information: "Portions copyright [year] [name of copyright owner]". * * Copyright 2011-2016 ForgeRock AS. + * Portions copyright 2026 3A Systems LLC --> 4.0.0 @@ -33,6 +34,34 @@ + + org.jvnet.jaxb + jaxb-maven-plugin + + + xjc-saml2 + + generate + + + + + src/main/xsd + + entity-config-schema.xsd + saml-schema-assertion-2.0.xsd + saml-schema-metadata-2.0.xsd + schema.xsd + sstc-saml-metadata-ext-query.xsd + sstc-saml-metadata-x509-query.xsd + sstc-metadata-attr.xsd + sstc-saml-attribute-ext.xsd + sstc-saml-idp-discovery.xsd + + src/main/xjb + true + + - + + + + + + + + @@ -45,6 +61,9 @@ + + + @@ -58,6 +77,12 @@ + + + + + + @@ -71,6 +96,12 @@ + + + + + + @@ -84,6 +115,68 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -97,6 +190,9 @@ + + + @@ -123,6 +219,36 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -136,6 +262,10 @@ + + + + diff --git a/openam-schema/openam-saml2-schema/src/main/xsd/entity-config-schema.xsd b/openam-schema/openam-saml2-schema/src/main/xsd/entity-config-schema.xsd index 935b5f54fa..bf94af3aa1 100644 --- a/openam-schema/openam-saml2-schema/src/main/xsd/entity-config-schema.xsd +++ b/openam-schema/openam-saml2-schema/src/main/xsd/entity-config-schema.xsd @@ -23,6 +23,8 @@ your own identifying information: "Portions Copyrighted [year] [name of copyright owner]" + Portions copyright 2026 3A Systems LLC + $Id: entity-config-schema.xsd,v 1.4 2008/06/25 05:48:43 qcheng Exp $ --> @@ -70,7 +72,7 @@ - + diff --git a/openam-schema/openam-saml2-schema/src/main/xsd/schema.xsd b/openam-schema/openam-saml2-schema/src/main/xsd/schema.xsd index 6702c7d90f..db956f8d09 100644 --- a/openam-schema/openam-saml2-schema/src/main/xsd/schema.xsd +++ b/openam-schema/openam-saml2-schema/src/main/xsd/schema.xsd @@ -1,6 +1,6 @@ +xmlns:jaxb="https://jakarta.ee/xml/ns/jaxb" +jaxb:version="3.0"> diff --git a/openam-schema/openam-wsfederation-schema/pom.xml b/openam-schema/openam-wsfederation-schema/pom.xml index e6be4239c0..50295ba277 100644 --- a/openam-schema/openam-wsfederation-schema/pom.xml +++ b/openam-schema/openam-wsfederation-schema/pom.xml @@ -13,6 +13,7 @@ * information: "Portions copyright [year] [name of copyright owner]". * * Copyright 2011-2016 ForgeRock AS. + * Portions copyright 2026 3A Systems LLC --> 4.0.0 @@ -33,6 +34,23 @@ + + org.jvnet.jaxb + jaxb-maven-plugin + + + xjc-wsfederation + + generate + + + + + src/main/xsd + src/main/xjb + true + + - + + + + + + + + + + + @@ -40,6 +62,12 @@ + + + + + + @@ -66,6 +94,9 @@ + + + @@ -79,6 +110,9 @@ + + + @@ -92,6 +126,12 @@ + + + + + + @@ -105,6 +145,76 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -118,6 +228,30 @@ + + + + + + + + + + + + + + + + + + + + + + + + @@ -131,5 +265,19 @@ + + + + + + + + + + + + + + diff --git a/openam-schema/openam-wsfederation-schema/src/main/xsd/entity-config-schema.xsd b/openam-schema/openam-wsfederation-schema/src/main/xsd/entity-config-schema.xsd index fe8c842755..1367a57a4e 100644 --- a/openam-schema/openam-wsfederation-schema/src/main/xsd/entity-config-schema.xsd +++ b/openam-schema/openam-wsfederation-schema/src/main/xsd/entity-config-schema.xsd @@ -25,6 +25,8 @@ $Id: entity-config-schema.xsd,v 1.3 2009/05/04 18:21:06 exu Exp $ + Portions Copyrighted 2026 3A Systems LLC + --> @@ -56,7 +58,7 @@ - + diff --git a/openam-schema/openam-wsfederation-schema/src/main/xsd/schema.xsd b/openam-schema/openam-wsfederation-schema/src/main/xsd/schema.xsd new file mode 100644 index 0000000000..750623780c --- /dev/null +++ b/openam-schema/openam-wsfederation-schema/src/main/xsd/schema.xsd @@ -0,0 +1,27 @@ + + + + + + + + + + + diff --git a/openam-schema/openam-xacml3-schema/pom.xml b/openam-schema/openam-xacml3-schema/pom.xml index 392f288a1d..cd215dd674 100644 --- a/openam-schema/openam-xacml3-schema/pom.xml +++ b/openam-schema/openam-xacml3-schema/pom.xml @@ -13,6 +13,7 @@ * information: "Portions copyright [year] [name of copyright owner]". * * Copyright 2011-2016 ForgeRock AS. + * Portions copyright 2026 3A Systems LLC --> 4.0.0 @@ -79,17 +80,5 @@ wsit-impl - - javax.xml.bind - jaxb-api - - - com.sun.xml.bind - jaxb-core - - - com.sun.xml.bind - jaxb-impl - diff --git a/openam-schema/openam-xacml3-schema/src/license/THIRD-PARTY.properties b/openam-schema/openam-xacml3-schema/src/license/THIRD-PARTY.properties index af6536ec82..8ccfdf850f 100644 --- a/openam-schema/openam-xacml3-schema/src/license/THIRD-PARTY.properties +++ b/openam-schema/openam-xacml3-schema/src/license/THIRD-PARTY.properties @@ -1,4 +1,5 @@ # Generated by org.codehaus.mojo.license.AddThirdPartyMojo +# Portions Copyrighted 2026 3A Systems, LLC. #------------------------------------------------------------------------------- # Already used licenses in project : # - Apache Software License, Version 2.0 @@ -12,6 +13,5 @@ # #Mon Jan 26 14:49:23 CET 2015 com.sun.msv.datatype.xsd--xsdlib--20060615=CDDL -com.sun.xml.bind--jaxb-libs--1.0.6=CDDL isorelax--isorelax--20030108=MIT relaxngDatatype--relaxngDatatype--20020414=BSD diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Advice.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Advice.java index 6277faa639..faaae35a05 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Advice.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Advice.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -37,12 +39,12 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AdviceExpression.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AdviceExpression.java index bf07352011..91310146c7 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AdviceExpression.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AdviceExpression.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC * */ @@ -38,12 +40,12 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AdviceExpressions.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AdviceExpressions.java index 73983443d1..83e3d3d573 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AdviceExpressions.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AdviceExpressions.java @@ -22,11 +22,13 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 // See http://java.sun.com/xml/jaxb // Any modifications to this file will be lost upon recompilation of the source schema. // Generated on: 2013.01.21 at 10:40:04 AM PST @@ -37,10 +39,10 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AllOf.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AllOf.java index 5c39ca012b..39b228614a 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AllOf.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AllOf.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -38,10 +40,10 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AnyOf.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AnyOf.java index 26950e2c49..3167167e3f 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AnyOf.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AnyOf.java @@ -22,11 +22,13 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 // See http://java.sun.com/xml/jaxb // Any modifications to this file will be lost upon recompilation of the source schema. // Generated on: 2013.01.21 at 10:40:04 AM PST @@ -37,10 +39,10 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Apply.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Apply.java index 215cde2d23..e097899a46 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Apply.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Apply.java @@ -22,11 +22,13 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 // See http://java.sun.com/xml/jaxb // Any modifications to this file will be lost upon recompilation of the source schema. // Generated on: 2013.01.21 at 10:40:04 AM PST @@ -37,14 +39,14 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlElementRef; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlElementRef; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AssociatedAdvice.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AssociatedAdvice.java index 49d8758ec3..775a9909c1 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AssociatedAdvice.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AssociatedAdvice.java @@ -22,11 +22,13 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 // See http://java.sun.com/xml/jaxb // Any modifications to this file will be lost upon recompilation of the source schema. // Generated on: 2013.01.21 at 10:40:04 AM PST @@ -37,10 +39,10 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Attribute.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Attribute.java index 07482da934..750234d121 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Attribute.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Attribute.java @@ -22,11 +22,13 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 // See http://java.sun.com/xml/jaxb // Any modifications to this file will be lost upon recompilation of the source schema. // Generated on: 2013.01.21 at 10:40:04 AM PST @@ -37,12 +39,12 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributeAssignment.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributeAssignment.java index ce923c10fe..41914c022a 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributeAssignment.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributeAssignment.java @@ -22,11 +22,13 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 // See http://java.sun.com/xml/jaxb // Any modifications to this file will be lost upon recompilation of the source schema. // Generated on: 2013.01.21 at 10:40:04 AM PST @@ -35,11 +37,11 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributeAssignmentExpression.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributeAssignmentExpression.java index 88850be23e..921238b127 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributeAssignmentExpression.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributeAssignmentExpression.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,13 +37,13 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElementRef; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlElementRef; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributeDesignator.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributeDesignator.java index 32e94bcc3a..47d6a8e3e5 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributeDesignator.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributeDesignator.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,11 +37,11 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributeSelector.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributeSelector.java index 5dcb1d0b64..fe8000ac68 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributeSelector.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributeSelector.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,11 +37,11 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributeValue.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributeValue.java index 97be976e21..133cd7014a 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributeValue.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributeValue.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -39,15 +41,15 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAnyAttribute; -import javax.xml.bind.annotation.XmlAnyElement; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlMixed; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlSeeAlso; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAnyAttribute; +import jakarta.xml.bind.annotation.XmlAnyElement; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlMixed; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlSeeAlso; +import jakarta.xml.bind.annotation.XmlType; import javax.xml.namespace.QName; import org.w3c.dom.Element; diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Attributes.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Attributes.java index 6d9d2929a9..3dd4e56592 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Attributes.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Attributes.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -37,15 +39,15 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlID; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; -import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; -import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlID; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.adapters.CollapsedStringAdapter; +import jakarta.xml.bind.annotation.adapters.XmlJavaTypeAdapter; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributesReference.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributesReference.java index 5704449bc9..0e67239cce 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributesReference.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/AttributesReference.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,12 +37,12 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlIDREF; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlIDREF; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/CombinerParameter.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/CombinerParameter.java index 59d0b9a48e..7238138630 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/CombinerParameter.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/CombinerParameter.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,11 +37,11 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/CombinerParameters.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/CombinerParameters.java index f196797bf7..3dbf112a69 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/CombinerParameters.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/CombinerParameters.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -37,11 +39,11 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlSeeAlso; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlSeeAlso; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Condition.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Condition.java index 08ed7ff8dc..c2cddbb943 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Condition.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Condition.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,11 +37,11 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElementRef; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlElementRef; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Content.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Content.java index 252f5f69c0..779f580f4e 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Content.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Content.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -37,11 +39,11 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAnyElement; -import javax.xml.bind.annotation.XmlMixed; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAnyElement; +import jakarta.xml.bind.annotation.XmlMixed; +import jakarta.xml.bind.annotation.XmlType; import org.w3c.dom.Element; diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/DecisionType.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/DecisionType.java index afc584bc0d..4edc88c4ef 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/DecisionType.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/DecisionType.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,9 +37,9 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlEnum; -import javax.xml.bind.annotation.XmlEnumValue; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlEnum; +import jakarta.xml.bind.annotation.XmlEnumValue; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Defaults.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Defaults.java index a2c488d435..441d699dcf 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Defaults.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Defaults.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,11 +37,11 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/EffectType.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/EffectType.java index 87c06e462d..8c108298ca 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/EffectType.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/EffectType.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,9 +37,9 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlEnum; -import javax.xml.bind.annotation.XmlEnumValue; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlEnum; +import jakarta.xml.bind.annotation.XmlEnumValue; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Expression.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Expression.java index 74f7a27a05..c140fd31b1 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Expression.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Expression.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,10 +37,10 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlSeeAlso; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlSeeAlso; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Function.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Function.java index 43666765b7..e908a20321 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Function.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Function.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,11 +37,11 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/IdReference.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/IdReference.java index eb7ae166cc..1bb472d49b 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/IdReference.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/IdReference.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,12 +37,12 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; -import javax.xml.bind.annotation.XmlValue; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlValue; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Match.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Match.java index f41d9b18b2..a5d8d68a9d 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Match.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Match.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,12 +37,12 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/MissingAttributeDetail.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/MissingAttributeDetail.java index ec6bd68508..e1e924b63c 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/MissingAttributeDetail.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/MissingAttributeDetail.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -37,12 +39,12 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/MultiRequests.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/MultiRequests.java index c63e4d697b..ea021a4bef 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/MultiRequests.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/MultiRequests.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -37,10 +39,10 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/ObjectFactory.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/ObjectFactory.java index fbc445ed9c..8e593b7072 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/ObjectFactory.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/ObjectFactory.java @@ -21,6 +21,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -34,9 +36,9 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.annotation.XmlElementDecl; -import javax.xml.bind.annotation.XmlRegistry; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.annotation.XmlElementDecl; +import jakarta.xml.bind.annotation.XmlRegistry; import javax.xml.namespace.QName; diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Obligation.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Obligation.java index 0877463212..5917e370e4 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Obligation.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Obligation.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -37,12 +39,12 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/ObligationExpression.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/ObligationExpression.java index d6326ea5a2..05a9bcf14a 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/ObligationExpression.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/ObligationExpression.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -37,12 +39,12 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/ObligationExpressions.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/ObligationExpressions.java index 23bd3aa6ae..b23eee6d19 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/ObligationExpressions.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/ObligationExpressions.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -37,10 +39,10 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Obligations.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Obligations.java index fb04fb9566..6da60e4eca 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Obligations.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Obligations.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -37,10 +39,10 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Policy.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Policy.java index 9cf0341eaa..59828186e0 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Policy.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Policy.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -38,13 +40,13 @@ import java.math.BigInteger; import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlElements; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlElements; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/PolicyCombinerParameters.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/PolicyCombinerParameters.java index b3068f003d..b92c55fb28 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/PolicyCombinerParameters.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/PolicyCombinerParameters.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,11 +37,11 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/PolicyIdentifierList.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/PolicyIdentifierList.java index 9cfe6fabe1..e92986d091 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/PolicyIdentifierList.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/PolicyIdentifierList.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -37,12 +39,12 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElementRef; -import javax.xml.bind.annotation.XmlElementRefs; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlElementRef; +import jakarta.xml.bind.annotation.XmlElementRefs; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/PolicyIssuer.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/PolicyIssuer.java index c8cee12fd1..a9c19abaad 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/PolicyIssuer.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/PolicyIssuer.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -37,10 +39,10 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/PolicySet.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/PolicySet.java index 5ebf8759a6..2c5e66c8cf 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/PolicySet.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/PolicySet.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -38,15 +40,15 @@ import java.math.BigInteger; import java.util.ArrayList; import java.util.List; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlElementRef; -import javax.xml.bind.annotation.XmlElementRefs; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlElementRef; +import jakarta.xml.bind.annotation.XmlElementRefs; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/PolicySetCombinerParameters.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/PolicySetCombinerParameters.java index eb022c29df..3f78b9ff53 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/PolicySetCombinerParameters.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/PolicySetCombinerParameters.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,11 +37,11 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Request.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Request.java index 4f53ae4a2c..15b1b12845 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Request.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Request.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -38,17 +40,17 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlType; - -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlType; + +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/RequestDefaults.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/RequestDefaults.java index e196d7f2bf..9f4784bcdc 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/RequestDefaults.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/RequestDefaults.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,11 +37,11 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/RequestReference.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/RequestReference.java index b6df15535b..c8a64a021a 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/RequestReference.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/RequestReference.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -37,10 +39,10 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Response.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Response.java index 525b723ec1..661b465769 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Response.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Response.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -38,7 +40,7 @@ import java.util.ArrayList; import java.util.Iterator; import java.util.List; -import javax.xml.bind.annotation.*; +import jakarta.xml.bind.annotation.*; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Result.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Result.java index 6abfd20a33..f1351cf93e 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Result.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Result.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -38,10 +40,10 @@ import java.util.ArrayList; import java.util.Iterator; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Rule.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Rule.java index c7dcb482a7..4c9fe3b6ef 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Rule.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Rule.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,11 +37,11 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/RuleCombinerParameters.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/RuleCombinerParameters.java index 0b8e035976..7b687339dd 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/RuleCombinerParameters.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/RuleCombinerParameters.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,10 +37,10 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Status.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Status.java index 82827fc057..fa9203cc22 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Status.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Status.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,10 +37,10 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/StatusCode.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/StatusCode.java index a4225edaa4..bed6f15111 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/StatusCode.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/StatusCode.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,12 +37,12 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlSchemaType; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlSchemaType; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/StatusDetail.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/StatusDetail.java index 113d1a91ff..42cf2d7a9e 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/StatusDetail.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/StatusDetail.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -38,10 +40,10 @@ import java.util.ArrayList; import java.util.Iterator; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAnyElement; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAnyElement; +import jakarta.xml.bind.annotation.XmlType; import org.w3c.dom.Element; diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Target.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Target.java index 1151f3abeb..8f7faba580 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Target.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Target.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -37,10 +39,10 @@ import java.util.ArrayList; import java.util.List; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlElement; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlElement; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/VariableDefinition.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/VariableDefinition.java index 6c5c55fcb2..ad4418ceff 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/VariableDefinition.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/VariableDefinition.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,12 +37,12 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlElementRef; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.JAXBElement; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlElementRef; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/VariableReference.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/VariableReference.java index 6edea28b40..9be78757d2 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/VariableReference.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/VariableReference.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,10 +37,10 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlAttribute; -import javax.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlAttribute; +import jakarta.xml.bind.annotation.XmlType; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Version.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Version.java index 2f8d43c58b..6dd92be68a 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Version.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/Version.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,10 +37,10 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlType; -import javax.xml.bind.annotation.XmlValue; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlValue; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/VersionMatch.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/VersionMatch.java index b388255629..18e0f08378 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/VersionMatch.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/VersionMatch.java @@ -22,6 +22,8 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -35,10 +37,10 @@ package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlAccessType; -import javax.xml.bind.annotation.XmlAccessorType; -import javax.xml.bind.annotation.XmlType; -import javax.xml.bind.annotation.XmlValue; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlType; +import jakarta.xml.bind.annotation.XmlValue; /** diff --git a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/package-info.java b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/package-info.java index 03436e8ad7..caacc49003 100644 --- a/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/package-info.java +++ b/openam-schema/openam-xacml3-schema/src/main/java/com/sun/identity/entitlement/xacml3/core/package-info.java @@ -21,6 +21,7 @@ * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" + * Portions Copyrighted 2026 3A Systems LLC. * */ @@ -31,18 +32,18 @@ // Generated on: 2013.01.21 at 10:40:04 AM PST // -@javax.xml.bind.annotation.XmlSchema( namespace = "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17", +@jakarta.xml.bind.annotation.XmlSchema( namespace = "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17", xmlns = { - @javax.xml.bind.annotation.XmlNs(prefix = "xacml", + @jakarta.xml.bind.annotation.XmlNs(prefix = "xacml", namespaceURI = "classpath:xsd/xacml-core-v3-schema-wd-17.xsd"), - @javax.xml.bind.annotation.XmlNs(prefix = "xacml3", + @jakarta.xml.bind.annotation.XmlNs(prefix = "xacml3", namespaceURI = "classpath:xsd/xacml-core-v3-schema-wd-17.xsd"), - @javax.xml.bind.annotation.XmlNs(prefix = "xacml-context", + @jakarta.xml.bind.annotation.XmlNs(prefix = "xacml-context", namespaceURI = "classpath:xsd/xacml-core-v3-schema-wd-17.xsd"), - @javax.xml.bind.annotation.XmlNs(prefix = "xacml-ctx", + @jakarta.xml.bind.annotation.XmlNs(prefix = "xacml-ctx", namespaceURI = "classpath:xsd/xacml-core-v3-schema-wd-17.xsd") }, elementFormDefault = XmlNsForm.QUALIFIED) package com.sun.identity.entitlement.xacml3.core; -import javax.xml.bind.annotation.XmlNsForm; +import jakarta.xml.bind.annotation.XmlNsForm; diff --git a/openam-schema/pom.xml b/openam-schema/pom.xml index f9669ab9ed..3fc254d2a1 100755 --- a/openam-schema/pom.xml +++ b/openam-schema/pom.xml @@ -13,6 +13,7 @@ * information: "Portions copyright [year] [name of copyright owner]". * * Copyright 2011-2016 ForgeRock AS. + * Portions Copyrighted 2026 3A Systems, LLC --> 4.0.0 @@ -30,6 +31,15 @@ openam-schema pom + + + none + true + + openam-mib-schema diff --git a/openam-server-only/src/main/webapp/WEB-INF/template/sms/serverdefaults.properties b/openam-server-only/src/main/webapp/WEB-INF/template/sms/serverdefaults.properties index 903cf773ad..911320b2e3 100644 --- a/openam-server-only/src/main/webapp/WEB-INF/template/sms/serverdefaults.properties +++ b/openam-server-only/src/main/webapp/WEB-INF/template/sms/serverdefaults.properties @@ -188,8 +188,6 @@ com.sun.identity.console.service.model.SMDiscoEntryData,\ com.sun.identity.console.session.model.SMSessionData,\ com.sun.identity.console.user.model.UMUserPasswordResetOptionsData,\ com.sun.identity.shared.datastruct.OrderedSet,\ -com.sun.xml.bind.util.ListImpl,\ -com.sun.xml.bind.util.ProxyListImpl,\ java.lang.Boolean,\ java.lang.Integer,\ java.lang.Number,\ diff --git a/openam-server-only/src/main/webapp/saml2/jsp/SA_IDP.jsp b/openam-server-only/src/main/webapp/saml2/jsp/SA_IDP.jsp index 19209a6a49..0b7824bfe3 100644 --- a/openam-server-only/src/main/webapp/saml2/jsp/SA_IDP.jsp +++ b/openam-server-only/src/main/webapp/saml2/jsp/SA_IDP.jsp @@ -25,6 +25,7 @@ $Id: SA_IDP.jsp,v 1.10 2009/06/24 00:22:44 sean_brydon Exp $ Portions Copyrighted 2013-2015 ForgeRock AS. + Portions Copyrighted 2026 3A Systems LLC. --%> <%@ page language="java" @@ -77,11 +78,11 @@ org.owasp.esapi.ESAPI" SPSSODescriptorElement spDesc = mm.getSPSSODescriptor(realm, tempspId); Iterator acsIter = - spDesc.getAssertionConsumerService().iterator(); + spDesc.getValue().getAssertionConsumerService().iterator(); while (acsIter.hasNext()) { AssertionConsumerServiceElement acs = (AssertionConsumerServiceElement) acsIter.next(); - if (acs.getLocation().indexOf(targetHost) != -1) { + if (acs.getValue().getLocation().indexOf(targetHost) != -1) { return tempspId; } } diff --git a/openam-server-only/src/main/webapp/saml2/jsp/SA_SP.jsp b/openam-server-only/src/main/webapp/saml2/jsp/SA_SP.jsp index 51f7504b9d..eb5b04d30c 100644 --- a/openam-server-only/src/main/webapp/saml2/jsp/SA_SP.jsp +++ b/openam-server-only/src/main/webapp/saml2/jsp/SA_SP.jsp @@ -25,6 +25,7 @@ $Id: SA_SP.jsp,v 1.8 2009/02/26 23:57:19 exu Exp $ Portions Copyrighted 2013 ForgeRock AS + Portions Copyrighted 2026 3A Systems LLC. --%> <%@ page language="java" @@ -163,7 +164,7 @@ org.owasp.esapi.ESAPI" // get attr list from configuration SPSSOConfigElement spConfig = mm.getSPSSOConfig(realm, spEntityId); if (spConfig != null) { - Map attrs = SAML2MetaUtils.getAttributes(spConfig); + Map attrs = SAML2MetaUtils.getAttributes(spConfig.getValue()); if (attrs != null) { List value = (List) attrs.get(SAML2Constants.ATTRIBUTE_MAP); if (value != null && !value.isEmpty()) { diff --git a/openam-server-only/src/main/webapp/saml2/jsp/spSingleLogoutInit.jsp b/openam-server-only/src/main/webapp/saml2/jsp/spSingleLogoutInit.jsp index f7838f80ee..a0a69a85ae 100644 --- a/openam-server-only/src/main/webapp/saml2/jsp/spSingleLogoutInit.jsp +++ b/openam-server-only/src/main/webapp/saml2/jsp/spSingleLogoutInit.jsp @@ -25,6 +25,7 @@ $Id: spSingleLogoutInit.jsp,v 1.13 2009/10/15 00:01:11 exu Exp $ Portions Copyrighted 2012-2016 ForgeRock AS. + Portions Copyrighted 2026 3A Systems LLC. --%> <%@ page import="com.sun.identity.plugin.session.SessionManager" %> @@ -150,7 +151,7 @@ SPSSOConfigElement spConfig = manager.getSPSSOConfig("/", spEntityID); if (spConfig != null) { - metaAlias = spConfig.getMetaAlias(); + metaAlias = spConfig.getValue().getMetaAlias(); } } } diff --git a/openam-server-only/src/main/webapp/wsfederation/jsp/realmSelection.jsp b/openam-server-only/src/main/webapp/wsfederation/jsp/realmSelection.jsp index cf6f48eb55..3b1e84ef88 100644 --- a/openam-server-only/src/main/webapp/wsfederation/jsp/realmSelection.jsp +++ b/openam-server-only/src/main/webapp/wsfederation/jsp/realmSelection.jsp @@ -25,6 +25,8 @@ $Id: realmSelection.jsp,v 1.10 2009/10/29 00:00:00 exu Exp $ Portions Copyrighted 2013-2016 ForgeRock AS. + Portions Copyrighted 2026 3A Systems LLC. + --%> <%@page @@ -71,7 +73,7 @@ String spRealm = WSFederationMetaUtils.getRealmByMetaAlias(spMetaAlias); Map> spConfig = WSFederationMetaUtils.getAttributes( - metaManager.getSPSSOConfig(spRealm,spEntityId)); + metaManager.getSPSSOConfig(spRealm,spEntityId).getValue()); String accountRealmCookieName = spConfig.get(WSFederationConstants.ACCOUNT_REALM_COOKIE_NAME).get(0); @@ -225,7 +227,7 @@ getTokenIssuerName(idp); String displayName = - WSFederationMetaUtils.getAttribute(idpconfig, + WSFederationMetaUtils.getAttribute(idpconfig.getValue(), WSFederationConstants.DISPLAY_NAME); if (debug.messageEnabled()) { diff --git a/openam-shared/pom.xml b/openam-shared/pom.xml index 3bb2fd2fbc..d8ba697765 100755 --- a/openam-shared/pom.xml +++ b/openam-shared/pom.xml @@ -138,6 +138,16 @@ joda-time + + + jakarta.xml.bind + jakarta.xml.bind-api + + + org.glassfish.jaxb + jaxb-runtime + + org.openidentityplatform.commons test-utils diff --git a/openam-shared/src/main/java/com/sun/identity/shared/xml/XMLUtils.java b/openam-shared/src/main/java/com/sun/identity/shared/xml/XMLUtils.java index 472d6b2f28..995477053c 100644 --- a/openam-shared/src/main/java/com/sun/identity/shared/xml/XMLUtils.java +++ b/openam-shared/src/main/java/com/sun/identity/shared/xml/XMLUtils.java @@ -47,7 +47,7 @@ import org.xml.sax.SAXException; import org.xml.sax.SAXParseException; -import javax.xml.bind.JAXBException; +import jakarta.xml.bind.JAXBException; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.SAXParser; diff --git a/openam-shared/src/main/java/org/forgerock/openam/utils/IOUtils.java b/openam-shared/src/main/java/org/forgerock/openam/utils/IOUtils.java index 61e4198eb0..83ea6634ad 100644 --- a/openam-shared/src/main/java/org/forgerock/openam/utils/IOUtils.java +++ b/openam-shared/src/main/java/org/forgerock/openam/utils/IOUtils.java @@ -12,6 +12,7 @@ * information: "Portions copyright [year] [name of copyright owner]". * * Copyright 2011-2015 ForgeRock AS. + * Portions Copyrighted 2026 3A Systems, LLC. */ package org.forgerock.openam.utils; @@ -289,8 +290,6 @@ private static class WhitelistObjectInputStream extends ObjectInputStream { "com.sun.identity.console.service.model.SMDiscoEntryData", "com.sun.identity.console.session.model.SMSessionData", "com.sun.identity.shared.datastruct.OrderedSet", - "com.sun.xml.bind.util.ListImpl", - "com.sun.xml.bind.util.ProxyListImpl", "java.lang.Boolean", "java.lang.Integer", "java.lang.Number", diff --git a/openam-shared/src/main/java/org/forgerock/openam/utils/Time.java b/openam-shared/src/main/java/org/forgerock/openam/utils/Time.java index 062a2717e2..2b0e9048ba 100644 --- a/openam-shared/src/main/java/org/forgerock/openam/utils/Time.java +++ b/openam-shared/src/main/java/org/forgerock/openam/utils/Time.java @@ -19,6 +19,7 @@ import java.util.Calendar; import java.util.Date; +import java.util.GregorianCalendar; import java.util.Iterator; import java.util.Locale; import java.util.ServiceLoader; @@ -28,6 +29,10 @@ import org.joda.time.DateTimeUtils; import org.slf4j.LoggerFactory; +import javax.xml.datatype.DatatypeConfigurationException; +import javax.xml.datatype.DatatypeFactory; +import javax.xml.datatype.XMLGregorianCalendar; + /** * The source of all time-based information in OpenAM. *

@@ -43,6 +48,24 @@ public enum Time implements DateTimeUtils.MillisProvider { private final TimeService timeService; + /** + * Lazy holder for the shared {@link DatatypeFactory}. Creating a factory is comparatively + * expensive and the instance is safe for concurrent {@code newXMLGregorianCalendar} calls, so + * it is created once. Deferring creation until the first {@code getXMLGregorianCalendarInstance} + * call keeps it off the {@code Time} class-initialization path (which nearly every code path + * touches), avoiding surprises from the JAXP factory lookup at class-load time. + */ + private static final class DatatypeFactoryHolder { + static final DatatypeFactory INSTANCE; + static { + try { + INSTANCE = DatatypeFactory.newInstance(); + } catch (DatatypeConfigurationException e) { + throw new ExceptionInInitializerError(e); + } + } + } + Time() { Iterator services = ServiceLoader.load(TimeService.class).iterator(); if (services.hasNext()) { @@ -148,4 +171,22 @@ private static Calendar setCalendarTime(Calendar calendar) { calendar.setTimeInMillis(currentTimeMillis()); return calendar; } + + public static XMLGregorianCalendar getXMLGregorianCalendarInstance() throws DatatypeConfigurationException { + + Calendar calendar = getCalendarInstance(); + + GregorianCalendar gCalendar = new GregorianCalendar(); + gCalendar.setTime(calendar.getTime()); + gCalendar.setTimeZone(calendar.getTimeZone()); + + return DatatypeFactoryHolder.INSTANCE.newXMLGregorianCalendar(gCalendar); + } + + public static XMLGregorianCalendar getXMLGregorianCalendarInstance(Date date) throws DatatypeConfigurationException { + GregorianCalendar gCalendar = new GregorianCalendar(); + gCalendar.setTime(date); + + return DatatypeFactoryHolder.INSTANCE.newXMLGregorianCalendar(gCalendar); + } } diff --git a/openam-sts/openam-common-sts/src/main/java/org/forgerock/openam/sts/token/CTSTokenIdGeneratorImpl.java b/openam-sts/openam-common-sts/src/main/java/org/forgerock/openam/sts/token/CTSTokenIdGeneratorImpl.java index 33e2db7bca..a0f849cbd8 100644 --- a/openam-sts/openam-common-sts/src/main/java/org/forgerock/openam/sts/token/CTSTokenIdGeneratorImpl.java +++ b/openam-sts/openam-common-sts/src/main/java/org/forgerock/openam/sts/token/CTSTokenIdGeneratorImpl.java @@ -12,7 +12,7 @@ * information: "Portions Copyrighted [year] [name of copyright owner]". * * Copyright 2015 ForgeRock AS. - * Portions Copyrighted 2025 3A Systems, LLC. + * Portions Copyrighted 2025-2026 3A Systems, LLC. */ package org.forgerock.openam.sts.token; @@ -27,7 +27,7 @@ import org.w3c.dom.NodeList; import jakarta.inject.Inject; -import javax.xml.bind.DatatypeConverter; +import jakarta.xml.bind.DatatypeConverter; import java.io.UnsupportedEncodingException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; diff --git a/pom.xml b/pom.xml index 0419a3fa53..a41185777b 100644 --- a/pom.xml +++ b/pom.xml @@ -96,8 +96,6 @@ 1.1 2.0.0 - 2.2.11 - 2.2.5-1 1.1 1.1.3_01 @@ -1728,6 +1726,16 @@ netty-tcnative-boringssl-static ${netty-tcnative-boringssl.version} + + jakarta.xml.bind + jakarta.xml.bind-api + 3.0.1 + + + org.glassfish.jaxb + jaxb-runtime + 3.0.2 + @@ -2155,6 +2163,11 @@ jaxb2-maven-plugin 3.2.0 + + org.jvnet.jaxb + jaxb-maven-plugin + 3.0.2 + org.codehaus.mojo build-helper-maven-plugin