// create tenant from configuration properties. We do not overwrite existing // tenants. private static void processTenant(CasIdmClient idmClient, String tenantName) throws Exception { // create tenant Tenant tenantToCreate = new Tenant(tenantName); tenantToCreate._issuerName = ServerConfig.getTenantEntityId(tenantName); IdmDataRemover.addTenant(tenantName); Tenant existingTenant = null; try { existingTenant = idmClient.getTenant(tenantName); assert (existingTenant != null); return; } catch (NoSuchTenantException ex) { idmClient.addTenant( tenantToCreate, ServerConfig.getTenantAdminUsername(), ServerConfig.getTenantAdminPassword().toCharArray()); } existingTenant = idmClient.getTenant(tenantName); assert (existingTenant != null); // add entity ID, clock tolerance, certificates and keys try { idmClient.setEntityID(tenantName, ServerConfig.getTenantEntityId(tenantName)); idmClient.setClockTolerance(tenantName, ServerConfig.getTenantClockTolerance(tenantName)); idmClient.setDelegationCount(tenantName, ServerConfig.getTenantDelegationCount(tenantName)); idmClient.setBrandName(tenantName, ServerConfig.getTenantBrandName(tenantName)); idmClient.setRenewCount(tenantName, ServerConfig.getTenantRenewCount(tenantName)); idmClient.setMaximumBearerTokenLifetime( tenantName, ServerConfig.getTenantMaximumBearerTokenLifetime(tenantName)); idmClient.setMaximumHoKTokenLifetime( tenantName, ServerConfig.getTenantMaximumHokTokenLifetime(tenantName)); KeyPair kp = readKeyStore(ServerConfig.getTenantCredentialDescriptor(tenantName)); idmClient.setTenantCredentials(tenantName, kp.getCertificateChain(), kp.getPrivateKey()); } catch (Exception e) { throw new IllegalStateException(e); } // create relying parties int i = 0; String rpName = ServerConfig.getRelyingParty(tenantName, i); while (rpName != null) { RelyingParty rp = processRelyingParty(idmClient, rpName); // add relying party info idmClient.addRelyingParty(tenantName, rp); i++; rpName = ServerConfig.getRelyingParty(tenantName, i); } // create identity stores int j = 0; String adProviderName = ServerConfig.getADProvider(tenantName, j); while (adProviderName != null) { IdentityStoreData adStore = processADProvider(idmClient, adProviderName); // add store info idmClient.addProvider(tenantName, adStore); j++; adProviderName = ServerConfig.getADProvider(tenantName, j); } }
// create relying party from configuration properties private static RelyingParty processRelyingParty(CasIdmClient idmClient, String rpName) throws Exception { // create relying party RelyingParty rp = new RelyingParty(rpName); // add certificate and other parameters try { rp.setUrl(ServerConfig.getRelyingPartyUrl(rpName)); rp.setAuthnRequestsSigned(ServerConfig.getRelyingPartyAuthnRequestsSigned(rpName)); KeyPair kp = readKeyStore(ServerConfig.getRelyingPartyCredentialDescriptor(rpName)); List<Certificate> certificateChain = kp.getCertificateChain(); // TODO change the Relaying Party to get a chain not only leaf // certificate assert certificateChain != null && certificateChain.size() > 0; rp.setCertificate(certificateChain.get(0)); } catch (Exception e) { logger.debug("processRelyingParty: Caught exception {}", e.toString()); throw new IllegalStateException(e); } // add Assertion Consumer Services int i = 0; ArrayList<AssertionConsumerService> services = new ArrayList<AssertionConsumerService>(); String acsName = ServerConfig.getAssertionConsumerService(rpName, i); while (acsName != null) { AssertionConsumerService acs = processAssertionConsumerService(idmClient, acsName); // store service data services.add(acs); i++; acsName = ServerConfig.getAssertionConsumerService(rpName, i); } // commit Assertion Consumer Services rp.setAssertionConsumerServices(services); // get default assertion consumer service String defaultService = ServerConfig.getDefaultAssertionConsumerService(rpName); rp.setDefaultAssertionConsumerService(defaultService); // add Single Logout Services i = 0; ArrayList<ServiceEndpoint> sloServices = new ArrayList<ServiceEndpoint>(); String sloName = ServerConfig.getSingleLogoutService(rpName, i); while (sloName != null) { ServiceEndpoint slo = processSingleLogoutService(idmClient, sloName); // store service data sloServices.add(slo); i++; sloName = ServerConfig.getSingleLogoutService(rpName, i); } // commit Single Logout Services rp.setSingleLogoutServices(sloServices); return rp; }