Search in sources :

Example 1 with AuthContext

use of com.sun.identity.authentication.AuthContext in project OpenAM by OpenRock.

the class Authenticator method ldapLogin.

SSOToken ldapLogin(CommandManager mgr, String bindUser, String bindPwd) throws CLIException {
    SSOToken ssoToken = null;
    IOutput outputWriter = mgr.getOutputWriter();
    ResourceBundle rb = mgr.getResourceBundle();
    if (mgr.isVerbose()) {
        outputWriter.printlnMessage(rb.getString("verbose-authenticating"));
    }
    String[] param = { bindUser };
    String installTime = SystemProperties.get(AdminTokenAction.AMADMIN_MODE, "false");
    if (installTime.equalsIgnoreCase("false")) {
        LogWriter.log(mgr, LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_LOGIN", param, null);
        try {
            AuthContext lc = sessionBasedLoginInternal(mgr, bindUser, bindPwd);
            ssoToken = lc.getSSOToken();
            mgr.registerSSOToken(ssoToken);
        } catch (Exception e) {
            ssoToken = ldapLoginInternal(mgr, bindUser, bindPwd);
        }
    }
    /*
         * Even if installTime is false, ssoToken could be null if none of
         * the OpenSSO servers are running.
         * Hence check for ssoToken and use local AuthContext
         */
    if (ssoToken == null) {
        ssoToken = ldapLoginInternal(mgr, bindUser, bindPwd);
    }
    LogWriter.log(mgr, LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_LOGIN", param, null);
    if (mgr.isVerbose()) {
        outputWriter.printlnMessage(rb.getString("verbose-authenticated"));
    }
    return ssoToken;
}
Also used : SSOToken(com.iplanet.sso.SSOToken) AuthContext(com.sun.identity.authentication.AuthContext) ResourceBundle(java.util.ResourceBundle) LoginException(javax.security.auth.login.LoginException) InvalidAuthContextException(com.sun.identity.authentication.internal.InvalidAuthContextException) SSOException(com.iplanet.sso.SSOException)

Example 2 with AuthContext

use of com.sun.identity.authentication.AuthContext in project OpenAM by OpenRock.

the class Authenticator method getAuthContext.

private AuthContext getAuthContext(CommandManager mgr, String strIndexType, String indexName) throws CLIException {
    try {
        AuthContext lc = new AuthContext("/");
        AuthContext.IndexType indexType = null;
        if (strIndexType.equalsIgnoreCase("module_instance")) {
            indexType = AuthContext.IndexType.MODULE_INSTANCE;
        } else if (strIndexType.equalsIgnoreCase("service")) {
            indexType = AuthContext.IndexType.SERVICE;
        } else if (strIndexType.equalsIgnoreCase("user")) {
            indexType = AuthContext.IndexType.USER;
        } else if (strIndexType.equalsIgnoreCase("role")) {
            indexType = AuthContext.IndexType.ROLE;
        } else if (strIndexType.equalsIgnoreCase("level")) {
            indexType = AuthContext.IndexType.LEVEL;
        } else if (strIndexType.equalsIgnoreCase("composite_advice")) {
            indexType = AuthContext.IndexType.COMPOSITE_ADVICE;
        } else if (strIndexType.equalsIgnoreCase("resource")) {
            indexType = AuthContext.IndexType.RESOURCE;
        }
        lc.login(indexType, indexName);
        return lc;
    } catch (LoginException le) {
        ResourceBundle rb = mgr.getResourceBundle();
        throw new CLIException(rb.getString("exception-LDAP-login-failed"), ExitCodes.SESSION_BASED_LOGIN_FAILED);
    }
}
Also used : AuthContext(com.sun.identity.authentication.AuthContext) LoginException(javax.security.auth.login.LoginException) ResourceBundle(java.util.ResourceBundle)

Example 3 with AuthContext

use of com.sun.identity.authentication.AuthContext in project OpenAM by OpenRock.

the class AuthContextLocal method login.

/**
     * Performs the Login for the given AuthContext
     * @param type authentication index type
     * @param indexName authentication index name
     * @param principal principal name of the user to be authenticated
     * @param password password for the user
     * @param subject authentication subject
     * @param envMap Environment map, this is applicable only when the type
     *        is <code>AuthContext.IndexType.RESOURCE</code>
     * @param locale locale setting
     * @throws AuthLoginException if error occurs during login
     */
protected void login(AuthContext.IndexType type, String indexName, Principal principal, char[] password, Subject subject, Map envMap, String locale) throws AuthLoginException {
    try {
        /*if (!getStatus().equals(AuthContext.Status.NOT_STARTED)) {
                if (authDebug.messageEnabled()) {
                    authDebug.message("AuthContextLocal::login called " +
                    "when the current login status is : " + getStatus());
                }
                throw new AuthLoginException(amAuthContextLocal, 
                    "invalidMethod", new Object[]{getStatus()});
            }*/
        // switch the login status
        loginStatus = AuthContext.Status.IN_PROGRESS;
        String redirectUrl = null;
        // specially processing for resouce/IP/Environement based auth
        if ((type != null) && type.equals(AuthContext.IndexType.RESOURCE)) {
            // this is resouce/IP/Env based authentication
            // call Policy Decision Util to find out the actual auth type 
            // required by policy
            List result = Collections.EMPTY_LIST;
            try {
                result = PolicyDecisionUtils.doResourceIPEnvAuth(indexName, organizationName, envMap);
            } catch (PolicyException pe) {
                // ignore, continue to default realm based authentication
                // may need to revisit this in the future
                authDebug.warning("AuthContextLocal.login() policy error " + "indexName=" + indexName, pe);
                type = null;
                indexName = null;
            }
            if (authDebug.messageEnabled()) {
                authDebug.message("AuthContextLocal.login: policy decision=" + result);
            }
            if (result.size() == 2) {
                type = (AuthContext.IndexType) result.get(0);
                indexName = (String) result.get(1);
            } else if (result.size() == 1) {
                // this is the redirection case (Policy Redirection Advice)
                redirectUrl = (String) result.get(0);
                // append goto parameter for federation case
                Set tmp = (Set) envMap.get(ISAuthConstants.GOTO_PARAM);
                if ((tmp != null) && !tmp.isEmpty()) {
                    String gotoParam = (String) tmp.iterator().next();
                    if ((gotoParam != null) && (gotoParam.length() != 0)) {
                        if ((redirectUrl != null) && (redirectUrl.indexOf("?") != -1)) {
                            redirectUrl = redirectUrl + "&" + ISAuthConstants.GOTO_PARAM + "=" + URLEncDec.encode(gotoParam);
                        } else {
                            redirectUrl = redirectUrl + "?" + ISAuthConstants.GOTO_PARAM + "=" + URLEncDec.encode(gotoParam);
                        }
                    }
                }
                type = null;
                indexName = null;
            } else {
                // no policy decision, use default realm login
                type = null;
                indexName = null;
            }
        }
        HashMap loginParamsMap = new HashMap();
        loginParamsMap.put(INDEX_TYPE, type);
        loginParamsMap.put(INDEX_NAME, indexName);
        loginParamsMap.put(PRINCIPAL, principal);
        loginParamsMap.put(PASSWORD, password);
        loginParamsMap.put(SUBJECT, subject);
        loginParamsMap.put(LOCALE, locale);
        if (redirectUrl != null) {
            loginParamsMap.put(REDIRECT_URL, redirectUrl);
        }
        if (authDebug.messageEnabled()) {
            authDebug.message("loginParamsMap : " + loginParamsMap.toString());
        }
        authDebug.message("calling AMLoginContext::exceuteLogin : ");
        amlc.executeLogin(loginParamsMap);
        authDebug.message("after AMLoginContext::exceuteLogin : ");
        if (amlc.getStatus() == LoginStatus.AUTH_SUCCESS) {
            loginStatus = AuthContext.Status.SUCCESS;
        } else if (amlc.getStatus() == LoginStatus.AUTH_FAILED) {
            loginStatus = AuthContext.Status.FAILED;
        }
        if (authDebug.messageEnabled()) {
            authDebug.message("Status at the end of login() : " + loginStatus);
        }
    } catch (AuthLoginException e) {
        if (authDebug.messageEnabled()) {
            authDebug.message("Exception in ac.login : " + e.toString());
        }
        throw e;
    }
}
Also used : Set(java.util.Set) PolicyException(com.sun.identity.policy.PolicyException) HashMap(java.util.HashMap) AuthContext(com.sun.identity.authentication.AuthContext) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) ArrayList(java.util.ArrayList) List(java.util.List)

Example 4 with AuthContext

use of com.sun.identity.authentication.AuthContext in project OpenAM by OpenRock.

the class AuthXMLHandler method processAuthXMLRequest.

/*
     * Process the XMLRequest
     */
private AuthXMLResponse processAuthXMLRequest(String xml, PLLAuditor auditor, AuthXMLRequest authXMLRequest, HttpServletRequest servletRequest, HttpServletResponse servletResponse) {
    if (messageEnabled) {
        debug.message("authXMLRequest is : " + authXMLRequest);
    }
    int requestType = authXMLRequest.getRequestType();
    String sessionID = authXMLRequest.getAuthIdentifier();
    String orgName = authXMLRequest.getOrgName();
    AuthContextLocal authContext = authXMLRequest.getAuthContext();
    LoginState loginState = AuthUtils.getLoginState(authContext);
    auditor.setMethod(getMethodName(requestType));
    auditor.setUserId(getAuthenticationId(loginState));
    auditor.setTrackingId(getContextId(loginState));
    auditor.setRealm(orgName);
    auditor.auditAccessAttempt();
    String params = authXMLRequest.getParams();
    List envList = authXMLRequest.getEnvironment();
    Map envMap = toEnvMap(envList);
    AuthXMLResponse authResponse = new AuthXMLResponse(requestType);
    authResponse.setAuthContext(authContext);
    authResponse.setAuthIdentifier(sessionID);
    if (messageEnabled) {
        debug.message("authContext is : " + authContext);
        debug.message("requestType : " + requestType);
    }
    if (authXMLRequest.getValidSessionNoUpgrade()) {
        authResponse.setAuthXMLRequest(authXMLRequest);
        authResponse.setValidSessionNoUpgrade(true);
        return authResponse;
    }
    String securityEnabled = null;
    try {
        securityEnabled = AuthUtils.getRemoteSecurityEnabled();
    } catch (AuthException auExp) {
        debug.error("Got Exception", auExp);
        setErrorCode(authResponse, auExp);
        return authResponse;
    }
    if (debug.messageEnabled()) {
        debug.message("Security Enabled = " + securityEnabled);
    }
    if (requestType != 0) {
        if ((securityEnabled != null) && (securityEnabled.equals("true"))) {
            security = true;
            String indexNameLoc = authXMLRequest.getIndexName();
            AuthContext.IndexType indexTypeLoc = authXMLRequest.getIndexType();
            if (indexTypeLoc == null) {
                indexTypeLoc = AuthUtils.getIndexType(authContext);
                indexNameLoc = AuthUtils.getIndexName(authContext);
            }
            if (debug.messageEnabled()) {
                debug.message("Index Name Local : " + indexNameLoc);
                debug.message("Index Type Local : " + indexTypeLoc);
            }
            if (((indexTypeLoc == null) || (indexNameLoc == null)) || !((indexTypeLoc == AuthContext.IndexType.MODULE_INSTANCE) && indexNameLoc.equals("Application"))) {
                try {
                    String ssoTokenID = authXMLRequest.getAppSSOTokenID();
                    if (debug.messageEnabled()) {
                        debug.message("Session ID = : " + ssoTokenID);
                    }
                    SSOTokenManager manager = SSOTokenManager.getInstance();
                    SSOToken appSSOToken = manager.createSSOToken(ssoTokenID);
                    // retry
                    if (!manager.isValidToken(appSSOToken)) {
                        if (debug.messageEnabled()) {
                            debug.message("App SSOToken is not valid");
                        }
                        setErrorCode(authResponse, new AuthException(AMAuthErrorCode.REMOTE_AUTH_INVALID_SSO_TOKEN, null));
                        return authResponse;
                    } else {
                        debug.message("App SSOToken is VALID");
                    }
                } catch (SSOException ssoe) {
                    // can retry
                    if (debug.messageEnabled()) {
                        debug.message("App SSOToken is not valid: " + ssoe.getMessage());
                    }
                    setErrorCode(authResponse, new AuthException(AMAuthErrorCode.REMOTE_AUTH_INVALID_SSO_TOKEN, null));
                    return authResponse;
                } catch (Exception exp) {
                    debug.error("Got Exception", exp);
                    setErrorCode(authResponse, exp);
                    return authResponse;
                }
            }
        }
    } else {
        security = false;
    }
    // selected choice then start module based authentication.
    if ((AuthUtils.getIndexType(authContext) == AuthContext.IndexType.LEVEL) || (AuthUtils.getIndexType(authContext) == AuthContext.IndexType.COMPOSITE_ADVICE)) {
        Callback[] callbacks = authXMLRequest.getSubmittedCallbacks();
        if (messageEnabled) {
            debug.message("Callbacks are  : " + callbacks);
        }
        if (callbacks != null) {
            if (messageEnabled) {
                debug.message("Callback length is : " + callbacks.length);
            }
            if (callbacks[0] instanceof ChoiceCallback) {
                ChoiceCallback cc = (ChoiceCallback) callbacks[0];
                int[] selectedIndexes = cc.getSelectedIndexes();
                int selected = selectedIndexes[0];
                String[] choices = cc.getChoices();
                String indexName = choices[selected];
                if (messageEnabled) {
                    debug.message("Selected Index is : " + indexName);
                }
                authXMLRequest.setIndexType("moduleInstance");
                authXMLRequest.setIndexName(indexName);
                authXMLRequest.setRequestType(AuthXMLRequest.LoginIndex);
                requestType = AuthXMLRequest.LoginIndex;
                auditor.setMethod(getMethodName(requestType));
            }
        }
    }
    AuthContext.Status loginStatus = AuthContext.Status.IN_PROGRESS;
    HttpServletRequest clientRequest = authXMLRequest.getClientRequest();
    if (loginState != null) {
        loginState.setHttpServletRequest(clientRequest);
        loginState.setHttpServletResponse(authXMLRequest.getClientResponse());
        if (clientRequest != null) {
            loginState.setParamHash(AuthUtils.parseRequestParameters(clientRequest));
        }
    }
    switch(requestType) {
        case AuthXMLRequest.NewAuthContext:
            try {
                processNewRequest(servletRequest, servletResponse, authResponse, loginState, authContext);
                postProcess(loginState, authResponse);
            } catch (Exception ex) {
                debug.error("Error in NewAuthContext ", ex);
                setErrorCode(authResponse, ex);
            }
            break;
        case AuthXMLRequest.Login:
            try {
                if (sessionID != null && sessionID.equals("0")) {
                    processNewRequest(servletRequest, servletResponse, authResponse, loginState, authContext);
                }
                String clientHost = null;
                if (security) {
                    clientHost = authXMLRequest.getHostName();
                    if (messageEnabled) {
                        debug.message("Client Host from Request = " + clientHost);
                    }
                }
                if ((clientHost == null) && (servletRequest != null)) {
                    clientHost = ClientUtils.getClientIPAddress(servletRequest);
                }
                loginState.setClient(clientHost);
                authContext.login();
                //setServletRequest(servletRequest,authContext);
                processRequirements(xml, authContext, authResponse, params, servletRequest);
                loginStatus = authContext.getStatus();
                authResponse.setRemoteRequest(loginState.getHttpServletRequest());
                authResponse.setRemoteResponse(loginState.getHttpServletResponse());
                postProcess(loginState, authResponse);
                checkACException(authResponse, authContext);
            } catch (Exception ex) {
                debug.error("Error during login ", ex);
                setErrorCode(authResponse, ex);
                authResponse.setLoginStatus(authContext.getStatus());
            }
            break;
        case AuthXMLRequest.LoginIndex:
            try {
                AuthContext.IndexType indexType = authXMLRequest.getIndexType();
                String indexName = authXMLRequest.getIndexName();
                if (messageEnabled) {
                    debug.message("indexName is : " + indexName);
                    debug.message("indexType is : " + indexType);
                }
                if (sessionID != null && sessionID.equals("0")) {
                    processNewRequest(servletRequest, servletResponse, authResponse, loginState, authContext);
                }
                String clientHost = null;
                if (security) {
                    clientHost = authXMLRequest.getHostName();
                    if (messageEnabled) {
                        debug.message("Client Host from Request = " + clientHost);
                    }
                }
                if ((clientHost == null) && (servletRequest != null)) {
                    clientHost = ClientUtils.getClientIPAddress(servletRequest);
                }
                loginState.setClient(clientHost);
                String locale = authXMLRequest.getLocale();
                if (locale != null && locale.length() > 0) {
                    if (debug.messageEnabled()) {
                        debug.message("locale is : " + locale);
                    }
                    authContext.login(indexType, indexName, envMap, locale);
                } else {
                    authContext.login(indexType, indexName, envMap, null);
                }
                //setServletRequest(servletRequest,authContext);
                processRequirements(xml, authContext, authResponse, params, servletRequest);
                loginStatus = authContext.getStatus();
                authResponse.setRemoteRequest(loginState.getHttpServletRequest());
                authResponse.setRemoteResponse(loginState.getHttpServletResponse());
                postProcess(loginState, authResponse);
                checkACException(authResponse, authContext);
            } catch (Exception ex) {
                debug.error("Exception during LoginIndex", ex);
                setErrorCode(authResponse, ex);
            }
            break;
        case AuthXMLRequest.LoginSubject:
            try {
                Subject subject = authXMLRequest.getSubject();
                authContext.login(subject);
                //setServletRequest(servletRequest,authContext);
                processRequirements(xml, authContext, authResponse, params, servletRequest);
                postProcess(loginState, authResponse);
                loginStatus = authContext.getStatus();
                checkACException(authResponse, authContext);
            } catch (AuthLoginException ale) {
                debug.error("Exception during LoginSubject", ale);
                setErrorCode(authResponse, ale);
            }
            break;
        case AuthXMLRequest.SubmitRequirements:
            try {
                //setServletRequest(servletRequest,authContext);
                Callback[] submittedCallbacks = authXMLRequest.getSubmittedCallbacks();
                authContext.submitRequirements(submittedCallbacks);
                Callback[] reqdCallbacks = null;
                if (authContext.hasMoreRequirements()) {
                    reqdCallbacks = authContext.getRequirements();
                    authResponse.setReqdCallbacks(reqdCallbacks);
                }
                authResponse.setRemoteRequest(loginState.getHttpServletRequest());
                authResponse.setRemoteResponse(loginState.getHttpServletResponse());
                postProcess(loginState, authResponse);
                loginStatus = authContext.getStatus();
                authResponse.setLoginStatus(loginStatus);
                InternalSession oldSession = loginState.getOldSession();
                authResponse.setOldSession(oldSession);
                checkACException(authResponse, authContext);
            } catch (Exception ex) {
                debug.error("Error during submit requirements ", ex);
                setErrorCode(authResponse, ex);
            }
            break;
        case AuthXMLRequest.QueryInformation:
            try {
                if (sessionID != null && sessionID.equals("0")) {
                    processNewRequest(servletRequest, servletResponse, authResponse, loginState, authContext);
                }
                Set moduleNames = authContext.getModuleInstanceNames();
                authResponse.setModuleNames(moduleNames);
                authResponse.setAuthContext(authContext);
                postProcess(loginState, authResponse);
                checkACException(authResponse, authContext);
            } catch (Exception ex) {
                debug.error("Error during Query Information", ex);
                setErrorCode(authResponse, ex);
            }
            break;
        case AuthXMLRequest.Logout:
            //boolean logoutCalled = false;
            if (sessionID != null && !sessionID.equals("0")) {
                /*intSess = AuthD.getSession(sessionID);
                    try {
                        token = SSOTokenManager.getInstance().
                            createSSOToken(sessionID);
                        if (debug.messageEnabled()) {
                            debug.message("AuthXMLHandler."
                                + "processAuthXMLRequest: Created token " 
                                + "during logout = "+token);
                        }
	            } catch (com.iplanet.sso.SSOException ssoExp) {
                       if (debug.messageEnabled()) {
		           debug.message("AuthXMLHandler.processAuthXMLRequest:"
                           + "SSOException checking validity of SSO Token");
                       }
	            }*/
                try {
                    AuthUtils.logout(sessionID, servletRequest, servletResponse);
                } catch (com.iplanet.sso.SSOException ssoExp) {
                    if (debug.messageEnabled()) {
                        debug.message("AuthXMLHandler.processAuthXMLRequest:" + "SSOException checking validity of SSO Token");
                    }
                }
            }
            /*if (intSess != null) {
                    loginContext = intSess.getObject(ISAuthConstants.
                        LOGIN_CONTEXT);
                }
                try {
                    if (loginContext != null) {
                        if (loginContext instanceof 
                            javax.security.auth.login.LoginContext) {
                            javax.security.auth.login.LoginContext lc = 
                                (javax.security.auth.login.LoginContext) 
                                 loginContext;
                            lc.logout();
                        } else {
                            com.sun.identity.authentication.jaas.LoginContext 
                                jlc = (com.sun.identity.authentication.jaas.
                                LoginContext) loginContext;
                            jlc.logout();
                        }
                        logoutCalled = true;
                    }
                } catch (javax.security.auth.login.LoginException loginExp) {
                    debug.error("AuthXMLHandler.processAuthXMLRequest: "
                        + "Cannot Execute module Logout", loginExp);
                }
                Set postAuthSet = null;
                if (intSess != null) {
                    postAuthSet = (Set) intSess.getObject(ISAuthConstants.
                        POSTPROCESS_INSTANCE_SET);
                }
                if ((postAuthSet != null) && !(postAuthSet.isEmpty())) {
                    AMPostAuthProcessInterface postLoginInstance=null;
                    for(Iterator iter = postAuthSet.iterator();
                    iter.hasNext();) {
                        try {
	                    postLoginInstance =
	 	                (AMPostAuthProcessInterface) iter.next();
                             postLoginInstance.onLogout(servletRequest, 
                                 servletResponse, token);
                        } catch (Exception exp) {
                           debug.error("AuthXMLHandler.processAuthXMLRequest: "
                               + "Failed in post logout.", exp);
                        }
	            }
                } else {
                    String plis = null;
                    if (intSess != null) {
                        plis = intSess.getProperty(
                            ISAuthConstants.POST_AUTH_PROCESS_INSTANCE);
                    }
                    if (plis != null && plis.length() > 0) {
                        StringTokenizer st = new StringTokenizer(plis, "|");
                        if (token != null) {
                            while (st.hasMoreTokens()) {
                                String pli = (String)st.nextToken();
                                try {
                                    AMPostAuthProcessInterface postProcess = 
                                            (AMPostAuthProcessInterface)
                                            Thread.currentThread().
                                            getContextClassLoader().
                                            loadClass(pli).newInstance();
                                    postProcess.onLogout(servletRequest, 
                                        servletResponse, token);
                                } catch (Exception e) {
                                    debug.error("AuthXMLHandler."
                                        + "processAuthXMLRequest:" + pli, e);
                                }
                            }
                        }
                    }
                }
                try {
                    boolean isTokenValid = SSOTokenManager.getInstance().
                        isValidToken(token);
                    if ((token != null) && isTokenValid) {
                        AuthD.getAuth().logLogout(token);
                        Session session = Session.getSession(
                            new SessionID(sessionID));
                        session.logout();
                        debug.message("logout successful.");
                    }
	        } catch (com.iplanet.dpro.session.SessionException 
                    sessExp) {
                    if (debug.messageEnabled()) {
                        debug.message("AuthXMLHandler."
                            + "processAuthXMLRequest: SessionException"
                            + " checking validity of SSO Token");
                    }
	        } catch (com.iplanet.sso.SSOException ssoExp) {
                    if (debug.messageEnabled()) {
                        debug.message("AuthXMLHandler."
                            + "processAuthXMLRequest: SSOException "
                            + "checking validity of SSO Token");
                    }
                }*/
            authResponse.setLoginStatus(AuthContext.Status.COMPLETED);
            break;
        case AuthXMLRequest.Abort:
            try {
                authContext.abort();
                loginStatus = authContext.getStatus();
                authResponse.setLoginStatus(loginStatus);
                checkACException(authResponse, authContext);
            } catch (AuthLoginException ale) {
                debug.error("Error aborting ", ale);
                setErrorCode(authResponse, ale);
            }
            break;
    }
    if (messageEnabled) {
        debug.message("loginStatus: " + loginStatus);
        if (authContext != null) {
            debug.message("error Code: " + authContext.getErrorCode());
            debug.message("error Template: " + authContext.getErrorTemplate());
        }
    }
    if (loginStatus == AuthContext.Status.FAILED) {
        if ((authContext.getErrorMessage() != null) && (authContext.getErrorMessage().equals(AMResourceBundleCache.getInstance().getResBundle("amAuthLDAP", com.sun.identity.shared.locale.Locale.getLocale(loginState.getLocale())).getString(ISAuthConstants.EXCEED_RETRY_LIMIT)))) {
            loginState.setErrorCode(AMAuthErrorCode.AUTH_LOGIN_FAILED);
        }
        if ((authContext.getErrorCode() != null) && ((authContext.getErrorCode()).length() > 0)) {
            authResponse.setErrorCode(authContext.getErrorCode());
        }
        checkACException(authResponse, authContext);
        if ((authContext.getErrorTemplate() != null) && ((authContext.getErrorTemplate()).length() > 0)) {
            authResponse.setErrorTemplate(authContext.getErrorTemplate());
        }
        //Account Lockout Warning Check
        if ((authContext.getErrorCode() != null) && (authContext.getErrorCode().equals(AMAuthErrorCode.AUTH_INVALID_PASSWORD))) {
            String lockWarning = authContext.getLockoutMsg();
            if ((lockWarning != null) && (lockWarning.length() > 0)) {
                authResponse.setErrorMessage(lockWarning);
            }
        }
    }
    auditor.setUserId(getAuthenticationId(loginState));
    auditor.setTrackingId(getContextId(loginState));
    return authResponse;
}
Also used : SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) ResponseSet(com.iplanet.services.comm.share.ResponseSet) HashSet(java.util.HashSet) RequestSet(com.iplanet.services.comm.share.RequestSet) AuthException(com.sun.identity.authentication.service.AuthException) AuthContext(com.sun.identity.authentication.AuthContext) SSOException(com.iplanet.sso.SSOException) HttpServletRequest(javax.servlet.http.HttpServletRequest) InternalSession(com.iplanet.dpro.session.service.InternalSession) List(java.util.List) ArrayList(java.util.ArrayList) SSOTokenManager(com.iplanet.sso.SSOTokenManager) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) SSOException(com.iplanet.sso.SSOException) AuthException(com.sun.identity.authentication.service.AuthException) Subject(javax.security.auth.Subject) ChoiceCallback(javax.security.auth.callback.ChoiceCallback) PasswordCallback(javax.security.auth.callback.PasswordCallback) Callback(javax.security.auth.callback.Callback) X509CertificateCallback(com.sun.identity.authentication.spi.X509CertificateCallback) ChoiceCallback(javax.security.auth.callback.ChoiceCallback) NameCallback(javax.security.auth.callback.NameCallback) LoginState(com.sun.identity.authentication.service.LoginState) SSOException(com.iplanet.sso.SSOException) Map(java.util.Map) HashMap(java.util.HashMap)

Example 5 with AuthContext

use of com.sun.identity.authentication.AuthContext in project OpenAM by OpenRock.

the class AuthUtils method authenticate.

public static SSOToken authenticate(String realm, String userName, String password) throws Exception {
    AuthContext lc = new AuthContext(realm);
    lc.login();
    while (lc.hasMoreRequirements()) {
        Callback[] callbacks = lc.getRequirements();
        for (int i = 0; i < callbacks.length; i++) {
            if (callbacks[i] instanceof NameCallback) {
                NameCallback nc = (NameCallback) callbacks[i];
                nc.setName(userName);
            } else if (callbacks[i] instanceof PasswordCallback) {
                PasswordCallback pc = (PasswordCallback) callbacks[i];
                pc.setPassword(password.toCharArray());
            } else {
                throw new Exception("No callback");
            }
        }
        lc.submitRequirements(callbacks);
    }
    return (lc.getStatus() != AuthContext.Status.SUCCESS) ? null : lc.getSSOToken();
}
Also used : PasswordCallback(javax.security.auth.callback.PasswordCallback) NameCallback(javax.security.auth.callback.NameCallback) Callback(javax.security.auth.callback.Callback) NameCallback(javax.security.auth.callback.NameCallback) AuthContext(com.sun.identity.authentication.AuthContext) PasswordCallback(javax.security.auth.callback.PasswordCallback)

Aggregations

AuthContext (com.sun.identity.authentication.AuthContext)40 Callback (javax.security.auth.callback.Callback)22 NameCallback (javax.security.auth.callback.NameCallback)21 PasswordCallback (javax.security.auth.callback.PasswordCallback)20 SSOToken (com.iplanet.sso.SSOToken)14 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)14 SSOException (com.iplanet.sso.SSOException)12 LoginException (javax.security.auth.login.LoginException)8 Iterator (java.util.Iterator)7 Set (java.util.Set)7 IdRepoException (com.sun.identity.idm.IdRepoException)6 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)6 IOException (java.io.IOException)5 ArrayList (java.util.ArrayList)5 Subject (javax.security.auth.Subject)5 Principal (java.security.Principal)4 HashSet (java.util.HashSet)4 Map (java.util.Map)4 SSOTokenManager (com.iplanet.sso.SSOTokenManager)3 LoginState (com.sun.identity.authentication.service.LoginState)3