use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.
the class SiteIDValidator method getServerDetails.
/**
* Internal method for getting the Server list
*
* @return true if Server list is obtained, false otherwise
*/
private boolean getServerDetails() {
if (!serverAddrSet.isEmpty()) {
return true;
}
try {
SSOToken stoken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
ServiceSchemaManager ssm = new ServiceSchemaManager(ISAuthConstants.PLATFORM_SERVICE_NAME, stoken);
if (ssm != null) {
ServiceSchema ss = ssm.getGlobalSchema();
if (ss != null) {
Map attrs = ss.getAttributeDefaults();
Set serverList = (Set) attrs.get(PLATFORM_SERVER_LIST);
if (serverList != null && !serverList.isEmpty()) {
Iterator serverIterator = serverList.iterator();
while (serverIterator.hasNext()) {
String serverVal = (String) serverIterator.next();
if (serverVal != null) {
StringTokenizer tk = new StringTokenizer(serverVal, "|");
String serverUrl = tk.nextToken();
String serverId = tk.nextToken();
serverAddrSet.add(serverUrl);
StringTokenizer sidtk = new StringTokenizer(serverId, "|");
serverIdSet.add(sidtk.nextToken());
}
}
}
}
}
return true;
} catch (SMSException se) {
if (debug.messageEnabled()) {
debug.message("Site List Validator. Unable to get global " + "config: SMSException", se);
}
} catch (SSOException ssoe) {
if (debug.messageEnabled()) {
debug.message("Site List Validator. Unable to get global " + "config: SSOException", ssoe);
}
}
return false;
}
use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.
the class XacmlService method checkPermission.
/**
* Check if this user has permission to perform the given action (which will be "read" in the case of export
* and "modify" in the case of import).
*
* @return true if the user has permission, false otherwise.
*/
@VisibleForTesting
boolean checkPermission(String action) throws EntitlementException {
try {
Request restletRequest = getRequest();
String urlLastSegment = restletRequest.getResourceRef().getLastSegment();
String realm = RestletRealmRouter.getRealmFromRequest(restletRequest);
final Map<String, String> context = (Map<String, String>) ServletUtils.getRequest(getRequest()).getAttribute(FORGEROCK_AUTH_CONTEXT);
final String tokenId = context.get("tokenId");
final SSOToken token = SSOTokenManager.getInstance().createSSOToken(tokenId);
return checkPermission(action, urlLastSegment, realm, token);
} catch (SSOException e) {
debug.warning("XacmlService permission evaluation failed", e);
throw new EntitlementException(INTERNAL_ERROR, e);
}
}
use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.
the class ConfigFedMonitoring method configureFedMonitoring.
/*
* this method is called by AMSetupServlet, when it's done
* configuring the OpenAM server after deployment. it's also
* called by the MonitoringConfiguration load-on-startup servlet
* when the OpenAM server is restarted any time after being
* configured. it completes the configuring of the monitoring
* agent with the config information that requires an SSOToken
* to retrieve. there is another part of the configuration supplied
* to the agent by WebtopNaming.
*/
public void configureFedMonitoring() {
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
Date date1 = new Date();
String startDate = sdf.format(date1);
debug = Debug.getInstance("amMonitoring");
String classMethod = "ConfigFedMonitoring.configureMonitoring: ";
if (!MonitoringUtil.isRunning()) {
if (debug.warningEnabled()) {
debug.warning(classMethod + "monitoring is disabled");
}
return;
}
try {
ssoToken = getSSOToken();
} catch (SSOException ssoe) {
debug.error(classMethod + "Could not get proper SSOToken", ssoe);
return;
}
/*
* get the SAML1.x trusted partners and sent to the Agent.
* these are global
*/
getSAML1TPs();
// now all the realms' federation configs
getAllRealms("/");
date1 = new Date();
if (debug.messageEnabled()) {
debug.message(classMethod + "\n" + " Start time " + startDate + "\n" + " End time = " + sdf.format(date1));
}
return;
}
use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.
the class FSDefaultSPAdapter method postSSOFederationSuccess.
/**
* Invokes this method after the successful Single Sign-On or Federation.
* @param hostedEntityID provider ID for the hosted SP
* @param request servlet request
* @param response servlet response
* @param ssoToken user's SSO token
* @param authnRequest the original authentication request sent from SP
* @param authnResponse response from IDP if Browser POST or LECP profile
* is used for the request, value will be null if Browser Artifact
* profile is used.
* @param samlResponse response from IDP if Browser Artifact profile is used
* for the request, value will be null if Browser POST or LECP
* profile is used.
* @exception FederationException if user want to fail the process.
* @return true if browser redirection happened, false otherwise.
*/
public boolean postSSOFederationSuccess(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, Object ssoToken, FSAuthnRequest authnRequest, FSAuthnResponse authnResponse, FSResponse samlResponse) throws FederationException {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultSPAdapter.postFedSuccess, " + "process " + hostedEntityID);
}
// find out if this is a federation request
boolean isFederation = false;
if (authnRequest == null) {
FSUtils.debug.error("FSDefaultSPAdapter.postFedSuccess null");
} else {
String nameIDPolicy = authnRequest.getNameIDPolicy();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultSPAdapter.postSuccess " + nameIDPolicy);
}
if (nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_FEDERATED)) {
isFederation = true;
}
}
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
if (isFederation && adminToken != null) {
try {
// get name Identifier
String nameId = null;
List assertions = null;
String idpEntityId = null;
if (authnResponse != null) {
// POST profile
assertions = authnResponse.getAssertion();
idpEntityId = authnResponse.getProviderId();
} else {
// Artifact profile
assertions = samlResponse.getAssertion();
}
FSAssertion assertion = (FSAssertion) assertions.iterator().next();
if (idpEntityId == null) {
idpEntityId = assertion.getIssuer();
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAdapter.postSuccess: idp=" + idpEntityId);
}
Iterator stmtIter = assertion.getStatement().iterator();
while (stmtIter.hasNext()) {
Statement statement = (Statement) stmtIter.next();
int stmtType = statement.getStatementType();
if (stmtType == Statement.AUTHENTICATION_STATEMENT) {
FSAuthenticationStatement authStatement = (FSAuthenticationStatement) statement;
FSSubject subject = (FSSubject) authStatement.getSubject();
NameIdentifier ni = subject.getIDPProvidedNameIdentifier();
if (ni == null) {
ni = subject.getNameIdentifier();
}
if (ni != null) {
nameId = ni.getName();
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAdapter.postSuccess: " + "found name id =" + nameId);
}
break;
}
}
if (nameId == null) {
FSUtils.debug.warning("FSAdapter.postSuc : null nameID");
return false;
}
Map map = new HashMap();
Set set = new HashSet();
set.add("|" + hostedEntityID + "|" + nameId + "|");
map.put("iplanet-am-user-federation-info-key", set);
AMIdentityRepository idRepo = new AMIdentityRepository(adminToken, ((SSOToken) ssoToken).getProperty(ISAuthConstants.ORGANIZATION));
IdSearchControl searchControl = new IdSearchControl();
searchControl.setTimeOut(0);
searchControl.setMaxResults(0);
searchControl.setAllReturnAttributes(false);
searchControl.setSearchModifiers(IdSearchOpModifier.AND, map);
IdSearchResults searchResults = idRepo.searchIdentities(IdType.USER, "*", searchControl);
Set amIdSet = searchResults.getSearchResults();
if (amIdSet.size() > 1) {
String univId = ((SSOToken) ssoToken).getProperty(Constants.UNIVERSAL_IDENTIFIER);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAdapter.postSuccess: found " + amIdSet.size() + " federation with same ID as " + univId);
}
String metaAlias = null;
try {
IDFFMetaManager metaManager = new IDFFMetaManager(ssoToken);
if (metaManager != null) {
SPDescriptorConfigElement spConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityID);
if (spConfig != null) {
metaAlias = spConfig.getMetaAlias();
}
}
} catch (IDFFMetaException ie) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAdapter.postSuccess: " + "couldn't find meta alias:", ie);
}
}
FSAccountManager accManager = FSAccountManager.getInstance(metaAlias);
FSAccountFedInfoKey fedInfoKey = new FSAccountFedInfoKey(hostedEntityID, nameId);
// previous federation exists with different users
Iterator it = amIdSet.iterator();
while (it.hasNext()) {
AMIdentity amId = (AMIdentity) it.next();
// compare with the SSO token
String tmpUnivId = IdUtils.getUniversalId(amId);
if (univId.equalsIgnoreCase(tmpUnivId)) {
continue;
}
// remove federation information for this user
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAdapter.postSucces, " + "remove fed info for user " + tmpUnivId);
}
accManager.removeAccountFedInfo(tmpUnivId, fedInfoKey, idpEntityId);
}
}
} catch (FSAccountMgmtException f) {
FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", f);
} catch (IdRepoException i) {
FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", i);
} catch (SSOException e) {
FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", e);
}
}
return false;
}
use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.
the class WSSReplayPasswd method onLoginSuccess.
/**
* Post processing on successful authentication.
* @param requestParamsMap contains HttpServletRequest parameters
* @param request HttpServlet request
* @param response HttpServlet response
* @param ssoToken user's session
* @throws AuthenticationException if there is an error while setting
* the session paswword property
*/
public void onLoginSuccess(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
try {
if (!useHashedPassword) {
String userpasswd = request.getParameter(PASSWORD_TOKEN);
if (userpasswd != null) {
ssoToken.setProperty("EncryptedUserPassword", Crypt.encrypt(userpasswd));
}
} else {
String userName = ssoToken.getPrincipal().getName();
String universalID = ssoToken.getProperty("sun.am.UniversalIdentifier");
if (debug.messageEnabled()) {
debug.message("WSSReplayPassword:Authenticated user : " + userName);
debug.message("WSSReplayPassword:Authenticated UUID : " + universalID);
}
AMIdentity amId = new AMIdentity(getAdminToken(), universalID);
Set tmp = amId.getAttribute("userPassword");
if (tmp != null && !tmp.isEmpty()) {
String userPassword = (String) tmp.iterator().next();
ssoToken.setProperty("HashedUserPassword", userPassword);
}
}
} catch (SSOException sse) {
debug.warning("WSSReplayPasswd.onLoginSuccess: " + "sso exception", sse);
} catch (IdRepoException ire) {
if (debug.warningEnabled()) {
debug.warning("WSSReplayPassword.onLoginSuccess: ", ire);
}
}
}
Aggregations