Search in sources :

Example 36 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class SiteIDValidator method getServerDetails.

/**
     * Internal method for getting the Server list
     * 
     * @return true if Server list is obtained, false otherwise
     */
private boolean getServerDetails() {
    if (!serverAddrSet.isEmpty()) {
        return true;
    }
    try {
        SSOToken stoken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
        ServiceSchemaManager ssm = new ServiceSchemaManager(ISAuthConstants.PLATFORM_SERVICE_NAME, stoken);
        if (ssm != null) {
            ServiceSchema ss = ssm.getGlobalSchema();
            if (ss != null) {
                Map attrs = ss.getAttributeDefaults();
                Set serverList = (Set) attrs.get(PLATFORM_SERVER_LIST);
                if (serverList != null && !serverList.isEmpty()) {
                    Iterator serverIterator = serverList.iterator();
                    while (serverIterator.hasNext()) {
                        String serverVal = (String) serverIterator.next();
                        if (serverVal != null) {
                            StringTokenizer tk = new StringTokenizer(serverVal, "|");
                            String serverUrl = tk.nextToken();
                            String serverId = tk.nextToken();
                            serverAddrSet.add(serverUrl);
                            StringTokenizer sidtk = new StringTokenizer(serverId, "|");
                            serverIdSet.add(sidtk.nextToken());
                        }
                    }
                }
            }
        }
        return true;
    } catch (SMSException se) {
        if (debug.messageEnabled()) {
            debug.message("Site List Validator. Unable to get global " + "config: SMSException", se);
        }
    } catch (SSOException ssoe) {
        if (debug.messageEnabled()) {
            debug.message("Site List Validator. Unable to get global " + "config: SSOException", ssoe);
        }
    }
    return false;
}
Also used : StringTokenizer(java.util.StringTokenizer) SSOToken(com.iplanet.sso.SSOToken) HashSet(java.util.HashSet) Set(java.util.Set) Iterator(java.util.Iterator) SSOException(com.iplanet.sso.SSOException) Map(java.util.Map)

Example 37 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class XacmlService method checkPermission.

/**
     * Check if this user has permission to perform the given action (which will be "read" in the case of export
     * and "modify" in the case of import).
     *
     * @return true if the user has permission, false otherwise.
     */
@VisibleForTesting
boolean checkPermission(String action) throws EntitlementException {
    try {
        Request restletRequest = getRequest();
        String urlLastSegment = restletRequest.getResourceRef().getLastSegment();
        String realm = RestletRealmRouter.getRealmFromRequest(restletRequest);
        final Map<String, String> context = (Map<String, String>) ServletUtils.getRequest(getRequest()).getAttribute(FORGEROCK_AUTH_CONTEXT);
        final String tokenId = context.get("tokenId");
        final SSOToken token = SSOTokenManager.getInstance().createSSOToken(tokenId);
        return checkPermission(action, urlLastSegment, realm, token);
    } catch (SSOException e) {
        debug.warning("XacmlService permission evaluation failed", e);
        throw new EntitlementException(INTERNAL_ERROR, e);
    }
}
Also used : EntitlementException(com.sun.identity.entitlement.EntitlementException) SSOToken(com.iplanet.sso.SSOToken) HttpServletRequest(javax.servlet.http.HttpServletRequest) Request(org.restlet.Request) SSOException(com.iplanet.sso.SSOException) Map(java.util.Map) HashMap(java.util.HashMap) VisibleForTesting(org.forgerock.util.annotations.VisibleForTesting)

Example 38 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class ConfigFedMonitoring method configureFedMonitoring.

/*
     *  this method is called by AMSetupServlet, when it's done
     *  configuring the OpenAM server after deployment.  it's also
     *  called by the MonitoringConfiguration load-on-startup servlet
     *  when the OpenAM server is restarted any time after being
     *  configured.  it completes the configuring of the monitoring
     *  agent with the config information that requires an SSOToken
     *  to retrieve.  there is another part of the configuration supplied
     *  to the agent by WebtopNaming.
     */
public void configureFedMonitoring() {
    SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
    Date date1 = new Date();
    String startDate = sdf.format(date1);
    debug = Debug.getInstance("amMonitoring");
    String classMethod = "ConfigFedMonitoring.configureMonitoring: ";
    if (!MonitoringUtil.isRunning()) {
        if (debug.warningEnabled()) {
            debug.warning(classMethod + "monitoring is disabled");
        }
        return;
    }
    try {
        ssoToken = getSSOToken();
    } catch (SSOException ssoe) {
        debug.error(classMethod + "Could not get proper SSOToken", ssoe);
        return;
    }
    /*
         *  get the SAML1.x trusted partners and sent to the Agent.
         *  these are global
         */
    getSAML1TPs();
    //  now all the realms' federation configs
    getAllRealms("/");
    date1 = new Date();
    if (debug.messageEnabled()) {
        debug.message(classMethod + "\n" + "    Start time " + startDate + "\n" + "    End time = " + sdf.format(date1));
    }
    return;
}
Also used : SSOException(com.iplanet.sso.SSOException) SimpleDateFormat(java.text.SimpleDateFormat) Date(java.util.Date)

Example 39 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class FSDefaultSPAdapter method postSSOFederationSuccess.

/**
     * Invokes this method after the successful Single Sign-On or Federation.
     * @param hostedEntityID provider ID for the hosted SP
     * @param request servlet request
     * @param response servlet response
     * @param ssoToken user's SSO token
     * @param authnRequest the original authentication request sent from SP 
     * @param authnResponse response from IDP if Browser POST or LECP profile
     *        is used for the request, value will be null if Browser Artifact
     *        profile is used. 
     * @param samlResponse response from IDP if Browser Artifact profile is used
     *        for the request, value will be null if Browser POST or LECP 
     *        profile is used.
     * @exception FederationException if user want to fail the process.
     * @return true if browser redirection happened, false otherwise.
     */
public boolean postSSOFederationSuccess(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, Object ssoToken, FSAuthnRequest authnRequest, FSAuthnResponse authnResponse, FSResponse samlResponse) throws FederationException {
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSDefaultSPAdapter.postFedSuccess, " + "process " + hostedEntityID);
    }
    // find out if this is a federation request
    boolean isFederation = false;
    if (authnRequest == null) {
        FSUtils.debug.error("FSDefaultSPAdapter.postFedSuccess null");
    } else {
        String nameIDPolicy = authnRequest.getNameIDPolicy();
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSDefaultSPAdapter.postSuccess " + nameIDPolicy);
        }
        if (nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_FEDERATED)) {
            isFederation = true;
        }
    }
    SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
    if (isFederation && adminToken != null) {
        try {
            // get name Identifier
            String nameId = null;
            List assertions = null;
            String idpEntityId = null;
            if (authnResponse != null) {
                // POST profile
                assertions = authnResponse.getAssertion();
                idpEntityId = authnResponse.getProviderId();
            } else {
                // Artifact profile
                assertions = samlResponse.getAssertion();
            }
            FSAssertion assertion = (FSAssertion) assertions.iterator().next();
            if (idpEntityId == null) {
                idpEntityId = assertion.getIssuer();
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAdapter.postSuccess: idp=" + idpEntityId);
            }
            Iterator stmtIter = assertion.getStatement().iterator();
            while (stmtIter.hasNext()) {
                Statement statement = (Statement) stmtIter.next();
                int stmtType = statement.getStatementType();
                if (stmtType == Statement.AUTHENTICATION_STATEMENT) {
                    FSAuthenticationStatement authStatement = (FSAuthenticationStatement) statement;
                    FSSubject subject = (FSSubject) authStatement.getSubject();
                    NameIdentifier ni = subject.getIDPProvidedNameIdentifier();
                    if (ni == null) {
                        ni = subject.getNameIdentifier();
                    }
                    if (ni != null) {
                        nameId = ni.getName();
                    }
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAdapter.postSuccess: " + "found name id =" + nameId);
                    }
                    break;
                }
            }
            if (nameId == null) {
                FSUtils.debug.warning("FSAdapter.postSuc : null nameID");
                return false;
            }
            Map map = new HashMap();
            Set set = new HashSet();
            set.add("|" + hostedEntityID + "|" + nameId + "|");
            map.put("iplanet-am-user-federation-info-key", set);
            AMIdentityRepository idRepo = new AMIdentityRepository(adminToken, ((SSOToken) ssoToken).getProperty(ISAuthConstants.ORGANIZATION));
            IdSearchControl searchControl = new IdSearchControl();
            searchControl.setTimeOut(0);
            searchControl.setMaxResults(0);
            searchControl.setAllReturnAttributes(false);
            searchControl.setSearchModifiers(IdSearchOpModifier.AND, map);
            IdSearchResults searchResults = idRepo.searchIdentities(IdType.USER, "*", searchControl);
            Set amIdSet = searchResults.getSearchResults();
            if (amIdSet.size() > 1) {
                String univId = ((SSOToken) ssoToken).getProperty(Constants.UNIVERSAL_IDENTIFIER);
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAdapter.postSuccess: found " + amIdSet.size() + " federation with same ID as " + univId);
                }
                String metaAlias = null;
                try {
                    IDFFMetaManager metaManager = new IDFFMetaManager(ssoToken);
                    if (metaManager != null) {
                        SPDescriptorConfigElement spConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityID);
                        if (spConfig != null) {
                            metaAlias = spConfig.getMetaAlias();
                        }
                    }
                } catch (IDFFMetaException ie) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAdapter.postSuccess: " + "couldn't find meta alias:", ie);
                    }
                }
                FSAccountManager accManager = FSAccountManager.getInstance(metaAlias);
                FSAccountFedInfoKey fedInfoKey = new FSAccountFedInfoKey(hostedEntityID, nameId);
                // previous federation exists with different users
                Iterator it = amIdSet.iterator();
                while (it.hasNext()) {
                    AMIdentity amId = (AMIdentity) it.next();
                    // compare with the SSO token
                    String tmpUnivId = IdUtils.getUniversalId(amId);
                    if (univId.equalsIgnoreCase(tmpUnivId)) {
                        continue;
                    }
                    // remove federation information for this user
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAdapter.postSucces, " + "remove fed info for user " + tmpUnivId);
                    }
                    accManager.removeAccountFedInfo(tmpUnivId, fedInfoKey, idpEntityId);
                }
            }
        } catch (FSAccountMgmtException f) {
            FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", f);
        } catch (IdRepoException i) {
            FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", i);
        } catch (SSOException e) {
            FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", e);
        }
    }
    return false;
}
Also used : SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) HashSet(java.util.HashSet) FSSubject(com.sun.identity.federation.message.FSSubject) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) HashMap(java.util.HashMap) IdSearchResults(com.sun.identity.idm.IdSearchResults) SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement) SSOException(com.iplanet.sso.SSOException) FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey) FSAccountManager(com.sun.identity.federation.accountmgmt.FSAccountManager) FSAssertion(com.sun.identity.federation.message.FSAssertion) Iterator(java.util.Iterator) IdSearchControl(com.sun.identity.idm.IdSearchControl) List(java.util.List) HashSet(java.util.HashSet) FSAuthenticationStatement(com.sun.identity.federation.message.FSAuthenticationStatement) Statement(com.sun.identity.saml.assertion.Statement) FSAuthenticationStatement(com.sun.identity.federation.message.FSAuthenticationStatement) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) IdRepoException(com.sun.identity.idm.IdRepoException) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) AMIdentity(com.sun.identity.idm.AMIdentity) AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) Map(java.util.Map) HashMap(java.util.HashMap)

Example 40 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class WSSReplayPasswd method onLoginSuccess.

/** 
     * Post processing on successful authentication.
     * @param requestParamsMap contains HttpServletRequest parameters
     * @param request HttpServlet  request
     * @param response HttpServlet response
     * @param ssoToken user's session
     * @throws AuthenticationException if there is an error while setting
     * the session paswword property
     */
public void onLoginSuccess(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
    try {
        if (!useHashedPassword) {
            String userpasswd = request.getParameter(PASSWORD_TOKEN);
            if (userpasswd != null) {
                ssoToken.setProperty("EncryptedUserPassword", Crypt.encrypt(userpasswd));
            }
        } else {
            String userName = ssoToken.getPrincipal().getName();
            String universalID = ssoToken.getProperty("sun.am.UniversalIdentifier");
            if (debug.messageEnabled()) {
                debug.message("WSSReplayPassword:Authenticated user : " + userName);
                debug.message("WSSReplayPassword:Authenticated UUID : " + universalID);
            }
            AMIdentity amId = new AMIdentity(getAdminToken(), universalID);
            Set tmp = amId.getAttribute("userPassword");
            if (tmp != null && !tmp.isEmpty()) {
                String userPassword = (String) tmp.iterator().next();
                ssoToken.setProperty("HashedUserPassword", userPassword);
            }
        }
    } catch (SSOException sse) {
        debug.warning("WSSReplayPasswd.onLoginSuccess: " + "sso exception", sse);
    } catch (IdRepoException ire) {
        if (debug.warningEnabled()) {
            debug.warning("WSSReplayPassword.onLoginSuccess: ", ire);
        }
    }
}
Also used : Set(java.util.Set) AMIdentity(com.sun.identity.idm.AMIdentity) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException)

Aggregations

SSOException (com.iplanet.sso.SSOException)1002 SMSException (com.sun.identity.sm.SMSException)553 Set (java.util.Set)374 SSOToken (com.iplanet.sso.SSOToken)336 IdRepoException (com.sun.identity.idm.IdRepoException)291 HashSet (java.util.HashSet)289 Map (java.util.Map)223 HashMap (java.util.HashMap)205 AMIdentity (com.sun.identity.idm.AMIdentity)193 Iterator (java.util.Iterator)189 CLIException (com.sun.identity.cli.CLIException)170 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)126 ServiceConfig (com.sun.identity.sm.ServiceConfig)126 IOutput (com.sun.identity.cli.IOutput)121 ServiceSchemaManager (com.sun.identity.sm.ServiceSchemaManager)104 ServiceSchema (com.sun.identity.sm.ServiceSchema)101 ServiceConfigManager (com.sun.identity.sm.ServiceConfigManager)93 AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)88 IOException (java.io.IOException)65 PolicyException (com.sun.identity.policy.PolicyException)62