Search in sources :

Example 41 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class ConfigFedMonitoring method getSAML1TPs.

private void getSAML1TPs() {
    String classMethod = "ConfigFedMonitoring.getSAML1TPs: ";
    try {
        // get SAML service attributes
        Map attributeSchemas = new HashMap();
        ServiceSchemaManager svcSchMgr = new ServiceSchemaManager("iPlanetAMSAMLService", ssoToken);
        Set schemaTypes = svcSchMgr.getSchemaTypes();
        for (Iterator it = schemaTypes.iterator(); it.hasNext(); ) {
            SchemaType type = (SchemaType) it.next();
            ServiceSchema schema = svcSchMgr.getSchema(type);
            if (schema != null) {
                String curSchemaType = type.getType();
                Set asch = schema.getAttributeSchemas();
                for (Iterator iu = asch.iterator(); iu.hasNext(); ) {
                    AttributeSchema as = (AttributeSchema) iu.next();
                    String i18n = as.getI18NKey();
                    if ((i18n != null) && (i18n.trim().length() > 0)) {
                        attributeSchemas.put(as.getName(), as);
                    }
                }
            }
        }
        // get the trusted partners 
        StringBuffer cotsb = new StringBuffer(classMethod + "SAML1.x Trusted Partners:\n");
        AttributeSchema as = (AttributeSchema) attributeSchemas.get("iplanet-am-saml-partner-urls");
        Set orgValues = (Set) as.getDefaultValues();
        int ovsize = orgValues.size();
        if (debug.messageEnabled()) {
            cotsb.append("  has ").append(ovsize).append(" entries:\n");
        }
        List s1List = new ArrayList(ovsize);
        if (ovsize > 0) {
            for (Iterator iu = orgValues.iterator(); iu.hasNext(); ) {
                String prtn = (String) iu.next();
                StringTokenizer st = new StringTokenizer(prtn, "|");
                int numtoks = st.countTokens();
                if (debug.messageEnabled()) {
                    cotsb.append("  #tokens = ").append(numtoks).append("\n");
                }
                String xx = null;
                while (st.hasMoreTokens()) {
                    prtn = st.nextToken();
                    StringTokenizer st2 = new StringTokenizer(prtn, "=");
                    if (st2.countTokens() == 2) {
                        String st3 = st2.nextToken();
                        xx = st2.nextToken();
                        if (st3.equalsIgnoreCase("PARTNERNAME")) {
                            if (debug.messageEnabled()) {
                                cotsb.append("  **got PARTNERNAME**\n");
                            }
                            s1List.add(xx);
                        }
                    }
                }
                if (debug.messageEnabled()) {
                    cotsb.append("    ").append(xx).append("\n");
                }
            }
        }
        if (debug.messageEnabled()) {
            debug.message(cotsb.toString());
        }
        // send SAML1.x trusted partners list, s1List, to the Agent
        Agent.saml1TPConfig(s1List);
    } catch (SSOException e) {
        debug.error(classMethod + "sso ex getting saml1.x: " + e.getMessage());
    } catch (SMSException e) {
        debug.error(classMethod + "sms ex getting saml1.x: " + e.getMessage());
    }
}
Also used : Set(java.util.Set) HashMap(java.util.HashMap) SMSException(com.sun.identity.sm.SMSException) ArrayList(java.util.ArrayList) SSOException(com.iplanet.sso.SSOException) SchemaType(com.sun.identity.sm.SchemaType) ServiceSchema(com.sun.identity.sm.ServiceSchema) StringTokenizer(java.util.StringTokenizer) Iterator(java.util.Iterator) AttributeSchema(com.sun.identity.sm.AttributeSchema) ArrayList(java.util.ArrayList) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map) ServiceSchemaManager(com.sun.identity.sm.ServiceSchemaManager)

Example 42 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class ClientResource method createInstance.

public Promise<ResourceResponse, ResourceException> createInstance(Context context, CreateRequest createRequest) {
    String principal = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
    Map<String, String> responseVal = new HashMap<String, String>();
    try {
        if (serviceSchema == null || serviceSchemaManager == null) {
            if (debug.errorEnabled()) {
                debug.error("ClientResource :: CREATE by " + principal + ": No serviceSchema available.");
            }
            throw new PermanentException(ResourceException.INTERNAL_ERROR, "", null);
        }
        Map<String, ArrayList<String>> client = (Map<String, ArrayList<String>>) createRequest.getContent().getObject();
        String realm = null;
        if (client == null || client.isEmpty()) {
            if (debug.errorEnabled()) {
                debug.error("ClientResource :: CREATE by " + principal + ": No client definition.");
            }
            throw new PermanentException(ResourceException.BAD_REQUEST, "Missing client definition", null);
        }
        //check for id
        String id = createRequest.getNewResourceId();
        if (client.containsKey(OAuth2Constants.OAuth2Client.CLIENT_ID)) {
            ArrayList<String> idList = client.remove(OAuth2Constants.OAuth2Client.CLIENT_ID);
            if (idList != null && !idList.isEmpty()) {
                id = idList.iterator().next();
            }
        }
        if (id == null || id.isEmpty()) {
            debug.error("ClientResource :: CREATE by " + principal + ": No client ID.");
            throw new PermanentException(ResourceException.BAD_REQUEST, "Missing client id", null);
        }
        //get realm
        if (client.containsKey(OAuth2Constants.OAuth2Client.REALM)) {
            ArrayList<String> realmList = client.remove(OAuth2Constants.OAuth2Client.REALM);
            if (realmList != null && !realmList.isEmpty()) {
                realm = realmList.iterator().next();
            }
        }
        //check for required parameters
        if (!client.containsKey(OAuth2Constants.OAuth2Client.USERPASSWORD) || client.get(OAuth2Constants.OAuth2Client.USERPASSWORD).iterator().next().isEmpty()) {
            if (debug.errorEnabled()) {
                debug.error("ClientResource :: CREATE by " + principal + ": " + "Resource ID: " + id + ": No user password.");
            }
            throw new PermanentException(ResourceException.BAD_REQUEST, "Missing user password", null);
        }
        if (client.containsKey(OAuth2Constants.OAuth2Client.CLIENT_TYPE)) {
            String type = client.get(OAuth2Constants.OAuth2Client.CLIENT_TYPE).iterator().next();
            if (!(type.equals("Confidential") || type.equals("Public"))) {
                debug.error("ClientResource :: CREATE by " + principal + ": " + "Resource ID: " + id + ": No client type.");
                throw new PermanentException(ResourceException.BAD_REQUEST, "Missing client type", null);
            }
        } else {
            debug.error("ClientResource :: CREATE by" + principal + ": " + "Resource ID: " + id + ": No client type.");
            throw new PermanentException(ResourceException.BAD_REQUEST, "Missing client type", null);
        }
        Map<String, Set<String>> attrs = new HashMap<String, Set<String>>();
        for (Map.Entry mapEntry : client.entrySet()) {
            List<String> list = (ArrayList) mapEntry.getValue();
            Set<String> set = new HashSet<String>();
            if (isSingle((String) mapEntry.getKey())) {
                set.add((String) ((ArrayList) mapEntry.getValue()).get(0));
            } else {
                for (int i = 0; i < list.size(); i++) {
                    set.add("[" + i + "]=" + list.get(i));
                }
            }
            attrs.put((String) mapEntry.getKey(), set);
        }
        Set<String> temp = new HashSet<String>();
        temp.add("OAuth2Client");
        attrs.put("AgentType", temp);
        temp = new HashSet<String>();
        temp.add("Active");
        attrs.put("sunIdentityServerDeviceStatus", temp);
        manager.createIdentity(realm, id, attrs);
        responseVal.put("success", "true");
        JsonValue response = new JsonValue(responseVal);
        ResourceResponse resource = newResourceResponse("results", String.valueOf(System.currentTimeMillis()), response);
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "CREATED_CLIENT", responseVal.toString() };
            auditLogger.logAccessMessage("CREATED_CLIENT", obs, null);
        }
        return newResultPromise(resource);
    } catch (IdRepoException e) {
        responseVal.put("success", "false");
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "FAILED_CREATE_CLIENT", responseVal.toString() };
            auditLogger.logErrorMessage("FAILED_CREATE_CLIENT", obs, null);
        }
        if (debug.errorEnabled()) {
            debug.error("ClientResource :: CREATE by " + principal + ": Unable to create client due to " + "IdRepo exception.", e);
        }
        return new InternalServerErrorException("Unable to create client", e).asPromise();
    } catch (SSOException e) {
        responseVal.put("success", "false");
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "FAILED_CREATE_CLIENT", responseVal.toString() };
            auditLogger.logErrorMessage("FAILED_CREATE_CLIENT", obs, null);
        }
        if (debug.errorEnabled()) {
            debug.error("ClientResource :: CREATE by " + principal + ": Unable to create client due to " + "SSO exception.", e);
        }
        return new InternalServerErrorException("Unable to create client", e).asPromise();
    } catch (PermanentException e) {
        responseVal.put("success", "false");
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "FAILED_CREATE_CLIENT", responseVal.toString() };
            auditLogger.logErrorMessage("FAILED_CREATE_CLIENT", obs, null);
        }
        if (debug.errorEnabled()) {
            debug.error("ClientResource :: CREATE by " + principal + ": Unable to create client due to exception.", e);
        }
        return e.asPromise();
    } catch (org.forgerock.json.resource.BadRequestException e) {
        responseVal.put("success", "false");
        if (auditLogger.isAuditLogEnabled()) {
            String[] obs = { "FAILED_CREATE_CLIENT", responseVal.toString() };
            auditLogger.logErrorMessage("FAILED_CREATE_CLIENT", obs, null);
        }
        debug.error("ClientResource :: CREATE : Unable to create client due to Bad Request.", e);
        return e.asPromise();
    }
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) SSOException(com.iplanet.sso.SSOException) PermanentException(org.forgerock.json.resource.PermanentException) HashSet(java.util.HashSet) JsonValue(org.forgerock.json.JsonValue) IdRepoException(com.sun.identity.idm.IdRepoException) Responses.newResourceResponse(org.forgerock.json.resource.Responses.newResourceResponse) ResourceResponse(org.forgerock.json.resource.ResourceResponse) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) HashMap(java.util.HashMap) Map(java.util.Map)

Example 43 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class TokenResource method deleteToken.

/**
     * Deletes the token with the provided token id.
     *
     * @param context The context.
     * @param tokenId The token id.
     * @param deleteRefreshToken Whether to delete associated refresh token, if token id is for an access token.
     * @return {@code Void} if the token has been deleted.
     */
private Promise<Void, ResourceException> deleteToken(Context context, String tokenId, boolean deleteRefreshToken) {
    try {
        AMIdentity uid = getUid(context);
        JsonValue token = tokenStore.read(tokenId);
        if (token == null) {
            if (debug.errorEnabled()) {
                debug.error("TokenResource :: DELETE : No token with ID, " + tokenId + " found to delete");
            }
            throw new NotFoundException("Token Not Found", null);
        }
        String username = getAttributeValue(token, USERNAME);
        if (username == null || username.isEmpty()) {
            if (debug.errorEnabled()) {
                debug.error("TokenResource :: DELETE : No username associated with " + "token with ID, " + tokenId + ".");
            }
            throw new PermanentException(HttpURLConnection.HTTP_NOT_FOUND, "Not Found", null);
        }
        String grantType = getAttributeValue(token, GRANT_TYPE);
        if (grantType != null && grantType.equalsIgnoreCase(CLIENT_CREDENTIALS)) {
            if (deleteRefreshToken) {
                deleteAccessTokensRefreshToken(token);
            }
            tokenStore.delete(tokenId);
        } else {
            String realm = getAttributeValue(token, REALM);
            AMIdentity uid2 = identityManager.getResourceOwnerIdentity(username, realm);
            if (uid.equals(uid2) || uid.equals(adminUserId)) {
                if (deleteRefreshToken) {
                    deleteAccessTokensRefreshToken(token);
                }
                tokenStore.delete(tokenId);
            } else {
                if (debug.errorEnabled()) {
                    debug.error("TokenResource :: DELETE : Only the resource owner or an administrator may perform " + "a delete on the token with ID, " + tokenId + ".");
                }
                throw new PermanentException(401, "Unauthorized", null);
            }
        }
        return newResultPromise(null);
    } catch (CoreTokenException e) {
        return new ServiceUnavailableException(e.getMessage(), e).asPromise();
    } catch (ResourceException e) {
        return e.asPromise();
    } catch (SSOException e) {
        debug.error("TokenResource :: DELETE : Unable to retrieve identity of the requesting user. Unauthorized.");
        return new PermanentException(401, "Unauthorized", e).asPromise();
    } catch (IdRepoException e) {
        debug.error("TokenResource :: DELETE : Unable to retrieve identity of the requesting user. Unauthorized.");
        return new PermanentException(401, "Unauthorized", e).asPromise();
    } catch (UnauthorizedClientException e) {
        debug.error("TokenResource :: DELETE : Requesting user is unauthorized.");
        return new PermanentException(401, "Unauthorized", e).asPromise();
    }
}
Also used : AMIdentity(com.sun.identity.idm.AMIdentity) PermanentException(org.forgerock.json.resource.PermanentException) UnauthorizedClientException(org.forgerock.oauth2.core.exceptions.UnauthorizedClientException) JsonValue(org.forgerock.json.JsonValue) IdRepoException(com.sun.identity.idm.IdRepoException) NotFoundException(org.forgerock.json.resource.NotFoundException) CoreTokenException(org.forgerock.openam.cts.exceptions.CoreTokenException) ResourceException(org.forgerock.json.resource.ResourceException) SSOException(com.iplanet.sso.SSOException) ServiceUnavailableException(org.forgerock.json.resource.ServiceUnavailableException)

Example 44 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class TokenResource method getExpiryDate.

private String getExpiryDate(JsonValue token, Context context) throws CoreTokenException, InternalServerErrorException, NotFoundException {
    OAuth2ProviderSettings oAuth2ProviderSettings;
    final String realm = getAttributeValue(token, "realm");
    try {
        oAuth2ProviderSettings = oAuth2ProviderSettingsFactory.get(realm);
    } catch (org.forgerock.oauth2.core.exceptions.NotFoundException e) {
        throw new NotFoundException(e.getMessage());
    }
    try {
        if (token.isDefined("refreshToken")) {
            if (oAuth2ProviderSettings.issueRefreshTokensOnRefreshingToken()) {
                return getIndefinitelyString(context);
            } else {
                //Use refresh token expiry
                JsonValue refreshToken = tokenStore.read(getAttributeValue(token, "refreshToken"));
                long expiryTimeInMilliseconds = Long.parseLong(getAttributeValue(refreshToken, EXPIRE_TIME_KEY));
                if (expiryTimeInMilliseconds == -1) {
                    return getIndefinitelyString(context);
                }
                return getDateFormat(context).format(new Date(expiryTimeInMilliseconds));
            }
        } else {
            //Use access token expiry
            long expiryTimeInMilliseconds = Long.parseLong(getAttributeValue(token, EXPIRE_TIME_KEY));
            return getDateFormat(context).format(new Date(expiryTimeInMilliseconds));
        }
    } catch (ServerException | SMSException | SSOException e) {
        throw new InternalServerErrorException(e);
    }
}
Also used : ServerException(org.forgerock.oauth2.core.exceptions.ServerException) SMSException(com.sun.identity.sm.SMSException) JsonValue(org.forgerock.json.JsonValue) NotFoundException(org.forgerock.json.resource.NotFoundException) SSOException(com.iplanet.sso.SSOException) Date(java.util.Date) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) OAuth2ProviderSettings(org.forgerock.oauth2.core.OAuth2ProviderSettings)

Example 45 with SSOException

use of com.iplanet.sso.SSOException in project OpenAM by OpenRock.

the class UmaPolicyServiceImpl method getLoggedInUserId.

private String getLoggedInUserId(Context context) throws InternalServerErrorException {
    try {
        SubjectContext subjectContext = context.asContext(SubjectContext.class);
        SSOToken token = subjectContext.getCallerSSOToken();
        return token.getPrincipal().getName();
    } catch (SSOException e) {
        throw new InternalServerErrorException(e);
    }
}
Also used : SSOToken(com.iplanet.sso.SSOToken) SubjectContext(org.forgerock.openam.rest.resource.SubjectContext) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) SSOException(com.iplanet.sso.SSOException)

Aggregations

SSOException (com.iplanet.sso.SSOException)1002 SMSException (com.sun.identity.sm.SMSException)553 Set (java.util.Set)374 SSOToken (com.iplanet.sso.SSOToken)336 IdRepoException (com.sun.identity.idm.IdRepoException)291 HashSet (java.util.HashSet)289 Map (java.util.Map)223 HashMap (java.util.HashMap)205 AMIdentity (com.sun.identity.idm.AMIdentity)193 Iterator (java.util.Iterator)189 CLIException (com.sun.identity.cli.CLIException)170 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)126 ServiceConfig (com.sun.identity.sm.ServiceConfig)126 IOutput (com.sun.identity.cli.IOutput)121 ServiceSchemaManager (com.sun.identity.sm.ServiceSchemaManager)104 ServiceSchema (com.sun.identity.sm.ServiceSchema)101 ServiceConfigManager (com.sun.identity.sm.ServiceConfigManager)93 AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)88 IOException (java.io.IOException)65 PolicyException (com.sun.identity.policy.PolicyException)62