Example 1 with SSOToken
use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.
the class PWResetQuestionModelImpl method setUserPasswordChangedEntry.
/**
* Sets the password expiration time attribute value to special value
* which will force the user to change their password when they login
* into admin console. It will use admin's sso token to write the value
* for this attribute.
*
* @param uuid User Id.
* @param password Password of the user.
*/
private void setUserPasswordChangedEntry(String uuid, String password) {
try {
SSOToken token = getSSOToken();
if (token != null) {
ssoToken = token;
AMIdentity user = IdUtils.getIdentity(token, uuid);
changeUserAttribute(user, PASSWORD_EXPIRATION_TIME_ATTR, PASSWORD_EXPIRATION_TIME_VALUE);
} else {
debug.error("PWResetQuestionModelImpl.setUserPasswordChangedEntry" + " Cannot not get admin sso token");
}
} catch (SSOException e) {
debug.error("PWResetQuestionModelImpl.setUserPasswordChangedEntry", e);
} catch (IdRepoException e) {
debug.error("PWResetQuestionModelImpl.setUserPasswordChangedEntry", e);
}
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
AMIdentity(com.sun.identity.idm.AMIdentity)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
Example 2 with SSOToken
use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.
the class PWResetAdminLog method doLog.
/**
* Writes a log record to the password reset log file.
* The message text which will be written to the log file is
* passed in to this method and must be localized already.
*
* @param msgString string which is to be written to the password reset
* log file
*/
public synchronized void doLog(String msgString) {
if (logger == null) {
if (logStatus) {
PWResetModelImpl.debug.error("PWResetAdminLog.doLog - no logger. Would have logged: " + msgString);
}
} else {
if (logStatus) {
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
LogRecord lr = new LogRecord(Level.INFO, msgString, token);
logger.log(lr, adminToken);
}
}
}Example 3 with SSOToken
use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.
the class PWResetQuestionModelImpl method changePassword.
private void changePassword(AMIdentity user, String password, NotifyPassword passwordNotify, String uuid, String orgDN) throws PWResetException, SSOException, IdRepoException {
boolean forceReset = isForceReset(user, orgDN);
SSOToken token = getSSOToken();
if (token == null) {
errorMsg = getLocalizedString("passResetError.message");
throw new PWResetException(errorMsg);
} else {
ssoToken = token;
user = IdUtils.getIdentity(token, uuid);
}
changeUserAttribute(user, USER_PASSWORD_ATTR, password);
if (forceReset) {
setUserPasswordChangedEntry(uuid, password);
}
notifyUser(user, passwordNotify, password, orgDN);
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
Example 4 with SSOToken
use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.
the class AdminTokenAction method run.
/* (non-Javadoc)
* @see java.security.PrivilegedAction#run()
*/
public SSOToken run() {
// Check if we have a valid cached SSOToken
if (appSSOToken != null && tokenManager.isValidToken(appSSOToken)) {
try {
if (validateSession) {
tokenManager.refreshSession(appSSOToken);
}
if (tokenManager.isValidToken(appSSOToken)) {
return appSSOToken;
}
} catch (SSOException ssoe) {
debug.error("AdminTokenAction.reset: couldn't retrieve valid token.", ssoe);
}
}
// Check if internalAppSSOToken is present
if (internalAppSSOToken != null && tokenManager.isValidToken(internalAppSSOToken)) {
return internalAppSSOToken;
}
// Try getting the token from serverconfig.xml
SSOToken answer = getSSOToken();
if (answer != null) {
if (!SystemProperties.isServerMode() || authInitialized) {
appSSOToken = answer;
}
return answer;
} else if (debug.messageEnabled()) {
debug.message("AdminTokenAction::run Unable to get SSOToken from serverconfig.xml");
}
// Check for configured Application Token Provider in AMConfig.properties
String appTokenProviderName = SystemProperties.get(ADMIN_TOKEN_PROVIDER);
if (appTokenProviderName != null) {
try {
AppSSOTokenProvider appSSOTokenProvider = Class.forName(appTokenProviderName).asSubclass(AppSSOTokenProvider.class).newInstance();
answer = appSSOTokenProvider.getAppSSOToken();
} catch (Throwable ce) {
debug.error("AdminTokenAction: Exception while calling appSSOToken provider plugin.", ce);
}
} else {
String appUserName = SystemProperties.get(APP_USERNAME);
String encryptedPassword = SystemProperties.get(APP_SECRET);
String password = SystemProperties.get(APP_PASSWORD);
String appPassword = null;
if (password != null && !password.isEmpty()) {
appPassword = password;
} else if (encryptedPassword != null && !encryptedPassword.isEmpty()) {
try {
appPassword = Crypt.decode(encryptedPassword);
} catch (Throwable t) {
debug.error("AdminTokenAction::run Unable to decrypt secret password", t);
}
}
if (appUserName == null || appUserName.isEmpty() || appPassword == null || appPassword.isEmpty()) {
debug.error("AdminTokenAction: App user name or password is empty");
} else {
if (debug.messageEnabled()) {
debug.message("App user name: " + appUserName);
}
SystemAppTokenProvider tokenProd = new SystemAppTokenProvider(appUserName, appPassword);
answer = tokenProd.getAppSSOToken();
}
}
// If SSOToken is NULL, AM would not bootstrap: fatal error
if (answer == null) {
final String errorMessage = "AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token.";
debug.error(errorMessage);
throw new AMSecurityPropertiesException(errorMessage);
} else if (!SystemProperties.isServerMode() || authInitialized) {
// Cache the SSOToken if not in server mode (i.e., in the
// case of client sdk) or if the authN has been initialized
appSSOToken = answer;
}
return answer;
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
SSOException(com.iplanet.sso.SSOException)
Example 5 with SSOToken
use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.
the class OpenSSOGroupSubject method getSubjectAttributesManager.
private SubjectAttributesManager getSubjectAttributesManager() {
String uuid = getID();
if (uuid == null) {
return null;
}
try {
AMIdentity amid = new AMIdentity(null, uuid);
String realm = amid.getRealm();
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
return SubjectAttributesManager.getInstance(SubjectUtils.createSubject(adminToken), realm);
} catch (IdRepoException idex) {
if (PrivilegeManager.debug.messageEnabled()) {
PrivilegeManager.debug.message("OpenSSOGroupSubject.getSubjectAttributesManager:", idex);
}
}
return null;
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
AMIdentity(com.sun.identity.idm.AMIdentity)
IdRepoException(com.sun.identity.idm.IdRepoException)
Aggregations
SSOToken (com.iplanet.sso.SSOToken)776
SSOException (com.iplanet.sso.SSOException)390
Set (java.util.Set)226
SMSException (com.sun.identity.sm.SMSException)218
HashSet (java.util.HashSet)179
IdRepoException (com.sun.identity.idm.IdRepoException)144
HashMap (java.util.HashMap)130
Test (org.testng.annotations.Test)130
CLIException (com.sun.identity.cli.CLIException)117
Iterator (java.util.Iterator)115
AMIdentity (com.sun.identity.idm.AMIdentity)113
Map (java.util.Map)113
IOutput (com.sun.identity.cli.IOutput)99
IOException (java.io.IOException)68
List (java.util.List)57
AMIdentityRepository (com.sun.identity.idm.AMIdentityRepository)56
IdType (com.sun.identity.idm.IdType)54
ServiceConfigManager (com.sun.identity.sm.ServiceConfigManager)53
EntitlementException (com.sun.identity.entitlement.EntitlementException)52
ServiceConfig (com.sun.identity.sm.ServiceConfig)52
