Examples with SSOToken com.iplanet.sso.SSOToken used on opensource projects

Example 86 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class AuthenticateToServiceConditionTest method conditionShouldEvaluateToTrueWhenEnvironmentDoesNotContainServicesAndMatches.

@Test
public void conditionShouldEvaluateToTrueWhenEnvironmentDoesNotContainServicesAndMatches() throws EntitlementException {
    //Given
    String realm = "REALM";
    Subject subject = new Subject();
    String resourceName = "RESOURCE_NAME";
    Map<String, Set<String>> env = new HashMap<String, Set<String>>();
    Set<String> services = new HashSet<String>();
    SSOToken ssoToken = mock(SSOToken.class);
    given(coreWrapper.getRealmFromRealmQualifiedData("SERVICE_NAME")).willReturn("REALM");
    given(coreWrapper.convertOrgNameToRealmName("REALM")).willReturn("REALM");
    services.add("SERVICE_NAME");
    subject.getPrivateCredentials().add(ssoToken);
    given(entitlementCoreWrapper.getRealmQualifiedAuthenticatedServices(ssoToken)).willReturn(services);
    condition.setState("{\"authenticateToService\": \"SERVICE_NAME\"}");
    //When
    ConditionDecision decision = condition.evaluate(realm, subject, resourceName, env);
    //Then
    assertThat(decision.isSatisfied()).isTrue();
    assertThat(decision.getAdvice()).isEmpty();
}

Example 87 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class CDCServlet method doGetPost.

/**
     * Redirects the user to the authentication module if he is not
     * authenticated; otherwise redirects him back to the original referrer.
     *
     * @param request HTTP Servlet Request object that contains the request
     *        the client has made of the servlet.
     * @param response an HTTP Servlet Response object that contains the
     *        response the servlet sends to the client.
     * @throws ServletException if an input or output error is detected when
     *         the servlet handles the GET request
     * @throws IOException if the request for the GET could not be handled.
     */
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    if (debug.messageEnabled()) {
        debug.message("CDCServlet.doGetPost: Query String received: " + request.getQueryString());
    }
    String gotoParameter = request.getParameter(GOTO_PARAMETER);
    String targetParameter = request.getParameter(TARGET_PARAMETER);
    if (targetParameter == null) {
        targetParameter = request.getParameter(TARGET_PARAMETER.toLowerCase());
    }
    if ((gotoParameter != null) || (targetParameter != null)) {
        debug.message("CDCServlet:doGetPost():goto or target is not null");
        for (String invalidStr : INVALID_SET) {
            if (gotoParameter != null && gotoParameter.toLowerCase().contains(invalidStr)) {
                showError(response, "GOTO parameter has invalid characters");
                return;
            }
            if (targetParameter != null && targetParameter.toLowerCase().contains(invalidStr)) {
                showError(response, "TARGET parameter has invalid characters");
                return;
            }
        }
    }
    /* Steps
         * 1. If no SSOToken, forward to authentication
         * 2. If SSOToken is valid construct AuthN response and return
         */
    /*
         * Check for a valid SSOToken in the request. If it is not found or
         * it is invalid, redirect the user for authentication URL.
         * Also re-direct if there are policy advices in the query string
         */
    SSOToken token = getSSOToken(request, response);
    String policyAdviceList = checkForPolicyAdvice(token, request, response);
    if ((token == null) || (policyAdviceList != null)) {
        redirectForAuthentication(request, response, policyAdviceList);
    } else {
        //ok, the token is valid check if cookie is already set for this platform server
        //if the CDCServlet was accessed with valid token, but the cookie is not set
        //then set it to browser before redirecting
        String cookieName = AuthClientUtils.getCookieName();
        Cookie ssoCookie = CookieUtils.getCookieFromReq(request, cookieName);
        if (ssoCookie == null) {
            try {
                String cookieValue = token.getTokenID().toString();
                if (cookieName != null && cookieName.length() != 0) {
                    Set<String> domains = AuthClientUtils.getCookieDomainsForRequest(request);
                    if (!domains.isEmpty()) {
                        for (Iterator it = domains.iterator(); it.hasNext(); ) {
                            String domain = (String) it.next();
                            Cookie cookie = CookieUtils.newCookie(cookieName, cookieValue, "/", domain);
                            CookieUtils.addCookieToResponse(response, cookie);
                        }
                    } else {
                        Cookie cookie = CookieUtils.newCookie(cookieName, cookieValue, "/", null);
                        CookieUtils.addCookieToResponse(response, cookie);
                    }
                }
            } catch (Exception e) {
                if (debug.messageEnabled()) {
                    debug.message("Error creating cookie. : " + e.getMessage());
                }
            }
        }
        redirectWithAuthNResponse(request, response, token);
    }
}

Example 88 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class LdapSPValidator method searchAgents.

private Map searchAgents(StringBuffer rootPrefix, String realm) throws Exception {
    /*
         * Search for attribute "sunIdentityServerDeviceKeyValue:
         * sunIdentityServerAgentRootURL=<rootURL>"
         */
    Map searchParams = new HashMap();
    Set attrValues = new HashSet(2);
    attrValues.add(PROVIDER_ID_ATTR_NAME + "=" + rootPrefix.toString());
    searchParams.put(LDAP_ATTR_NAME, attrValues);
    IdSearchControl idsc = new IdSearchControl();
    idsc.setTimeOut(0);
    idsc.setMaxResults(0);
    idsc.setSearchModifiers(IdSearchOpModifier.AND, searchParams);
    Set returnAttrs = new HashSet(4);
    returnAttrs.add(LDAP_ATTR_NAME);
    returnAttrs.add(LDAP_STATUS_ATTR_NAME);
    idsc.setReturnAttributes(returnAttrs);
    try {
        SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
        IdSearchResults sr = null;
        if ((realm != null) && (realm.trim().length() > 0)) {
            AMIdentityRepository idRepo = new AMIdentityRepository(adminToken, realm);
            sr = idRepo.searchIdentities(IdType.AGENT, "*", idsc);
        } else {
            sr = amIdRepo.searchIdentities(IdType.AGENT, "*", idsc);
        }
        return sr.getResultAttributes();
    } catch (IdRepoException ire) {
        CDCServlet.debug.error("LdapSPValidator.searchAgents", ire);
        throw new Exception(ire);
    } catch (SSOException ssoe) {
        CDCServlet.debug.error("LdapSPValidator.searchAgents", ssoe);
        throw new Exception(ssoe);
    }
}

Example 89 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class LogSampleUtils method realmLogin.

public SSOToken realmLogin(String userid, String password, AuthContext ac) throws SSOException, AuthLoginException, Exception {
    String adminDN;
    String adminPassword;
    SSOToken ssoToken = null;
    String userID = null;
    try {
        ac.login();
    } catch (AuthLoginException le) {
        System.err.println("LogSampleUtils: Failed to start login " + "for default auth module.");
        throw le;
    }
    userID = userid;
    Callback[] callbacks = null;
    Hashtable values = new Hashtable();
    values.put(AuthXMLTags.NAME_CALLBACK, userid);
    values.put(AuthXMLTags.PASSWORD_CALLBACK, password);
    while (ac.hasMoreRequirements()) {
        callbacks = ac.getRequirements();
        try {
            fillCallbacks(callbacks, values);
            ac.submitRequirements(callbacks);
        } catch (Exception e) {
            System.err.println("Failed to submit callbacks!");
            e.printStackTrace();
            return null;
        }
    }
    AuthContext.Status istat = ac.getStatus();
    if (istat == AuthContext.Status.SUCCESS) {
        System.out.println("==>Authentication SUCCESSFUL for user " + userid);
    } else if (istat == AuthContext.Status.COMPLETED) {
        System.out.println("==>Authentication Status for user " + userid + " = " + istat);
        return null;
    }
    try {
        ssoToken = ac.getSSOToken();
    } catch (Exception e) {
        System.err.println("Failed to get SSO token!");
        throw e;
    }
    return ssoToken;
}

Example 90 with SSOToken

use of com.iplanet.sso.SSOToken in project OpenAM by OpenRock.

the class CommandLineSSO method main.

public static void main(String[] args) throws Exception {
    String orgName = args[0];
    System.out.println("Organization: " + orgName);
    SSOTokenManager manager = SSOTokenManager.getInstance();
    AuthContext lc = getAuthcontext(orgName);
    if (lc.getStatus() == AuthContext.Status.SUCCESS) {
        System.out.println("Successful authentication ...");
        SSOToken token = lc.getSSOToken();
        String userDN = token.getPrincipal().getName();
        System.out.println("User Name: " + userDN);
        try {
            AMIdentity userIdentity = IdUtils.getIdentity(token);
            Map attrs = userIdentity.getAttributes();
            System.out.println("User Attributes: ");
            for (Iterator i = attrs.keySet().iterator(); i.hasNext(); ) {
                String attrName = (String) i.next();
                Set values = (Set) attrs.get(attrName);
                System.out.println(attrName + "=" + values);
            }
        } catch (IdRepoException e) {
            e.printStackTrace();
        } finally {
            manager.destroyToken(token);
        }
    } else {
        System.out.println("Authentication Failed ....... ");
    }
    System.exit(0);
}