Example 21 with SSOTokenManager
use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.
the class ConsoleServletBase method checkAuthentication.
/**
* Checks if the user is authenticated, that is, if SSO Token is available
* and whether the token is still valid, else throws
* <code>SSOException</code>.
*
* @param request HTTP Servlet request object.
* @return The valid SSO Token.
* @throws SSOException if SSO Token is invalid
*/
private SSOToken checkAuthentication(HttpServletRequest request) throws SSOException {
SSOTokenManager manager = SSOTokenManager.getInstance();
SSOToken ssoToken = manager.createSSOToken(request);
manager.validateToken(ssoToken);
return ssoToken;
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
SSOToken(com.iplanet.sso.SSOToken)
Example 22 with SSOTokenManager
use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.
the class SessionResourceTest method setUp.
@BeforeMethod
public void setUp() throws IdRepoException, SSOException {
SessionQueryManager sessionQueryManager = mock(SessionQueryManager.class);
ssoTokenManager = mock(SSOTokenManager.class);
authUtilsWrapper = mock(AuthUtilsWrapper.class);
propertyWhitelist = mock(SessionPropertyWhitelist.class);
headerResponse = null;
urlResponse = null;
cookieResponse = null;
given(mockContext.getCallerSSOToken()).willReturn(ssoToken);
realmContext = new RealmContext(mockContext);
amIdentity = new AMIdentity(DN.valueOf("id=demo,dc=example,dc=com"), null);
configureWhitelist();
sessionResource = new SessionResource(sessionQueryManager, ssoTokenManager, authUtilsWrapper, propertyWhitelist) {
@Override
AMIdentity getIdentity(SSOToken ssoToken) throws IdRepoException, SSOException {
return amIdentity;
}
@Override
String convertDNToRealm(String dn) {
return "/";
}
@Override
protected String getTokenIdFromHeader(Context context, String cookieName) {
return headerResponse;
}
@Override
protected String getTokenIdFromUrlParam(ActionRequest request) {
return urlResponse;
}
@Override
protected String getTokenIdFromCookie(Context context, String cookieName) {
return cookieResponse;
}
};
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
RootContext(org.forgerock.services.context.RootContext)
ClientContext(org.forgerock.services.context.ClientContext)
RealmContext(org.forgerock.openam.rest.RealmContext)
SessionContext(org.forgerock.http.session.SessionContext)
SSOTokenContext(org.forgerock.openam.rest.resource.SSOTokenContext)
AttributesContext(org.forgerock.services.context.AttributesContext)
SecurityContext(org.forgerock.services.context.SecurityContext)
Context(org.forgerock.services.context.Context)
SSOToken(com.iplanet.sso.SSOToken)
RealmContext(org.forgerock.openam.rest.RealmContext)
SessionResource(org.forgerock.openam.core.rest.session.SessionResource)
IdRepoException(com.sun.identity.idm.IdRepoException)
SSOException(com.iplanet.sso.SSOException)
SessionQueryManager(org.forgerock.openam.core.rest.session.query.SessionQueryManager)
AuthUtilsWrapper(org.forgerock.openam.authentication.service.AuthUtilsWrapper)
AMIdentity(com.sun.identity.idm.AMIdentity)
SessionPropertyWhitelist(org.forgerock.openam.session.SessionPropertyWhitelist)
BeforeMethod(org.testng.annotations.BeforeMethod)
Example 23 with SSOTokenManager
use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.
the class AuthContext method getAppSSOToken.
/**
* Returns the application sso token. Can perform a check to ensure that
* the app token is still valid (requires a session refresh call to OpenAM)
*
* @param refresh true if we should check with OpenAM if the app token is valid
* @return a valid application's sso token.
*/
private SSOToken getAppSSOToken(boolean refresh) {
SSOToken appToken = null;
try {
appToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
} catch (AMSecurityPropertiesException aspe) {
if (authDebug.messageEnabled()) {
authDebug.message("AuthContext::getAppSSOToken: " + "unable to get app ssotoken " + aspe.getMessage());
}
}
if (refresh) {
// ensure the token is valid
try {
SSOTokenManager ssoTokenManager = SSOTokenManager.getInstance();
ssoTokenManager.refreshSession(appToken);
if (!ssoTokenManager.isValidToken(appToken)) {
if (authDebug.messageEnabled()) {
authDebug.message("AuthContext.getAppSSOToken(): " + "App SSOToken is invalid, retrying");
}
try {
appToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
} catch (AMSecurityPropertiesException aspe) {
if (authDebug.messageEnabled()) {
authDebug.message("AuthContext::getAppSSOToken: " + "unable to get app ssotoken " + aspe.getMessage());
}
}
}
} catch (SSOException ssoe) {
if (authDebug.messageEnabled()) {
authDebug.message("AuthContext.getAppSSOToken(): " + "unable to refresh app token: " + ssoe.getL10NMessage());
}
try {
appToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
} catch (AMSecurityPropertiesException aspe) {
if (authDebug.errorEnabled()) {
authDebug.error("AuthContext::getAppSSOToken: " + "unable to get app ssotoken " + aspe.getMessage());
}
}
}
}
if (authDebug.messageEnabled()) {
if (appToken == null) {
authDebug.message("Null App SSO Token");
} else {
authDebug.message("Obtained App Token= " + appToken.getTokenID().toString());
}
}
return appToken;
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
SSOToken(com.iplanet.sso.SSOToken)
AMSecurityPropertiesException(com.sun.identity.security.AMSecurityPropertiesException)
SSOException(com.iplanet.sso.SSOException)
Example 24 with SSOTokenManager
use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.
the class OATH method process.
/**
* Processes the OTP input by the user. Checks the OTP for validity, and
* resynchronizes the server as needed.
*
* @param callbacks
* @param state
* @return -1 for success; 0 for failure
* @throws AuthLoginException upon any errors
*/
@Override
public int process(Callback[] callbacks, int state) throws AuthLoginException {
try {
//check for session and get username and UUID
if (userName == null || userName.length() == 0) {
// session upgrade case. Need to find the user ID from the old
// session
SSOTokenManager mgr = SSOTokenManager.getInstance();
InternalSession isess = getLoginState("OATH").getOldSession();
if (isess == null) {
throw new AuthLoginException("amAuth", "noInternalSession", null);
}
SSOToken token = mgr.createSSOToken(isess.getID().toString());
UUID = token.getPrincipal().getName();
userName = token.getProperty("UserToken");
if (debug.messageEnabled()) {
debug.message("OATH.process(): Username from SSOToken : " + userName);
}
if (userName == null || userName.length() == 0) {
throw new AuthLoginException("amAuth", "noUserName", null);
}
}
switch(state) {
case ISAuthConstants.LOGIN_START:
// callback[1] = Confirmation CallBack (Submit OTP)
if (callbacks == null || callbacks.length != 2) {
throw new AuthLoginException(amAuthOATH, "authFailed", null);
}
// check password length MUST be 6 or higher according to RFC
if (passLen < MIN_PASSWORD_LENGTH) {
debug.error("OATH.process(): Password length is less than " + MIN_PASSWORD_LENGTH);
throw new AuthLoginException(amAuthOATH, "authFailed", null);
}
// get OTP
String OTP = String.valueOf(((PasswordCallback) callbacks[0]).getPassword());
if (StringUtils.isEmpty(OTP)) {
debug.error("OATH.process(): invalid OTP code");
setFailureID(userName);
throw new InvalidPasswordException("amAuth", "invalidPasswd", null);
}
if (minSecretKeyLength <= 0) {
debug.error("OATH.process(): Min Secret Key Length is not a valid value");
throw new AuthLoginException(amAuthOATH, "authFailed", null);
}
if (StringUtils.isEmpty(secretKeyAttrName)) {
debug.error("OATH.process(): secret key attribute name is empty");
throw new AuthLoginException(amAuthOATH, "authFailed", null);
}
// get Arrival time of the OTP
timeInSeconds = System.currentTimeMillis() / 1000L;
if (checkOTP(OTP)) {
return ISAuthConstants.LOGIN_SUCCEED;
} else {
// the OTP is out of the window or incorrect
setFailureID(userName);
throw new InvalidPasswordException("amAuth", "invalidPasswd", null);
}
}
} catch (SSOException e) {
debug.error("OATH.process(): SSOException", e);
throw new AuthLoginException(amAuthOATH, "authFailed", null);
}
return ISAuthConstants.LOGIN_IGNORE;
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
SSOToken(com.iplanet.sso.SSOToken)
InternalSession(com.iplanet.dpro.session.service.InternalSession)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException)
SSOException(com.iplanet.sso.SSOException)
Example 25 with SSOTokenManager
use of com.iplanet.sso.SSOTokenManager in project OpenAM by OpenRock.
the class SessionRequestHandler method processRequest.
private Response processRequest(final PLLAuditor auditor, final Request req, final HttpServletRequest servletRequest, final HttpServletResponse servletResponse) {
final SessionRequest sreq = SessionRequest.parseXML(req.getContent());
auditor.setMethod(sreq.getMethodName());
SessionResponse sres = new SessionResponse(sreq.getRequestID(), sreq.getMethodID());
Object context;
try {
// use remote client IP as default RestrictedToken context
context = SessionUtils.getClientAddress(servletRequest);
this.clientToken = null;
} catch (Exception ex) {
sessionDebug.error("SessionRequestHandler encounterd exception", ex);
sres.setException(ex.getMessage());
return auditedExceptionResponse(auditor, sres);
}
String requester = sreq.getRequester();
if (requester != null) {
try {
context = RestrictedTokenContext.unmarshal(requester);
if (context instanceof SSOToken) {
SSOTokenManager ssoTokenManager = SSOTokenManager.getInstance();
SSOToken adminToken = (SSOToken) context;
if (!ssoTokenManager.isValidToken(adminToken)) {
sres.setException(SessionBundle.getString("appTokenInvalid") + requester);
return auditedExceptionResponse(auditor, sres);
}
this.clientToken = (SSOToken) context;
}
} catch (Exception ex) {
if (sessionDebug.warningEnabled()) {
sessionDebug.warning("SessionRequestHandler.processRequest:" + "app token invalid, sending Session response" + " with Exception");
}
sres.setException(SessionBundle.getString("appTokenInvalid") + requester);
return auditedExceptionResponse(auditor, sres);
}
}
try {
sres = (SessionResponse) RestrictedTokenContext.doUsing(context, new RestrictedTokenAction() {
public Object run() throws Exception {
return processSessionRequest(auditor, sreq, servletRequest, servletResponse);
}
});
} catch (Exception ex) {
sessionDebug.error("SessionRequestHandler encounterd exception", ex);
sres.setException(ex.getMessage());
}
if (sres.getException() == null) {
auditor.auditAccessSuccess();
} else {
auditor.auditAccessFailure(sres.getException());
}
return new Response(sres.toXMLString());
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Response(com.iplanet.services.comm.share.Response)
SessionResponse(com.iplanet.dpro.session.share.SessionResponse)
SSOToken(com.iplanet.sso.SSOToken)
SessionResponse(com.iplanet.dpro.session.share.SessionResponse)
SessionRequest(com.iplanet.dpro.session.share.SessionRequest)
SessionException(com.iplanet.dpro.session.SessionException)
RestrictedTokenAction(com.sun.identity.session.util.RestrictedTokenAction)
Aggregations
SSOTokenManager (com.iplanet.sso.SSOTokenManager)53
SSOToken (com.iplanet.sso.SSOToken)48
SSOException (com.iplanet.sso.SSOException)39
IdRepoException (com.sun.identity.idm.IdRepoException)11
AMIdentity (com.sun.identity.idm.AMIdentity)9
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)8
IOException (java.io.IOException)7
Map (java.util.Map)6
Set (java.util.Set)6
ForbiddenException (org.forgerock.json.resource.ForbiddenException)6
SessionException (com.iplanet.dpro.session.SessionException)5
InternalSession (com.iplanet.dpro.session.service.InternalSession)5
AuthPrincipal (com.sun.identity.authentication.internal.AuthPrincipal)5
AuthException (com.sun.identity.authentication.service.AuthException)5
Iterator (java.util.Iterator)5
AuthContext (com.sun.identity.authentication.AuthContext)4
SMSException (com.sun.identity.sm.SMSException)4
Response (com.iplanet.services.comm.share.Response)3
UnsupportedEncodingException (java.io.UnsupportedEncodingException)3
HashMap (java.util.HashMap)3
