Example 16 with AuthContext
use of com.sun.identity.authentication.AuthContext in project OpenAM by OpenRock.
the class Authenticator method sessionBasedLogin.
public AuthContext sessionBasedLogin(CommandManager mgr, String bindUser, String bindPwd) throws CLIException {
String[] param = { bindUser };
LogWriter.log(mgr, LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_LOGIN", param, null);
try {
AuthContext ac = sessionBasedLoginInternal(mgr, bindUser, bindPwd);
LogWriter.log(mgr, LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_LOGIN", param, null);
return ac;
} catch (CLIException e) {
String[] params = { bindUser, e.getMessage() };
LogWriter.log(mgr, LogWriter.LOG_ERROR, Level.INFO, "FAILED_LOGIN", params, null);
throw e;
}
}
Also used :
AuthContext(com.sun.identity.authentication.AuthContext)
Example 17 with AuthContext
use of com.sun.identity.authentication.AuthContext in project OpenAM by OpenRock.
the class SessionCommand method handleRequest.
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
Authenticator auth = Authenticator.getInstance();
String bindUser = getAdminID();
AuthContext lc = auth.sessionBasedLogin(getCommandManager(), bindUser, getAdminPassword());
try {
boolean isQuiet = isOptionSet(QUIET_PARAM);
handleRequest(lc.getSSOToken(), isQuiet);
try {
lc.logout();
} catch (AuthLoginException e) {
throw new CLIException(e, ExitCodes.SESSION_BASED_LOGOUT_FAILED);
}
} catch (Exception e) {
throw new CLIException(e, ExitCodes.SESSION_BASED_LOGIN_FAILED);
}
}
Also used :
AuthContext(com.sun.identity.authentication.AuthContext)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
IOException(java.io.IOException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SessionException(com.iplanet.dpro.session.SessionException)
Example 18 with AuthContext
use of com.sun.identity.authentication.AuthContext in project OpenAM by OpenRock.
the class SAML2 method handleReturnFromRedirect.
/**
* Once we're back from the ACS, we need to validate that we have not errored during the proxying process.
* Then we detect if we need to perform a local linking authentication chain, or if the user is already
* locally linked, we need to look up the already-linked username.
*/
private int handleReturnFromRedirect(final int state, final HttpServletRequest request, final String spName, final HttpServletResponse response) throws AuthLoginException {
//first make sure to delete the cookie
removeCookiesForRedirects(request, response);
if (Boolean.parseBoolean(request.getParameter(SAML2Proxy.ERROR_PARAM_KEY))) {
return handleRedirectError(request);
}
final String key;
if (request.getParameter("jsonContent") != null) {
key = JsonValueBuilder.toJsonValue(request.getParameter("jsonContent")).get("responsekey").asString();
} else {
key = request.getParameter(SAML2Proxy.RESPONSE_KEY);
}
final String username;
SAML2ResponseData data = null;
if (!StringUtils.isBlank(key)) {
data = (SAML2ResponseData) SAML2Store.getTokenFromStore(key);
}
if (data == null && SAML2FailoverUtils.isSAML2FailoverEnabled() && !StringUtils.isBlank(key)) {
try {
data = (SAML2ResponseData) SAML2FailoverUtils.retrieveSAML2Token(key);
} catch (SAML2TokenRepositoryException e) {
return processError(bundle.getString("samlFailoverError"), "SAML2.handleReturnFromRedirect : Error reading from failover map.", e);
}
}
if (data == null) {
return processError(bundle.getString("localLinkError"), "SAML2 :: handleReturnFromRedirect() : " + "Unable to perform local linking - response data key not found");
}
storageKey = key;
assertionSubject = data.getSubject();
authnAssertion = data.getAssertion();
sessionIndex = data.getSessionIndex();
respInfo = data.getResponseInfo();
try {
//you're already linked or we auto looked up user
username = SPACSUtils.getPrincipalWithoutLogin(assertionSubject, authnAssertion, realm, spName, metaManager, entityName, storageKey);
if (SAML2PluginsUtils.isDynamicProfile(realm)) {
String spEntityId = SPSSOFederate.getSPEntityId(metaAlias);
if (shouldPersistNameID(spEntityId)) {
NameIDInfo info = new NameIDInfo(spEntityId, entityName, getNameId(), SAML2Constants.SP_ROLE, false);
setUserAttributes(AccountUtils.convertToAttributes(info, null));
}
}
if (username != null) {
principal = new SAML2Principal(username);
return success(authnAssertion, getNameId(), username);
}
} catch (SAML2Exception e) {
return processError(e, null, "SAML2.handleReturnFromRedirect : Unable to perform user lookup.");
}
if (StringUtils.isBlank(localChain)) {
return processError(bundle.getString("localLinkError"), "SAML2 :: handleReturnFromRedirect() : " + "Unable to perform local linking - local auth chain not found.");
}
//generate a sub-login context, owned by this module, and start login sequence to it
authenticationContext = new AuthContext(realm);
authenticationContext.login(AuthContext.IndexType.SERVICE, localChain, null, null, null, null);
return injectCallbacks(null, state);
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
NameIDInfo(com.sun.identity.saml2.common.NameIDInfo)
AuthContext(com.sun.identity.authentication.AuthContext)
SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)
Example 19 with AuthContext
use of com.sun.identity.authentication.AuthContext in project OpenAM by OpenRock.
the class AuthXMLHandler method processRequirements.
/*
* process callbacks
*/
private void processRequirements(String xml, AuthContextLocal authContext, AuthXMLResponse authResponse, String params, HttpServletRequest servletRequest) {
String[] paramArray = null;
StringTokenizer paramsSet = null;
if (params != null) {
paramsSet = new StringTokenizer(params, ISAuthConstants.PIPE_SEPARATOR);
}
boolean allCallbacksAreSet = true;
String param;
while (authContext.hasMoreRequirements()) {
Callback[] reqdCallbacks = authContext.getRequirements();
for (int i = 0; i < reqdCallbacks.length; i++) {
if (reqdCallbacks[i] instanceof X509CertificateCallback) {
X509CertificateCallback certCallback = (X509CertificateCallback) reqdCallbacks[i];
LoginState loginState = AuthUtils.getLoginState(authContext);
if (loginState != null) {
X509Certificate cert = loginState.getX509Certificate(servletRequest);
if (cert != null) {
certCallback.setCertificate(cert);
certCallback.setReqSignature(false);
} else {
allCallbacksAreSet = false;
}
}
} else {
param = null;
if (reqdCallbacks[i] instanceof NameCallback) {
param = getNextParam(paramsSet);
if (param != null) {
NameCallback nc = (NameCallback) reqdCallbacks[i];
nc.setName(param);
if (messageEnabled) {
debug.message("Name callback set to " + param);
}
} else {
allCallbacksAreSet = false;
break;
}
} else if (reqdCallbacks[i] instanceof PasswordCallback) {
param = getNextParam(paramsSet);
if (param != null) {
PasswordCallback pc = (PasswordCallback) reqdCallbacks[i];
pc.setPassword(param.toCharArray());
if (messageEnabled) {
debug.message("Password callback is set");
}
} else {
allCallbacksAreSet = false;
break;
}
} else {
if (params == null) {
allCallbacksAreSet = false;
}
}
// add more callbacks if required
}
}
if (getNextParam(paramsSet) != null) {
allCallbacksAreSet = false;
}
if (allCallbacksAreSet) {
if (messageEnabled) {
debug.message("submit callbacks with passed in params");
}
authContext.submitRequirements(reqdCallbacks);
} else {
authResponse.setReqdCallbacks(reqdCallbacks);
break;
}
}
if (!authContext.hasMoreRequirements()) {
AuthContext.Status loginStatus = authContext.getStatus();
if (messageEnabled) {
debug.message(" Status: " + loginStatus);
}
authResponse.setLoginStatus(loginStatus);
}
}
Also used :
AuthContext(com.sun.identity.authentication.AuthContext)
X509Certificate(java.security.cert.X509Certificate)
StringTokenizer(java.util.StringTokenizer)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
Callback(javax.security.auth.callback.Callback)
X509CertificateCallback(com.sun.identity.authentication.spi.X509CertificateCallback)
ChoiceCallback(javax.security.auth.callback.ChoiceCallback)
NameCallback(javax.security.auth.callback.NameCallback)
NameCallback(javax.security.auth.callback.NameCallback)
LoginState(com.sun.identity.authentication.service.LoginState)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
X509CertificateCallback(com.sun.identity.authentication.spi.X509CertificateCallback)
Example 20 with AuthContext
use of com.sun.identity.authentication.AuthContext in project OpenAM by OpenRock.
the class AuthXMLRequestParser method parseXML.
/**
* Parses the authentication request xml document.
*
* @return a AuthXMLRequest object.
* @throws AuthException if it fails to parse the xml.
*/
public AuthXMLRequest parseXML() throws AuthException {
try {
debug.message("entering parseXML");
if (xmlDocument == null) {
return null;
}
authXMLRequest = new AuthXMLRequest();
// get the document root
Element docElem = xmlDocument.getDocumentElement();
if (docElem != null) {
String temp = docElem.getAttribute("version");
if (debug.messageEnabled()) {
debug.message("Request Version is.. : " + temp);
}
if (temp != null) {
authXMLRequest.setRequestVersion(temp);
}
Node requestNode = XMLUtils.getChildNode((Node) docElem, "Request");
String authIdentifier = null;
if (requestNode != null) {
authIdentifier = parseNodeAttributes(requestNode, "authIdentifier");
if (debug.messageEnabled()) {
debug.message("AuthIdentifier is : " + authIdentifier);
}
authXMLRequest.setAuthIdentifier(authIdentifier);
}
Node appSSOTokenNode = XMLUtils.getChildNode((Node) requestNode, "AppSSOToken");
if (appSSOTokenNode != null) {
debug.message("Got the SSO Token node: ");
String appSSOTokenID = XMLUtils.getValueOfValueNode(appSSOTokenNode);
if (appSSOTokenID != null) {
if (debug.messageEnabled()) {
debug.message("Got the Session Id: " + appSSOTokenID);
}
authXMLRequest.setAppSSOTokenID(appSSOTokenID);
}
}
// get the Nodes for the Request Element
// get new auth context node
Node newAuthContextNode = XMLUtils.getChildNode(requestNode, "NewAuthContext");
if (newAuthContextNode != null) {
String orgName = parseNodeAttributes(newAuthContextNode, "orgName");
authXMLRequest.setOrgName(orgName);
authXMLRequest.setRequestType(AuthXMLRequest.NewAuthContext);
AuthContextLocal authContext = AuthUtils.getAuthContext(orgName, authIdentifier, false, servletReq, null, null);
authXMLRequest.setAuthContext(authContext);
}
// get query node
Node queryInfoNode = XMLUtils.getChildNode(requestNode, "QueryInformation");
if (queryInfoNode != null) {
String queryType = parseNodeAttributes(queryInfoNode, "requestedInformation");
authXMLRequest.setRequestInformation(queryType);
authXMLRequest.setRequestType(AuthXMLRequest.QueryInformation);
String orgName = parseNodeAttributes(queryInfoNode, "orgName");
AuthContextLocal authContext = null;
if (orgName != null) {
authContext = AuthUtils.getAuthContext(orgName, servletReq);
} else {
authContext = AuthUtils.getAuthContext(null, authIdentifier, false);
}
authXMLRequest.setAuthContext(authContext);
}
// get login node
Node loginNode = XMLUtils.getChildNode(requestNode, "Login");
if (loginNode != null) {
debug.message("found login node !!");
String orgName = parseNodeAttributes(loginNode, "orgName");
//Let's set the request type to Login by default
authXMLRequest.setRequestType(AuthXMLRequest.Login);
//this method can change the default requesttype to
//LoginIndex type if indexname/indextype was supplied in the
//request
parseLoginNodeElements(loginNode, authXMLRequest);
AuthContext.IndexType indexType = authXMLRequest.getIndexType();
String indexTypeParam = convertIndexType(indexType);
String indexName = authXMLRequest.getIndexName();
if (indexType == AuthContext.IndexType.COMPOSITE_ADVICE) {
//realm name from policy advice has precedence over
//the orgName attribute
orgName = AuthUtils.getRealmFromPolicyAdvice(indexName);
}
AuthContextLocal authContext = null;
if (orgName != null) {
authXMLRequest.setOrgName(orgName);
}
String hostName = parseNodeAttributes(loginNode, "hostName");
if (hostName != null) {
authXMLRequest.setHostName(hostName);
}
String localeAttr = parseNodeAttributes(loginNode, AuthXMLTags.LOCALE);
if (localeAttr != null) {
authXMLRequest.setLocale(localeAttr);
}
String forceAuth = parseNodeAttributes(loginNode, "forceAuth");
if (forceAuth != null) {
authXMLRequest.setForceAuth(forceAuth);
if (debug.messageEnabled()) {
debug.message("AuthXMLRequestParser.parseXML: " + "Got the force auth flag: " + forceAuth);
}
}
boolean forceAuthBool = Boolean.parseBoolean(forceAuth);
authContext = AuthUtils.getAuthContext(orgName, authIdentifier, false, servletReq, indexTypeParam, authXMLRequest, forceAuthBool);
authXMLRequest.setAuthContext(authContext);
if (localeAttr != null) {
LoginState loginState = authContext.getLoginState();
loginState.setRemoteLocale(localeAttr);
}
HttpServletRequest clientRequest = AuthXMLUtils.getRemoteRequest(XMLUtils.getChildNode(requestNode, AuthXMLTags.REMOTE_REQUEST_RESPONSE));
HttpServletResponse clientResponse = AuthXMLUtils.getRemoteResponse(XMLUtils.getChildNode(requestNode, AuthXMLTags.REMOTE_REQUEST_RESPONSE));
authXMLRequest.setClientRequest(clientRequest);
authXMLRequest.setClientResponse(clientResponse);
}
// get submit requirements node
Node submitReqNode = XMLUtils.getChildNode(requestNode, "SubmitRequirements");
if (submitReqNode != null) {
authXMLRequest.setRequestType(AuthXMLRequest.SubmitRequirements);
AuthContextLocal authContext = AuthUtils.getAuthContext(servletReq, authIdentifier);
authXMLRequest.setAuthContext(authContext);
Callback[] callbacks = AuthUtils.getRecdCallback(authContext);
parseSubmitReqElements(submitReqNode, authXMLRequest, callbacks);
String localeStr = authXMLRequest.getLocale();
LoginState loginState = authContext.getLoginState();
loginState.setRemoteLocale(localeStr);
HttpServletRequest clientRequest = AuthXMLUtils.getRemoteRequest(XMLUtils.getChildNode(requestNode, AuthXMLTags.REMOTE_REQUEST_RESPONSE));
HttpServletResponse clientResponse = AuthXMLUtils.getRemoteResponse(XMLUtils.getChildNode(requestNode, AuthXMLTags.REMOTE_REQUEST_RESPONSE));
authXMLRequest.setClientRequest(clientRequest);
authXMLRequest.setClientResponse(clientResponse);
}
// get logout node
Node logoutNode = XMLUtils.getChildNode(requestNode, "Logout");
if (logoutNode != null) {
authXMLRequest.setRequestType(AuthXMLRequest.Logout);
}
// get abort node
Node abortNode = XMLUtils.getChildNode(requestNode, "Abort");
if (abortNode != null) {
authXMLRequest.setRequestType(AuthXMLRequest.Abort);
AuthContextLocal authContext = AuthUtils.getAuthContext(null, authIdentifier, true);
authXMLRequest.setAuthContext(authContext);
}
}
} catch (AuthException e) {
throw e;
} catch (Exception e) {
debug.message("Error in parseXML: : ", e);
}
return authXMLRequest;
}
Also used :
Element(org.w3c.dom.Element)
Node(org.w3c.dom.Node)
AuthContext(com.sun.identity.authentication.AuthContext)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
AuthException(com.sun.identity.authentication.service.AuthException)
AuthException(com.sun.identity.authentication.service.AuthException)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Callback(javax.security.auth.callback.Callback)
LoginState(com.sun.identity.authentication.service.LoginState)
Aggregations
AuthContext (com.sun.identity.authentication.AuthContext)40
Callback (javax.security.auth.callback.Callback)22
NameCallback (javax.security.auth.callback.NameCallback)21
PasswordCallback (javax.security.auth.callback.PasswordCallback)20
SSOToken (com.iplanet.sso.SSOToken)14
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)14
SSOException (com.iplanet.sso.SSOException)12
LoginException (javax.security.auth.login.LoginException)8
Iterator (java.util.Iterator)7
Set (java.util.Set)7
IdRepoException (com.sun.identity.idm.IdRepoException)6
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)6
IOException (java.io.IOException)5
ArrayList (java.util.ArrayList)5
Subject (javax.security.auth.Subject)5
Principal (java.security.Principal)4
HashSet (java.util.HashSet)4
Map (java.util.Map)4
SSOTokenManager (com.iplanet.sso.SSOTokenManager)3
LoginState (com.sun.identity.authentication.service.LoginState)3
