Search in sources :

Example 16 with AuthContext

use of com.sun.identity.authentication.AuthContext in project OpenAM by OpenRock.

the class Authenticator method sessionBasedLogin.

public AuthContext sessionBasedLogin(CommandManager mgr, String bindUser, String bindPwd) throws CLIException {
    String[] param = { bindUser };
    LogWriter.log(mgr, LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_LOGIN", param, null);
    try {
        AuthContext ac = sessionBasedLoginInternal(mgr, bindUser, bindPwd);
        LogWriter.log(mgr, LogWriter.LOG_ACCESS, Level.INFO, "SUCCEED_LOGIN", param, null);
        return ac;
    } catch (CLIException e) {
        String[] params = { bindUser, e.getMessage() };
        LogWriter.log(mgr, LogWriter.LOG_ERROR, Level.INFO, "FAILED_LOGIN", params, null);
        throw e;
    }
}
Also used : AuthContext(com.sun.identity.authentication.AuthContext)

Example 17 with AuthContext

use of com.sun.identity.authentication.AuthContext in project OpenAM by OpenRock.

the class SessionCommand method handleRequest.

public void handleRequest(RequestContext rc) throws CLIException {
    super.handleRequest(rc);
    Authenticator auth = Authenticator.getInstance();
    String bindUser = getAdminID();
    AuthContext lc = auth.sessionBasedLogin(getCommandManager(), bindUser, getAdminPassword());
    try {
        boolean isQuiet = isOptionSet(QUIET_PARAM);
        handleRequest(lc.getSSOToken(), isQuiet);
        try {
            lc.logout();
        } catch (AuthLoginException e) {
            throw new CLIException(e, ExitCodes.SESSION_BASED_LOGOUT_FAILED);
        }
    } catch (Exception e) {
        throw new CLIException(e, ExitCodes.SESSION_BASED_LOGIN_FAILED);
    }
}
Also used : AuthContext(com.sun.identity.authentication.AuthContext) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) IOException(java.io.IOException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) SessionException(com.iplanet.dpro.session.SessionException)

Example 18 with AuthContext

use of com.sun.identity.authentication.AuthContext in project OpenAM by OpenRock.

the class SAML2 method handleReturnFromRedirect.

/**
     * Once we're back from the ACS, we need to validate that we have not errored during the proxying process.
     * Then we detect if we need to perform a local linking authentication chain, or if the user is already
     * locally linked, we need to look up the already-linked username.
     */
private int handleReturnFromRedirect(final int state, final HttpServletRequest request, final String spName, final HttpServletResponse response) throws AuthLoginException {
    //first make sure to delete the cookie
    removeCookiesForRedirects(request, response);
    if (Boolean.parseBoolean(request.getParameter(SAML2Proxy.ERROR_PARAM_KEY))) {
        return handleRedirectError(request);
    }
    final String key;
    if (request.getParameter("jsonContent") != null) {
        key = JsonValueBuilder.toJsonValue(request.getParameter("jsonContent")).get("responsekey").asString();
    } else {
        key = request.getParameter(SAML2Proxy.RESPONSE_KEY);
    }
    final String username;
    SAML2ResponseData data = null;
    if (!StringUtils.isBlank(key)) {
        data = (SAML2ResponseData) SAML2Store.getTokenFromStore(key);
    }
    if (data == null && SAML2FailoverUtils.isSAML2FailoverEnabled() && !StringUtils.isBlank(key)) {
        try {
            data = (SAML2ResponseData) SAML2FailoverUtils.retrieveSAML2Token(key);
        } catch (SAML2TokenRepositoryException e) {
            return processError(bundle.getString("samlFailoverError"), "SAML2.handleReturnFromRedirect : Error reading from failover map.", e);
        }
    }
    if (data == null) {
        return processError(bundle.getString("localLinkError"), "SAML2 :: handleReturnFromRedirect() : " + "Unable to perform local linking - response data key not found");
    }
    storageKey = key;
    assertionSubject = data.getSubject();
    authnAssertion = data.getAssertion();
    sessionIndex = data.getSessionIndex();
    respInfo = data.getResponseInfo();
    try {
        //you're already linked or we auto looked up user
        username = SPACSUtils.getPrincipalWithoutLogin(assertionSubject, authnAssertion, realm, spName, metaManager, entityName, storageKey);
        if (SAML2PluginsUtils.isDynamicProfile(realm)) {
            String spEntityId = SPSSOFederate.getSPEntityId(metaAlias);
            if (shouldPersistNameID(spEntityId)) {
                NameIDInfo info = new NameIDInfo(spEntityId, entityName, getNameId(), SAML2Constants.SP_ROLE, false);
                setUserAttributes(AccountUtils.convertToAttributes(info, null));
            }
        }
        if (username != null) {
            principal = new SAML2Principal(username);
            return success(authnAssertion, getNameId(), username);
        }
    } catch (SAML2Exception e) {
        return processError(e, null, "SAML2.handleReturnFromRedirect : Unable to perform user lookup.");
    }
    if (StringUtils.isBlank(localChain)) {
        return processError(bundle.getString("localLinkError"), "SAML2 :: handleReturnFromRedirect() : " + "Unable to perform local linking - local auth chain not found.");
    }
    //generate a sub-login context, owned by this module, and start login sequence to it
    authenticationContext = new AuthContext(realm);
    authenticationContext.login(AuthContext.IndexType.SERVICE, localChain, null, null, null, null);
    return injectCallbacks(null, state);
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) NameIDInfo(com.sun.identity.saml2.common.NameIDInfo) AuthContext(com.sun.identity.authentication.AuthContext) SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)

Example 19 with AuthContext

use of com.sun.identity.authentication.AuthContext in project OpenAM by OpenRock.

the class AuthXMLHandler method processRequirements.

/*
     * process callbacks
     */
private void processRequirements(String xml, AuthContextLocal authContext, AuthXMLResponse authResponse, String params, HttpServletRequest servletRequest) {
    String[] paramArray = null;
    StringTokenizer paramsSet = null;
    if (params != null) {
        paramsSet = new StringTokenizer(params, ISAuthConstants.PIPE_SEPARATOR);
    }
    boolean allCallbacksAreSet = true;
    String param;
    while (authContext.hasMoreRequirements()) {
        Callback[] reqdCallbacks = authContext.getRequirements();
        for (int i = 0; i < reqdCallbacks.length; i++) {
            if (reqdCallbacks[i] instanceof X509CertificateCallback) {
                X509CertificateCallback certCallback = (X509CertificateCallback) reqdCallbacks[i];
                LoginState loginState = AuthUtils.getLoginState(authContext);
                if (loginState != null) {
                    X509Certificate cert = loginState.getX509Certificate(servletRequest);
                    if (cert != null) {
                        certCallback.setCertificate(cert);
                        certCallback.setReqSignature(false);
                    } else {
                        allCallbacksAreSet = false;
                    }
                }
            } else {
                param = null;
                if (reqdCallbacks[i] instanceof NameCallback) {
                    param = getNextParam(paramsSet);
                    if (param != null) {
                        NameCallback nc = (NameCallback) reqdCallbacks[i];
                        nc.setName(param);
                        if (messageEnabled) {
                            debug.message("Name callback set to " + param);
                        }
                    } else {
                        allCallbacksAreSet = false;
                        break;
                    }
                } else if (reqdCallbacks[i] instanceof PasswordCallback) {
                    param = getNextParam(paramsSet);
                    if (param != null) {
                        PasswordCallback pc = (PasswordCallback) reqdCallbacks[i];
                        pc.setPassword(param.toCharArray());
                        if (messageEnabled) {
                            debug.message("Password callback is set");
                        }
                    } else {
                        allCallbacksAreSet = false;
                        break;
                    }
                } else {
                    if (params == null) {
                        allCallbacksAreSet = false;
                    }
                }
            // add more callbacks if required
            }
        }
        if (getNextParam(paramsSet) != null) {
            allCallbacksAreSet = false;
        }
        if (allCallbacksAreSet) {
            if (messageEnabled) {
                debug.message("submit callbacks with passed in params");
            }
            authContext.submitRequirements(reqdCallbacks);
        } else {
            authResponse.setReqdCallbacks(reqdCallbacks);
            break;
        }
    }
    if (!authContext.hasMoreRequirements()) {
        AuthContext.Status loginStatus = authContext.getStatus();
        if (messageEnabled) {
            debug.message(" Status: " + loginStatus);
        }
        authResponse.setLoginStatus(loginStatus);
    }
}
Also used : AuthContext(com.sun.identity.authentication.AuthContext) X509Certificate(java.security.cert.X509Certificate) StringTokenizer(java.util.StringTokenizer) PasswordCallback(javax.security.auth.callback.PasswordCallback) Callback(javax.security.auth.callback.Callback) X509CertificateCallback(com.sun.identity.authentication.spi.X509CertificateCallback) ChoiceCallback(javax.security.auth.callback.ChoiceCallback) NameCallback(javax.security.auth.callback.NameCallback) NameCallback(javax.security.auth.callback.NameCallback) LoginState(com.sun.identity.authentication.service.LoginState) PasswordCallback(javax.security.auth.callback.PasswordCallback) X509CertificateCallback(com.sun.identity.authentication.spi.X509CertificateCallback)

Example 20 with AuthContext

use of com.sun.identity.authentication.AuthContext in project OpenAM by OpenRock.

the class AuthXMLRequestParser method parseXML.

/**
     * Parses the authentication request xml document. 
     * 
     * @return a AuthXMLRequest object.
     * @throws AuthException if it fails to parse the xml.
     */
public AuthXMLRequest parseXML() throws AuthException {
    try {
        debug.message("entering parseXML");
        if (xmlDocument == null) {
            return null;
        }
        authXMLRequest = new AuthXMLRequest();
        // get the document root
        Element docElem = xmlDocument.getDocumentElement();
        if (docElem != null) {
            String temp = docElem.getAttribute("version");
            if (debug.messageEnabled()) {
                debug.message("Request Version is.. : " + temp);
            }
            if (temp != null) {
                authXMLRequest.setRequestVersion(temp);
            }
            Node requestNode = XMLUtils.getChildNode((Node) docElem, "Request");
            String authIdentifier = null;
            if (requestNode != null) {
                authIdentifier = parseNodeAttributes(requestNode, "authIdentifier");
                if (debug.messageEnabled()) {
                    debug.message("AuthIdentifier is : " + authIdentifier);
                }
                authXMLRequest.setAuthIdentifier(authIdentifier);
            }
            Node appSSOTokenNode = XMLUtils.getChildNode((Node) requestNode, "AppSSOToken");
            if (appSSOTokenNode != null) {
                debug.message("Got the SSO Token node: ");
                String appSSOTokenID = XMLUtils.getValueOfValueNode(appSSOTokenNode);
                if (appSSOTokenID != null) {
                    if (debug.messageEnabled()) {
                        debug.message("Got the Session Id: " + appSSOTokenID);
                    }
                    authXMLRequest.setAppSSOTokenID(appSSOTokenID);
                }
            }
            // get the Nodes for the Request Element
            // get new auth context node 
            Node newAuthContextNode = XMLUtils.getChildNode(requestNode, "NewAuthContext");
            if (newAuthContextNode != null) {
                String orgName = parseNodeAttributes(newAuthContextNode, "orgName");
                authXMLRequest.setOrgName(orgName);
                authXMLRequest.setRequestType(AuthXMLRequest.NewAuthContext);
                AuthContextLocal authContext = AuthUtils.getAuthContext(orgName, authIdentifier, false, servletReq, null, null);
                authXMLRequest.setAuthContext(authContext);
            }
            // get query node 
            Node queryInfoNode = XMLUtils.getChildNode(requestNode, "QueryInformation");
            if (queryInfoNode != null) {
                String queryType = parseNodeAttributes(queryInfoNode, "requestedInformation");
                authXMLRequest.setRequestInformation(queryType);
                authXMLRequest.setRequestType(AuthXMLRequest.QueryInformation);
                String orgName = parseNodeAttributes(queryInfoNode, "orgName");
                AuthContextLocal authContext = null;
                if (orgName != null) {
                    authContext = AuthUtils.getAuthContext(orgName, servletReq);
                } else {
                    authContext = AuthUtils.getAuthContext(null, authIdentifier, false);
                }
                authXMLRequest.setAuthContext(authContext);
            }
            // get login node 
            Node loginNode = XMLUtils.getChildNode(requestNode, "Login");
            if (loginNode != null) {
                debug.message("found login node !!");
                String orgName = parseNodeAttributes(loginNode, "orgName");
                //Let's set the request type to Login by default
                authXMLRequest.setRequestType(AuthXMLRequest.Login);
                //this method can change the default requesttype to
                //LoginIndex type if indexname/indextype was supplied in the
                //request
                parseLoginNodeElements(loginNode, authXMLRequest);
                AuthContext.IndexType indexType = authXMLRequest.getIndexType();
                String indexTypeParam = convertIndexType(indexType);
                String indexName = authXMLRequest.getIndexName();
                if (indexType == AuthContext.IndexType.COMPOSITE_ADVICE) {
                    //realm name from policy advice has precedence over
                    //the orgName attribute
                    orgName = AuthUtils.getRealmFromPolicyAdvice(indexName);
                }
                AuthContextLocal authContext = null;
                if (orgName != null) {
                    authXMLRequest.setOrgName(orgName);
                }
                String hostName = parseNodeAttributes(loginNode, "hostName");
                if (hostName != null) {
                    authXMLRequest.setHostName(hostName);
                }
                String localeAttr = parseNodeAttributes(loginNode, AuthXMLTags.LOCALE);
                if (localeAttr != null) {
                    authXMLRequest.setLocale(localeAttr);
                }
                String forceAuth = parseNodeAttributes(loginNode, "forceAuth");
                if (forceAuth != null) {
                    authXMLRequest.setForceAuth(forceAuth);
                    if (debug.messageEnabled()) {
                        debug.message("AuthXMLRequestParser.parseXML: " + "Got the force auth flag: " + forceAuth);
                    }
                }
                boolean forceAuthBool = Boolean.parseBoolean(forceAuth);
                authContext = AuthUtils.getAuthContext(orgName, authIdentifier, false, servletReq, indexTypeParam, authXMLRequest, forceAuthBool);
                authXMLRequest.setAuthContext(authContext);
                if (localeAttr != null) {
                    LoginState loginState = authContext.getLoginState();
                    loginState.setRemoteLocale(localeAttr);
                }
                HttpServletRequest clientRequest = AuthXMLUtils.getRemoteRequest(XMLUtils.getChildNode(requestNode, AuthXMLTags.REMOTE_REQUEST_RESPONSE));
                HttpServletResponse clientResponse = AuthXMLUtils.getRemoteResponse(XMLUtils.getChildNode(requestNode, AuthXMLTags.REMOTE_REQUEST_RESPONSE));
                authXMLRequest.setClientRequest(clientRequest);
                authXMLRequest.setClientResponse(clientResponse);
            }
            // get submit requirements node
            Node submitReqNode = XMLUtils.getChildNode(requestNode, "SubmitRequirements");
            if (submitReqNode != null) {
                authXMLRequest.setRequestType(AuthXMLRequest.SubmitRequirements);
                AuthContextLocal authContext = AuthUtils.getAuthContext(servletReq, authIdentifier);
                authXMLRequest.setAuthContext(authContext);
                Callback[] callbacks = AuthUtils.getRecdCallback(authContext);
                parseSubmitReqElements(submitReqNode, authXMLRequest, callbacks);
                String localeStr = authXMLRequest.getLocale();
                LoginState loginState = authContext.getLoginState();
                loginState.setRemoteLocale(localeStr);
                HttpServletRequest clientRequest = AuthXMLUtils.getRemoteRequest(XMLUtils.getChildNode(requestNode, AuthXMLTags.REMOTE_REQUEST_RESPONSE));
                HttpServletResponse clientResponse = AuthXMLUtils.getRemoteResponse(XMLUtils.getChildNode(requestNode, AuthXMLTags.REMOTE_REQUEST_RESPONSE));
                authXMLRequest.setClientRequest(clientRequest);
                authXMLRequest.setClientResponse(clientResponse);
            }
            // get  logout node
            Node logoutNode = XMLUtils.getChildNode(requestNode, "Logout");
            if (logoutNode != null) {
                authXMLRequest.setRequestType(AuthXMLRequest.Logout);
            }
            // get abort node
            Node abortNode = XMLUtils.getChildNode(requestNode, "Abort");
            if (abortNode != null) {
                authXMLRequest.setRequestType(AuthXMLRequest.Abort);
                AuthContextLocal authContext = AuthUtils.getAuthContext(null, authIdentifier, true);
                authXMLRequest.setAuthContext(authContext);
            }
        }
    } catch (AuthException e) {
        throw e;
    } catch (Exception e) {
        debug.message("Error in parseXML: : ", e);
    }
    return authXMLRequest;
}
Also used : Element(org.w3c.dom.Element) Node(org.w3c.dom.Node) AuthContext(com.sun.identity.authentication.AuthContext) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthException(com.sun.identity.authentication.service.AuthException) AuthException(com.sun.identity.authentication.service.AuthException) HttpServletRequest(javax.servlet.http.HttpServletRequest) Callback(javax.security.auth.callback.Callback) LoginState(com.sun.identity.authentication.service.LoginState)

Aggregations

AuthContext (com.sun.identity.authentication.AuthContext)40 Callback (javax.security.auth.callback.Callback)22 NameCallback (javax.security.auth.callback.NameCallback)21 PasswordCallback (javax.security.auth.callback.PasswordCallback)20 SSOToken (com.iplanet.sso.SSOToken)14 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)14 SSOException (com.iplanet.sso.SSOException)12 LoginException (javax.security.auth.login.LoginException)8 Iterator (java.util.Iterator)7 Set (java.util.Set)7 IdRepoException (com.sun.identity.idm.IdRepoException)6 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)6 IOException (java.io.IOException)5 ArrayList (java.util.ArrayList)5 Subject (javax.security.auth.Subject)5 Principal (java.security.Principal)4 HashSet (java.util.HashSet)4 Map (java.util.Map)4 SSOTokenManager (com.iplanet.sso.SSOTokenManager)3 LoginState (com.sun.identity.authentication.service.LoginState)3