Search in sources :

Example 11 with AMAuthenticationManager

use of com.sun.identity.authentication.config.AMAuthenticationManager in project OpenAM by OpenRock.

the class SelectRealmModelImpl method getAuthenticationInstances.

/**
     * Returns set of authentication instances.
     *
     * @param realmName Name of Realm.
     * @return set of authentication instances.
     * @throws AMConsoleException if authentication instances cannot be
     *         obtained.
     */
public Set getAuthenticationInstances(String realmName) throws AMConsoleException {
    Set names = Collections.EMPTY_SET;
    try {
        AMAuthenticationManager mgr = new AMAuthenticationManager(getUserSSOToken(), realmName);
        Set instances = mgr.getAuthenticationInstances();
        if ((instances != null) && !instances.isEmpty()) {
            names = new HashSet(instances.size());
            for (Iterator i = instances.iterator(); i.hasNext(); ) {
                names.add(((AMAuthenticationInstance) i.next()).getName());
            }
        }
    } catch (AMConfigurationException e) {
        throw new AMConsoleException(getErrorString(e));
    }
    return names;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) Iterator(java.util.Iterator) AMConfigurationException(com.sun.identity.authentication.config.AMConfigurationException) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException) AMAuthenticationManager(com.sun.identity.authentication.config.AMAuthenticationManager) HashSet(java.util.HashSet)

Example 12 with AMAuthenticationManager

use of com.sun.identity.authentication.config.AMAuthenticationManager in project OpenAM by OpenRock.

the class ConfigMonitoring method getAuthModules.

/*
     *  gather the auth modules for this (sub)"realm".  "realm" is
     *  "currentRealmAMIdName" from:
     *
     *    AMIdentityRepository idRepo =
     *      new AMIdentityRepository(ssoToken, realm);
     *    AMIdentity thisRealmAMId = idRepo.getRealmIdentity();
     *    String currentRealmAMIdName = thisRealmAMId.getRealm();
     */
private Set getAuthModules(String realm) {
    String classMethod = "ConfigMonitoring.getAuthModules: ";
    Set insts = Collections.EMPTY_SET;
    try {
        AMAuthenticationManager mgr = new AMAuthenticationManager(ssoToken, realm);
        insts = mgr.getAuthenticationInstances();
    } catch (AMConfigurationException e) {
        debug.error(classMethod + "getting auth instances; " + e.getMessage());
    }
    return insts;
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) AMConfigurationException(com.sun.identity.authentication.config.AMConfigurationException) AMAuthenticationManager(com.sun.identity.authentication.config.AMAuthenticationManager)

Example 13 with AMAuthenticationManager

use of com.sun.identity.authentication.config.AMAuthenticationManager in project OpenAM by OpenRock.

the class AMLoginContext method executeLogin.

/**
     * Starts login process, the map passed to this method is the parameters
     * required to start the login process. These parameters are
     * <code>indexType</code>, <code>indexName</code> , <code>principal</code>,
     * <code>subject</code>, <code>password</code>,
     * <code>organization name</code>. Based on these parameters Module
     * Configuration name is retrieved using Configuration component. Creates
     * a new LoginContext and starts login process and returns. On error
     * LoginException is thrown.
     *
     * @param loginParamsMap login parameters HashMap
     * @throws AuthLoginException if execute login fails
     */
public void executeLogin(Map<String, Object> loginParamsMap) throws AuthLoginException {
    boolean errorState = false;
    internalAuthError = false;
    processDone = false;
    isFailed = false;
    setLoginHash();
    /*
         * Ensure loginState created and loginParamsMap provided
         */
    if (loginState == null || loginParamsMap == null) {
        debug.error("Error: loginState or loginParams is null");
        loginStatus.setStatus(LoginStatus.AUTH_FAILED);
        if (loginState != null) {
            loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
        }
        setErrorMsgAndTemplate();
        internalAuthError = true;
        throw new AuthLoginException(BUNDLE_NAME, AMAuthErrorCode.AUTH_ERROR, null);
    }
    /*
         * Lookup resource bundle and locale specific settings based on locale associated with LoginState
         */
    java.util.Locale loginLocale = com.sun.identity.shared.locale.Locale.getLocale(loginState.getLocale());
    bundle = AMResourceBundleCache.getInstance().getResBundle(BUNDLE_NAME, loginLocale);
    exceedRetryLimit = AMResourceBundleCache.getInstance().getResBundle("amAuthLDAP", loginLocale).getString(ISAuthConstants.EXCEED_RETRY_LIMIT);
    if (debug.messageEnabled()) {
        debug.message("LoginState : " + loginState);
    }
    /*
         * Handle redirection if applicable
         */
    String redirectUrl = (String) loginParamsMap.get(AuthContextLocal.REDIRECT_URL);
    if (redirectUrl != null) {
        // Resource/IP/Env based auth case with Redirection Advice
        Callback[] redirectCallback = new Callback[1];
        redirectCallback[0] = new RedirectCallback(redirectUrl, null, "GET");
        if (isPureJAAS()) {
            loginState.setReceivedCallback_NoThread(redirectCallback);
        } else {
            loginState.setReceivedCallback(redirectCallback, this);
        }
        return;
    }
    /*
         * Initialize instance fields from loginParamsMap
         */
    parseLoginParams(loginParamsMap);
    /*
         * Copy orgDN and clientType values from LoginState
         */
    if (authContext.getOrgDN() != null && !authContext.getOrgDN().isEmpty()) {
        orgDN = authContext.getOrgDN();
        loginState.setQualifiedOrgDN(orgDN);
    } else {
        orgDN = loginState.getOrgDN();
    }
    clientType = loginState.getClientType();
    if (debug.messageEnabled()) {
        debug.message("orgDN : " + orgDN);
        debug.message("clientType : " + clientType);
    }
    /*
         * Throw an exception if module-based authentication is disabled and an authentication module other
         * than APPLICATION_MODULE or FEDERATION_MODULE is explicitly requested.
         */
    if (indexType == IndexType.MODULE_INSTANCE && !loginState.getEnableModuleBasedAuth() && !indexName.equals(ISAuthConstants.APPLICATION_MODULE)) {
        String moduleClassName = null;
        try {
            AMAuthenticationManager authManager = new AMAuthenticationManager(AccessController.doPrivileged(AdminTokenAction.getInstance()), orgDN);
            AMAuthenticationInstance authInstance = authManager.getAuthenticationInstance(indexName);
            moduleClassName = authInstance.getType();
        } catch (AMConfigurationException amce) {
            debug.error("AMLoginContext.executeLogin(): Unable to get authentication config", amce);
        }
        if (moduleClassName != null && !moduleClassName.equalsIgnoreCase(ISAuthConstants.FEDERATION_MODULE)) {
            throwExceptionIfModuleBasedAuthenticationDisabled();
        }
    }
    /*
         * Update LoginState indexType and indexName
         * (after storing current loginState indexType if required for HTTP callback processing)
         */
    IndexType prevIndexType = loginState.getIndexType();
    if (prevIndexType == IndexType.LEVEL || prevIndexType == IndexType.COMPOSITE_ADVICE) {
        loginState.setPreviousIndexType(prevIndexType);
    }
    loginState.setIndexType(indexType);
    loginState.setIndexName(indexName);
    /*
         * Delegate actual processing of requested authentication type to the dispatch method 'processIndexType'
         */
    try {
        if (processIndexType(indexType, indexName, orgDN)) {
            return;
        }
    } catch (AuthLoginException le) {
        if (MonitoringUtil.isRunning()) {
            if (authImpl == null) {
                authImpl = Agent.getAuthSvcMBean();
            }
            if (authImpl != null) {
                authImpl.incSsoServerAuthenticationFailureCount();
            }
        }
        debug.message("Error  : ", le);
        throw le;
    } catch (Exception e) {
        if (MonitoringUtil.isRunning()) {
            if (authImpl == null) {
                authImpl = Agent.getAuthSvcMBean();
            }
            if (authImpl != null) {
                authImpl.incSsoServerAuthenticationFailureCount();
            }
        }
        debug.message("Error : ", e);
        throw new AuthLoginException(e);
    }
    /*
         * Establish configName based on indexType, indexName, orgDN and clientType
         *
         * If configName can't be established, throw an exception
         */
    configName = getConfigName(indexType, indexName, orgDN, clientType);
    if (configName == null) {
        loginState.setErrorCode(AMAuthErrorCode.AUTH_CONFIG_NOT_FOUND);
        debug.message("Config not found");
        setErrorMsgAndTemplate();
        internalAuthError = true;
        loginStatus.setStatus(LoginStatus.AUTH_FAILED);
        loginState.logFailed(bundle.getString("noConfig"), "NOCONFIG");
        auditor.auditLoginFailure(loginState, NO_CONFIG);
        if (MonitoringUtil.isRunning()) {
            if (authImpl == null) {
                authImpl = Agent.getAuthSvcMBean();
            }
            if (authImpl != null) {
                authImpl.incSsoServerAuthenticationFailureCount();
            }
        }
        throw new AuthLoginException(BUNDLE_NAME, AMAuthErrorCode.AUTH_CONFIG_NOT_FOUND, null);
    }
    /*
         * Create the LoginContext object that actually handles login/logout
         */
    if (debug.messageEnabled()) {
        debug.message("Creating login context object\n" + "\n orgDN : " + orgDN + "\n configName : " + configName);
    }
    try {
        jaasCheck = AuthUtils.isPureJAASModulePresent(configName, this);
        if (isPureJAAS()) {
            debug.message("Using pure jaas mode.");
            if (authThread == null) {
                authThread = new AuthThreadManager();
                authThread.start();
            }
        }
        DSAMECallbackHandler dsameCallbackHandler = new DSAMECallbackHandler(this);
        if (isPureJAAS()) {
            if (subject != null) {
                loginContext = new javax.security.auth.login.LoginContext(configName, subject, dsameCallbackHandler);
            } else {
                loginContext = new javax.security.auth.login.LoginContext(configName, dsameCallbackHandler);
            }
        } else {
            debug.message("Using non pure jaas mode.");
            if (subject != null) {
                jaasLoginContext = new com.sun.identity.authentication.jaas.LoginContext(entries, subject, dsameCallbackHandler);
            } else {
                jaasLoginContext = new com.sun.identity.authentication.jaas.LoginContext(entries, dsameCallbackHandler);
            }
        }
    } catch (AuthLoginException ae) {
        debug.error("JAAS module for config: " + configName + ", " + ae.getMessage());
        if (debug.messageEnabled()) {
            debug.message("AuthLoginException", ae);
        }
        /* The user based authentication errors should not be different
             * for users who exist and who don't, which can lead to
             * possiblity of enumerating existing users.
             * The AMAuthErrorCode.AUTH_LOGIN_FAILED error code is used for
             * all user based authentication errors.
             * Refer issue3278
             */
        if (indexType == IndexType.USER && AMAuthErrorCode.AUTH_CONFIG_NOT_FOUND.equals(ae.getErrorCode())) {
            loginState.setErrorCode(AMAuthErrorCode.AUTH_LOGIN_FAILED);
        } else {
            loginState.setErrorCode(ae.getErrorCode());
        }
        setErrorMsgAndTemplate();
        loginState.logFailed(bundle.getString("loginContextCreateFailed"));
        auditor.auditLoginFailure(loginState);
        internalAuthError = true;
        loginStatus.setStatus(LoginStatus.AUTH_FAILED);
        if (MonitoringUtil.isRunning()) {
            if (authImpl == null) {
                authImpl = Agent.getAuthSvcMBean();
            }
            if (authImpl != null) {
                authImpl.incSsoServerAuthenticationFailureCount();
            }
        }
        throw ae;
    } catch (LoginException le) {
        debug.error("in creating LoginContext.");
        if (debug.messageEnabled()) {
            debug.message("Exception ", le);
        }
        loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
        loginState.logFailed(bundle.getString("loginContextCreateFailed"));
        auditor.auditLoginFailure(loginState);
        setErrorMsgAndTemplate();
        loginStatus.setStatus(LoginStatus.AUTH_FAILED);
        internalAuthError = true;
        if (MonitoringUtil.isRunning()) {
            if (authImpl == null) {
                authImpl = Agent.getAuthSvcMBean();
            }
            if (authImpl != null) {
                authImpl.incSsoServerAuthenticationFailureCount();
            }
        }
        throw new AuthLoginException(BUNDLE_NAME, AMAuthErrorCode.AUTH_ERROR, null, le);
    } catch (SecurityException se) {
        debug.error("security in creating LoginContext.");
        if (debug.messageEnabled()) {
            debug.message("Exception ", se);
        }
        loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
        setErrorMsgAndTemplate();
        loginState.logFailed(bundle.getString("loginContextCreateFailed"));
        auditor.auditLoginFailure(loginState);
        internalAuthError = true;
        loginStatus.setStatus(LoginStatus.AUTH_FAILED);
        if (MonitoringUtil.isRunning()) {
            if (authImpl == null) {
                authImpl = Agent.getAuthSvcMBean();
            }
            if (authImpl != null) {
                authImpl.incSsoServerAuthenticationFailureCount();
            }
        }
        throw new AuthLoginException(BUNDLE_NAME, AMAuthErrorCode.AUTH_ERROR, null);
    } catch (Exception e) {
        debug.error("Creating DSAMECallbackHandler: " + e.getMessage());
        loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
        setErrorMsgAndTemplate();
        loginState.logFailed(bundle.getString("loginContextCreateFailed"));
        auditor.auditLoginFailure(loginState);
        internalAuthError = true;
        if (MonitoringUtil.isRunning()) {
            if (authImpl == null) {
                authImpl = Agent.getAuthSvcMBean();
            }
            if (authImpl != null) {
                authImpl.incSsoServerAuthenticationFailureCount();
            }
        }
        loginStatus.setStatus(LoginStatus.AUTH_FAILED);
        throw new AuthLoginException(BUNDLE_NAME, AMAuthErrorCode.AUTH_ERROR, null, e);
    }
    /*
         * Perform the login using the objects this method has setup
         */
    try {
        if (isPureJAAS()) {
            if (jaasThread != null) {
                jaasThread.interrupt();
                jaasThread = null;
                errorState = true;
            } else {
                jaasThread = new JAASLoginThread(this);
                jaasThread.start();
            }
        } else {
            runLogin();
        }
    } catch (IllegalThreadStateException ite) {
        errorState = true;
    } catch (Exception e) {
        errorState = true;
    }
    if (errorState) {
        loginStatus.setStatus(LoginStatus.AUTH_RESET);
        loginState.setErrorCode(AMAuthErrorCode.AUTH_ERROR);
        setErrorMsgAndTemplate();
        internalAuthError = true;
        if (MonitoringUtil.isRunning()) {
            if (authImpl == null) {
                authImpl = Agent.getAuthSvcMBean();
            }
            if (authImpl != null) {
                authImpl.incSsoServerAuthenticationFailureCount();
            }
        }
        throw new AuthLoginException(BUNDLE_NAME, AMAuthErrorCode.AUTH_ERROR, null);
    }
    debug.message("AMLoginContext:Thread started... returning.");
}
Also used : AMConfigurationException(com.sun.identity.authentication.config.AMConfigurationException) IndexType(com.sun.identity.authentication.AuthContext.IndexType) AMAuthenticationManager(com.sun.identity.authentication.config.AMAuthenticationManager) RedirectCallback(com.sun.identity.authentication.spi.RedirectCallback) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) LoginException(javax.security.auth.login.LoginException) MessageLoginException(com.sun.identity.authentication.spi.MessageLoginException) AuthErrorCodeException(com.sun.identity.authentication.spi.AuthErrorCodeException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException) SSOException(com.iplanet.sso.SSOException) AMConfigurationException(com.sun.identity.authentication.config.AMConfigurationException) RedirectCallback(com.sun.identity.authentication.spi.RedirectCallback) Callback(javax.security.auth.callback.Callback) LoginException(javax.security.auth.login.LoginException) MessageLoginException(com.sun.identity.authentication.spi.MessageLoginException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) AMAuthenticationInstance(com.sun.identity.authentication.config.AMAuthenticationInstance)

Example 14 with AMAuthenticationManager

use of com.sun.identity.authentication.config.AMAuthenticationManager in project OpenAM by OpenRock.

the class AuthPropertiesViewBean method populateInstanceTable.

private void populateInstanceTable() {
    tablePopulated = true;
    CCActionTableModel tableModel = (CCActionTableModel) propertySheetModel.getModel(AUTH_INSTANCE_TABLE);
    tableModel.clearAll();
    boolean firstEntry = true;
    Map instanceMap = new HashMap();
    AuthPropertiesModel model = (AuthPropertiesModelImpl) getModel();
    Set tmp = model.getAuthInstances();
    /* 
         * These instance were deleted in the previous request. This
         * is needed because the getAuthInstances call may return the 
         * instances that were just deleted.
         */
    Set removedInstances = (Set) removePageSessionAttribute(INSTANCES_REMOVED);
    for (Iterator i = tmp.iterator(); i.hasNext(); ) {
        AMAuthenticationInstance inst = (AMAuthenticationInstance) i.next();
        String name = inst.getName();
        if ((removedInstances == null) || (!removedInstances.contains(name))) {
            instanceMap.put(name, inst);
        }
    }
    /*
        * get instance names from previous pass. Need to use an ordered set
        * here to assure the same order is retained during the request cycle.
        */
    OrderedSet instanceSet = (OrderedSet) removePageSessionAttribute(AUTH_INSTANCE_TABLE);
    // no instances if this is the 1st pass, create it now
    if (instanceSet == null) {
        instanceSet = new OrderedSet();
        instanceSet.addAll(instanceMap.keySet());
    }
    AMAuthenticationManager mgr = null;
    try {
        mgr = new AMAuthenticationManager(model.getUserSSOToken(), "/");
    } catch (AMConfigurationException e) {
        debug.warning("Could not create Authentication Manager. Using non-localized type names", e);
    }
    for (Iterator i = instanceSet.iterator(); i.hasNext(); ) {
        String name = (String) i.next();
        AMAuthenticationInstance instance = (AMAuthenticationInstance) instanceMap.get(name);
        /*
            * check if instance still exists. This can happen if user goes
            * the the advanced core properties page and removes an auth type
            * from the available auth instances list.
            */
        if (instance != null) {
            if (!firstEntry) {
                tableModel.appendRow();
            } else {
                firstEntry = false;
            }
            String type = instance.getType();
            if (model.hasAuthAttributes(type)) {
                tableModel.setValue(NAME_COLUMN_DATA, name);
                tableModel.setValue(ACTION_COLUMN_HREF, stringToHex(name));
                tableModel.setValue(NAME_COLUMN_DATA_NO_HREF, "");
            } else {
                tableModel.setValue(NAME_COLUMN_DATA, "");
                tableModel.setValue(ACTION_COLUMN_HREF, stringToHex(name));
                tableModel.setValue(NAME_COLUMN_DATA_NO_HREF, name);
            }
            if (mgr != null) {
                try {
                    type = model.getLocalizedServiceName(mgr.getAuthenticationSchema(type).getServiceName());
                } catch (AMConfigurationException e) {
                    if (debug.warningEnabled()) {
                        debug.warning("Could not get schema for type " + type + ". Using non-localized name.", e);
                    }
                }
            }
            tableModel.setValue(TYPE_COLUMN_DATA, type);
        }
    }
    /*
        * set the instances in the page session so when a request comes in 
        * we can prepopulate the table model. 
        */
    setPageSessionAttribute(AUTH_INSTANCE_TABLE, instanceSet);
}
Also used : OrderedSet(com.sun.identity.shared.datastruct.OrderedSet) HashSet(java.util.HashSet) Set(java.util.Set) OrderedSet(com.sun.identity.shared.datastruct.OrderedSet) CCActionTableModel(com.sun.web.ui.model.CCActionTableModel) HashMap(java.util.HashMap) Iterator(java.util.Iterator) AuthPropertiesModel(com.sun.identity.console.authentication.model.AuthPropertiesModel) AMConfigurationException(com.sun.identity.authentication.config.AMConfigurationException) AMAuthenticationInstance(com.sun.identity.authentication.config.AMAuthenticationInstance) HashMap(java.util.HashMap) Map(java.util.Map) AuthPropertiesModelImpl(com.sun.identity.console.authentication.model.AuthPropertiesModelImpl) AMAuthenticationManager(com.sun.identity.authentication.config.AMAuthenticationManager)

Example 15 with AMAuthenticationManager

use of com.sun.identity.authentication.config.AMAuthenticationManager in project OpenAM by OpenRock.

the class ConfiguredSocialAuthServices method filterConfigs.

@Override
protected Set<String> filterConfigs(Set<String> namedConfigs, ServiceConfig parentConfig, String realm, SSOToken adminToken) {
    AMAuthenticationManager authMgr;
    try {
        authMgr = new AMAuthenticationManager(adminToken, realm);
    } catch (AMConfigurationException e) {
        debug.warning("Could not load authentication manager for realm: " + realm, e);
        return Collections.EMPTY_SET;
    }
    Set<String> configs = new TreeSet<String>();
    for (String config : namedConfigs) {
        try {
            ServiceConfig authConfig = parentConfig.getSubConfig(config);
            Set<String> chainConfig = (Set<String>) authConfig.getAttributes().get(AMAuthConfigUtils.ATTR_NAME);
            AppConfigurationEntry[] chain = AMAuthConfigUtils.parseValues(chainConfig.iterator().next());
            for (int i = 0; i < chain.length; i++) {
                if (getType(authMgr, chain[i]).equals(OAUTH2_TYPE)) {
                    // There's an OAuth2 module in the chain, so this could be a social authn chain
                    configs.add(config);
                }
            }
        } catch (SMSException e) {
            if (debug.messageEnabled()) {
                debug.message("Not using auth chain as couldn't get config: " + config, e);
            }
        } catch (SSOException e) {
            if (debug.warningEnabled()) {
                debug.warning("Invalid SSO Token when trying to get config for " + config, e);
            }
        }
    }
    return configs;
}
Also used : AppConfigurationEntry(javax.security.auth.login.AppConfigurationEntry) Set(java.util.Set) TreeSet(java.util.TreeSet) ServiceConfig(com.sun.identity.sm.ServiceConfig) SMSException(com.sun.identity.sm.SMSException) TreeSet(java.util.TreeSet) AMConfigurationException(com.sun.identity.authentication.config.AMConfigurationException) SSOException(com.iplanet.sso.SSOException) AMAuthenticationManager(com.sun.identity.authentication.config.AMAuthenticationManager)

Aggregations

AMAuthenticationManager (com.sun.identity.authentication.config.AMAuthenticationManager)43 AMConfigurationException (com.sun.identity.authentication.config.AMConfigurationException)35 Set (java.util.Set)28 AMAuthenticationInstance (com.sun.identity.authentication.config.AMAuthenticationInstance)22 HashSet (java.util.HashSet)18 Iterator (java.util.Iterator)16 SSOToken (com.iplanet.sso.SSOToken)15 SSOException (com.iplanet.sso.SSOException)10 HashMap (java.util.HashMap)10 SMSException (com.sun.identity.sm.SMSException)9 Map (java.util.Map)8 AMAuthenticationSchema (com.sun.identity.authentication.config.AMAuthenticationSchema)7 CLIException (com.sun.identity.cli.CLIException)7 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)7 OrganizationConfigManager (com.sun.identity.sm.OrganizationConfigManager)3 ServiceConfig (com.sun.identity.sm.ServiceConfig)3 ServiceSchemaManager (com.sun.identity.sm.ServiceSchemaManager)3 AMException (com.iplanet.am.sdk.AMException)2 SessionException (com.iplanet.dpro.session.SessionException)2 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)2