Search in sources :

Example 1 with AuthLoginException

use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.

the class LoginViewBean method getLoginDisplay.

protected void getLoginDisplay() throws Exception {
    loginDebug.message("In getLoginDisplay()");
    if (!bAuthLevel) {
        prepareLoginParams();
    }
    if (loginDebug.messageEnabled()) {
        loginDebug.message("Login Parameters : IndexType = " + indexType + " IndexName = " + indexName);
    }
    try {
        if (indexType != null) {
            if (indexType.equals(AuthContext.IndexType.RESOURCE)) {
                ac.login(indexType, indexName, envMap, null);
            } else {
                ac.login(indexType, indexName);
            }
        } else {
            ac.login();
        }
    } catch (AuthLoginException le) {
        loginDebug.message("AuthContext()::login error ", le);
        if ((ac.getStatus() == AuthContext.Status.RESET) || (ac.getStatus() == AuthContext.Status.ORG_MISMATCH)) {
            loginDebug.message("getLoginDisplay(): Destroying current session!");
            InternalSession oldSession = AuthUtils.getOldSession(ac);
            if (AuthUtils.isSessionUpgrade(ac)) {
                clearCookieAndDestroySession(ac);
                loginDebug.message("getLoginDisplay(): Session upgrade - " + " Restoring original Session!");
                if (oldSession != null) {
                    ac.getLoginState().setSession(oldSession);
                    String redirect_url = AuthUtils.getSuccessURL(request, ac);
                    if (loginDebug.messageEnabled()) {
                        loginDebug.message("Session Upgrade - redirect_url : " + redirect_url);
                    }
                    response.sendRedirect(redirect_url);
                }
                forward = false;
            } else {
                clearCookieAndDestroySession(ac);
                if (oldSession != null) {
                    loginDebug.message("Destroy existing/old valid session");
                    AuthD authD = AuthD.getAuth();
                    authD.destroySession(oldSession.getID());
                }
                ac = null;
                handleAuthLoginException(le);
            }
        } else {
            handleAuthLoginException(le);
        }
        return;
    }
    try {
        // Get the information requested by the respective auth module
        if (ac.hasMoreRequirements()) {
            loginDebug.message("In getLoginDisplay, has More Requirements");
            callbacks = ac.getRequirements();
            for (int i = 0; i < callbacks.length; i++) {
                if (callbacks[i] instanceof HttpCallback) {
                    processHttpCallback((HttpCallback) callbacks[i]);
                    return;
                } else if (callbacks[i] instanceof RedirectCallback) {
                    processRedirectCallback((RedirectCallback) callbacks[i]);
                    return;
                } else if (!bAuthLevel && !newOrgExist) {
                    // Auth Level login will never do one page login.
                    if (callbacks[i] instanceof NameCallback) {
                        if (reqDataHash.get(TOKEN + Integer.toString(i)) != null) {
                            onePageLogin = true;
                            break;
                        } else if (reqDataHash.get(TOKEN_OLD + Integer.toString(i)) != null) {
                            onePageLogin = true;
                            break;
                        }
                    } else if (callbacks[i] instanceof PasswordCallback) {
                        if (reqDataHash.get(TOKEN + Integer.toString(i)) != null) {
                            onePageLogin = true;
                            break;
                        } else if (reqDataHash.get(TOKEN_OLD + Integer.toString(i)) != null) {
                            onePageLogin = true;
                            break;
                        }
                    } else if (callbacks[i] instanceof ChoiceCallback) {
                        if (reqDataHash.get(TOKEN + Integer.toString(i)) != null) {
                            onePageLogin = true;
                            break;
                        } else if (reqDataHash.get(TOKEN_OLD + Integer.toString(i)) != null) {
                            onePageLogin = true;
                            break;
                        }
                    } else if (callbacks[i] instanceof ConfirmationCallback) {
                        if (reqDataHash.get(BUTTON) != null) {
                            onePageLogin = true;
                            break;
                        } else if (reqDataHash.get(BUTTON_OLD) != null) {
                            onePageLogin = true;
                            break;
                        }
                    }
                }
            }
            if (onePageLogin && AuthUtils.isZeroPageLoginAllowed(ac.getLoginState().getZeroPageLoginConfig(), request)) {
                // user input login info in URL
                loginDebug.message("User input login information in URL!");
                processLoginDisplay();
            } else {
                addLoginCallbackMessage(callbacks);
                if (!LoginFail) {
                    //if the login already failed, then LoginState is already
                    //nullified, hence any attempt of calling this method
                    //the errormessage/code/template should be already set
                    //so a proper error page is shown.
                    AuthUtils.setCallbacksPerState(ac, pageState, callbacks);
                }
            }
        } else {
            if (loginDebug.messageEnabled()) {
                loginDebug.message("No more Requirements in getLoginDisplay");
                loginDebug.message("Status is : " + ac.getStatus());
            }
            if (ac.getStatus() == AuthContext.Status.SUCCESS) {
                LoginSuccess = true;
                ResultVal = rb.getString("authentication.successful");
                /*
                     * redirect to 'goto' parameter or SPI hook or default
                     * redirect URL.
                     */
                redirect_url = AuthUtils.getLoginSuccessURL(ac);
                if ((redirect_url != null) && (redirect_url.length() != 0)) {
                    if (loginDebug.messageEnabled()) {
                        loginDebug.message("LoginSuccessURL in getLoginDisplay " + "(in case of successful auth) : " + redirect_url);
                    }
                }
            } else if (ac.getStatus() == AuthContext.Status.FAILED) {
                handleAuthLoginException(null);
                /*
                     * redirect to 'goto' parameter or SPI hook or default
                     * redirect URL.
                     */
                redirect_url = AuthUtils.getLoginFailedURL(ac);
                if ((redirect_url != null) && (redirect_url.length() != 0)) {
                    if (loginDebug.messageEnabled()) {
                        loginDebug.message("LoginFailedURL in getLoginDisplay : " + redirect_url);
                    }
                }
            } else {
                /*
                     * redirect to 'goto' parameter or SPI hook or default
                     * redirect URL.
                     */
                redirect_url = AuthUtils.getLoginFailedURL(ac);
                if (loginDebug.warningEnabled()) {
                    loginDebug.warning("Login Status is " + ac.getStatus() + " - redirect to loginFailedURL : " + redirect_url);
                }
                setErrorMessage(null);
            }
        }
    } catch (Exception e) {
        setErrorMessage(e);
        throw new L10NMessageImpl(bundleName, "loginDisplay.get", new Object[] { e.getMessage() });
    }
}
Also used : RedirectCallback(com.sun.identity.authentication.spi.RedirectCallback) ConfirmationCallback(javax.security.auth.callback.ConfirmationCallback) L10NMessageImpl(com.sun.identity.shared.locale.L10NMessageImpl) HttpCallback(com.sun.identity.authentication.spi.HttpCallback) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) ModelControlException(com.iplanet.jato.model.ModelControlException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) SSOException(com.iplanet.sso.SSOException) IOException(java.io.IOException) ChoiceCallback(javax.security.auth.callback.ChoiceCallback) NameCallback(javax.security.auth.callback.NameCallback) InternalSession(com.iplanet.dpro.session.service.InternalSession) AuthD(com.sun.identity.authentication.service.AuthD) PasswordCallback(javax.security.auth.callback.PasswordCallback)

Example 2 with AuthLoginException

use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.

the class Federation method process.

/**
     * Process the authentication request.
     * @return ISAuthConstants.LOGIN_SUCCEED as succeeded;
     *         ISAuthConstants.LOGIN_IGNORE as failed.
     * @exception AuthLoginException upon any failure. login state should be
     * kept on exceptions for status check in auth chaining.
     */
public int process(Callback[] callbacks, int state) throws AuthLoginException {
    String randomSecret = null;
    String principalName = null;
    String authLevel = null;
    try {
        Callback[] cbs = new Callback[3];
        cbs[0] = new NameCallback(FMSessionProvider.RANDOM_SECRET);
        cbs[1] = new NameCallback(SessionProvider.PRINCIPAL_NAME);
        cbs[2] = new NameCallback(SessionProvider.AUTH_LEVEL);
        callbackHandler.handle(cbs);
        randomSecret = ((NameCallback) cbs[0]).getName();
        principalName = ((NameCallback) cbs[1]).getName();
        authLevel = ((NameCallback) cbs[2]).getName();
    } catch (IllegalArgumentException ill) {
        throw new AuthLoginException(fmAuthFederation, "IllegalArgs", null);
    } catch (IOException ioe) {
        throw new AuthLoginException(ioe);
    } catch (UnsupportedCallbackException uce) {
        throw new AuthLoginException(fmAuthFederation, "UnsupportedCallback", null);
    }
    if (!FMSessionProvider.matchSecret(randomSecret)) {
        throw new AuthLoginException(fmAuthFederation, "NoMatchingSecret", null);
    }
    HttpServletRequest request = getHttpServletRequest();
    if (request != null) {
        Map<String, Set<String>> attrs = (Map<String, Set<String>>) request.getAttribute(SessionProvider.ATTR_MAP);
        if (attrs != null) {
            setUserAttributes(attrs);
            request.removeAttribute(SessionProvider.ATTR_MAP);
        }
    }
    // TBD: This piece may or may not be needed
    /*
            DN dnObject = new DN(userName);
            String [] array = dnObject.explodeDN(true);
            userName = array[0];
        */
    debug.message("Module is successful");
    storeUsernamePasswd(principalName, null);
    userName = principalName;
    if (authLevel != null && authLevel.length() != 0) {
        try {
            int authLevelInt = Integer.parseInt(authLevel);
            setAuthLevel(authLevelInt);
        } catch (Exception e) {
            debug.error("Unable to set auth level " + authLevel, e);
        }
    }
    return ISAuthConstants.LOGIN_SUCCEED;
}
Also used : Set(java.util.Set) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) HttpServletRequest(javax.servlet.http.HttpServletRequest) NameCallback(javax.security.auth.callback.NameCallback) Callback(javax.security.auth.callback.Callback) NameCallback(javax.security.auth.callback.NameCallback) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) Map(java.util.Map)

Example 3 with AuthLoginException

use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.

the class LogSampleUtils method realmLogin.

public SSOToken realmLogin(String userid, String password, AuthContext ac) throws SSOException, AuthLoginException, Exception {
    String adminDN;
    String adminPassword;
    SSOToken ssoToken = null;
    String userID = null;
    try {
        ac.login();
    } catch (AuthLoginException le) {
        System.err.println("LogSampleUtils: Failed to start login " + "for default auth module.");
        throw le;
    }
    userID = userid;
    Callback[] callbacks = null;
    Hashtable values = new Hashtable();
    values.put(AuthXMLTags.NAME_CALLBACK, userid);
    values.put(AuthXMLTags.PASSWORD_CALLBACK, password);
    while (ac.hasMoreRequirements()) {
        callbacks = ac.getRequirements();
        try {
            fillCallbacks(callbacks, values);
            ac.submitRequirements(callbacks);
        } catch (Exception e) {
            System.err.println("Failed to submit callbacks!");
            e.printStackTrace();
            return null;
        }
    }
    AuthContext.Status istat = ac.getStatus();
    if (istat == AuthContext.Status.SUCCESS) {
        System.out.println("==>Authentication SUCCESSFUL for user " + userid);
    } else if (istat == AuthContext.Status.COMPLETED) {
        System.out.println("==>Authentication Status for user " + userid + " = " + istat);
        return null;
    }
    try {
        ssoToken = ac.getSSOToken();
    } catch (Exception e) {
        System.err.println("Failed to get SSO token!");
        throw e;
    }
    return ssoToken;
}
Also used : SSOToken(com.iplanet.sso.SSOToken) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) AuthContext(com.sun.identity.authentication.AuthContext) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) SSOException(com.iplanet.sso.SSOException)

Example 4 with AuthLoginException

use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.

the class IdRepoSampleUtils method realmLogin.

public SSOToken realmLogin(String userid, String password, String realm) throws SSOException, AuthLoginException, Exception {
    SSOTokenManager mgr;
    String adminDN;
    String adminPassword;
    SSOToken ssoToken = null;
    AuthContext.IndexType authType = AuthContext.IndexType.MODULE_INSTANCE;
    try {
        lc = new AuthContext(realm);
    } catch (AuthLoginException le) {
        System.err.println("IdRepoSampleUtils: could not get AuthContext for realm " + realm);
        throw le;
    }
    try {
        lc.login();
    } catch (AuthLoginException le) {
        System.err.println("IdRepoSampleUtils: Failed to start login " + "for default authmodule");
        throw le;
    }
    userID = userid;
    Callback[] callbacks = null;
    Hashtable values = new Hashtable();
    values.put(AuthXMLTags.NAME_CALLBACK, userid);
    values.put(AuthXMLTags.PASSWORD_CALLBACK, password);
    while (lc.hasMoreRequirements()) {
        callbacks = lc.getRequirements();
        try {
            fillCallbacks(callbacks, values);
            lc.submitRequirements(callbacks);
        } catch (Exception e) {
            System.err.println("Failed to submit callbacks!");
            e.printStackTrace();
            return null;
        }
    }
    AuthContext.Status istat = lc.getStatus();
    if (istat == AuthContext.Status.SUCCESS) {
        System.out.println("==>Authentication SUCCESSFUL for user " + userid);
    } else if (istat == AuthContext.Status.COMPLETED) {
        System.out.println("==>Authentication Status for user " + userid + " = " + istat);
        return null;
    }
    try {
        ssoToken = lc.getSSOToken();
    } catch (Exception e) {
        System.err.println("Failed to get SSO token!  " + e.getMessage());
        throw e;
    }
    return ssoToken;
}
Also used : SSOTokenManager(com.iplanet.sso.SSOTokenManager) SSOToken(com.iplanet.sso.SSOToken) AuthContext(com.sun.identity.authentication.AuthContext) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException)

Example 5 with AuthLoginException

use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.

the class DJLDAPv3Repo method authenticate.

/**
     * Tries to bind as the user with the credentials passed in via callbacks. This authentication mechanism does not
     * handle password policies, nor password expiration.
     *
     * @param credentials The username/password combination.
     * @return <code>true</code> if the bind operation was successful.
     * @throws IdRepoException If the passed in username/password was null, or if the specified user cannot be found.
     * @throws AuthLoginException If an LDAP error occurs during authentication.
     * @throws InvalidPasswordException If the provided password is not valid, so Account Lockout can be triggered.
     */
@Override
public boolean authenticate(Callback[] credentials) throws IdRepoException, AuthLoginException {
    if (DEBUG.messageEnabled()) {
        DEBUG.message("authenticate invoked");
    }
    String userName = null;
    char[] password = null;
    for (Callback callback : credentials) {
        if (callback instanceof NameCallback) {
            userName = ((NameCallback) callback).getName();
        } else if (callback instanceof PasswordCallback) {
            password = ((PasswordCallback) callback).getPassword();
        }
    }
    if (userName == null || password == null) {
        throw newIdRepoException(IdRepoErrorCode.UNABLE_TO_AUTHENTICATE, CLASS_NAME);
    }
    String dn = findDNForAuth(IdType.USER, userName);
    Connection conn = null;
    try {
        BindRequest bindRequest = LDAPRequests.newSimpleBindRequest(dn, password);
        conn = bindConnectionFactory.getConnection();
        BindResult bindResult = conn.bind(bindRequest);
        return bindResult.isSuccess();
    } catch (LdapException ere) {
        ResultCode resultCode = ere.getResult().getResultCode();
        if (DEBUG.messageEnabled()) {
            DEBUG.message("An error occurred while trying to authenticate a user: " + ere.toString());
        }
        if (resultCode.equals(ResultCode.INVALID_CREDENTIALS)) {
            throw new InvalidPasswordException(AM_AUTH, "InvalidUP", null, userName, null);
        } else if (resultCode.equals(ResultCode.UNWILLING_TO_PERFORM) || resultCode.equals(ResultCode.CONSTRAINT_VIOLATION)) {
            throw new AuthLoginException(AM_AUTH, "FAuth", null);
        } else if (resultCode.equals(ResultCode.INAPPROPRIATE_AUTHENTICATION)) {
            throw new AuthLoginException(AM_AUTH, "InappAuth", null);
        } else {
            throw new AuthLoginException(AM_AUTH, "LDAPex", null);
        }
    } finally {
        IOUtils.closeIfNotNull(conn);
    }
}
Also used : PasswordCallback(javax.security.auth.callback.PasswordCallback) Callback(javax.security.auth.callback.Callback) NameCallback(javax.security.auth.callback.NameCallback) NameCallback(javax.security.auth.callback.NameCallback) Connection(org.forgerock.opendj.ldap.Connection) BindRequest(org.forgerock.opendj.ldap.requests.BindRequest) PasswordCallback(javax.security.auth.callback.PasswordCallback) BindResult(org.forgerock.opendj.ldap.responses.BindResult) InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException) AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException) ByteString(org.forgerock.opendj.ldap.ByteString) LdapException(org.forgerock.opendj.ldap.LdapException) ResultCode(org.forgerock.opendj.ldap.ResultCode)

Aggregations

AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)118 SSOException (com.iplanet.sso.SSOException)39 Callback (javax.security.auth.callback.Callback)29 IdRepoException (com.sun.identity.idm.IdRepoException)27 InvalidPasswordException (com.sun.identity.authentication.spi.InvalidPasswordException)25 NameCallback (javax.security.auth.callback.NameCallback)24 PasswordCallback (javax.security.auth.callback.PasswordCallback)23 IOException (java.io.IOException)20 Set (java.util.Set)18 HttpServletRequest (javax.servlet.http.HttpServletRequest)15 SSOToken (com.iplanet.sso.SSOToken)14 HashMap (java.util.HashMap)14 AuthContext (com.sun.identity.authentication.AuthContext)13 Map (java.util.Map)12 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)12 Test (org.testng.annotations.Test)12 HashSet (java.util.HashSet)9 LoginException (javax.security.auth.login.LoginException)8 SSOTokenManager (com.iplanet.sso.SSOTokenManager)7 AuthException (com.sun.identity.authentication.service.AuthException)7