Example 66 with AuthLoginException
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class AuthenticatorOATH method init.
/**
* Initializes the authentication module. This function gets the modules
* settings, and the username from the previous authentication module in
* the chain.
*
* @param subject For whom this module is initializing.
* @param sharedState Previously chained module data.
* @param options Configuration for this module.
*/
@Override
public void init(Subject subject, Map sharedState, Map options) {
if (debug.messageEnabled()) {
debug.message("OATH::init");
}
//get username from previous authentication
try {
userName = (String) sharedState.get(getUserKey());
//gets skippable name from the realm's service and stores it
id = getIdentity();
realmOathService = new AuthenticatorOathService(id.getRealm());
this.authLevel = CollectionHelper.getMapAttr(options, AUTHLEVEL);
try {
this.passLen = CollectionHelper.getIntMapAttr(options, PASSWORD_LENGTH, 0, debug);
} catch (NumberFormatException e) {
passLen = 0;
}
try {
this.minSecretKeyLength = CollectionHelper.getIntMapAttr(options, MIN_SECRET_KEY_LENGTH, 0, debug);
} catch (NumberFormatException e) {
//Default value has been deleted, set to 0
minSecretKeyLength = 0;
}
this.windowSize = CollectionHelper.getIntMapAttr(options, WINDOW_SIZE, 0, debug);
this.truncationOffset = CollectionHelper.getIntMapAttr(options, TRUNCATION_OFFSET, -1, debug);
this.isOptional = !getLoginState("authenticatorOATH").is2faMandatory();
this.totpTimeStep = CollectionHelper.getIntMapAttr(options, TOTP_TIME_STEP, 1, debug);
this.totpStepsInWindow = CollectionHelper.getIntMapAttr(options, TOTP_STEPS_IN_WINDOW, 1, debug);
this.checksum = CollectionHelper.getBooleanMapAttr(options, CHECKSUM, false);
this.totpMaxClockDrift = CollectionHelper.getIntMapAttr(options, MAXIMUM_CLOCK_DRIFT, 0, debug);
this.issuerName = CollectionHelper.getMapAttr(options, ISSUER_NAME);
final String algorithm = CollectionHelper.getMapAttr(options, ALGORITHM);
if (algorithm.equalsIgnoreCase("HOTP")) {
this.algorithm = HOTP;
} else if (algorithm.equalsIgnoreCase("TOTP")) {
this.algorithm = TOTP;
} else {
this.algorithm = ERROR;
}
//set authentication level
if (authLevel != null) {
try {
setAuthLevel(Integer.parseInt(authLevel));
} catch (Exception e) {
if (debug.errorEnabled()) {
debug.error("OATH :: init() : Unable to set auth level " + authLevel, e);
}
}
}
} catch (SMSException | SSOException | AuthLoginException e) {
if (debug.errorEnabled()) {
debug.error("OATH :: init() : Unable to configure basic module properties " + authLevel, e);
}
}
}
Also used :
AuthenticatorOathService(org.forgerock.openam.core.rest.devices.services.AuthenticatorOathService)
SMSException(com.sun.identity.sm.SMSException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
IdRepoException(com.sun.identity.idm.IdRepoException)
SMSException(com.sun.identity.sm.SMSException)
DecoderException(org.apache.commons.codec.DecoderException)
IOException(java.io.IOException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException)
SSOException(com.iplanet.sso.SSOException)
Example 67 with AuthLoginException
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class AuthenticatorOATH method checkForSessionAndGetUsernameAndUUID.
private void checkForSessionAndGetUsernameAndUUID() throws SSOException, AuthLoginException {
if (StringUtils.isEmpty(userName)) {
// session upgrade case. Need to find the user ID from the old
SSOTokenManager mgr = SSOTokenManager.getInstance();
InternalSession isess = getLoginState("OATH").getOldSession();
if (isess == null) {
throw new AuthLoginException("amAuth", "noInternalSession", null);
}
SSOToken token = mgr.createSSOToken(isess.getID().toString());
userId = token.getPrincipal().getName();
userName = token.getProperty("UserToken");
if (debug.messageEnabled()) {
debug.message("OATH.process() : Username from SSOToken : " + userName);
}
if (StringUtils.isEmpty(userName)) {
throw new AuthLoginException("amAuth", "noUserName", null);
}
}
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
SSOToken(com.iplanet.sso.SSOToken)
InternalSession(com.iplanet.dpro.session.service.InternalSession)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
Example 68 with AuthLoginException
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class JaspiAuthModuleWrapperTest method shouldProcessCallbacksAndThrowInvalidStateException.
@Test
public void shouldProcessCallbacksAndThrowInvalidStateException() throws LoginException {
//Given
Callback[] callbacks = new Callback[0];
int state = 0;
//When
boolean exceptionCaught = false;
AuthLoginException exception = null;
try {
jaspiAuthModuleWrapper.process(callbacks, state);
} catch (AuthLoginException e) {
exceptionCaught = true;
exception = e;
}
//Then
assertTrue(exceptionCaught);
assertEquals(exception.getErrorCode(), "incorrectState");
}
Also used :
Callback(javax.security.auth.callback.Callback)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
Test(org.testng.annotations.Test)
Example 69 with AuthLoginException
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class JaspiAuthModuleWrapperTest method shouldProcessCallbacksWhenValidateRequestReturnsSendFailure.
@Test
public void shouldProcessCallbacksWhenValidateRequestReturnsSendFailure() throws LoginException {
//Given
Callback[] callbacks = new Callback[0];
int state = ISAuthConstants.LOGIN_START;
given(serverAuthModule.validateRequest(Matchers.<MessageInfo>anyObject(), Matchers.<Subject>anyObject(), (Subject) isNull())).willReturn(AuthStatus.SEND_FAILURE);
//When
boolean exceptionCaught = false;
AuthLoginException exception = null;
try {
jaspiAuthModuleWrapper.process(callbacks, state);
} catch (AuthLoginException e) {
exceptionCaught = true;
exception = e;
}
//Then
assertTrue(processMethodCalled);
verify(serverAuthModule).validateRequest(Matchers.<MessageInfo>anyObject(), Matchers.<Subject>anyObject(), (Subject) isNull());
assertTrue(exceptionCaught);
assertEquals(exception.getErrorCode(), "authFailed");
}
Also used :
Callback(javax.security.auth.callback.Callback)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
Test(org.testng.annotations.Test)
Example 70 with AuthLoginException
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class SecurID method process.
public int process(Callback[] callbacks, int state) throws AuthLoginException {
String nextToken;
int rtnval = -1;
String tmp_passcode = null;
/*
* state starts at 1, numbering corresponds to order of screens.
* return -1 if done, next screen# if another screen
*/
wtOrgName = getRequestOrg();
if (debug.messageEnabled()) {
debug.message("SecurID:process: Org = " + wtOrgName + "\n\tstate = " + state);
}
/*
* see if this org not initialized.
* the path to sdconf.rec was gotten in init();
* verify that it exists once. after that, can
* get the AuthSessionFactory.getInstance every time,
* as it will return the same one, given the same path.
*/
if (!configDone.containsKey(STR_SECURID_CONFIG_PATH)) {
// verify path to sdconf.rec
verifyConfigPath();
configDone.put(STR_SECURID_CONFIG_PATH, "true");
}
/*
* not particularly pretty getting the
* AuthSessionFactory instance every time, but the
* SecurID api states that it returns the same instance
* for the given path. plus this way saves having to
* keep track of stuff...
*/
if (api == null) {
debug.message("SecurID.process:getting Session instance");
try {
api = AuthSessionFactory.getInstance(STR_SECURID_CONFIG_PATH);
} catch (AuthAgentException e) {
debug.error("SecurID.process:" + "Unable to get SecurID API.");
throw new AuthLoginException(bundleName, "SecurIDInitLex", null, e);
}
}
if (debug.messageEnabled()) {
debug.message("SecurID:process:after configDone: Org = " + wtOrgName + "\n\tstate = " + state + "\n\tconfig_path = " + STR_SECURID_CONFIG_PATH + "\n\tuserTokenId = " + userTokenId + "\n\tusername = " + username);
}
String newPin = "";
int authStatus = AuthSession.ACCESS_DENIED;
PinData pinData = null;
switch(state) {
case // initial state (1)
ISAuthConstants.LOGIN_START:
{
if (callbacks != null && callbacks.length == 0) {
username = (String) sharedState.get(getUserKey());
tmp_passcode = (String) sharedState.get(getPwdKey());
if (username == null || tmp_passcode == null) {
return 1;
}
getCredentialsFromSharedState = true;
} else {
username = ((NameCallback) callbacks[0]).getName();
// null userid is a no-no
if (username == null || username.length() == 0) {
throw new AuthLoginException(bundleName, "SecurIDUserIdNull", null);
}
tmp_passcode = charToString(((PasswordCallback) callbacks[1]).getPassword(), callbacks[1]);
// null passcode is also a no-no
if (tmp_passcode == null || tmp_passcode.length() == 0) {
throw new AuthLoginException(bundleName, "SecurIDPasscodeNull", null);
}
}
if (debug.messageEnabled()) {
debug.message("SecurID.process(): username: " + username);
}
storeUsernamePasswd(username, tmp_passcode);
// got the userid and passcode
try {
session = api.createUserSession();
} catch (AuthAgentException aaex) {
debug.error("SecurID.process:createUserSession() error:" + aaex.getMessage());
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDInitializeLex", new Object[] { aaex.getMessage() });
}
try {
authStatus = session.lock(username);
if (debug.messageEnabled()) {
debug.message("SecurID.process:session.lock returns = " + authStatus);
}
authStatus = session.check(username, tmp_passcode);
if (debug.messageEnabled()) {
debug.message("SecurID.process:session.check returns = " + authStatus);
}
switch(authStatus) {
case AuthSession.ACCESS_OK:
debug.message("SecurID.process:ACCESS_OK");
userTokenId = username;
rtnval = ISAuthConstants.LOGIN_SUCCEED;
break;
case // new PIN mode
AuthSession.NEW_PIN_REQUIRED:
{
debug.message("SecurID.process:NEW_PIN_REQUIRED");
pinData = session.getPinData();
int pinState = pinData.getUserSelectable();
String msg = getNewPinMsg(pinData);
// if user can't choose their own pin
if (pinState == PinData.CANNOT_CHOOSE_PIN) {
debug.message("SecurID.process:CANNOT_CHOOSE_PIN");
newPin = pinData.getSystemPin().trim();
// submit new PIN
if (newPin.length() != 0) {
authStatus = session.pin(newPin);
if (debug.messageEnabled()) {
debug.message("SecurID.process:CCP:pin rtns = " + authStatus);
}
if (authStatus != AuthSession.PIN_ACCEPTED) {
/*
* weird that we'd get an error
* submitting the PIN provided by
* the system...
* could do error handling here,
* or having the user submit a
* null pin will make things terminate
* subsequently...
*/
debug.error("SecurID.process:CCP:sys pin " + "not accepted!");
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:NPRCCP:" + "close err = " + aax.getMessage());
}
session = null;
}
throw new AuthLoginException(bundleName, "SecurIDLoginFailed", new Object[] { username });
}
} else {
/*
* weird that we'd get a null PIN
* from the system...
*/
debug.message("SecurID.process:CCP:newPin 0-length");
newPin = "";
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:LSNP:" + "close err = " + aax.getMessage());
}
session = null;
}
throw new AuthLoginException(bundleName, "SecurIDLoginFailed", new Object[] { username });
}
/*
* then tell user the new PIN, and to do
* next token
*/
setDynamicText(true, ISAuthConstants.LOGIN_NEW_PIN_NEXT_TOKEN, bundle.getString("SecurIDWaitPin") + bundle.getString("SecurIDNewSysPin") + newPin);
rtnval = ISAuthConstants.LOGIN_NEW_PIN_NEXT_TOKEN;
} else if (pinState == PinData.USER_SELECTABLE) {
// see if user wants user-gen or sys-gen
debug.message("SecurID.process:USER_SELECTABLE");
setDynamicText(false, ISAuthConstants.LOGIN_SYS_GEN_PIN, bundle.getString("SecurIDSysGenPin"));
rtnval = ISAuthConstants.LOGIN_SYS_GEN_PIN;
} else if (pinState == PinData.MUST_CHOOSE_PIN) {
debug.message("SecurID.process:MUST_CHOOSE_PIN");
// user must provide new PIN
setDynamicText(true, ISAuthConstants.LOGIN_CHALLENGE, msg);
rtnval = ISAuthConstants.LOGIN_CHALLENGE;
if (debug.messageEnabled()) {
debug.message("SecurID.process:prompt = " + msg);
}
} else {
// huh?
debug.error("SecurID.process:NEW_PIN_REQUIRED:" + "unknown pinState = " + pinState);
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:NPRQ:" + "close err = " + aax.getMessage());
}
session = null;
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDLoginFailed", new Object[] { username });
}
}
}
break;
case // next token mode
AuthSession.NEXT_CODE_REQUIRED:
debug.message("SecurID.process:NEXT_CODE_REQUIRED");
rtnval = ISAuthConstants.LOGIN_NEXT_TOKEN;
break;
case AuthSession.ACCESS_DENIED:
debug.message("SecurID.process:ACCESS_DENIED");
default:
debug.message("SecurID.process:state == default");
if (getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
getCredentialsFromSharedState = false;
rtnval = ISAuthConstants.LOGIN_START;
break;
}
setFailureID(username);
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:LSAD:" + "close err = " + aax.getMessage());
}
session = null;
}
throw new AuthLoginException(bundleName, "SecurIDLoginFailed", new Object[] { username });
}
} catch (AuthAgentException aaex) {
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:LS:close err = " + aax.getMessage());
}
session = null;
}
debug.error("SecurID.process:session lock/check:" + aaex.getMessage());
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDInitializeLex", new Object[] { aaex.getMessage() });
}
}
break;
case // new PIN mode (2)
ISAuthConstants.LOGIN_CHALLENGE:
{
debug.message("SecurID.process:LOGIN_CHALLENGE");
// submit new PIN
String newPIN = charToString(((PasswordCallback) callbacks[0]).getPassword(), callbacks[0]);
/*
* if no PIN provided, submit "" as the new PIN, and
* let the ACE/Server handle it (by returning an error)
*/
if (newPIN == null) {
// might not pass the ASCII test below
newPIN = "";
}
if (debug.messageEnabled()) {
debug.message("SecurID.process:state2: token length = " + newPIN.length());
}
try {
if (!newPIN.equals(new String(newPIN.getBytes("ASCII"), "ASCII"))) {
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:LC:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDNewPINNotASCII", null);
}
} catch (UnsupportedEncodingException ueex) {
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:LC2:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDInputEncodingException", null);
}
try {
authStatus = session.pin(newPIN);
if (debug.messageEnabled()) {
debug.message("SecurID.process:session.pin returns " + authStatus);
}
if (authStatus == AuthSession.PIN_ACCEPTED) {
debug.message("SecurID.process:new pin ACCEPTED");
rtnval = ISAuthConstants.LOGIN_NEW_PIN_NEXT_TOKEN;
setDynamicText(true, ISAuthConstants.LOGIN_NEW_PIN_NEXT_TOKEN, bundle.getString("SecurIDWaitPin"));
userTokenId = username;
} else if (authStatus == AuthSession.PIN_REJECTED) {
debug.message("SecurID:process:New PIN specified is invalid.");
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:LC3:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDAuthInvNewPin", null);
} else {
// hmmm...
debug.error("SecurID.process:unsure this pin response value.");
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:LC4:close err = " + aax.getMessage());
}
session = null;
}
}
} catch (AuthAgentException aaex) {
// probably have to terminate the session
debug.error("SecurID.process:session.pin exception: " + aaex.getMessage());
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:LC5:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDAuthInvNewPin", null);
}
}
break;
case // next token mode (3)
ISAuthConstants.LOGIN_NEXT_TOKEN:
{
// can do PIN+passcode or just passcode
debug.message("SecurID.process:LOGIN_NEXT_TOKEN");
// got the next token; submit it
nextToken = charToString(((PasswordCallback) callbacks[0]).getPassword(), callbacks[0]);
// must have something
if (nextToken == null) {
// might not pass the ASCII test below
nextToken = "";
}
if (debug.messageEnabled()) {
debug.message("SecurID.process:LOGIN_NEXT_TOKEN:token length = " + nextToken.length());
}
try {
if (!nextToken.equals(new String(nextToken.getBytes("ASCII"), "ASCII"))) {
setFailureID(username);
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:NT:close err = " + aax.getMessage());
}
session = null;
}
debug.error("SecurID.process:LOGIN_NEXT_TOKEN:" + "nextToken not ascii");
throw new AuthLoginException(bundleName, "SecurIDNextTokenNotASCII", null);
}
} catch (UnsupportedEncodingException ueex) {
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:NT2:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
debug.error("SecurID.process:LOGIN_NEXT_TOKEN:" + "nextToken input encoding");
throw new AuthLoginException(bundleName, "SecurIDInputEncodingException", null);
}
try {
authStatus = session.next(nextToken);
if (debug.messageEnabled()) {
debug.message("SecurID.process:LOGIN_NEXT_TOKEN:" + "next returns " + authStatus);
}
} catch (AuthAgentException aaex) {
debug.error("SecurID.process:LOGIN_NEXT_TOKEN:next() exception:" + aaex.getMessage());
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:NT3:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDInvNextToken", null);
}
if (authStatus == AuthSession.ACCESS_OK) {
// succeed
userTokenId = username;
rtnval = ISAuthConstants.LOGIN_SUCCEED;
} else {
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:NT4:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
if (debug.messageEnabled()) {
debug.message("SecurID.process:LOGIN_NEXT_TOKEN:" + "nextToken failure");
}
throw new AuthLoginException(bundleName, "SecurIDInvNextToken", null);
}
}
break;
case // sys genned PIN answer(4)
ISAuthConstants.LOGIN_SYS_GEN_PIN:
{
debug.message("SecurID.process:LOGIN_SYS_GEN_PIN");
// server asked if sys-genned PIN wanted, user said...
String answer = ((NameCallback) callbacks[0]).getName();
if (debug.messageEnabled()) {
debug.message("SecurID.process:received answer(state 4) = " + answer);
}
// must have something
boolean sysgenpin = false;
if (answer == null || answer.length() == 0) {
// make it system generated
sysgenpin = true;
if (debug.messageEnabled()) {
debug.message("SecurID.process:made answer(state 4) = " + sysgenpin);
}
} else if (answer.startsWith("y") || answer.startsWith("Y")) {
sysgenpin = true;
}
if (sysgenpin) {
debug.message("SecurID.process:LOGIN_SYS_GEN_PIN:" + "about to getSystemPin");
try {
pinData = session.getPinData();
newPin = pinData.getSystemPin();
authStatus = session.pin(newPin);
if (debug.messageEnabled()) {
debug.message("SecurID.process:LSGP:" + "newPin:pin() response = " + authStatus);
}
setDynamicText(true, ISAuthConstants.LOGIN_NEW_PIN_NEXT_TOKEN, bundle.getString("SecurIDWaitPin") + bundle.getString("SecurIDNewSysPin") + newPin);
userTokenId = username;
rtnval = ISAuthConstants.LOGIN_NEW_PIN_NEXT_TOKEN;
} catch (AuthAgentException aaex) {
// probably have to terminate the session
debug.error("SecurID.process:LSGP:getSystemPin/pin error = " + aaex.getMessage());
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:SGP:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
if (getCredentialsFromSharedState && !isUseFirstPassEnabled()) {
getCredentialsFromSharedState = false;
rtnval = ISAuthConstants.LOGIN_START;
}
throw new AuthLoginException(bundleName, "SecurIDAuthInvNewPin", null);
}
} else {
// user-generated PIN
try {
String msg = getNewPinMsg(session.getPinData());
if (debug.messageEnabled()) {
debug.message("SecurID.process:LOGIN_SYS_GEN_PIN:" + "about to get user-genned PIN, prompt = \n\t" + msg);
}
setDynamicText(true, ISAuthConstants.LOGIN_CHALLENGE, msg);
rtnval = ISAuthConstants.LOGIN_CHALLENGE;
} catch (AuthAgentException aaex) {
// probably have to terminate the session
debug.error("SecurID.process:" + "session.getPinData exception: " + aaex.getMessage());
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:UGP:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDAuthInvNewPin", null);
}
}
}
break;
case // 5
ISAuthConstants.LOGIN_NEW_PIN_NEXT_TOKEN:
{
if (debug.messageEnabled()) {
debug.message("LOGIN_NEW_PIN_NEXT_TOKEN:username = " + username);
}
if (username == null || username.length() == 0) {
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDPrevUserid", null);
}
// only one callback... the new pin + token
nextToken = charToString(((PasswordCallback) callbacks[0]).getPassword(), callbacks[0]);
/*
* if nothing provided,
* send a null string, and let the ACE/Server handle it.
*/
if (nextToken == null) {
// might not pass ASCII test below
nextToken = "";
}
try {
if (!nextToken.equals(new String(nextToken.getBytes("ASCII"), "ASCII"))) {
setFailureID(username);
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:NPT:close err = " + aax.getMessage());
}
session = null;
}
throw new AuthLoginException(bundleName, "SecurIDNextTokenNotASCII", null);
}
} catch (UnsupportedEncodingException ueex) {
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:NPT2:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDInputEncodingException", null);
}
debug.message("SecurID.process:LNPNT:doing session.check");
authStatus = AuthSession.ACCESS_DENIED;
try {
authStatus = session.lock(username);
if (debug.messageEnabled()) {
debug.message("SecurID.process:LNPNT:lock returns " + authStatus);
}
authStatus = session.check(username, nextToken);
if (debug.messageEnabled()) {
debug.message("SecurID.process:LNPNT:next returns " + authStatus);
}
} catch (AuthAgentException aaex) {
debug.error("SecurID.process:LNPNT:next() gets exception:" + aaex.getMessage());
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:NPT3:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDLoginFailed", new Object[] { username });
}
if (debug.messageEnabled()) {
debug.message("SecurID.process:LNPNT:ACCESS_OK = " + AuthSession.ACCESS_OK + ", authStatus = " + authStatus);
}
if (authStatus == AuthSession.ACCESS_OK) {
// succeed
if (debug.messageEnabled()) {
debug.message("SecurID.process:LNPNT:next() =" + " LOGIN_SUCCEED, username = " + username);
}
userTokenId = username;
rtnval = ISAuthConstants.LOGIN_SUCCEED;
} else {
// login failed
if (debug.messageEnabled()) {
debug.message("SecurID.process:LNPNT:next() " + "gets NOT Succeed = " + authStatus);
}
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:NPT4:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDLoginFailed", new Object[] { username });
}
}
break;
default:
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:DEF:close err = " + aax.getMessage());
}
session = null;
}
setFailureID(username);
throw new AuthLoginException(bundleName, "SecurIDAuth", null);
}
if (debug.messageEnabled()) {
debug.message("process; after process:" + "\n\tstate = " + state + "\n\tuserTokenId = " + userTokenId + "\n\tusername = " + username + "\n\trtnval = " + rtnval);
}
if (rtnval == ISAuthConstants.LOGIN_SUCCEED) {
if (session != null) {
try {
session.close();
} catch (AuthAgentException aax) {
debug.error("SecurID.process:LOGIN_SUCCEED:close err = " + aax.getMessage());
}
session = null;
}
}
return (rtnval);
}
Also used :
PinData(com.rsa.authagent.authapi.PinData)
AuthAgentException(com.rsa.authagent.authapi.AuthAgentException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
Aggregations
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)118
SSOException (com.iplanet.sso.SSOException)39
Callback (javax.security.auth.callback.Callback)29
IdRepoException (com.sun.identity.idm.IdRepoException)27
InvalidPasswordException (com.sun.identity.authentication.spi.InvalidPasswordException)25
NameCallback (javax.security.auth.callback.NameCallback)24
PasswordCallback (javax.security.auth.callback.PasswordCallback)23
IOException (java.io.IOException)20
Set (java.util.Set)18
HttpServletRequest (javax.servlet.http.HttpServletRequest)15
SSOToken (com.iplanet.sso.SSOToken)14
HashMap (java.util.HashMap)14
AuthContext (com.sun.identity.authentication.AuthContext)13
Map (java.util.Map)12
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)12
Test (org.testng.annotations.Test)12
HashSet (java.util.HashSet)9
LoginException (javax.security.auth.login.LoginException)8
SSOTokenManager (com.iplanet.sso.SSOTokenManager)7
AuthException (com.sun.identity.authentication.service.AuthException)7
