Example 81 with AuthLoginException
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class WindowsDesktopSSO method process.
/**
* Processes the authentication request.
*
* @param callbacks
* @param state
* @return -1 as succeeded; 0 as failed.
* @exception AuthLoginException upon any failure.
*/
public int process(Callback[] callbacks, int state) throws AuthLoginException {
int result = ISAuthConstants.LOGIN_IGNORE;
// Check to see if the Rest Auth Endpoint has signified that IWA has failed.
HttpServletRequest request = getHttpServletRequest();
if (request != null && hasWDSSOFailed(request)) {
return ISAuthConstants.LOGIN_IGNORE;
}
if (!getConfigParams()) {
initWindowsDesktopSSOAuth(options);
}
// retrieve the spnego token
byte[] spnegoToken = getSPNEGOTokenFromHTTPRequest(request);
if (spnegoToken == null) {
spnegoToken = getSPNEGOTokenFromCallback(callbacks);
}
if (spnegoToken == null) {
debug.error("spnego token is not valid.");
throw new AuthLoginException(amAuthWindowsDesktopSSO, "token", null);
}
if (debug.messageEnabled()) {
debug.message("SPNEGO token: \n" + DerValue.printByteArray(spnegoToken, 0, spnegoToken.length));
}
// parse the spnego token and extract the kerberos mech token from it
final byte[] kerberosToken = parseToken(spnegoToken);
if (kerberosToken == null) {
debug.error("kerberos token is not valid.");
throw new AuthLoginException(amAuthWindowsDesktopSSO, "token", null);
}
if (debug.messageEnabled()) {
debug.message("Kerberos token retrieved from SPNEGO token: \n" + DerValue.printByteArray(kerberosToken, 0, kerberosToken.length));
}
// authenticate the user with the kerberos token
try {
authenticateToken(kerberosToken, trustedKerberosRealms);
if (debug.messageEnabled()) {
debug.message("WindowsDesktopSSO kerberos authentication passed succesfully.");
}
result = ISAuthConstants.LOGIN_SUCCEED;
} catch (PrivilegedActionException pe) {
Exception e = extractException(pe);
if (e instanceof GSSException) {
int major = ((GSSException) e).getMajor();
if (major == GSSException.CREDENTIALS_EXPIRED) {
debug.message("Credential expired. Re-establish credential...");
serviceLogin();
try {
authenticateToken(kerberosToken, trustedKerberosRealms);
if (debug.messageEnabled()) {
debug.message("Authentication succeeded with new cred.");
result = ISAuthConstants.LOGIN_SUCCEED;
}
} catch (Exception ee) {
debug.error("Authentication failed with new cred.Stack Trace", ee);
throw new AuthLoginException(amAuthWindowsDesktopSSO, "auth", null, ee);
}
} else {
debug.error("Authentication failed with PrivilegedActionException wrapped GSSException. Stack Trace", e);
throw new AuthLoginException(amAuthWindowsDesktopSSO, "auth", null, e);
}
}
} catch (GSSException e1) {
int major = e1.getMajor();
if (major == GSSException.CREDENTIALS_EXPIRED) {
debug.message("Credential expired. Re-establish credential...");
serviceLogin();
try {
authenticateToken(kerberosToken, trustedKerberosRealms);
if (debug.messageEnabled()) {
debug.message("Authentication succeeded with new cred.");
result = ISAuthConstants.LOGIN_SUCCEED;
}
} catch (Exception ee) {
debug.error("Authentication failed with new cred. Stack Trace", ee);
throw new AuthLoginException(amAuthWindowsDesktopSSO, "auth", null, ee);
}
} else {
debug.error("Authentication failed with GSSException. Stack Trace", e1);
throw new AuthLoginException(amAuthWindowsDesktopSSO, "auth", null, e1);
}
} catch (AuthLoginException e2) {
debug.error("Authentication failed with AuthLoginException. Stack Trace", e2);
throw e2;
} catch (Exception e3) {
debug.error("Authentication failed with generic exception. Stack Trace", e3);
throw new AuthLoginException(amAuthWindowsDesktopSSO, "auth", null, e3);
}
return result;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
GSSException(org.ietf.jgss.GSSException)
PrivilegedActionException(java.security.PrivilegedActionException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
IdRepoException(com.sun.identity.idm.IdRepoException)
PrivilegedActionException(java.security.PrivilegedActionException)
GSSException(org.ietf.jgss.GSSException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
Example 82 with AuthLoginException
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class WindowsDesktopSSO method serviceLogin.
private synchronized void serviceLogin() throws AuthLoginException {
if (debug.messageEnabled()) {
debug.message("New Service Login ...");
}
System.setProperty("java.security.krb5.realm", kdcRealm);
System.setProperty("java.security.krb5.kdc", kdcServer);
System.setProperty("java.security.auth.login.config", "/dev/null");
try {
Configuration config = Configuration.getConfiguration();
WindowsDesktopSSOConfig wtc = null;
if (config instanceof WindowsDesktopSSOConfig) {
wtc = (WindowsDesktopSSOConfig) config;
wtc.setRefreshConfig("true");
} else {
wtc = new WindowsDesktopSSOConfig(config);
}
wtc.setPrincipalName(servicePrincipalName);
wtc.setKeyTab(keyTabFile);
Configuration.setConfiguration(wtc);
// perform service authentication using JDK Kerberos module
LoginContext lc = new LoginContext(WindowsDesktopSSOConfig.defaultAppName);
lc.login();
serviceSubject = lc.getSubject();
if (debug.messageEnabled()) {
debug.message("Service login succeeded.");
}
} catch (Exception e) {
debug.error("Service Login Error: ");
if (debug.messageEnabled()) {
debug.message("Stack trace: ", e);
}
throw new AuthLoginException(amAuthWindowsDesktopSSO, "serviceAuth", null, e);
}
}
Also used :
LoginContext(javax.security.auth.login.LoginContext)
Configuration(javax.security.auth.login.Configuration)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
IdRepoException(com.sun.identity.idm.IdRepoException)
PrivilegedActionException(java.security.PrivilegedActionException)
GSSException(org.ietf.jgss.GSSException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
SSOException(com.iplanet.sso.SSOException)
Example 83 with AuthLoginException
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class Application method initLDAPAttributes.
private boolean initLDAPAttributes(String serviceName) throws AuthLoginException {
String serverHost = null;
currentConfig = getOrgServiceTemplate(getRequestOrg(), serviceName);
try {
// All LDAP module Attribute Initialization done here ...
serverHost = CollectionHelper.getServerMapAttr(currentConfig, ISAuthConstants.LDAP_SERVER);
if (serverHost == null) {
debug.message("No server for configuring");
return false;
}
String baseDN = CollectionHelper.getServerMapAttr(currentConfig, ISAuthConstants.LDAP_BASEDN);
if (baseDN == null) {
debug.error("Fatal error: baseDN for search has invalid value");
throw new AuthLoginException(amAuthApplication, "basednnull", null);
}
String bindDN = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_BINDDN, "");
String bindPassword = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_BINDPWD, "");
String userNamingAttr = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_UNA, "uid");
Set userSearchAttrs = (Set) currentConfig.get(ISAuthConstants.LDAP_USERSEARCH);
String searchFilter = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_SEARCHFILTER, "");
boolean ssl = Boolean.valueOf(CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_SSL, "false"));
String tmp = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_SEARCHSCOPE, "SUBTREE");
// SUBTREE is the default
SearchScope searchScope = SearchScope.WHOLE_SUBTREE;
if (tmp.equalsIgnoreCase("OBJECT")) {
searchScope = SearchScope.BASE_OBJECT;
} else if (tmp.equalsIgnoreCase("ONELEVEL")) {
searchScope = SearchScope.SINGLE_LEVEL;
}
String returnUserDN = CollectionHelper.getMapAttr(currentConfig, ISAuthConstants.LDAP_RETURNUSERDN, "true");
// set LDAP Parameters
int index = serverHost.indexOf(':');
int serverPort = 389;
String port = null;
if (index != -1) {
port = serverHost.substring(index + 1);
serverPort = Integer.parseInt(port);
serverHost = serverHost.substring(0, index);
}
// set the optional attributes here
ldapUtil = new LDAPAuthUtils(Collections.singleton(serverHost + ":" + serverPort), Collections.<String>emptySet(), ldapSSL, AMResourceBundleCache.getInstance().getResBundle(amAuthApplication, getLoginLocale()), baseDN, debug);
ldapUtil.setScope(searchScope);
ldapUtil.setFilter(searchFilter);
ldapUtil.setUserNamingAttribute(userNamingAttr);
ldapUtil.setUserSearchAttribute(userSearchAttrs);
ldapUtil.setAuthPassword(bindPassword.toCharArray());
ldapUtil.setAuthDN(bindDN);
ldapUtil.setReturnUserDN(returnUserDN);
if (debug.messageEnabled()) {
debug.message("bindDN-> " + bindDN + "\nbaseDN-> " + baseDN + "\nuserNamingAttr-> " + userNamingAttr + "\nuserSearchAttr(s)-> " + userSearchAttrs + "\nsearchFilter-> " + searchFilter + "\nsearchScope-> " + searchScope + "\nssl-> " + ssl + "\nHost: " + serverHost + "\nINDEDX : " + index + "\nPORT : " + serverPort);
}
return true;
} catch (Exception ex) {
debug.error("LDAP Init Exception", ex);
throw new AuthLoginException(amAuthApplication, "basicLDAPex", null, ex);
}
}
Also used :
LDAPAuthUtils(org.forgerock.openam.ldap.LDAPAuthUtils)
Set(java.util.Set)
SearchScope(org.forgerock.opendj.ldap.SearchScope)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
IdRepoException(com.sun.identity.idm.IdRepoException)
LDAPUtilException(org.forgerock.openam.ldap.LDAPUtilException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException)
Example 84 with AuthLoginException
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class Application method sendCallback.
/**
* Sends callbacks to get appname and/or secret
* @return Map contains appname and/or secret, key "uid" corresponding
* to appname, key "secret" corresponds to secret
*/
private Map sendCallback() {
try {
CallbackHandler callbackHandler = getCallbackHandler();
if (callbackHandler == null) {
throw new AuthLoginException(amAuthApplication, "NoCallbackHandler", null);
}
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback(bundle.getString("appname"));
callbacks[1] = new PasswordCallback(bundle.getString("secret"), true);
if (debug.messageEnabled()) {
debug.message("Callback is.. :" + callbacks);
}
callbackHandler.handle(callbacks);
// map to hold return
Map map = new HashMap();
// process return
int len = callbacks.length;
for (int i = 0; i < len; i++) {
Callback cb = callbacks[i];
if (cb instanceof PasswordCallback) {
char[] pass = ((PasswordCallback) cb).getPassword();
if (pass != null) {
map.put("secret", new String(pass));
}
} else if (cb instanceof NameCallback) {
String username = ((NameCallback) cb).getName();
if (username != null) {
map.put("uid", username);
}
}
}
return map;
} catch (Exception e) {
debug.error("sendCallback: " + e.getMessage());
if (debug.messageEnabled()) {
debug.message("Stack trace: ", e);
}
}
return null;
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
NameCallback(javax.security.auth.callback.NameCallback)
Callback(javax.security.auth.callback.Callback)
NameCallback(javax.security.auth.callback.NameCallback)
HashMap(java.util.HashMap)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
HashMap(java.util.HashMap)
Map(java.util.Map)
IdRepoException(com.sun.identity.idm.IdRepoException)
LDAPUtilException(org.forgerock.openam.ldap.LDAPUtilException)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
InvalidPasswordException(com.sun.identity.authentication.spi.InvalidPasswordException)
Example 85 with AuthLoginException
use of com.sun.identity.authentication.spi.AuthLoginException in project OpenAM by OpenRock.
the class Cert method sendCallback.
private X509Certificate sendCallback() throws AuthLoginException {
if (callbackHandler == null) {
throw new AuthLoginException(amAuthCert, "NoCallbackHandler", null);
}
X509Certificate cert = null;
try {
Callback[] callbacks = new Callback[1];
callbacks[0] = new X509CertificateCallback(bundle.getString("certificate"));
callbackHandler.handle(callbacks);
X509CertificateCallback xcb = (X509CertificateCallback) callbacks[0];
/*
* Allow Cert auth module accepts personal certificate only for
* following 3 cases :
* 1. portal_gw_cert_auth_enabled == true :
* Case of getting cert from trusted host like sra,
* distAuth, trusted LB
* 2. xcb.getReqSignature() == false :
* Case of getting cert through ssl client auth enabled port
* 3. (xcb.getReqSignature() == true) && (signature != null) :
* Case of getting cert together with signature from sdk client */
byte[] signature = xcb.getSignature();
if (portal_gw_cert_auth_enabled || !xcb.getReqSignature() || (xcb.getReqSignature() && (signature != null))) {
cert = xcb.getCertificate();
}
return cert;
} catch (IllegalArgumentException ill) {
debug.message("message type missing");
throw new AuthLoginException(amAuthCert, "IllegalArgs", null);
} catch (java.io.IOException ioe) {
throw new AuthLoginException(ioe);
} catch (UnsupportedCallbackException uce) {
throw new AuthLoginException(amAuthCert, "NoCallbackHandler", null);
}
}
Also used :
X509CertificateCallback(com.sun.identity.authentication.spi.X509CertificateCallback)
Callback(javax.security.auth.callback.Callback)
AuthLoginException(com.sun.identity.authentication.spi.AuthLoginException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
X509Certificate(java.security.cert.X509Certificate)
X509CertificateCallback(com.sun.identity.authentication.spi.X509CertificateCallback)
Aggregations
AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)118
SSOException (com.iplanet.sso.SSOException)39
Callback (javax.security.auth.callback.Callback)29
IdRepoException (com.sun.identity.idm.IdRepoException)27
InvalidPasswordException (com.sun.identity.authentication.spi.InvalidPasswordException)25
NameCallback (javax.security.auth.callback.NameCallback)24
PasswordCallback (javax.security.auth.callback.PasswordCallback)23
IOException (java.io.IOException)20
Set (java.util.Set)18
HttpServletRequest (javax.servlet.http.HttpServletRequest)15
SSOToken (com.iplanet.sso.SSOToken)14
HashMap (java.util.HashMap)14
AuthContext (com.sun.identity.authentication.AuthContext)13
Map (java.util.Map)12
UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)12
Test (org.testng.annotations.Test)12
HashSet (java.util.HashSet)9
LoginException (javax.security.auth.login.LoginException)8
SSOTokenManager (com.iplanet.sso.SSOTokenManager)7
AuthException (com.sun.identity.authentication.service.AuthException)7
