Search in sources :

Example 1 with AuthenticationException

use of com.sun.identity.authentication.spi.AuthenticationException in project OpenAM by OpenRock.

the class SMPostAuthPlugin method onLoginSuccess.

/**
     * Post processing on successful authentication.
     *
     * @param requestParamsMap map containing <code>HttpServletRequest</code>
     *        parameters
     * @param request <code>HttpServletRequest</code> object.
     * @param response <code>HttpServletResponse</code> object.
     * @param ssoToken authenticated user's single sign token.
     * @exception AuthenticationException if there is an error.
     */
public void onLoginSuccess(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
    Set configuredHTTPHeaders = (Set) request.getAttribute("SM-HTTPHeaders");
    if (configuredHTTPHeaders == null || configuredHTTPHeaders.isEmpty()) {
        System.out.println("HTTP headers in auth module are not configured");
        return;
    }
    for (Iterator iter = configuredHTTPHeaders.iterator(); iter.hasNext(); ) {
        String configHeader = (String) iter.next();
        String headerValue = request.getHeader(configHeader);
        if (headerValue == null) {
            System.out.println("Config Header " + configHeader + " is not present");
            continue;
        }
        try {
            ssoToken.setProperty(configHeader, headerValue);
        } catch (SSOException se) {
            throw new AuthenticationException(se.getMessage());
        }
    }
}
Also used : Set(java.util.Set) AuthenticationException(com.sun.identity.authentication.spi.AuthenticationException) Iterator(java.util.Iterator) SSOException(com.iplanet.sso.SSOException)

Example 2 with AuthenticationException

use of com.sun.identity.authentication.spi.AuthenticationException in project OpenAM by OpenRock.

the class AccountExpirePlugin method onLoginSuccess.

public void onLoginSuccess(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken token) throws AuthenticationException {
    Map<String, Set<String>> attrMap = new HashMap<String, Set<String>>();
    Debug debug = Debug.getInstance("AccountExpirePlugin");
    try {
        // Fetch the expiry time from service config
        // We update the user account expiry, since we have a valid login
        // Since there is no convenient way to pass init params to a postAuthN,
        // We simply get the value from a System defined property.
        //  If not defined,  use a default of 30 days
        String daysToExpireDefault = SystemProperties.get(EXPIRPROPERTY);
        int daysToExpire = Integer.getInteger(daysToExpireDefault, 30);
        Calendar cal = Calendar.getInstance();
        cal.add(Calendar.DATE, daysToExpire);
        Set attrValue = new HashSet();
        attrValue.add(Locale.getNormalizedDateString(cal.getTime()));
        attrMap.put(ISAuthConstants.ACCOUNT_LIFE, attrValue);
        AMIdentity id = IdUtils.getIdentity(AccessController.doPrivileged(AdminTokenAction.getInstance()), token.getProperty(Constants.UNIVERSAL_IDENTIFIER));
        id.setAttributes(attrMap);
        id.store();
    } catch (Exception e) {
        debug.error("AccountExpirePlugin.onLoginSuccess : Unable to save ExpireTime : ", e);
    }
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) Calendar(java.util.Calendar) AMIdentity(com.sun.identity.idm.AMIdentity) Debug(com.sun.identity.shared.debug.Debug) AuthenticationException(com.sun.identity.authentication.spi.AuthenticationException) HashSet(java.util.HashSet)

Example 3 with AuthenticationException

use of com.sun.identity.authentication.spi.AuthenticationException in project OpenAM by OpenRock.

the class PersistentCookieAuthModule method onLoginSuccess.

/**
     * Sets the required information that needs to be in the jwt.
     *
     * @param messageInfo {@inheritDoc}
     * @param requestParamsMap {@inheritDoc}
     * @param request {@inheritDoc}
     * @param response {@inheritDoc}
     * @param ssoToken {@inheritDoc}
     * @throws AuthenticationException {@inheritDoc}
     */
@Override
public void onLoginSuccess(MessageInfo messageInfo, Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
    try {
        Map<String, Object> contextMap = getServerAuthModule().getContextMap(messageInfo);
        contextMap.put(OPENAM_USER_CLAIM_KEY, ssoToken.getPrincipal().getName());
        contextMap.put(OPENAM_AUTH_TYPE_CLAIM_KEY, ssoToken.getAuthType());
        contextMap.put(OPENAM_SESSION_ID_CLAIM_KEY, ssoToken.getTokenID().toString());
        contextMap.put(OPENAM_REALM_CLAIM_KEY, ssoToken.getProperty(SSO_TOKEN_ORGANIZATION_PROPERTY_KEY));
        contextMap.put(OPENAM_CLIENT_IP_CLAIM_KEY, ClientUtils.getClientIPAddress(request));
        String jwtString = ssoToken.getProperty(JwtSessionModule.JWT_VALIDATED_KEY);
        if (jwtString != null) {
            messageInfo.getMap().put(JwtSessionModule.JWT_VALIDATED_KEY, Boolean.parseBoolean(jwtString));
        }
    } catch (SSOException e) {
        DEBUG.error("Could not secure response", e);
        throw new AuthenticationException(e.getLocalizedMessage());
    }
}
Also used : AuthenticationException(com.sun.identity.authentication.spi.AuthenticationException) SSOException(com.iplanet.sso.SSOException)

Example 4 with AuthenticationException

use of com.sun.identity.authentication.spi.AuthenticationException in project OpenAM by OpenRock.

the class PersistentCookieAuthModule method initialize.

/**
     * Initialises the JwtSessionModule for use by the Post Authentication Process.
     *
     * @param requestParamsMap {@inheritDoc}
     * @param request {@inheritDoc}
     * @param response {@inheritDoc}
     * @param ssoToken {@inheritDoc}
     * @return {@inheritDoc}
     * @throws AuthenticationException {@inheritDoc}
     */
@Override
protected Map<String, Object> initialize(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
    try {
        final String tokenIdleTime = ssoToken.getProperty(JwtSessionModule.TOKEN_IDLE_TIME_IN_MINUTES_CLAIM_KEY);
        final String maxTokenLife = ssoToken.getProperty(JwtSessionModule.MAX_TOKEN_LIFE_IN_MINUTES_KEY);
        final boolean enforceClientIP = Boolean.parseBoolean(ssoToken.getProperty(ENFORCE_CLIENT_IP_SETTING_KEY));
        final String realm = ssoToken.getProperty(SSO_TOKEN_ORGANIZATION_PROPERTY_KEY);
        boolean secureCookie = Boolean.parseBoolean(ssoToken.getProperty(SECURE_COOKIE_KEY));
        boolean httpOnlyCookie = Boolean.parseBoolean(ssoToken.getProperty(HTTP_ONLY_COOKIE_KEY));
        String cookieName = ssoToken.getProperty(COOKIE_NAME_KEY);
        String cookieDomainsString = ssoToken.getProperty(COOKIE_DOMAINS_KEY);
        Collection<String> cookieDomains;
        if (cookieDomainsString.isEmpty()) {
            cookieDomains = Collections.singleton(null);
        } else {
            cookieDomains = Arrays.asList(cookieDomainsString.split(","));
        }
        return initialize(tokenIdleTime, maxTokenLife, enforceClientIP, realm, secureCookie, httpOnlyCookie, cookieName, cookieDomains);
    } catch (SSOException e) {
        DEBUG.error("Could not initialise the Auth Module", e);
        throw new AuthenticationException(e.getLocalizedMessage());
    } catch (SMSException e) {
        DEBUG.error("Could not initialise the Auth Module", e);
        throw new AuthenticationException(e.getLocalizedMessage());
    }
}
Also used : AuthenticationException(com.sun.identity.authentication.spi.AuthenticationException) SMSException(com.sun.identity.sm.SMSException) SSOException(com.iplanet.sso.SSOException)

Example 5 with AuthenticationException

use of com.sun.identity.authentication.spi.AuthenticationException in project OpenAM by OpenRock.

the class JaspiAuthModuleWrapper method onLoginSuccess.

/**
     * Post processing of successful authentication, which initialises the underlying JASPI ServerAuthModule, as a new
     * instance of this class is created for the Post Authentication Process, and then calls the subtypes
     * onLoginSuccess method, and then finally calls the JASPI ServerAuthModule's secureResponse method.
     *
     * @param requestParamsMap {@inheritDoc}
     * @param request {@inheritDoc}
     * @param response {@inheritDoc}
     * @param ssoToken {@inheritDoc}
     * @throws AuthenticationException {@inheritDoc}
     */
public void onLoginSuccess(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) throws AuthenticationException {
    try {
        Map<String, Object> config = initialize(requestParamsMap, request, response, ssoToken);
        serverAuthModule.initialize(createRequestMessagePolicy(), null, null, config);
        MessageInfo messageInfo = prepareMessageInfo(request, response);
        onLoginSuccess(messageInfo, requestParamsMap, request, response, ssoToken);
        AuthStatus authStatus = serverAuthModule.secureResponse(messageInfo, null);
        if (AuthStatus.SEND_SUCCESS.equals(authStatus)) {
            // nothing to do here just carry on
            debug.message("Successfully secured response.");
        } else if (AuthStatus.SEND_FAILURE.equals(authStatus)) {
            // Send HttpServletResponse to client and exit.
            debug.message("Failed to secured response, included response message");
            throw new AuthenticationException(resourceBundleName, "authFailed", null);
        } else if (AuthStatus.SEND_CONTINUE.equals(authStatus)) {
            // Send HttpServletResponse to client and exit.
            debug.message("Has not finished securing response. Requires more information from client.");
            throw new AuthenticationException(resourceBundleName, "authFailed", null);
        } else {
            debug.error("Invalid AuthStatus, " + authStatus.toString());
            throw new AuthenticationException(resourceBundleName, "authFailed", null);
        }
    } catch (AuthException e) {
        debug.error("Authentication Failed", e);
        throw new AuthenticationException(resourceBundleName, "authFailed", null);
    }
}
Also used : AuthStatus(javax.security.auth.message.AuthStatus) AuthenticationException(com.sun.identity.authentication.spi.AuthenticationException) AuthException(javax.security.auth.message.AuthException) MessageInfo(javax.security.auth.message.MessageInfo)

Aggregations

AuthenticationException (com.sun.identity.authentication.spi.AuthenticationException)12 HashMap (java.util.HashMap)7 SSOToken (com.iplanet.sso.SSOToken)5 Map (java.util.Map)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)5 HttpServletResponse (javax.servlet.http.HttpServletResponse)5 SSOException (com.iplanet.sso.SSOException)4 Test (org.testng.annotations.Test)4 Set (java.util.Set)3 AuthLoginException (com.sun.identity.authentication.spi.AuthLoginException)2 AMIdentity (com.sun.identity.idm.AMIdentity)2 HashSet (java.util.HashSet)2 MessageInfo (javax.security.auth.message.MessageInfo)2 GeoIp2Exception (com.maxmind.geoip2.exception.GeoIp2Exception)1 IdRepoException (com.sun.identity.idm.IdRepoException)1 NameIDInfo (com.sun.identity.saml2.common.NameIDInfo)1 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)1 Debug (com.sun.identity.shared.debug.Debug)1 SMSException (com.sun.identity.sm.SMSException)1 IOException (java.io.IOException)1