use of com.sun.identity.common.SystemConfigurationException in project OpenAM by OpenRock.
the class SAMLClient method doSSO.
/**
* This private method is designed to do the SAML Single-Sign-On.
* It is called internally by doWebArtifact and doWebPOST methods.
* @param request HTTP Servlet Request
* @param response HTTP Servlet Response
* @param target the target URL
* @param service the service name
* @exception IOException if an input or output exception occurs when
* redirecting to service <code>URL</code>
* @exception SAMLException if SAML error occurs during Single-Sign-On.
*/
private static void doSSO(HttpServletRequest request, HttpServletResponse response, String target, String service) throws IOException, SAMLException {
if (request == null || response == null || target == null) {
SAMLUtils.debug.error("SAMLClient:Input parameter is null.");
throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
}
if ((!service.equals(SAMLConstants.SAML_AWARE_NAMING)) && (!service.equals(SAMLConstants.SAML_POST_NAMING)) && (!service.equals(SAMLConstants.SAML_SOAP_NAMING))) {
SAMLUtils.debug.error("SAMLClient:illegal naming service name.");
throw new SAMLException(SAMLUtils.bundle.getString("illegalNamingService"));
}
Object ssoToken = null;
SessionProvider sessionProvider;
try {
sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
if (ssoToken == null) {
SAMLUtils.debug.error("SAMLClient:SSOToken is null.");
throw new SAMLException(SAMLUtils.bundle.getString("nullSSOToken"));
}
if (!sessionProvider.isValid(ssoToken)) {
SAMLUtils.debug.error("SAMLClient:Session is invalid.");
throw new SAMLException(SAMLUtils.bundle.getString("invalidSSOToken"));
}
} catch (SessionException se) {
SAMLUtils.debug.error("SAMLClient", se);
throw new SAMLException("SAMLClient:doSSO:" + se.getMessage());
}
URL weburl = null;
try {
URL serverurl = new URL(SAMLServiceManager.getServerURL());
weburl = SystemConfigurationUtil.getServiceURL(service, serverurl.getProtocol(), serverurl.getHost(), serverurl.getPort(), serverurl.getPath());
} catch (SystemConfigurationException ue) {
SAMLUtils.debug.error("SAMLClient", ue);
throw new SAMLException(SAMLUtils.bundle.getString("URLNotFoundException"));
}
StringBuffer redirectedurl = new StringBuffer(200);
String tname = (String) SAMLServiceManager.getAttribute(SAMLConstants.TARGET_SPECIFIER);
redirectedurl.append(weburl).append("?").append(tname).append("=").append(target);
response.sendRedirect(redirectedurl.toString());
}
use of com.sun.identity.common.SystemConfigurationException in project OpenAM by OpenRock.
the class SAMLClient method getAssertionByArtifact.
/**
* This method returns the Assertion for the corresponding artifact.
* It sends an <code>ArtifactQuery</code> SAML message to the destination
* identified by the source ID in the artifact and returns the Assertion
* contained in the SAML response message.
*
* @param artifact A String representing the artifact
* @return An Assertion corresponding to the artifact
* @exception IOException if an input or output exception occurs when
* connecting to SAML service <code>URL</code>
* @exception SAMLException if SAML error occurs during the process
* @supported.api
*/
public static Assertion getAssertionByArtifact(String artifact) throws IOException, SAMLException {
if (artifact == null || artifact.length() == 0) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SAMLClient: input is null.");
}
throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
}
// first, check if the sourceid contained in the artifact has an entry
// in SAML config
AssertionArtifact aa = new AssertionArtifact(artifact);
String sid = aa.getSourceID();
String ssurl = getSamlSoapUrl(sid);
// if not, query naming service to get the soap url in case of local
URL samlsoap = null;
try {
if (ssurl == null) {
Map instances = (Map) SAMLServiceManager.getAttribute(SAMLConstants.INSTANCE_LIST);
if (instances == null || instances.size() == 0) {
throw new SAMLException(SAMLUtils.bundle.getString("instancemapNull"));
}
String server = (String) instances.get(sid);
if (server == null || server.length() == 0) {
throw new SAMLException(SAMLUtils.bundle.getString("instanceNotFound"));
}
URL serverurl = new URL(server);
samlsoap = SystemConfigurationUtil.getServiceURL(SAMLConstants.SAML_SOAP_NAMING, serverurl.getProtocol(), serverurl.getHost(), serverurl.getPort(), serverurl.getPath());
} else {
samlsoap = new URL(ssurl);
}
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SAMLClient:SOAPUrl=" + samlsoap.toString());
}
} catch (SystemConfigurationException ue) {
SAMLUtils.debug.error("SAMLClient", ue);
throw new SAMLException(SAMLUtils.bundle.getString("URLNotFoundException"));
}
if (!setLocalFlag(samlsoap)) {
throw new SAMLException(SAMLUtils.bundle.getString("failSetLocalFlag"));
}
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SAMLClient:getAssertionByArtifact: " + "check localFlag : " + SAMLServiceManager.localFlag);
}
String encodedSourceid = (String) SAMLServiceManager.getAttribute(SAMLConstants.SITE_ID);
boolean isMySite = sid.equals(encodedSourceid.trim());
if (SAMLServiceManager.localFlag && isMySite) {
// in the same JVM, call AssertionManager directly.
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SAMLClient:getAssertionByArtifact" + ":call AssertionManager.getAssertion(" + "AssertionArtifact)");
}
AssertionManager assertManager = AssertionManager.getInstance();
Assertion assertion = assertManager.getAssertion(aa);
return assertion;
}
String[] strarray = new String[1];
strarray[0] = artifact;
List asserts = null;
if (isMySite && ssurl == null) {
asserts = artifactQueryHandler(strarray, samlsoap.toString());
} else {
asserts = artifactQueryHandler(strarray, null);
}
if (asserts == null || asserts.isEmpty()) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SAMLClient:getAssertionByArtifact" + ":returned assertion list is null.");
}
return null;
}
return ((Assertion) asserts.get(0));
}
use of com.sun.identity.common.SystemConfigurationException in project OpenAM by OpenRock.
the class FSSOAPReceiver method handleLogoutRequest.
/**
* Initiates the processing of the logout request received from a remote
* trusted provider.
* @param elt containing the logout request in the XML message
* @param logoutRequest logout notification
* @param msgLogout logout message
* @param request http request object
* @param response http response object
* @param hostedProviderDesc hosted provider meta descriptor
* @param hostedConfig hosted provider's extended meta
* @param providerAlias hosted provider's meta alias
* @param realm The realm under which the entity resides.
* @param hostedEntityId hosted provider's entity ID
* @param hostedRole hosted provider's role
* @return null if error in processing, or Map containing two
* keys, MESSAGE for SOAPMessage object and USERID for userID string
*/
private Map handleLogoutRequest(Element elt, FSLogoutNotification logoutRequest, SOAPMessage msgLogout, HttpServletRequest request, HttpServletResponse response, ProviderDescriptorType hostedProviderDesc, BaseConfigType hostedConfig, String providerAlias, String realm, String hostedEntityId, String hostedRole) {
try {
String remoteEntityId = logoutRequest.getProviderId();
ProviderDescriptorType remoteDesc = getRemoteProviderDescriptor(hostedRole, remoteEntityId, realm);
if (remoteDesc == null) {
return null;
}
boolean isIDP = false;
if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
isIDP = true;
}
X509Certificate remoteCert = KeyUtil.getVerificationCert(remoteDesc, remoteEntityId, isIDP);
if (!FSServiceUtils.isSigningOn() || verifyRequestSignature(elt, msgLogout, remoteCert)) {
FSUtils.debug.message("Logout Signature successfully verified");
if (providerAlias == null || providerAlias.length() < 1) {
FSUtils.debug.message("Unable to retrieve alias, " + "Hosted Provider Cannot process logout request");
return null;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest: " + "Completed forming request FSLogoutNotification");
}
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager.isTrustedProvider(realm, hostedEntityId, remoteEntityId)) {
String userID = FSLogoutUtil.getUserFromRequest(logoutRequest, realm, hostedEntityId, hostedRole, hostedConfig, providerAlias);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + " found user Id = " + userID);
}
// Call SP Adapter preSingleLogoutProcess for IDP/SOAP
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver, " + "call preSingleLogoutProcess, IDP/SOAP");
}
try {
spAdapter.preSingleLogoutProcess(hostedEntityId, request, response, userID, logoutRequest, null, IFSConstants.LOGOUT_IDP_SOAP_PROFILE);
} catch (Exception e) {
// ignore adapter process error
FSUtils.debug.error("preSingleLogoutProcess." + "IDP/SOAP", e);
}
}
}
// TODO : change to use FSLogoutUtil.liveConnectionsExist
if (!isUserExists(userID, providerAlias)) {
//to do the cleanup
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest: User " + "does not exist locally. Finding remotely");
}
List platformList = null;
try {
platformList = SystemConfigurationUtil.getServerList();
} catch (SystemConfigurationException se) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest: " + "Couldn't find remote server:", se);
}
}
if (platformList == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + "platformList is null");
}
return null;
}
Iterator iter = platformList.iterator();
while (iter.hasNext()) {
String remoteServerURL = (String) iter.next();
StringBuffer tmpremoteURL = new StringBuffer(remoteServerURL);
tmpremoteURL.append(SystemConfigurationUtil.getProperty("com.iplanet.am.services." + "deploymentDescriptor"));
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + "remoteServerURL = " + remoteServerURL + " and self serverUrl =" + FSServiceUtils.getBaseURL());
}
if ((FSServiceUtils.getBaseURL()).equalsIgnoreCase(remoteServerURL.toString())) {
continue;
}
FSAssertionManagerClient amc = new FSAssertionManagerClient(providerAlias, getFullServiceURL(remoteServerURL));
if (amc.isUserExists(userID)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + "user found here =" + remoteServerURL);
}
StringBuffer remoteURL = new StringBuffer();
remoteURL.append(remoteServerURL.toString()).append(SystemConfigurationUtil.getProperty("com.iplanet.am.services." + "deploymentDescriptor")).append(IFSConstants.SOAP_END_POINT_VALUE).append("/").append(IFSConstants.META_ALIAS).append(providerAlias);
FSSOAPService instSOAP = FSSOAPService.getInstance();
SOAPMessage retSOAPMessage = null;
if (instSOAP != null) {
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Forward logout request to " + remoteURL.toString());
}
retSOAPMessage = instSOAP.sendMessage(msgLogout, remoteURL.toString());
if (retSOAPMessage != null) {
Map map = new HashMap();
map.put(MESSAGE, retSOAPMessage);
if (userID != null) {
map.put(USERID, userID);
}
return map;
} else {
return null;
}
} catch (SOAPException e) {
FSUtils.debug.error("FSSOAPException in doSOAPProfile" + " Cannot send request", e);
return null;
}
} else {
return null;
}
}
}
}
FSServiceManager instService = FSServiceManager.getInstance();
if (instService != null) {
FSPreLogoutHandler logoutHandler = instService.getPreLogoutHandler();
if (logoutHandler != null) {
logoutHandler.setHostedDescriptor(hostedProviderDesc);
logoutHandler.setHostedDescriptorConfig(hostedConfig);
logoutHandler.setHostedEntityId(hostedEntityId);
logoutHandler.setHostedProviderRole(hostedRole);
logoutHandler.setMetaAlias(providerAlias);
logoutHandler.setRealm(realm);
logoutHandler.setRemoteDescriptor(remoteDesc);
logoutHandler.setRemoteEntityId(remoteEntityId);
logoutHandler.setLogoutRequest(logoutRequest);
FSLogoutStatus bProcessStatus = logoutHandler.processSingleLogoutRequest(logoutRequest);
if (bProcessStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
MessageFactory factory = MessageFactory.newInstance();
SOAPMessage successSOAP = factory.createMessage();
if (successSOAP != null) {
Map map = new HashMap();
map.put(MESSAGE, successSOAP);
if (userID != null) {
map.put(USERID, userID);
}
return map;
} else {
return null;
}
} else if (bProcessStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_UNSUPPORTED)) {
SOAPMessage retSOAPMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
if (retSOAPMessage != null) {
Map map = new HashMap();
map.put(MESSAGE, retSOAPMessage);
if (userID != null) {
map.put(USERID, userID);
}
return map;
} else {
return null;
}
} else {
return null;
}
} else {
FSUtils.debug.error("Unable to get PreLogoutHandler");
FSUtils.debug.error("Cannot process request");
return null;
}
} else {
FSUtils.debug.message("FSServiceManager instance is" + "null. Cannot process logout request");
return null;
}
}
FSUtils.debug.message("Remote provider not in trusted list");
return null;
} else {
FSUtils.debug.error("Logout Signature failed verification");
return null;
}
} catch (Exception se) {
FSUtils.debug.error("FSSOAPService::handleLogoutRequest failed", se);
return null;
}
}
Aggregations