Search in sources :

Example 1 with SystemConfigurationException

use of com.sun.identity.common.SystemConfigurationException in project OpenAM by OpenRock.

the class SAMLClient method doSSO.

/**
     * This private method is designed to do the SAML Single-Sign-On. 
     * It is called internally by doWebArtifact and doWebPOST methods. 
     * @param request HTTP Servlet Request
     * @param response HTTP Servlet Response
     * @param target the target URL
     * @param service the service name 
     * @exception IOException if an input or output exception occurs when 
     *     redirecting to service <code>URL</code>
     * @exception SAMLException if SAML error occurs during Single-Sign-On.
     */
private static void doSSO(HttpServletRequest request, HttpServletResponse response, String target, String service) throws IOException, SAMLException {
    if (request == null || response == null || target == null) {
        SAMLUtils.debug.error("SAMLClient:Input parameter is null.");
        throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
    }
    if ((!service.equals(SAMLConstants.SAML_AWARE_NAMING)) && (!service.equals(SAMLConstants.SAML_POST_NAMING)) && (!service.equals(SAMLConstants.SAML_SOAP_NAMING))) {
        SAMLUtils.debug.error("SAMLClient:illegal naming service name.");
        throw new SAMLException(SAMLUtils.bundle.getString("illegalNamingService"));
    }
    Object ssoToken = null;
    SessionProvider sessionProvider;
    try {
        sessionProvider = SessionManager.getProvider();
        ssoToken = sessionProvider.getSession(request);
        if (ssoToken == null) {
            SAMLUtils.debug.error("SAMLClient:SSOToken is null.");
            throw new SAMLException(SAMLUtils.bundle.getString("nullSSOToken"));
        }
        if (!sessionProvider.isValid(ssoToken)) {
            SAMLUtils.debug.error("SAMLClient:Session is invalid.");
            throw new SAMLException(SAMLUtils.bundle.getString("invalidSSOToken"));
        }
    } catch (SessionException se) {
        SAMLUtils.debug.error("SAMLClient", se);
        throw new SAMLException("SAMLClient:doSSO:" + se.getMessage());
    }
    URL weburl = null;
    try {
        URL serverurl = new URL(SAMLServiceManager.getServerURL());
        weburl = SystemConfigurationUtil.getServiceURL(service, serverurl.getProtocol(), serverurl.getHost(), serverurl.getPort(), serverurl.getPath());
    } catch (SystemConfigurationException ue) {
        SAMLUtils.debug.error("SAMLClient", ue);
        throw new SAMLException(SAMLUtils.bundle.getString("URLNotFoundException"));
    }
    StringBuffer redirectedurl = new StringBuffer(200);
    String tname = (String) SAMLServiceManager.getAttribute(SAMLConstants.TARGET_SPECIFIER);
    redirectedurl.append(weburl).append("?").append(tname).append("=").append(target);
    response.sendRedirect(redirectedurl.toString());
}
Also used : SessionException(com.sun.identity.plugin.session.SessionException) SystemConfigurationException(com.sun.identity.common.SystemConfigurationException) URL(java.net.URL) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 2 with SystemConfigurationException

use of com.sun.identity.common.SystemConfigurationException in project OpenAM by OpenRock.

the class SAMLClient method getAssertionByArtifact.

/**
     * This method returns the Assertion for the corresponding artifact.
     * It sends an <code>ArtifactQuery</code> SAML message to the destination
     * identified by the source ID in the artifact and returns the Assertion
     * contained in the SAML response message.
     *
     * @param artifact A String representing the artifact
     * @return An Assertion corresponding to the artifact
     * @exception IOException if an input or output exception occurs when
     *     connecting to SAML service <code>URL</code>
     * @exception SAMLException if SAML error occurs during the process
     * @supported.api
     */
public static Assertion getAssertionByArtifact(String artifact) throws IOException, SAMLException {
    if (artifact == null || artifact.length() == 0) {
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("SAMLClient: input is null.");
        }
        throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
    }
    // first, check if the sourceid contained in the artifact has an entry 
    // in SAML config
    AssertionArtifact aa = new AssertionArtifact(artifact);
    String sid = aa.getSourceID();
    String ssurl = getSamlSoapUrl(sid);
    // if not, query naming service to get the soap url in case of local 
    URL samlsoap = null;
    try {
        if (ssurl == null) {
            Map instances = (Map) SAMLServiceManager.getAttribute(SAMLConstants.INSTANCE_LIST);
            if (instances == null || instances.size() == 0) {
                throw new SAMLException(SAMLUtils.bundle.getString("instancemapNull"));
            }
            String server = (String) instances.get(sid);
            if (server == null || server.length() == 0) {
                throw new SAMLException(SAMLUtils.bundle.getString("instanceNotFound"));
            }
            URL serverurl = new URL(server);
            samlsoap = SystemConfigurationUtil.getServiceURL(SAMLConstants.SAML_SOAP_NAMING, serverurl.getProtocol(), serverurl.getHost(), serverurl.getPort(), serverurl.getPath());
        } else {
            samlsoap = new URL(ssurl);
        }
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("SAMLClient:SOAPUrl=" + samlsoap.toString());
        }
    } catch (SystemConfigurationException ue) {
        SAMLUtils.debug.error("SAMLClient", ue);
        throw new SAMLException(SAMLUtils.bundle.getString("URLNotFoundException"));
    }
    if (!setLocalFlag(samlsoap)) {
        throw new SAMLException(SAMLUtils.bundle.getString("failSetLocalFlag"));
    }
    if (SAMLUtils.debug.messageEnabled()) {
        SAMLUtils.debug.message("SAMLClient:getAssertionByArtifact: " + "check localFlag : " + SAMLServiceManager.localFlag);
    }
    String encodedSourceid = (String) SAMLServiceManager.getAttribute(SAMLConstants.SITE_ID);
    boolean isMySite = sid.equals(encodedSourceid.trim());
    if (SAMLServiceManager.localFlag && isMySite) {
        // in the same JVM, call AssertionManager directly.
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("SAMLClient:getAssertionByArtifact" + ":call AssertionManager.getAssertion(" + "AssertionArtifact)");
        }
        AssertionManager assertManager = AssertionManager.getInstance();
        Assertion assertion = assertManager.getAssertion(aa);
        return assertion;
    }
    String[] strarray = new String[1];
    strarray[0] = artifact;
    List asserts = null;
    if (isMySite && ssurl == null) {
        asserts = artifactQueryHandler(strarray, samlsoap.toString());
    } else {
        asserts = artifactQueryHandler(strarray, null);
    }
    if (asserts == null || asserts.isEmpty()) {
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("SAMLClient:getAssertionByArtifact" + ":returned assertion list is null.");
        }
        return null;
    }
    return ((Assertion) asserts.get(0));
}
Also used : SystemConfigurationException(com.sun.identity.common.SystemConfigurationException) NodeList(org.w3c.dom.NodeList) URL(java.net.URL)

Example 3 with SystemConfigurationException

use of com.sun.identity.common.SystemConfigurationException in project OpenAM by OpenRock.

the class FSSOAPReceiver method handleLogoutRequest.

/**
     * Initiates the processing of the logout request received from a remote
     * trusted provider.
     * @param elt containing the logout request in the XML message
     * @param logoutRequest logout notification
     * @param msgLogout logout message
     * @param request http request object
     * @param response http response object
     * @param hostedProviderDesc hosted provider meta descriptor
     * @param hostedConfig hosted provider's extended meta
     * @param providerAlias hosted provider's meta alias
     * @param realm The realm under which the entity resides.
     * @param hostedEntityId hosted provider's entity ID
     * @param hostedRole hosted provider's role
     * @return null if error in processing, or Map containing two
     * keys, MESSAGE for SOAPMessage object and USERID for userID string
     */
private Map handleLogoutRequest(Element elt, FSLogoutNotification logoutRequest, SOAPMessage msgLogout, HttpServletRequest request, HttpServletResponse response, ProviderDescriptorType hostedProviderDesc, BaseConfigType hostedConfig, String providerAlias, String realm, String hostedEntityId, String hostedRole) {
    try {
        String remoteEntityId = logoutRequest.getProviderId();
        ProviderDescriptorType remoteDesc = getRemoteProviderDescriptor(hostedRole, remoteEntityId, realm);
        if (remoteDesc == null) {
            return null;
        }
        boolean isIDP = false;
        if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
            isIDP = true;
        }
        X509Certificate remoteCert = KeyUtil.getVerificationCert(remoteDesc, remoteEntityId, isIDP);
        if (!FSServiceUtils.isSigningOn() || verifyRequestSignature(elt, msgLogout, remoteCert)) {
            FSUtils.debug.message("Logout Signature successfully verified");
            if (providerAlias == null || providerAlias.length() < 1) {
                FSUtils.debug.message("Unable to retrieve alias, " + "Hosted Provider Cannot process logout request");
                return null;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest: " + "Completed forming request FSLogoutNotification");
            }
            IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
            if (metaManager.isTrustedProvider(realm, hostedEntityId, remoteEntityId)) {
                String userID = FSLogoutUtil.getUserFromRequest(logoutRequest, realm, hostedEntityId, hostedRole, hostedConfig, providerAlias);
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + " found user Id = " + userID);
                }
                // Call SP Adapter preSingleLogoutProcess for IDP/SOAP
                if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
                    FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
                    if (spAdapter != null) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSOAPReceiver, " + "call preSingleLogoutProcess, IDP/SOAP");
                        }
                        try {
                            spAdapter.preSingleLogoutProcess(hostedEntityId, request, response, userID, logoutRequest, null, IFSConstants.LOGOUT_IDP_SOAP_PROFILE);
                        } catch (Exception e) {
                            // ignore adapter process error
                            FSUtils.debug.error("preSingleLogoutProcess." + "IDP/SOAP", e);
                        }
                    }
                }
                // TODO : change to use FSLogoutUtil.liveConnectionsExist
                if (!isUserExists(userID, providerAlias)) {
                    //to do the cleanup
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest: User " + "does not exist locally. Finding remotely");
                    }
                    List platformList = null;
                    try {
                        platformList = SystemConfigurationUtil.getServerList();
                    } catch (SystemConfigurationException se) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest: " + "Couldn't find remote server:", se);
                        }
                    }
                    if (platformList == null) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + "platformList is null");
                        }
                        return null;
                    }
                    Iterator iter = platformList.iterator();
                    while (iter.hasNext()) {
                        String remoteServerURL = (String) iter.next();
                        StringBuffer tmpremoteURL = new StringBuffer(remoteServerURL);
                        tmpremoteURL.append(SystemConfigurationUtil.getProperty("com.iplanet.am.services." + "deploymentDescriptor"));
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + "remoteServerURL = " + remoteServerURL + " and self serverUrl =" + FSServiceUtils.getBaseURL());
                        }
                        if ((FSServiceUtils.getBaseURL()).equalsIgnoreCase(remoteServerURL.toString())) {
                            continue;
                        }
                        FSAssertionManagerClient amc = new FSAssertionManagerClient(providerAlias, getFullServiceURL(remoteServerURL));
                        if (amc.isUserExists(userID)) {
                            if (FSUtils.debug.messageEnabled()) {
                                FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + "user found here =" + remoteServerURL);
                            }
                            StringBuffer remoteURL = new StringBuffer();
                            remoteURL.append(remoteServerURL.toString()).append(SystemConfigurationUtil.getProperty("com.iplanet.am.services." + "deploymentDescriptor")).append(IFSConstants.SOAP_END_POINT_VALUE).append("/").append(IFSConstants.META_ALIAS).append(providerAlias);
                            FSSOAPService instSOAP = FSSOAPService.getInstance();
                            SOAPMessage retSOAPMessage = null;
                            if (instSOAP != null) {
                                try {
                                    if (FSUtils.debug.messageEnabled()) {
                                        FSUtils.debug.message("Forward logout request to " + remoteURL.toString());
                                    }
                                    retSOAPMessage = instSOAP.sendMessage(msgLogout, remoteURL.toString());
                                    if (retSOAPMessage != null) {
                                        Map map = new HashMap();
                                        map.put(MESSAGE, retSOAPMessage);
                                        if (userID != null) {
                                            map.put(USERID, userID);
                                        }
                                        return map;
                                    } else {
                                        return null;
                                    }
                                } catch (SOAPException e) {
                                    FSUtils.debug.error("FSSOAPException in doSOAPProfile" + " Cannot send request", e);
                                    return null;
                                }
                            } else {
                                return null;
                            }
                        }
                    }
                }
                FSServiceManager instService = FSServiceManager.getInstance();
                if (instService != null) {
                    FSPreLogoutHandler logoutHandler = instService.getPreLogoutHandler();
                    if (logoutHandler != null) {
                        logoutHandler.setHostedDescriptor(hostedProviderDesc);
                        logoutHandler.setHostedDescriptorConfig(hostedConfig);
                        logoutHandler.setHostedEntityId(hostedEntityId);
                        logoutHandler.setHostedProviderRole(hostedRole);
                        logoutHandler.setMetaAlias(providerAlias);
                        logoutHandler.setRealm(realm);
                        logoutHandler.setRemoteDescriptor(remoteDesc);
                        logoutHandler.setRemoteEntityId(remoteEntityId);
                        logoutHandler.setLogoutRequest(logoutRequest);
                        FSLogoutStatus bProcessStatus = logoutHandler.processSingleLogoutRequest(logoutRequest);
                        if (bProcessStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
                            MessageFactory factory = MessageFactory.newInstance();
                            SOAPMessage successSOAP = factory.createMessage();
                            if (successSOAP != null) {
                                Map map = new HashMap();
                                map.put(MESSAGE, successSOAP);
                                if (userID != null) {
                                    map.put(USERID, userID);
                                }
                                return map;
                            } else {
                                return null;
                            }
                        } else if (bProcessStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_UNSUPPORTED)) {
                            SOAPMessage retSOAPMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
                            if (retSOAPMessage != null) {
                                Map map = new HashMap();
                                map.put(MESSAGE, retSOAPMessage);
                                if (userID != null) {
                                    map.put(USERID, userID);
                                }
                                return map;
                            } else {
                                return null;
                            }
                        } else {
                            return null;
                        }
                    } else {
                        FSUtils.debug.error("Unable to get PreLogoutHandler");
                        FSUtils.debug.error("Cannot process request");
                        return null;
                    }
                } else {
                    FSUtils.debug.message("FSServiceManager instance is" + "null. Cannot process logout request");
                    return null;
                }
            }
            FSUtils.debug.message("Remote provider not in trusted list");
            return null;
        } else {
            FSUtils.debug.error("Logout Signature failed verification");
            return null;
        }
    } catch (Exception se) {
        FSUtils.debug.error("FSSOAPService::handleLogoutRequest failed", se);
        return null;
    }
}
Also used : MessageFactory(javax.xml.soap.MessageFactory) HashMap(java.util.HashMap) ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType) FSLogoutStatus(com.sun.identity.federation.services.logout.FSLogoutStatus) SystemConfigurationException(com.sun.identity.common.SystemConfigurationException) SOAPMessage(javax.xml.soap.SOAPMessage) X509Certificate(java.security.cert.X509Certificate) SOAPException(javax.xml.soap.SOAPException) SystemConfigurationException(com.sun.identity.common.SystemConfigurationException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) FSException(com.sun.identity.federation.common.FSException) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) SOAPException(javax.xml.soap.SOAPException) FSPreLogoutHandler(com.sun.identity.federation.services.logout.FSPreLogoutHandler) Iterator(java.util.Iterator) List(java.util.List) FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter) Map(java.util.Map) HashMap(java.util.HashMap)

Aggregations

SystemConfigurationException (com.sun.identity.common.SystemConfigurationException)3 URL (java.net.URL)2 FSException (com.sun.identity.federation.common.FSException)1 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)1 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)1 IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)1 FederationSPAdapter (com.sun.identity.federation.plugins.FederationSPAdapter)1 FSLogoutStatus (com.sun.identity.federation.services.logout.FSLogoutStatus)1 FSPreLogoutHandler (com.sun.identity.federation.services.logout.FSPreLogoutHandler)1 ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)1 SessionException (com.sun.identity.plugin.session.SessionException)1 SessionProvider (com.sun.identity.plugin.session.SessionProvider)1 X509Certificate (java.security.cert.X509Certificate)1 HashMap (java.util.HashMap)1 Iterator (java.util.Iterator)1 List (java.util.List)1 Map (java.util.Map)1 MessageFactory (javax.xml.soap.MessageFactory)1 SOAPException (javax.xml.soap.SOAPException)1 SOAPMessage (javax.xml.soap.SOAPMessage)1