Example 1 with FSAccountFedInfoKey
use of com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey in project OpenAM by OpenRock.
the class FSNameMappingHandler method getNameIdentifier.
/**
* Returns <code>NameIdentifier</code> of a remote provider.
* @param mappingRequest name ID mapping request object
* @param remoteEntityID the remote provider id whose
* <code>NameIdentifier</code> is to be returned.
* @param local <code>true</code> if <code>remoteProviderID</code> is
* a local provider; <code>false</code> otherwise.
* @return <code>NameIdentifier</code> corresponding to
* <code>remoteProviderID</code>.
* @exception FSAccountMgmtException, SAMLException if an error occurred.
*/
public NameIdentifier getNameIdentifier(FSNameIdentifierMappingRequest mappingRequest, String remoteEntityID, boolean local) throws FSAccountMgmtException, SAMLException {
FSAccountFedInfoKey acctkey = new FSAccountFedInfoKey(mappingRequest.getProviderID(), mappingRequest.getNameIdentifier().getName().trim());
Map env = new HashMap();
env.put(IFSConstants.FS_USER_PROVIDER_ENV_NAMEMAPPING_KEY, mappingRequest);
String userID = accountMgr.getUserID(acctkey, realm, env);
return getNameIdentifier(userID, remoteEntityID, local);
}
Also used :
HashMap(java.util.HashMap)
FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 2 with FSAccountFedInfoKey
use of com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey in project OpenAM by OpenRock.
the class FSNameRegistrationHandler method setUserDN.
/**
* Determines the user based on the registration request received from
* a remote provider.
* @param regisRequest the name registration request
* @return <code>true</code> a user is found; <code>false</code> otherwise.
*/
public boolean setUserDN(FSNameRegistrationRequest regisRequest) {
try {
/**
* UserDN needs to be figured from registration request
* 1. If OldNameIdentifier does not exist then its from SP to IdP
* (first time)
* 2. If OldNameIdentifier exist then we could be SP, IdP
* Need to find out whether to replace with SPNI or IDPNI based on
* acctFedInfo that is retrieved based on OldNameIdentifier or
* IdpNameIdentifier
* If isIDP true then remote is IdP so replace remoteIdentifier
* with IDPNameIdentifier.
* If isIDP false then remote is SP so replace remoteIdentifier
* with SPNameIdentifier
*/
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("remoteEntityId : " + remoteEntityId);
}
Map env = new HashMap();
env.put(IFSConstants.FS_USER_PROVIDER_ENV_REGISTRATION_KEY, regisRequest);
OldProvidedNameIdentifier oldNameIdentifier = regisRequest.getOldProvidedNameIdentifier();
IDPProvidedNameIdentifier idpNameIdentifier = regisRequest.getIDPProvidedNameIdentifier();
SPProvidedNameIdentifier spNameIdentifier = regisRequest.getSPProvidedNameIdentifier();
if (oldNameIdentifier == null) {
FSUtils.debug.message("oldProvidedNameIdentifier is null :");
String opaqueHandle = idpNameIdentifier.getName();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("processRegistrationRequest IdPName : " + opaqueHandle);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Realm : " + realm);
}
String searchDomain = hostedEntityId;
String nameQualifier = idpNameIdentifier.getNameQualifier();
if (nameQualifier != null && (nameQualifier.length() != 0) && !nameQualifier.equals(remoteEntityId)) {
searchDomain = nameQualifier;
}
FSAccountFedInfoKey acctkey = new FSAccountFedInfoKey(searchDomain, opaqueHandle);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Search based on:" + hostedEntityId + opaqueHandle);
}
this.userID = managerInst.getUserID(acctkey, realm, env);
if (this.userID == null) {
FSUtils.debug.message("UserID is null");
return false;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("user id is " + userID);
}
try {
acctInfo = managerInst.readAccountFedInfo(userID, remoteEntityId, opaqueHandle);
} catch (FSAccountMgmtException e) {
FSUtils.debug.message("Failed to read account information");
return false;
}
newAcctInfo = new FSAccountFedInfo(remoteEntityId, idpNameIdentifier, spNameIdentifier, false);
newAcctInfo.setAffiliation(acctInfo.getAffiliation());
newAcctKey = new FSAccountFedInfoKey(searchDomain, idpNameIdentifier.getName());
return true;
} else {
FSUtils.debug.message("oldProvidedNameIdentifier not null");
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Realm : " + realm);
}
String opaqueHandle = "";
String nameQualifier = null;
boolean isSPEmpty = false;
String searchDomain = hostedEntityId;
if (spNameIdentifier != null && !(spNameIdentifier.equals(oldNameIdentifier))) {
opaqueHandle = spNameIdentifier.getName();
nameQualifier = spNameIdentifier.getNameQualifier();
} else {
isSPEmpty = true;
opaqueHandle = idpNameIdentifier.getName();
nameQualifier = idpNameIdentifier.getNameQualifier();
}
if (nameQualifier != null && (nameQualifier.length() != 0) && !nameQualifier.equals(hostedEntityId)) {
searchDomain = nameQualifier;
}
FSAccountFedInfoKey acctkey = new FSAccountFedInfoKey(searchDomain, opaqueHandle);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Search based on :" + searchDomain + " " + opaqueHandle);
}
this.userID = managerInst.getUserID(acctkey, realm, env);
if (this.userID == null) {
FSUtils.debug.message("UserID is null in step 3");
opaqueHandle = idpNameIdentifier.getName();
nameQualifier = idpNameIdentifier.getNameQualifier();
if (nameQualifier != null && (nameQualifier.length() != 0) && !nameQualifier.equals(hostedEntityId)) {
searchDomain = nameQualifier;
}
acctkey = new FSAccountFedInfoKey(searchDomain, opaqueHandle);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Search based on :" + searchDomain + " " + opaqueHandle);
}
this.userID = managerInst.getUserID(acctkey, realm, env);
if (this.userID == null) {
opaqueHandle = idpNameIdentifier.getName();
searchDomain = hostedEntityId;
acctkey = new FSAccountFedInfoKey(searchDomain, opaqueHandle);
this.userID = managerInst.getUserID(acctkey, realm, env);
if (this.userID == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("UserID is null in " + "step 4");
}
opaqueHandle = oldNameIdentifier.getName();
searchDomain = oldNameIdentifier.getNameQualifier();
if ((searchDomain != null) && (searchDomain.length() != 0)) {
acctkey = new FSAccountFedInfoKey(searchDomain, opaqueHandle);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Search based on :" + searchDomain + " " + opaqueHandle);
}
this.userID = managerInst.getUserID(acctkey, realm, env);
}
}
if (this.userID == null) {
return false;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Found user : " + userID);
}
acctInfo = managerInst.readAccountFedInfo(userID, searchDomain, opaqueHandle);
if (acctInfo == null || !acctInfo.isFedStatusActive()) {
acctInfo = managerInst.readAccountFedInfo(userID, remoteEntityId, opaqueHandle);
}
if (acctInfo.isRoleIDP()) {
if (isSPEmpty) {
// set spNI to null since is empty
newAcctInfo = new FSAccountFedInfo(remoteEntityId, null, idpNameIdentifier, acctInfo.isRoleIDP());
newAcctInfo.setAffiliation(acctInfo.getAffiliation());
newAcctKey = new FSAccountFedInfoKey(searchDomain, idpNameIdentifier.getName());
} else {
newAcctInfo = new FSAccountFedInfo(remoteEntityId, spNameIdentifier, idpNameIdentifier, acctInfo.isRoleIDP());
newAcctInfo.setAffiliation(acctInfo.getAffiliation());
newAcctKey = new FSAccountFedInfoKey(searchDomain, spNameIdentifier.getName());
}
} else {
newAcctInfo = new FSAccountFedInfo(remoteEntityId, idpNameIdentifier, spNameIdentifier, acctInfo.isRoleIDP());
newAcctInfo.setAffiliation(acctInfo.getAffiliation());
newAcctKey = new FSAccountFedInfoKey(hostedEntityId, idpNameIdentifier.getName());
}
}
} else {
acctInfo = managerInst.readAccountFedInfo(userID, searchDomain, opaqueHandle);
if (acctInfo == null || !acctInfo.isFedStatusActive()) {
acctInfo = managerInst.readAccountFedInfo(userID, remoteEntityId, opaqueHandle);
}
newAcctInfo = new FSAccountFedInfo(remoteEntityId, idpNameIdentifier, spNameIdentifier, false);
newAcctInfo.setAffiliation(acctInfo.getAffiliation());
newAcctKey = new FSAccountFedInfoKey(searchDomain, idpNameIdentifier.getName());
}
} else {
acctInfo = managerInst.readAccountFedInfo(userID, searchDomain, opaqueHandle);
if (acctInfo == null || !acctInfo.isFedStatusActive()) {
acctInfo = managerInst.readAccountFedInfo(userID, remoteEntityId, opaqueHandle);
}
if (acctInfo.isRoleIDP()) {
if (isSPEmpty) {
// set spNI to null since is empty
newAcctInfo = new FSAccountFedInfo(remoteEntityId, null, idpNameIdentifier, acctInfo.isRoleIDP());
newAcctInfo.setAffiliation(acctInfo.getAffiliation());
newAcctKey = new FSAccountFedInfoKey(remoteEntityId, idpNameIdentifier.getName());
} else {
newAcctInfo = new FSAccountFedInfo(remoteEntityId, spNameIdentifier, idpNameIdentifier, acctInfo.isRoleIDP());
newAcctInfo.setAffiliation(acctInfo.getAffiliation());
newAcctKey = new FSAccountFedInfoKey(hostedEntityId, spNameIdentifier.getName());
}
} else {
newAcctInfo = new FSAccountFedInfo(remoteEntityId, idpNameIdentifier, spNameIdentifier, acctInfo.isRoleIDP());
newAcctInfo.setAffiliation(acctInfo.getAffiliation());
newAcctKey = new FSAccountFedInfoKey(hostedEntityId, idpNameIdentifier.getName());
}
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("user id is " + userID);
}
return true;
} catch (FSAccountMgmtException e) {
FSUtils.debug.error("In FSNameRegistrationHandler::setUserID: ", e);
}
this.userID = null;
return false;
}
Also used :
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
HashMap(java.util.HashMap)
SPProvidedNameIdentifier(com.sun.identity.federation.message.common.SPProvidedNameIdentifier)
IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier)
FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
Map(java.util.Map)
HashMap(java.util.HashMap)
OldProvidedNameIdentifier(com.sun.identity.federation.message.common.OldProvidedNameIdentifier)
Example 3 with FSAccountFedInfoKey
use of com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey in project OpenAM by OpenRock.
the class FSNameRegistrationHandler method createNameRegistrationRequest.
/**
* Generates the Name Registration request.
* @return FSNameRegistrationRequest
*/
private FSNameRegistrationRequest createNameRegistrationRequest(FSAccountFedInfo acctInfo) {
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Entered FSNameRegistrationHandler:: " + "createNameRegistrationRequest");
}
FSNameRegistrationRequest reqName = new FSNameRegistrationRequest();
if (reqName != null) {
reqName.setProviderId(hostedEntityId);
if (acctInfo.isRoleIDP()) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("calling of generateNameIdentifier Role : IdP ? " + acctInfo.isRoleIDP());
}
NameIdentifier nameIdentifier = generateNameIdentifier();
if (acctInfo.getAffiliation()) {
String affiliationID = FSServiceUtils.getAffiliationID(realm, remoteEntityId);
if (affiliationID != null) {
nameIdentifier.setNameQualifier(affiliationID);
}
} else {
nameIdentifier.setNameQualifier(hostedEntityId);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("out of generateNameIdentifier ****" + "\nNew SP nameIdentifier Qualifier: " + nameIdentifier.getNameQualifier() + "\nNew SP nameIdentifier Name :" + nameIdentifier.getName());
}
SPProvidedNameIdentifier newNameIdenifier = new SPProvidedNameIdentifier(nameIdentifier.getName(), nameIdentifier.getNameQualifier(), nameIdentifier.getFormat());
NameIdentifier remoteIdentifier = acctInfo.getRemoteNameIdentifier();
NameIdentifier localIdentifier = acctInfo.getLocalNameIdentifier();
reqName.setIDPProvidedNameIdentifier(new IDPProvidedNameIdentifier(remoteIdentifier.getName(), remoteIdentifier.getNameQualifier(), remoteIdentifier.getFormat()));
reqName.setSPProvidedNameIdentifier(newNameIdenifier);
if (localIdentifier != null) {
reqName.setOldProvidedNameIdentifier(new OldProvidedNameIdentifier(localIdentifier.getName(), localIdentifier.getNameQualifier(), localIdentifier.getFormat()));
try {
oldAcctKey = new FSAccountFedInfoKey(localIdentifier.getNameQualifier(), localIdentifier.getName());
} catch (FSAccountMgmtException e) {
oldAcctKey = null;
}
} else {
// when Service Provider sends the name reg. request
// for the first time, OldProvidedNameIdentifier is
// same as the IDPProvidedNameIdentifier as per the spec
reqName.setOldProvidedNameIdentifier(new OldProvidedNameIdentifier(remoteIdentifier.getName(), remoteIdentifier.getNameQualifier(), remoteIdentifier.getFormat()));
try {
oldAcctKey = new FSAccountFedInfoKey(remoteIdentifier.getNameQualifier(), remoteIdentifier.getName());
} catch (FSAccountMgmtException e) {
oldAcctKey = null;
}
}
try {
FSAccountFedInfoKey tmpKey = new FSAccountFedInfoKey(nameIdentifier.getNameQualifier(), nameIdentifier.getName());
FSAccountFedInfo tmpInfo = new FSAccountFedInfo(remoteEntityId, newNameIdenifier, remoteIdentifier, acctInfo.isRoleIDP());
tmpInfo.setAffiliation(acctInfo.getAffiliation());
returnMap.put("userID", userID);
returnMap.put("OldAccountKey", oldAcctKey);
if (oldAcctKey != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Get OldAcctKet Name : " + oldAcctKey.getName() + "\nGet OldAcctKet Qualifier : " + oldAcctKey.getNameSpace());
}
} else {
FSUtils.debug.message("OldAccount Key is null");
}
returnMap.put("AccountKey", tmpKey);
returnMap.put("AccountInfo", tmpInfo);
returnMap.put("RegisSource", regisSource);
returnMap.put(IFSConstants.LRURL, returnURL);
} catch (FSAccountMgmtException e) {
return null;
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("calling of generateNameIdenti" + "fier Role : IdP ? " + acctInfo.isRoleIDP());
}
NameIdentifier nameIdentifier = generateNameIdentifier();
if (acctInfo.getAffiliation()) {
String affiliationID = FSServiceUtils.getAffiliationID(realm, remoteEntityId);
if (affiliationID != null) {
nameIdentifier.setNameQualifier(affiliationID);
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("New IDP nameIdentifier Name : " + nameIdentifier.getName() + "\nNew IDP nameIdentifier Qualifier :" + nameIdentifier.getNameQualifier() + "out of generateNameIdentifier*****");
}
IDPProvidedNameIdentifier newNameIdenifier = new IDPProvidedNameIdentifier(nameIdentifier.getName(), nameIdentifier.getNameQualifier(), nameIdentifier.getFormat());
NameIdentifier remoteIdentifier = // SP
acctInfo.getRemoteNameIdentifier();
NameIdentifier localIdentifier = // IdP
acctInfo.getLocalNameIdentifier();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Old IDP nameIdentifier Name : " + localIdentifier.getName() + "\nOld IDP nameIdentifier Qualifier :" + localIdentifier.getNameQualifier());
}
FSUtils.debug.message("To set OldProvidedNameIdentifier");
reqName.setOldProvidedNameIdentifier(new OldProvidedNameIdentifier(localIdentifier.getName(), localIdentifier.getNameQualifier(), localIdentifier.getFormat()));
FSUtils.debug.message("To set IdpProvidedNameIdentifier");
reqName.setIDPProvidedNameIdentifier(newNameIdenifier);
if (remoteIdentifier != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("SP nameIdentifier Name : " + remoteIdentifier.getName() + "SP nameIdentifier Qualifier :" + remoteIdentifier.getNameQualifier());
}
SPProvidedNameIdentifier spNameIdentifier = new SPProvidedNameIdentifier(remoteIdentifier.getName(), remoteIdentifier.getNameQualifier(), remoteIdentifier.getFormat());
reqName.setSPProvidedNameIdentifier(spNameIdentifier);
}
try {
oldAcctKey = new FSAccountFedInfoKey(hostedEntityId, localIdentifier.getName());
FSAccountFedInfoKey tmpKey = new FSAccountFedInfoKey(nameIdentifier.getNameQualifier(), nameIdentifier.getName());
FSAccountFedInfo tmpInfo = new FSAccountFedInfo(remoteEntityId, newNameIdenifier, remoteIdentifier, acctInfo.isRoleIDP());
returnMap.put("userID", userID);
returnMap.put("OldAccountKey", oldAcctKey);
returnMap.put("AccountKey", tmpKey);
returnMap.put("AccountInfo", tmpInfo);
returnMap.put("RegisSource", regisSource);
returnMap.put(IFSConstants.LRURL, returnURL);
if (oldAcctKey != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Get OldAcctKet Name : " + oldAcctKey.getName() + "\nGet OldAcctKet Qualifier: " + oldAcctKey.getNameSpace());
}
} else {
FSUtils.debug.message("OldAccount Key is null");
}
} catch (FSAccountMgmtException e) {
return null;
}
}
reqName.setMinorVersion(FSServiceUtils.getMinorVersion(remoteDescriptor.getProtocolSupportEnumeration()));
return reqName;
}
} catch (SAMLException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("got SAMLException:", e);
}
}
return null;
}
Also used :
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier)
SPProvidedNameIdentifier(com.sun.identity.federation.message.common.SPProvidedNameIdentifier)
OldProvidedNameIdentifier(com.sun.identity.federation.message.common.OldProvidedNameIdentifier)
SPProvidedNameIdentifier(com.sun.identity.federation.message.common.SPProvidedNameIdentifier)
FSNameRegistrationRequest(com.sun.identity.federation.message.FSNameRegistrationRequest)
IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier)
FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLException(com.sun.identity.saml.common.SAMLException)
OldProvidedNameIdentifier(com.sun.identity.federation.message.common.OldProvidedNameIdentifier)
Example 4 with FSAccountFedInfoKey
use of com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey in project OpenAM by OpenRock.
the class FSFedTerminationHandler method updateAccountInformation.
/**
* Updates the user account information. After sucessful operation,
* the federation status corresponding to the user with the remote provider
* is set to inactive.
* @param ni <code>NameIdentifier</code> object corresponding to a user
* @return boolean containing the status of the update operation
*/
protected boolean updateAccountInformation(NameIdentifier ni) {
try {
FSUtils.debug.message("FSFedTerminationHandler::updateAccountInformation: start");
String searchDomain = remoteEntityId;
// get name identifier to remove it from federation info key
String nameId = null;
String nameQualifier = null;
if (ni != null) {
nameQualifier = ni.getNameQualifier();
if (nameQualifier != null && (nameQualifier.length() != 0) && !nameQualifier.equals(remoteEntityId)) {
searchDomain = nameQualifier;
}
nameId = ni.getName();
}
if (nameId == null && acctInfo != null) {
FSUtils.debug.message("FSAccountManager: getnameId in accInfo");
NameIdentifier temp = acctInfo.getLocalNameIdentifier();
if (temp != null) {
nameId = temp.getName();
nameQualifier = temp.getNameQualifier();
} else {
temp = acctInfo.getRemoteNameIdentifier();
if (temp != null) {
nameId = temp.getName();
nameQualifier = temp.getNameQualifier();
}
}
}
FSAccountFedInfoKey fedInfoKey = new FSAccountFedInfoKey(nameQualifier, nameId);
managerInst.removeAccountFedInfo(userID, fedInfoKey, searchDomain);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSFedTerminationHandler:: " + "updateAccountInformation deactivate successfully completed");
}
} catch (FSAccountMgmtException e) {
FSUtils.debug.error("FSFedTerminationHandler::updateAccountInformation " + FSUtils.bundle.getString(IFSConstants.TERMINATION_LOCAL_FAILED));
String[] data = { userID };
LogUtil.error(Level.INFO, LogUtil.TERMINATION_FAILED, data, ssoToken);
return false;
}
// Clean SessionMap off the partner to be done here.
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Cleaning Session manager for user : " + userID);
FSUtils.debug.message("Cleaning Session manager for remote provider: " + remoteEntityId);
FSUtils.debug.message("Cleaning Session manager for hosted provider: " + hostedEntityId);
}
FSLogoutUtil.cleanSessionMapPartnerList(userID, remoteEntityId, metaAlias, null);
return true;
}
Also used :
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
Example 5 with FSAccountFedInfoKey
use of com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey in project OpenAM by OpenRock.
the class FSDefaultSPAdapter method postSSOFederationSuccess.
/**
* Invokes this method after the successful Single Sign-On or Federation.
* @param hostedEntityID provider ID for the hosted SP
* @param request servlet request
* @param response servlet response
* @param ssoToken user's SSO token
* @param authnRequest the original authentication request sent from SP
* @param authnResponse response from IDP if Browser POST or LECP profile
* is used for the request, value will be null if Browser Artifact
* profile is used.
* @param samlResponse response from IDP if Browser Artifact profile is used
* for the request, value will be null if Browser POST or LECP
* profile is used.
* @exception FederationException if user want to fail the process.
* @return true if browser redirection happened, false otherwise.
*/
public boolean postSSOFederationSuccess(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, Object ssoToken, FSAuthnRequest authnRequest, FSAuthnResponse authnResponse, FSResponse samlResponse) throws FederationException {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultSPAdapter.postFedSuccess, " + "process " + hostedEntityID);
}
// find out if this is a federation request
boolean isFederation = false;
if (authnRequest == null) {
FSUtils.debug.error("FSDefaultSPAdapter.postFedSuccess null");
} else {
String nameIDPolicy = authnRequest.getNameIDPolicy();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultSPAdapter.postSuccess " + nameIDPolicy);
}
if (nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_FEDERATED)) {
isFederation = true;
}
}
SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
if (isFederation && adminToken != null) {
try {
// get name Identifier
String nameId = null;
List assertions = null;
String idpEntityId = null;
if (authnResponse != null) {
// POST profile
assertions = authnResponse.getAssertion();
idpEntityId = authnResponse.getProviderId();
} else {
// Artifact profile
assertions = samlResponse.getAssertion();
}
FSAssertion assertion = (FSAssertion) assertions.iterator().next();
if (idpEntityId == null) {
idpEntityId = assertion.getIssuer();
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAdapter.postSuccess: idp=" + idpEntityId);
}
Iterator stmtIter = assertion.getStatement().iterator();
while (stmtIter.hasNext()) {
Statement statement = (Statement) stmtIter.next();
int stmtType = statement.getStatementType();
if (stmtType == Statement.AUTHENTICATION_STATEMENT) {
FSAuthenticationStatement authStatement = (FSAuthenticationStatement) statement;
FSSubject subject = (FSSubject) authStatement.getSubject();
NameIdentifier ni = subject.getIDPProvidedNameIdentifier();
if (ni == null) {
ni = subject.getNameIdentifier();
}
if (ni != null) {
nameId = ni.getName();
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAdapter.postSuccess: " + "found name id =" + nameId);
}
break;
}
}
if (nameId == null) {
FSUtils.debug.warning("FSAdapter.postSuc : null nameID");
return false;
}
Map map = new HashMap();
Set set = new HashSet();
set.add("|" + hostedEntityID + "|" + nameId + "|");
map.put("iplanet-am-user-federation-info-key", set);
AMIdentityRepository idRepo = new AMIdentityRepository(adminToken, ((SSOToken) ssoToken).getProperty(ISAuthConstants.ORGANIZATION));
IdSearchControl searchControl = new IdSearchControl();
searchControl.setTimeOut(0);
searchControl.setMaxResults(0);
searchControl.setAllReturnAttributes(false);
searchControl.setSearchModifiers(IdSearchOpModifier.AND, map);
IdSearchResults searchResults = idRepo.searchIdentities(IdType.USER, "*", searchControl);
Set amIdSet = searchResults.getSearchResults();
if (amIdSet.size() > 1) {
String univId = ((SSOToken) ssoToken).getProperty(Constants.UNIVERSAL_IDENTIFIER);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAdapter.postSuccess: found " + amIdSet.size() + " federation with same ID as " + univId);
}
String metaAlias = null;
try {
IDFFMetaManager metaManager = new IDFFMetaManager(ssoToken);
if (metaManager != null) {
SPDescriptorConfigElement spConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityID);
if (spConfig != null) {
metaAlias = spConfig.getMetaAlias();
}
}
} catch (IDFFMetaException ie) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAdapter.postSuccess: " + "couldn't find meta alias:", ie);
}
}
FSAccountManager accManager = FSAccountManager.getInstance(metaAlias);
FSAccountFedInfoKey fedInfoKey = new FSAccountFedInfoKey(hostedEntityID, nameId);
// previous federation exists with different users
Iterator it = amIdSet.iterator();
while (it.hasNext()) {
AMIdentity amId = (AMIdentity) it.next();
// compare with the SSO token
String tmpUnivId = IdUtils.getUniversalId(amId);
if (univId.equalsIgnoreCase(tmpUnivId)) {
continue;
}
// remove federation information for this user
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAdapter.postSucces, " + "remove fed info for user " + tmpUnivId);
}
accManager.removeAccountFedInfo(tmpUnivId, fedInfoKey, idpEntityId);
}
}
} catch (FSAccountMgmtException f) {
FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", f);
} catch (IdRepoException i) {
FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", i);
} catch (SSOException e) {
FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", e);
}
}
return false;
}
Also used :
SSOToken(com.iplanet.sso.SSOToken)
Set(java.util.Set)
HashSet(java.util.HashSet)
FSSubject(com.sun.identity.federation.message.FSSubject)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
HashMap(java.util.HashMap)
IdSearchResults(com.sun.identity.idm.IdSearchResults)
SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)
SSOException(com.iplanet.sso.SSOException)
FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)
FSAccountManager(com.sun.identity.federation.accountmgmt.FSAccountManager)
FSAssertion(com.sun.identity.federation.message.FSAssertion)
Iterator(java.util.Iterator)
IdSearchControl(com.sun.identity.idm.IdSearchControl)
List(java.util.List)
HashSet(java.util.HashSet)
FSAuthenticationStatement(com.sun.identity.federation.message.FSAuthenticationStatement)
Statement(com.sun.identity.saml.assertion.Statement)
FSAuthenticationStatement(com.sun.identity.federation.message.FSAuthenticationStatement)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
IdRepoException(com.sun.identity.idm.IdRepoException)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
AMIdentity(com.sun.identity.idm.AMIdentity)
AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
Map(java.util.Map)
HashMap(java.util.HashMap)
Aggregations
FSAccountFedInfoKey (com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)14
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)12
HashMap (java.util.HashMap)10
Map (java.util.Map)10
FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)9
NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)9
SAMLException (com.sun.identity.saml.common.SAMLException)7
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)6
FSAccountManager (com.sun.identity.federation.accountmgmt.FSAccountManager)5
IOException (java.io.IOException)5
FSException (com.sun.identity.federation.common.FSException)4
SessionException (com.sun.identity.plugin.session.SessionException)4
SessionProvider (com.sun.identity.plugin.session.SessionProvider)4
SSOException (com.iplanet.sso.SSOException)3
AMIdentity (com.sun.identity.idm.AMIdentity)3
IdRepoException (com.sun.identity.idm.IdRepoException)3
HashSet (java.util.HashSet)3
Set (java.util.Set)3
SSOToken (com.iplanet.sso.SSOToken)2
CLIException (com.sun.identity.cli.CLIException)2
