Search in sources :

Example 1 with FSAccountMgmtException

use of com.sun.identity.federation.accountmgmt.FSAccountMgmtException in project OpenAM by OpenRock.

the class FSNameRegistrationHandler method setUserDN.

/**
     * Determines the user based on the registration request received from 
     * a remote provider.
     * @param regisRequest the name registration request
     * @return <code>true</code> a user is found; <code>false</code> otherwise.
     */
public boolean setUserDN(FSNameRegistrationRequest regisRequest) {
    try {
        /**
             * UserDN needs to be figured from registration request
             * 1. If OldNameIdentifier does not exist then its from SP to IdP
             *    (first time)
             * 2. If OldNameIdentifier exist then we could be SP, IdP 
             * Need to find out whether to replace with SPNI or IDPNI based on 
             * acctFedInfo that is retrieved based on OldNameIdentifier or
             * IdpNameIdentifier
             * If isIDP true then remote is IdP so replace remoteIdentifier
             * with IDPNameIdentifier.
             * If isIDP false then  remote is SP so replace remoteIdentifier 
             * with SPNameIdentifier
             */
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("remoteEntityId : " + remoteEntityId);
        }
        Map env = new HashMap();
        env.put(IFSConstants.FS_USER_PROVIDER_ENV_REGISTRATION_KEY, regisRequest);
        OldProvidedNameIdentifier oldNameIdentifier = regisRequest.getOldProvidedNameIdentifier();
        IDPProvidedNameIdentifier idpNameIdentifier = regisRequest.getIDPProvidedNameIdentifier();
        SPProvidedNameIdentifier spNameIdentifier = regisRequest.getSPProvidedNameIdentifier();
        if (oldNameIdentifier == null) {
            FSUtils.debug.message("oldProvidedNameIdentifier is null :");
            String opaqueHandle = idpNameIdentifier.getName();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("processRegistrationRequest IdPName : " + opaqueHandle);
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Realm : " + realm);
            }
            String searchDomain = hostedEntityId;
            String nameQualifier = idpNameIdentifier.getNameQualifier();
            if (nameQualifier != null && (nameQualifier.length() != 0) && !nameQualifier.equals(remoteEntityId)) {
                searchDomain = nameQualifier;
            }
            FSAccountFedInfoKey acctkey = new FSAccountFedInfoKey(searchDomain, opaqueHandle);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Search based on:" + hostedEntityId + opaqueHandle);
            }
            this.userID = managerInst.getUserID(acctkey, realm, env);
            if (this.userID == null) {
                FSUtils.debug.message("UserID is null");
                return false;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("user id is " + userID);
            }
            try {
                acctInfo = managerInst.readAccountFedInfo(userID, remoteEntityId, opaqueHandle);
            } catch (FSAccountMgmtException e) {
                FSUtils.debug.message("Failed to read account information");
                return false;
            }
            newAcctInfo = new FSAccountFedInfo(remoteEntityId, idpNameIdentifier, spNameIdentifier, false);
            newAcctInfo.setAffiliation(acctInfo.getAffiliation());
            newAcctKey = new FSAccountFedInfoKey(searchDomain, idpNameIdentifier.getName());
            return true;
        } else {
            FSUtils.debug.message("oldProvidedNameIdentifier not null");
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Realm : " + realm);
            }
            String opaqueHandle = "";
            String nameQualifier = null;
            boolean isSPEmpty = false;
            String searchDomain = hostedEntityId;
            if (spNameIdentifier != null && !(spNameIdentifier.equals(oldNameIdentifier))) {
                opaqueHandle = spNameIdentifier.getName();
                nameQualifier = spNameIdentifier.getNameQualifier();
            } else {
                isSPEmpty = true;
                opaqueHandle = idpNameIdentifier.getName();
                nameQualifier = idpNameIdentifier.getNameQualifier();
            }
            if (nameQualifier != null && (nameQualifier.length() != 0) && !nameQualifier.equals(hostedEntityId)) {
                searchDomain = nameQualifier;
            }
            FSAccountFedInfoKey acctkey = new FSAccountFedInfoKey(searchDomain, opaqueHandle);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Search based on :" + searchDomain + " " + opaqueHandle);
            }
            this.userID = managerInst.getUserID(acctkey, realm, env);
            if (this.userID == null) {
                FSUtils.debug.message("UserID is null in step 3");
                opaqueHandle = idpNameIdentifier.getName();
                nameQualifier = idpNameIdentifier.getNameQualifier();
                if (nameQualifier != null && (nameQualifier.length() != 0) && !nameQualifier.equals(hostedEntityId)) {
                    searchDomain = nameQualifier;
                }
                acctkey = new FSAccountFedInfoKey(searchDomain, opaqueHandle);
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Search based on :" + searchDomain + " " + opaqueHandle);
                }
                this.userID = managerInst.getUserID(acctkey, realm, env);
                if (this.userID == null) {
                    opaqueHandle = idpNameIdentifier.getName();
                    searchDomain = hostedEntityId;
                    acctkey = new FSAccountFedInfoKey(searchDomain, opaqueHandle);
                    this.userID = managerInst.getUserID(acctkey, realm, env);
                    if (this.userID == null) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("UserID is null in " + "step 4");
                        }
                        opaqueHandle = oldNameIdentifier.getName();
                        searchDomain = oldNameIdentifier.getNameQualifier();
                        if ((searchDomain != null) && (searchDomain.length() != 0)) {
                            acctkey = new FSAccountFedInfoKey(searchDomain, opaqueHandle);
                            if (FSUtils.debug.messageEnabled()) {
                                FSUtils.debug.message("Search based on :" + searchDomain + " " + opaqueHandle);
                            }
                            this.userID = managerInst.getUserID(acctkey, realm, env);
                        }
                    }
                    if (this.userID == null) {
                        return false;
                    } else {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("Found user : " + userID);
                        }
                        acctInfo = managerInst.readAccountFedInfo(userID, searchDomain, opaqueHandle);
                        if (acctInfo == null || !acctInfo.isFedStatusActive()) {
                            acctInfo = managerInst.readAccountFedInfo(userID, remoteEntityId, opaqueHandle);
                        }
                        if (acctInfo.isRoleIDP()) {
                            if (isSPEmpty) {
                                // set spNI to null since is empty
                                newAcctInfo = new FSAccountFedInfo(remoteEntityId, null, idpNameIdentifier, acctInfo.isRoleIDP());
                                newAcctInfo.setAffiliation(acctInfo.getAffiliation());
                                newAcctKey = new FSAccountFedInfoKey(searchDomain, idpNameIdentifier.getName());
                            } else {
                                newAcctInfo = new FSAccountFedInfo(remoteEntityId, spNameIdentifier, idpNameIdentifier, acctInfo.isRoleIDP());
                                newAcctInfo.setAffiliation(acctInfo.getAffiliation());
                                newAcctKey = new FSAccountFedInfoKey(searchDomain, spNameIdentifier.getName());
                            }
                        } else {
                            newAcctInfo = new FSAccountFedInfo(remoteEntityId, idpNameIdentifier, spNameIdentifier, acctInfo.isRoleIDP());
                            newAcctInfo.setAffiliation(acctInfo.getAffiliation());
                            newAcctKey = new FSAccountFedInfoKey(hostedEntityId, idpNameIdentifier.getName());
                        }
                    }
                } else {
                    acctInfo = managerInst.readAccountFedInfo(userID, searchDomain, opaqueHandle);
                    if (acctInfo == null || !acctInfo.isFedStatusActive()) {
                        acctInfo = managerInst.readAccountFedInfo(userID, remoteEntityId, opaqueHandle);
                    }
                    newAcctInfo = new FSAccountFedInfo(remoteEntityId, idpNameIdentifier, spNameIdentifier, false);
                    newAcctInfo.setAffiliation(acctInfo.getAffiliation());
                    newAcctKey = new FSAccountFedInfoKey(searchDomain, idpNameIdentifier.getName());
                }
            } else {
                acctInfo = managerInst.readAccountFedInfo(userID, searchDomain, opaqueHandle);
                if (acctInfo == null || !acctInfo.isFedStatusActive()) {
                    acctInfo = managerInst.readAccountFedInfo(userID, remoteEntityId, opaqueHandle);
                }
                if (acctInfo.isRoleIDP()) {
                    if (isSPEmpty) {
                        // set spNI to null since is empty
                        newAcctInfo = new FSAccountFedInfo(remoteEntityId, null, idpNameIdentifier, acctInfo.isRoleIDP());
                        newAcctInfo.setAffiliation(acctInfo.getAffiliation());
                        newAcctKey = new FSAccountFedInfoKey(remoteEntityId, idpNameIdentifier.getName());
                    } else {
                        newAcctInfo = new FSAccountFedInfo(remoteEntityId, spNameIdentifier, idpNameIdentifier, acctInfo.isRoleIDP());
                        newAcctInfo.setAffiliation(acctInfo.getAffiliation());
                        newAcctKey = new FSAccountFedInfoKey(hostedEntityId, spNameIdentifier.getName());
                    }
                } else {
                    newAcctInfo = new FSAccountFedInfo(remoteEntityId, idpNameIdentifier, spNameIdentifier, acctInfo.isRoleIDP());
                    newAcctInfo.setAffiliation(acctInfo.getAffiliation());
                    newAcctKey = new FSAccountFedInfoKey(hostedEntityId, idpNameIdentifier.getName());
                }
            }
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("user id is " + userID);
        }
        return true;
    } catch (FSAccountMgmtException e) {
        FSUtils.debug.error("In FSNameRegistrationHandler::setUserID: ", e);
    }
    this.userID = null;
    return false;
}
Also used : FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo) HashMap(java.util.HashMap) SPProvidedNameIdentifier(com.sun.identity.federation.message.common.SPProvidedNameIdentifier) IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier) FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) Map(java.util.Map) HashMap(java.util.HashMap) OldProvidedNameIdentifier(com.sun.identity.federation.message.common.OldProvidedNameIdentifier)

Example 2 with FSAccountMgmtException

use of com.sun.identity.federation.accountmgmt.FSAccountMgmtException in project OpenAM by OpenRock.

the class FSNameRegistrationHandler method doCommonRegistration.

/**
     * Performs the operations on the users federated account at both the SP 
     * side, IDP side. The input parameters are generated
     * at SP side and at the IDP side it is retrieved from the request received.
     * @return <code>true</code> if the operation succeeded; <code>false</code>
     *  otherwise.
     */
private boolean doCommonRegistration() {
    try {
        // Get userID
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("user id is " + userID);
            FSUtils.debug.message("To write account fed info to DS");
        }
        if (oldAcctKey != null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Old Account Key : " + oldAcctKey);
            }
            String oldNameIDValue = oldAcctKey.getName();
            FSAccountFedInfo oldInfo = managerInst.readAccountFedInfo(userID, remoteEntityId, oldNameIDValue);
            if (oldInfo != null) {
                managerInst.removeAccountFedInfo(userID, oldInfo);
            }
            managerInst.writeAccountFedInfo(userID, newAcctKey, newAcctInfo, oldAcctKey);
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Old Account Key : " + oldAcctKey);
            }
            if (acctInfo != null) {
                managerInst.removeAccountFedInfo(userID, acctInfo);
            }
            managerInst.writeAccountFedInfo(userID, newAcctKey, newAcctInfo);
        }
        if ((ssoToken != null) && (hostedProviderRole.equalsIgnoreCase(IFSConstants.SP))) {
            FSSessionManager sessManager = FSSessionManager.getInstance(metaAlias);
            FSSession ssoSession = sessManager.getSession(ssoToken);
            if (ssoSession != null) {
                ssoSession.setAccountFedInfo(newAcctInfo);
            }
        }
        return true;
    } catch (FSAccountMgmtException e) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Error when writing user information:", e);
        }
        return false;
    }
}
Also used : FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo) FSSession(com.sun.identity.federation.services.FSSession) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)

Example 3 with FSAccountMgmtException

use of com.sun.identity.federation.accountmgmt.FSAccountMgmtException in project OpenAM by OpenRock.

the class FSNameRegistrationHandler method createNameRegistrationRequest.

/**
     * Generates the Name Registration request.
     * @return FSNameRegistrationRequest
     */
private FSNameRegistrationRequest createNameRegistrationRequest(FSAccountFedInfo acctInfo) {
    try {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Entered FSNameRegistrationHandler:: " + "createNameRegistrationRequest");
        }
        FSNameRegistrationRequest reqName = new FSNameRegistrationRequest();
        if (reqName != null) {
            reqName.setProviderId(hostedEntityId);
            if (acctInfo.isRoleIDP()) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("calling of generateNameIdentifier Role : IdP ? " + acctInfo.isRoleIDP());
                }
                NameIdentifier nameIdentifier = generateNameIdentifier();
                if (acctInfo.getAffiliation()) {
                    String affiliationID = FSServiceUtils.getAffiliationID(realm, remoteEntityId);
                    if (affiliationID != null) {
                        nameIdentifier.setNameQualifier(affiliationID);
                    }
                } else {
                    nameIdentifier.setNameQualifier(hostedEntityId);
                }
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("out of generateNameIdentifier ****" + "\nNew SP nameIdentifier Qualifier: " + nameIdentifier.getNameQualifier() + "\nNew SP nameIdentifier Name :" + nameIdentifier.getName());
                }
                SPProvidedNameIdentifier newNameIdenifier = new SPProvidedNameIdentifier(nameIdentifier.getName(), nameIdentifier.getNameQualifier(), nameIdentifier.getFormat());
                NameIdentifier remoteIdentifier = acctInfo.getRemoteNameIdentifier();
                NameIdentifier localIdentifier = acctInfo.getLocalNameIdentifier();
                reqName.setIDPProvidedNameIdentifier(new IDPProvidedNameIdentifier(remoteIdentifier.getName(), remoteIdentifier.getNameQualifier(), remoteIdentifier.getFormat()));
                reqName.setSPProvidedNameIdentifier(newNameIdenifier);
                if (localIdentifier != null) {
                    reqName.setOldProvidedNameIdentifier(new OldProvidedNameIdentifier(localIdentifier.getName(), localIdentifier.getNameQualifier(), localIdentifier.getFormat()));
                    try {
                        oldAcctKey = new FSAccountFedInfoKey(localIdentifier.getNameQualifier(), localIdentifier.getName());
                    } catch (FSAccountMgmtException e) {
                        oldAcctKey = null;
                    }
                } else {
                    // when Service Provider sends the name reg. request 
                    // for the first time, OldProvidedNameIdentifier is
                    // same as the IDPProvidedNameIdentifier as per the spec
                    reqName.setOldProvidedNameIdentifier(new OldProvidedNameIdentifier(remoteIdentifier.getName(), remoteIdentifier.getNameQualifier(), remoteIdentifier.getFormat()));
                    try {
                        oldAcctKey = new FSAccountFedInfoKey(remoteIdentifier.getNameQualifier(), remoteIdentifier.getName());
                    } catch (FSAccountMgmtException e) {
                        oldAcctKey = null;
                    }
                }
                try {
                    FSAccountFedInfoKey tmpKey = new FSAccountFedInfoKey(nameIdentifier.getNameQualifier(), nameIdentifier.getName());
                    FSAccountFedInfo tmpInfo = new FSAccountFedInfo(remoteEntityId, newNameIdenifier, remoteIdentifier, acctInfo.isRoleIDP());
                    tmpInfo.setAffiliation(acctInfo.getAffiliation());
                    returnMap.put("userID", userID);
                    returnMap.put("OldAccountKey", oldAcctKey);
                    if (oldAcctKey != null) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("Get OldAcctKet Name : " + oldAcctKey.getName() + "\nGet OldAcctKet Qualifier : " + oldAcctKey.getNameSpace());
                        }
                    } else {
                        FSUtils.debug.message("OldAccount Key is null");
                    }
                    returnMap.put("AccountKey", tmpKey);
                    returnMap.put("AccountInfo", tmpInfo);
                    returnMap.put("RegisSource", regisSource);
                    returnMap.put(IFSConstants.LRURL, returnURL);
                } catch (FSAccountMgmtException e) {
                    return null;
                }
            } else {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("calling of generateNameIdenti" + "fier Role : IdP ? " + acctInfo.isRoleIDP());
                }
                NameIdentifier nameIdentifier = generateNameIdentifier();
                if (acctInfo.getAffiliation()) {
                    String affiliationID = FSServiceUtils.getAffiliationID(realm, remoteEntityId);
                    if (affiliationID != null) {
                        nameIdentifier.setNameQualifier(affiliationID);
                    }
                }
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("New IDP nameIdentifier Name : " + nameIdentifier.getName() + "\nNew IDP nameIdentifier Qualifier :" + nameIdentifier.getNameQualifier() + "out of generateNameIdentifier*****");
                }
                IDPProvidedNameIdentifier newNameIdenifier = new IDPProvidedNameIdentifier(nameIdentifier.getName(), nameIdentifier.getNameQualifier(), nameIdentifier.getFormat());
                NameIdentifier remoteIdentifier = // SP
                acctInfo.getRemoteNameIdentifier();
                NameIdentifier localIdentifier = // IdP
                acctInfo.getLocalNameIdentifier();
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Old IDP nameIdentifier Name : " + localIdentifier.getName() + "\nOld IDP nameIdentifier Qualifier :" + localIdentifier.getNameQualifier());
                }
                FSUtils.debug.message("To set OldProvidedNameIdentifier");
                reqName.setOldProvidedNameIdentifier(new OldProvidedNameIdentifier(localIdentifier.getName(), localIdentifier.getNameQualifier(), localIdentifier.getFormat()));
                FSUtils.debug.message("To set IdpProvidedNameIdentifier");
                reqName.setIDPProvidedNameIdentifier(newNameIdenifier);
                if (remoteIdentifier != null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("SP nameIdentifier Name : " + remoteIdentifier.getName() + "SP nameIdentifier Qualifier :" + remoteIdentifier.getNameQualifier());
                    }
                    SPProvidedNameIdentifier spNameIdentifier = new SPProvidedNameIdentifier(remoteIdentifier.getName(), remoteIdentifier.getNameQualifier(), remoteIdentifier.getFormat());
                    reqName.setSPProvidedNameIdentifier(spNameIdentifier);
                }
                try {
                    oldAcctKey = new FSAccountFedInfoKey(hostedEntityId, localIdentifier.getName());
                    FSAccountFedInfoKey tmpKey = new FSAccountFedInfoKey(nameIdentifier.getNameQualifier(), nameIdentifier.getName());
                    FSAccountFedInfo tmpInfo = new FSAccountFedInfo(remoteEntityId, newNameIdenifier, remoteIdentifier, acctInfo.isRoleIDP());
                    returnMap.put("userID", userID);
                    returnMap.put("OldAccountKey", oldAcctKey);
                    returnMap.put("AccountKey", tmpKey);
                    returnMap.put("AccountInfo", tmpInfo);
                    returnMap.put("RegisSource", regisSource);
                    returnMap.put(IFSConstants.LRURL, returnURL);
                    if (oldAcctKey != null) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("Get OldAcctKet Name : " + oldAcctKey.getName() + "\nGet OldAcctKet Qualifier: " + oldAcctKey.getNameSpace());
                        }
                    } else {
                        FSUtils.debug.message("OldAccount Key is null");
                    }
                } catch (FSAccountMgmtException e) {
                    return null;
                }
            }
            reqName.setMinorVersion(FSServiceUtils.getMinorVersion(remoteDescriptor.getProtocolSupportEnumeration()));
            return reqName;
        }
    } catch (SAMLException e) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("got SAMLException:", e);
        }
    }
    return null;
}
Also used : FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier) SPProvidedNameIdentifier(com.sun.identity.federation.message.common.SPProvidedNameIdentifier) OldProvidedNameIdentifier(com.sun.identity.federation.message.common.OldProvidedNameIdentifier) SPProvidedNameIdentifier(com.sun.identity.federation.message.common.SPProvidedNameIdentifier) FSNameRegistrationRequest(com.sun.identity.federation.message.FSNameRegistrationRequest) IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier) FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) SAMLException(com.sun.identity.saml.common.SAMLException) OldProvidedNameIdentifier(com.sun.identity.federation.message.common.OldProvidedNameIdentifier)

Example 4 with FSAccountMgmtException

use of com.sun.identity.federation.accountmgmt.FSAccountMgmtException in project OpenAM by OpenRock.

the class FSFedTerminationHandler method updateAccountInformation.

/**
     * Updates the user account information. After sucessful operation,
     * the federation status corresponding to the user with the remote provider
     * is set to inactive.
     * @param ni <code>NameIdentifier</code> object corresponding to a user
     * @return boolean containing the status of the update operation
     */
protected boolean updateAccountInformation(NameIdentifier ni) {
    try {
        FSUtils.debug.message("FSFedTerminationHandler::updateAccountInformation: start");
        String searchDomain = remoteEntityId;
        // get name identifier to remove it from federation info key
        String nameId = null;
        String nameQualifier = null;
        if (ni != null) {
            nameQualifier = ni.getNameQualifier();
            if (nameQualifier != null && (nameQualifier.length() != 0) && !nameQualifier.equals(remoteEntityId)) {
                searchDomain = nameQualifier;
            }
            nameId = ni.getName();
        }
        if (nameId == null && acctInfo != null) {
            FSUtils.debug.message("FSAccountManager: getnameId in accInfo");
            NameIdentifier temp = acctInfo.getLocalNameIdentifier();
            if (temp != null) {
                nameId = temp.getName();
                nameQualifier = temp.getNameQualifier();
            } else {
                temp = acctInfo.getRemoteNameIdentifier();
                if (temp != null) {
                    nameId = temp.getName();
                    nameQualifier = temp.getNameQualifier();
                }
            }
        }
        FSAccountFedInfoKey fedInfoKey = new FSAccountFedInfoKey(nameQualifier, nameId);
        managerInst.removeAccountFedInfo(userID, fedInfoKey, searchDomain);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSFedTerminationHandler:: " + "updateAccountInformation deactivate successfully completed");
        }
    } catch (FSAccountMgmtException e) {
        FSUtils.debug.error("FSFedTerminationHandler::updateAccountInformation " + FSUtils.bundle.getString(IFSConstants.TERMINATION_LOCAL_FAILED));
        String[] data = { userID };
        LogUtil.error(Level.INFO, LogUtil.TERMINATION_FAILED, data, ssoToken);
        return false;
    }
    // Clean SessionMap off the partner to be done here.
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("Cleaning Session manager for user : " + userID);
        FSUtils.debug.message("Cleaning Session manager for remote provider: " + remoteEntityId);
        FSUtils.debug.message("Cleaning Session manager for hosted provider: " + hostedEntityId);
    }
    FSLogoutUtil.cleanSessionMapPartnerList(userID, remoteEntityId, metaAlias, null);
    return true;
}
Also used : NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)

Example 5 with FSAccountMgmtException

use of com.sun.identity.federation.accountmgmt.FSAccountMgmtException in project OpenAM by OpenRock.

the class FSDefaultSPAdapter method postSSOFederationSuccess.

/**
     * Invokes this method after the successful Single Sign-On or Federation.
     * @param hostedEntityID provider ID for the hosted SP
     * @param request servlet request
     * @param response servlet response
     * @param ssoToken user's SSO token
     * @param authnRequest the original authentication request sent from SP 
     * @param authnResponse response from IDP if Browser POST or LECP profile
     *        is used for the request, value will be null if Browser Artifact
     *        profile is used. 
     * @param samlResponse response from IDP if Browser Artifact profile is used
     *        for the request, value will be null if Browser POST or LECP 
     *        profile is used.
     * @exception FederationException if user want to fail the process.
     * @return true if browser redirection happened, false otherwise.
     */
public boolean postSSOFederationSuccess(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, Object ssoToken, FSAuthnRequest authnRequest, FSAuthnResponse authnResponse, FSResponse samlResponse) throws FederationException {
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSDefaultSPAdapter.postFedSuccess, " + "process " + hostedEntityID);
    }
    // find out if this is a federation request
    boolean isFederation = false;
    if (authnRequest == null) {
        FSUtils.debug.error("FSDefaultSPAdapter.postFedSuccess null");
    } else {
        String nameIDPolicy = authnRequest.getNameIDPolicy();
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSDefaultSPAdapter.postSuccess " + nameIDPolicy);
        }
        if (nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_FEDERATED)) {
            isFederation = true;
        }
    }
    SSOToken adminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
    if (isFederation && adminToken != null) {
        try {
            // get name Identifier
            String nameId = null;
            List assertions = null;
            String idpEntityId = null;
            if (authnResponse != null) {
                // POST profile
                assertions = authnResponse.getAssertion();
                idpEntityId = authnResponse.getProviderId();
            } else {
                // Artifact profile
                assertions = samlResponse.getAssertion();
            }
            FSAssertion assertion = (FSAssertion) assertions.iterator().next();
            if (idpEntityId == null) {
                idpEntityId = assertion.getIssuer();
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAdapter.postSuccess: idp=" + idpEntityId);
            }
            Iterator stmtIter = assertion.getStatement().iterator();
            while (stmtIter.hasNext()) {
                Statement statement = (Statement) stmtIter.next();
                int stmtType = statement.getStatementType();
                if (stmtType == Statement.AUTHENTICATION_STATEMENT) {
                    FSAuthenticationStatement authStatement = (FSAuthenticationStatement) statement;
                    FSSubject subject = (FSSubject) authStatement.getSubject();
                    NameIdentifier ni = subject.getIDPProvidedNameIdentifier();
                    if (ni == null) {
                        ni = subject.getNameIdentifier();
                    }
                    if (ni != null) {
                        nameId = ni.getName();
                    }
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAdapter.postSuccess: " + "found name id =" + nameId);
                    }
                    break;
                }
            }
            if (nameId == null) {
                FSUtils.debug.warning("FSAdapter.postSuc : null nameID");
                return false;
            }
            Map map = new HashMap();
            Set set = new HashSet();
            set.add("|" + hostedEntityID + "|" + nameId + "|");
            map.put("iplanet-am-user-federation-info-key", set);
            AMIdentityRepository idRepo = new AMIdentityRepository(adminToken, ((SSOToken) ssoToken).getProperty(ISAuthConstants.ORGANIZATION));
            IdSearchControl searchControl = new IdSearchControl();
            searchControl.setTimeOut(0);
            searchControl.setMaxResults(0);
            searchControl.setAllReturnAttributes(false);
            searchControl.setSearchModifiers(IdSearchOpModifier.AND, map);
            IdSearchResults searchResults = idRepo.searchIdentities(IdType.USER, "*", searchControl);
            Set amIdSet = searchResults.getSearchResults();
            if (amIdSet.size() > 1) {
                String univId = ((SSOToken) ssoToken).getProperty(Constants.UNIVERSAL_IDENTIFIER);
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAdapter.postSuccess: found " + amIdSet.size() + " federation with same ID as " + univId);
                }
                String metaAlias = null;
                try {
                    IDFFMetaManager metaManager = new IDFFMetaManager(ssoToken);
                    if (metaManager != null) {
                        SPDescriptorConfigElement spConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityID);
                        if (spConfig != null) {
                            metaAlias = spConfig.getMetaAlias();
                        }
                    }
                } catch (IDFFMetaException ie) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAdapter.postSuccess: " + "couldn't find meta alias:", ie);
                    }
                }
                FSAccountManager accManager = FSAccountManager.getInstance(metaAlias);
                FSAccountFedInfoKey fedInfoKey = new FSAccountFedInfoKey(hostedEntityID, nameId);
                // previous federation exists with different users
                Iterator it = amIdSet.iterator();
                while (it.hasNext()) {
                    AMIdentity amId = (AMIdentity) it.next();
                    // compare with the SSO token
                    String tmpUnivId = IdUtils.getUniversalId(amId);
                    if (univId.equalsIgnoreCase(tmpUnivId)) {
                        continue;
                    }
                    // remove federation information for this user
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSAdapter.postSucces, " + "remove fed info for user " + tmpUnivId);
                    }
                    accManager.removeAccountFedInfo(tmpUnivId, fedInfoKey, idpEntityId);
                }
            }
        } catch (FSAccountMgmtException f) {
            FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", f);
        } catch (IdRepoException i) {
            FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", i);
        } catch (SSOException e) {
            FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", e);
        }
    }
    return false;
}
Also used : SSOToken(com.iplanet.sso.SSOToken) Set(java.util.Set) HashSet(java.util.HashSet) FSSubject(com.sun.identity.federation.message.FSSubject) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) HashMap(java.util.HashMap) IdSearchResults(com.sun.identity.idm.IdSearchResults) SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement) SSOException(com.iplanet.sso.SSOException) FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey) FSAccountManager(com.sun.identity.federation.accountmgmt.FSAccountManager) FSAssertion(com.sun.identity.federation.message.FSAssertion) Iterator(java.util.Iterator) IdSearchControl(com.sun.identity.idm.IdSearchControl) List(java.util.List) HashSet(java.util.HashSet) FSAuthenticationStatement(com.sun.identity.federation.message.FSAuthenticationStatement) Statement(com.sun.identity.saml.assertion.Statement) FSAuthenticationStatement(com.sun.identity.federation.message.FSAuthenticationStatement) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) IdRepoException(com.sun.identity.idm.IdRepoException) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) AMIdentity(com.sun.identity.idm.AMIdentity) AMIdentityRepository(com.sun.identity.idm.AMIdentityRepository) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) Map(java.util.Map) HashMap(java.util.HashMap)

Aggregations

FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)15 FSAccountFedInfoKey (com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)8 FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)7 HashMap (java.util.HashMap)7 NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)6 Map (java.util.Map)6 Set (java.util.Set)5 FSAccountManager (com.sun.identity.federation.accountmgmt.FSAccountManager)4 SAMLException (com.sun.identity.saml.common.SAMLException)4 HashSet (java.util.HashSet)4 SSOException (com.iplanet.sso.SSOException)3 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)3 AMIdentity (com.sun.identity.idm.AMIdentity)3 IdRepoException (com.sun.identity.idm.IdRepoException)3 IOException (java.io.IOException)3 Iterator (java.util.Iterator)3 SSOToken (com.iplanet.sso.SSOToken)2 CLIException (com.sun.identity.cli.CLIException)2 IOutput (com.sun.identity.cli.IOutput)2 FSException (com.sun.identity.federation.common.FSException)2