Examples with FSException com.sun.identity.federation.common.FSException used on opensource projects
Example 6 with FSException
use of com.sun.identity.federation.common.FSException in project OpenAM by OpenRock.
the class FSDiscoveryBootStrap method getResourceOffering.
/**
* Gets the discovery bootstrap resource offering for the user.
* @return Document Discovery Resource Offering in an attribute statement
* @exception FSException if there's any failure.
*/
private Document getResourceOffering(FSSubject libSubject, AuthnContext authnContext, String userID, String wscID, String realm) throws FSException {
FSUtils.debug.message("FSDiscoveryBootStrap.getResourceOffering:Init");
StringBuffer sb = new StringBuffer(300);
sb.append("<").append(SAMLConstants.ASSERTION_PREFIX).append("AttributeValue").append(SAMLConstants.assertionDeclareStr).append(">").append(SAMLConstants.NL);
DiscoEntryElement discoEntry = DiscoServiceManager.getBootstrappingDiscoEntry();
if (discoEntry == null) {
throw new FSException("nullDiscoveryOffering", null);
}
try {
ResourceOfferingType offering = discoEntry.getResourceOffering();
ServiceInstanceType serviceInstance = offering.getServiceInstance();
String providerID = serviceInstance.getProviderID();
if (!DiscoServiceManager.useImpliedResource()) {
ResourceIDMapper idMapper = DiscoServiceManager.getResourceIDMapper(providerID);
if (idMapper == null) {
idMapper = DiscoServiceManager.getDefaultResourceIDMapper();
}
ObjectFactory fac = new com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory();
ResourceIDType resourceID = fac.createResourceIDType();
String resourceIDValue = idMapper.getResourceID(providerID, userID);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDiscoveryBootStrap.getResource" + "Offering: ResourceID Value:" + resourceIDValue);
}
resourceID.setValue(resourceIDValue);
offering.setResourceID(resourceID);
} else {
ObjectFactory fac = new com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory();
ResourceIDType resourceID = fac.createResourceIDType();
resourceID.setValue(DiscoConstants.IMPLIED_RESOURCE);
offering.setResourceID(resourceID);
}
List discoEntryList = new ArrayList();
discoEntryList.add(discoEntry);
SessionSubject sessionSubject = null;
if (DiscoServiceManager.encryptNIinSessionContext()) {
sessionSubject = new SessionSubject(EncryptedNameIdentifier.getEncryptedNameIdentifier(libSubject.getNameIdentifier(), realm, providerID), libSubject.getSubjectConfirmation(), libSubject.getIDPProvidedNameIdentifier());
} else {
sessionSubject = new SessionSubject(libSubject.getNameIdentifier(), libSubject.getSubjectConfirmation(), libSubject.getIDPProvidedNameIdentifier());
}
SessionContext invocatorSession = new SessionContext(sessionSubject, authnContext, providerID);
Map map = DiscoUtils.checkPolicyAndHandleDirectives(userID, null, discoEntryList, null, invocatorSession, wscID, _ssoToken);
List offerings = (List) map.get(DiscoUtils.OFFERINGS);
if (offerings.isEmpty()) {
FSUtils.debug.message("FSDiscoBootStrap.getResourceOffering:no ResourceOffering");
throw new FSException("nullDiscoveryOffering", null);
}
ResourceOffering resourceOffering = (ResourceOffering) offerings.get(0);
_assertions = (List) map.get(DiscoUtils.CREDENTIALS);
if ((_assertions != null) && (_assertions.size() != 0)) {
_hasCredentials = true;
}
sb.append(resourceOffering.toString());
sb.append("</").append(SAMLConstants.ASSERTION_PREFIX).append("AttributeValue>");
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDiscoveryBootStap.getResourceOffering:Resource Offering:" + sb.toString());
}
return XMLUtils.toDOMDocument(sb.toString(), null);
} catch (Exception ex) {
FSUtils.debug.error("FSDiscoveryBootStrap.getResourceOffering:" + "Exception while creating resource offering.", ex);
throw new FSException(ex);
}
}
Also used :
ResourceOffering(com.sun.identity.liberty.ws.disco.ResourceOffering)
ArrayList(java.util.ArrayList)
DiscoEntryElement(com.sun.identity.liberty.ws.disco.plugins.jaxb.DiscoEntryElement)
FSException(com.sun.identity.federation.common.FSException)
ResourceIDMapper(com.sun.identity.liberty.ws.interfaces.ResourceIDMapper)
FSException(com.sun.identity.federation.common.FSException)
ArrayList(java.util.ArrayList)
List(java.util.List)
Map(java.util.Map)
Example 7 with FSException
use of com.sun.identity.federation.common.FSException in project OpenAM by OpenRock.
the class FSAssertionManager method createFSAssertionArtifact.
/**
* Creates an assertion artifact.
* @param id session ID
* @param realm the realm in which the provider resides
* @param spEntityID service provider's entity ID
* @param spHandle service provider issued <code>NameIdentifier</code>
* @param idpHandle identity provider issued <code>NameIdentifier</code>
* @param inResponseTo value to InResponseTo attribute. It's the request ID.
* @param minorVersion request minor version, used to determine assertion's
* minor version
* @exception FSException,SAMLException if error occurrs
*/
public AssertionArtifact createFSAssertionArtifact(String id, String realm, String spEntityID, NameIdentifier spHandle, NameIdentifier idpHandle, String inResponseTo, int minorVersion) throws FSException, SAMLException {
// check input
if ((id == null) || (spEntityID == null)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager: null input for" + " method createFSAssertionArtifact.");
}
throw new FSException("nullInput", null);
}
// create assertion id and artifact
String handle = SAMLUtils.generateAssertionHandle();
if (handle == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createFSAssertionArt" + "ifact: couldn't generate assertion handle.");
}
throw new FSException("errorCreateArtifact", null);
}
// TODO: should obtain it through meta
String sourceSuccinctID = FSUtils.generateSourceID(hostEntityId);
byte[] bytesSourceId = SAMLUtils.stringToByteArray(sourceSuccinctID);
byte[] bytesHandle = null;
try {
bytesHandle = handle.getBytes(IFSConstants.SOURCEID_ENCODING);
} catch (Exception e) {
FSUtils.debug.error("FSAssertionManager.createFSAssertionArt: ", e);
return null;
}
AssertionArtifact art = new FSAssertionArtifact(bytesSourceId, bytesHandle);
int assertionMinorVersion = IFSConstants.FF_11_ASSERTION_MINOR_VERSION;
if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
assertionMinorVersion = IFSConstants.FF_12_ART_ASSERTION_MINOR_VERSION;
}
Assertion assertion = createFSAssertion(id, art, realm, spEntityID, spHandle, idpHandle, inResponseTo, assertionMinorVersion);
return art;
}
Also used :
FSException(com.sun.identity.federation.common.FSException)
Assertion(com.sun.identity.saml.assertion.Assertion)
FSAssertion(com.sun.identity.federation.message.FSAssertion)
FSAssertionArtifact(com.sun.identity.federation.message.FSAssertionArtifact)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ParseException(java.text.ParseException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
UnknownHostException(java.net.UnknownHostException)
AssertionArtifact(com.sun.identity.saml.protocol.AssertionArtifact)
FSAssertionArtifact(com.sun.identity.federation.message.FSAssertionArtifact)
Example 8 with FSException
use of com.sun.identity.federation.common.FSException in project OpenAM by OpenRock.
the class FSAssertionManager method getErrorStatus.
/**
* Retrieve the original status of a reference artifact.
* @param aa reference artifact
* @return The status as originally recorded.
*/
public Status getErrorStatus(AssertionArtifact aa) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("getErrorStatus( " + aa + " )");
}
Entry e = null;
Status s = null;
String remoteUrl = SAMLUtils.getServerURL(aa.getAssertionHandle());
if (remoteUrl != null) {
// call AssertionManagerClient.getAssertion
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("AssertionManager.getAssertion(art, " + "destid: calling another server in lb site:" + remoteUrl);
}
try {
FSAssertionManagerClient amc = new FSAssertionManagerClient(metaAlias, getFullServiceURL(remoteUrl));
s = amc.getErrorStatus(aa);
} catch (FSException fse) {
FSUtils.debug.error(fse.getMessage());
}
} else {
e = (Entry) idEntryMap.get(aa.getAssertionArtifact());
if (null != e) {
Assertion assertion = e.getAssertion();
if (assertion instanceof ErrorAssertion) {
ErrorAssertion eassert = (ErrorAssertion) assertion;
s = eassert.getStatus();
}
}
}
return s;
}
Also used :
Status(com.sun.identity.saml.protocol.Status)
FSException(com.sun.identity.federation.common.FSException)
Assertion(com.sun.identity.saml.assertion.Assertion)
FSAssertion(com.sun.identity.federation.message.FSAssertion)
Example 9 with FSException
use of com.sun.identity.federation.common.FSException in project OpenAM by OpenRock.
the class FSAssertionManagerClient method getErrorStatus.
protected Status getErrorStatus(AssertionArtifact artifact) throws FSException {
String status = null;
try {
Object[] obj = { metaAlias, artifact.getAssertionArtifact() };
status = (String) stub.send("getErrorStatus", obj, null, null);
if (status == null && FSUtils.debug.messageEnabled()) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("AMC:getErrorStatus(" + artifact + "): Server returned NULL");
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("AMC:getErrorStatus: status:" + status);
}
}
if (null != status) {
Document doc = XMLUtils.toDOMDocument(status, FSUtils.debug);
if (null != doc) {
return new Status(doc.getDocumentElement());
}
}
} catch (RemoteException re) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("AMC:getErrorStatus: " + artifact, re);
}
throw (new FSException(re.getMessage()));
} catch (FSRemoteException re) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("AMC:getErrorStatus: " + artifact, re);
}
throw (new FSException(re.getMessage()));
} catch (SAMLException re) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("AMC:getErrorStatus: " + artifact, re);
}
throw (new FSException(re.getMessage()));
} catch (Exception re) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("AMC:getErrorStatus: " + artifact, re);
}
throw (new FSException(re.getMessage()));
}
return null;
}
Also used :
Status(com.sun.identity.saml.protocol.Status)
FSException(com.sun.identity.federation.common.FSException)
Document(org.w3c.dom.Document)
FSRemoteException(com.sun.identity.federation.common.FSRemoteException)
RemoteException(java.rmi.RemoteException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSRemoteException(com.sun.identity.federation.common.FSRemoteException)
RemoteException(java.rmi.RemoteException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
FSRemoteException(com.sun.identity.federation.common.FSRemoteException)
Example 10 with FSException
use of com.sun.identity.federation.common.FSException in project OpenAM by OpenRock.
the class FSSOAPReceiver method onMessage.
/**
* Process the request.
* @param request http request object
* @param response http response object
* @param message received soap message
*/
public void onMessage(HttpServletRequest request, HttpServletResponse response, SOAPMessage message) {
FSUtils.debug.message("FSSOAPReceiver.onMessage: Called");
try {
Element elt = soapService.parseSOAPMessage(message);
if (elt == null) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing saml:Request. Invalid SOAPMessage");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
String eltTagName = (elt.getTagName().trim());
String ns = elt.getNamespaceURI().trim();
String nodeName = elt.getLocalName().trim();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver.onMessage: " + "tagName: " + eltTagName + " namespaceUri: " + ns + " localName: " + nodeName);
}
//check for saml:Request
if (nodeName.equalsIgnoreCase("Request") && ns.equalsIgnoreCase(IFSConstants.PROTOCOL_NAMESPACE_URI)) {
SOAPMessage retMessage = null;
try {
FSSAMLRequest samlRequest = new FSSAMLRequest(elt);
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager == null) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "could not create meta instance");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
String metaAlias = FSServiceUtils.getMetaAlias(request);
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
String hostedEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
IDPDescriptorType hostedDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
FSServiceManager sm = FSServiceManager.getInstance();
FSSSOBrowserArtifactProfileHandler handler = (FSSSOBrowserArtifactProfileHandler) sm.getBrowserArtifactSSOAndFedHandler(request, response, samlRequest);
handler.setSOAPMessage(message);
handler.setSAMLRequestElement(elt);
handler.setHostedEntityId(hostedEntityId);
handler.setHostedDescriptor(hostedDesc);
handler.setHostedDescriptorConfig(hostedConfig);
handler.setMetaAlias(metaAlias);
handler.setRealm(realm);
FSResponse samlResponse = handler.processSAMLRequest(samlRequest);
if (samlResponse != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver.onMessage: " + "SAML Response created: " + samlResponse.toXMLString());
}
} else {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "SAML Response is null");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
// introduce id attribute for Assertion bind in
// SOAPEnvelope and sign
retMessage = soapService.bind(((FSResponse) samlResponse).toXMLString(true, true));
if (FSServiceUtils.isSigningOn()) {
List assList = samlResponse.getAssertion();
Iterator iter = assList.iterator();
while (iter.hasNext()) {
FSAssertion assertion = (FSAssertion) iter.next();
String id = assertion.getID();
Document doc = (Document) FSServiceUtils.createSOAPDOM(retMessage);
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("SOAPReceiver.onMessage: couldn't " + "obtain this site's cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString("cannotFindCertAlias"));
}
XMLSignatureManager manager = XMLSignatureManager.getInstance();
int minorVersion = assertion.getMinorVersion();
if (minorVersion == IFSConstants.FF_11_ASSERTION_MINOR_VERSION) {
manager.signXML(doc, certAlias, SystemConfigurationUtil.getProperty(SAMLConstants.XMLSIG_ALGORITHM), IFSConstants.ID, id, false);
} else if (minorVersion == IFSConstants.FF_12_POST_ASSERTION_MINOR_VERSION || minorVersion == IFSConstants.FF_12_ART_ASSERTION_MINOR_VERSION) {
manager.signXML(doc, certAlias, SystemConfigurationUtil.getProperty(SAMLConstants.XMLSIG_ALGORITHM), IFSConstants.ASSERTION_ID, assertion.getAssertionID(), false);
} else {
FSUtils.debug.error("invalid minor version.");
}
retMessage = FSServiceUtils.convertDOMToSOAP(doc);
}
}
if (retMessage == null) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing saml:Request");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
} catch (SAMLException se) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing saml:Request:", se);
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
} catch (IDFFMetaException me) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing saml:Request:", me);
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
returnSOAPMessage(retMessage, response);
return;
}
if (nodeName.equalsIgnoreCase("AuthnRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
SOAPMessage retMessage = null;
try {
FSAuthnRequest authnRequest = new FSAuthnRequest(elt);
handleLECPRequest(request, response, authnRequest);
retMessage = null;
} catch (FSException e) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing lecp AuthnRequest:", e);
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
returnSOAPMessage(retMessage, response);
return;
} else if (nodeName.equalsIgnoreCase("RegisterNameIdentifierRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
SOAPMessage retMessage = null;
boolean isError = false;
String providerAlias = null;
ProviderDescriptorType hostedProviderDesc = null;
BaseConfigType hostedConfig = null;
String realm = null;
String hostedEntityId = null;
String hostedRole = null;
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver.onMessage: " + "Handling NameRegistrationRequest");
}
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager == null) {
FSUtils.debug.message("Unable to get meta manager");
isError = true;
} else {
providerAlias = FSServiceUtils.getMetaAlias(request);
if (providerAlias == null || providerAlias.length() < 1) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to retrieve alias" + "Hosted Provider. Cannot process request");
}
isError = true;
}
realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
try {
hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedRole != null && hostedRole.equals(IFSConstants.IDP)) {
hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
} else if (hostedRole != null && hostedRole.equals(IFSConstants.SP)) {
hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
}
if (hostedProviderDesc == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException eam) {
FSUtils.debug.error("Unable to find Hosted Provider. " + "Cannot process request");
isError = true;
}
}
if (isError || hostedProviderDesc == null) {
returnSOAPMessage(retMessage, response);
return;
} else {
FSNameRegistrationResponse regisResponse = handleRegistrationRequest(elt, message, hostedProviderDesc, hostedConfig, hostedRole, realm, hostedEntityId, providerAlias, request, response);
if (regisResponse == null) {
FSUtils.debug.error("Error in creating NameRegistration Response");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
retMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver.onMessage: " + "Completed creating response");
}
retMessage = soapService.bind(regisResponse.toXMLString(true, true));
FSUtils.debug.message("Completed bind message");
if (retMessage == null) {
FSUtils.debug.error("Error in processing NameRegistration " + "Response");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
retMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
} else {
if (FSServiceUtils.isSigningOn()) {
try {
int minorVersion = regisResponse.getMinorVersion();
if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
retMessage = signResponse(retMessage, IFSConstants.ID, regisResponse.getID(), hostedConfig);
} else if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
retMessage = signResponse(retMessage, IFSConstants.RESPONSE_ID, regisResponse.getResponseID(), hostedConfig);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("invalid minor version.");
}
}
} catch (SAMLException e) {
FSUtils.debug.error("FSNameRegistrationHandler:" + "sign soap Response failed", e);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
} catch (FSMsgException e) {
FSUtils.debug.error("FSNameRegistrationHandler::" + "signRegistrationResponse failed", e);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
}
}
}
}
if (FSUtils.debug.messageEnabled()) {
ByteArrayOutputStream bop = null;
String xmlString = null;
bop = new ByteArrayOutputStream();
retMessage.writeTo(bop);
xmlString = bop.toString(IFSConstants.DEFAULT_ENCODING);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("return SOAP message:" + xmlString);
}
}
returnSOAPMessage(retMessage, response);
return;
} catch (Exception se) {
FSUtils.debug.error("Error in processing Name Registration request" + se.getMessage());
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
retMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
returnSOAPMessage(retMessage, response);
}
} else if (nodeName.equalsIgnoreCase("NameIdentifierMappingRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
FSUtils.debug.message("FSSOAPReceiver:handling Name Identifier Mapping Request");
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
String metaAlias = FSServiceUtils.getMetaAlias(request);
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
String hostedEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
ProviderDescriptorType hostedDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
FSNameIdentifierMappingRequest mappingRequest = new FSNameIdentifierMappingRequest(elt);
if (FSServiceUtils.isSigningOn()) {
String remoteEntityId = mappingRequest.getProviderID();
ProviderDescriptorType remoteDesc = getRemoteProviderDescriptor(// it has to be idp
IFSConstants.IDP, remoteEntityId, realm);
if (remoteDesc == null) {
return;
}
if (verifyRequestSignature(elt, message, KeyUtil.getVerificationCert(remoteDesc, remoteEntityId, true))) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver: Success in verifying " + "Name Identifier Mapping Request");
}
} else {
FSUtils.debug.error("Failed verifying Name Identifier Mapping Request");
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
}
String targetNamespace = mappingRequest.getTargetNamespace();
String inResponseTo = mappingRequest.getRequestID();
Status status = new Status(new StatusCode("samlp:Success"));
FSNameMappingHandler idpHandler = new FSNameMappingHandler(hostedEntityId, hostedDesc, hostedConfig, metaAlias);
NameIdentifier nameIdentifier = idpHandler.getNameIdentifier(mappingRequest, targetNamespace, false);
String enableEncryption = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.ENABLE_NAMEID_ENCRYPTION);
if (enableEncryption != null && enableEncryption.equalsIgnoreCase("true")) {
nameIdentifier = EncryptedNameIdentifier.getEncryptedNameIdentifier(nameIdentifier, realm, targetNamespace);
}
FSNameIdentifierMappingResponse mappingResponse = new FSNameIdentifierMappingResponse(hostedEntityId, inResponseTo, status, nameIdentifier);
if (FSServiceUtils.isSigningOn()) {
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
mappingResponse.signXML(certAlias);
}
SOAPMessage retMessage = soapService.bind(mappingResponse.toXMLString(true, true));
returnSOAPMessage(retMessage, response);
return;
} else if (nodeName.equalsIgnoreCase("FederationTerminationNotification") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
try {
FSUtils.debug.message("calling FSSOAPReceiver::handleTerminationRequest");
boolean bHandleStatus = handleTerminationRequest(elt, message, request, response);
if (bHandleStatus) {
FSUtils.debug.message("Completed processing terminationRequest");
returnTerminationStatus(response);
return;
} else {
FSUtils.debug.message("Failed processing terminationRequest");
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
} catch (Exception se) {
FSUtils.debug.error("Error in processing Federation Termination Request", se);
String[] data = { IFSConstants.TERMINATION_REQUEST_PROCESSING_FAILED };
LogUtil.error(Level.INFO, LogUtil.TERMINATION_REQUEST_PROCESSING_FAILED, data);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
} else if (nodeName.equalsIgnoreCase("LogoutRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
try {
FSUtils.debug.message("calling FSSOAPReceiver::handleLogoutRequest");
ProviderDescriptorType hostedProviderDesc = null;
BaseConfigType hostedConfig = null;
String providerAlias = null;
String realm = null;
String hostedEntityId = null;
String hostedRole = null;
try {
providerAlias = FSServiceUtils.getMetaAlias(request);
realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedRole != null) {
if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
} else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
}
}
} catch (Exception e) {
FSUtils.debug.error("FSSOAPReceiver, provider", e);
}
FSLogoutNotification logoutRequest = new FSLogoutNotification(elt);
Map map = handleLogoutRequest(elt, logoutRequest, message, request, response, hostedProviderDesc, hostedConfig, providerAlias, realm, hostedEntityId, hostedRole);
String responseID = SAMLUtils.generateID();
String inResponseTo = logoutRequest.getRequestID();
String relayState = logoutRequest.getRelayState();
FSLogoutResponse resp = null;
boolean statusSuccess = false;
SOAPMessage retSoapMessage = null;
if (map == null) {
StatusCode statusCode = new StatusCode(IFSConstants.SAML_RESPONDER);
Status status = new Status(statusCode);
resp = new FSLogoutResponse(responseID, inResponseTo, status, hostedEntityId, relayState);
} else {
retSoapMessage = (SOAPMessage) map.get(MESSAGE);
SOAPPart sp = retSoapMessage.getSOAPPart();
SOAPEnvelope se = sp.getEnvelope();
SOAPBody sb = se.getBody();
if (sb.hasFault()) {
StatusCode secondLevelstatusCode = new StatusCode(IFSConstants.SAML_UNSUPPORTED);
StatusCode statusCode = new StatusCode(IFSConstants.SAML_RESPONDER, secondLevelstatusCode);
Status status = new Status(statusCode);
resp = new FSLogoutResponse(responseID, inResponseTo, status, hostedEntityId, relayState);
} else {
StatusCode statusCode = new StatusCode(IFSConstants.SAML_SUCCESS);
Status status = new Status(statusCode);
resp = new FSLogoutResponse(responseID, inResponseTo, status, hostedEntityId, relayState);
statusSuccess = true;
}
}
resp.setID(IFSConstants.LOGOUTID);
resp.setMinorVersion(logoutRequest.getMinorVersion());
retSoapMessage = soapService.bind(resp.toXMLString(true, true));
// Call SP Adapter postSingleLogoutSuccess for IDP/SOAP
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP) && statusSuccess) {
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver, " + "call postSingleLogoutSuccess, IDP/SOAP");
}
try {
spAdapter.postSingleLogoutSuccess(hostedEntityId, request, response, (String) map.get(USERID), logoutRequest, resp, IFSConstants.LOGOUT_IDP_SOAP_PROFILE);
} catch (Exception e) {
// ignore adapter exception
FSUtils.debug.error("postSingleLogoutSuccess." + "IDP/SOAP", e);
}
}
}
if (FSServiceUtils.isSigningOn()) {
try {
int minorVersion = resp.getMinorVersion();
if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
retSoapMessage = signResponse(retSoapMessage, IFSConstants.ID, resp.getID(), hostedConfig);
} else if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
retSoapMessage = signResponse(retSoapMessage, IFSConstants.RESPONSE_ID, resp.getResponseID(), hostedConfig);
} else {
FSUtils.debug.error("invalid minor version.");
}
} catch (SAMLException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LogoutResponse failed", e);
}
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
} catch (FSMsgException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LogoutResponse failed", e);
}
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Logout exception:", e);
}
}
}
returnSOAPMessage(retSoapMessage, response);
return;
} catch (Exception se) {
FSUtils.debug.error("Error in processing logout Request", se);
String[] data = { FSUtils.bundle.getString(IFSConstants.LOGOUT_REQUEST_PROCESSING_FAILED) };
LogUtil.error(Level.INFO, LogUtil.LOGOUT_REQUEST_PROCESSING_FAILED, data);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
}
//check for other Liberty msgs should go here
} catch (Exception e) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing Request: Exception occured: ", e);
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
java.io.ByteArrayOutputStream strm = new java.io.ByteArrayOutputStream();
e.printStackTrace(new java.io.PrintStream(strm));
FSUtils.debug.error(strm.toString());
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
Also used :
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
EncryptedNameIdentifier(com.sun.identity.federation.message.common.EncryptedNameIdentifier)
Element(org.w3c.dom.Element)
FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest)
FSLogoutNotification(com.sun.identity.federation.message.FSLogoutNotification)
SOAPEnvelope(javax.xml.soap.SOAPEnvelope)
Document(org.w3c.dom.Document)
SOAPMessage(javax.xml.soap.SOAPMessage)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSAssertion(com.sun.identity.federation.message.FSAssertion)
Iterator(java.util.Iterator)
FSException(com.sun.identity.federation.common.FSException)
SOAPPart(javax.xml.soap.SOAPPart)
List(java.util.List)
FSSAMLRequest(com.sun.identity.federation.message.FSSAMLRequest)
FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)
FSLogoutStatus(com.sun.identity.federation.services.logout.FSLogoutStatus)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
FSNameIdentifierMappingResponse(com.sun.identity.federation.message.FSNameIdentifierMappingResponse)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
SOAPException(javax.xml.soap.SOAPException)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSException(com.sun.identity.federation.common.FSException)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
SOAPBody(javax.xml.soap.SOAPBody)
FSSSOBrowserArtifactProfileHandler(com.sun.identity.federation.services.fednsso.FSSSOBrowserArtifactProfileHandler)
FSNameMappingHandler(com.sun.identity.federation.services.namemapping.FSNameMappingHandler)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
FSResponse(com.sun.identity.federation.message.FSResponse)
FSNameRegistrationResponse(com.sun.identity.federation.message.FSNameRegistrationResponse)
FSNameIdentifierMappingRequest(com.sun.identity.federation.message.FSNameIdentifierMappingRequest)
Map(java.util.Map)
HashMap(java.util.HashMap)
Aggregations
FSException (com.sun.identity.federation.common.FSException)49
SAMLException (com.sun.identity.saml.common.SAMLException)25
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)21
SessionException (com.sun.identity.plugin.session.SessionException)19
IOException (java.io.IOException)13
List (java.util.List)12
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)10
FSAssertion (com.sun.identity.federation.message.FSAssertion)10
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)8
FSAuthnRequest (com.sun.identity.federation.message.FSAuthnRequest)8
ArrayList (java.util.ArrayList)8
Iterator (java.util.Iterator)8
Document (org.w3c.dom.Document)8
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)7
IDPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)7
ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)7
NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)7
Status (com.sun.identity.saml.protocol.Status)7
Map (java.util.Map)7
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)6
