Examples with FSException com.sun.identity.federation.common.FSException used on opensource projects

Example 16 with FSException

use of com.sun.identity.federation.common.FSException in project OpenAM by OpenRock.

the class CDCServlet method createAssertion.

private FSAssertion createAssertion(String destID, String sourceID, String tokenID, String authType, String strAuthInst, String userDN, String inResponseTo) throws FSException, SAMLException {
    debug.message("Entering CDCServlet.createAssertion Method");
    if ((destID == null) || (sourceID == null) || (tokenID == null) || (authType == null) || (userDN == null) || (inResponseTo == null)) {
        debug.message("CDCServlet,createAssertion: null input");
        throw new FSException(FSUtils.bundle.getString("nullInput"));
    }
    String securityDomain = sourceID;
    NameIdentifier idpHandle = new NameIdentifier(URLEncDec.encode(tokenID), sourceID);
    NameIdentifier spHandle = idpHandle;
    String authMethod = authType;
    Date authInstant = convertAuthInstanceToDate(strAuthInst);
    if (debug.messageEnabled()) {
        debug.message("CDCServlet.createAssertion " + "Creating Authentication Assertion for user with opaqueHandle =" + spHandle.getName() + " and SecurityDomain = " + securityDomain);
    }
    SubjectConfirmation subConfirmation = new SubjectConfirmation(IFSConstants.CONFIRMATION_METHOD_BEARER);
    IDPProvidedNameIdentifier idpNi = new IDPProvidedNameIdentifier(idpHandle.getNameQualifier(), idpHandle.getName());
    FSSubject sub = new FSSubject(spHandle, subConfirmation, idpNi);
    SubjectLocality authLocality = new SubjectLocality(IPAddress, DNSAddress);
    AuthnContext authnContextStmt = new AuthnContext(null, null);
    FSAuthenticationStatement statement = new FSAuthenticationStatement(authMethod, authInstant, sub, authLocality, null, authnContextStmt);
    //setReauthenticateOnOrAfter date
    Date issueInstant = new Date();
    // get this period from the config
    Integer assertionTimeout = new Integer(IFSConstants.ASSERTION_TIMEOUT_DEFAULT);
    long period = (assertionTimeout.intValue()) * 1000;
    if (period < IFSConstants.ASSERTION_TIMEOUT_ALLOWED_DIFFERENCE) {
        period = IFSConstants.ASSERTION_TIMEOUT_ALLOWED_DIFFERENCE;
    }
    Date notAfter = new Date(issueInstant.getTime() + period);
    statement.setReauthenticateOnOrAfter(notAfter);
    if (debug.messageEnabled()) {
        debug.message("CDCServlet.createAssertion: " + "Authentication Statement: " + statement.toXMLString());
    }
    Conditions cond = new Conditions(issueInstant, notAfter);
    if ((destID != null) && (destID.length() != 0)) {
        List targets = new ArrayList(1);
        targets.add(destID);
        cond.addAudienceRestrictionCondition(new AudienceRestrictionCondition(targets));
    }
    if (debug.messageEnabled()) {
        debug.message("CDCServlet.createAssertion: " + "Condition: " + cond.toString());
    }
    AssertionIDReference aID = new AssertionIDReference();
    Set statements = new HashSet(2);
    statements.add(statement);
    FSAssertion assertion = new FSAssertion(aID.getAssertionIDReference(), sourceID, issueInstant, cond, statements, inResponseTo);
    assertion.setID(aID.getAssertionIDReference());
    String[] params = { FSUtils.bundle.getString("assertionCreated") + ":" + assertion.toString() };
    LogUtil.access(Level.INFO, "CREATE_ASSERTION", params);
    if (debug.messageEnabled()) {
        debug.message("CDCServlet.createAssertion:" + " Returning Assertion: " + assertion.toXMLString());
    }
    return assertion;
}

Example 17 with FSException

use of com.sun.identity.federation.common.FSException in project OpenAM by OpenRock.

the class CDCServlet method redirectWithAuthNResponse.

/**
     * Constructs the Liberty AuthNResponse with Restricted SSOToken
     * and redirects the user to the requested resouce
     */
private void redirectWithAuthNResponse(HttpServletRequest request, HttpServletResponse response, SSOToken token) throws ServletException, IOException {
    String gotoURL = getRedirectURL(request, response);
    if (debug.messageEnabled()) {
        debug.message("CDCServlet.redirectWithAuthNResponse: gotoURL = " + gotoURL);
    }
    if (debug.messageEnabled()) {
        debug.message("CDCServlet.redirectWithAuthNResponse: After encoding: gotoURL = " + gotoURL);
    }
    if (gotoURL != null) {
        try {
            String inResponseTo = request.getParameter(REQUEST_ID);
            String spDescriptor = request.getParameter(PROVIDER_ID);
            String resTokenID = null;
            /**
                 * validateAndGetRestriction throws an exception if an agent
                 * profile with provider id and goto url is not present
                 */
            TokenRestriction tokenRes = spValidator.validateAndGetRestriction(FSAuthnRequest.parseURLEncodedRequest(request), gotoURL);
            if (uniqueCookieEnabled) {
                resTokenID = sessionService.getRestrictedTokenId(token.getTokenID().toString(), tokenRes);
            } else {
                resTokenID = token.getTokenID().toString();
            }
            FSAssertion assertion = createAssertion(spDescriptor, SELF_PROVIDER_ID, resTokenID, token.getAuthType(), token.getProperty("authInstant"), token.getPrincipal().getName(), inResponseTo);
            String relayState = request.getParameter(RELAY_STATE);
            Status status = new Status(new StatusCode(IFSConstants.STATUS_CODE_SUCCESS));
            FSAuthnResponse authnResponse = createAuthnResponse(SELF_PROVIDER_ID, responseID, inResponseTo, status, assertion, relayState);
            sendAuthnResponse(request, response, authnResponse, gotoURL);
        } catch (SAMLException se) {
            debug.error("CDCServlet.doGetPost", se);
            showError(response);
        } catch (FSMsgException fe) {
            debug.error("CDCServlet.doGetPost", fe);
            showError(response);
        } catch (FSException fse) {
            debug.error("CDCServlet.doGetPost", fse);
            showError(response);
        } catch (SessionException e) {
            debug.error("CDCServlet.doGetPost", e);
        } catch (SSOException ssoe) {
            debug.error("CDCServlet.doGetPost", ssoe);
        } catch (Exception e) {
            debug.error("CDCServlet.doGetPost", e);
            spValidator = new LdapSPValidator();
            showError(response, FORBIDDEN_STR_MATCH);
        }
    }
}

Example 18 with FSException

use of com.sun.identity.federation.common.FSException in project OpenAM by OpenRock.

the class FSTerminationRequestServlet method doRequestProcessing.

/**
     * Called when a Termination request is received from a remote provider.
     * @param request <code>HTTPServletRequest</code> object received via HTTP
     *  Redirect
     * @param response <code>HTTPServletResponse</code> object to send the 
     *  response back to user agent
     * @param hostedProviderDesc the provider for whom request is received
     * @param hostedConfig hosted provider's extended meta
     * @param hostedProviderRole hosted provider's role
     * @param realm The realm under which the entity resides
     * @param hostedEntityId hosted provider's entity ID
     * @param providerAlias hosted provider's meta alias
     * @param reqTermination the federation termination request
     */
private void doRequestProcessing(HttpServletRequest request, HttpServletResponse response, ProviderDescriptorType hostedProviderDesc, BaseConfigType hostedConfig, String hostedProviderRole, String realm, String hostedEntityId, String providerAlias, FSFederationTerminationNotification reqTermination) {
    FSUtils.debug.message("Entered FSTerminationRequestServlet::doRequestProcessing");
    String remoteEntityId = reqTermination.getProviderId();
    String retURL = null;
    ProviderDescriptorType remoteDesc = null;
    boolean isIDP = false;
    try {
        if (hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
            remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
            isIDP = true;
        } else {
            remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
        }
        if (remoteDesc == null) {
            throw new IDFFMetaException((String) null);
        }
        retURL = remoteDesc.getFederationTerminationServiceReturnURL();
    } catch (IDFFMetaException e) {
        FSUtils.debug.error("FSTerminationRequestServlet.doRequest " + "Processing: Can not retrieve remote provider data." + remoteEntityId);
        String[] data = { remoteEntityId, realm };
        LogUtil.error(Level.INFO, LogUtil.INVALID_PROVIDER, data);
        FSServiceUtils.returnToSource(response, retURL, commonErrorPage, IFSConstants.TERMINATION_INVALID_FEDERATION, IFSConstants.METADATA_ERROR);
        return;
    }
    boolean bVerify = true;
    if (FSServiceUtils.isSigningOn()) {
        try {
            if (remoteDesc != null) {
                FSUtils.debug.message("Calling verifyTerminationSignature");
                bVerify = verifyTerminationSignature(request, remoteDesc, remoteEntityId, isIDP);
            } else {
                FSUtils.debug.error("Remote provider metadata not found.");
                String[] data = { remoteEntityId, realm };
                LogUtil.error(Level.INFO, LogUtil.INVALID_PROVIDER, data);
                FSServiceUtils.returnToSource(response, retURL, commonErrorPage, IFSConstants.TERMINATION_INVALID_FEDERATION, IFSConstants.METADATA_ERROR);
                return;
            }
        } catch (FSException e) {
            FSUtils.debug.error("FSTerminationRequestServlet::doRequestProcessing " + "Signature on termination request is invalid" + "Cannot proceed federation termination");
            String[] data = { FSUtils.bundle.getString(IFSConstants.TERMINATION_INVALID_SIGNATURE) };
            LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data);
            FSServiceUtils.returnToSource(response, retURL, commonErrorPage, IFSConstants.TERMINATION_INVALID_FEDERATION, IFSConstants.METADATA_ERROR);
            return;
        } catch (SAMLException e) {
            FSUtils.debug.error("FSFedTerminationHandler::doRequestProcessing " + "Signature on termination request is invalid" + "Cannot proceed federation termination");
            String[] data = { FSUtils.bundle.getString(IFSConstants.TERMINATION_INVALID_SIGNATURE) };
            LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data);
            FSServiceUtils.returnToSource(response, retURL, commonErrorPage, IFSConstants.TERMINATION_INVALID_FEDERATION, IFSConstants.METADATA_ERROR);
            return;
        }
    }
    if (bVerify) {
        // Check if trusted provider
        if (metaManager.isTrustedProvider(realm, hostedEntityId, remoteEntityId)) {
            FSServiceManager instService = FSServiceManager.getInstance();
            if (instService != null) {
                FSFedTerminationHandler termHandler = instService.getFedTerminationHandler(reqTermination, hostedConfig, realm, hostedEntityId, hostedProviderRole, providerAlias, remoteEntityId);
                if (termHandler != null) {
                    termHandler.setHostedDescriptor(hostedProviderDesc);
                    termHandler.setHostedDescriptorConfig(hostedConfig);
                    termHandler.setRealm(realm);
                    termHandler.setHostedEntityId(hostedEntityId);
                    termHandler.setHostedProviderRole(hostedProviderRole);
                    termHandler.setMetaAlias(providerAlias);
                    termHandler.setRemoteEntityId(remoteEntityId);
                    termHandler.setRemoteDescriptor(remoteDesc);
                    termHandler.processTerminationRequest(request, response, reqTermination);
                    return;
                } else {
                    FSUtils.debug.error("Unable to get termination " + "handler. User account Not valid");
                }
            } else {
                FSUtils.debug.error("FSServiceManager instance is null" + " Cannot process termination request");
            }
        } else {
            FSUtils.debug.error("Remote provider not in trusted list");
        }
    } else {
        FSUtils.debug.error("FSTerminationRequestServlet::doRequestProcesing " + "Signature on termination request is invalid" + "Cannot proceed federation termination");
        String[] data = { FSUtils.bundle.getString(IFSConstants.TERMINATION_INVALID_SIGNATURE) };
        LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data);
    }
    FSServiceUtils.returnToSource(response, retURL, commonErrorPage, IFSConstants.TERMINATION_INVALID_FEDERATION, IFSConstants.METADATA_ERROR);
}

Example 19 with FSException

use of com.sun.identity.federation.common.FSException in project OpenAM by OpenRock.

the class FSAttributeStatementHelper method getAutoFedAttributeStatement.

/**
     * Gets a SAML <code>AttributeStatement</code> by using an
     * <code>AutoFederate</code> attribute that is configured in Local Provider.
     * @param realm The realm under which the entity resides.
     * @param entityID Host Provider's entity ID.
     * @param sub Liberty Subject.
     * @param ssoToken session of the user
     * @return Generated Auto Federate Attribute Statement.
     * @exception FSException if an error occurred
     */
public static AttributeStatement getAutoFedAttributeStatement(String realm, String entityID, FSSubject sub, Object ssoToken) throws FSException {
    IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
    BaseConfigType hostConfig = null;
    try {
        if (metaManager != null) {
            hostConfig = metaManager.getIDPDescriptorConfig(realm, entityID);
        }
    } catch (IDFFMetaException fae) {
        FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: IDFFMetaException ", fae);
        throw new FSException(fae);
    }
    String autoFedAttr = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.AUTO_FEDERATION_ATTRIBUTE);
    if (autoFedAttr == null) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAttributeStatementHelper.getAutoFed:" + "AttributeStatement: AutoFederate Attribute is null");
        }
        return null;
    }
    List values = new ArrayList();
    try {
        String userID = SessionManager.getProvider().getPrincipalName(ssoToken);
        DataStoreProvider provider = DataStoreProviderManager.getInstance().getDataStoreProvider(IFSConstants.IDFF);
        Set vals = provider.getAttribute(userID, autoFedAttr);
        Iterator iter = vals.iterator();
        while (iter.hasNext()) {
            values.add(getAttributeValue((String) iter.next()));
        }
    } catch (SessionException se) {
        FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: SessionException ", se);
        throw new FSException(se);
    } catch (DataStoreProviderException ie) {
        FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: DataStoreProviderException ", ie);
        throw new FSException(ie);
    }
    if (values == null || values.size() == 0) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAtributeStatementHelper.getAuto:" + "FedAttributeStatement. No values for autofed attribute");
        }
        return null;
    }
    try {
        Attribute attribute = new Attribute(IFSConstants.AUTO_FED_ATTR, IFSConstants.assertionSAMLNameSpaceURI, values);
        List attributeList = new ArrayList();
        attributeList.add(attribute);
        return new AttributeStatement(sub, attributeList);
    } catch (SAMLException ex) {
        FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: SAMLException ", ex);
        throw new FSException(ex);
    }
}

Example 20 with FSException

use of com.sun.identity.federation.common.FSException in project OpenAM by OpenRock.

the class FSAttributeStatementHelper method getAttributeValue.

/**
     * Gets the SAML Attribute value as a DOM Element.
     */
private static Element getAttributeValue(String value) throws FSException {
    if (value == null) {
        throw new FSException("nullInputParameter", null);
    }
    StringBuffer sb = new StringBuffer(300);
    sb.append("<").append(SAMLConstants.ASSERTION_PREFIX).append("AttributeValue").append(SAMLConstants.assertionDeclareStr).append(">").append(value).append("</").append(SAMLConstants.ASSERTION_PREFIX).append("AttributeValue>");
    try {
        return XMLUtils.toDOMDocument(sb.toString(), FSUtils.debug).getDocumentElement();
    } catch (Exception ex) {
        throw new FSException(ex);
    }
}