Example 1 with FSRedirectException
use of com.sun.identity.federation.common.FSRedirectException in project OpenAM by OpenRock.
the class FSSSOAndFedHandler method processPreAuthnSSO.
/**
* Handles authentication request.
* @param authnRequest <code>FSAuthnRequest</code> object
* @return <code>true</code> if the request is handled successfully;
* <code>false</code> otherwise.
*/
public boolean processPreAuthnSSO(FSAuthnRequest authnRequest) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: Called");
String loginURL = null;
List authenticationContextClassRef = null;
String currentAuthnContextRef = null;
String authType = null;
FSAuthContextResult authnResult = null;
FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
if (authnRequest.getAuthnContext() != null) {
authenticationContextClassRef = authnRequest.getAuthnContext().getAuthnContextClassRefList();
if (authenticationContextClassRef == null) {
String authCtxRefDefault = IFSConstants.DEFAULT_AUTHNCONTEXT_PASSWORD;
authenticationContextClassRef = new ArrayList();
authenticationContextClassRef.add(authCtxRefDefault);
}
authType = authnRequest.getAuthContextCompType();
currentAuthnContextRef = null;
}
boolean authenticated = true;
Object ssoToken = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
if (ssoToken == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "session is null. User is not authenticated.");
}
authenticated = false;
} else if (!sessionProvider.isValid(ssoToken)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "session is not valid. User is not authenticated.");
}
authenticated = false;
} else {
FSSession ssoSession = sessionMgr.getSession(ssoToken);
if (ssoSession != null) {
currentAuthnContextRef = ssoSession.getAuthnContext();
if (currentAuthnContextRef != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User has an existing " + "valid session with authnContext: " + currentAuthnContextRef);
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's authentication" + " context information not found using " + "default authentication context");
}
currentAuthnContextRef = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.process" + "PreAuthnSSO: User's authenticated session " + "information is not present in FSSessionManager. " + "using default authentication context");
}
currentAuthnContextRef = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
}
authenticated = true;
}
if (authenticated) {
// added in case of multiple SPs
try {
sessionProvider.addListener(ssoToken, new FSTokenListener(metaAlias));
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "Couldn't add listener to session:", e);
}
}
}
} catch (SessionException se) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "SSOException Occured: User does not have session " + se.getMessage());
authenticated = false;
}
//Initiate proxying
if (!authenticated) {
try {
boolean isProxy = isIDPProxyEnabled(authnRequest);
if (isProxy && !authnRequest.getFederate()) {
String preferredIDP = getPreferredIDP(authnRequest);
if (preferredIDP != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.process" + "PreAuthnSSO:IDP to be proxied" + preferredIDP);
}
sendProxyAuthnRequest(authnRequest, preferredIDP);
return true;
}
//else continue for the local authentication.
}
} catch (FSRedirectException re) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandle.processPreAuthnSSO:" + "Redirecting for the proxy handling.");
}
return true;
} catch (Exception ex) {
FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO:" + "Exception occured while processing for the proxy.", ex);
return false;
}
}
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "User's authentication status: " + authenticated);
}
FSAuthnDecisionHandler authnDecisionHandler = new FSAuthnDecisionHandler(realm, hostedEntityId, request);
List defAuthnCxtList = new ArrayList();
defAuthnCxtList.add(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT));
if (authnRequest.getIsPassive()) {
if (authnRequest.getForceAuthn()) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("FSSSOAndFedHandler.PreAuthnSSO: " + "IDP is passive can't force authentication.");
}
return false;
} else {
if (authenticated) {
if (authenticationContextClassRef != null) {
authnResult = authnDecisionHandler.decideAuthnContext(authenticationContextClassRef, currentAuthnContextRef, authType);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication context is default");
}
authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList, authType);
}
if (authnResult == null) {
return false;
}
if (authnResult.getLoginURL() != null) {
// When it's not null.,
// we should show the login page
// may be it'asking for higher auth context.
loginURL = authnResult.getLoginURL();
loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
FSUtils.forwardRequest(request, response, loginURL);
return true;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is evaluated to be valid");
}
return processPostAuthnSSO(authnRequest);
}
} else {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("FSSSOAndFedHandler.processPreAuthnSSO: " + "IDP is passive and user is not authenticated");
}
noFedStatus = new Status(new StatusCode("samlp:Responder", new StatusCode("lib:NoPassive", null)), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null);
return false;
}
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: AuthnRequest is active");
}
if (authnRequest.getForceAuthn()) {
if (authenticationContextClassRef != null) {
authnResult = authnDecisionHandler.getURLForAuthnContext(authenticationContextClassRef, authType);
} else {
authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList);
}
if (authnResult == null || authnResult.getLoginURL() == null || authnResult.getLoginURL().length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO:" + "AuthnDecision engine failed to take a " + "authn decision");
}
return false;
} else {
if (ssoToken != null) {
try {
SessionManager.getProvider().invalidateSession(ssoToken, request, response);
} catch (SessionException ssoe) {
FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO:" + "Unable to invalidate the sso session.");
}
ssoToken = null;
}
loginURL = authnResult.getLoginURL();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "AuthnDecision engine returned: " + loginURL);
}
}
loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
FSUtils.forwardRequest(request, response, loginURL);
response.flushBuffer();
return true;
} else {
if (authenticated) {
if (authenticationContextClassRef != null) {
authnResult = authnDecisionHandler.decideAuthnContext(authenticationContextClassRef, currentAuthnContextRef, authType);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is default");
}
authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList, authType);
}
if (authnResult == null) {
return false;
} else if (authnResult.getLoginURL() == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is evaluated to be valid");
}
return processPostAuthnSSO(authnRequest);
} else if (authnResult.getLoginURL().length() == 0) {
return false;
} else {
loginURL = authnResult.getLoginURL();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO" + ": AuthnDecision engine returned: " + loginURL);
}
}
loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
FSUtils.forwardRequest(request, response, loginURL);
return true;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: AuthnRequest is active");
}
//redirect for authentication authnContextRef
if (authenticationContextClassRef != null) {
authnResult = authnDecisionHandler.getURLForAuthnContext(authenticationContextClassRef, authType);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is default");
}
authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList, authType);
}
if (authnResult == null || authnResult.getLoginURL() == null || authnResult.getLoginURL().length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler. processPreAuthnSSO: " + " AuthnDecision engine" + " failed to take a decision");
}
noFedStatus = new Status(new StatusCode("samlp:Responder", new StatusCode("lib:NoAuthnContext", null)), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null);
return false;
} else {
loginURL = authnResult.getLoginURL();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "AuthnDecision engine returned: " + loginURL);
}
}
loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
FSUtils.forwardRequest(request, response, loginURL);
return true;
}
}
}
} catch (Exception e) {
FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO: " + "Exception occured");
return processPostAuthnSSO(authnRequest);
}
}
Also used :
Status(com.sun.identity.saml.protocol.Status)
ArrayList(java.util.ArrayList)
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
FSRedirectException(com.sun.identity.federation.common.FSRedirectException)
StatusCode(com.sun.identity.saml.protocol.StatusCode)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
FSRedirectException(com.sun.identity.federation.common.FSRedirectException)
FSAuthContextResult(com.sun.identity.federation.services.FSAuthContextResult)
FSAuthnDecisionHandler(com.sun.identity.federation.services.FSAuthnDecisionHandler)
List(java.util.List)
ArrayList(java.util.ArrayList)
FSTokenListener(com.sun.identity.federation.services.logout.FSTokenListener)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 2 with FSRedirectException
use of com.sun.identity.federation.common.FSRedirectException in project OpenAM by OpenRock.
the class FSIDPFinderService method doGet.
/**
* Gets <code>IDP</code> from common domain and sends proxy authentication
* request to the <code>IDP</code>.
* @param request <code>HttpServletRequest</code> object
* @param response <code>HttpServletResponse</code> object
* @exception ServletException, IOException if error occurred.
*/
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
if (request == null || response == null) {
FSUtils.debug.error("FSIDPFinderService.doGet:: Null Input");
return;
}
FSUtils.debug.message("FSIDPFinderService.doGet::Init");
String entityID = request.getParameter("ProviderID");
String requestID = request.getParameter("RequestID");
String realm = request.getParameter("Realm");
if (entityID == null || requestID == null || realm == null) {
FSUtils.debug.error("FSIDPFinderService.doGet:: Request is missing" + "either ProviderID or the RequestID");
throw new ServletException("invalidRequest");
}
String idpID = null;
try {
idpID = getCommonDomainIDP(request, response, realm, entityID, requestID);
} catch (FSRedirectException fe) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFinderService.doGet:Redirection" + " has happened");
}
return;
}
String hostMetaAlias = null;
BaseConfigType hostConfig = null;
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
try {
if (metaManager != null) {
hostConfig = metaManager.getIDPDescriptorConfig(realm, entityID);
if (hostConfig != null) {
hostMetaAlias = hostConfig.getMetaAlias();
}
}
} catch (IDFFMetaException ie) {
FSUtils.debug.error("FSIDPFinderService.doGet:: Failure in " + "getting proxying hosted meta:", ie);
return;
}
FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
FSAuthnRequest authnReq = sessionManager.getAuthnRequest(requestID);
// is same as the local provider then do a local login.
if (idpID == null || idpID.equals(entityID)) {
String loginURL = getLoginURL(authnReq, realm, entityID, request);
if (loginURL == null) {
FSUtils.debug.error("FSIDPFinderService.doGet : login url" + " is null");
return;
}
response.setHeader("Location", loginURL);
response.sendRedirect(loginURL);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFinderService.doGet:IDP to be proxied:" + idpID);
}
// Now proxy the authentication request to the preferred IDP.
try {
FSProxyHandler handler = new FSProxyHandler(request, response);
handler.setHostedEntityId(entityID);
IDPDescriptorType hostDesc = null;
SPDescriptorType origSPDesc = null;
if (metaManager != null) {
hostDesc = metaManager.getIDPDescriptor(realm, entityID);
origSPDesc = metaManager.getSPDescriptor(realm, authnReq.getProviderId());
}
handler.setSPDescriptor(origSPDesc);
handler.setHostedDescriptor(hostDesc);
handler.setHostedDescriptorConfig(hostConfig);
handler.setMetaAlias(hostMetaAlias);
handler.setRealm(realm);
handler.sendProxyAuthnRequest(authnReq, idpID);
} catch (IDFFMetaException ie) {
FSUtils.debug.error("FSIDPFinderService.doGet:: Failure in " + "getting proxying hosted meta:", ie);
} catch (FSException fe) {
FSUtils.debug.error("FSIDPFinderService.doGet:: Failure in " + "sending the proxy authentication request.", fe);
}
}
}
Also used :
ServletException(javax.servlet.ServletException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest)
FSException(com.sun.identity.federation.common.FSException)
FSRedirectException(com.sun.identity.federation.common.FSRedirectException)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
Example 3 with FSRedirectException
use of com.sun.identity.federation.common.FSRedirectException in project OpenAM by OpenRock.
the class FSRealmIDPProxyImpl method getPreferredIDP.
/**
* Returns the preferred IDP.
* @param authnRequest original authnrequest
* @param realm The realm under which the entity resides.
* @param hostEntityID ProxyIDP entity ID.
* @param request <code>HttpServletRequest</code> object
* @param response <code>HttpServletResponse</code> object
* @return providerID of the authenticating provider to be proxied.
* @exception FSRedirectException if redirect was done
*/
public String getPreferredIDP(FSAuthnRequest authnRequest, String realm, String hostEntityID, HttpServletRequest request, HttpServletResponse response) throws FSRedirectException {
FSUtils.debug.message("FSIDPProxyImpl.getPreferredIDP:Init");
try {
Map attributes = IDFFMetaUtils.getAttributes(FSUtils.getIDFFMetaManager().getSPDescriptorConfig(realm, authnRequest.getProviderId()));
String useIntroductionForProxying = IDFFMetaUtils.getFirstAttributeValue(attributes, IFSConstants.USE_INTRODUCTION_FOR_IDP_PROXY);
if (useIntroductionForProxying == null || !useIntroductionForProxying.equals("true")) {
List proxyIDPs = (List) attributes.get(IFSConstants.IDP_PROXY_LIST);
if (proxyIDPs == null || proxyIDPs.isEmpty()) {
FSUtils.debug.error("FSIDPProxyImpl.getPrefferedIDP:" + "Preferred IDPs are null.");
return null;
}
return (String) proxyIDPs.iterator().next();
} else {
StringBuffer redirectURL = new StringBuffer(100);
String baseURL = FSServiceUtils.getBaseURL(request);
redirectURL.append(baseURL).append(IFSConstants.IDP_FINDER_URL).append("?").append("RequestID=").append(authnRequest.getRequestID()).append("&").append("Realm=").append(realm).append("&").append("ProviderID=").append(hostEntityID);
FSUtils.forwardRequest(request, response, redirectURL.toString());
throw new FSRedirectException(FSUtils.bundle.getString("Redirection_Happened"));
}
} catch (IDFFMetaException ex) {
FSUtils.debug.error("FSIDPProxyImpl.getPreferredIDP: " + "meta Exception in retrieving the preferred IDP", ex);
return null;
} catch (Exception e) {
FSUtils.debug.error("FSIDPProxyImpl.getPreferredIDP: " + "Exception in retrieving the preferred IDP", e);
return null;
}
}
Also used :
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSRedirectException(com.sun.identity.federation.common.FSRedirectException)
List(java.util.List)
Map(java.util.Map)
FSRedirectException(com.sun.identity.federation.common.FSRedirectException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
Example 4 with FSRedirectException
use of com.sun.identity.federation.common.FSRedirectException in project OpenAM by OpenRock.
the class FSIDPFinderService method getCommonDomainIDP.
/**
* Gets a preferred IDP from the common domain cookie.
* @param request HttpServletRequest
* @param response HttpServletResponse
* @param realm The realm under which the entity resides.
* @param entityID Hosted entity ID.
* @param requestID Original Authentication Request ID.
* @exception FSRedirectException for the redirection.
* IOException for any redirection failure.
*/
private String getCommonDomainIDP(HttpServletRequest request, HttpServletResponse response, String realm, String entityID, String requestID) throws FSRedirectException, IOException {
String idpID = FSUtils.findPreferredIDP(realm, request);
if (idpID != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFinderService.getCommonDomainIDP:" + "Preferred IDP found from the common domain." + idpID);
}
if (requestCotSetMap.containsKey(requestID)) {
requestCotSetMap.remove(requestID);
}
return idpID;
}
Set tmpCotSet = (Set) requestCotSetMap.get(requestID);
if (tmpCotSet == null) {
try {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
List cotList = null;
if (metaManager != null) {
BaseConfigType spConfig = metaManager.getSPDescriptorConfig(realm, entityID);
cotList = IDFFMetaUtils.getAttributeValueFromConfig(spConfig, IFSConstants.COT_LIST);
}
if (cotList != null) {
tmpCotSet = new HashSet();
tmpCotSet.addAll(cotList);
}
} catch (IDFFMetaException ie) {
FSUtils.debug.error("FSIDPFinderService.getCommonDomainIDP:cannot get meta:", ie);
return null;
}
}
if (tmpCotSet == null || tmpCotSet.isEmpty()) {
FSUtils.debug.message("FSIDPFinderService.getCommonDomainIDP::No more Cots.");
if (requestCotSetMap.containsKey(requestID)) {
requestCotSetMap.remove(requestID);
}
return null;
}
Iterator iter = tmpCotSet.iterator();
while (iter.hasNext()) {
String cotName = (String) iter.next();
iter.remove();
requestCotSetMap.put(requestID, tmpCotSet);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFinderService.getCommonDomainIDP: Trying Cot: " + cotName);
}
String readerServiceURL = null;
try {
CircleOfTrustManager cotManager = new CircleOfTrustManager();
CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, cotName);
if (cotDesc != null && (cotDesc.getCircleOfTrustStatus()).equalsIgnoreCase(IFSConstants.ACTIVE)) {
readerServiceURL = cotDesc.getIDFFReaderServiceURL();
}
} catch (COTException fe) {
FSUtils.debug.error("FSIDPFinderService.getCommonDomainIDP:" + "Unable to retrieve reader service url.", fe);
}
if (readerServiceURL != null) {
String baseURL = FSServiceUtils.getBaseURL(request);
StringBuffer returnURL = new StringBuffer(300);
returnURL.append(baseURL).append(IFSConstants.IDP_FINDER_URL).append("?").append("RequestID").append("=").append(URLEncDec.encode(requestID)).append("&").append("Realm=").append(URLEncDec.encode(realm)).append("&").append("ProviderID=").append(URLEncDec.encode(entityID));
StringBuffer redirectURL = new StringBuffer(300);
redirectURL.append(readerServiceURL).append("?").append(IFSConstants.LRURL).append("=").append(URLEncDec.encode(returnURL.toString()));
String url = redirectURL.toString();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFinderService.getCommonDomainIDP:Redirection URL:" + url);
}
response.setHeader("Location", url);
response.sendRedirect(url);
throw new FSRedirectException(FSUtils.bundle.getString("Redirection_Happened"));
}
}
return null;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSRedirectException(com.sun.identity.federation.common.FSRedirectException)
CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor)
COTException(com.sun.identity.cot.COTException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashSet(java.util.HashSet)
Example 5 with FSRedirectException
use of com.sun.identity.federation.common.FSRedirectException in project OpenAM by OpenRock.
the class FSIDPProxyImpl method getPreferredIDP.
/**
* Returns the preferred IDP.
* @param authnRequest original authnrequest
* @param hostEntityID ProxyIDP entity ID.
* @param request <code>HttpServletRequest</code> object
* @param response <code>HttpServletResponse</code> object
* @return providerID of the authenticating provider to be proxied.
* @exception FSRedirectException if redirect was done
*/
public String getPreferredIDP(FSAuthnRequest authnRequest, String hostEntityID, HttpServletRequest request, HttpServletResponse response) throws FSRedirectException {
FSUtils.debug.message("FSIDPProxyImpl.getPreferredIDP:Init");
try {
Map attributes = IDFFMetaUtils.getAttributes(FSUtils.getIDFFMetaManager().getSPDescriptorConfig("/", authnRequest.getProviderId()));
String useIntroductionForProxying = IDFFMetaUtils.getFirstAttributeValue(attributes, IFSConstants.USE_INTRODUCTION_FOR_IDP_PROXY);
if (useIntroductionForProxying == null || !useIntroductionForProxying.equals("true")) {
List proxyIDPs = (List) attributes.get(IFSConstants.IDP_PROXY_LIST);
if (proxyIDPs == null || proxyIDPs.isEmpty()) {
FSUtils.debug.error("FSIDPProxyImpl.getPrefferedIDP:" + "Preferred IDPs are null.");
return null;
}
return (String) proxyIDPs.iterator().next();
} else {
StringBuffer redirectURL = new StringBuffer(100);
String baseURL = FSServiceUtils.getBaseURL(request);
redirectURL.append(baseURL).append(IFSConstants.IDP_FINDER_URL).append("?").append("RequestID=").append(authnRequest.getRequestID()).append("&").append("ProviderID=").append(hostEntityID);
FSUtils.forwardRequest(request, response, redirectURL.toString());
throw new FSRedirectException(FSUtils.bundle.getString("Redirection_Happened"));
}
} catch (IDFFMetaException ex) {
FSUtils.debug.error("FSIDPProxyImpl.getPreferredIDP: " + "meta Exception in retrieving the preferred IDP", ex);
return null;
} catch (Exception e) {
FSUtils.debug.error("FSIDPProxyImpl.getPreferredIDP: " + "Exception in retrieving the preferred IDP", e);
return null;
}
}
Also used :
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSRedirectException(com.sun.identity.federation.common.FSRedirectException)
List(java.util.List)
Map(java.util.Map)
FSRedirectException(com.sun.identity.federation.common.FSRedirectException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
Aggregations
FSRedirectException (com.sun.identity.federation.common.FSRedirectException)5
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)5
List (java.util.List)4
FSException (com.sun.identity.federation.common.FSException)2
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)2
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)2
FSSessionManager (com.sun.identity.federation.services.FSSessionManager)2
ArrayList (java.util.ArrayList)2
Map (java.util.Map)2
COTException (com.sun.identity.cot.COTException)1
CircleOfTrustDescriptor (com.sun.identity.cot.CircleOfTrustDescriptor)1
CircleOfTrustManager (com.sun.identity.cot.CircleOfTrustManager)1
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)1
FSAuthnRequest (com.sun.identity.federation.message.FSAuthnRequest)1
FSAuthContextResult (com.sun.identity.federation.services.FSAuthContextResult)1
FSAuthnDecisionHandler (com.sun.identity.federation.services.FSAuthnDecisionHandler)1
FSSession (com.sun.identity.federation.services.FSSession)1
FSTokenListener (com.sun.identity.federation.services.logout.FSTokenListener)1
IDPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)1
SPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)1
