use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class FSServiceUtils method getCommonLoginPageURL.
/**
* Returns common login page URL based on the deployment descriptor and
* the meta alias associated with the hosted provider.
* @param metaAlias the meta alias of the hosted provider
* @param resourceUrl resource URL to redirect to
* @param requestId the <code>AuthnRequest</code> Id
* @param request <code>HttpServletRequest</code> object
* @param baseURL deployment base URL
* @return the common login page URL; or <code>null</code> if an error
* occurred during the process.
*/
public static String getCommonLoginPageURL(String metaAlias, String resourceUrl, String requestId, HttpServletRequest request, String baseURL) {
if (metaAlias == null || metaAlias.equals("")) {
FSUtils.debug.error("FSServiceUtils.getCommonLoginPageURL: " + "metaAlias is null");
return null;
}
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
BaseConfigType hostConfig = null;
try {
String role = metaManager.getProviderRoleByMetaAlias(metaAlias);
String entityId = metaManager.getEntityIDByMetaAlias(metaAlias);
if (role != null) {
if (role.equalsIgnoreCase(IFSConstants.SP)) {
hostConfig = metaManager.getSPDescriptorConfig(realm, entityId);
} else if (role.equalsIgnoreCase(IFSConstants.IDP)) {
hostConfig = metaManager.getIDPDescriptorConfig(realm, entityId);
}
}
} catch (Exception e) {
FSUtils.debug.error("FSServiceUtils.getCommonLoginPageURL: " + "Could not obtain local config");
return null;
}
if (hostConfig == null) {
FSUtils.debug.error("FSServiceUtils.getCommonLoginPageURL: " + "Could not obtain hosted extended meta.");
return null;
}
String loginPageUrl = getCommonLoginPageURL(request, hostConfig);
StringBuffer commonLoginPageUrl = new StringBuffer(loginPageUrl);
if (loginPageUrl.indexOf('?') == -1) {
commonLoginPageUrl.append("?");
} else {
commonLoginPageUrl.append("&");
}
commonLoginPageUrl.append(IFSConstants.META_ALIAS).append("=").append(metaAlias).append("&");
String postloginUrl = baseURL + IFSConstants.POST_LOGIN_PAGE;
StringBuffer gotoBuffer = new StringBuffer(postloginUrl);
if (postloginUrl.indexOf('?') == -1) {
gotoBuffer.append("?");
} else {
gotoBuffer.append("&");
}
gotoBuffer.append(IFSConstants.META_ALIAS).append("=").append(metaAlias);
if (resourceUrl == null || resourceUrl.length() == 0) {
resourceUrl = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.PROVIDER_HOME_PAGE_URL);
}
if (resourceUrl != null && !resourceUrl.equals("")) {
gotoBuffer.append("&").append(IFSConstants.LRURL).append("=").append(URLEncDec.encode(resourceUrl));
commonLoginPageUrl.append(IFSConstants.LRURL).append("=").append(URLEncDec.encode(resourceUrl)).append("&");
}
commonLoginPageUrl.append(IFSConstants.GOTOKEY).append("=").append(URLEncDec.encode(gotoBuffer.toString()));
String org = FSUtils.getAuthDomainURL(realm);
if (org != null && org.length() != 0) {
commonLoginPageUrl.append("&").append(IFSConstants.ORGKEY).append("=").append(URLEncDec.encode(org));
}
if (requestId != null && !requestId.equals("")) {
commonLoginPageUrl.append("&").append(IFSConstants.AUTH_REQUEST_ID).append("=").append(URLEncDec.encode(requestId));
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSServiceUtils.getCommonLoginPageURL: List LoginPage: " + commonLoginPageUrl.toString());
}
return commonLoginPageUrl.toString();
}
use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class SingleLogoutManager method sendLogoutResponse.
/**
* Sends logout response, this is for the case of HTTP binding
* There are two cases here:
* 1. IDP initiated HTTP Logout, just redirect user browser to original
* relaystate.
* 2. SP initiated HTTP logout, need to send LogoutResponse back to SP.
*/
void sendLogoutResponse(HttpServletRequest request, HttpServletResponse response, String relayState) throws IOException {
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutResponse: relaystate=" + relayState);
}
String logoutResponseXML = (String) sloResponseXMLMap.get(relayState);
if (logoutResponseXML == null) {
// first case, just redirect to original relayState
String origRelayState = (String) relayStateMap.get(relayState);
int logoutStatus = ((Integer) currentStatusMap.get(relayState)).intValue();
String statusString = MultiProtocolUtils.getLogoutStatus(logoutStatus);
if ((origRelayState == null) || (origRelayState.length() == 0)) {
// TODO : get default single logout URL for each protocol
response.getWriter().print("Logout DONE. Status = " + statusString);
} else {
// include logout status
if (origRelayState.indexOf("?") == -1) {
response.sendRedirect(origRelayState + "?" + SingleLogoutManager.STATUS_PARAM + "=" + statusString);
} else {
response.sendRedirect(origRelayState + "&" + SingleLogoutManager.STATUS_PARAM + "=" + statusString);
}
}
} else {
String protocol = (String) origProtocolMap.get(relayState);
String spEntityID = (String) spEntityIDMap.get(relayState);
String origRelayState = (String) relayStateMap.get(relayState);
String realm = (String) realmMap.get(relayState);
String idpEntityID = (String) idpEntityIDMap.get(relayState);
int currentStatus = ((Integer) currentStatusMap.get(relayState)).intValue();
if (protocol.equals(SingleLogoutManager.SAML2)) {
try {
LogoutResponse logResp = ProtocolFactory.getInstance().createLogoutResponse(logoutResponseXML);
String location = logResp.getDestination();
String statusVal = logResp.getStatus().getStatusCode().getValue();
String newVal = getNewStatusCode(currentStatus, statusVal);
if (!statusVal.equals(newVal)) {
logResp.getStatus().getStatusCode().setValue(statusVal);
}
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "(SAML2) location=" + location + " orig status=" + statusVal + ", new status=" + newVal + ", orig relay=" + origRelayState + ", realm=" + realm + ", idpEntityID=" + idpEntityID + ", spEntityID=" + spEntityID);
}
LogoutUtil.sendSLOResponse(response, logResp, location, origRelayState, realm, idpEntityID, SAML2Constants.IDP_ROLE, spEntityID);
} catch (SAML2Exception ex) {
debug.error("SingleLogoutManager.sendLogoutResponse:saml2", ex);
throw new IOException(ex.getMessage());
}
} else if (protocol.equals(SingleLogoutManager.IDFF)) {
boolean failed = false;
String logoutDoneURL = null;
try {
debug.message("SingleLogoutManager.sendLogoutResp: IDFF");
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
ProviderDescriptorType descriptor = metaManager.getSPDescriptor(realm, spEntityID);
String retURL = descriptor.getSingleLogoutServiceReturnURL();
Element elem = XMLUtils.toDOMDocument(logoutResponseXML, SingleLogoutManager.debug).getDocumentElement();
FSLogoutResponse responseLogout = new FSLogoutResponse(elem);
BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, idpEntityID);
logoutDoneURL = FSServiceUtils.getLogoutDonePageURL(request, hostedConfig, null);
Status status = responseLogout.getStatus();
String statusVal = status.getStatusCode().getValue();
String newVal = getNewStatusCode(currentStatus, statusVal);
if (!statusVal.equals(newVal)) {
com.sun.identity.saml.protocol.StatusCode statCode = new com.sun.identity.saml.protocol.StatusCode(newVal);
com.sun.identity.saml.protocol.Status stat = new com.sun.identity.saml.protocol.Status(statCode);
responseLogout.setStatus(stat);
}
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "(IDFF) orig status=" + statusVal + ", new status=" + newVal + ", orig relay=" + origRelayState + ", logout done URL=" + logoutDoneURL + ", realm=" + realm + ", idpEntityID=" + idpEntityID + ", spEntityID=" + spEntityID);
}
String urlEncodedResponse = responseLogout.toURLEncodedQueryString();
// Sign the request querystring
if (FSServiceUtils.isSigningOn()) {
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null || certAlias.length() == 0) {
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "signSAMLRequest couldn't obtain cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
} else {
urlEncodedResponse = FSSignatureUtil.signAndReturnQueryString(urlEncodedResponse, certAlias);
}
}
StringBuffer redirectURL = new StringBuffer();
redirectURL.append(retURL);
if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
redirectURL.append(IFSConstants.QUESTION_MARK);
} else {
redirectURL.append(IFSConstants.AMPERSAND);
}
redirectURL.append(urlEncodedResponse);
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendResponse " + "for IDFF, url = " + redirectURL.toString());
}
response.sendRedirect(redirectURL.toString());
} catch (FSMsgException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
} catch (SAMLException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
;
} catch (IDFFMetaException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
} catch (IOException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
}
if (failed) {
FSServiceUtils.returnLocallyAfterOperation(response, logoutDoneURL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
}
} else if (protocol.equals(SingleLogoutManager.WS_FED)) {
debug.message("SingleLogoutManager.sendLogoutResponse: WSFED");
if (origRelayState != null) {
response.sendRedirect(origRelayState);
} else {
response.getWriter().print("Logout DONE.");
}
} else {
// should never come here
debug.error("SingleLogoutManager.sendLogoutResponse: invalid" + " protocol : " + protocol);
}
}
cleanupParameters(relayState);
return;
}
use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class IDFFSingleLogoutHandler method handleSOAPInitiatedSingleLogout.
private int handleSOAPInitiatedSingleLogout(Set userSession, String userID, HttpServletRequest request, HttpServletResponse response, String realm, String idpMetaAlias, String idpEntityId, String relayState, IDFFMetaManager metaManager) throws Exception {
// TODO : verify this works under LB
Object ssoToken = null;
if ((userSession != null) && !userSession.isEmpty()) {
// TODO : handle multiple SSO token case
ssoToken = (Object) userSession.iterator().next();
} else {
FSSessionManager manager = FSSessionManager.getInstance(idpMetaAlias);
List sessions = manager.getSessionList(userID);
if ((sessions != null) && !sessions.isEmpty()) {
// TODO : handle multiple SSO token case
ssoToken = sessions.iterator().next();
} else {
return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
}
}
// call Single Logout Handler
FSUtils.debug.message("creating FSSingleLogoutHandler");
HashMap providerMap = FSLogoutUtil.getCurrentProvider(userID, idpEntityId, ssoToken);
if (providerMap != null) {
FSSessionPartner currentSessionProvider = (FSSessionPartner) providerMap.get(IFSConstants.PARTNER_SESSION);
String sessionIndex = (String) providerMap.get(IFSConstants.SESSION_INDEX);
if (currentSessionProvider != null) {
ProviderDescriptorType hostedProviderDesc = metaManager.getIDPDescriptor(realm, idpEntityId);
BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, idpEntityId);
FSSingleLogoutHandler handlerObj = new FSSingleLogoutHandler();
handlerObj.setHostedDescriptor(hostedProviderDesc);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setHostedEntityId(idpEntityId);
handlerObj.setHostedProviderRole(IFSConstants.IDP);
handlerObj.setMetaAlias(idpMetaAlias);
handlerObj.setSingleLogoutProtocol(IFSConstants.LOGOUT_IDP_SOAP_PROFILE);
handlerObj.setRelayState(relayState);
handlerObj.setRealm(realm);
FSLogoutStatus logoutStatus = handlerObj.handleSingleLogout(response, request, currentSessionProvider, userID, sessionIndex, false, ssoToken);
if (SingleLogoutManager.debug.messageEnabled()) {
SingleLogoutManager.debug.message("IDFFSLOHandler." + "handleSOAPInitiatedSLO: logout status=" + logoutStatus.toString());
}
if (logoutStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
return SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS;
} else {
return SingleLogoutManager.LOGOUT_FAILED_STATUS;
}
}
}
return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
}
use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class LibertyManager method getTerminationDonePageURL.
/**
* Returns the <code>TerminationDonePageURL</code> from the provider ID
* under a realm.
*
* @param realm The realm under which the entity resides.
* @param providerID Provider's entity ID.
* @param providerRole Provider Role.
* @param request HTTP servlet request.
* @return the <code>TerminationDonePageURL</code> from the provider ID.
*/
public static String getTerminationDonePageURL(String realm, String providerID, String providerRole, HttpServletRequest request) {
BaseConfigType providerConfig = IDFFMetaUtils.getExtendedConfig(realm, providerID, providerRole, metaManager);
String metaAlias = null;
if (providerConfig != null) {
metaAlias = providerConfig.getMetaAlias();
}
return FSServiceUtils.getTerminationDonePageURL(request, providerConfig, metaAlias);
}
use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class LibertyManager method getNewRequest.
/**
* Creates New Request ID from the <code>HttpRequestServlet</code>.
*
* @param request HTTP servlet request.
* @return New Request ID from the <code>HttpRequestServlet</code>.
*/
public static String getNewRequest(HttpServletRequest request) {
String targetURL = request.getParameter(IFSConstants.LRURL);
String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
String entityID = getEntityID(metaAlias);
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
Map headerMap = getHeaderMap(request);
String homePage = null;
if (targetURL == null || targetURL.length() <= 0) {
try {
if (metaManager != null) {
BaseConfigType providerConfig = metaManager.getSPDescriptorConfig(realm, entityID);
homePage = IDFFMetaUtils.getFirstAttributeValue(IDFFMetaUtils.getAttributes(providerConfig), IFSConstants.PROVIDER_HOME_PAGE_URL);
}
} catch (IDFFMetaException ame) {
debug.error("LibertyManager: getNewRequest: Error" + " while getting the HostedProvider from meta mgmt", ame);
}
if (debug.messageEnabled()) {
debug.message("LibertyManager: getNewRequestID." + " no goto in queryString.Assinging targetURL = " + homePage);
}
targetURL = homePage;
}
try {
FSLoginHelper loginHelper = new FSLoginHelper(request);
// get the authlevel key
HttpSession httpSession = request.getSession();
String authLevel = (String) httpSession.getAttribute(IFSConstants.AUTH_LEVEL_KEY);
Map retMap = loginHelper.createAuthnRequest(headerMap, targetURL, authLevel, metaAlias, null, true);
if (retMap != null) {
String reqID = (String) retMap.get(IFSConstants.AUTH_REQUEST_ID);
if (debug.messageEnabled()) {
debug.message("LibertyManager: getNewRequestID: " + "new request created with id " + reqID);
}
return reqID;
} else {
debug.error("LibertyManager: getNewRequestID " + " Could not create new request ");
return null;
}
} catch (FSLoginHelperException exp) {
debug.error("LibertyManager::getNewRequestID" + "In login helper exception ", exp);
return null;
}
}
Aggregations