Example 11 with BaseConfigType
use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class FSIntersiteTransferService method doGet.
/**
* Generates <code>AuthnRequest</code> and sends it to <code>IDP</code>.
* @param request <code>HttpServletRequest</code> object
* @param response <code>HttpServletResponse</code> object
* @exception ServletException,IOException if error occurred
*/
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
FSUtils.debug.message("FSIntersiteTransferService.doGet: Called");
/**
* Check to see if there is a need to set lb cookie.
* This is for the use case that AuthnRequest is not created by the
* preLogin process and lb cookie wasn't set there.
*/
if (FSUtils.needSetLBCookieAndRedirect(request, response, false)) {
return;
}
try {
IDPDescriptorType idpDescriptor = null;
String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
if (metaAlias == null || metaAlias.length() == 0) {
metaAlias = FSServiceUtils.getMetaAlias(request);
}
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
String hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
if ((request == null) || (response == null)) {
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
return;
}
String qs = request.getQueryString();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "QueryString Received from CommonDomain: " + qs);
}
String requestID = findRequestID(request);
if (requestID == null) {
//throw error page
FSUtils.debug.error("FSIntersiteTransferService.doGet: " + FSUtils.bundle.getString("nullInputParameter"));
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
return;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "RequestID found: " + requestID);
}
FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
FSAuthnRequest authnRequest = sessionMgr.getAuthnRequest(requestID);
if (authnRequest == null) {
FSUtils.debug.error("FSIntersiteTransferService.doGet: " + FSUtils.bundle.getString("invalidRequestId"));
String[] data = { FSUtils.bundle.getString("invalidRequestId") };
LogUtil.error(Level.INFO, "INVALID_AUTHN_REQUEST", data);
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("invalidRequestId"));
return;
}
String resourceUrl = authnRequest.getRelayState();
String baseURL = FSServiceUtils.getBaseURL(request);
framedLoginPageURL = FSServiceUtils.getCommonLoginPageURL(metaAlias, resourceUrl, null, request, baseURL);
String idpID = FSUtils.findPreferredIDP(realm, request);
if (idpID == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "No Preffered IDP found in this Common Domain. " + "Try to find PrefferedIDP in other common domains");
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "RequestID :" + requestID);
}
redirectToCommonDomain(request, response, requestID);
return;
} else {
idpDescriptor = metaManager.getIDPDescriptor(realm, idpID);
if (idpDescriptor == null) {
FSUtils.debug.error("FSIntersiteTransferService.doGet: " + FSUtils.bundle.getString("noTrust"));
String[] data = { idpID };
LogUtil.error(Level.INFO, "PROVIDER_NOT_TRUSTED", data);
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("noTrust"));
return;
}
HttpSession session = request.getSession(true);
session.removeAttribute(IFSConstants.SESSION_COTSET_ATTR);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "Preffered IDP found:" + idpID);
}
sessionMgr.setIDPEntityID(requestID, idpID);
// Set the authn request version here
int minorVersion = FSServiceUtils.getMinorVersion(idpDescriptor.getProtocolSupportEnumeration());
authnRequest.setMinorVersion(minorVersion);
authnRequest.getAuthnContext().setMinorVersion(minorVersion);
SPDescriptorType hostDesc = metaManager.getSPDescriptor(realm, hostEntityId);
BaseConfigType hostConfig = metaManager.getSPDescriptorConfig(realm, hostEntityId);
if (IDFFMetaUtils.getBooleanAttributeValueFromConfig(hostConfig, IFSConstants.ENABLE_AFFILIATION)) {
Set affiliations = metaManager.getAffiliateEntity(realm, idpID);
if (affiliations != null && !affiliations.isEmpty()) {
AffiliationDescriptorType affiliateDescriptor = (AffiliationDescriptorType) affiliations.iterator().next();
authnRequest.setAffiliationID(affiliateDescriptor.getAffiliationID());
}
}
if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION && IDFFMetaUtils.getBooleanAttributeValueFromConfig(hostConfig, IFSConstants.ENABLE_IDP_PROXY)) {
FSScoping scoping = new FSScoping();
scoping.setProxyCount(Integer.parseInt(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.IDP_PROXY_COUNT)));
List proxyIDPs = IDFFMetaUtils.getAttributeValueFromConfig(hostConfig, IFSConstants.IDP_PROXY_LIST);
if (proxyIDPs != null && !proxyIDPs.isEmpty()) {
Iterator iter = proxyIDPs.iterator();
ArrayList list = new ArrayList();
while (iter.hasNext()) {
IDPEntry entry = new IDPEntry((String) iter.next(), null, null);
list.add(entry);
}
IDPEntries entries = new IDPEntries(list);
FSIDPList idpList = new FSIDPList(entries, null);
scoping.setIDPList(idpList);
}
authnRequest.setScoping(scoping);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "AuthnRequest:" + authnRequest.toXMLString(true, true));
}
if (authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_BROWSER_ART) || authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_BROWSER_POST)) {
handleBrowserArtifactPOSTIST(request, response, authnRequest, idpDescriptor, hostDesc, hostConfig);
return;
} else if (authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_WML_POST)) {
handleWMLIST(request, response, authnRequest, idpDescriptor);
return;
}
FSUtils.debug.error("FSIntersiteTransferService.doGet: " + "Unknown Protocol Profile");
String[] data = { FSUtils.bundle.getString("invalidAuthnRequest") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_REQUEST, data);
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("invalidAuthnRequest"));
return;
} catch (Exception e) {
FSUtils.debug.error("FSIntersiteTransferService.doGet: ", e);
try {
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("Exception"));
return;
} catch (IOException ioe) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + FSUtils.bundle.getString("sendFailed") + ioe.getMessage());
}
}
}
}
Also used :
Set(java.util.Set)
HttpSession(javax.servlet.http.HttpSession)
FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest)
ArrayList(java.util.ArrayList)
AffiliationDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType)
IOException(java.io.IOException)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
IDPEntries(com.sun.identity.federation.message.common.IDPEntries)
ServletException(javax.servlet.ServletException)
FSSignatureException(com.sun.identity.federation.services.util.FSSignatureException)
COTException(com.sun.identity.cot.COTException)
IOException(java.io.IOException)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSIDPList(com.sun.identity.federation.message.FSIDPList)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
Iterator(java.util.Iterator)
FSScoping(com.sun.identity.federation.message.FSScoping)
ArrayList(java.util.ArrayList)
List(java.util.List)
FSIDPList(com.sun.identity.federation.message.FSIDPList)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
IDPEntry(com.sun.identity.federation.message.common.IDPEntry)
Example 12 with BaseConfigType
use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class FSSSOAndFedService method handleAuthnRequest.
private void handleAuthnRequest(HttpServletRequest request, HttpServletResponse response, FSAuthnRequest authnRequest, String realm, String hostEntityId, boolean bLECP, String authnContext) {
// post authn process
FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: Called");
IDPDescriptorType hostedDesc = null;
BaseConfigType hostedConfig = null;
String metaAlias = null;
try {
hostedDesc = metaManager.getIDPDescriptor(realm, hostEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
if (hostedConfig != null) {
metaAlias = hostedConfig.getMetaAlias();
}
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: " + "Couldn't obtain hosted meta:", e);
}
}
/* Not really useful.
String nameRegisDone =
request.getParameter(IFSConstants.NAMEREGIS_INDICATOR_PARAM);
boolean doNameRegis = false;
String doNameRegisStr =
IDFFMetaUtils.getFirstAttributeValueFromConfig(
hostedConfig, IFSConstants.ENABLE_REGISTRATION_AFTER_SSO);
if (doNameRegisStr != null && doNameRegisStr.equalsIgnoreCase("true")) {
doNameRegis = true;
}
*/
Object ssoToken = null;
String userID = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
if (ssoToken == null) {
FSUtils.debug.error("FSSSOAndFedService.handleAuthnRequest: " + "session token is null.");
return;
} else if (!sessionProvider.isValid(ssoToken)) {
FSUtils.debug.error("FSSSOAndFedService.handleAuthnRequest: " + "session token is not valid.");
return;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: " + "session token is valid.");
}
}
FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
FSSession session = sessionManager.getSession(ssoToken);
userID = sessionProvider.getPrincipalName(ssoToken);
if (session == null) {
session = new FSSession(sessionProvider.getSessionID(ssoToken));
session.setAuthnContext(authnContext);
sessionManager.addSession(userID, session);
} else {
session.setAuthnContext(authnContext);
}
} catch (SessionException se) {
FSUtils.debug.error("FSSSOAndFedService.handleAuthnRequest: ", se);
return;
}
try {
if (userID == null) {
LogUtil.error(Level.INFO, LogUtil.USER_NOT_FOUND, null, ssoToken);
return;
}
String remoteEntityID = authnRequest.getProviderId();
FSAccountManager acctMng = FSAccountManager.getInstance(metaAlias);
acctMng.readAccountFedInfo(userID, remoteEntityID);
/* Not useful at all. Commented out for now.
if (doNameRegis &&
(nameRegisDone == null ||
!nameRegisDone.equals(IFSConstants.TRUE)) &&
!authnRequest.getFederate())
{
// have to do nameregis now
Map queryMap = new HashMap();
queryMap.put(IFSConstants.AUTH_REQUEST_ID,
authnRequest.getRequestID());
queryMap.put(IFSConstants.PROVIDER_ID_KEY,hostEntityId);
queryMap.put(IFSConstants.AUTHN_CONTEXT,authnContext);
FSServiceManager instSManager = FSServiceManager.getInstance();
if (instSManager != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message(
"FSSSOAndFedService.handleAuthnRequest:" +
"FSServiceManager Instance not null");
}
try {
FSNameRegistrationHandler handlerObj =
instSManager.getNameRegistrationHandler(
realm, remoteEntityID, IFSConstants.SP);
SPDescriptorType remoteProviderDesc =
metaManager.getSPDescriptor(realm,remoteEntityID);
if (handlerObj != null) {
handlerObj.setHostedDescriptor(hostedDesc);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setMetaAlias(metaAlias);
handlerObj.setHostedEntityId(hostEntityId);
handlerObj.handleNameRegistration(
request,
response,
ssoToken,
(HashMap)queryMap);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message(
"FSSSOAndFedService.handleAuthnRequest:" +
"Control returned from name registration");
}
if (!FSServiceUtils.isRegisProfileSOAP(userID,
remoteEntityID,
remoteProviderDesc,
metaAlias,
hostedDesc))
{
return;
}
}
} catch (Exception ex){
FSUtils.debug.error(
"FSSSOAndFedService.handleAuthnRequest:Error in " +
"invoking Name registration. returning.", ex);
return;
}
}
}
*/
} catch (FSAccountMgmtException exp) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedService:: handleAuthnRequest()" + " No account information avialable for user. " + "So no invocation " + " of name registration. ", exp);
}
}
handleAuthnRequest(request, response, authnRequest, true, bLECP, realm, hostEntityId, metaAlias, hostedDesc, hostedConfig);
}
Also used :
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
FSAccountManager(com.sun.identity.federation.accountmgmt.FSAccountManager)
ServletException(javax.servlet.ServletException)
SOAPException(javax.xml.soap.SOAPException)
SessionException(com.sun.identity.plugin.session.SessionException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 13 with BaseConfigType
use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class FSSSOAndFedService method doGet.
/**
* Processes single sign on request.
* @param request <code>HttpServletRequest</code> object
* @param response <code>HttpServletResponse</code> object
* @exception ServletException, IOException if an error occurred
*/
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
FSUtils.debug.message("FSSSOAndFedService.doGet: Called");
if ((request == null) || (response == null)) {
FSUtils.debug.error("FSSSOAndFedService: " + FSUtils.bundle.getString("nullInputParameter"));
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
return;
}
if (FSUtils.needSetLBCookieAndRedirect(request, response, true)) {
return;
}
// check for post authn
boolean bPostAuthn = false;
boolean bLECP = false;
String authnIndicator = request.getParameter(IFSConstants.AUTHN_INDICATOR_PARAM);
if (authnIndicator == null) {
FSUtils.debug.message("FSSSOAndFedService.doGet:Pre Authentication SSO");
bPostAuthn = false;
} else {
FSUtils.debug.message("FSSSOAndFedService.doGet:Post Authentication SSO");
bPostAuthn = true;
String lecpIndicator = request.getParameter(IFSConstants.LECP_INDICATOR_PARAM);
if (lecpIndicator == null) {
FSUtils.debug.message("FSSSOAndFedService.doGet:non LECP request");
bLECP = false;
} else {
FSUtils.debug.message("FSSSOAndFedService.doGet:post Authn LECP request");
bLECP = true;
}
//Start Change
String requestId = request.getParameter(IFSConstants.AUTH_REQUEST_ID);
String hostEntityId = request.getParameter(IFSConstants.PROVIDER_ID_KEY);
String authnContext = request.getParameter(IFSConstants.AUTHN_CONTEXT);
String realm = request.getParameter(IFSConstants.REALM);
String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
FSSessionManager sessionService = FSSessionManager.getInstance(metaAlias);
FSAuthnRequest authnRequest = sessionService.getAuthnRequest(requestId);
if (authnRequest == null) {
FSUtils.debug.message("FSSSOAndFedService.doGet: authnRequest is null");
}
if ((authnContext == null) || (authnContext.length() == 0)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedService.doGet: authnContext is null. " + "Using default password");
}
authnContext = IFSConstants.DEFAULT_AUTHNCONTEXT_PASSWORD;
}
//End Change
if (authnRequest != null && realm != null && realm.length() != 0 && hostEntityId != null && hostEntityId.length() != 0 && authnContext != null && authnContext.length() != 0) {
handleAuthnRequest(request, response, authnRequest, realm, hostEntityId, bLECP, authnContext);
return;
} else {
FSUtils.debug.error("FSSSOAndFedService.doGet: " + "AuthnRequest not found in FSSessionManager");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInput"));
return;
}
}
// obtain AuthnRequest message
//decode and create FSAuthnRequest object
FSAuthnRequest authnRequest = null;
try {
authnRequest = FSAuthnRequest.parseURLEncodedRequest(request);
if (authnRequest == null) {
FSUtils.debug.error("FSSSOAndFedService: " + FSUtils.bundle.getString("invalidAuthnRequest"));
String[] data = { FSUtils.bundle.getString("invalidAuthnRequest") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_REQUEST, data);
response.sendError(response.SC_BAD_REQUEST, FSUtils.bundle.getString("invalidAuthnRequest"));
return;
}
} catch (FSException e) {
FSUtils.debug.error("FSSSOAndFedService: " + FSUtils.bundle.getString("invalidAuthnRequest") + ", queryString=" + request.getQueryString(), e);
String[] data = { FSUtils.bundle.getString("invalidAuthnRequest") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_REQUEST, data);
response.sendError(response.SC_BAD_REQUEST, FSUtils.bundle.getString("invalidAuthnRequest"));
return;
}
String metaAlias = null;
String realm = null;
String hostEntityId = null;
IDPDescriptorType hostedDesc = null;
BaseConfigType hostedConfig = null;
try {
metaAlias = FSServiceUtils.getMetaAlias(request);
realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
hostedDesc = metaManager.getIDPDescriptor(realm, hostEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedService: couldn't obtain hosted entity id:", e);
}
}
handleAuthnRequest(request, response, authnRequest, bPostAuthn, bLECP, realm, hostEntityId, metaAlias, hostedDesc, hostedConfig);
return;
}
Also used :
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest)
FSException(com.sun.identity.federation.common.FSException)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
ServletException(javax.servlet.ServletException)
SOAPException(javax.xml.soap.SOAPException)
SessionException(com.sun.identity.plugin.session.SessionException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
Example 14 with BaseConfigType
use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class FSSOAPReceiver method onMessage.
/**
* Process the request.
* @param request http request object
* @param response http response object
* @param message received soap message
*/
public void onMessage(HttpServletRequest request, HttpServletResponse response, SOAPMessage message) {
FSUtils.debug.message("FSSOAPReceiver.onMessage: Called");
try {
Element elt = soapService.parseSOAPMessage(message);
if (elt == null) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing saml:Request. Invalid SOAPMessage");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
String eltTagName = (elt.getTagName().trim());
String ns = elt.getNamespaceURI().trim();
String nodeName = elt.getLocalName().trim();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver.onMessage: " + "tagName: " + eltTagName + " namespaceUri: " + ns + " localName: " + nodeName);
}
//check for saml:Request
if (nodeName.equalsIgnoreCase("Request") && ns.equalsIgnoreCase(IFSConstants.PROTOCOL_NAMESPACE_URI)) {
SOAPMessage retMessage = null;
try {
FSSAMLRequest samlRequest = new FSSAMLRequest(elt);
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager == null) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "could not create meta instance");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
String metaAlias = FSServiceUtils.getMetaAlias(request);
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
String hostedEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
IDPDescriptorType hostedDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
FSServiceManager sm = FSServiceManager.getInstance();
FSSSOBrowserArtifactProfileHandler handler = (FSSSOBrowserArtifactProfileHandler) sm.getBrowserArtifactSSOAndFedHandler(request, response, samlRequest);
handler.setSOAPMessage(message);
handler.setSAMLRequestElement(elt);
handler.setHostedEntityId(hostedEntityId);
handler.setHostedDescriptor(hostedDesc);
handler.setHostedDescriptorConfig(hostedConfig);
handler.setMetaAlias(metaAlias);
handler.setRealm(realm);
FSResponse samlResponse = handler.processSAMLRequest(samlRequest);
if (samlResponse != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver.onMessage: " + "SAML Response created: " + samlResponse.toXMLString());
}
} else {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "SAML Response is null");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
// introduce id attribute for Assertion bind in
// SOAPEnvelope and sign
retMessage = soapService.bind(((FSResponse) samlResponse).toXMLString(true, true));
if (FSServiceUtils.isSigningOn()) {
List assList = samlResponse.getAssertion();
Iterator iter = assList.iterator();
while (iter.hasNext()) {
FSAssertion assertion = (FSAssertion) iter.next();
String id = assertion.getID();
Document doc = (Document) FSServiceUtils.createSOAPDOM(retMessage);
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("SOAPReceiver.onMessage: couldn't " + "obtain this site's cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString("cannotFindCertAlias"));
}
XMLSignatureManager manager = XMLSignatureManager.getInstance();
int minorVersion = assertion.getMinorVersion();
if (minorVersion == IFSConstants.FF_11_ASSERTION_MINOR_VERSION) {
manager.signXML(doc, certAlias, SystemConfigurationUtil.getProperty(SAMLConstants.XMLSIG_ALGORITHM), IFSConstants.ID, id, false);
} else if (minorVersion == IFSConstants.FF_12_POST_ASSERTION_MINOR_VERSION || minorVersion == IFSConstants.FF_12_ART_ASSERTION_MINOR_VERSION) {
manager.signXML(doc, certAlias, SystemConfigurationUtil.getProperty(SAMLConstants.XMLSIG_ALGORITHM), IFSConstants.ASSERTION_ID, assertion.getAssertionID(), false);
} else {
FSUtils.debug.error("invalid minor version.");
}
retMessage = FSServiceUtils.convertDOMToSOAP(doc);
}
}
if (retMessage == null) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing saml:Request");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
} catch (SAMLException se) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing saml:Request:", se);
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
} catch (IDFFMetaException me) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing saml:Request:", me);
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
returnSOAPMessage(retMessage, response);
return;
}
if (nodeName.equalsIgnoreCase("AuthnRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
SOAPMessage retMessage = null;
try {
FSAuthnRequest authnRequest = new FSAuthnRequest(elt);
handleLECPRequest(request, response, authnRequest);
retMessage = null;
} catch (FSException e) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing lecp AuthnRequest:", e);
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
returnSOAPMessage(retMessage, response);
return;
} else if (nodeName.equalsIgnoreCase("RegisterNameIdentifierRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
SOAPMessage retMessage = null;
boolean isError = false;
String providerAlias = null;
ProviderDescriptorType hostedProviderDesc = null;
BaseConfigType hostedConfig = null;
String realm = null;
String hostedEntityId = null;
String hostedRole = null;
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver.onMessage: " + "Handling NameRegistrationRequest");
}
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager == null) {
FSUtils.debug.message("Unable to get meta manager");
isError = true;
} else {
providerAlias = FSServiceUtils.getMetaAlias(request);
if (providerAlias == null || providerAlias.length() < 1) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to retrieve alias" + "Hosted Provider. Cannot process request");
}
isError = true;
}
realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
try {
hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedRole != null && hostedRole.equals(IFSConstants.IDP)) {
hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
} else if (hostedRole != null && hostedRole.equals(IFSConstants.SP)) {
hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
}
if (hostedProviderDesc == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException eam) {
FSUtils.debug.error("Unable to find Hosted Provider. " + "Cannot process request");
isError = true;
}
}
if (isError || hostedProviderDesc == null) {
returnSOAPMessage(retMessage, response);
return;
} else {
FSNameRegistrationResponse regisResponse = handleRegistrationRequest(elt, message, hostedProviderDesc, hostedConfig, hostedRole, realm, hostedEntityId, providerAlias, request, response);
if (regisResponse == null) {
FSUtils.debug.error("Error in creating NameRegistration Response");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
retMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver.onMessage: " + "Completed creating response");
}
retMessage = soapService.bind(regisResponse.toXMLString(true, true));
FSUtils.debug.message("Completed bind message");
if (retMessage == null) {
FSUtils.debug.error("Error in processing NameRegistration " + "Response");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
retMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
} else {
if (FSServiceUtils.isSigningOn()) {
try {
int minorVersion = regisResponse.getMinorVersion();
if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
retMessage = signResponse(retMessage, IFSConstants.ID, regisResponse.getID(), hostedConfig);
} else if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
retMessage = signResponse(retMessage, IFSConstants.RESPONSE_ID, regisResponse.getResponseID(), hostedConfig);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("invalid minor version.");
}
}
} catch (SAMLException e) {
FSUtils.debug.error("FSNameRegistrationHandler:" + "sign soap Response failed", e);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
} catch (FSMsgException e) {
FSUtils.debug.error("FSNameRegistrationHandler::" + "signRegistrationResponse failed", e);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
}
}
}
}
if (FSUtils.debug.messageEnabled()) {
ByteArrayOutputStream bop = null;
String xmlString = null;
bop = new ByteArrayOutputStream();
retMessage.writeTo(bop);
xmlString = bop.toString(IFSConstants.DEFAULT_ENCODING);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("return SOAP message:" + xmlString);
}
}
returnSOAPMessage(retMessage, response);
return;
} catch (Exception se) {
FSUtils.debug.error("Error in processing Name Registration request" + se.getMessage());
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
retMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
returnSOAPMessage(retMessage, response);
}
} else if (nodeName.equalsIgnoreCase("NameIdentifierMappingRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
FSUtils.debug.message("FSSOAPReceiver:handling Name Identifier Mapping Request");
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
String metaAlias = FSServiceUtils.getMetaAlias(request);
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
String hostedEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
ProviderDescriptorType hostedDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
FSNameIdentifierMappingRequest mappingRequest = new FSNameIdentifierMappingRequest(elt);
if (FSServiceUtils.isSigningOn()) {
String remoteEntityId = mappingRequest.getProviderID();
ProviderDescriptorType remoteDesc = getRemoteProviderDescriptor(// it has to be idp
IFSConstants.IDP, remoteEntityId, realm);
if (remoteDesc == null) {
return;
}
if (verifyRequestSignature(elt, message, KeyUtil.getVerificationCert(remoteDesc, remoteEntityId, true))) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver: Success in verifying " + "Name Identifier Mapping Request");
}
} else {
FSUtils.debug.error("Failed verifying Name Identifier Mapping Request");
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
}
String targetNamespace = mappingRequest.getTargetNamespace();
String inResponseTo = mappingRequest.getRequestID();
Status status = new Status(new StatusCode("samlp:Success"));
FSNameMappingHandler idpHandler = new FSNameMappingHandler(hostedEntityId, hostedDesc, hostedConfig, metaAlias);
NameIdentifier nameIdentifier = idpHandler.getNameIdentifier(mappingRequest, targetNamespace, false);
String enableEncryption = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.ENABLE_NAMEID_ENCRYPTION);
if (enableEncryption != null && enableEncryption.equalsIgnoreCase("true")) {
nameIdentifier = EncryptedNameIdentifier.getEncryptedNameIdentifier(nameIdentifier, realm, targetNamespace);
}
FSNameIdentifierMappingResponse mappingResponse = new FSNameIdentifierMappingResponse(hostedEntityId, inResponseTo, status, nameIdentifier);
if (FSServiceUtils.isSigningOn()) {
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
mappingResponse.signXML(certAlias);
}
SOAPMessage retMessage = soapService.bind(mappingResponse.toXMLString(true, true));
returnSOAPMessage(retMessage, response);
return;
} else if (nodeName.equalsIgnoreCase("FederationTerminationNotification") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
try {
FSUtils.debug.message("calling FSSOAPReceiver::handleTerminationRequest");
boolean bHandleStatus = handleTerminationRequest(elt, message, request, response);
if (bHandleStatus) {
FSUtils.debug.message("Completed processing terminationRequest");
returnTerminationStatus(response);
return;
} else {
FSUtils.debug.message("Failed processing terminationRequest");
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
} catch (Exception se) {
FSUtils.debug.error("Error in processing Federation Termination Request", se);
String[] data = { IFSConstants.TERMINATION_REQUEST_PROCESSING_FAILED };
LogUtil.error(Level.INFO, LogUtil.TERMINATION_REQUEST_PROCESSING_FAILED, data);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
} else if (nodeName.equalsIgnoreCase("LogoutRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
try {
FSUtils.debug.message("calling FSSOAPReceiver::handleLogoutRequest");
ProviderDescriptorType hostedProviderDesc = null;
BaseConfigType hostedConfig = null;
String providerAlias = null;
String realm = null;
String hostedEntityId = null;
String hostedRole = null;
try {
providerAlias = FSServiceUtils.getMetaAlias(request);
realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedRole != null) {
if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
} else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
}
}
} catch (Exception e) {
FSUtils.debug.error("FSSOAPReceiver, provider", e);
}
FSLogoutNotification logoutRequest = new FSLogoutNotification(elt);
Map map = handleLogoutRequest(elt, logoutRequest, message, request, response, hostedProviderDesc, hostedConfig, providerAlias, realm, hostedEntityId, hostedRole);
String responseID = SAMLUtils.generateID();
String inResponseTo = logoutRequest.getRequestID();
String relayState = logoutRequest.getRelayState();
FSLogoutResponse resp = null;
boolean statusSuccess = false;
SOAPMessage retSoapMessage = null;
if (map == null) {
StatusCode statusCode = new StatusCode(IFSConstants.SAML_RESPONDER);
Status status = new Status(statusCode);
resp = new FSLogoutResponse(responseID, inResponseTo, status, hostedEntityId, relayState);
} else {
retSoapMessage = (SOAPMessage) map.get(MESSAGE);
SOAPPart sp = retSoapMessage.getSOAPPart();
SOAPEnvelope se = sp.getEnvelope();
SOAPBody sb = se.getBody();
if (sb.hasFault()) {
StatusCode secondLevelstatusCode = new StatusCode(IFSConstants.SAML_UNSUPPORTED);
StatusCode statusCode = new StatusCode(IFSConstants.SAML_RESPONDER, secondLevelstatusCode);
Status status = new Status(statusCode);
resp = new FSLogoutResponse(responseID, inResponseTo, status, hostedEntityId, relayState);
} else {
StatusCode statusCode = new StatusCode(IFSConstants.SAML_SUCCESS);
Status status = new Status(statusCode);
resp = new FSLogoutResponse(responseID, inResponseTo, status, hostedEntityId, relayState);
statusSuccess = true;
}
}
resp.setID(IFSConstants.LOGOUTID);
resp.setMinorVersion(logoutRequest.getMinorVersion());
retSoapMessage = soapService.bind(resp.toXMLString(true, true));
// Call SP Adapter postSingleLogoutSuccess for IDP/SOAP
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP) && statusSuccess) {
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver, " + "call postSingleLogoutSuccess, IDP/SOAP");
}
try {
spAdapter.postSingleLogoutSuccess(hostedEntityId, request, response, (String) map.get(USERID), logoutRequest, resp, IFSConstants.LOGOUT_IDP_SOAP_PROFILE);
} catch (Exception e) {
// ignore adapter exception
FSUtils.debug.error("postSingleLogoutSuccess." + "IDP/SOAP", e);
}
}
}
if (FSServiceUtils.isSigningOn()) {
try {
int minorVersion = resp.getMinorVersion();
if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
retSoapMessage = signResponse(retSoapMessage, IFSConstants.ID, resp.getID(), hostedConfig);
} else if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
retSoapMessage = signResponse(retSoapMessage, IFSConstants.RESPONSE_ID, resp.getResponseID(), hostedConfig);
} else {
FSUtils.debug.error("invalid minor version.");
}
} catch (SAMLException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LogoutResponse failed", e);
}
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
} catch (FSMsgException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LogoutResponse failed", e);
}
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Logout exception:", e);
}
}
}
returnSOAPMessage(retSoapMessage, response);
return;
} catch (Exception se) {
FSUtils.debug.error("Error in processing logout Request", se);
String[] data = { FSUtils.bundle.getString(IFSConstants.LOGOUT_REQUEST_PROCESSING_FAILED) };
LogUtil.error(Level.INFO, LogUtil.LOGOUT_REQUEST_PROCESSING_FAILED, data);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
}
//check for other Liberty msgs should go here
} catch (Exception e) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing Request: Exception occured: ", e);
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
java.io.ByteArrayOutputStream strm = new java.io.ByteArrayOutputStream();
e.printStackTrace(new java.io.PrintStream(strm));
FSUtils.debug.error(strm.toString());
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
Also used :
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
EncryptedNameIdentifier(com.sun.identity.federation.message.common.EncryptedNameIdentifier)
Element(org.w3c.dom.Element)
FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest)
FSLogoutNotification(com.sun.identity.federation.message.FSLogoutNotification)
SOAPEnvelope(javax.xml.soap.SOAPEnvelope)
Document(org.w3c.dom.Document)
SOAPMessage(javax.xml.soap.SOAPMessage)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSAssertion(com.sun.identity.federation.message.FSAssertion)
Iterator(java.util.Iterator)
FSException(com.sun.identity.federation.common.FSException)
SOAPPart(javax.xml.soap.SOAPPart)
List(java.util.List)
FSSAMLRequest(com.sun.identity.federation.message.FSSAMLRequest)
FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)
FSLogoutStatus(com.sun.identity.federation.services.logout.FSLogoutStatus)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
FSNameIdentifierMappingResponse(com.sun.identity.federation.message.FSNameIdentifierMappingResponse)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
SOAPException(javax.xml.soap.SOAPException)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSException(com.sun.identity.federation.common.FSException)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
SOAPBody(javax.xml.soap.SOAPBody)
FSSSOBrowserArtifactProfileHandler(com.sun.identity.federation.services.fednsso.FSSSOBrowserArtifactProfileHandler)
FSNameMappingHandler(com.sun.identity.federation.services.namemapping.FSNameMappingHandler)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
FSResponse(com.sun.identity.federation.message.FSResponse)
FSNameRegistrationResponse(com.sun.identity.federation.message.FSNameRegistrationResponse)
FSNameIdentifierMappingRequest(com.sun.identity.federation.message.FSNameIdentifierMappingRequest)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 15 with BaseConfigType
use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class FSSOAPReceiver method handleTerminationRequest.
private boolean handleTerminationRequest(Element elt, SOAPMessage terminationMsg, HttpServletRequest request, HttpServletResponse response) {
try {
String providerAlias = FSServiceUtils.getMetaAlias(request);
if (providerAlias == null || providerAlias.length() < 1) {
FSUtils.debug.error("Unable to retrieve alias, Hosted Provider." + "Cannot process the termination request");
return false;
}
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager == null) {
FSUtils.debug.error("Unable to get meta manager");
return false;
}
String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
FSFederationTerminationNotification terminationRequest = new FSFederationTerminationNotification(elt);
ProviderDescriptorType hostedProviderDesc = null;
String remoteEntityId = terminationRequest.getProviderId();
ProviderDescriptorType remoteDesc = null;
String hostedRole = null;
String hostedEntityId = null;
BaseConfigType hostedConfig = null;
try {
hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedRole == null) {
return false;
} else if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
} else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
}
if (hostedProviderDesc == null) {
return false;
}
if (remoteDesc == null) {
return false;
}
} catch (IDFFMetaException eam) {
FSUtils.debug.error("Unable to find Hosted Provider. Cannot process request:", eam);
return false;
}
X509Certificate cert = KeyUtil.getVerificationCert(remoteDesc, remoteEntityId, true);
if (!FSServiceUtils.isSigningOn() || verifyRequestSignature(elt, terminationMsg, cert)) {
FSUtils.debug.message("Termination Signature successfully verified");
if (metaManager.isTrustedProvider(realm, hostedEntityId, remoteEntityId)) {
FSServiceManager instService = FSServiceManager.getInstance();
if (instService != null) {
FSFedTerminationHandler terminationHandler = instService.getFedTerminationHandler(terminationRequest, hostedConfig, realm, hostedEntityId, hostedRole, providerAlias, remoteEntityId);
if (terminationHandler != null) {
terminationHandler.setHostedDescriptor(hostedProviderDesc);
terminationHandler.setHostedDescriptorConfig(hostedConfig);
terminationHandler.setRealm(realm);
terminationHandler.setHostedEntityId(hostedEntityId);
terminationHandler.setMetaAlias(providerAlias);
terminationHandler.setHostedProviderRole(hostedRole);
terminationHandler.setRemoteEntityId(remoteEntityId);
terminationHandler.setRemoteDescriptor(remoteDesc);
boolean bProcessStatus = terminationHandler.processSOAPTerminationRequest(request, response, terminationRequest);
return bProcessStatus;
} else {
FSUtils.debug.error("Unable to get Termination Handler");
return false;
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSServiceManager instance is null. " + "Cannot process termination request");
}
return false;
}
}
FSUtils.debug.message("Remote provider not in trusted list");
return false;
} else {
FSUtils.debug.message("Termination Signature failed verification");
return false;
}
} catch (Exception se) {
FSUtils.debug.error("FSSOAPService::handleTerminationRequest failed ", se);
return false;
}
}
Also used :
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
FSFederationTerminationNotification(com.sun.identity.federation.message.FSFederationTerminationNotification)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
X509Certificate(java.security.cert.X509Certificate)
FSFedTerminationHandler(com.sun.identity.federation.services.termination.FSFedTerminationHandler)
SOAPException(javax.xml.soap.SOAPException)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSException(com.sun.identity.federation.common.FSException)
Aggregations
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)54
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)33
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)18
List (java.util.List)18
FSException (com.sun.identity.federation.common.FSException)17
SessionException (com.sun.identity.plugin.session.SessionException)14
IOException (java.io.IOException)14
ArrayList (java.util.ArrayList)14
Iterator (java.util.Iterator)14
IDPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)13
SAMLException (com.sun.identity.saml.common.SAMLException)13
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)12
ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)12
FSSessionManager (com.sun.identity.federation.services.FSSessionManager)10
HashMap (java.util.HashMap)10
Map (java.util.Map)10
ServletException (javax.servlet.ServletException)10
FSAuthnRequest (com.sun.identity.federation.message.FSAuthnRequest)9
Set (java.util.Set)9
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)8
