Example 16 with BaseConfigType
use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class FSIDPFinderService method getCommonDomainIDP.
/**
* Gets a preferred IDP from the common domain cookie.
* @param request HttpServletRequest
* @param response HttpServletResponse
* @param realm The realm under which the entity resides.
* @param entityID Hosted entity ID.
* @param requestID Original Authentication Request ID.
* @exception FSRedirectException for the redirection.
* IOException for any redirection failure.
*/
private String getCommonDomainIDP(HttpServletRequest request, HttpServletResponse response, String realm, String entityID, String requestID) throws FSRedirectException, IOException {
String idpID = FSUtils.findPreferredIDP(realm, request);
if (idpID != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFinderService.getCommonDomainIDP:" + "Preferred IDP found from the common domain." + idpID);
}
if (requestCotSetMap.containsKey(requestID)) {
requestCotSetMap.remove(requestID);
}
return idpID;
}
Set tmpCotSet = (Set) requestCotSetMap.get(requestID);
if (tmpCotSet == null) {
try {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
List cotList = null;
if (metaManager != null) {
BaseConfigType spConfig = metaManager.getSPDescriptorConfig(realm, entityID);
cotList = IDFFMetaUtils.getAttributeValueFromConfig(spConfig, IFSConstants.COT_LIST);
}
if (cotList != null) {
tmpCotSet = new HashSet();
tmpCotSet.addAll(cotList);
}
} catch (IDFFMetaException ie) {
FSUtils.debug.error("FSIDPFinderService.getCommonDomainIDP:cannot get meta:", ie);
return null;
}
}
if (tmpCotSet == null || tmpCotSet.isEmpty()) {
FSUtils.debug.message("FSIDPFinderService.getCommonDomainIDP::No more Cots.");
if (requestCotSetMap.containsKey(requestID)) {
requestCotSetMap.remove(requestID);
}
return null;
}
Iterator iter = tmpCotSet.iterator();
while (iter.hasNext()) {
String cotName = (String) iter.next();
iter.remove();
requestCotSetMap.put(requestID, tmpCotSet);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFinderService.getCommonDomainIDP: Trying Cot: " + cotName);
}
String readerServiceURL = null;
try {
CircleOfTrustManager cotManager = new CircleOfTrustManager();
CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, cotName);
if (cotDesc != null && (cotDesc.getCircleOfTrustStatus()).equalsIgnoreCase(IFSConstants.ACTIVE)) {
readerServiceURL = cotDesc.getIDFFReaderServiceURL();
}
} catch (COTException fe) {
FSUtils.debug.error("FSIDPFinderService.getCommonDomainIDP:" + "Unable to retrieve reader service url.", fe);
}
if (readerServiceURL != null) {
String baseURL = FSServiceUtils.getBaseURL(request);
StringBuffer returnURL = new StringBuffer(300);
returnURL.append(baseURL).append(IFSConstants.IDP_FINDER_URL).append("?").append("RequestID").append("=").append(URLEncDec.encode(requestID)).append("&").append("Realm=").append(URLEncDec.encode(realm)).append("&").append("ProviderID=").append(URLEncDec.encode(entityID));
StringBuffer redirectURL = new StringBuffer(300);
redirectURL.append(readerServiceURL).append("?").append(IFSConstants.LRURL).append("=").append(URLEncDec.encode(returnURL.toString()));
String url = redirectURL.toString();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFinderService.getCommonDomainIDP:Redirection URL:" + url);
}
response.setHeader("Location", url);
response.sendRedirect(url);
throw new FSRedirectException(FSUtils.bundle.getString("Redirection_Happened"));
}
}
return null;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSRedirectException(com.sun.identity.federation.common.FSRedirectException)
CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor)
COTException(com.sun.identity.cot.COTException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashSet(java.util.HashSet)
Example 17 with BaseConfigType
use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class FSServiceManager method getSSOAndFedHandler.
/**
* Returns handler at <code>IDP</code> side that handles single sign on and
* federation requests.
* @param request http request object
* @param response http response object
* @param authnRequest authentication request sent by service provider
* @param realm The realm under which the entity resides.
* @return <code>FSSSOAndFedHandler</code> object
*/
public FSSSOAndFedHandler getSSOAndFedHandler(HttpServletRequest request, HttpServletResponse response, FSAuthnRequest authnRequest, String realm) {
FSUtils.debug.message("FSServiceManager.getSSOAndFedHandler: Called ");
if ((request == null) || (response == null) || (authnRequest == null)) {
FSUtils.debug.error("FSServiceManager.getSSOAndFedHandler: " + FSUtils.bundle.getString("nullInputParameter"));
return null;
}
try {
FSSSOAndFedHandler returnHandler = null;
String profile = authnRequest.getProtocolProfile();
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
String spEntityId = authnRequest.getProviderId();
SPDescriptorType spDescriptor = metaManager.getSPDescriptor(realm, spEntityId);
BaseConfigType spConfig = metaManager.getSPDescriptorConfig(realm, spEntityId);
String relayState = authnRequest.getRelayState();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSServiceManager.getSSOAndFedHandler: requested profile:" + profile);
}
if (profile != null) {
if (profile.equals(IFSConstants.SSO_PROF_BROWSER_ART)) {
returnHandler = new FSSSOBrowserArtifactProfileHandler(request, response, authnRequest, spDescriptor, spConfig, spEntityId, relayState);
} else if (profile.equals(IFSConstants.SSO_PROF_BROWSER_POST)) {
returnHandler = new FSSSOBrowserPostProfileHandler(request, response, authnRequest, spDescriptor, spConfig, spEntityId, relayState);
} else if (profile.equals(IFSConstants.SSO_PROF_WML_POST)) {
returnHandler = new FSSSOWMLPostProfileHandler(request, response, authnRequest, spDescriptor, spConfig, spEntityId, relayState);
} else if (profile.equals(IFSConstants.SSO_PROF_LECP)) {
returnHandler = new FSSSOLECPProfileHandler(request, response, authnRequest, spDescriptor, spConfig, spEntityId, relayState);
} else {
FSUtils.debug.error("FSServiceManager.getSSOAndFedHandler: " + "Unknown Protocol profile request");
returnHandler = new FSSSOBrowserArtifactProfileHandler(request, response, authnRequest, spDescriptor, spConfig, spEntityId, relayState);
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSServiceManager.getSSOAndFedHandler: " + "No protocol profile in the Request");
}
returnHandler = new FSSSOBrowserArtifactProfileHandler(request, response, authnRequest, spDescriptor, spConfig, spEntityId, relayState);
}
return returnHandler;
} catch (IDFFMetaException ex) {
FSUtils.debug.error("FSServiceManager.getSSOAndFedHandler: ", ex);
return null;
}
}
Also used :
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSSSOWMLPostProfileHandler(com.sun.identity.federation.services.fednsso.FSSSOWMLPostProfileHandler)
FSSSOBrowserArtifactProfileHandler(com.sun.identity.federation.services.fednsso.FSSSOBrowserArtifactProfileHandler)
FSSSOBrowserPostProfileHandler(com.sun.identity.federation.services.fednsso.FSSSOBrowserPostProfileHandler)
FSSSOLECPProfileHandler(com.sun.identity.federation.services.fednsso.FSSSOLECPProfileHandler)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
FSSSOAndFedHandler(com.sun.identity.federation.services.fednsso.FSSSOAndFedHandler)
Example 18 with BaseConfigType
use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class FSAssertionConsumerService method doPost.
/**
* Handles post profile.
* @param request <code>HttpServletRequest</code> object
* @param response <code>HttpServletResponse</code> object
* @exception ServletException, IOException if error occurs.
*/
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
FSUtils.debug.message("FSAssertionConsumerService.doPost : called");
Document doc = null;
if ((request == null) || (response == null)) {
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
return;
}
String metaAlias = FSServiceUtils.getMetaAlias(request);
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
String baseURL = FSServiceUtils.getBaseURL(request);
String framedPageURL = FSServiceUtils.getCommonLoginPageURL(metaAlias, null, null, request, baseURL);
String hostEntityId = null;
SPDescriptorType hostDesc = null;
BaseConfigType hostConfig = null;
try {
hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
hostDesc = metaManager.getSPDescriptor(realm, hostEntityId);
hostConfig = metaManager.getSPDescriptorConfig(realm, hostEntityId);
} catch (Exception e) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Exception when obtain host meta data:", e);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
// obtain AuthnResponse message
String encodedAuthnResponse = request.getParameter(IFSConstants.POST_AUTHN_RESPONSE_PARAM);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "Base64 encoded AuthnResponse: " + encodedAuthnResponse);
}
if (encodedAuthnResponse == null) {
String[] data = { FSUtils.bundle.getString("missingAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.MISSING_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("missingAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
encodedAuthnResponse = encodedAuthnResponse.replace(' ', '\n');
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "Base64 encoded AuthnResponse2: " + encodedAuthnResponse);
}
FSAuthnResponse authnResponse = null;
try {
String decodedAuthnResponse = new String(Base64.decode(encodedAuthnResponse));
FSUtils.debug.message("Decoded authnResponse" + decodedAuthnResponse);
doc = XMLUtils.toDOMDocument(decodedAuthnResponse, FSUtils.debug);
if (doc == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost:Error " + "while parsing input xml string");
}
throw new FSMsgException("parseError", null);
}
authnResponse = new FSAuthnResponse(doc.getDocumentElement());
if (authnResponse == null) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. " + "Can't parse Base64 encoded AuthnResponse");
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
} catch (FSException e) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. FSException" + " occured while parsing Base64 encoded AuthnResponse: ", e);
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
} catch (SAMLException e) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. SAMLException" + " occurred while parsing Base64 encoded AuthnResponse: ", e);
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "AuthnResponse received is valid: " + authnResponse.toXMLString());
}
} catch (FSException e) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. FSException" + " occurred while calling AuthnResponse.toXMLString(): ", e);
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
FSAuthnRequest authnRequest = null;
String requestID = authnResponse.getInResponseTo();
if (requestID == null) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. AuthnResponse " + "received does not have inResponseTo attribute");
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "AuthnResponse received is against requestID: " + requestID);
}
authnRequest = getInResponseToRequest(requestID, metaAlias);
if (authnRequest == null) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. AuthnResponse" + " received does not have an associated AuthnRequest");
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
String framedLoginPageURL = FSServiceUtils.getCommonLoginPageURL(metaAlias, authnRequest.getRelayState(), null, request, baseURL);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "inResponseTo validation is successful");
}
try {
String idpEntityId = null;
IDPDescriptorType idpDescriptor = null;
if (!authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_LECP)) {
idpEntityId = getProvider(authnResponse.getInResponseTo(), metaAlias);
idpDescriptor = metaManager.getIDPDescriptor(realm, idpEntityId);
if (idpEntityId == null || idpDescriptor == null) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. Sender information " + "not found for the received AuthnResponse");
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedLoginPageURL);
return;
}
if ((FSServiceUtils.isSigningOn() || (FSServiceUtils.isSigningOptional() && authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_BROWSER_POST))) && !verifyAuthnResponseSignature(doc, idpDescriptor, idpEntityId)) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: Signature " + "verification failed");
FSUtils.forwardRequest(request, response, framedLoginPageURL);
return;
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "LECP Profile identified. IDP info is unknown so far" + "Get providerId from the response");
}
idpEntityId = authnResponse.getProviderId();
idpDescriptor = metaManager.getIDPDescriptor(realm, idpEntityId);
}
// handle sso
FSServiceManager sm = FSServiceManager.getInstance();
FSAssertionArtifactHandler handler = sm.getAssertionArtifactHandler(request, response, authnRequest, authnResponse, idpDescriptor, idpEntityId);
if (handler == null) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "could not create AssertionArtifactHandler");
String[] data = { FSUtils.bundle.getString("requestProcessingFailed") };
LogUtil.error(Level.INFO, LogUtil.AUTHN_REQUEST_PROCESSING_FAILED, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("requestProcessingFailed") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedLoginPageURL);
return;
}
handler.setHostEntityId(hostEntityId);
handler.setHostDescriptor(hostDesc);
handler.setHostDescriptorConfig(hostConfig);
handler.setMetaAlias(metaAlias);
handler.setRealm(realm);
handler.processAuthnResponse(authnResponse);
return;
} catch (Exception se) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Exception: ", se);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("requestProcessingFailed") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedLoginPageURL);
return;
}
}
Also used :
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest)
Document(org.w3c.dom.Document)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
SAMLException(com.sun.identity.saml.common.SAMLException)
ServletException(javax.servlet.ServletException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
FSServiceManager(com.sun.identity.federation.services.FSServiceManager)
FSAuthnResponse(com.sun.identity.federation.message.FSAuthnResponse)
FSException(com.sun.identity.federation.common.FSException)
Example 19 with BaseConfigType
use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class IDFFProviderManager method isNameIDEncryptionEnabled.
/**
* Returns whether the specified provider requires name ID encryption
* or not.
* @param providerID provider ID.
* @return true if the specified provider requires name ID encryption,
* false if it doesn't.
*/
public boolean isNameIDEncryptionEnabled(String providerID) {
EntityConfigElement entityConfig = null;
try {
entityConfig = idffMetaManager.getEntityConfig(ROOT_REALM, providerID);
} catch (IDFFMetaException imex) {
ProviderUtil.debug.error("IDFFProviderManager.isNameIDEncryptionEnabled:", imex);
}
if (entityConfig == null) {
return false;
}
BaseConfigType baseConfig = IDFFMetaUtils.getSPDescriptorConfig(entityConfig);
if (baseConfig == null) {
baseConfig = IDFFMetaUtils.getIDPDescriptorConfig(entityConfig);
if (baseConfig == null) {
return false;
}
}
Map attrMap = IDFFMetaUtils.getAttributes(baseConfig);
if ((attrMap == null) || (attrMap.isEmpty())) {
return false;
}
List values = (List) attrMap.get(IFSConstants.ENABLE_NAMEID_ENCRYPTION);
if ((values == null) || values.isEmpty()) {
return false;
}
return ((String) values.get(0)).equalsIgnoreCase("true");
}
Also used :
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
List(java.util.List)
Map(java.util.Map)
EntityConfigElement(com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement)
Example 20 with BaseConfigType
use of com.sun.identity.federation.jaxb.entityconfig.BaseConfigType in project OpenAM by OpenRock.
the class FSAssertionManager method createFSAssertion.
/**
* Creates an assertion artifact.
* @param id session ID
* @param artifact assertion artifact
* @param realm the realm under which the entity resides.
* @param spEntityID service provider's entity ID
* @param spHandle service provider issued <code>NameIdentifier</code>
* @param idpHandle identity provider issued <code>NameIdentifier</code>
* @param inResponseTo value to InResponseTo attribute. It's the request ID.
* @param assertionMinorVersion minor version the assertion should use
* @exception FSException,SAMLException if error occurrs
*/
public FSAssertion createFSAssertion(String id, AssertionArtifact artifact, String realm, String spEntityID, NameIdentifier spHandle, NameIdentifier idpHandle, String inResponseTo, int assertionMinorVersion) throws FSException, SAMLException {
FSUtils.debug.message("FSAssertionManager.createFSAssertion(id): Called");
// check input
if ((id == null) || (spEntityID == null)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager: null input for" + " method createFSAssertion.");
}
throw new FSException("nullInput", null);
}
String destID = spEntityID;
String authMethod = null;
String authnContextStatementRef = null;
String authnContextClassRef = null;
Date authInstant = null;
String securityDomain = null;
Object token = null;
String univId = null;
SubjectLocality authLocality = null;
FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
Map attributes = new HashMap();
if (metaManager != null) {
BaseConfigType idpConfig = null;
try {
idpConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
} catch (IDFFMetaException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createFSAssertion: exception while" + " obtaining idp extended meta:", e);
}
idpConfig = null;
}
if (idpConfig != null) {
attributes = IDFFMetaUtils.getAttributes(idpConfig);
}
}
try {
SessionProvider sessionProvider = SessionManager.getProvider();
token = sessionProvider.getSession(id);
String[] strAuthInst = null;
try {
strAuthInst = sessionProvider.getProperty(token, SessionProvider.AUTH_INSTANT);
} catch (UnsupportedOperationException ue) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("FSAssertionManager.createFSAssertion(id):", ue);
}
} catch (SessionException se) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("FSAssertionManager.createFSAssertion(id):", se);
}
}
if ((strAuthInst != null) && (strAuthInst.length >= 1)) {
try {
authInstant = DateUtils.stringToDate(strAuthInst[0]);
} catch (ParseException ex) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager." + "createFSAssertion(id): AuthInstant not found" + "in the Token");
}
}
} else {
authInstant = new java.util.Date();
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createFSAssertion(id):AuthInstant = " + authInstant);
}
try {
String[] strAuthMethod = sessionProvider.getProperty(token, SessionProvider.AUTH_METHOD);
if ((strAuthMethod != null) && (strAuthMethod.length >= 1)) {
authMethod = strAuthMethod[0];
}
} catch (UnsupportedOperationException ue) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("FSAssertionManager.createFSAssertion(id):", ue);
}
} catch (SessionException se) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("FSAssertionManager.createFSAssertion(id):", se);
}
}
String assertionIssuer = IDFFMetaUtils.getFirstAttributeValue(attributes, IFSConstants.ASSERTION_ISSUER);
if (assertionIssuer == null) {
assertionIssuer = SystemConfigurationUtil.getProperty("com.iplanet.am.server.host");
}
try {
String ipAddress = InetAddress.getByName(assertionIssuer).getHostAddress();
authLocality = new SubjectLocality(ipAddress, assertionIssuer);
} catch (UnknownHostException uhe) {
FSUtils.debug.error("FSAssertionManager.constructor: couldn't" + " obtain the localhost's ipaddress:", uhe);
}
try {
FSSession session = sessionManager.getSession(token);
authnContextClassRef = session.getAuthnContext();
authnContextStatementRef = authnContextClassRef;
} catch (Exception ex) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createFSAssertion" + "(id): AuthnContextStatement for the token is null" + " Assertion will not contain any " + " AuthenticationStatement");
}
authnContextStatementRef = null;
}
if (authnContextStatementRef != null) {
if (assertionMinorVersion == IFSConstants.FF_11_ASSERTION_MINOR_VERSION) {
authMethod = IFSConstants.AC_XML_NS;
} else {
authMethod = IFSConstants.AC_12_XML_NS;
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createFSAssertion(id):" + "AuthnContextStatement used for authenticating the user: " + authnContextStatementRef);
}
univId = sessionProvider.getPrincipalName(token);
securityDomain = hostEntityId;
} catch (Exception e) {
FSUtils.debug.error("FSAssertionManager.createAssertion(id):" + " exception retrieving info from the session: ", e);
throw new FSException("alliance_manager_no_local_descriptor", null, e);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Creating Authentication Assertion for user with" + "opaqueHandle= " + spHandle.getName() + " And SecurityDomain= " + securityDomain);
}
SubjectConfirmation subConfirmation = null;
String artString = null;
if (artifact != null) {
artString = artifact.getAssertionArtifact();
if (assertionMinorVersion == IFSConstants.FF_11_ASSERTION_MINOR_VERSION) {
subConfirmation = new SubjectConfirmation(SAMLConstants.DEPRECATED_CONFIRMATION_METHOD_ARTIFACT);
} else {
subConfirmation = new SubjectConfirmation(SAMLConstants.CONFIRMATION_METHOD_ARTIFACT);
}
subConfirmation.setSubjectConfirmationData(artString);
} else {
// set to bearer for POST profile
subConfirmation = new SubjectConfirmation(SAMLConstants.CONFIRMATION_METHOD_BEARER);
}
IDPProvidedNameIdentifier idpNi = null;
if (assertionMinorVersion == IFSConstants.FF_12_POST_ASSERTION_MINOR_VERSION || assertionMinorVersion == IFSConstants.FF_12_ART_ASSERTION_MINOR_VERSION) {
idpNi = new IDPProvidedNameIdentifier(idpHandle.getName(), idpHandle.getNameQualifier(), spHandle.getFormat());
idpNi.setMinorVersion(IFSConstants.FF_12_PROTOCOL_MINOR_VERSION);
} else {
idpNi = new IDPProvidedNameIdentifier(idpHandle.getNameQualifier(), idpHandle.getName());
}
FSSubject sub = new FSSubject(spHandle, subConfirmation, idpNi);
AuthnContext authnContext = new AuthnContext(authnContextClassRef, authnContextStatementRef);
authnContext.setMinorVersion(assertionMinorVersion);
FSAuthenticationStatement statement = new FSAuthenticationStatement(authMethod, authInstant, sub, authLocality, null, authnContext);
FSSession session = sessionManager.getSession(univId, id);
if (session == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id): " + "AssertionManager could not find a valid Session for" + "userId: " + univId + " SessionID: " + id);
}
return null;
}
String sessionIndex = session.getSessionIndex();
if (sessionIndex == null) {
sessionIndex = SAMLUtils.generateID();
session.setSessionIndex(sessionIndex);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id): SessionIndex: " + sessionIndex);
}
statement.setSessionIndex(sessionIndex);
//setReauthenticateOnOrAfter date
Date issueInstant = new Date();
// get this period from the config
FSUtils.debug.message("here before date");
Date notAfter;
if (artifact != null) {
notAfter = new Date(issueInstant.getTime() + artifactTimeout);
} else {
notAfter = new Date(issueInstant.getTime() + assertionTimeout);
}
FSUtils.debug.message("here after date");
statement.setReauthenticateOnOrAfter(notAfter);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Authentication Statement: " + statement.toXMLString());
}
Conditions cond = new Conditions(null, notAfter);
if ((destID != null) && (destID.length() != 0)) {
List targets = new ArrayList();
targets.add(destID);
cond.addAudienceRestrictionCondition(new AudienceRestrictionCondition(targets));
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Authentication Statement: " + statement.toXMLString());
}
/**
* This is added to create an attribute statement for the bootstrap
* information.
*/
AttributeStatement attribStatement = null;
Advice advice = null;
String generateBootstrapping = IDFFMetaUtils.getFirstAttributeValue(attributes, IFSConstants.GENERATE_BOOTSTRAPPING);
if (assertionMinorVersion != IFSConstants.FF_11_ASSERTION_MINOR_VERSION && (generateBootstrapping != null && generateBootstrapping.equals("true"))) {
AuthnContext authContext = new AuthnContext(null, authnContextStatementRef);
authContext.setMinorVersion(IFSConstants.FF_12_PROTOCOL_MINOR_VERSION);
try {
FSDiscoveryBootStrap bootStrap = new FSDiscoveryBootStrap(token, authContext, sub, univId, destID, realm);
attribStatement = bootStrap.getBootStrapStatement();
if (bootStrap.hasCredentials()) {
advice = bootStrap.getCredentials();
}
} catch (Exception e) {
FSUtils.debug.error("FSAssertionManager.createAssertion(id):" + "exception when generating bootstrapping resource " + "offering:", e);
}
}
AssertionIDReference aID = new AssertionIDReference();
Set statements = new HashSet();
statements.add(statement);
if (attribStatement != null) {
statements.add(attribStatement);
}
String attributePluginImpl = IDFFMetaUtils.getFirstAttributeValue(attributes, IFSConstants.ATTRIBUTE_PLUGIN);
if ((attributePluginImpl != null) && (attributePluginImpl.length() != 0)) {
try {
Object pluginClass = Thread.currentThread().getContextClassLoader().loadClass(attributePluginImpl).newInstance();
List attribStatements = null;
if (pluginClass instanceof FSRealmAttributePlugin) {
FSRealmAttributePlugin attributePlugin = (FSRealmAttributePlugin) pluginClass;
attribStatements = attributePlugin.getAttributeStatements(realm, hostEntityId, destID, sub, token);
} else if (pluginClass instanceof FSAttributePlugin) {
FSAttributePlugin attributePlugin = (FSAttributePlugin) pluginClass;
attribStatements = attributePlugin.getAttributeStatements(hostEntityId, destID, sub, token);
}
if ((attribStatements != null) && (attribStatements.size() != 0)) {
Iterator iter = attribStatements.iterator();
while (iter.hasNext()) {
statements.add((AttributeStatement) iter.next());
}
}
} catch (Exception ex) {
FSUtils.debug.error("FSAssertion.createAssertion(id):getAttributePlugin:", ex);
}
}
if (IDFFMetaUtils.isAutoFedEnabled(attributes)) {
AttributeStatement autoFedStatement = FSAttributeStatementHelper.getAutoFedAttributeStatement(realm, hostEntityId, sub, token);
statements.add(autoFedStatement);
}
FSAssertion assertion = new FSAssertion(aID.getAssertionIDReference(), hostEntityId, issueInstant, cond, advice, statements, inResponseTo);
assertion.setMinorVersion(assertionMinorVersion);
assertion.setID(aID.getAssertionIDReference());
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Assertion created successfully: " + assertion.toXMLString());
}
String aIDString = assertion.getAssertionID();
Entry entry = new Entry(assertion, destID, artString, token);
Integer maxNumber = null;
try {
int temp = Integer.parseInt(IDFFMetaUtils.getFirstAttributeValue(attributes, IFSConstants.ASSERTION_LIMIT));
maxNumber = new Integer(temp);
} catch (Exception ex) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Assertion MAX number configuration not found in " + "FSConfig. Using Default");
}
maxNumber = null;
}
if (maxNumber == null) {
maxNumber = new Integer(IFSConstants.ASSERTION_MAX_NUMBER_DEFAULT);
}
int maxValue = maxNumber.intValue();
if ((maxValue != 0) && (idEntryMap.size() > maxValue)) {
FSUtils.debug.error("FSAssertionManager.createAssertion: " + "reached maxNumber of assertions.");
throw new FSException("errorCreateAssertion", null);
}
Object oldEntry = null;
try {
synchronized (idEntryMap) {
oldEntry = idEntryMap.put(aIDString, entry);
}
if ((agent != null) && agent.isRunning() && (idffSvc != null)) {
idffSvc.setAssertions((long) idEntryMap.size());
}
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager: couldn't add " + "to idEntryMap.", e);
}
throw new FSException("errorCreateAssertion", null);
}
if (LogUtil.isAccessLoggable(Level.FINER)) {
String[] data = { assertion.toString() };
LogUtil.access(Level.FINER, LogUtil.CREATE_ASSERTION, data, token);
} else {
String[] data = { assertion.getAssertionID() };
LogUtil.access(Level.INFO, LogUtil.CREATE_ASSERTION, data, token);
}
if (artString != null) {
try {
synchronized (artIdMap) {
oldEntry = artIdMap.put(artString, aIDString);
}
if ((agent != null) && agent.isRunning() && (idffSvc != null)) {
idffSvc.setArtifacts((long) artIdMap.size());
}
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager: couldn't add " + "artifact to the artIdMap.", e);
}
throw new FSException("errorCreateArtifact", null);
}
if (oldEntry != null) {
artifactTimeoutRunnable.removeElement(aIDString);
}
artifactTimeoutRunnable.addElement(aIDString);
} else {
if (oldEntry != null) {
assertionTimeoutRunnable.removeElement(aIDString);
}
assertionTimeoutRunnable.addElement(aIDString);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Returning Assertion: " + assertion.toXMLString());
}
return assertion;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
FSSubject(com.sun.identity.federation.message.FSSubject)
Date(java.util.Date)
ArrayList(java.util.ArrayList)
SessionException(com.sun.identity.plugin.session.SessionException)
SubjectLocality(com.sun.identity.saml.assertion.SubjectLocality)
Conditions(com.sun.identity.saml.assertion.Conditions)
AuthnContext(com.sun.identity.federation.message.common.AuthnContext)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
SubjectConfirmation(com.sun.identity.saml.assertion.SubjectConfirmation)
FSAssertion(com.sun.identity.federation.message.FSAssertion)
FSException(com.sun.identity.federation.common.FSException)
Iterator(java.util.Iterator)
List(java.util.List)
ArrayList(java.util.ArrayList)
AudienceRestrictionCondition(com.sun.identity.saml.assertion.AudienceRestrictionCondition)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
HashSet(java.util.HashSet)
UnknownHostException(java.net.UnknownHostException)
FSAuthenticationStatement(com.sun.identity.federation.message.FSAuthenticationStatement)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
Date(java.util.Date)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ParseException(java.text.ParseException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
UnknownHostException(java.net.UnknownHostException)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
ParseException(java.text.ParseException)
Advice(com.sun.identity.saml.assertion.Advice)
IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier)
AssertionIDReference(com.sun.identity.saml.assertion.AssertionIDReference)
Map(java.util.Map)
HashMap(java.util.HashMap)
Aggregations
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)54
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)33
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)18
List (java.util.List)18
FSException (com.sun.identity.federation.common.FSException)17
SessionException (com.sun.identity.plugin.session.SessionException)14
IOException (java.io.IOException)14
ArrayList (java.util.ArrayList)14
Iterator (java.util.Iterator)14
IDPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)13
SAMLException (com.sun.identity.saml.common.SAMLException)13
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)12
ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)12
FSSessionManager (com.sun.identity.federation.services.FSSessionManager)10
HashMap (java.util.HashMap)10
Map (java.util.Map)10
ServletException (javax.servlet.ServletException)10
FSAuthnRequest (com.sun.identity.federation.message.FSAuthnRequest)9
Set (java.util.Set)9
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)8
