Examples with FSAuthnRequest com.sun.identity.federation.message.FSAuthnRequest used on opensource projects

Example 11 with FSAuthnRequest

use of com.sun.identity.federation.message.FSAuthnRequest in project OpenAM by OpenRock.

the class FSAssertionArtifactHandler method sendProxyResponse.

/**
     * Sends the proxy authentication response to the proxying service
     * provider which has originally requested for the authentication.
     * @param requestID authnRequest id that is sent to the authenticating
     *  Identity Provider.
     */
protected void sendProxyResponse(String requestID) {
    FSUtils.debug.message("FSAssertionArtifactHandler.sendProxyResponse::");
    FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
    FSAuthnRequest origRequest = sessionManager.getProxySPAuthnRequest(requestID);
    if (FSUtils.debug.messageEnabled()) {
        try {
            FSUtils.debug.message("FSAssertionHandler.sendProxyResponse:" + origRequest.toXMLString());
        } catch (Exception ex) {
            FSUtils.debug.error("FSAssertionHandler.sendProxyResponse:" + "toString(): Failed.", ex);
        }
    }
    SPDescriptorType proxyDescriptor = sessionManager.getProxySPDescriptor(requestID);
    String proxySPEntityId = origRequest.getProviderId();
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSAssertionArtifactHandler.sendProxyResponse" + ":Original requesting service provider id:" + proxySPEntityId);
    }
    FSSession session = sessionManager.getSession(ssoToken);
    if (authnContextStmt != null) {
        String authnContext = authnContextStmt.getAuthnContextClassRef();
        session.setAuthnContext(authnContext);
    }
    session.addSessionPartner(new FSSessionPartner(proxySPEntityId, false));
    if (FSUtils.debug.messageEnabled()) {
        Iterator partners = session.getSessionPartners().iterator();
        while (partners.hasNext()) {
            FSSessionPartner part = (FSSessionPartner) partners.next();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("PARTNERS" + part.getPartner());
            }
        }
    }
    IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
    BaseConfigType proxySPConfig = null;
    try {
        proxySPConfig = metaManager.getSPDescriptorConfig(realm, proxySPEntityId);
    } catch (Exception e) {
        FSUtils.debug.error("FSAssertionArtifactHandler.sendProxyResponse:" + "Couldn't obtain proxy sp meta:", e);
    }
    FSProxyHandler handler = new FSProxyHandler(request, response, origRequest, proxyDescriptor, proxySPConfig, proxySPEntityId, origRequest.getRelayState(), ssoToken);
    IDPDescriptorType localIDPDesc = null;
    BaseConfigType localIDPConfig = null;
    String localIDPMetaAlias = null;
    try {
        localIDPDesc = metaManager.getIDPDescriptor(realm, hostEntityId);
        localIDPConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
        localIDPMetaAlias = localIDPConfig.getMetaAlias();
    } catch (Exception e) {
        FSUtils.debug.error("FSAssertionartifactHandler.sendProxyResponse:" + "Exception when obtaining local idp meta:", e);
    }
    handler.setRealm(realm);
    handler.setHostedEntityId(hostEntityId);
    handler.setHostedDescriptor(localIDPDesc);
    handler.setHostedDescriptorConfig(localIDPConfig);
    handler.setMetaAlias(localIDPMetaAlias);
    handler.processAuthnRequest(origRequest, true);
}

Example 12 with FSAuthnRequest

use of com.sun.identity.federation.message.FSAuthnRequest in project OpenAM by OpenRock.

the class FSSSOAndFedHandler method sendProxyAuthnRequest.

/**
     * Sends a new AuthnRequest to the authenticating provider. 
     * @param authnRequest original AuthnRequest sent by the service provider.
     * @param preferredIDP IDP to be proxied.
     * @exception FSException for any federation failure.
     * @exception IOException if there is a failure in redirection.
     */
protected void sendProxyAuthnRequest(FSAuthnRequest authnRequest, String preferredIDP) throws FSException, IOException {
    FSAuthnRequest newAuthnRequest = getNewAuthnRequest(authnRequest);
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSSSOAndFedHandler.sendProxyAuthnRequest:" + "New Authentication request:" + newAuthnRequest.toXMLString());
    }
    FSSessionManager sessManager = FSSessionManager.getInstance(IDFFMetaUtils.getMetaAlias(realm, hostedEntityId, IFSConstants.SP, null));
    String requestID = newAuthnRequest.getRequestID();
    sessManager.setAuthnRequest(requestID, newAuthnRequest);
    sessManager.setProxySPDescriptor(requestID, spDescriptor);
    sessManager.setProxySPAuthnRequest(requestID, authnRequest);
    sessManager.setIDPEntityID(requestID, preferredIDP);
    String targetURL = null;
    SPDescriptorType localDescriptor = null;
    BaseConfigType localDescriptorConfig = null;
    try {
        IDPDescriptorType idpDescriptor = metaManager.getIDPDescriptor(realm, preferredIDP);
        targetURL = idpDescriptor.getSingleSignOnServiceURL();
        if (targetURL == null) {
            FSUtils.debug.error("FSSSOAndFedHandler.sendProxyAuthnRequest: Single " + "Sign-on service is not found for the proxying IDP");
            return;
        }
        localDescriptor = metaManager.getSPDescriptor(realm, hostedEntityId);
        localDescriptorConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
    } catch (Exception e) {
        FSUtils.debug.error("FSSSOAndFedHandler.sendProxyAuthnRequest:", e);
        return;
    }
    String queryString = newAuthnRequest.toURLEncodedQueryString();
    if (FSServiceUtils.isSigningOn()) {
        String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(localDescriptorConfig, IFSConstants.SIGNING_CERT_ALIAS);
        if (localDescriptor.isAuthnRequestsSigned()) {
            queryString = FSSignatureUtil.signAndReturnQueryString(queryString, certAlias);
        }
    }
    StringBuffer tmpURL = new StringBuffer(1000);
    if (targetURL.indexOf("?") != -1) {
        tmpURL.append(targetURL).append("&").append(queryString);
    } else {
        tmpURL.append(targetURL).append("?").append(queryString);
    }
    String redirectURL = tmpURL.toString();
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSSSOAndFedHandler.sendProxyAuthnRequest:" + "SSO URL to be redirected" + redirectURL);
    }
    response.setStatus(response.SC_MOVED_TEMPORARILY);
    response.setHeader("Location", redirectURL);
    response.sendRedirect(redirectURL);
}

Example 13 with FSAuthnRequest

use of com.sun.identity.federation.message.FSAuthnRequest in project OpenAM by OpenRock.

the class FSSSOAndFedService method onMessage.

/**
     * SOAP JAXM Listener implementation for LECP AuthnRequest.
     *
     * @param request <code>HttpServletRequest</code> object
     * @param response <code>HttpServletResponse</code> object
     * @param message SOAP message that contains LECP request
     */
public void onMessage(HttpServletRequest request, HttpServletResponse response, SOAPMessage message) {
    FSUtils.debug.message("FSSSOAndFedService.onMessage: Called");
    try {
        Element elt = soapService.parseSOAPMessage(message);
        if (elt == null) {
            FSUtils.debug.error("FSSSOAndFedService.onMessage: " + "Error in processing. Invalid SOAPMessage");
            response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
            returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
            return;
        }
        String eltTagName = (elt.getTagName().trim());
        String ns = elt.getNamespaceURI().trim();
        String nodeName = elt.getLocalName().trim();
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedService.onMessage: " + "tagName: " + eltTagName + " namespaceUri: " + ns + " localName: " + nodeName);
        }
        if (nodeName.equalsIgnoreCase("AuthnRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI)) || (ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
            SOAPMessage retMessage = null;
            try {
                FSAuthnRequest authnRequest = new FSAuthnRequest(elt);
                String metaAlias = FSServiceUtils.getMetaAlias(request);
                IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
                String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
                String hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
                IDPDescriptorType hostedDesc = metaManager.getIDPDescriptor(realm, hostEntityId);
                BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
                FSSessionManager sessionService = FSSessionManager.getInstance(metaAlias);
                sessionService.setAuthnRequest(authnRequest.getRequestID(), authnRequest);
                handleLECPRequest(request, response, authnRequest, hostedDesc, hostedConfig, realm, hostEntityId, metaAlias);
                retMessage = null;
            } catch (Exception e) {
                FSUtils.debug.error("FSSSOAndFedService.onMessage: " + "Error in processing lecp AuthnRequest:", e);
                response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
                returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
                return;
            }
            returnSOAPMessage(retMessage, response);
            return;
        } else {
            FSUtils.debug.error("FSSSOAndFedService.onMessage: Invalid SOAP Request:" + nodeName);
        }
    } catch (Exception e) {
        FSUtils.debug.error("FSSSOAndFedService.onMessage: " + "Error in processing Request: Exception occured: ", e);
        response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
        java.io.ByteArrayOutputStream strm = new java.io.ByteArrayOutputStream();
        e.printStackTrace(new java.io.PrintStream(strm));
        FSUtils.debug.error(strm.toString());
        returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
        return;
    }
    returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
    return;
}

Example 14 with FSAuthnRequest

use of com.sun.identity.federation.message.FSAuthnRequest in project OpenAM by OpenRock.

the class FSSSOAndFedService method doPost.

/**
     * Processes single sign on POST request.
     * @param request <code>HttpServletRequest</code> object
     * @param response <code>HttpServletResponse</code> object
     * @exception ServletException, IOException if an error occurred
     */
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    FSUtils.debug.message("FSSSOAndFedService.doPost: Called");
    if ((request == null) || (response == null)) {
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
        return;
    }
    if (FSUtils.needSetLBCookieAndRedirect(request, response, true)) {
        return;
    }
    // Check if it's an LECP request
    if (isLECPRequest(request)) {
        // TODO: assume auth framework will understand this param
        String useForward = (String) request.getAttribute(Constants.FORWARD_PARAM);
        if (useForward != null && useForward.equals(Constants.FORWARD_YES_VALUE)) {
            // this is a forward POST after authentication, need to
            // use GET instead of POST here
            FSUtils.debug.message("FSSSOAndFedService.doPost: LECP forward");
            this.doGet(request, response);
        } else {
            try {
                MimeHeaders mimeHeaders = SAMLUtils.getMimeHeaders(request);
                ServletInputStream sInputStream = request.getInputStream();
                SOAPMessage soapMessage = msgFactory.createMessage(mimeHeaders, sInputStream);
                this.onMessage(request, response, soapMessage);
            } catch (SOAPException se) {
                throw new ServletException(se);
            }
        }
        return;
    }
    // obtain AuthnRequest message
    String enocodedAuthnRequest = request.getParameter(IFSConstants.POST_AUTHN_REQUEST_PARAM);
    if (enocodedAuthnRequest == null) {
        doGet(request, response);
        return;
    }
    enocodedAuthnRequest = enocodedAuthnRequest.replace(' ', '\n');
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSSSOAndFedService.doPost: " + "BASE64 encoded AuthnRequest at the RECEIVER: " + enocodedAuthnRequest);
    }
    //decode and create FSAuthnRequest object
    FSAuthnRequest authnRequest = null;
    try {
        authnRequest = FSAuthnRequest.parseBASE64EncodedString(enocodedAuthnRequest);
        if (authnRequest == null) {
            FSUtils.debug.error("FSSSOAndFedService: " + FSUtils.bundle.getString("invalidAuthnRequest"));
            String[] data = { FSUtils.bundle.getString("invalidAuthnRequest") };
            LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_REQUEST, data);
            response.sendError(response.SC_BAD_REQUEST, FSUtils.bundle.getString("invalidAuthnRequest"));
            return;
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedService: " + "AuthnRequest received:" + authnRequest.toXMLString());
            }
        }
    } catch (FSException e) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedService: " + FSUtils.bundle.getString("invalidAuthnRequest"), e);
        }
        response.sendError(response.SC_BAD_REQUEST, FSUtils.bundle.getString("invalidAuthnRequest"));
        return;
    }
    String metaAlias = null;
    String realm = null;
    String hostEntityId = null;
    IDPDescriptorType hostedDesc = null;
    BaseConfigType hostedConfig = null;
    try {
        metaAlias = FSServiceUtils.getMetaAlias(request);
        realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
        hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
        hostedDesc = metaManager.getIDPDescriptor(realm, hostEntityId);
        hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
    } catch (Exception e) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedService: couldn't obtain hosted entity id:", e);
        }
    }
    handleAuthnRequest(request, response, authnRequest, false, false, realm, hostEntityId, metaAlias, hostedDesc, hostedConfig);
    return;
}

Example 15 with FSAuthnRequest

use of com.sun.identity.federation.message.FSAuthnRequest in project OpenAM by OpenRock.

the class FSLoginHelper method changeToPassiveAuthnRequest.

void changeToPassiveAuthnRequest(String requestID, boolean isPassiveFlag, String metaAlias) {
    FSUtils.debug.message("FSPreLogin.changeToPassiveAuthnRequest called");
    FSSessionManager sessMngr = FSSessionManager.getInstance(metaAlias);
    if (sessMngr == null) {
        FSUtils.debug.message("Session Manager null");
        return;
    }
    FSAuthnRequest authnRequest = sessMngr.getAuthnRequest(requestID);
    if (authnRequest != null && !(authnRequest.getFederate())) {
        authnRequest.setIsPassive(isPassiveFlag);
        authnRequest.setForceAuthn(false);
    }
    sessMngr.setAuthnRequest(requestID, authnRequest);
}