use of com.sun.identity.federation.message.FSIDPList in project OpenAM by OpenRock.
the class FSLoginHelper method createAuthnRequestEnvelope.
/**
* Creates <code>AuthnRequestEnvelope</code> for <code>LECP</code> profile.
* @param request <code>HttpServletRequest</code> object
* @return xml string of an <code>AuthnRequestEnvelope</code> object
*/
public String createAuthnRequestEnvelope(HttpServletRequest request) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSLoginHelper.createAuthnRequestEnvelope(): called" + request.getParameter("metaAlias"));
}
try {
String metaAlias = request.getParameter("metaAlias");
//FSServiceUtils.getMetaAlias(request);
setMetaInfo(metaAlias, null);
FSAuthnRequest authnRequest = null;
Map headerMap = new HashMap();
Enumeration headerNames = request.getHeaderNames();
while (headerNames.hasMoreElements()) {
String hn = headerNames.nextElement().toString();
String hv = request.getHeader(hn);
headerMap.put(hn, hv);
}
Set idpSet = getIDPs(metaAlias);
String LRURL = request.getParameter(IFSConstants.LRURL);
if (LRURL == null || LRURL.equals("")) {
LRURL = FSServiceUtils.getFederationDonePageURL(request, hostConfig, metaAlias);
}
authnRequest = getAuthnReq(headerMap, LRURL, true);
authnRequest.setMinorVersion(FSServiceUtils.getMinorVersion(hostDescriptor.getProtocolSupportEnumeration()));
if (authnRequest == null) {
FSUtils.debug.error("FSLoginHelper.createAuthnRequest()::AuthnRequest is null");
return errorPage + "&" + IFSConstants.FEDERROR + "=" + URLEncDec.encode("Unable to create AuthnRequest") + "&" + IFSConstants.FEDREMARK + "=" + URLEncDec.encode("Please check your Federation Configuration.");
}
String requestID = authnRequest.getRequestID();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSLoginHelper.createAuthnRequest()::RequestID: " + requestID);
}
FSSessionManager sessMngr = FSSessionManager.getInstance(metaAlias);
sessMngr.setAuthnRequest(requestID, authnRequest);
Object ssoToken = SessionManager.getProvider().getSession(request);
if (ssoToken != null) {
sessMngr.setLocalSessionToken(requestID, ssoToken);
}
//check if dontgotothird level domain flag is off is yes
//if yes then get one provider and and send to intersiteurl
//else send to third level domain for provider id
//also check if there is a single idp if yes go to intersite
//transfer with providerid
//*****************
FSAuthnRequestEnvelope authnRequestEnvelope = null;
boolean isPassive = false;
FSIDPList idpList = null;
//get IDPList from directory
String assertionConsumerURL = FSServiceUtils.getAssertionConsumerServiceURL(hostDescriptor, null);
List idpEntryList = null;
String idpID = null;
String idpLocation = null;
Iterator iter = idpSet.iterator();
while (iter.hasNext()) {
idpID = (String) iter.next();
if (idpID != null) {
IDPDescriptorType idpDescr = metaManager.getIDPDescriptor(realm, idpID);
idpLocation = idpDescr.getSingleSignOnServiceURL();
if (idpEntryList == null) {
idpEntryList = new ArrayList();
}
idpEntryList.add(new IDPEntry(idpID, idpID, idpLocation));
}
}
int minorVersion = FSServiceUtils.getMinorVersion(hostDescriptor.getProtocolSupportEnumeration());
IDPEntries idpEntries = new IDPEntries(idpEntryList);
idpList = new FSIDPList(idpEntries, null);
idpList.setMinorVersion(minorVersion);
if (FSServiceUtils.isSigningOn()) {
if (hostDescriptor.isAuthnRequestsSigned()) {
authnRequest.signXML(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.SIGNING_CERT_ALIAS));
}
}
authnRequestEnvelope = new FSAuthnRequestEnvelope(authnRequest, hostEntityID, hostEntityID, assertionConsumerURL, idpList, isPassive);
authnRequestEnvelope.setMinorVersion(minorVersion);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSLoginHelper.createAuthnRequest: " + "AuthnRequestEnvelope: " + authnRequestEnvelope.toXMLString());
}
return authnRequestEnvelope.toXMLString();
} catch (Exception e) {
FSUtils.debug.error("FSLoginHelper.createAuthnRequest():Exception Occured: ", e);
return null;
}
}
use of com.sun.identity.federation.message.FSIDPList in project OpenAM by OpenRock.
the class FSLoginHelper method createAuthnRequest.
/**
* Returns a Map of headers,lrurl/responsedata.
* @param headers Map of headers
* @param LRURL relay state url
* @param authLevel authentication level
* @param metaAlias meta alias of hosted provider
* @param remoteEntityID remote provider's entity ID
* @param isFedCookiePresent if fed cookie present or not
* @return Map of headers and lrurl/responedata
* @exception FSLoginHelperException if error occurrs
*/
public Map createAuthnRequest(Map headers, String LRURL, String authLevel, String metaAlias, String remoteEntityID, boolean isFedCookiePresent) throws FSLoginHelperException {
Map retHeaderMap = new HashMap();
setMetaInfo(metaAlias, authLevel);
FSUtils.debug.message("FSLoginHelper.createAuthnRequest(): called");
FSAuthnRequest authnRequest = null;
if (remoteEntityID != null) {
authnRequest = getAuthnReq(headers, LRURL, true);
} else {
authnRequest = getAuthnReq(headers, LRURL, false);
}
if (authnRequest == null) {
FSUtils.debug.error("FSLoginHelper.createAuthnRequest()::AuthnRequest is null");
String redirectURL = errorPage + "&" + IFSConstants.FEDERROR + "=" + URLEncDec.encode("Unable to create AuthnRequest") + "&" + IFSConstants.FEDREMARK + "=" + URLEncDec.encode("Please check your Federation Configuration.");
return createMap(redirectURL, null, retHeaderMap);
}
String requestID = authnRequest.getRequestID();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSLoginHelper.createAuthnRequest()::RequestID: " + requestID);
}
FSSessionManager sessMngr = FSSessionManager.getInstance(metaAlias);
sessMngr.setAuthnRequest(requestID, authnRequest);
sessMngr.setIDPEntityID(requestID, remoteEntityID);
String redirectURL = null;
//check if dontgotothird level domain flag is off is yes
//if yes then get one provider and and send to intersiteurl
//else send to third level domain for provider id
//also check if there is a single idp if yes go to intersite transfer
//with providerid
boolean isSingleIDP = true;
boolean isSSO = false;
Set idpSet = getIDPs(metaAlias);
if (remoteEntityID == null) {
isSSO = true;
}
if (idpSet.size() > 1) {
isSingleIDP = false;
}
//*****************
if (isLECPProfile(headers)) {
FSUtils.debug.message("FSLoginHelper.createAuthnRequest():LECP Request Identified");
retHeaderMap.put("content-type", IFSConstants.LECP_CONTENT_TYPE_HEADER);
String responseData = null;
try {
FSAuthnRequestEnvelope authnRequestEnvelope = null;
boolean isPassive = false;
FSIDPList idpList = null;
//get IDPList from directory
String assertionConsumerURL = FSServiceUtils.getAssertionConsumerServiceURL(hostDescriptor, null);
List idpEntryList = null;
String idpID = null;
String idpName = null;
String idpLocation = null;
Iterator iter = idpSet.iterator();
while (iter.hasNext()) {
idpID = (String) iter.next();
if (idpID != null) {
IDPDescriptorType idpDescr = metaManager.getIDPDescriptor(realm, idpID);
idpLocation = idpDescr.getSingleSignOnServiceURL();
if (idpEntryList == null) {
idpEntryList = new ArrayList();
}
idpEntryList.add(new IDPEntry(idpID, idpID, idpLocation));
}
}
IDPEntries idpEntries = new IDPEntries(idpEntryList);
idpList = new FSIDPList(idpEntries, null);
int minorVersion = FSServiceUtils.getMinorVersion(hostDescriptor.getProtocolSupportEnumeration());
idpList.setMinorVersion(minorVersion);
authnRequest.setMinorVersion(minorVersion);
if (FSServiceUtils.isSigningOn()) {
if (hostDescriptor.isAuthnRequestsSigned()) {
authnRequest.signXML(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.SIGNING_CERT_ALIAS));
}
}
authnRequestEnvelope = new FSAuthnRequestEnvelope(authnRequest, hostEntityID, hostEntityID, assertionConsumerURL, idpList, isPassive);
authnRequestEnvelope.setMinorVersion(minorVersion);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSLoginHelper.createAuthnRequest: " + "AuthnRequestEnvelope: " + authnRequestEnvelope.toXMLString());
}
responseData = authnRequestEnvelope.toXMLString();
// responseData = authnRequestEnvelope.toBASE64EncodedString();
} catch (Exception e) {
FSUtils.debug.error("FSLoginHelper.createAuthnRequest(): " + "Exception Occured: " + e.getMessage());
}
Map retMap = createMap(null, responseData, retHeaderMap);
retMap.put(authnReqIDKey, requestID);
return retMap;
}
//*****************
String tldURL = getTLDURL();
if (isSSO && tldURL != null && !isSingleIDP) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSLoginHelper:: createAuthnRequest " + "In case where isSSO true and tldURL is true and not " + "single idp. So redirecting to thirdlevel domain");
}
redirectURL = tldURL + "?" + IFSConstants.LRURL + "=" + URLEncDec.encode(interSiteURL + "?" + authnReqIDKey + "=" + URLEncDec.encode(requestID) + "&" + IFSConstants.META_ALIAS + "=" + metaAlias);
} else if (isSSO && !isSingleIDP) {
if (FSUtils.debug.messageEnabled())
FSUtils.debug.message("FSLoginHelper:: createAuthnRequest " + " In case where isSSO true and not a single idp so have " + "show common login page");
Map retMap = createMap(null, null, retHeaderMap);
retMap.put(authnReqIDKey, requestID);
return retMap;
} else {
boolean noIDP = false;
if (remoteEntityID == null) {
if (idpSet != null && idpSet.size() > 0) {
remoteEntityID = (String) idpSet.iterator().next();
} else {
FSUtils.debug.error("FSLoginHelper:: no idps found in config." + " Cannot proceed.");
redirectURL = errorPage + "&" + IFSConstants.FEDERROR + "=" + URLEncDec.encode("No IDPs Found in Configuration.") + "&" + IFSConstants.FEDREMARK + "=" + URLEncDec.encode("Please configure you Federation Services for an IDP.");
noIDP = true;
}
}
if (!noIDP) {
String succintID = FSUtils.generateSourceID(remoteEntityID);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSLoginHelper:: createAuthnRequest " + " Redirecting to intersiteTransfer URL " + interSiteURL + " with providerID and Base64 encoded SuccintID. " + remoteEntityID + "---" + succintID);
}
//check for presence of federate cookie
if (!isFedCookiePresent) {
if (actionOnNoFedCookie.equals(IFSConstants.COMMON_LOGIN)) {
Map retMap = createMap(null, null, retHeaderMap);
retMap.put(authnReqIDKey, requestID);
return retMap;
} else if (actionOnNoFedCookie.equals(IFSConstants.ACTIVE)) {
changeToPassiveAuthnRequest(requestID, false, metaAlias);
} else {
changeToPassiveAuthnRequest(requestID, true, metaAlias);
}
}
String providerID = FSUtils.stringToBase64(succintID);
redirectURL = interSiteURL + "?" + authnReqIDKey + "=" + URLEncDec.encode(requestID) + "&" + providerIDKey + "=" + URLEncDec.encode(providerID) + "&" + IFSConstants.META_ALIAS + "=" + metaAlias;
}
}
/**
* If this flag is set via the query param, we will always make
* a passive call to the IDP.
*/
if (isPassiveQuery) {
changeToPassiveAuthnRequest(requestID, true, metaAlias);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSLoginHelper.createAuthnRequest()::" + "redirectURL : " + redirectURL);
}
if (isWMLProfile(headers)) {
retHeaderMap.put("content-type", "text/vnd.wap.wml");
} else {
retHeaderMap.put("content-type", "text/html");
}
Map retMap = createMap(redirectURL, null, retHeaderMap);
retMap.put(authnReqIDKey, requestID);
return retMap;
}
use of com.sun.identity.federation.message.FSIDPList in project OpenAM by OpenRock.
the class FSIntersiteTransferService method doGet.
/**
* Generates <code>AuthnRequest</code> and sends it to <code>IDP</code>.
* @param request <code>HttpServletRequest</code> object
* @param response <code>HttpServletResponse</code> object
* @exception ServletException,IOException if error occurred
*/
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
FSUtils.debug.message("FSIntersiteTransferService.doGet: Called");
/**
* Check to see if there is a need to set lb cookie.
* This is for the use case that AuthnRequest is not created by the
* preLogin process and lb cookie wasn't set there.
*/
if (FSUtils.needSetLBCookieAndRedirect(request, response, false)) {
return;
}
try {
IDPDescriptorType idpDescriptor = null;
String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
if (metaAlias == null || metaAlias.length() == 0) {
metaAlias = FSServiceUtils.getMetaAlias(request);
}
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
String hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
if ((request == null) || (response == null)) {
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
return;
}
String qs = request.getQueryString();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "QueryString Received from CommonDomain: " + qs);
}
String requestID = findRequestID(request);
if (requestID == null) {
//throw error page
FSUtils.debug.error("FSIntersiteTransferService.doGet: " + FSUtils.bundle.getString("nullInputParameter"));
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
return;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "RequestID found: " + requestID);
}
FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
FSAuthnRequest authnRequest = sessionMgr.getAuthnRequest(requestID);
if (authnRequest == null) {
FSUtils.debug.error("FSIntersiteTransferService.doGet: " + FSUtils.bundle.getString("invalidRequestId"));
String[] data = { FSUtils.bundle.getString("invalidRequestId") };
LogUtil.error(Level.INFO, "INVALID_AUTHN_REQUEST", data);
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("invalidRequestId"));
return;
}
String resourceUrl = authnRequest.getRelayState();
String baseURL = FSServiceUtils.getBaseURL(request);
framedLoginPageURL = FSServiceUtils.getCommonLoginPageURL(metaAlias, resourceUrl, null, request, baseURL);
String idpID = FSUtils.findPreferredIDP(realm, request);
if (idpID == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "No Preffered IDP found in this Common Domain. " + "Try to find PrefferedIDP in other common domains");
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "RequestID :" + requestID);
}
redirectToCommonDomain(request, response, requestID);
return;
} else {
idpDescriptor = metaManager.getIDPDescriptor(realm, idpID);
if (idpDescriptor == null) {
FSUtils.debug.error("FSIntersiteTransferService.doGet: " + FSUtils.bundle.getString("noTrust"));
String[] data = { idpID };
LogUtil.error(Level.INFO, "PROVIDER_NOT_TRUSTED", data);
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("noTrust"));
return;
}
HttpSession session = request.getSession(true);
session.removeAttribute(IFSConstants.SESSION_COTSET_ATTR);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "Preffered IDP found:" + idpID);
}
sessionMgr.setIDPEntityID(requestID, idpID);
// Set the authn request version here
int minorVersion = FSServiceUtils.getMinorVersion(idpDescriptor.getProtocolSupportEnumeration());
authnRequest.setMinorVersion(minorVersion);
authnRequest.getAuthnContext().setMinorVersion(minorVersion);
SPDescriptorType hostDesc = metaManager.getSPDescriptor(realm, hostEntityId);
BaseConfigType hostConfig = metaManager.getSPDescriptorConfig(realm, hostEntityId);
if (IDFFMetaUtils.getBooleanAttributeValueFromConfig(hostConfig, IFSConstants.ENABLE_AFFILIATION)) {
Set affiliations = metaManager.getAffiliateEntity(realm, idpID);
if (affiliations != null && !affiliations.isEmpty()) {
AffiliationDescriptorType affiliateDescriptor = (AffiliationDescriptorType) affiliations.iterator().next();
authnRequest.setAffiliationID(affiliateDescriptor.getAffiliationID());
}
}
if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION && IDFFMetaUtils.getBooleanAttributeValueFromConfig(hostConfig, IFSConstants.ENABLE_IDP_PROXY)) {
FSScoping scoping = new FSScoping();
scoping.setProxyCount(Integer.parseInt(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.IDP_PROXY_COUNT)));
List proxyIDPs = IDFFMetaUtils.getAttributeValueFromConfig(hostConfig, IFSConstants.IDP_PROXY_LIST);
if (proxyIDPs != null && !proxyIDPs.isEmpty()) {
Iterator iter = proxyIDPs.iterator();
ArrayList list = new ArrayList();
while (iter.hasNext()) {
IDPEntry entry = new IDPEntry((String) iter.next(), null, null);
list.add(entry);
}
IDPEntries entries = new IDPEntries(list);
FSIDPList idpList = new FSIDPList(entries, null);
scoping.setIDPList(idpList);
}
authnRequest.setScoping(scoping);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "AuthnRequest:" + authnRequest.toXMLString(true, true));
}
if (authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_BROWSER_ART) || authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_BROWSER_POST)) {
handleBrowserArtifactPOSTIST(request, response, authnRequest, idpDescriptor, hostDesc, hostConfig);
return;
} else if (authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_WML_POST)) {
handleWMLIST(request, response, authnRequest, idpDescriptor);
return;
}
FSUtils.debug.error("FSIntersiteTransferService.doGet: " + "Unknown Protocol Profile");
String[] data = { FSUtils.bundle.getString("invalidAuthnRequest") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_REQUEST, data);
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("invalidAuthnRequest"));
return;
} catch (Exception e) {
FSUtils.debug.error("FSIntersiteTransferService.doGet: ", e);
try {
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("Exception"));
return;
} catch (IOException ioe) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + FSUtils.bundle.getString("sendFailed") + ioe.getMessage());
}
}
}
}
Aggregations