Search in sources :

Example 1 with FSNameRegistrationRequest

use of com.sun.identity.federation.message.FSNameRegistrationRequest in project OpenAM by OpenRock.

the class FSNameRegistrationHandler method createNameRegistrationRequest.

/**
     * Generates the Name Registration request.
     * @return FSNameRegistrationRequest
     */
private FSNameRegistrationRequest createNameRegistrationRequest(FSAccountFedInfo acctInfo) {
    try {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Entered FSNameRegistrationHandler:: " + "createNameRegistrationRequest");
        }
        FSNameRegistrationRequest reqName = new FSNameRegistrationRequest();
        if (reqName != null) {
            reqName.setProviderId(hostedEntityId);
            if (acctInfo.isRoleIDP()) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("calling of generateNameIdentifier Role : IdP ? " + acctInfo.isRoleIDP());
                }
                NameIdentifier nameIdentifier = generateNameIdentifier();
                if (acctInfo.getAffiliation()) {
                    String affiliationID = FSServiceUtils.getAffiliationID(realm, remoteEntityId);
                    if (affiliationID != null) {
                        nameIdentifier.setNameQualifier(affiliationID);
                    }
                } else {
                    nameIdentifier.setNameQualifier(hostedEntityId);
                }
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("out of generateNameIdentifier ****" + "\nNew SP nameIdentifier Qualifier: " + nameIdentifier.getNameQualifier() + "\nNew SP nameIdentifier Name :" + nameIdentifier.getName());
                }
                SPProvidedNameIdentifier newNameIdenifier = new SPProvidedNameIdentifier(nameIdentifier.getName(), nameIdentifier.getNameQualifier(), nameIdentifier.getFormat());
                NameIdentifier remoteIdentifier = acctInfo.getRemoteNameIdentifier();
                NameIdentifier localIdentifier = acctInfo.getLocalNameIdentifier();
                reqName.setIDPProvidedNameIdentifier(new IDPProvidedNameIdentifier(remoteIdentifier.getName(), remoteIdentifier.getNameQualifier(), remoteIdentifier.getFormat()));
                reqName.setSPProvidedNameIdentifier(newNameIdenifier);
                if (localIdentifier != null) {
                    reqName.setOldProvidedNameIdentifier(new OldProvidedNameIdentifier(localIdentifier.getName(), localIdentifier.getNameQualifier(), localIdentifier.getFormat()));
                    try {
                        oldAcctKey = new FSAccountFedInfoKey(localIdentifier.getNameQualifier(), localIdentifier.getName());
                    } catch (FSAccountMgmtException e) {
                        oldAcctKey = null;
                    }
                } else {
                    // when Service Provider sends the name reg. request 
                    // for the first time, OldProvidedNameIdentifier is
                    // same as the IDPProvidedNameIdentifier as per the spec
                    reqName.setOldProvidedNameIdentifier(new OldProvidedNameIdentifier(remoteIdentifier.getName(), remoteIdentifier.getNameQualifier(), remoteIdentifier.getFormat()));
                    try {
                        oldAcctKey = new FSAccountFedInfoKey(remoteIdentifier.getNameQualifier(), remoteIdentifier.getName());
                    } catch (FSAccountMgmtException e) {
                        oldAcctKey = null;
                    }
                }
                try {
                    FSAccountFedInfoKey tmpKey = new FSAccountFedInfoKey(nameIdentifier.getNameQualifier(), nameIdentifier.getName());
                    FSAccountFedInfo tmpInfo = new FSAccountFedInfo(remoteEntityId, newNameIdenifier, remoteIdentifier, acctInfo.isRoleIDP());
                    tmpInfo.setAffiliation(acctInfo.getAffiliation());
                    returnMap.put("userID", userID);
                    returnMap.put("OldAccountKey", oldAcctKey);
                    if (oldAcctKey != null) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("Get OldAcctKet Name : " + oldAcctKey.getName() + "\nGet OldAcctKet Qualifier : " + oldAcctKey.getNameSpace());
                        }
                    } else {
                        FSUtils.debug.message("OldAccount Key is null");
                    }
                    returnMap.put("AccountKey", tmpKey);
                    returnMap.put("AccountInfo", tmpInfo);
                    returnMap.put("RegisSource", regisSource);
                    returnMap.put(IFSConstants.LRURL, returnURL);
                } catch (FSAccountMgmtException e) {
                    return null;
                }
            } else {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("calling of generateNameIdenti" + "fier Role : IdP ? " + acctInfo.isRoleIDP());
                }
                NameIdentifier nameIdentifier = generateNameIdentifier();
                if (acctInfo.getAffiliation()) {
                    String affiliationID = FSServiceUtils.getAffiliationID(realm, remoteEntityId);
                    if (affiliationID != null) {
                        nameIdentifier.setNameQualifier(affiliationID);
                    }
                }
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("New IDP nameIdentifier Name : " + nameIdentifier.getName() + "\nNew IDP nameIdentifier Qualifier :" + nameIdentifier.getNameQualifier() + "out of generateNameIdentifier*****");
                }
                IDPProvidedNameIdentifier newNameIdenifier = new IDPProvidedNameIdentifier(nameIdentifier.getName(), nameIdentifier.getNameQualifier(), nameIdentifier.getFormat());
                NameIdentifier remoteIdentifier = // SP
                acctInfo.getRemoteNameIdentifier();
                NameIdentifier localIdentifier = // IdP
                acctInfo.getLocalNameIdentifier();
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Old IDP nameIdentifier Name : " + localIdentifier.getName() + "\nOld IDP nameIdentifier Qualifier :" + localIdentifier.getNameQualifier());
                }
                FSUtils.debug.message("To set OldProvidedNameIdentifier");
                reqName.setOldProvidedNameIdentifier(new OldProvidedNameIdentifier(localIdentifier.getName(), localIdentifier.getNameQualifier(), localIdentifier.getFormat()));
                FSUtils.debug.message("To set IdpProvidedNameIdentifier");
                reqName.setIDPProvidedNameIdentifier(newNameIdenifier);
                if (remoteIdentifier != null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("SP nameIdentifier Name : " + remoteIdentifier.getName() + "SP nameIdentifier Qualifier :" + remoteIdentifier.getNameQualifier());
                    }
                    SPProvidedNameIdentifier spNameIdentifier = new SPProvidedNameIdentifier(remoteIdentifier.getName(), remoteIdentifier.getNameQualifier(), remoteIdentifier.getFormat());
                    reqName.setSPProvidedNameIdentifier(spNameIdentifier);
                }
                try {
                    oldAcctKey = new FSAccountFedInfoKey(hostedEntityId, localIdentifier.getName());
                    FSAccountFedInfoKey tmpKey = new FSAccountFedInfoKey(nameIdentifier.getNameQualifier(), nameIdentifier.getName());
                    FSAccountFedInfo tmpInfo = new FSAccountFedInfo(remoteEntityId, newNameIdenifier, remoteIdentifier, acctInfo.isRoleIDP());
                    returnMap.put("userID", userID);
                    returnMap.put("OldAccountKey", oldAcctKey);
                    returnMap.put("AccountKey", tmpKey);
                    returnMap.put("AccountInfo", tmpInfo);
                    returnMap.put("RegisSource", regisSource);
                    returnMap.put(IFSConstants.LRURL, returnURL);
                    if (oldAcctKey != null) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("Get OldAcctKet Name : " + oldAcctKey.getName() + "\nGet OldAcctKet Qualifier: " + oldAcctKey.getNameSpace());
                        }
                    } else {
                        FSUtils.debug.message("OldAccount Key is null");
                    }
                } catch (FSAccountMgmtException e) {
                    return null;
                }
            }
            reqName.setMinorVersion(FSServiceUtils.getMinorVersion(remoteDescriptor.getProtocolSupportEnumeration()));
            return reqName;
        }
    } catch (SAMLException e) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("got SAMLException:", e);
        }
    }
    return null;
}
Also used : FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier) SPProvidedNameIdentifier(com.sun.identity.federation.message.common.SPProvidedNameIdentifier) OldProvidedNameIdentifier(com.sun.identity.federation.message.common.OldProvidedNameIdentifier) SPProvidedNameIdentifier(com.sun.identity.federation.message.common.SPProvidedNameIdentifier) FSNameRegistrationRequest(com.sun.identity.federation.message.FSNameRegistrationRequest) IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier) FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) SAMLException(com.sun.identity.saml.common.SAMLException) OldProvidedNameIdentifier(com.sun.identity.federation.message.common.OldProvidedNameIdentifier)

Example 2 with FSNameRegistrationRequest

use of com.sun.identity.federation.message.FSNameRegistrationRequest in project OpenAM by OpenRock.

the class FSSOAPReceiver method handleRegistrationRequest.

private FSNameRegistrationResponse handleRegistrationRequest(Element elt, SOAPMessage msg, ProviderDescriptorType hostedProviderDesc, BaseConfigType hostedConfig, String hostedRole, String realm, String hostedEntityId, String providerAlias, HttpServletRequest request, HttpServletResponse response) {
    try {
        FSNameRegistrationRequest regisRequest = new FSNameRegistrationRequest(elt);
        String remoteEntityId = regisRequest.getProviderId();
        boolean isIDP = false;
        if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
            isIDP = true;
        }
        ProviderDescriptorType remoteDesc = getRemoteProviderDescriptor(hostedRole, remoteEntityId, realm);
        if (remoteDesc == null) {
            return null;
        }
        X509Certificate cert = KeyUtil.getVerificationCert(remoteDesc, remoteEntityId, isIDP);
        if (!FSServiceUtils.isSigningOn() || verifyRequestSignature(elt, msg, cert)) {
            FSUtils.debug.message("Registration Signature successfully passed");
            IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
            if (metaManager.isTrustedProvider(realm, hostedEntityId, remoteEntityId)) {
                FSServiceManager instService = FSServiceManager.getInstance();
                if (instService != null) {
                    FSNameRegistrationHandler regisHandler = new FSNameRegistrationHandler();
                    regisHandler.setHostedDescriptor(hostedProviderDesc);
                    regisHandler.setHostedDescriptorConfig(hostedConfig);
                    regisHandler.setHostedEntityId(hostedEntityId);
                    regisHandler.setHostedProviderRole(hostedRole);
                    regisHandler.setMetaAlias(providerAlias);
                    regisHandler.setRealm(realm);
                    regisHandler.setRemoteDescriptor(remoteDesc);
                    regisHandler.setRemoteEntityId(remoteEntityId);
                    FSNameRegistrationResponse regisResponse = regisHandler.processSOAPRegistrationRequest(request, response, regisRequest);
                    return regisResponse;
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSServiceManager instance is null. " + "Cannot process registration request");
                    }
                    return null;
                }
            }
            FSUtils.debug.error("Remote provider not in trusted list");
            return null;
        } else {
            FSUtils.debug.message("Registration Signature failed verification");
            return null;
        }
    } catch (Exception se) {
        FSUtils.debug.error("FSNameRegistrationHandler.doPost.doGet:Exception occured ", se);
        return null;
    }
}
Also used : IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType) FSNameRegistrationHandler(com.sun.identity.federation.services.registration.FSNameRegistrationHandler) FSNameRegistrationResponse(com.sun.identity.federation.message.FSNameRegistrationResponse) FSNameRegistrationRequest(com.sun.identity.federation.message.FSNameRegistrationRequest) X509Certificate(java.security.cert.X509Certificate) SOAPException(javax.xml.soap.SOAPException) SystemConfigurationException(com.sun.identity.common.SystemConfigurationException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) FSException(com.sun.identity.federation.common.FSException)

Example 3 with FSNameRegistrationRequest

use of com.sun.identity.federation.message.FSNameRegistrationRequest in project OpenAM by OpenRock.

the class FSRegistrationRequestServlet method doGetPost.

/**
     * Handles registration request.
     * in the application
     * @param request <code>HttpServletRequest</code> object that contains the
     *  request the client has made of the servlet.
     * @param response <code>HttpServletResponse</code> object that contains
     *  the response the servlet sends to the client.
     * @exception IOException if the request could not be handled
     */
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    // Alias processing        
    String providerAlias = FSServiceUtils.getMetaAlias(request);
    if (providerAlias == null || providerAlias.length() < 1) {
        FSUtils.debug.error("Unable to retrieve alias, Hosted " + "Provider. Cannot process request");
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("aliasNotFound"));
        return;
    }
    if (metaManager == null) {
        FSUtils.debug.error("Cannot retrieve hosted descriptor. " + "Cannot process request");
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
        return;
    }
    String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
    ProviderDescriptorType hostedProviderDesc = null;
    BaseConfigType hostedConfig = null;
    String hostedEntityId = null;
    String hostedProviderRole = null;
    try {
        hostedProviderRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
        hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
        if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.IDP)) {
            hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
            hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
        } else if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
            hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
            hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
        }
        if (hostedProviderDesc == null) {
            throw new IDFFMetaException((String) null);
        }
    } catch (IDFFMetaException eam) {
        FSUtils.debug.error("Unable to find Hosted Provider. not process request");
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
        return;
    }
    this.request = request;
    setRegistrationURL(hostedConfig, providerAlias);
    FSNameRegistrationRequest regisRequest = new FSNameRegistrationRequest();
    try {
        regisRequest = FSNameRegistrationRequest.parseURLEncodedRequest(request);
    } catch (FSMsgException e) {
        FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_REQUEST_IMPROPER, IFSConstants.REGISTRATION_FAILED);
        return;
    } catch (SAMLException e) {
        FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_REQUEST_IMPROPER, IFSConstants.REGISTRATION_FAILED);
        return;
    }
    if (regisRequest == null) {
        FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_REQUEST_IMPROPER, IFSConstants.REGISTRATION_FAILED);
    } else {
        doRequestProcessing(request, response, hostedProviderDesc, hostedConfig, hostedProviderRole, realm, hostedEntityId, providerAlias, regisRequest);
    }
}
Also used : BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType) FSNameRegistrationRequest(com.sun.identity.federation.message.FSNameRegistrationRequest) SAMLException(com.sun.identity.saml.common.SAMLException)

Example 4 with FSNameRegistrationRequest

use of com.sun.identity.federation.message.FSNameRegistrationRequest in project OpenAM by OpenRock.

the class FSNameRegistrationHandler method doRemoteRegistration.

/**
     * Initiates federation registration at remote end.
     * The registration request is constructed and based on the profile the
     * request is sent over SOAP or as HTTP redirect. Profile is always based on
     * the SPs profile.
     * @return <code>true</code> if the process is successful;
     *  <code>false</code> otherwise.
     */
private boolean doRemoteRegistration() {
    FSUtils.debug.message("Entered FSNameRegistrationHandler::doRemoteRegistration");
    try {
        try {
            if (acctInfo == null) {
                acctInfo = managerInst.readAccountFedInfo(userID, remoteEntityId);
            }
        } catch (FSAccountMgmtException e) {
            returnLocallyAtSource(response, false);
            return false;
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSNameRegistrationHandler::doRemoteRegistration create" + " request start");
        }
        FSNameRegistrationRequest regisRequest = createNameRegistrationRequest(acctInfo);
        if (regisRequest == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSNameRegistrationHandler::Registration request could " + "not be formed");
            }
            returnLocallyAtSource(response, false);
            return false;
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSNameRegistrationHandler::Registration request formed" + "successfully");
        }
        // Find out which profile to use
        boolean isSOAPProfile = true;
        if (acctInfo.isRoleIDP()) {
            List hostProfiles = hostedDescriptor.getRegisterNameIdentifierProtocolProfile();
            if (hostProfiles == null || hostProfiles.isEmpty()) {
                FSUtils.debug.error("FSNameRegistrationHandler::" + "doRemoteRegistration no registration profile" + " cannot process request");
                returnLocallyAtSource(response, false);
                return false;
            }
            String hostProfile = (String) hostProfiles.iterator().next();
            if (hostProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_SP_SOAP_PROFILE) || hostProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_IDP_SOAP_PROFILE)) {
                isSOAPProfile = true;
            } else if (hostProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_SP_HTTP_PROFILE) || hostProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_IDP_HTTP_PROFILE)) {
                isSOAPProfile = false;
            } else {
                FSUtils.debug.error("FSNameRegistrationHandler::" + "doRemoteRegistration Invalid registration profile" + " cannot process request");
                returnLocallyAtSource(response, false);
                return false;
            }
        } else {
            List remoteProfiles = remoteDescriptor.getRegisterNameIdentifierProtocolProfile();
            if (remoteProfiles == null || remoteProfiles.isEmpty()) {
                FSUtils.debug.error("FSNameRegistrationHandler::" + "doRemoteRegistration no registration profile" + " cannot process request");
                returnLocallyAtSource(response, false);
                return false;
            }
            String remoteProfile = (String) remoteProfiles.iterator().next();
            if (remoteProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_SP_SOAP_PROFILE) || remoteProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_IDP_SOAP_PROFILE)) {
                isSOAPProfile = true;
            } else if (remoteProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_SP_HTTP_PROFILE) || remoteProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_IDP_HTTP_PROFILE)) {
                isSOAPProfile = false;
            } else {
                FSUtils.debug.error("FSNameRegistrationHandler::" + "doRemoteRegistration Invalid registration profile" + " cannot process request");
                returnLocallyAtSource(response, false);
                return false;
            }
        }
        if (isSOAPProfile) {
            FSSOAPService instSOAP = FSSOAPService.getInstance();
            if (instSOAP != null) {
                FSUtils.debug.message("Signing suceeded. To call bindRegistrationRequest");
                regisRequest.setID(IFSConstants.REGISTRATIONID);
                SOAPMessage msgRegistration = instSOAP.bind(regisRequest.toXMLString(true, true));
                if (msgRegistration != null) {
                    SOAPMessage retSOAPMessage = null;
                    try {
                        if (FSServiceUtils.isSigningOn()) {
                            int minorVersion = regisRequest.getMinorVersion();
                            if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
                                msgRegistration = signRegistrationRequest(msgRegistration, IFSConstants.ID, regisRequest.getID());
                            } else if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
                                msgRegistration = signRegistrationRequest(msgRegistration, IFSConstants.REQUEST_ID, regisRequest.getRequestID());
                            } else {
                                FSUtils.debug.message("invalid minor version.");
                            }
                        }
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("calling " + "sendRegistrationMessage");
                        }
                        retSOAPMessage = instSOAP.sendMessage(msgRegistration, remoteDescriptor.getSoapEndpoint());
                    } catch (SOAPException e) {
                        FSUtils.debug.error("Error in sending request ", e);
                        returnLocallyAtSource(response, false);
                        return false;
                    } catch (Exception ex) {
                        FSUtils.debug.error("Error in sending request:", ex);
                        returnLocallyAtSource(response, false);
                        return false;
                    }
                    if (retSOAPMessage == null) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("sendRegistrationMessage" + "return response is null");
                        }
                        returnLocallyAtSource(response, false);
                        return false;
                    }
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("calling" + "parseSOAPMessage after return from IDP");
                    }
                    Element elt = instSOAP.parseSOAPMessage(retSOAPMessage);
                    if (FSServiceUtils.isSigningOn() && regisResponse != null) {
                        if (!verifyResponseSignature(retSOAPMessage, acctInfo.isRoleIDP())) {
                            if (FSUtils.debug.messageEnabled()) {
                                FSUtils.debug.message("Response " + "signature verification failed");
                                FSUtils.debug.message("Name registration" + " failed in doRemoteRegistration");
                            }
                            returnLocallyAtSource(response, false);
                            return false;
                        }
                    }
                    FSUtils.debug.message("Response signature verification succeeded");
                    if (elt.getLocalName().equalsIgnoreCase(IFSConstants.NAME_REGISTRATION_RESPONSE)) {
                        FSNameRegistrationResponse regisResponse = null;
                        try {
                            regisResponse = new FSNameRegistrationResponse(elt);
                        } catch (SAMLException e) {
                            regisResponse = null;
                        }
                        if (regisResponse != null) {
                            String responseStatus = ((regisResponse.getStatus()).getStatusCode()).getValue();
                            if (responseStatus.equals(IFSConstants.SAML_SUCCESS)) {
                                FSUtils.debug.message("Name registration Successful");
                                // do local update
                                oldAcctKey = (FSAccountFedInfoKey) returnMap.get("OldAccountKey");
                                if (oldAcctKey != null) {
                                    if (FSUtils.debug.messageEnabled()) {
                                        FSUtils.debug.message("Get OldAcctKet Name : " + oldAcctKey.getName() + "\nGet OldAcctKet Qualifier:" + oldAcctKey.getNameSpace());
                                    }
                                } else {
                                    FSUtils.debug.message("OldAccount Key is null");
                                }
                                newAcctKey = (FSAccountFedInfoKey) returnMap.get("AccountKey");
                                if (newAcctKey != null) {
                                    if (FSUtils.debug.messageEnabled()) {
                                        FSUtils.debug.message("Get newAcctKey Name : " + newAcctKey.getName() + "\nGet newAcctKey Qualifier:" + newAcctKey.getNameSpace());
                                    }
                                } else {
                                    FSUtils.debug.message("newAcctKey Key is null");
                                }
                                newAcctInfo = (FSAccountFedInfo) returnMap.get("AccountInfo");
                                userID = (String) returnMap.get("userID");
                                regisSource = (String) returnMap.get("RegisSource");
                                returnURL = (String) returnMap.get(IFSConstants.LRURL);
                                boolean bStatus = doCommonRegistration();
                                if (FSUtils.debug.messageEnabled()) {
                                    FSUtils.debug.message("doCommonRegistration returns " + bStatus);
                                }
                                // Call SP Adapter
                                if (bStatus && hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
                                    FSUtils.debug.message("doRemoteRegis");
                                    callPostRegisterNameIdentifierSuccess(request, response, userID, regisRequest, regisResponse, IFSConstants.NAME_REGISTRATION_SP_SOAP_PROFILE);
                                }
                                returnLocallyAtSource(response, bStatus);
                                return bStatus;
                            } else if (responseStatus.equals(IFSConstants.FEDERATION_NOT_EXISTS_STATUS)) {
                                if (FSUtils.debug.messageEnabled()) {
                                    FSUtils.debug.message("Name " + "registration Failed. " + "Federation does not exist");
                                }
                                returnLocallyAtSource(response, false);
                                return false;
                            } else if (responseStatus.equals(IFSConstants.REGISTRATION_FAILURE_STATUS)) {
                                FSUtils.debug.message("Name registration Failed.");
                                returnLocallyAtSource(response, false);
                                return false;
                            }
                        }
                    }
                }
            }
            returnLocallyAtSource(response, false);
            return false;
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSNameRegistrationHandler::doRemoteRegistration " + "In Redirect profile");
            }
            // addition of relay state
            FSNameIdentifierHelper nameHelper = new FSNameIdentifierHelper(hostedConfig);
            String newId = nameHelper.createNameIdentifier();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Registration Id : " + newId);
            }
            regisRequest.setRelayState(newId);
            // add information to FSRegistrationMap        
            HashMap valMap = new HashMap();
            valMap.put("SSODetails", regisMap);
            valMap.put("ReturnEntry", returnMap);
            if (returnURL != null) {
                valMap.put(IFSConstants.LRURL, returnURL);
            }
            FSRegistrationManager registInst = FSRegistrationManager.getInstance(metaAlias);
            registInst.setRegistrationMapInfo(newId, valMap);
            // sat1 add null checks 
            Set ketSet = valMap.keySet();
            Iterator iter = ketSet.iterator();
            String key = null;
            String value = null;
            while (iter.hasNext()) {
                key = (String) iter.next();
                value = (String) regisMap.get(key);
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Putting in Map Key : " + key + "\nPutting in Map Value : " + value);
                }
            }
            String urlEncodedRequest = regisRequest.toURLEncodedQueryString();
            // Sign the request querystring
            if (FSServiceUtils.isSigningOn()) {
                String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
                if (certAlias == null || certAlias.length() == 0) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSBrowserArtifactConsumerHandler:: " + "signSAMLRequest:" + "couldn't obtain this site's cert alias.");
                    }
                    throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
                }
                urlEncodedRequest = FSSignatureUtil.signAndReturnQueryString(urlEncodedRequest, certAlias);
            }
            StringBuffer redirectURL = new StringBuffer();
            String retURL = remoteDescriptor.getRegisterNameIdentifierServiceURL();
            redirectURL.append(retURL);
            if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
                redirectURL.append(IFSConstants.QUESTION_MARK);
            } else {
                redirectURL.append(IFSConstants.AMPERSAND);
            }
            redirectURL.append(urlEncodedRequest);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Request to be sent : " + redirectURL.toString());
            }
            // end of addition                               
            response.sendRedirect(redirectURL.toString());
            return true;
        }
    } catch (IOException e) {
        FSUtils.debug.error("FSNameRegistrationHandler" + FSUtils.bundle.getString(IFSConstants.FEDERATION_REDIRECT_FAILED));
    } catch (FSMsgException e) {
        FSUtils.debug.error("FSNameRegistrationHandler::doRemoteRegistration " + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
    } catch (SAMLResponderException e) {
        FSUtils.debug.error("FSNameRegistrationHandler::doRemoteRegistration " + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
    }
    returnLocallyAtSource(response, false);
    return false;
}
Also used : FSMsgException(com.sun.identity.federation.message.common.FSMsgException) Set(java.util.Set) HashMap(java.util.HashMap) Element(org.w3c.dom.Element) FSNameRegistrationRequest(com.sun.identity.federation.message.FSNameRegistrationRequest) FSSOAPService(com.sun.identity.federation.services.FSSOAPService) IOException(java.io.IOException) SOAPMessage(javax.xml.soap.SOAPMessage) SAMLException(com.sun.identity.saml.common.SAMLException) SOAPException(javax.xml.soap.SOAPException) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SAMLException(com.sun.identity.saml.common.SAMLException) IOException(java.io.IOException) FSNameIdentifierHelper(com.sun.identity.federation.services.util.FSNameIdentifierHelper) SOAPException(javax.xml.soap.SOAPException) FSNameRegistrationResponse(com.sun.identity.federation.message.FSNameRegistrationResponse) Iterator(java.util.Iterator) List(java.util.List) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)

Aggregations

FSNameRegistrationRequest (com.sun.identity.federation.message.FSNameRegistrationRequest)4 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)3 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)3 SAMLException (com.sun.identity.saml.common.SAMLException)3 FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)2 FSNameRegistrationResponse (com.sun.identity.federation.message.FSNameRegistrationResponse)2 ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)2 SOAPException (javax.xml.soap.SOAPException)2 SystemConfigurationException (com.sun.identity.common.SystemConfigurationException)1 FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)1 FSAccountFedInfoKey (com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)1 FSException (com.sun.identity.federation.common.FSException)1 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)1 IDPProvidedNameIdentifier (com.sun.identity.federation.message.common.IDPProvidedNameIdentifier)1 OldProvidedNameIdentifier (com.sun.identity.federation.message.common.OldProvidedNameIdentifier)1 SPProvidedNameIdentifier (com.sun.identity.federation.message.common.SPProvidedNameIdentifier)1 IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)1 FSSOAPService (com.sun.identity.federation.services.FSSOAPService)1 FSNameRegistrationHandler (com.sun.identity.federation.services.registration.FSNameRegistrationHandler)1 FSNameIdentifierHelper (com.sun.identity.federation.services.util.FSNameIdentifierHelper)1