Search in sources :

Example 1 with FSResponse

use of com.sun.identity.federation.message.FSResponse in project OpenAM by OpenRock.

the class FSSOAPReceiver method onMessage.

/**
     * Process the request.
     * @param request http request object
     * @param response http response object
     * @param message received soap message
     */
public void onMessage(HttpServletRequest request, HttpServletResponse response, SOAPMessage message) {
    FSUtils.debug.message("FSSOAPReceiver.onMessage: Called");
    try {
        Element elt = soapService.parseSOAPMessage(message);
        if (elt == null) {
            FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing saml:Request. Invalid SOAPMessage");
            response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
            returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
            return;
        }
        String eltTagName = (elt.getTagName().trim());
        String ns = elt.getNamespaceURI().trim();
        String nodeName = elt.getLocalName().trim();
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSOAPReceiver.onMessage: " + "tagName: " + eltTagName + " namespaceUri: " + ns + " localName: " + nodeName);
        }
        //check for saml:Request
        if (nodeName.equalsIgnoreCase("Request") && ns.equalsIgnoreCase(IFSConstants.PROTOCOL_NAMESPACE_URI)) {
            SOAPMessage retMessage = null;
            try {
                FSSAMLRequest samlRequest = new FSSAMLRequest(elt);
                IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
                if (metaManager == null) {
                    FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "could not create meta instance");
                    response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
                    returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
                    return;
                }
                String metaAlias = FSServiceUtils.getMetaAlias(request);
                String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
                String hostedEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
                IDPDescriptorType hostedDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
                BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
                FSServiceManager sm = FSServiceManager.getInstance();
                FSSSOBrowserArtifactProfileHandler handler = (FSSSOBrowserArtifactProfileHandler) sm.getBrowserArtifactSSOAndFedHandler(request, response, samlRequest);
                handler.setSOAPMessage(message);
                handler.setSAMLRequestElement(elt);
                handler.setHostedEntityId(hostedEntityId);
                handler.setHostedDescriptor(hostedDesc);
                handler.setHostedDescriptorConfig(hostedConfig);
                handler.setMetaAlias(metaAlias);
                handler.setRealm(realm);
                FSResponse samlResponse = handler.processSAMLRequest(samlRequest);
                if (samlResponse != null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSOAPReceiver.onMessage: " + "SAML Response created: " + samlResponse.toXMLString());
                    }
                } else {
                    FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "SAML Response is null");
                    response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
                    returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
                    return;
                }
                // introduce id attribute for Assertion bind in 
                // SOAPEnvelope and sign
                retMessage = soapService.bind(((FSResponse) samlResponse).toXMLString(true, true));
                if (FSServiceUtils.isSigningOn()) {
                    List assList = samlResponse.getAssertion();
                    Iterator iter = assList.iterator();
                    while (iter.hasNext()) {
                        FSAssertion assertion = (FSAssertion) iter.next();
                        String id = assertion.getID();
                        Document doc = (Document) FSServiceUtils.createSOAPDOM(retMessage);
                        String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
                        if (certAlias == null) {
                            if (FSUtils.debug.messageEnabled()) {
                                FSUtils.debug.message("SOAPReceiver.onMessage: couldn't " + "obtain this site's cert alias.");
                            }
                            throw new SAMLResponderException(FSUtils.bundle.getString("cannotFindCertAlias"));
                        }
                        XMLSignatureManager manager = XMLSignatureManager.getInstance();
                        int minorVersion = assertion.getMinorVersion();
                        if (minorVersion == IFSConstants.FF_11_ASSERTION_MINOR_VERSION) {
                            manager.signXML(doc, certAlias, SystemConfigurationUtil.getProperty(SAMLConstants.XMLSIG_ALGORITHM), IFSConstants.ID, id, false);
                        } else if (minorVersion == IFSConstants.FF_12_POST_ASSERTION_MINOR_VERSION || minorVersion == IFSConstants.FF_12_ART_ASSERTION_MINOR_VERSION) {
                            manager.signXML(doc, certAlias, SystemConfigurationUtil.getProperty(SAMLConstants.XMLSIG_ALGORITHM), IFSConstants.ASSERTION_ID, assertion.getAssertionID(), false);
                        } else {
                            FSUtils.debug.error("invalid minor version.");
                        }
                        retMessage = FSServiceUtils.convertDOMToSOAP(doc);
                    }
                }
                if (retMessage == null) {
                    FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing saml:Request");
                    response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
                    returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
                    return;
                }
            } catch (SAMLException se) {
                FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing saml:Request:", se);
                response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
                returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
                return;
            } catch (IDFFMetaException me) {
                FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing saml:Request:", me);
                response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
                returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
                return;
            }
            returnSOAPMessage(retMessage, response);
            return;
        }
        if (nodeName.equalsIgnoreCase("AuthnRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
            SOAPMessage retMessage = null;
            try {
                FSAuthnRequest authnRequest = new FSAuthnRequest(elt);
                handleLECPRequest(request, response, authnRequest);
                retMessage = null;
            } catch (FSException e) {
                FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing lecp AuthnRequest:", e);
                response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
                returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
                return;
            }
            returnSOAPMessage(retMessage, response);
            return;
        } else if (nodeName.equalsIgnoreCase("RegisterNameIdentifierRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
            SOAPMessage retMessage = null;
            boolean isError = false;
            String providerAlias = null;
            ProviderDescriptorType hostedProviderDesc = null;
            BaseConfigType hostedConfig = null;
            String realm = null;
            String hostedEntityId = null;
            String hostedRole = null;
            try {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSOAPReceiver.onMessage: " + "Handling NameRegistrationRequest");
                }
                IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
                if (metaManager == null) {
                    FSUtils.debug.message("Unable to get meta manager");
                    isError = true;
                } else {
                    providerAlias = FSServiceUtils.getMetaAlias(request);
                    if (providerAlias == null || providerAlias.length() < 1) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("Unable to retrieve alias" + "Hosted Provider. Cannot process request");
                        }
                        isError = true;
                    }
                    realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
                    try {
                        hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
                        hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
                        if (hostedRole != null && hostedRole.equals(IFSConstants.IDP)) {
                            hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
                            hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
                        } else if (hostedRole != null && hostedRole.equals(IFSConstants.SP)) {
                            hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
                            hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
                        }
                        if (hostedProviderDesc == null) {
                            throw new IDFFMetaException((String) null);
                        }
                    } catch (IDFFMetaException eam) {
                        FSUtils.debug.error("Unable to find Hosted Provider. " + "Cannot process request");
                        isError = true;
                    }
                }
                if (isError || hostedProviderDesc == null) {
                    returnSOAPMessage(retMessage, response);
                    return;
                } else {
                    FSNameRegistrationResponse regisResponse = handleRegistrationRequest(elt, message, hostedProviderDesc, hostedConfig, hostedRole, realm, hostedEntityId, providerAlias, request, response);
                    if (regisResponse == null) {
                        FSUtils.debug.error("Error in creating NameRegistration Response");
                        response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
                        retMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
                    } else {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSOAPReceiver.onMessage: " + "Completed creating response");
                        }
                        retMessage = soapService.bind(regisResponse.toXMLString(true, true));
                        FSUtils.debug.message("Completed bind message");
                        if (retMessage == null) {
                            FSUtils.debug.error("Error in processing NameRegistration " + "Response");
                            response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
                            retMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
                        } else {
                            if (FSServiceUtils.isSigningOn()) {
                                try {
                                    int minorVersion = regisResponse.getMinorVersion();
                                    if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
                                        retMessage = signResponse(retMessage, IFSConstants.ID, regisResponse.getID(), hostedConfig);
                                    } else if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
                                        retMessage = signResponse(retMessage, IFSConstants.RESPONSE_ID, regisResponse.getResponseID(), hostedConfig);
                                    } else {
                                        if (FSUtils.debug.messageEnabled()) {
                                            FSUtils.debug.message("invalid minor version.");
                                        }
                                    }
                                } catch (SAMLException e) {
                                    FSUtils.debug.error("FSNameRegistrationHandler:" + "sign soap Response failed", e);
                                    returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
                                    return;
                                } catch (FSMsgException e) {
                                    FSUtils.debug.error("FSNameRegistrationHandler::" + "signRegistrationResponse failed", e);
                                    returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
                                    return;
                                }
                            }
                        }
                    }
                }
                if (FSUtils.debug.messageEnabled()) {
                    ByteArrayOutputStream bop = null;
                    String xmlString = null;
                    bop = new ByteArrayOutputStream();
                    retMessage.writeTo(bop);
                    xmlString = bop.toString(IFSConstants.DEFAULT_ENCODING);
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("return SOAP message:" + xmlString);
                    }
                }
                returnSOAPMessage(retMessage, response);
                return;
            } catch (Exception se) {
                FSUtils.debug.error("Error in processing Name Registration request" + se.getMessage());
                response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
                retMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
                returnSOAPMessage(retMessage, response);
            }
        } else if (nodeName.equalsIgnoreCase("NameIdentifierMappingRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
            FSUtils.debug.message("FSSOAPReceiver:handling Name Identifier Mapping Request");
            IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
            String metaAlias = FSServiceUtils.getMetaAlias(request);
            String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
            String hostedEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
            ProviderDescriptorType hostedDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
            BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
            FSNameIdentifierMappingRequest mappingRequest = new FSNameIdentifierMappingRequest(elt);
            if (FSServiceUtils.isSigningOn()) {
                String remoteEntityId = mappingRequest.getProviderID();
                ProviderDescriptorType remoteDesc = getRemoteProviderDescriptor(// it has to be idp
                IFSConstants.IDP, remoteEntityId, realm);
                if (remoteDesc == null) {
                    return;
                }
                if (verifyRequestSignature(elt, message, KeyUtil.getVerificationCert(remoteDesc, remoteEntityId, true))) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSOAPReceiver: Success in verifying " + "Name Identifier Mapping Request");
                    }
                } else {
                    FSUtils.debug.error("Failed verifying Name Identifier Mapping Request");
                    returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
                    return;
                }
            }
            String targetNamespace = mappingRequest.getTargetNamespace();
            String inResponseTo = mappingRequest.getRequestID();
            Status status = new Status(new StatusCode("samlp:Success"));
            FSNameMappingHandler idpHandler = new FSNameMappingHandler(hostedEntityId, hostedDesc, hostedConfig, metaAlias);
            NameIdentifier nameIdentifier = idpHandler.getNameIdentifier(mappingRequest, targetNamespace, false);
            String enableEncryption = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.ENABLE_NAMEID_ENCRYPTION);
            if (enableEncryption != null && enableEncryption.equalsIgnoreCase("true")) {
                nameIdentifier = EncryptedNameIdentifier.getEncryptedNameIdentifier(nameIdentifier, realm, targetNamespace);
            }
            FSNameIdentifierMappingResponse mappingResponse = new FSNameIdentifierMappingResponse(hostedEntityId, inResponseTo, status, nameIdentifier);
            if (FSServiceUtils.isSigningOn()) {
                String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
                mappingResponse.signXML(certAlias);
            }
            SOAPMessage retMessage = soapService.bind(mappingResponse.toXMLString(true, true));
            returnSOAPMessage(retMessage, response);
            return;
        } else if (nodeName.equalsIgnoreCase("FederationTerminationNotification") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
            try {
                FSUtils.debug.message("calling FSSOAPReceiver::handleTerminationRequest");
                boolean bHandleStatus = handleTerminationRequest(elt, message, request, response);
                if (bHandleStatus) {
                    FSUtils.debug.message("Completed processing terminationRequest");
                    returnTerminationStatus(response);
                    return;
                } else {
                    FSUtils.debug.message("Failed processing terminationRequest");
                    returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
                    return;
                }
            } catch (Exception se) {
                FSUtils.debug.error("Error in processing Federation Termination Request", se);
                String[] data = { IFSConstants.TERMINATION_REQUEST_PROCESSING_FAILED };
                LogUtil.error(Level.INFO, LogUtil.TERMINATION_REQUEST_PROCESSING_FAILED, data);
                returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
                return;
            }
        } else if (nodeName.equalsIgnoreCase("LogoutRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
            try {
                FSUtils.debug.message("calling FSSOAPReceiver::handleLogoutRequest");
                ProviderDescriptorType hostedProviderDesc = null;
                BaseConfigType hostedConfig = null;
                String providerAlias = null;
                String realm = null;
                String hostedEntityId = null;
                String hostedRole = null;
                try {
                    providerAlias = FSServiceUtils.getMetaAlias(request);
                    realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
                    IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
                    hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
                    hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
                    if (hostedRole != null) {
                        if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
                            hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
                            hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
                        } else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
                            hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
                            hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
                        }
                    }
                } catch (Exception e) {
                    FSUtils.debug.error("FSSOAPReceiver, provider", e);
                }
                FSLogoutNotification logoutRequest = new FSLogoutNotification(elt);
                Map map = handleLogoutRequest(elt, logoutRequest, message, request, response, hostedProviderDesc, hostedConfig, providerAlias, realm, hostedEntityId, hostedRole);
                String responseID = SAMLUtils.generateID();
                String inResponseTo = logoutRequest.getRequestID();
                String relayState = logoutRequest.getRelayState();
                FSLogoutResponse resp = null;
                boolean statusSuccess = false;
                SOAPMessage retSoapMessage = null;
                if (map == null) {
                    StatusCode statusCode = new StatusCode(IFSConstants.SAML_RESPONDER);
                    Status status = new Status(statusCode);
                    resp = new FSLogoutResponse(responseID, inResponseTo, status, hostedEntityId, relayState);
                } else {
                    retSoapMessage = (SOAPMessage) map.get(MESSAGE);
                    SOAPPart sp = retSoapMessage.getSOAPPart();
                    SOAPEnvelope se = sp.getEnvelope();
                    SOAPBody sb = se.getBody();
                    if (sb.hasFault()) {
                        StatusCode secondLevelstatusCode = new StatusCode(IFSConstants.SAML_UNSUPPORTED);
                        StatusCode statusCode = new StatusCode(IFSConstants.SAML_RESPONDER, secondLevelstatusCode);
                        Status status = new Status(statusCode);
                        resp = new FSLogoutResponse(responseID, inResponseTo, status, hostedEntityId, relayState);
                    } else {
                        StatusCode statusCode = new StatusCode(IFSConstants.SAML_SUCCESS);
                        Status status = new Status(statusCode);
                        resp = new FSLogoutResponse(responseID, inResponseTo, status, hostedEntityId, relayState);
                        statusSuccess = true;
                    }
                }
                resp.setID(IFSConstants.LOGOUTID);
                resp.setMinorVersion(logoutRequest.getMinorVersion());
                retSoapMessage = soapService.bind(resp.toXMLString(true, true));
                // Call SP Adapter postSingleLogoutSuccess for IDP/SOAP
                if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP) && statusSuccess) {
                    FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
                    if (spAdapter != null) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSOAPReceiver, " + "call postSingleLogoutSuccess, IDP/SOAP");
                        }
                        try {
                            spAdapter.postSingleLogoutSuccess(hostedEntityId, request, response, (String) map.get(USERID), logoutRequest, resp, IFSConstants.LOGOUT_IDP_SOAP_PROFILE);
                        } catch (Exception e) {
                            // ignore adapter exception
                            FSUtils.debug.error("postSingleLogoutSuccess." + "IDP/SOAP", e);
                        }
                    }
                }
                if (FSServiceUtils.isSigningOn()) {
                    try {
                        int minorVersion = resp.getMinorVersion();
                        if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
                            retSoapMessage = signResponse(retSoapMessage, IFSConstants.ID, resp.getID(), hostedConfig);
                        } else if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
                            retSoapMessage = signResponse(retSoapMessage, IFSConstants.RESPONSE_ID, resp.getResponseID(), hostedConfig);
                        } else {
                            FSUtils.debug.error("invalid minor version.");
                        }
                    } catch (SAMLException e) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("LogoutResponse failed", e);
                        }
                        returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
                        return;
                    } catch (FSMsgException e) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("LogoutResponse failed", e);
                        }
                        returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
                        return;
                    } catch (Exception e) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("Logout exception:", e);
                        }
                    }
                }
                returnSOAPMessage(retSoapMessage, response);
                return;
            } catch (Exception se) {
                FSUtils.debug.error("Error in processing logout Request", se);
                String[] data = { FSUtils.bundle.getString(IFSConstants.LOGOUT_REQUEST_PROCESSING_FAILED) };
                LogUtil.error(Level.INFO, LogUtil.LOGOUT_REQUEST_PROCESSING_FAILED, data);
                returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
                return;
            }
        }
    //check for other Liberty msgs should go here
    } catch (Exception e) {
        FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing Request: Exception occured: ", e);
        response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
        java.io.ByteArrayOutputStream strm = new java.io.ByteArrayOutputStream();
        e.printStackTrace(new java.io.PrintStream(strm));
        FSUtils.debug.error(strm.toString());
        returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
        return;
    }
    returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
    return;
}
Also used : ByteArrayOutputStream(java.io.ByteArrayOutputStream) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) EncryptedNameIdentifier(com.sun.identity.federation.message.common.EncryptedNameIdentifier) Element(org.w3c.dom.Element) FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest) FSLogoutNotification(com.sun.identity.federation.message.FSLogoutNotification) SOAPEnvelope(javax.xml.soap.SOAPEnvelope) Document(org.w3c.dom.Document) SOAPMessage(javax.xml.soap.SOAPMessage) BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) FSAssertion(com.sun.identity.federation.message.FSAssertion) Iterator(java.util.Iterator) FSException(com.sun.identity.federation.common.FSException) SOAPPart(javax.xml.soap.SOAPPart) List(java.util.List) FSSAMLRequest(com.sun.identity.federation.message.FSSAMLRequest) FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter) FSLogoutStatus(com.sun.identity.federation.services.logout.FSLogoutStatus) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType) XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager) ByteArrayOutputStream(java.io.ByteArrayOutputStream) FSNameIdentifierMappingResponse(com.sun.identity.federation.message.FSNameIdentifierMappingResponse) FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse) SOAPException(javax.xml.soap.SOAPException) SystemConfigurationException(com.sun.identity.common.SystemConfigurationException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) FSException(com.sun.identity.federation.common.FSException) IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType) SOAPBody(javax.xml.soap.SOAPBody) FSSSOBrowserArtifactProfileHandler(com.sun.identity.federation.services.fednsso.FSSSOBrowserArtifactProfileHandler) FSNameMappingHandler(com.sun.identity.federation.services.namemapping.FSNameMappingHandler) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) FSResponse(com.sun.identity.federation.message.FSResponse) FSNameRegistrationResponse(com.sun.identity.federation.message.FSNameRegistrationResponse) FSNameIdentifierMappingRequest(com.sun.identity.federation.message.FSNameIdentifierMappingRequest) Map(java.util.Map) HashMap(java.util.HashMap)

Example 2 with FSResponse

use of com.sun.identity.federation.message.FSResponse in project OpenAM by OpenRock.

the class FSBrowserArtifactConsumerHandler method processSAMLRequest.

/**
     * Builds <code>SAML</code> request (with artifact),
     * sends <code>SAML</code> request to <code>IDP</code> through 
     * <code>SOAP</code>, receives <code>SAML</code> response, then
     * processes the response.
     */
public void processSAMLRequest() {
    FSUtils.debug.message("FSBrowserArtifactConsumerHandler.processSAMLRequest: Called");
    String baseURL = FSServiceUtils.getBaseURL(request);
    String framedPageURL = FSServiceUtils.getCommonLoginPageURL(hostMetaAlias, relayState, null, request, baseURL);
    try {
        FSSOAPService soapHelper = FSSOAPService.getInstance();
        samlRequest.setID(samlRequest.getRequestID());
        SOAPMessage msg = soapHelper.bind(samlRequest.toXMLString(true, true));
        //sign here
        if (FSServiceUtils.isSigningOn()) {
            Document doc = (Document) FSServiceUtils.createSOAPDOM(msg);
            IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
            if (metaManager == null) {
                FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: could not create meta " + "instance");
                FSUtils.forwardRequest(request, response, framedPageURL);
                return;
            }
            String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.SIGNING_CERT_ALIAS);
            if (certAlias == null) {
                FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: couldn't obtain this site's cert" + " alias.");
                FSUtils.forwardRequest(request, response, framedPageURL);
                return;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: certAlias: " + certAlias);
            }
            XMLSignatureManager manager = XMLSignatureManager.getInstance();
            int minorVersion = samlRequest.getMinorVersion();
            if (minorVersion == IFSConstants.FF_11_SAML_PROTOCOL_MINOR_VERSION) {
                manager.signXML(doc, certAlias, SystemConfigurationUtil.getProperty(SAMLConstants.XMLSIG_ALGORITHM), IFSConstants.ID, samlRequest.getID(), false);
            } else if (minorVersion == IFSConstants.FF_12_SAML_PROTOCOL_MINOR_VERSION) {
                manager.signXML(doc, certAlias, SystemConfigurationUtil.getProperty(SAMLConstants.XMLSIG_ALGORITHM), IFSConstants.REQUEST_ID, samlRequest.getRequestID(), false, IFSConstants.ARTIFACT_XPATH);
            } else {
                FSUtils.debug.message("invalid minor version.");
            }
            msg = FSServiceUtils.convertDOMToSOAP(doc);
        }
        //call with saml request
        SOAPMessage retMsg = soapHelper.doSyncCall(response, msg, idpDescriptor, false);
        if (retMsg == null) {
            FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: " + FSUtils.bundle.getString("invalidSOAPResponse") + " Response SOAPMessage is null");
            FSUtils.forwardRequest(request, response, framedPageURL);
            return;
        }
        //getback response
        samlResponseElt = soapHelper.parseSOAPMessage(retMsg);
        if ((samlResponseElt != null) && (samlResponseElt.getLocalName().trim()).equals("Fault")) {
            FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: " + FSUtils.bundle.getString("invalidSOAPResponse") + " SOAPFault occured");
            String[] data = { FSUtils.bundle.getString("invalidSOAPResponse") };
            LogUtil.error(Level.INFO, LogUtil.INVALID_SOAP_RESPONSE, data);
            FSUtils.forwardRequest(request, response, framedPageURL);
            return;
        } else if ((samlResponseElt != null) && (samlResponseElt.getLocalName().trim()).equals("Response")) {
            samlResponse = new FSResponse(samlResponseElt);
            if (samlResponse == null) {
                FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: " + FSUtils.bundle.getString("invalidSOAPResponse") + " Could not create SAML Response");
                String[] data = { FSUtils.bundle.getString("invalidSOAPResponse") };
                LogUtil.error(Level.INFO, LogUtil.INVALID_SOAP_RESPONSE, data);
                FSUtils.forwardRequest(request, response, framedPageURL);
                return;
            }
        } else {
            FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: " + FSUtils.bundle.getString("invalidSOAPResponse") + " SOAP response does not contain samlp:Response");
            String[] data = { FSUtils.bundle.getString("invalidSOAPResponse") };
            LogUtil.error(Level.INFO, LogUtil.INVALID_SOAP_RESPONSE, data);
            FSUtils.forwardRequest(request, response, framedPageURL);
            return;
        }
        //process saml response
        processSAMLResponse((FSResponse) samlResponse);
        return;
    } catch (Exception e) {
        StringWriter baos = new StringWriter();
        e.printStackTrace(new PrintWriter(baos));
        FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: Exception occured: " + e.getMessage() + "\n" + baos.getBuffer().toString());
        try {
            FSUtils.forwardRequest(request, response, framedPageURL);
        } catch (Exception ex) {
            FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: IOException occured: ", e);
        }
        return;
    }
}
Also used : IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) FSResponse(com.sun.identity.federation.message.FSResponse) XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager) FSSOAPService(com.sun.identity.federation.services.FSSOAPService) Document(org.w3c.dom.Document) SOAPMessage(javax.xml.soap.SOAPMessage) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException)

Example 3 with FSResponse

use of com.sun.identity.federation.message.FSResponse in project OpenAM by OpenRock.

the class FSSSOBrowserArtifactProfileHandler method createSAMLResponse.

private FSResponse createSAMLResponse(FSSAMLRequest samlRequest) throws FSException {
    FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Called");
    FSResponse retResponse = null;
    String respID = FSUtils.generateID();
    String inResponseTo = samlRequest.getRequestID();
    List contents = new ArrayList();
    String message = null;
    int length;
    Status status;
    String remoteAddr = ClientUtils.getClientIPAddress(request);
    String respPrefix = FSUtils.bundle.getString("responseLogMessage") + " " + remoteAddr;
    int reqType = samlRequest.getContentType();
    if (reqType == Request.NOT_SUPPORTED) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "Found element in the request which are not supported");
        }
        message = FSUtils.bundle.getString("unsupportedElement");
        try {
            status = new Status(new StatusCode("samlp:Responder"), message, null);
            retResponse = new FSResponse(respID, inResponseTo, status, contents);
            retResponse.setMinorVersion(samlRequest.getMinorVersion());
        } catch (SAMLException se) {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "Fatal error, cannot create status or response: ", se);
        }
        if (LogUtil.isAccessLoggable(Level.FINER)) {
            String[] data = { respPrefix, retResponse.toString() };
            LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
        } else {
            String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
            LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
        }
        return retResponse;
    }
    FSAssertionManager am = null;
    try {
        am = FSAssertionManager.getInstance(metaAlias);
    } catch (FSException se) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Cannot instantiate " + "FSAssertionManager");
        }
        message = se.getMessage();
        try {
            status = new Status(new StatusCode("samlp:Responder"), message, null);
            retResponse = new FSResponse(respID, inResponseTo, status, contents);
            retResponse.setMinorVersion(samlRequest.getMinorVersion());
        } catch (SAMLException sse) {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "Fatal error, cannot create status or response: ", sse);
        }
        if (LogUtil.isAccessLoggable(Level.FINER)) {
            String[] data = { respPrefix, retResponse.toString() };
            LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
        } else {
            String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
            LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
        }
        return retResponse;
    }
    List artifacts = null;
    List assertions = new ArrayList();
    if (reqType == Request.ASSERTION_ARTIFACT) {
        artifacts = samlRequest.getAssertionArtifact();
        length = artifacts.size();
        // ensure that all the artifacts have the same sourceID
        String sourceID = null;
        String providerID = null;
        AssertionArtifact art = null;
        for (int j = 0; j < length; j++) {
            art = (AssertionArtifact) artifacts.get(j);
            if (sourceID != null) {
                if (!sourceID.equals(art.getSourceID())) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Artifacts not from " + "the same source");
                    }
                    message = FSUtils.bundle.getString("mismatchSourceID");
                    try {
                        /**
                            * Need a second level status for the federation
                            * does not exist. 
                            */
                        status = new Status(new StatusCode("samlp:Requester", new StatusCode(IFSConstants.FEDERATION_NOT_EXISTS_STATUS, null)), message, null);
                        retResponse = new FSResponse(respID, inResponseTo, status, contents);
                        retResponse.setMinorVersion(samlRequest.getMinorVersion());
                    } catch (SAMLException ex) {
                        FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response: ", ex);
                    }
                    if (LogUtil.isAccessLoggable(Level.FINER)) {
                        String[] data = { respPrefix, retResponse.toString() };
                        LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
                    } else {
                        String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
                        LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
                    }
                    return retResponse;
                } else {
                    //sourceids are equal
                    continue;
                }
            } else {
                // sourceID == null
                sourceID = art.getSourceID();
            }
        }
        // while loop to go through artifacts to check for sourceID
        if (art != null) {
            try {
                providerID = am.getDestIdForArtifact(art);
            } catch (FSException ex) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: FSException Occured while " + "retrieving sp's providerID for the artifact: ", ex);
                providerID = null;
            }
            if (providerID == null) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "artifact received does not correspond to any SP");
                message = FSUtils.bundle.getString("invalidSource");
                try {
                    /**
                         * Need a second level status for the federation
                         * does not exist. 
                         */
                    /**
                         * First, let's check we haven't recorded a status
                         * beforehand (by another call) related to this
                         * artifact. If so, use it.
                         */
                    Status sorig = am.getErrorStatus(art);
                    if (sorig != null) {
                        status = sorig;
                    } else {
                        status = new Status(new StatusCode("samlp:Requester", new StatusCode(IFSConstants.FEDERATION_NOT_EXISTS_STATUS, null)), message, null);
                    }
                    retResponse = new FSResponse(respID, inResponseTo, status, contents);
                    retResponse.setMinorVersion(samlRequest.getMinorVersion());
                    return retResponse;
                } catch (SAMLException sse) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse:Fatal error, " + "cannot create status or response: ", sse);
                    return null;
                }
            //return error response
            } else {
                try {
                    if (!metaManager.isTrustedProvider(realm, hostedEntityId, providerID)) {
                        FSUtils.debug.error("FSSSOAndFedHandler.processAuthnRequest: " + "RemoteProvider is not trusted");
                        message = FSUtils.bundle.getString("AuthnRequestProcessingFailed");
                        status = new Status(new StatusCode("samlp:Requester"), message, null);
                        retResponse = new FSResponse(respID, inResponseTo, status, contents);
                        retResponse.setMinorVersion(samlRequest.getMinorVersion());
                        return retResponse;
                    }
                    spDescriptor = metaManager.getSPDescriptor(realm, providerID);
                    spEntityId = providerID;
                    remoteAddr = providerID;
                } catch (Exception ae) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "FSAllianceManagementException " + "Occured while getting", ae);
                    message = ae.getMessage();
                    try {
                        status = new Status(new StatusCode("samlp:Requester"), message, null);
                        retResponse = new FSResponse(respID, inResponseTo, status, contents);
                        retResponse.setMinorVersion(samlRequest.getMinorVersion());
                        return retResponse;
                    } catch (SAMLException sse) {
                        FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse:Fatal error, " + "cannot create status or response: ", sse);
                        return null;
                    }
                }
            }
            //Verify signature
            if (FSServiceUtils.isSigningOn()) {
                if (!verifySAMLRequestSignature(samlRequestElement, soapMsg)) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "SAMLRequest signature verification failed");
                    message = FSUtils.bundle.getString("signatureVerificationFailed");
                    try {
                        status = new Status(new StatusCode("samlp:Requester"), message, null);
                        retResponse = new FSResponse(respID, inResponseTo, status, contents);
                        retResponse.setMinorVersion(samlRequest.getMinorVersion());
                        return retResponse;
                    } catch (SAMLException sse) {
                        FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse:Fatal error, " + "cannot create status or response: " + sse.getMessage());
                    }
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOBrowserArtProfileHandler.createSAMLResp:" + " SAMLRequest signature verified");
                    }
                }
            }
        //end signature verification
        } else {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: No artifact found in samlRequest");
            message = FSUtils.bundle.getString("missingArtifact");
            try {
                status = new Status(new StatusCode("samlp:Requester"), message, null);
                retResponse = new FSResponse(respID, inResponseTo, status, contents);
                retResponse.setMinorVersion(samlRequest.getMinorVersion());
                return retResponse;
            } catch (SAMLException sse) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse:Fatal error, " + "cannot create status or response: ", sse);
                return null;
            }
        }
        for (int i = 0; i < length; i++) {
            AssertionArtifact artifact = (AssertionArtifact) artifacts.get(i);
            Assertion assertion = null;
            try {
                assertion = am.getAssertion(artifact, spEntityId);
            } catch (FSException e) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAML" + "Response:could not find matching assertion:", e);
                }
                message = e.getMessage();
                try {
                    status = new Status(new StatusCode("samlp:Success"), message, null);
                    retResponse = new FSResponse(respID, inResponseTo, status, contents);
                    retResponse.setMinorVersion(samlRequest.getMinorVersion());
                } catch (SAMLException sse) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse:Fatal error, " + "cannot create status or response: ", sse);
                }
                if (LogUtil.isAccessLoggable(Level.FINER)) {
                    String[] data = { respPrefix, retResponse.toString() };
                    LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
                } else {
                    String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
                    LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
                }
                return retResponse;
            }
            if (assertion != null) {
                assertions.add(i, assertion);
            }
        }
    }
    int assertionSize = assertions.size();
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: found " + assertionSize + "assertions.");
    }
    // inside the assertion has the calling host's address in it.
    for (int i = 0; i < assertionSize; i++) {
        Assertion assn = (Assertion) assertions.get(i);
        Conditions conds = assn.getConditions();
        Set trcs = conds.getAudienceRestrictionCondition();
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: checking to see if assertions" + " are for host:" + remoteAddr);
        }
        if (trcs != null && !trcs.isEmpty()) {
            Iterator trcsIterator = trcs.iterator();
            while (trcsIterator.hasNext()) {
                if (!((AudienceRestrictionCondition) trcsIterator.next()).containsAudience(remoteAddr)) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: removing TRC not" + "meant for this host");
                    }
                    assertions.remove(assn);
                }
            }
        }
    }
    assertionSize = assertions.size();
    if (assertionSize == 0) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Matching Assertions(s) not " + "created for this host");
        }
        message = FSUtils.bundle.getString("mismatchDest");
        try {
            status = new Status(new StatusCode("samlp:Success"), message, null);
            retResponse = new FSResponse(respID, inResponseTo, status, contents);
            retResponse.setMinorVersion(samlRequest.getMinorVersion());
        } catch (SAMLException se) {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response:", se);
        }
        if (LogUtil.isAccessLoggable(Level.FINER)) {
            String[] data = { respPrefix, retResponse.toString() };
            LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
        } else {
            String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
            LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
        }
        return retResponse;
    }
    if (reqType == Request.ASSERTION_ARTIFACT) {
        if (assertions.size() == artifacts.size()) {
            message = null;
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Matching Assertion found");
            }
            try {
                status = new Status(new StatusCode("samlp:Success"), message, null);
                retResponse = new FSResponse(respID, inResponseTo, status, assertions);
                retResponse.setMinorVersion(samlRequest.getMinorVersion());
            } catch (SAMLException se) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response:", se);
                return null;
            } catch (Exception e) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response:", e);
                return null;
            }
            if (LogUtil.isAccessLoggable(Level.FINER)) {
                String[] data = { respPrefix, retResponse.toString() };
                LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
            } else {
                String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
                LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
            }
            return retResponse;
        } else {
            message = FSUtils.bundle.getString("unequalMatch");
            try {
                status = new Status(new StatusCode("samlp:Success"), message, null);
                retResponse = new FSResponse(respID, inResponseTo, status, assertions);
                retResponse.setMinorVersion(samlRequest.getMinorVersion());
            } catch (SAMLException se) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response:", se);
            }
            if (LogUtil.isAccessLoggable(Level.FINER)) {
                String[] data = { respPrefix, retResponse.toString() };
                LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
            } else {
                String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
                LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
            }
            return retResponse;
        }
    } else {
        // build response for all the other type of request
        try {
            message = null;
            status = new Status(new StatusCode("samlp:Success"), message, null);
            retResponse = new FSResponse(respID, inResponseTo, status, assertions);
            retResponse.setMinorVersion(samlRequest.getMinorVersion());
        } catch (SAMLException se) {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response:", se);
        }
    }
    if (LogUtil.isAccessLoggable(Level.FINER)) {
        String[] data = { respPrefix, retResponse.toString() };
        LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
    } else {
        String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
        LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
    }
    return retResponse;
}
Also used : Status(com.sun.identity.saml.protocol.Status) Set(java.util.Set) ArrayList(java.util.ArrayList) Assertion(com.sun.identity.saml.assertion.Assertion) StatusCode(com.sun.identity.saml.protocol.StatusCode) SAMLException(com.sun.identity.saml.common.SAMLException) AssertionArtifact(com.sun.identity.saml.protocol.AssertionArtifact) FSAssertionArtifact(com.sun.identity.federation.message.FSAssertionArtifact) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) Conditions(com.sun.identity.saml.assertion.Conditions) FSAssertionManager(com.sun.identity.federation.services.FSAssertionManager) FSResponse(com.sun.identity.federation.message.FSResponse) FSException(com.sun.identity.federation.common.FSException) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) List(java.util.List)

Aggregations

FSException (com.sun.identity.federation.common.FSException)3 FSResponse (com.sun.identity.federation.message.FSResponse)3 IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)2 SAMLException (com.sun.identity.saml.common.SAMLException)2 SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)2 XMLSignatureManager (com.sun.identity.saml.xmlsig.XMLSignatureManager)2 Iterator (java.util.Iterator)2 List (java.util.List)2 SOAPMessage (javax.xml.soap.SOAPMessage)2 Document (org.w3c.dom.Document)2 SystemConfigurationException (com.sun.identity.common.SystemConfigurationException)1 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)1 FSAssertion (com.sun.identity.federation.message.FSAssertion)1 FSAssertionArtifact (com.sun.identity.federation.message.FSAssertionArtifact)1 FSAuthnRequest (com.sun.identity.federation.message.FSAuthnRequest)1 FSLogoutNotification (com.sun.identity.federation.message.FSLogoutNotification)1 FSLogoutResponse (com.sun.identity.federation.message.FSLogoutResponse)1 FSNameIdentifierMappingRequest (com.sun.identity.federation.message.FSNameIdentifierMappingRequest)1 FSNameIdentifierMappingResponse (com.sun.identity.federation.message.FSNameIdentifierMappingResponse)1 FSNameRegistrationResponse (com.sun.identity.federation.message.FSNameRegistrationResponse)1