use of com.sun.identity.federation.message.FSSubject in project OpenAM by OpenRock.
the class FSAssertionArtifactHandler method processAuthnResponse.
/**
* Processes <code>FSAuthnResponse</code>.
* @param authnResponse <code>FSAuthnResponse</code> objec to be processed
*/
public void processAuthnResponse(FSAuthnResponse authnResponse) {
FSUtils.debug.message("FSAssertionArtifactHandler.ProcessAuthnResponse: Called");
this.authnResponse = authnResponse;
// Call SP adapter SPI
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostEntityId, hostConfig);
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler, POST" + " Invokde spAdapter.preSSOFederationProcess");
}
try {
spAdapter.preSSOFederationProcess(hostEntityId, request, response, authnRequest, authnResponse, null);
} catch (Exception e) {
// log run time exception in Adapter
// implementation, continue
FSUtils.debug.error("FSAssertionArtifactHandler" + " SPAdapter.preSSOFederationSuccess", e);
}
}
String baseURL = FSServiceUtils.getBaseURL(request);
String framedLoginPageURL = FSServiceUtils.getCommonLoginPageURL(hostMetaAlias, authnRequest.getRelayState(), null, request, baseURL);
this.relayState = authnRequest.getRelayState();
if ((this.relayState == null) || (this.relayState.trim().length() == 0)) {
this.relayState = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.PROVIDER_HOME_PAGE_URL);
if ((this.relayState == null) || (this.relayState.trim().length() == 0)) {
this.relayState = baseURL + IFSConstants.SP_DEFAULT_RELAY_STATE;
}
}
try {
if (authnResponse == null) {
String[] data = { FSUtils.bundle.getString("missingAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.MISSING_AUTHN_RESPONSE, data, ssoToken);
FSUtils.debug.error("FSAssertionArtifactHandler." + "processAuthnResponse: " + FSUtils.bundle.getString("missingAuthnResponse") + " AuthnRequest Processing Failed at the IDP " + "Redirecting to the Framed Login Page");
response.sendRedirect(framedLoginPageURL);
return;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler.doPost:Received " + authnResponse.toXMLString());
}
boolean valid = verifyResponseStatus(authnResponse);
if (!valid) {
FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
// clean request map
String inResponseTo = authnResponse.getInResponseTo();
sessionManager.removeAuthnRequest(inResponseTo);
String[] data = { authnResponse.toXMLString() };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data, ssoToken);
FSUtils.debug.warning("FSAssertionArtifactHandler." + " processAuthnResponse: " + FSUtils.bundle.getString("invalidResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
if ((spAdapter == null) || !(spAdapter.postSSOFederationFailure(hostEntityId, request, response, authnRequest, authnResponse, null, FederationSPAdapter.INVALID_AUTHN_RESPONSE))) {
response.sendRedirect(framedLoginPageURL);
}
return;
}
// check Assertion
List assertions = authnResponse.getAssertion();
FSSubject validSubject = (FSSubject) validateAssertions(assertions);
if (validSubject == null) {
String[] data = { FSUtils.bundle.getString("invalidAssertion") };
LogUtil.error(Level.INFO, LogUtil.INVALID_ASSERTION, data, ssoToken);
FSUtils.debug.error("FSAssertionArtifactHandler." + "processAuthnResponse: " + FSUtils.bundle.getString("InvalidResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
response.sendRedirect(framedLoginPageURL);
return;
}
FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
if (doFederate) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "processAuthnResponse: Initiate Account Federation");
}
NameIdentifier ni = validSubject.getIDPProvidedNameIdentifier();
if (ni == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler.processAuthnResponse:" + " IDPProvided NameIdentifier is null");
}
ni = validSubject.getNameIdentifier();
}
if (ni != null) {
int returnCode = doAccountFederation(ni);
if (returnCode == FederationSPAdapter.SUCCESS) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "processAuthnResponse: Account federation" + " successful");
}
String inResponseTo = authnResponse.getInResponseTo();
sessionManager.removeAuthnRequest(inResponseTo);
sessionManager.removeLocalSessionToken(inResponseTo);
return;
} else {
String[] data = { FSUtils.bundle.getString("AccountFederationFailed") };
LogUtil.error(Level.INFO, LogUtil.ACCOUNT_FEDERATION_FAILED, data, ssoToken);
FSUtils.debug.error("FSAssertionArtifactHandler." + "processAuthnResponse: " + FSUtils.bundle.getString("AccountFederationFailed") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
if (spAdapter == null || !spAdapter.postSSOFederationFailure(hostEntityId, request, response, authnRequest, authnResponse, (FSResponse) samlResponse, returnCode)) {
response.sendRedirect(framedLoginPageURL);
}
}
} else {
throw new FSException("missingNIofSubject", null);
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "processAuthnResponse: Initiate SingleSign-On");
}
//check for SPProvidedNameIdentifier
NameIdentifier niIdp = validSubject.getIDPProvidedNameIdentifier();
NameIdentifier ni = validSubject.getNameIdentifier();
if (niIdp == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler.processAuthnResponse:" + " IDPProvided NameIdentifier is null");
}
niIdp = ni;
}
if ((niIdp == null) || (ni == null)) {
String[] data = { FSUtils.bundle.getString("invalidResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data, ssoToken);
FSUtils.debug.error("FSAssertionArtifactHandler." + " processAuthnResponse: " + FSUtils.bundle.getString("invalidResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
response.sendRedirect(framedLoginPageURL);
return;
}
String idpHandle = niIdp.getName();
String spHandle = ni.getName();
int handleType;
if ((idpHandle == null) || (spHandle == null)) {
String[] data = { FSUtils.bundle.getString("invalidResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data, ssoToken);
FSUtils.debug.error("FSAssertionArtifactHandler." + "processAuthnResponse: " + FSUtils.bundle.getString("invalidResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
response.sendRedirect(framedLoginPageURL);
return;
}
if (idpHandle.equals(spHandle)) {
ni = niIdp;
handleType = IFSConstants.REMOTE_OPAQUE_HANDLE;
} else {
handleType = IFSConstants.LOCAL_OPAQUE_HANDLE;
}
Map env = new HashMap();
env.put(IFSConstants.FS_USER_PROVIDER_ENV_AUTHNRESPONSE_KEY, authnResponse);
int returnCode = doSingleSignOn(ni, handleType, niIdp, env);
if (returnCode == FederationSPAdapter.SUCCESS) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "processAuthnResponse: Accountfederation successful");
}
String requestID = authnResponse.getInResponseTo();
sessionManager.removeAuthnRequest(requestID);
if (isIDPProxyEnabled(requestID)) {
sendProxyResponse(requestID);
return;
}
String[] data = { this.relayState };
LogUtil.access(Level.INFO, LogUtil.ACCESS_GRANTED_REDIRECT_TO, data, ssoToken);
FSUtils.debug.message("ArtifactHandler.notfederated, postSSO");
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler," + " Invoke spAdapter.postSSOFederationSuccess");
}
try {
if (spAdapter.postSSOFederationSuccess(hostEntityId, request, response, ssoToken, authnRequest, authnResponse, null)) {
// return if the SP spi redirection happened
return;
}
} catch (Exception e) {
// log run time exception in Adapter
// implementation, continue
FSUtils.debug.error("FSAssertionArtifadctHandler" + " SPAdapter.postSSOFederationSuccess:", e);
}
}
redirectToResource(this.relayState);
return;
} else {
String[] data = { FSUtils.bundle.getString("SSOfailed") };
LogUtil.error(Level.INFO, LogUtil.SINGLE_SIGNON_FAILED, data, ssoToken);
FSUtils.debug.error("FSAssertionArtifactHandler." + "processAuthnResponse: " + FSUtils.bundle.getString("invalidResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
if (spAdapter == null || !spAdapter.postSSOFederationFailure(hostEntityId, request, response, authnRequest, authnResponse, null, returnCode)) {
response.sendRedirect(framedLoginPageURL);
}
return;
}
}
} catch (Exception e) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "processAuthnResponse: Exception Occured: ", e);
try {
FSUtils.debug.error("FSAssertionArtifactHandler." + "processAuthnResponse: " + FSUtils.bundle.getString("invalidResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
response.sendRedirect(framedLoginPageURL);
} catch (IOException ioe) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "processAuthnResponse: IOException Occured: ", ioe);
return;
}
return;
}
}
Aggregations