use of com.sun.identity.federation.meta.IDFFMetaException in project OpenAM by OpenRock.
the class FSServiceManager method getNameRegistrationHandler.
/*
* Returns name registration handler. This method is invoked by the
* <code>SP</code> at the end of account federation if name registration is
* turned on.
* The <code>remoteEntityId</code> passed is that of the <code>IdP</code>
* with whom registration will be done.
* @param realm the realm in which the provider resides
* @param remoteEntityId remote Provider Entity ID.
* @param remoteProviderRole remote Provider Role.
* @return <code>FSNameRegistrationHandler</code> the name registration
* handler
*/
public FSNameRegistrationHandler getNameRegistrationHandler(String realm, String remoteEntityId, String remoteProviderRole) {
FSNameRegistrationHandler handlerRegistration = new FSNameRegistrationHandler();
if (handlerRegistration != null) {
try {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::" + "getSPNameIdentifier failed to get meta " + "Manager instance");
}
return null;
}
ProviderDescriptorType remoteDesc = null;
if (remoteProviderRole == null) {
return null;
} else if (remoteProviderRole.equalsIgnoreCase(IFSConstants.IDP)) {
remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
} else if (remoteProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
}
if (remoteDesc != null) {
handlerRegistration.setRemoteDescriptor(remoteDesc);
handlerRegistration.setRemoteEntityId(remoteEntityId);
handlerRegistration.setRealm(realm);
return handlerRegistration;
} else {
return null;
}
} catch (IDFFMetaException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::Failed " + "to get remote descriptor:", e);
}
return null;
}
}
return handlerRegistration;
}
use of com.sun.identity.federation.meta.IDFFMetaException in project OpenAM by OpenRock.
the class FSRegistrationReturnServlet method doGetPost.
/**
* Handles the request.
* @param request <code>HttpServletRequest</code> object that contains the
* request the client has made of the servlet.
* @param response <code>HttpServletResponse</code> object that contains
* the response the servlet sends to the client.
* @exception ServletException if an input or output error is detected when
* the servlet handles the request
* @exception IOException if the request could not be handled
*/
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
FSUtils.debug.message("FSRegistrationReturnServlet doGetPost...");
String providerAlias = "";
providerAlias = FSServiceUtils.getMetaAlias(request);
if (providerAlias == null || providerAlias.length() < 1) {
FSUtils.debug.error("Unable to retrieve alias, Hosted" + " Provider. Cannot process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("aliasNotFound"));
return;
}
if (metaManager == null) {
FSUtils.debug.error("Cannot retrieve hosted descriptor. " + "Cannot process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
return;
}
String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
ProviderDescriptorType hostedProviderDesc = null;
BaseConfigType hostedConfig = null;
String hostedEntityId = null;
String hostedProviderRole = null;
try {
hostedProviderRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.IDP)) {
hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
} else if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
}
if (hostedProviderDesc == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException eam) {
FSUtils.debug.error("Unable to find Hosted Provider. not process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
return;
}
this.request = request;
setRegistrationURL(hostedConfig, providerAlias);
// Here we will need to
// 1. verify response signature
// 2. verify response status
// 3. retrieve registration request Id from Map
// 4. if status success then do locally else not do locally and
// 5. show status page or LRURL if found in MAP
// (eg intersiteTransfer)
FSNameRegistrationResponse regisResponse = null;
try {
regisResponse = FSNameRegistrationResponse.parseURLEncodedRequest(request);
} catch (FSMsgException e) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_REQUEST_IMPROPER, IFSConstants.REGISTRATION_FAILED);
return;
} catch (SAMLException e) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_REQUEST_IMPROPER, IFSConstants.REGISTRATION_FAILED);
return;
}
String remoteEntityId = regisResponse.getProviderId();
ProviderDescriptorType remoteDesc = null;
boolean isIDP = false;
try {
if (hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
isIDP = true;
} else {
remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
}
} catch (IDFFMetaException e) {
FSUtils.debug.error("FSRegistrationReturnServlet:", e);
}
if (remoteDesc == null) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_REQUEST_IMPROPER, IFSConstants.REGISTRATION_FAILED);
return;
}
boolean bVerify = true;
try {
if (FSServiceUtils.isSigningOn()) {
bVerify = verifyResponseSignature(request, remoteDesc, remoteEntityId, isIDP);
}
} catch (SAMLException e) {
bVerify = false;
} catch (FSException e) {
bVerify = false;
}
if (bVerify) {
FSNameRegistrationHandler handlerObj = new FSNameRegistrationHandler();
handlerObj.setHostedDescriptor(hostedProviderDesc);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setHostedEntityId(hostedEntityId);
handlerObj.setHostedProviderRole(hostedProviderRole);
handlerObj.setMetaAlias(providerAlias);
handlerObj.setRemoteEntityId(remoteEntityId);
handlerObj.setRemoteDescriptor(remoteDesc);
handlerObj.setRealm(realm);
handlerObj.processRegistrationResponse(request, response, regisResponse);
return;
} else {
FSUtils.debug.error("FSRegistrationReturnServlet " + "Signature on registration request is invalid" + "Cannot proceed name registration");
String[] data = { FSUtils.bundle.getString(IFSConstants.REGISTRATION_INVALID_SIGNATURE) };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data);
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_REQUEST_IMPROPER, IFSConstants.REGISTRATION_FAILED);
return;
}
}
use of com.sun.identity.federation.meta.IDFFMetaException in project OpenAM by OpenRock.
the class FSTerminationInitiationServlet method doGetPost.
/**
* Invoked when the user clicks on the termination link in the application.
* @param request <code>HttpServletRequest</code> object that contains the
* request the client has made of the servlet.
* @param response <code>HttpServletResponse</code> object that contains
* the response the servlet sends to the client.
* @exception ServletException,IOException if the request could not be
* handled
*/
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// Alias processing
String providerAlias = request.getParameter(IFSConstants.META_ALIAS);
if (providerAlias == null || providerAlias.length() < 1) {
FSUtils.debug.error("Unable to retrieve alias, Hosted Provider. " + "Cannot process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("aliasNotFound"));
return;
}
if (metaManager == null) {
FSUtils.debug.error("Cannot retrieve hosted descriptor. " + "Cannot process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
return;
}
ProviderDescriptorType hostedProviderDesc = null;
BaseConfigType hostedConfig = null;
String hostedRole = null;
String hostedEntityId = null;
String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
try {
hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
} else if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
}
if (hostedProviderDesc == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException eam) {
FSUtils.debug.error("Unable to find Hosted Provider. not process request", eam);
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
return;
}
boolean isIDP = false;
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
isIDP = true;
}
if (FSUtils.needSetLBCookieAndRedirect(request, response, isIDP)) {
return;
}
this.request = request;
setTerminationURL(hostedConfig, providerAlias);
doTerminationInitiation(request, response, hostedProviderDesc, hostedConfig, realm, hostedEntityId, hostedRole, providerAlias);
return;
}
use of com.sun.identity.federation.meta.IDFFMetaException in project OpenAM by OpenRock.
the class FSRegistrationRequestServlet method doGetPost.
/**
* Handles registration request.
* in the application
* @param request <code>HttpServletRequest</code> object that contains the
* request the client has made of the servlet.
* @param response <code>HttpServletResponse</code> object that contains
* the response the servlet sends to the client.
* @exception IOException if the request could not be handled
*/
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// Alias processing
String providerAlias = FSServiceUtils.getMetaAlias(request);
if (providerAlias == null || providerAlias.length() < 1) {
FSUtils.debug.error("Unable to retrieve alias, Hosted " + "Provider. Cannot process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("aliasNotFound"));
return;
}
if (metaManager == null) {
FSUtils.debug.error("Cannot retrieve hosted descriptor. " + "Cannot process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
return;
}
String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
ProviderDescriptorType hostedProviderDesc = null;
BaseConfigType hostedConfig = null;
String hostedEntityId = null;
String hostedProviderRole = null;
try {
hostedProviderRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.IDP)) {
hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
} else if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
}
if (hostedProviderDesc == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException eam) {
FSUtils.debug.error("Unable to find Hosted Provider. not process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
return;
}
this.request = request;
setRegistrationURL(hostedConfig, providerAlias);
FSNameRegistrationRequest regisRequest = new FSNameRegistrationRequest();
try {
regisRequest = FSNameRegistrationRequest.parseURLEncodedRequest(request);
} catch (FSMsgException e) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_REQUEST_IMPROPER, IFSConstants.REGISTRATION_FAILED);
return;
} catch (SAMLException e) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_REQUEST_IMPROPER, IFSConstants.REGISTRATION_FAILED);
return;
}
if (regisRequest == null) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_REQUEST_IMPROPER, IFSConstants.REGISTRATION_FAILED);
} else {
doRequestProcessing(request, response, hostedProviderDesc, hostedConfig, hostedProviderRole, realm, hostedEntityId, providerAlias, regisRequest);
}
}
use of com.sun.identity.federation.meta.IDFFMetaException in project OpenAM by OpenRock.
the class FSRegistrationRequestServlet method doRequestProcessing.
/**
* Called when a registration request is received from
* a remote provider. Initiates registration request processing.
* @param request <code>HTTPServletRequest</code> object received via a
* HTTP Redirect
* @param response <code>HTTPServletResponse</code> object to send the
* response back to user agent
* @param hostedProviderDesc the provider for whom request is received
* @param hostedConfig hosted provider's extended meta
* @param hostedProviderRole hosted provider's role
* @param realm the realm under which the provider resides
* @param hostedEntityId hosted provider's entity ID
* @param providerAlias hosted provider's meta alias
* @param regisRequest the federation registration request
*/
private void doRequestProcessing(HttpServletRequest request, HttpServletResponse response, ProviderDescriptorType hostedProviderDesc, BaseConfigType hostedConfig, String hostedProviderRole, String realm, String hostedEntityId, String providerAlias, FSNameRegistrationRequest regisRequest) {
FSUtils.debug.message("Entered FSRegistrationRequestServlet::doRequestProcessing");
String remoteEntityId = regisRequest.getProviderId();
String retURL = null;
ProviderDescriptorType remoteDesc = null;
boolean isIDP = false;
try {
if (hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
isIDP = true;
} else {
remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
}
retURL = remoteDesc.getRegisterNameIdentifierServiceReturnURL();
} catch (IDFFMetaException e) {
FSUtils.debug.error("FSRegistrationRequestServlet.doRequest " + "Processing: Can not retrieve remote provider data." + remoteEntityId);
String[] data = { remoteEntityId, realm };
LogUtil.error(Level.INFO, LogUtil.INVALID_PROVIDER, data);
FSServiceUtils.returnToSource(response, retURL, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_FAILED, IFSConstants.METADATA_ERROR);
return;
}
boolean bVerify = true;
if (FSServiceUtils.isSigningOn()) {
try {
if (remoteDesc != null) {
FSUtils.debug.message("Calling verifyRegistrationSignature");
bVerify = verifyRegistrationSignature(request, remoteDesc, remoteEntityId, isIDP);
} else {
FSUtils.debug.error("Cannot retrieve provider descriptor.");
String[] data = { remoteEntityId, realm };
LogUtil.error(Level.INFO, LogUtil.INVALID_PROVIDER, data);
FSServiceUtils.returnToSource(response, retURL, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_FAILED, IFSConstants.METADATA_ERROR);
return;
}
} catch (FSException e) {
FSUtils.debug.error("FSRegistrationRequestServlet::processRegistrationRequest " + "Signature on registration request is invalid" + "Cannot proceed federation registration");
String[] data = { FSUtils.bundle.getString(IFSConstants.REGISTRATION_INVALID_SIGNATURE) };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data);
FSServiceUtils.returnToSource(response, retURL, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_FAILED, IFSConstants.METADATA_ERROR);
return;
} catch (SAMLException e) {
FSUtils.debug.error("FSRegistrationRequestServlet::processRegistrationRequest" + "Signature on registration request is invalid" + "Cannot proceed federation registration");
String[] data = { FSUtils.bundle.getString(IFSConstants.REGISTRATION_INVALID_SIGNATURE) };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data);
FSServiceUtils.returnToSource(response, retURL, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_FAILED, IFSConstants.METADATA_ERROR);
return;
}
}
if (bVerify) {
// Check if trusted provider
if (metaManager.isTrustedProvider(realm, hostedEntityId, remoteEntityId)) {
FSNameRegistrationHandler regisHandler = new FSNameRegistrationHandler();
if (regisHandler != null) {
regisHandler.setHostedDescriptor(hostedProviderDesc);
regisHandler.setHostedDescriptorConfig(hostedConfig);
regisHandler.setRemoteDescriptor(remoteDesc);
regisHandler.setRemoteEntityId(remoteEntityId);
regisHandler.setHostedEntityId(hostedEntityId);
regisHandler.setHostedProviderRole(hostedProviderRole);
regisHandler.setMetaAlias(providerAlias);
regisHandler.setRealm(realm);
regisHandler.processRegistrationRequest(request, response, regisRequest);
return;
} else {
FSUtils.debug.error("Unable to get registration " + "handler. User account Not valid");
}
} else {
FSUtils.debug.error("Remote provider not in trusted list");
}
} else {
FSUtils.debug.error("FSRegistrationRequestServlet::doRequestProcesing " + "Signature on registration request is invalid" + "Cannot proceed name registration");
String[] data = { FSUtils.bundle.getString(IFSConstants.REGISTRATION_INVALID_SIGNATURE) };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data);
}
FSServiceUtils.returnToSource(response, retURL, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_FAILED, IFSConstants.METADATA_ERROR);
return;
}
Aggregations