Example 76 with IDFFMetaException
use of com.sun.identity.federation.meta.IDFFMetaException in project OpenAM by OpenRock.
the class ImportEntityModelImpl method createIDFFEntity.
private void createIDFFEntity() throws AMConsoleException {
try {
IDFFMetaManager metaManager = new IDFFMetaManager(null);
com.sun.identity.federation.jaxb.entityconfig.EntityConfigElement configElt = null;
if (extendedMetaData != null) {
configElt = getIDFFEntityConfigElement();
if ((configElt != null) && configElt.isHosted()) {
IDPDescriptorConfigElement idpConfig = IDFFMetaUtils.getIDPDescriptorConfig(configElt);
if (idpConfig != null) {
SAML2MetaUtils.getRealmByMetaAlias(idpConfig.getMetaAlias());
} else {
SPDescriptorConfigElement spConfig = IDFFMetaUtils.getSPDescriptorConfig(configElt);
if (spConfig != null) {
SAML2MetaUtils.getRealmByMetaAlias(spConfig.getMetaAlias());
}
}
}
}
importIDFFMetaData(metaManager);
if (configElt != null) {
metaManager.createEntityConfig(realm, configElt);
}
} catch (IDFFMetaException e) {
throw new AMConsoleException(e);
}
}
Also used :
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)
IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
Example 77 with IDFFMetaException
use of com.sun.identity.federation.meta.IDFFMetaException in project OpenAM by OpenRock.
the class EncryptedNameIdentifier method getEncryptedNameIdentifier.
/**
* Returns the <code>EncryptedNameIdentifier</code> for a given name
* identifier and the provider ID.
*
* @param ni the <code>NameIdentifier</code> object.
* @param realm The realm under which the entity resides.
* @param providerID the remote provider identifier.
* @return the <code>NameIdentifier</code> object.
* @throws FSException on error.
*/
public static NameIdentifier getEncryptedNameIdentifier(NameIdentifier ni, String realm, String providerID) throws FSException {
if (ni == null || providerID == null) {
FSUtils.debug.error("EncryptedNameIdentifier.construct: " + "nullInputParameter");
throw new FSException("nullInputParameter", null);
}
ProviderDescriptorType providerDesc = null;
try {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager != null) {
providerDesc = metaManager.getSPDescriptor(realm, providerID);
if (providerDesc == null) {
providerDesc = metaManager.getIDPDescriptor(realm, providerID);
}
}
if (providerDesc == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException ae) {
FSUtils.debug.error("EncryptedNameIdentifier.construct: Could" + "not retrieve the meta for provider" + providerID);
throw new FSException(ae);
}
EncInfo encInfo = KeyUtil.getEncInfo(providerDesc, providerID, false);
return getEncryptedNameIdentifier(ni, providerID, encInfo.getWrappingKey(), encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength());
}
Also used :
EncInfo(com.sun.identity.federation.key.EncInfo)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
FSException(com.sun.identity.federation.common.FSException)
Example 78 with IDFFMetaException
use of com.sun.identity.federation.meta.IDFFMetaException in project OpenAM by OpenRock.
the class FSTerminationRequestServlet method doGetPost.
/**
* Handles termination request.
* @param request <code>HttpServletRequest</code> object that contains the
* request the client has made of the servlet.
* @param response <code>HttpServletResponse</code> object that contains
* the response the servlet sends to the client.
* @exception IOException if the request could not be handled
*/
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// Alias processing
String providerAlias = FSServiceUtils.getMetaAlias(request);
if (providerAlias == null || providerAlias.length() < 1) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to retrieve alias, Hosted " + "Provider. Cannot process request");
}
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("aliasNotFound"));
return;
}
if (metaManager == null) {
FSUtils.debug.error("Cannot retrieve hosted descriptor. Cannot process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
return;
}
ProviderDescriptorType hostedProviderDesc = null;
BaseConfigType hostedConfig = null;
String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
String hostedEntityId = null;
String hostedProviderRole = null;
try {
hostedProviderRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.IDP)) {
hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
} else if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
}
if (hostedProviderDesc == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException eam) {
FSUtils.debug.error("Unable to find Hosted Provider. not process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
return;
}
this.request = request;
setTerminationURL(hostedConfig, providerAlias);
FSFederationTerminationNotification fedTermObj = new FSFederationTerminationNotification();
try {
fedTermObj = FSFederationTerminationNotification.parseURLEncodedRequest(request);
} catch (FSMsgException e) {
FSServiceUtils.showErrorPage(response, commonErrorPage, IFSConstants.TERMINATION_REQUEST_IMPROPER, IFSConstants.TERMINATION_LOCAL_FAILED);
return;
} catch (SAMLException e) {
FSServiceUtils.showErrorPage(response, commonErrorPage, IFSConstants.TERMINATION_REQUEST_IMPROPER, IFSConstants.TERMINATION_LOCAL_FAILED);
return;
}
if (fedTermObj == null) {
FSServiceUtils.showErrorPage(response, commonErrorPage, IFSConstants.TERMINATION_REQUEST_IMPROPER, IFSConstants.TERMINATION_LOCAL_FAILED);
} else {
doRequestProcessing(request, response, hostedProviderDesc, hostedConfig, hostedProviderRole, realm, hostedEntityId, providerAlias, fedTermObj);
}
return;
}
Also used :
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSFederationTerminationNotification(com.sun.identity.federation.message.FSFederationTerminationNotification)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
SAMLException(com.sun.identity.saml.common.SAMLException)
Example 79 with IDFFMetaException
use of com.sun.identity.federation.meta.IDFFMetaException in project OpenAM by OpenRock.
the class FSTerminationReturnServlet method doGetPost.
/**
* Handles termination return message.
* @param request <code>HttpServletRequest</code> object that contains the
* request the client has made of the servlet.
* @param response <code>HttpServletResponse</code> object that contains
* the response the servlet sends to the client.
* @exception ServletException if an input or output error is detected when
* the servlet handles the request
* @exception IOException if the request could not be handled
*/
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
FSUtils.debug.message("FSTerminationReturnServlet doGetPost...");
String providerAlias = FSServiceUtils.getMetaAlias(request);
if (providerAlias == null || providerAlias.length() < 1) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to retrieve alias, Hosted" + " Provider. Cannot process request");
}
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("aliasNotFound"));
return;
}
StringBuffer terminationDone = new StringBuffer();
BaseConfigType hostedConfig = null;
try {
String hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
String hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
} else if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
}
if (hostedRole == null || hostedConfig == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException e) {
FSUtils.debug.error("Failed to get Hosted Provider");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
return;
}
terminationDone.append(FSServiceUtils.getTerminationDonePageURL(request, hostedConfig, providerAlias));
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Final Done page URL at local end: " + terminationDone.toString());
}
response.sendRedirect(terminationDone.toString());
return;
}
Also used :
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
Example 80 with IDFFMetaException
use of com.sun.identity.federation.meta.IDFFMetaException in project OpenAM by OpenRock.
the class SingleLogoutManager method sendLogoutResponse.
/**
* Sends logout response, this is for the case of HTTP binding
* There are two cases here:
* 1. IDP initiated HTTP Logout, just redirect user browser to original
* relaystate.
* 2. SP initiated HTTP logout, need to send LogoutResponse back to SP.
*/
void sendLogoutResponse(HttpServletRequest request, HttpServletResponse response, String relayState) throws IOException {
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutResponse: relaystate=" + relayState);
}
String logoutResponseXML = (String) sloResponseXMLMap.get(relayState);
if (logoutResponseXML == null) {
// first case, just redirect to original relayState
String origRelayState = (String) relayStateMap.get(relayState);
int logoutStatus = ((Integer) currentStatusMap.get(relayState)).intValue();
String statusString = MultiProtocolUtils.getLogoutStatus(logoutStatus);
if ((origRelayState == null) || (origRelayState.length() == 0)) {
// TODO : get default single logout URL for each protocol
response.getWriter().print("Logout DONE. Status = " + statusString);
} else {
// include logout status
if (origRelayState.indexOf("?") == -1) {
response.sendRedirect(origRelayState + "?" + SingleLogoutManager.STATUS_PARAM + "=" + statusString);
} else {
response.sendRedirect(origRelayState + "&" + SingleLogoutManager.STATUS_PARAM + "=" + statusString);
}
}
} else {
String protocol = (String) origProtocolMap.get(relayState);
String spEntityID = (String) spEntityIDMap.get(relayState);
String origRelayState = (String) relayStateMap.get(relayState);
String realm = (String) realmMap.get(relayState);
String idpEntityID = (String) idpEntityIDMap.get(relayState);
int currentStatus = ((Integer) currentStatusMap.get(relayState)).intValue();
if (protocol.equals(SingleLogoutManager.SAML2)) {
try {
LogoutResponse logResp = ProtocolFactory.getInstance().createLogoutResponse(logoutResponseXML);
String location = logResp.getDestination();
String statusVal = logResp.getStatus().getStatusCode().getValue();
String newVal = getNewStatusCode(currentStatus, statusVal);
if (!statusVal.equals(newVal)) {
logResp.getStatus().getStatusCode().setValue(statusVal);
}
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "(SAML2) location=" + location + " orig status=" + statusVal + ", new status=" + newVal + ", orig relay=" + origRelayState + ", realm=" + realm + ", idpEntityID=" + idpEntityID + ", spEntityID=" + spEntityID);
}
LogoutUtil.sendSLOResponse(response, logResp, location, origRelayState, realm, idpEntityID, SAML2Constants.IDP_ROLE, spEntityID);
} catch (SAML2Exception ex) {
debug.error("SingleLogoutManager.sendLogoutResponse:saml2", ex);
throw new IOException(ex.getMessage());
}
} else if (protocol.equals(SingleLogoutManager.IDFF)) {
boolean failed = false;
String logoutDoneURL = null;
try {
debug.message("SingleLogoutManager.sendLogoutResp: IDFF");
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
ProviderDescriptorType descriptor = metaManager.getSPDescriptor(realm, spEntityID);
String retURL = descriptor.getSingleLogoutServiceReturnURL();
Element elem = XMLUtils.toDOMDocument(logoutResponseXML, SingleLogoutManager.debug).getDocumentElement();
FSLogoutResponse responseLogout = new FSLogoutResponse(elem);
BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, idpEntityID);
logoutDoneURL = FSServiceUtils.getLogoutDonePageURL(request, hostedConfig, null);
Status status = responseLogout.getStatus();
String statusVal = status.getStatusCode().getValue();
String newVal = getNewStatusCode(currentStatus, statusVal);
if (!statusVal.equals(newVal)) {
com.sun.identity.saml.protocol.StatusCode statCode = new com.sun.identity.saml.protocol.StatusCode(newVal);
com.sun.identity.saml.protocol.Status stat = new com.sun.identity.saml.protocol.Status(statCode);
responseLogout.setStatus(stat);
}
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "(IDFF) orig status=" + statusVal + ", new status=" + newVal + ", orig relay=" + origRelayState + ", logout done URL=" + logoutDoneURL + ", realm=" + realm + ", idpEntityID=" + idpEntityID + ", spEntityID=" + spEntityID);
}
String urlEncodedResponse = responseLogout.toURLEncodedQueryString();
// Sign the request querystring
if (FSServiceUtils.isSigningOn()) {
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null || certAlias.length() == 0) {
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "signSAMLRequest couldn't obtain cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
} else {
urlEncodedResponse = FSSignatureUtil.signAndReturnQueryString(urlEncodedResponse, certAlias);
}
}
StringBuffer redirectURL = new StringBuffer();
redirectURL.append(retURL);
if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
redirectURL.append(IFSConstants.QUESTION_MARK);
} else {
redirectURL.append(IFSConstants.AMPERSAND);
}
redirectURL.append(urlEncodedResponse);
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendResponse " + "for IDFF, url = " + redirectURL.toString());
}
response.sendRedirect(redirectURL.toString());
} catch (FSMsgException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
} catch (SAMLException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
;
} catch (IDFFMetaException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
} catch (IOException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
}
if (failed) {
FSServiceUtils.returnLocallyAfterOperation(response, logoutDoneURL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
}
} else if (protocol.equals(SingleLogoutManager.WS_FED)) {
debug.message("SingleLogoutManager.sendLogoutResponse: WSFED");
if (origRelayState != null) {
response.sendRedirect(origRelayState);
} else {
response.getWriter().print("Logout DONE.");
}
} else {
// should never come here
debug.error("SingleLogoutManager.sendLogoutResponse: invalid" + " protocol : " + protocol);
}
}
cleanupParameters(relayState);
return;
}
Also used :
Element(org.w3c.dom.Element)
SAMLException(com.sun.identity.saml.common.SAMLException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
Status(com.sun.identity.saml.protocol.Status)
Status(com.sun.identity.saml.protocol.Status)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
LogoutResponse(com.sun.identity.saml2.protocol.LogoutResponse)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
IOException(java.io.IOException)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Aggregations
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)89
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)55
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)30
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)27
Iterator (java.util.Iterator)25
Map (java.util.Map)25
HashMap (java.util.HashMap)24
List (java.util.List)24
ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)22
Set (java.util.Set)21
SAMLException (com.sun.identity.saml.common.SAMLException)17
HashSet (java.util.HashSet)17
ArrayList (java.util.ArrayList)14
FSException (com.sun.identity.federation.common.FSException)13
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)12
CLIException (com.sun.identity.cli.CLIException)10
SessionException (com.sun.identity.plugin.session.SessionException)9
IOException (java.io.IOException)9
IDPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)8
SPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)8
