Example 11 with IDFFMetaException
use of com.sun.identity.federation.meta.IDFFMetaException in project OpenAM by OpenRock.
the class FSReturnLogoutServlet method doGetPost.
/**
* Processes logout response.
* @param request an <code>HttpServletRequest</code> object that contains
* the request the client has made of the servlet.
* @param response an <code>HttpServletResponse</code> object that contains
* the response the servlet sends to the client.
* @exception ServletException if an input or output error is detected when
* the servlet handles the request
* @exception IOException if the request could not be handled
*/
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
FSUtils.debug.message("FSReturnLogoutServlet doGetPost...");
// Alias processing
String providerAlias = request.getParameter(IFSConstants.META_ALIAS);
if (providerAlias == null || providerAlias.length() < 1) {
providerAlias = FSServiceUtils.getMetaAlias(request);
}
if (providerAlias == null || providerAlias.length() < 1) {
FSUtils.debug.message("Unable to retrieve alias, Hosted" + " Provider. Cannot process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("aliasNotFound"));
return;
}
Object ssoToken = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
if ((ssoToken == null) || (!sessionProvider.isValid(ssoToken))) {
FSUtils.debug.message("FSReturnLogoutRequest: Unable to get principal");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullSSOToken"));
return;
}
univId = sessionProvider.getPrincipalName(ssoToken);
} catch (SessionException ssoExp) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSReturnLogoutRequest: Unable to get principal", ssoExp);
}
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullSSOToken"));
return;
}
if (metaManager == null) {
FSUtils.debug.error("Failed to get meta manager");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FEDERATION_FAILED_META_INSTANCE));
return;
}
String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
String hostedRole = null;
String hostedEntityId = null;
BaseConfigType hostedConfig = null;
try {
hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedRole != null) {
if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
} else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
}
}
if (hostedConfig == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException e) {
FSUtils.debug.error("Failed to get Hosted Provider");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
return;
}
setLogoutURL(request, hostedConfig, providerAlias);
// Here we will need to
// 1. verify response signature
// 2. verify response status
// 3. retrieve registration request Id from Map
// 4. if status success then do locally else not do locally and
// 5. show status page or LRURL if found in MAP (eg intersiteTransfer)
FSLogoutResponse logoutResponse = null;
try {
logoutResponse = FSLogoutResponse.parseURLEncodedRequest(request);
} catch (FSMsgException e) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
} catch (SAMLException e) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
}
String remoteEntityId = logoutResponse.getProviderId();
ProviderDescriptorType remoteDesc = null;
boolean isRemoteIDP = false;
try {
if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
} else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
isRemoteIDP = true;
}
} catch (IDFFMetaException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSLogoutReturnServlet.doGetPost:", e);
}
}
if (remoteDesc == null) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
}
boolean bVerify = true;
if (FSServiceUtils.isSigningOn()) {
try {
bVerify = verifyResponseSignature(request, remoteDesc, remoteEntityId, isRemoteIDP);
} catch (SAMLException e) {
bVerify = false;
} catch (FSException e) {
bVerify = false;
}
}
Status status = logoutResponse.getStatus();
String logoutStatus = status.getStatusCode().getValue();
// remove session partner in case of logout success or this is IDP
if (logoutStatus.equalsIgnoreCase(IFSConstants.SAML_SUCCESS) || !isRemoteIDP) {
FSLogoutUtil.removeCurrentSessionPartner(providerAlias, remoteEntityId, ssoToken, univId);
}
if (bVerify) {
// in ReturnSessionManager only if it is failure
if (!logoutStatus.equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
FSReturnSessionManager localManager = FSReturnSessionManager.getInstance(providerAlias);
if (localManager != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("update status of logout to failure " + " in session manager");
}
localManager.setLogoutStatus(logoutStatus, univId);
} else {
FSUtils.debug.message("Cannot get FSReturnSessionManager");
}
FSUtils.debug.error("FSReturnLogoutServlet, failed logout response " + logoutStatus);
String[] data = { univId };
LogUtil.error(Level.INFO, LogUtil.LOGOUT_FAILED, data, ssoToken);
FSLogoutUtil.sendErrorPage(request, response, providerAlias);
return;
}
} else {
FSUtils.debug.error("FSReturnLogoutServlet " + "Signature on logout response is invalid" + "Cannot proceed logout");
String[] data = { univId };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data, ssoToken);
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
}
StringBuffer processLogout = new StringBuffer();
request.setAttribute("logoutSource", "remote");
processLogout.append(IFSConstants.SLO_VALUE).append("/").append(IFSConstants.META_ALIAS).append(providerAlias);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("About to get RequestDispatcher for " + processLogout.toString());
}
RequestDispatcher dispatcher = getServletConfig().getServletContext().getRequestDispatcher(processLogout.toString());
if (dispatcher == null) {
FSUtils.debug.message("RequestDispatcher is null");
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to find " + processLogout + "\ncalling sendErrorPage ");
}
FSLogoutUtil.sendErrorPage(request, response, providerAlias);
return;
}
dispatcher.forward(request, response);
return;
}
Also used :
Status(com.sun.identity.saml.protocol.Status)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
SessionException(com.sun.identity.plugin.session.SessionException)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
SAMLException(com.sun.identity.saml.common.SAMLException)
RequestDispatcher(javax.servlet.RequestDispatcher)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSException(com.sun.identity.federation.common.FSException)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 12 with IDFFMetaException
use of com.sun.identity.federation.meta.IDFFMetaException in project OpenAM by OpenRock.
the class FSIDPFinderService method doGet.
/**
* Gets <code>IDP</code> from common domain and sends proxy authentication
* request to the <code>IDP</code>.
* @param request <code>HttpServletRequest</code> object
* @param response <code>HttpServletResponse</code> object
* @exception ServletException, IOException if error occurred.
*/
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
if (request == null || response == null) {
FSUtils.debug.error("FSIDPFinderService.doGet:: Null Input");
return;
}
FSUtils.debug.message("FSIDPFinderService.doGet::Init");
String entityID = request.getParameter("ProviderID");
String requestID = request.getParameter("RequestID");
String realm = request.getParameter("Realm");
if (entityID == null || requestID == null || realm == null) {
FSUtils.debug.error("FSIDPFinderService.doGet:: Request is missing" + "either ProviderID or the RequestID");
throw new ServletException("invalidRequest");
}
String idpID = null;
try {
idpID = getCommonDomainIDP(request, response, realm, entityID, requestID);
} catch (FSRedirectException fe) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFinderService.doGet:Redirection" + " has happened");
}
return;
}
String hostMetaAlias = null;
BaseConfigType hostConfig = null;
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
try {
if (metaManager != null) {
hostConfig = metaManager.getIDPDescriptorConfig(realm, entityID);
if (hostConfig != null) {
hostMetaAlias = hostConfig.getMetaAlias();
}
}
} catch (IDFFMetaException ie) {
FSUtils.debug.error("FSIDPFinderService.doGet:: Failure in " + "getting proxying hosted meta:", ie);
return;
}
FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
FSAuthnRequest authnReq = sessionManager.getAuthnRequest(requestID);
// is same as the local provider then do a local login.
if (idpID == null || idpID.equals(entityID)) {
String loginURL = getLoginURL(authnReq, realm, entityID, request);
if (loginURL == null) {
FSUtils.debug.error("FSIDPFinderService.doGet : login url" + " is null");
return;
}
response.setHeader("Location", loginURL);
response.sendRedirect(loginURL);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFinderService.doGet:IDP to be proxied:" + idpID);
}
// Now proxy the authentication request to the preferred IDP.
try {
FSProxyHandler handler = new FSProxyHandler(request, response);
handler.setHostedEntityId(entityID);
IDPDescriptorType hostDesc = null;
SPDescriptorType origSPDesc = null;
if (metaManager != null) {
hostDesc = metaManager.getIDPDescriptor(realm, entityID);
origSPDesc = metaManager.getSPDescriptor(realm, authnReq.getProviderId());
}
handler.setSPDescriptor(origSPDesc);
handler.setHostedDescriptor(hostDesc);
handler.setHostedDescriptorConfig(hostConfig);
handler.setMetaAlias(hostMetaAlias);
handler.setRealm(realm);
handler.sendProxyAuthnRequest(authnReq, idpID);
} catch (IDFFMetaException ie) {
FSUtils.debug.error("FSIDPFinderService.doGet:: Failure in " + "getting proxying hosted meta:", ie);
} catch (FSException fe) {
FSUtils.debug.error("FSIDPFinderService.doGet:: Failure in " + "sending the proxy authentication request.", fe);
}
}
}
Also used :
ServletException(javax.servlet.ServletException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest)
FSException(com.sun.identity.federation.common.FSException)
FSRedirectException(com.sun.identity.federation.common.FSRedirectException)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
Example 13 with IDFFMetaException
use of com.sun.identity.federation.meta.IDFFMetaException in project OpenAM by OpenRock.
the class FSSingleLogoutHandler method getMultiLogoutRequest.
/**
* Prepares the IMG tags that correspond to Single logout requests that
* will all be shown in a single page when HTTP GET profile is used.
* @param providerMap contains information about all the providers
* for whom GET is the logout profile
* @return String that has the IMG tags for each provider to be notified
*/
private String getMultiLogoutRequest(HashMap providerMap) {
try {
Vector providerList = (Vector) providerMap.get(IFSConstants.PROVIDER);
HashMap sessionList = (HashMap) providerMap.get(IFSConstants.SESSION_INDEX);
StringBuffer imgString = new StringBuffer();
if (providerList != null) {
for (int i = 0; i < providerList.size(); i++) {
String providerId = (String) providerList.elementAt(i);
FSAccountFedInfo currentAccount = FSLogoutUtil.getCurrentWorkingAccount(userID, providerId, metaAlias);
FSLogoutNotification reqLogout = createSingleLogoutRequest(currentAccount, (String) sessionList.get(providerId));
ProviderDescriptorType descriptor = metaManager.getSPDescriptor(realm, providerId);
reqLogout.setMinorVersion(getMinorVersion(descriptor));
String urlEncodedRequest = reqLogout.toURLEncodedQueryString();
// Sign the request querystring
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("certalias : " + certAlias);
}
if (certAlias == null || certAlias.length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler" + " getMultiLogoutRequest: couldn't obtain " + "this site's cert alias.");
}
continue;
}
urlEncodedRequest = FSSignatureUtil.signAndReturnQueryString(urlEncodedRequest, certAlias);
StringBuffer redirectURL = new StringBuffer();
String retURL = descriptor.getSingleLogoutServiceURL();
redirectURL.append(retURL);
if (retURL.indexOf(QUESTION_MARK) == -1) {
redirectURL.append(QUESTION_MARK);
} else {
redirectURL.append(AMPERSAND);
}
redirectURL.append(urlEncodedRequest);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler::" + "doHttpRedirect URL is " + redirectURL.toString());
}
imgString.append("<IMG SRC=\"").append(redirectURL.toString()).append("\" />");
}
return imgString.toString();
}
} catch (FSMsgException e) {
FSUtils.debug.error("FSSingleLogoutHandler::getMultiLogoutRequest" + " FSMsgException", e);
} catch (IDFFMetaException e) {
FSUtils.debug.error("FSSingleLogoutHandler::getMultiLogoutRequest" + " IDFFMetaException", e);
}
FSUtils.debug.error("Returning null from getMultiLogoutRequest");
return null;
}
Also used :
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
HashMap(java.util.HashMap)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
FSLogoutNotification(com.sun.identity.federation.message.FSLogoutNotification)
Vector(java.util.Vector)
Example 14 with IDFFMetaException
use of com.sun.identity.federation.meta.IDFFMetaException in project OpenAM by OpenRock.
the class FSLogoutUtil method getLogoutGETProviders.
/**
* Returns the list of all providers who want to be
* notified of logout using HTTP GET profile.
* @param userID principal who needs to be logged out
* @param entityId current provider who uses HTTP GET profile for logout
* @param sessionIndex for the current provider
* @param realm the realm in which the provider resides
* @param metaAlias the hosted provider performing logout
* @return HashMap list of providers who indicate preference to be notified
* of logout using GET profile
*/
protected static HashMap getLogoutGETProviders(String userID, String entityId, String sessionIndex, String realm, String metaAlias) {
try {
FSUtils.debug.message("Entered FSLogoutUtil::getLogoutGETProviders");
HashMap retMap = new HashMap();
Vector providerVector = new Vector();
HashMap sessionProvider = new HashMap();
providerVector.addElement(entityId);
sessionProvider.put(entityId, sessionIndex);
FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
synchronized (sessionMgr) {
FSUtils.debug.message("About to call getSessionList");
List sessionList = sessionMgr.getSessionList(userID);
if (sessionList != null && !sessionList.isEmpty()) {
FSUtils.debug.message("Session List is not empty");
Iterator iSessionIter = sessionList.iterator();
FSSession sessionObj;
while (iSessionIter.hasNext()) {
sessionObj = (FSSession) iSessionIter.next();
if ((sessionObj.getSessionPartners()).isEmpty()) {
continue;
} else {
String nSessionIndex = sessionObj.getSessionIndex();
List sessionPartners = sessionObj.getSessionPartners();
Iterator iPartnerIter = sessionPartners.iterator();
FSSessionPartner sessionPartner;
while (iPartnerIter.hasNext()) {
sessionPartner = (FSSessionPartner) iPartnerIter.next();
// Only SP can specify GET profile for logout
if (!sessionPartner.getIsRoleIDP()) {
String curEntityId = sessionPartner.getPartner();
ProviderDescriptorType curDesc = metaManager.getSPDescriptor(realm, curEntityId);
if (curDesc != null) {
List profiles = curDesc.getSingleLogoutProtocolProfile();
if (profiles != null && !profiles.isEmpty()) {
if (((String) profiles.iterator().next()).equals(IFSConstants.LOGOUT_IDP_GET_PROFILE)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("provider " + curEntityId + " Added for GET");
}
providerVector.addElement(curEntityId);
sessionProvider.put(curEntityId, nSessionIndex);
}
}
}
}
}
}
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Session List is empty, returning " + "current provider from getLogoutGETProviders");
}
}
retMap.put(IFSConstants.PROVIDER, providerVector);
retMap.put(IFSConstants.SESSION_INDEX, sessionProvider);
return retMap;
}
} catch (IDFFMetaException e) {
FSUtils.debug.error("IDFFMetaException in function " + " getLogoutGETProviders", e);
return null;
}
}
Also used :
FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner)
HashMap(java.util.HashMap)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
Iterator(java.util.Iterator)
FSSession(com.sun.identity.federation.services.FSSession)
List(java.util.List)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
Vector(java.util.Vector)
Example 15 with IDFFMetaException
use of com.sun.identity.federation.meta.IDFFMetaException in project OpenAM by OpenRock.
the class FSRealmIDPProxyImpl method getPreferredIDP.
/**
* Returns the preferred IDP.
* @param authnRequest original authnrequest
* @param realm The realm under which the entity resides.
* @param hostEntityID ProxyIDP entity ID.
* @param request <code>HttpServletRequest</code> object
* @param response <code>HttpServletResponse</code> object
* @return providerID of the authenticating provider to be proxied.
* @exception FSRedirectException if redirect was done
*/
public String getPreferredIDP(FSAuthnRequest authnRequest, String realm, String hostEntityID, HttpServletRequest request, HttpServletResponse response) throws FSRedirectException {
FSUtils.debug.message("FSIDPProxyImpl.getPreferredIDP:Init");
try {
Map attributes = IDFFMetaUtils.getAttributes(FSUtils.getIDFFMetaManager().getSPDescriptorConfig(realm, authnRequest.getProviderId()));
String useIntroductionForProxying = IDFFMetaUtils.getFirstAttributeValue(attributes, IFSConstants.USE_INTRODUCTION_FOR_IDP_PROXY);
if (useIntroductionForProxying == null || !useIntroductionForProxying.equals("true")) {
List proxyIDPs = (List) attributes.get(IFSConstants.IDP_PROXY_LIST);
if (proxyIDPs == null || proxyIDPs.isEmpty()) {
FSUtils.debug.error("FSIDPProxyImpl.getPrefferedIDP:" + "Preferred IDPs are null.");
return null;
}
return (String) proxyIDPs.iterator().next();
} else {
StringBuffer redirectURL = new StringBuffer(100);
String baseURL = FSServiceUtils.getBaseURL(request);
redirectURL.append(baseURL).append(IFSConstants.IDP_FINDER_URL).append("?").append("RequestID=").append(authnRequest.getRequestID()).append("&").append("Realm=").append(realm).append("&").append("ProviderID=").append(hostEntityID);
FSUtils.forwardRequest(request, response, redirectURL.toString());
throw new FSRedirectException(FSUtils.bundle.getString("Redirection_Happened"));
}
} catch (IDFFMetaException ex) {
FSUtils.debug.error("FSIDPProxyImpl.getPreferredIDP: " + "meta Exception in retrieving the preferred IDP", ex);
return null;
} catch (Exception e) {
FSUtils.debug.error("FSIDPProxyImpl.getPreferredIDP: " + "Exception in retrieving the preferred IDP", e);
return null;
}
}
Also used :
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSRedirectException(com.sun.identity.federation.common.FSRedirectException)
List(java.util.List)
Map(java.util.Map)
FSRedirectException(com.sun.identity.federation.common.FSRedirectException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
Aggregations
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)89
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)55
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)30
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)27
Iterator (java.util.Iterator)25
Map (java.util.Map)25
HashMap (java.util.HashMap)24
List (java.util.List)24
ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)22
Set (java.util.Set)21
SAMLException (com.sun.identity.saml.common.SAMLException)17
HashSet (java.util.HashSet)17
ArrayList (java.util.ArrayList)14
FSException (com.sun.identity.federation.common.FSException)13
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)12
CLIException (com.sun.identity.cli.CLIException)10
SessionException (com.sun.identity.plugin.session.SessionException)9
IOException (java.io.IOException)9
IDPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)8
SPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)8
