Example 56 with IDFFMetaManager
use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.
the class FSAssertionArtifactHandler method validateAssertions.
protected Subject validateAssertions(List assertions) {
FSUtils.debug.message("FSAssertionArtifactHandler.validateAssertions: Called");
// loop to check assertions
FSSubject subject = null;
Iterator iter = assertions.iterator();
FSAssertion assertion = null;
String aIDString = null;
String issuer = null;
Iterator stmtIter = null;
Statement statement = null;
int stmtType = Statement.NOT_SUPPORTED;
SubjectConfirmation subConf = null;
Set confMethods = null;
String confMethod = null;
Date date = null;
long time = System.currentTimeMillis() + 180000;
while (iter.hasNext()) {
assertion = (FSAssertion) iter.next();
if (!authnRequest.getRequestID().equals(assertion.getInResponseTo())) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion:" + " assertion does not correspond to any valid request");
return null;
}
if (FSServiceUtils.isSigningOn()) {
if (!verifyAssertionSignature(assertion)) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion:" + " assertion signature verification failed");
return null;
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "validateAssertion: Assertion signature verified");
}
aIDString = assertion.getAssertionID();
// make sure it's not being used
if (idTimeMap.containsKey(aIDString)) {
FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion: Assertion: " + aIDString + " is used");
return null;
}
// check issuer of the assertions
issuer = assertion.getIssuer();
try {
if (idpEntityId != null) {
if (!idpEntityId.equals(issuer)) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion: " + "Assertion issuer is not the entity where " + "AuthnRequest was sent originally.");
return null;
}
} else {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion: " + "Assertion issuer is: " + issuer);
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
IDPDescriptorType idpDesc = metaManager.getIDPDescriptor(realm, issuer);
if (idpDesc == null) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion:" + " Assertion issuer is not on the trust list");
return null;
}
setProviderDescriptor(idpDesc);
setProviderEntityId(issuer);
}
} catch (Exception ex) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion: " + "Assertion issuer is not on the trust list");
return null;
}
// must be valid(timewise)
if (!assertion.isTimeValid()) {
FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion:" + " Assertion's time is not valid.");
return null;
}
// TODO: IssuerInstant of the assertion is within a few minutes
// This is a MAY in spec. Which number to use for the few minutes?
// if present, target of the assertions must == local server IP
Conditions conds = assertion.getConditions();
if (!forThisServer(conds)) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion: " + "assertion is not issued for this site.");
return null;
}
//for each assertion, loop to check each statement
boolean authnStatementFound = false;
if (assertion.getStatement() != null) {
stmtIter = assertion.getStatement().iterator();
while (stmtIter.hasNext()) {
statement = (Statement) stmtIter.next();
stmtType = statement.getStatementType();
if (stmtType == Statement.AUTHENTICATION_STATEMENT) {
FSAuthenticationStatement authStatement = (FSAuthenticationStatement) statement;
authnStatementFound = true;
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "validateAssertion: " + "validating AuthenticationStatement:" + authStatement.toXMLString());
}
} catch (FSException e) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion: Exception. " + "Invalid AuthenticationStatement: ", e);
return null;
}
//check ReauthenticateOnOrAfter
reAuthnOnOrAfterDate = authStatement.getReauthenticateOnOrAfter();
//process SessionIndex
idpSessionIndex = authStatement.getSessionIndex();
authnContextStmt = authStatement.getAuthnContext();
subject = (FSSubject) authStatement.getSubject();
if (subject == null) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion: Subject is null");
return null;
} else {
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "validateAssertion: " + "found Authentication Statement. " + "Subject = " + subject.toXMLString());
}
} catch (FSException e) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion: " + " Exception. Invalid subject: ", e);
continue;
}
}
//bearer
if (((subConf = subject.getSubjectConfirmation()) == null) || ((confMethods = subConf.getConfirmationMethod()) == null) || (confMethods.size() != 1)) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion: " + "missing or extra ConfirmationMethod.");
return null;
}
if (((confMethod = (String) confMethods.iterator().next()) == null) || !((confMethod.equals(SAMLConstants.CONFIRMATION_METHOD_BEARER)) || (confMethod.equals(SAMLConstants.CONFIRMATION_METHOD_ARTIFACT)) || (confMethod.equals(SAMLConstants.DEPRECATED_CONFIRMATION_METHOD_ARTIFACT)))) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "validateAssertion: wrong " + "ConfirmationMethod");
return null;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "validateAssertion: Confirmation method: " + confMethod);
}
} else if (stmtType == Statement.ATTRIBUTE_STATEMENT) {
AttributeStatement attrStatement = (AttributeStatement) statement;
if (!checkForAttributeStatement(attrStatement)) {
attrStatements.add(attrStatement);
}
}
}
}
if (!authnStatementFound) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "validateAssertion: " + "No Authentication statement found in the Assertion. " + "User is not authenticated by the IDP");
}
return null;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "validateAssertion: Adding " + aIDString + " to idTimeMap.");
}
// add the assertion to idTimeMap
if ((date = conds.getNotOnorAfter()) != null) {
cGoThrough.addElement(aIDString);
idTimeMap.put(aIDString, new Long(date.getTime()));
} else {
cPeriodic.addElement(aIDString);
// it doesn't matter what we store for the value.
idTimeMap.put(aIDString, aIDString);
}
securityAssertions = assertion.getDiscoveryCredential();
}
if (subject == null) {
FSUtils.debug.error("FSAssertionArtifactHandler.validateAssertion:" + " couldn't find Subject.");
return null;
}
return subject;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
FSSubject(com.sun.identity.federation.message.FSSubject)
FSAuthenticationStatement(com.sun.identity.federation.message.FSAuthenticationStatement)
Statement(com.sun.identity.saml.assertion.Statement)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
FSAuthenticationStatement(com.sun.identity.federation.message.FSAuthenticationStatement)
Date(java.util.Date)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
Conditions(com.sun.identity.saml.assertion.Conditions)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
SubjectConfirmation(com.sun.identity.saml.assertion.SubjectConfirmation)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
FSAssertion(com.sun.identity.federation.message.FSAssertion)
Iterator(java.util.Iterator)
FSException(com.sun.identity.federation.common.FSException)
Example 57 with IDFFMetaManager
use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.
the class FSSSOAndFedService method onMessage.
/**
* SOAP JAXM Listener implementation for LECP AuthnRequest.
*
* @param request <code>HttpServletRequest</code> object
* @param response <code>HttpServletResponse</code> object
* @param message SOAP message that contains LECP request
*/
public void onMessage(HttpServletRequest request, HttpServletResponse response, SOAPMessage message) {
FSUtils.debug.message("FSSSOAndFedService.onMessage: Called");
try {
Element elt = soapService.parseSOAPMessage(message);
if (elt == null) {
FSUtils.debug.error("FSSSOAndFedService.onMessage: " + "Error in processing. Invalid SOAPMessage");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
String eltTagName = (elt.getTagName().trim());
String ns = elt.getNamespaceURI().trim();
String nodeName = elt.getLocalName().trim();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedService.onMessage: " + "tagName: " + eltTagName + " namespaceUri: " + ns + " localName: " + nodeName);
}
if (nodeName.equalsIgnoreCase("AuthnRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI)) || (ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
SOAPMessage retMessage = null;
try {
FSAuthnRequest authnRequest = new FSAuthnRequest(elt);
String metaAlias = FSServiceUtils.getMetaAlias(request);
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
String hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
IDPDescriptorType hostedDesc = metaManager.getIDPDescriptor(realm, hostEntityId);
BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
FSSessionManager sessionService = FSSessionManager.getInstance(metaAlias);
sessionService.setAuthnRequest(authnRequest.getRequestID(), authnRequest);
handleLECPRequest(request, response, authnRequest, hostedDesc, hostedConfig, realm, hostEntityId, metaAlias);
retMessage = null;
} catch (Exception e) {
FSUtils.debug.error("FSSSOAndFedService.onMessage: " + "Error in processing lecp AuthnRequest:", e);
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
returnSOAPMessage(retMessage, response);
return;
} else {
FSUtils.debug.error("FSSSOAndFedService.onMessage: Invalid SOAP Request:" + nodeName);
}
} catch (Exception e) {
FSUtils.debug.error("FSSSOAndFedService.onMessage: " + "Error in processing Request: Exception occured: ", e);
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
java.io.ByteArrayOutputStream strm = new java.io.ByteArrayOutputStream();
e.printStackTrace(new java.io.PrintStream(strm));
FSUtils.debug.error(strm.toString());
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
Also used :
Element(org.w3c.dom.Element)
FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest)
SOAPMessage(javax.xml.soap.SOAPMessage)
ServletException(javax.servlet.ServletException)
SOAPException(javax.xml.soap.SOAPException)
SessionException(com.sun.identity.plugin.session.SessionException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
Example 58 with IDFFMetaManager
use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.
the class FSIDPFinderService method getLoginURL.
private String getLoginURL(FSAuthnRequest authnRequest, String realm, String hostProviderID, HttpServletRequest httpRequest) {
if (authnRequest == null) {
FSUtils.debug.error("FSIDPFinderServer.getLoginURL: null authnrequest");
return null;
}
if (hostProviderID == null) {
FSUtils.debug.error("FSIDPFinderServer.getLoginURL: null hostProviderID");
return null;
}
IDPDescriptorType idpDescriptor = null;
BaseConfigType idpConfig = null;
try {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
idpDescriptor = metaManager.getIDPDescriptor(realm, hostProviderID);
idpConfig = metaManager.getIDPDescriptorConfig(realm, hostProviderID);
} catch (Exception e) {
FSUtils.debug.error("FSIDPFinderServer.getLoginURL : exception " + "while retrieving meta config", e);
return null;
}
String authType = authnRequest.getAuthContextCompType();
FSAuthnDecisionHandler authnDecisionHandler = new FSAuthnDecisionHandler(realm, hostProviderID, httpRequest);
List defAuthnCtxList = IDFFMetaUtils.getAttributeValueFromConfig(idpConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
FSAuthContextResult authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCtxList, authType);
return formatLoginURL(authnResult.getLoginURL(), authnResult.getAuthContextRef(), realm, hostProviderID, idpDescriptor, idpConfig, authnRequest, httpRequest);
}
Also used :
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSAuthnDecisionHandler(com.sun.identity.federation.services.FSAuthnDecisionHandler)
FSAuthContextResult(com.sun.identity.federation.services.FSAuthContextResult)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
ArrayList(java.util.ArrayList)
List(java.util.List)
ServletException(javax.servlet.ServletException)
COTException(com.sun.identity.cot.COTException)
FSException(com.sun.identity.federation.common.FSException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
IOException(java.io.IOException)
FSRedirectException(com.sun.identity.federation.common.FSRedirectException)
Example 59 with IDFFMetaManager
use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.
the class FSIntersiteTransferService method redirectToCommonDomain.
private void redirectToCommonDomain(HttpServletRequest request, HttpServletResponse response, String requestID) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService." + "redirectToCommonDomain: Called");
}
String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
try {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
HttpSession session = request.getSession(true);
Set cotSet = (Set) session.getAttribute(IFSConstants.SESSION_COTSET_ATTR);
CircleOfTrustManager cotManager = new CircleOfTrustManager();
if (cotSet == null) {
cotSet = cotManager.getAllCirclesOfTrust(realm);
if (cotSet != null) {
session.setAttribute(IFSConstants.SESSION_COTSET_ATTR, cotSet);
}
if (cotSet == null || cotSet.isEmpty()) {
FSUtils.debug.error("FSIntersiteTransferService. redirect" + "ToCommonDomain: No CommonDomain metadata found");
String[] data = { FSUtils.bundle.getString("noCommonDomainMetadata") };
LogUtil.error(Level.INFO, LogUtil.COMMON_DOMAIN_META_DATA_NOT_FOUND, data);
//response.sendRedirect(framedLoginPageURL);
FSUtils.forwardRequest(request, response, framedLoginPageURL);
return;
}
}
if (cotSet.isEmpty()) {
FSUtils.debug.error("FSIntersiteTransferService." + "redirectToCommonDomain: No more CommonDomain left");
String[] data = { FSUtils.bundle.getString("noCommonDomainMetadata") };
LogUtil.error(Level.INFO, LogUtil.COMMON_DOMAIN_META_DATA_NOT_FOUND, data);
//response.sendRedirect(framedLoginPageURL);
FSUtils.forwardRequest(request, response, framedLoginPageURL);
return;
}
Iterator iter = cotSet.iterator();
String cotName = (String) iter.next();
cotSet.remove(cotName);
session.setAttribute(IFSConstants.SESSION_COTSET_ATTR, cotSet);
String readerServiceURL = cotManager.getCircleOfTrust(realm, cotName).getIDFFReaderServiceURL();
if (readerServiceURL != null) {
StringBuffer redirectURL = new StringBuffer(300);
StringBuffer returnURL = request.getRequestURL();
returnURL.append("?").append(IFSConstants.AUTH_REQUEST_ID).append("=").append(URLEncDec.encode(requestID));
returnURL.append("&").append(IFSConstants.META_ALIAS).append("=").append(URLEncDec.encode(metaAlias));
redirectURL.append(readerServiceURL);
redirectURL.append("?");
redirectURL.append(IFSConstants.LRURL);
redirectURL.append("=");
redirectURL.append(URLEncDec.encode(returnURL.toString()));
String url = redirectURL.toString();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService." + "redirectToCommonDomain: " + "Redirecting to check for PrefferedIDP @:" + url);
}
response.setHeader("Location", url);
response.sendRedirect(url);
return;
}
} catch (COTException e) {
FSUtils.debug.error("FSIntersiteTransferService." + "redirectToCommonDomain: " + "COTException occured while trying to " + "redirect to the CommonDomain: ", e);
try {
//response.sendRedirect(framedLoginPageURL);
FSUtils.forwardRequest(request, response, framedLoginPageURL);
} catch (Exception ex) {
FSUtils.debug.error("FSIntersiteTransferService." + "redirectToCommonDomain: IOException : ", ex);
}
return;
} catch (IOException e) {
FSUtils.debug.error("FSIntersiteTransferService." + "redirectToCommonDomain: IOException" + " occured while trying to redirect to the CommonDomain: ", e);
return;
}
}
Also used :
Set(java.util.Set)
CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
HttpSession(javax.servlet.http.HttpSession)
Iterator(java.util.Iterator)
COTException(com.sun.identity.cot.COTException)
IOException(java.io.IOException)
ServletException(javax.servlet.ServletException)
FSSignatureException(com.sun.identity.federation.services.util.FSSignatureException)
COTException(com.sun.identity.cot.COTException)
IOException(java.io.IOException)
Example 60 with IDFFMetaManager
use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.
the class SingleLogoutManager method sendLogoutResponse.
/**
* Sends logout response, this is for the case of HTTP binding
* There are two cases here:
* 1. IDP initiated HTTP Logout, just redirect user browser to original
* relaystate.
* 2. SP initiated HTTP logout, need to send LogoutResponse back to SP.
*/
void sendLogoutResponse(HttpServletRequest request, HttpServletResponse response, String relayState) throws IOException {
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutResponse: relaystate=" + relayState);
}
String logoutResponseXML = (String) sloResponseXMLMap.get(relayState);
if (logoutResponseXML == null) {
// first case, just redirect to original relayState
String origRelayState = (String) relayStateMap.get(relayState);
int logoutStatus = ((Integer) currentStatusMap.get(relayState)).intValue();
String statusString = MultiProtocolUtils.getLogoutStatus(logoutStatus);
if ((origRelayState == null) || (origRelayState.length() == 0)) {
// TODO : get default single logout URL for each protocol
response.getWriter().print("Logout DONE. Status = " + statusString);
} else {
// include logout status
if (origRelayState.indexOf("?") == -1) {
response.sendRedirect(origRelayState + "?" + SingleLogoutManager.STATUS_PARAM + "=" + statusString);
} else {
response.sendRedirect(origRelayState + "&" + SingleLogoutManager.STATUS_PARAM + "=" + statusString);
}
}
} else {
String protocol = (String) origProtocolMap.get(relayState);
String spEntityID = (String) spEntityIDMap.get(relayState);
String origRelayState = (String) relayStateMap.get(relayState);
String realm = (String) realmMap.get(relayState);
String idpEntityID = (String) idpEntityIDMap.get(relayState);
int currentStatus = ((Integer) currentStatusMap.get(relayState)).intValue();
if (protocol.equals(SingleLogoutManager.SAML2)) {
try {
LogoutResponse logResp = ProtocolFactory.getInstance().createLogoutResponse(logoutResponseXML);
String location = logResp.getDestination();
String statusVal = logResp.getStatus().getStatusCode().getValue();
String newVal = getNewStatusCode(currentStatus, statusVal);
if (!statusVal.equals(newVal)) {
logResp.getStatus().getStatusCode().setValue(statusVal);
}
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "(SAML2) location=" + location + " orig status=" + statusVal + ", new status=" + newVal + ", orig relay=" + origRelayState + ", realm=" + realm + ", idpEntityID=" + idpEntityID + ", spEntityID=" + spEntityID);
}
LogoutUtil.sendSLOResponse(response, logResp, location, origRelayState, realm, idpEntityID, SAML2Constants.IDP_ROLE, spEntityID);
} catch (SAML2Exception ex) {
debug.error("SingleLogoutManager.sendLogoutResponse:saml2", ex);
throw new IOException(ex.getMessage());
}
} else if (protocol.equals(SingleLogoutManager.IDFF)) {
boolean failed = false;
String logoutDoneURL = null;
try {
debug.message("SingleLogoutManager.sendLogoutResp: IDFF");
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
ProviderDescriptorType descriptor = metaManager.getSPDescriptor(realm, spEntityID);
String retURL = descriptor.getSingleLogoutServiceReturnURL();
Element elem = XMLUtils.toDOMDocument(logoutResponseXML, SingleLogoutManager.debug).getDocumentElement();
FSLogoutResponse responseLogout = new FSLogoutResponse(elem);
BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, idpEntityID);
logoutDoneURL = FSServiceUtils.getLogoutDonePageURL(request, hostedConfig, null);
Status status = responseLogout.getStatus();
String statusVal = status.getStatusCode().getValue();
String newVal = getNewStatusCode(currentStatus, statusVal);
if (!statusVal.equals(newVal)) {
com.sun.identity.saml.protocol.StatusCode statCode = new com.sun.identity.saml.protocol.StatusCode(newVal);
com.sun.identity.saml.protocol.Status stat = new com.sun.identity.saml.protocol.Status(statCode);
responseLogout.setStatus(stat);
}
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "(IDFF) orig status=" + statusVal + ", new status=" + newVal + ", orig relay=" + origRelayState + ", logout done URL=" + logoutDoneURL + ", realm=" + realm + ", idpEntityID=" + idpEntityID + ", spEntityID=" + spEntityID);
}
String urlEncodedResponse = responseLogout.toURLEncodedQueryString();
// Sign the request querystring
if (FSServiceUtils.isSigningOn()) {
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null || certAlias.length() == 0) {
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "signSAMLRequest couldn't obtain cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
} else {
urlEncodedResponse = FSSignatureUtil.signAndReturnQueryString(urlEncodedResponse, certAlias);
}
}
StringBuffer redirectURL = new StringBuffer();
redirectURL.append(retURL);
if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
redirectURL.append(IFSConstants.QUESTION_MARK);
} else {
redirectURL.append(IFSConstants.AMPERSAND);
}
redirectURL.append(urlEncodedResponse);
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendResponse " + "for IDFF, url = " + redirectURL.toString());
}
response.sendRedirect(redirectURL.toString());
} catch (FSMsgException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
} catch (SAMLException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
;
} catch (IDFFMetaException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
} catch (IOException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
}
if (failed) {
FSServiceUtils.returnLocallyAfterOperation(response, logoutDoneURL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
}
} else if (protocol.equals(SingleLogoutManager.WS_FED)) {
debug.message("SingleLogoutManager.sendLogoutResponse: WSFED");
if (origRelayState != null) {
response.sendRedirect(origRelayState);
} else {
response.getWriter().print("Logout DONE.");
}
} else {
// should never come here
debug.error("SingleLogoutManager.sendLogoutResponse: invalid" + " protocol : " + protocol);
}
}
cleanupParameters(relayState);
return;
}
Also used :
Element(org.w3c.dom.Element)
SAMLException(com.sun.identity.saml.common.SAMLException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
Status(com.sun.identity.saml.protocol.Status)
Status(com.sun.identity.saml.protocol.Status)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
LogoutResponse(com.sun.identity.saml2.protocol.LogoutResponse)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
IOException(java.io.IOException)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Aggregations
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)69
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)63
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)27
Iterator (java.util.Iterator)24
List (java.util.List)21
Set (java.util.Set)20
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)18
Map (java.util.Map)18
HashMap (java.util.HashMap)16
FSException (com.sun.identity.federation.common.FSException)15
ArrayList (java.util.ArrayList)15
HashSet (java.util.HashSet)14
IDPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)10
SAMLException (com.sun.identity.saml.common.SAMLException)10
IOException (java.io.IOException)10
CLIException (com.sun.identity.cli.CLIException)9
ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)9
IDPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)8
SPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)7
EntityDescriptorElement (com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement)7
