Example 66 with IDFFMetaManager
use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.
the class FSSOAPReceiver method handleLogoutRequest.
/**
* Initiates the processing of the logout request received from a remote
* trusted provider.
* @param elt containing the logout request in the XML message
* @param logoutRequest logout notification
* @param msgLogout logout message
* @param request http request object
* @param response http response object
* @param hostedProviderDesc hosted provider meta descriptor
* @param hostedConfig hosted provider's extended meta
* @param providerAlias hosted provider's meta alias
* @param realm The realm under which the entity resides.
* @param hostedEntityId hosted provider's entity ID
* @param hostedRole hosted provider's role
* @return null if error in processing, or Map containing two
* keys, MESSAGE for SOAPMessage object and USERID for userID string
*/
private Map handleLogoutRequest(Element elt, FSLogoutNotification logoutRequest, SOAPMessage msgLogout, HttpServletRequest request, HttpServletResponse response, ProviderDescriptorType hostedProviderDesc, BaseConfigType hostedConfig, String providerAlias, String realm, String hostedEntityId, String hostedRole) {
try {
String remoteEntityId = logoutRequest.getProviderId();
ProviderDescriptorType remoteDesc = getRemoteProviderDescriptor(hostedRole, remoteEntityId, realm);
if (remoteDesc == null) {
return null;
}
boolean isIDP = false;
if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
isIDP = true;
}
X509Certificate remoteCert = KeyUtil.getVerificationCert(remoteDesc, remoteEntityId, isIDP);
if (!FSServiceUtils.isSigningOn() || verifyRequestSignature(elt, msgLogout, remoteCert)) {
FSUtils.debug.message("Logout Signature successfully verified");
if (providerAlias == null || providerAlias.length() < 1) {
FSUtils.debug.message("Unable to retrieve alias, " + "Hosted Provider Cannot process logout request");
return null;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest: " + "Completed forming request FSLogoutNotification");
}
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager.isTrustedProvider(realm, hostedEntityId, remoteEntityId)) {
String userID = FSLogoutUtil.getUserFromRequest(logoutRequest, realm, hostedEntityId, hostedRole, hostedConfig, providerAlias);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + " found user Id = " + userID);
}
// Call SP Adapter preSingleLogoutProcess for IDP/SOAP
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver, " + "call preSingleLogoutProcess, IDP/SOAP");
}
try {
spAdapter.preSingleLogoutProcess(hostedEntityId, request, response, userID, logoutRequest, null, IFSConstants.LOGOUT_IDP_SOAP_PROFILE);
} catch (Exception e) {
// ignore adapter process error
FSUtils.debug.error("preSingleLogoutProcess." + "IDP/SOAP", e);
}
}
}
// TODO : change to use FSLogoutUtil.liveConnectionsExist
if (!isUserExists(userID, providerAlias)) {
//to do the cleanup
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest: User " + "does not exist locally. Finding remotely");
}
List platformList = null;
try {
platformList = SystemConfigurationUtil.getServerList();
} catch (SystemConfigurationException se) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest: " + "Couldn't find remote server:", se);
}
}
if (platformList == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + "platformList is null");
}
return null;
}
Iterator iter = platformList.iterator();
while (iter.hasNext()) {
String remoteServerURL = (String) iter.next();
StringBuffer tmpremoteURL = new StringBuffer(remoteServerURL);
tmpremoteURL.append(SystemConfigurationUtil.getProperty("com.iplanet.am.services." + "deploymentDescriptor"));
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + "remoteServerURL = " + remoteServerURL + " and self serverUrl =" + FSServiceUtils.getBaseURL());
}
if ((FSServiceUtils.getBaseURL()).equalsIgnoreCase(remoteServerURL.toString())) {
continue;
}
FSAssertionManagerClient amc = new FSAssertionManagerClient(providerAlias, getFullServiceURL(remoteServerURL));
if (amc.isUserExists(userID)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + "user found here =" + remoteServerURL);
}
StringBuffer remoteURL = new StringBuffer();
remoteURL.append(remoteServerURL.toString()).append(SystemConfigurationUtil.getProperty("com.iplanet.am.services." + "deploymentDescriptor")).append(IFSConstants.SOAP_END_POINT_VALUE).append("/").append(IFSConstants.META_ALIAS).append(providerAlias);
FSSOAPService instSOAP = FSSOAPService.getInstance();
SOAPMessage retSOAPMessage = null;
if (instSOAP != null) {
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Forward logout request to " + remoteURL.toString());
}
retSOAPMessage = instSOAP.sendMessage(msgLogout, remoteURL.toString());
if (retSOAPMessage != null) {
Map map = new HashMap();
map.put(MESSAGE, retSOAPMessage);
if (userID != null) {
map.put(USERID, userID);
}
return map;
} else {
return null;
}
} catch (SOAPException e) {
FSUtils.debug.error("FSSOAPException in doSOAPProfile" + " Cannot send request", e);
return null;
}
} else {
return null;
}
}
}
}
FSServiceManager instService = FSServiceManager.getInstance();
if (instService != null) {
FSPreLogoutHandler logoutHandler = instService.getPreLogoutHandler();
if (logoutHandler != null) {
logoutHandler.setHostedDescriptor(hostedProviderDesc);
logoutHandler.setHostedDescriptorConfig(hostedConfig);
logoutHandler.setHostedEntityId(hostedEntityId);
logoutHandler.setHostedProviderRole(hostedRole);
logoutHandler.setMetaAlias(providerAlias);
logoutHandler.setRealm(realm);
logoutHandler.setRemoteDescriptor(remoteDesc);
logoutHandler.setRemoteEntityId(remoteEntityId);
logoutHandler.setLogoutRequest(logoutRequest);
FSLogoutStatus bProcessStatus = logoutHandler.processSingleLogoutRequest(logoutRequest);
if (bProcessStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
MessageFactory factory = MessageFactory.newInstance();
SOAPMessage successSOAP = factory.createMessage();
if (successSOAP != null) {
Map map = new HashMap();
map.put(MESSAGE, successSOAP);
if (userID != null) {
map.put(USERID, userID);
}
return map;
} else {
return null;
}
} else if (bProcessStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_UNSUPPORTED)) {
SOAPMessage retSOAPMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
if (retSOAPMessage != null) {
Map map = new HashMap();
map.put(MESSAGE, retSOAPMessage);
if (userID != null) {
map.put(USERID, userID);
}
return map;
} else {
return null;
}
} else {
return null;
}
} else {
FSUtils.debug.error("Unable to get PreLogoutHandler");
FSUtils.debug.error("Cannot process request");
return null;
}
} else {
FSUtils.debug.message("FSServiceManager instance is" + "null. Cannot process logout request");
return null;
}
}
FSUtils.debug.message("Remote provider not in trusted list");
return null;
} else {
FSUtils.debug.error("Logout Signature failed verification");
return null;
}
} catch (Exception se) {
FSUtils.debug.error("FSSOAPService::handleLogoutRequest failed", se);
return null;
}
}
Also used :
MessageFactory(javax.xml.soap.MessageFactory)
HashMap(java.util.HashMap)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
FSLogoutStatus(com.sun.identity.federation.services.logout.FSLogoutStatus)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
SOAPMessage(javax.xml.soap.SOAPMessage)
X509Certificate(java.security.cert.X509Certificate)
SOAPException(javax.xml.soap.SOAPException)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSException(com.sun.identity.federation.common.FSException)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
SOAPException(javax.xml.soap.SOAPException)
FSPreLogoutHandler(com.sun.identity.federation.services.logout.FSPreLogoutHandler)
Iterator(java.util.Iterator)
List(java.util.List)
FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 67 with IDFFMetaManager
use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.
the class FSDefaultRealmAttributePlugin method getAttributeStatements.
/**
* Returns list of <code>AttributeStatement</code>s by using attribute
* map defined in the configuration.
* @param realm The realm under which the entity resides.
* @param hostEntityId Hosted identity provider entity id.
* @param remoteEntityID Remote provider's entity id
* @param subject Subject subject of the authenticated principal.
* @param token user's session.
* @return list of SAML <code>AttributeStatement<code>s.
*/
public List getAttributeStatements(String realm, String hostEntityId, String remoteEntityID, FSSubject subject, Object token) {
FSUtils.debug.message("FSDefaultAttributePlugin.getAttributeStatements");
Map attributeMap = null;
try {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager != null) {
IDPDescriptorConfigElement idpConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
if (idpConfig != null) {
Map attributes = IDFFMetaUtils.getAttributes(idpConfig);
attributeMap = FSServiceUtils.parseAttributeConfig((List) attributes.get(IFSConstants.IDP_ATTRIBUTE_MAP));
}
}
} catch (IDFFMetaException me) {
FSUtils.debug.error("FSDefaultAttributePlugin.getAttribute" + "Statements: meta exception.", me);
return null;
}
if (attributeMap == null || attributeMap.isEmpty()) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultAttributePlugin.getAttribute" + "Statements: Attribute map configuration is empty.");
}
return null;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultAttributePlugin.getAttribute" + "Statements: Attribute map configuration: " + attributeMap);
}
}
List statements = new ArrayList();
List attributes = new ArrayList();
try {
Iterator iter = attributeMap.entrySet().iterator();
while (iter.hasNext()) {
Map.Entry entry = (Map.Entry) iter.next();
String attributeName = (String) entry.getKey();
String attributeValue = getAttributeValue(token, (String) entry.getValue());
if (attributeValue != null) {
Attribute attr = new Attribute(attributeName, SAMLConstants.assertionSAMLNameSpaceURI, attributeValue);
attributes.add(attr);
}
}
AttributeStatement statement = new AttributeStatement(subject, attributes);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultAttributePlugin.getAttribute" + "Statements: attribute statement: " + statement.toString());
}
statements.add(statement);
return statements;
} catch (SAMLException ex) {
FSUtils.debug.error("FSDefaultAttributePlugin.getAttribute" + "Statements: SAML Exception", ex);
}
return new ArrayList();
}
Also used :
Attribute(com.sun.identity.saml.assertion.Attribute)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ArrayList(java.util.ArrayList)
SAMLException(com.sun.identity.saml.common.SAMLException)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
IDPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)
Map(java.util.Map)
Example 68 with IDFFMetaManager
use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.
the class FSServiceManager method getNameRegistrationHandler.
/*
* Returns name registration handler. This method is invoked by the
* <code>SP</code> at the end of account federation if name registration is
* turned on.
* The <code>remoteEntityId</code> passed is that of the <code>IdP</code>
* with whom registration will be done.
* @param realm the realm in which the provider resides
* @param remoteEntityId remote Provider Entity ID.
* @param remoteProviderRole remote Provider Role.
* @return <code>FSNameRegistrationHandler</code> the name registration
* handler
*/
public FSNameRegistrationHandler getNameRegistrationHandler(String realm, String remoteEntityId, String remoteProviderRole) {
FSNameRegistrationHandler handlerRegistration = new FSNameRegistrationHandler();
if (handlerRegistration != null) {
try {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::" + "getSPNameIdentifier failed to get meta " + "Manager instance");
}
return null;
}
ProviderDescriptorType remoteDesc = null;
if (remoteProviderRole == null) {
return null;
} else if (remoteProviderRole.equalsIgnoreCase(IFSConstants.IDP)) {
remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
} else if (remoteProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
}
if (remoteDesc != null) {
handlerRegistration.setRemoteDescriptor(remoteDesc);
handlerRegistration.setRemoteEntityId(remoteEntityId);
handlerRegistration.setRealm(realm);
return handlerRegistration;
} else {
return null;
}
} catch (IDFFMetaException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::Failed " + "to get remote descriptor:", e);
}
return null;
}
}
return handlerRegistration;
}
Also used :
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
FSNameRegistrationHandler(com.sun.identity.federation.services.registration.FSNameRegistrationHandler)
Example 69 with IDFFMetaManager
use of com.sun.identity.federation.meta.IDFFMetaManager in project OpenAM by OpenRock.
the class IDFFNameIdentifierMapper method getNameIdentifier.
/**
* Returns mapped <code>NameIdentifier</code> for specified user.
* This is used by Discovery Service to generate correct
* <code>NameIdentifier</code> when creating credentials for remote
* service provider. A <code>NameIdentifier</code> in encrypted format
* will be returned if the mapped <code>NameIdentifier</code> is
* different from the original <code>NameIdentifier</code>, this
* is to prevent the <code>NameIdentifier</code> to be revealed
* to a proxy service provider.
* @param spProviderID Provider ID of the service provider to which
* the <code>NameIdentifier</code> needs to be mapped.
* @param idpProviderID Provider ID of the identifier provider.
* @param nameId The <code>NameIdentifier</code> needs to be mapped.
* @param userID The user whose mapped <code>NameIdentifier</code> will
* be returned. The value is the universal identifier of the user.
* @return the mapped <code>NameIdentifier</code> for specified user,
* return null if unable to map the <code>NameIdentifier</code>,
* return original name identifier if no need to mapp the
* <code>NameIdentifier</code>.
*/
public NameIdentifier getNameIdentifier(String spProviderID, String idpProviderID, NameIdentifier nameId, String userID) {
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("IDFFNameIdentifierMapper, enter " + "spProviderID=" + spProviderID + ", idpProviderID=" + idpProviderID + ", userID=" + userID);
if (nameId != null) {
FSUtils.debug.message("IDFFNameIdentifierMapper, enter " + "name identifier=" + nameId.toString());
}
}
if ((spProviderID == null) || (idpProviderID == null) || (userID == null)) {
return null;
}
if (spProviderID.equals(idpProviderID)) {
// same entity, this is for the case of discovery service as IDP
return nameId;
}
if (nameId != null) {
String nameQualifier = nameId.getNameQualifier();
if ((nameQualifier != null) && nameQualifier.equals(spProviderID)) {
// current name id is intended for the spProviderID
return nameId;
}
}
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
String metaAlias = metaManager.getIDPDescriptorConfig("/", idpProviderID).getMetaAlias();
FSAccountManager fsaccountmgr = FSAccountManager.getInstance(metaAlias);
FSAccountFedInfo accountinfo = fsaccountmgr.readAccountFedInfo(userID, spProviderID);
if (accountinfo != null) {
NameIdentifier ni = accountinfo.getLocalNameIdentifier();
FSUtils.debug.message("IDFFNameIdentifierMapper : new Ni");
ProviderManager pm = ProviderUtil.getProviderManager();
if (pm != null) {
Key encKey = pm.getEncryptionKey(spProviderID);
if (encKey != null) {
// passed down through a proxy WSC
return EncryptedNameIdentifier.getEncryptedNameIdentifier(ni, spProviderID, encKey, pm.getEncryptionKeyAlgorithm(spProviderID), pm.getEncryptionKeyStrength(spProviderID));
} else {
return ni;
}
} else {
return ni;
}
} else {
return nameId;
}
} catch (FSAccountMgmtException e) {
// the federation info might not be there, just ignore
FSUtils.debug.message("IDFFNameIdentifierMapper, account error", e);
} catch (FSException e) {
// the federation info might not be there, just ignore
FSUtils.debug.message("IDFFNameIdentifierMapper, encrypt error", e);
} catch (IDFFMetaException e) {
// the provider might not be a IDFF provider, just ignore
FSUtils.debug.message("IDFFNameIdentifierMapper, meta error", e);
}
return null;
}
Also used :
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
EncryptedNameIdentifier(com.sun.identity.federation.message.common.EncryptedNameIdentifier)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderManager(com.sun.identity.liberty.ws.util.ProviderManager)
FSException(com.sun.identity.federation.common.FSException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
FSAccountManager(com.sun.identity.federation.accountmgmt.FSAccountManager)
Key(java.security.Key)
Aggregations
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)69
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)63
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)27
Iterator (java.util.Iterator)24
List (java.util.List)21
Set (java.util.Set)20
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)18
Map (java.util.Map)18
HashMap (java.util.HashMap)16
FSException (com.sun.identity.federation.common.FSException)15
ArrayList (java.util.ArrayList)15
HashSet (java.util.HashSet)14
IDPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)10
SAMLException (com.sun.identity.saml.common.SAMLException)10
IOException (java.io.IOException)10
CLIException (com.sun.identity.cli.CLIException)9
ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)9
IDPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.IDPDescriptorConfigElement)8
SPDescriptorConfigElement (com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement)7
EntityDescriptorElement (com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement)7
