Example 6 with FederationSPAdapter
use of com.sun.identity.federation.plugins.FederationSPAdapter in project OpenAM by OpenRock.
the class FSAssertionArtifactHandler method doAccountFederation.
protected int doAccountFederation(NameIdentifier ni) {
FSUtils.debug.message("FSAssertionArtifactHandler.doAccountFederation:Called");
if (ni == null) {
FSUtils.debug.error("FSAssertionArtifactHandler.doAccountFederation:" + FSUtils.bundle.getString("invalidInput"));
return FederationSPAdapter.FEDERATION_FAILED;
}
Object ssoToken = null;
SessionProvider sessionProvider = null;
try {
sessionProvider = SessionManager.getProvider();
} catch (SessionException se) {
FSUtils.debug.error("FSAssertionArtifactHandler.doAccountFederation: " + "Couldn't obtain session provider:", se);
String[] data = { FSUtils.bundle.getString("failGenerateSSOToken") };
LogUtil.error(Level.INFO, LogUtil.FAILED_SSO_TOKEN_GENERATION, data);
return FederationSPAdapter.FEDERATION_FAILED_SSO_TOKEN_GENERATION;
}
try {
ssoToken = sessionProvider.getSession(request);
if ((ssoToken == null) || (!sessionProvider.isValid(ssoToken))) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "doAccountFederation: couldn't obtain session from " + "cookie");
}
ssoToken = null;
}
} catch (SessionException se) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "doAccountFederation: exception when getting session " + "from cookie:");
}
ssoToken = null;
}
// try URL rewriting
FSSessionManager sessionManager = null;
if (ssoToken == null && nameIDPolicy != null && nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
try {
ssoToken = generateAnonymousToken(response);
} catch (SessionException se) {
int failureCode = se.getErrCode();
if (failureCode == SessionException.AUTH_USER_INACTIVE) {
failureCode = FederationSPAdapter.FEDERATION_FAILED_ANON_AUTH_USER_INACTIVE;
} else if (failureCode == SessionException.AUTH_USER_LOCKED) {
failureCode = FederationSPAdapter.FEDERATION_FAILED_ANON_AUTH_USER_LOCKED;
} else if (failureCode == SessionException.AUTH_ACCOUNT_EXPIRED) {
failureCode = FederationSPAdapter.FEDERATION_FAILED_ANON_AUTH_ACCOUNT_EXPIRED;
} else {
failureCode = FederationSPAdapter.FEDERATION_FAILED_ANON_TOKEN_GENERATION;
}
return failureCode;
}
}
if (ssoToken == null) {
FSUtils.debug.error("FSAssertionArtifactHandler.doAccountFederation:" + "Account federation failed. Invalid session");
return FederationSPAdapter.FEDERATION_FAILED_ANON_TOKEN_GENERATION;
}
try {
String opaqueHandle = ni.getName();
String userID = sessionProvider.getPrincipalName(ssoToken);
String securityDomain = ni.getNameQualifier();
if ((securityDomain == null) || (securityDomain.length() == 0)) {
securityDomain = hostEntityId;
}
FSAccountFedInfo accountInfo = new FSAccountFedInfo(idpEntityId, null, ni, true);
FSAccountManager accountManager = FSAccountManager.getInstance(hostMetaAlias);
FSAccountFedInfoKey fedKey = null;
String affiliationID = authnRequest.getAffiliationID();
if (affiliationID != null) {
fedKey = new FSAccountFedInfoKey(affiliationID, opaqueHandle);
accountInfo.setAffiliation(true);
} else {
fedKey = new FSAccountFedInfoKey(securityDomain, opaqueHandle);
}
if (nameIDPolicy == null || !nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
accountManager.writeAccountFedInfo(userID, fedKey, accountInfo);
}
//keep local session ref
if (sessionManager == null) {
sessionManager = FSSessionManager.getInstance(hostMetaAlias);
}
String sessionID = sessionProvider.getSessionID(ssoToken);
FSSession session = sessionManager.getSession(userID, sessionID);
if (session != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "doAccountFederation: No existing session found " + " for userID:" + userID + " And SessionID: " + sessionID + " Creating a new Session");
}
session.addSessionPartner(new FSSessionPartner(idpEntityId, true));
session.setSessionIndex(idpSessionIndex);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "doAccountFederation: An Existing session found" + "for userID:" + userID + " And SessionID: " + sessionID + " Adding partner to the Session");
}
session = new FSSession(sessionID);
session.addSessionPartner(new FSSessionPartner(idpEntityId, true));
if (idpSessionIndex != null) {
session.setSessionIndex(idpSessionIndex);
}
}
if (nameIDPolicy != null && nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
session.setOneTime(true);
session.setUserID(userID);
}
String authnContextClassRef = null;
if (authnContextStmt != null) {
authnContextClassRef = authnContextStmt.getAuthnContextClassRef();
}
if ((authnContextClassRef == null) || (authnContextClassRef.length() == 0)) {
authnContextClassRef = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
}
if (authnContextClassRef != null) {
session.setAuthnContext(authnContextClassRef);
}
session.setAccountFedInfo(accountInfo);
if (bootStrapStatement != null) {
session.setBootStrapAttributeStatement(bootStrapStatement);
}
if (attrStatements.size() != 0) {
Map attributeMap = null;
setAttributeMapper();
if (realmAttributeMapper != null) {
attributeMap = realmAttributeMapper.getAttributes(attrStatements, realm, hostEntityId, idpEntityId, ssoToken);
} else if (attributeMapper != null) {
attributeMap = attributeMapper.getAttributes(attrStatements, hostEntityId, idpEntityId, ssoToken);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: Attribute map :" + attributeMap);
}
if (attributeMap != null) {
setAttributeMap(ssoToken, attributeMap);
}
}
if (securityAssertions != null) {
session.setBootStrapCredential(securityAssertions);
}
sessionManager.addSession(userID, session);
} catch (Exception ex) {
FSUtils.debug.error("FSAssertionArtifactHandler.doAccountFederation:" + FSUtils.bundle.getString("ExceptionOccured"), ex);
return FederationSPAdapter.FEDERATION_FAILED_WRITING_ACCOUNT_INFO;
}
String[] data = { this.relayState };
LogUtil.access(Level.INFO, LogUtil.ACCESS_GRANTED_REDIRECT_TO, data, ssoToken);
//Set fed cookie
if (nameIDPolicy == null || !nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
String fedCookieName = SystemConfigurationUtil.getProperty(IFSConstants.FEDERATE_COOKIE_NAME);
String fedCookieValue = "yes";
for (String domain : SystemConfigurationUtil.getCookieDomainsForRequest(request)) {
CookieUtils.addCookieToResponse(response, CookieUtils.newCookie(fedCookieName, fedCookieValue, IFSConstants.PERSISTENT_COOKIE_AGE, "/", domain));
}
}
//Name registration
// comment it out for now as the spec doesn't mendate this.
/*
try {
// get if need name registration from sp extended meta
String indicator = IDFFMetaUtils.getFirstAttributeValueFromConfig(
hostConfig, IFSConstants.ENABLE_REGISTRATION_AFTER_SSO);
if (indicator != null && indicator.equalsIgnoreCase("true")) {
FSServiceManager serviceManager =
FSServiceManager.getInstance();
FSNameRegistrationHandler handlerObj =
serviceManager.getNameRegistrationHandler(
realm,
idpEntityId,
IFSConstants.IDP);
if (handlerObj != null) {
handlerObj.setHostedDescriptor(hostDesc);
handlerObj.setHostedDescriptorConfig(hostConfig);
handlerObj.setHostedEntityId(hostEntityId);
handlerObj.setMetaAlias(hostMetaAlias);
handlerObj.setAccountInfo(accountInfo);
handlerObj.handleRegistrationAfterFederation(
this.relayState, response);
}
if (!FSServieUtils.isRegisProfileSOAP(
sessionProvider.getPrincipalName(ssoToken),
idpEntityId,
idpDescriptor,
hostMetaAlias,
hostDesc))
{
return FederationSPAdapter.SUCCESS;
}
}
} catch (SessionException se) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("doAccountFederation: exception:", se);
}
}
*/
// Call SP adapter
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostEntityId, hostConfig);
if (spAdapter != null) {
FSUtils.debug.message("Invoke spAdapter");
try {
if (spAdapter.postSSOFederationSuccess(hostEntityId, request, response, ssoToken, authnRequest, authnResponse, (FSResponse) samlResponse)) {
// return true if service provider SPI redirection happened
return FederationSPAdapter.SUCCESS;
}
} catch (Exception e) {
// log run time exception in Adapter
// implementation, continue
FSUtils.debug.error("FSAssertionArtifactHandler" + " SPAdapter.postSSOFederationSuccess", e);
}
}
try {
redirectToResource(this.relayState);
return FederationSPAdapter.SUCCESS;
} catch (Exception e) {
return FederationSPAdapter.FEDERATION_FAILED;
}
}
Also used :
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)
FSAccountManager(com.sun.identity.federation.accountmgmt.FSAccountManager)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
Map(java.util.Map)
HashMap(java.util.HashMap)
FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 7 with FederationSPAdapter
use of com.sun.identity.federation.plugins.FederationSPAdapter in project OpenAM by OpenRock.
the class FSSOAPReceiver method handleLogoutRequest.
/**
* Initiates the processing of the logout request received from a remote
* trusted provider.
* @param elt containing the logout request in the XML message
* @param logoutRequest logout notification
* @param msgLogout logout message
* @param request http request object
* @param response http response object
* @param hostedProviderDesc hosted provider meta descriptor
* @param hostedConfig hosted provider's extended meta
* @param providerAlias hosted provider's meta alias
* @param realm The realm under which the entity resides.
* @param hostedEntityId hosted provider's entity ID
* @param hostedRole hosted provider's role
* @return null if error in processing, or Map containing two
* keys, MESSAGE for SOAPMessage object and USERID for userID string
*/
private Map handleLogoutRequest(Element elt, FSLogoutNotification logoutRequest, SOAPMessage msgLogout, HttpServletRequest request, HttpServletResponse response, ProviderDescriptorType hostedProviderDesc, BaseConfigType hostedConfig, String providerAlias, String realm, String hostedEntityId, String hostedRole) {
try {
String remoteEntityId = logoutRequest.getProviderId();
ProviderDescriptorType remoteDesc = getRemoteProviderDescriptor(hostedRole, remoteEntityId, realm);
if (remoteDesc == null) {
return null;
}
boolean isIDP = false;
if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
isIDP = true;
}
X509Certificate remoteCert = KeyUtil.getVerificationCert(remoteDesc, remoteEntityId, isIDP);
if (!FSServiceUtils.isSigningOn() || verifyRequestSignature(elt, msgLogout, remoteCert)) {
FSUtils.debug.message("Logout Signature successfully verified");
if (providerAlias == null || providerAlias.length() < 1) {
FSUtils.debug.message("Unable to retrieve alias, " + "Hosted Provider Cannot process logout request");
return null;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest: " + "Completed forming request FSLogoutNotification");
}
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager.isTrustedProvider(realm, hostedEntityId, remoteEntityId)) {
String userID = FSLogoutUtil.getUserFromRequest(logoutRequest, realm, hostedEntityId, hostedRole, hostedConfig, providerAlias);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + " found user Id = " + userID);
}
// Call SP Adapter preSingleLogoutProcess for IDP/SOAP
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver, " + "call preSingleLogoutProcess, IDP/SOAP");
}
try {
spAdapter.preSingleLogoutProcess(hostedEntityId, request, response, userID, logoutRequest, null, IFSConstants.LOGOUT_IDP_SOAP_PROFILE);
} catch (Exception e) {
// ignore adapter process error
FSUtils.debug.error("preSingleLogoutProcess." + "IDP/SOAP", e);
}
}
}
// TODO : change to use FSLogoutUtil.liveConnectionsExist
if (!isUserExists(userID, providerAlias)) {
//to do the cleanup
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest: User " + "does not exist locally. Finding remotely");
}
List platformList = null;
try {
platformList = SystemConfigurationUtil.getServerList();
} catch (SystemConfigurationException se) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest: " + "Couldn't find remote server:", se);
}
}
if (platformList == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + "platformList is null");
}
return null;
}
Iterator iter = platformList.iterator();
while (iter.hasNext()) {
String remoteServerURL = (String) iter.next();
StringBuffer tmpremoteURL = new StringBuffer(remoteServerURL);
tmpremoteURL.append(SystemConfigurationUtil.getProperty("com.iplanet.am.services." + "deploymentDescriptor"));
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + "remoteServerURL = " + remoteServerURL + " and self serverUrl =" + FSServiceUtils.getBaseURL());
}
if ((FSServiceUtils.getBaseURL()).equalsIgnoreCase(remoteServerURL.toString())) {
continue;
}
FSAssertionManagerClient amc = new FSAssertionManagerClient(providerAlias, getFullServiceURL(remoteServerURL));
if (amc.isUserExists(userID)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + "user found here =" + remoteServerURL);
}
StringBuffer remoteURL = new StringBuffer();
remoteURL.append(remoteServerURL.toString()).append(SystemConfigurationUtil.getProperty("com.iplanet.am.services." + "deploymentDescriptor")).append(IFSConstants.SOAP_END_POINT_VALUE).append("/").append(IFSConstants.META_ALIAS).append(providerAlias);
FSSOAPService instSOAP = FSSOAPService.getInstance();
SOAPMessage retSOAPMessage = null;
if (instSOAP != null) {
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Forward logout request to " + remoteURL.toString());
}
retSOAPMessage = instSOAP.sendMessage(msgLogout, remoteURL.toString());
if (retSOAPMessage != null) {
Map map = new HashMap();
map.put(MESSAGE, retSOAPMessage);
if (userID != null) {
map.put(USERID, userID);
}
return map;
} else {
return null;
}
} catch (SOAPException e) {
FSUtils.debug.error("FSSOAPException in doSOAPProfile" + " Cannot send request", e);
return null;
}
} else {
return null;
}
}
}
}
FSServiceManager instService = FSServiceManager.getInstance();
if (instService != null) {
FSPreLogoutHandler logoutHandler = instService.getPreLogoutHandler();
if (logoutHandler != null) {
logoutHandler.setHostedDescriptor(hostedProviderDesc);
logoutHandler.setHostedDescriptorConfig(hostedConfig);
logoutHandler.setHostedEntityId(hostedEntityId);
logoutHandler.setHostedProviderRole(hostedRole);
logoutHandler.setMetaAlias(providerAlias);
logoutHandler.setRealm(realm);
logoutHandler.setRemoteDescriptor(remoteDesc);
logoutHandler.setRemoteEntityId(remoteEntityId);
logoutHandler.setLogoutRequest(logoutRequest);
FSLogoutStatus bProcessStatus = logoutHandler.processSingleLogoutRequest(logoutRequest);
if (bProcessStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
MessageFactory factory = MessageFactory.newInstance();
SOAPMessage successSOAP = factory.createMessage();
if (successSOAP != null) {
Map map = new HashMap();
map.put(MESSAGE, successSOAP);
if (userID != null) {
map.put(USERID, userID);
}
return map;
} else {
return null;
}
} else if (bProcessStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_UNSUPPORTED)) {
SOAPMessage retSOAPMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
if (retSOAPMessage != null) {
Map map = new HashMap();
map.put(MESSAGE, retSOAPMessage);
if (userID != null) {
map.put(USERID, userID);
}
return map;
} else {
return null;
}
} else {
return null;
}
} else {
FSUtils.debug.error("Unable to get PreLogoutHandler");
FSUtils.debug.error("Cannot process request");
return null;
}
} else {
FSUtils.debug.message("FSServiceManager instance is" + "null. Cannot process logout request");
return null;
}
}
FSUtils.debug.message("Remote provider not in trusted list");
return null;
} else {
FSUtils.debug.error("Logout Signature failed verification");
return null;
}
} catch (Exception se) {
FSUtils.debug.error("FSSOAPService::handleLogoutRequest failed", se);
return null;
}
}
Also used :
MessageFactory(javax.xml.soap.MessageFactory)
HashMap(java.util.HashMap)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
FSLogoutStatus(com.sun.identity.federation.services.logout.FSLogoutStatus)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
SOAPMessage(javax.xml.soap.SOAPMessage)
X509Certificate(java.security.cert.X509Certificate)
SOAPException(javax.xml.soap.SOAPException)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSException(com.sun.identity.federation.common.FSException)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
SOAPException(javax.xml.soap.SOAPException)
FSPreLogoutHandler(com.sun.identity.federation.services.logout.FSPreLogoutHandler)
Iterator(java.util.Iterator)
List(java.util.List)
FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 8 with FederationSPAdapter
use of com.sun.identity.federation.plugins.FederationSPAdapter in project OpenAM by OpenRock.
the class FSFedTerminationHandler method processSOAPTerminationRequest.
/**
* Processes the termination request received from a
* remote provider. Invoded when SOAP profile is used.
* @param reqTermination the federation termination request received from
* remote provider
* @return <code>true</code> when the process is successful;
* <code>false</code> otherwise.
*/
public boolean processSOAPTerminationRequest(HttpServletRequest request, HttpServletResponse response, FSFederationTerminationNotification reqTermination) {
FSUtils.debug.message("Entered FSFedTerminationHandler::processSOAPTerminationRequest");
if (managerInst == null) {
FSUtils.debug.error("FSSPFedTerminationHandler " + "Account Manager instance is null");
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSPFedTerminationHandler::handleFederationTermination" + "failed to get Account Manager instance");
}
return false;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Begin processTerminationRequest SOAP profile...");
}
boolean bStatus = false;
if (reqTermination != null) {
boolean bUserStatus = setUserID(reqTermination);
if (bUserStatus) {
bStatus = updateAccountInformation(reqTermination.getNameIdentifier());
if (!bStatus) {
FSUtils.debug.error("FSFedTerminationHandler " + FSUtils.bundle.getString(IFSConstants.TERMINATION_REQUEST_PROCESSING_FAILED));
return false;
} else {
FSUtils.debug.message("User sucessfully defederated");
// Call SP Adapter for remote IDP initiated SOAP case
if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
FSUtils.debug.message("FSFedTerminationHandler.SOAP");
try {
spAdapter.postTerminationNotificationSuccess(hostedEntityId, request, response, userID, reqTermination, IFSConstants.TERMINATION_IDP_SOAP_PROFILE);
} catch (Exception e) {
// ignore adapter exception
FSUtils.debug.error("postTerm.IDP/SOAP", e);
}
}
}
return true;
}
} else {
FSUtils.debug.message("Failed to get UserDN. Invalid termination request");
return false;
}
} else {
FSUtils.debug.error("FSFedTerminationHandler::processTerminationRequest " + "Federation termination request is improper");
return false;
}
}
Also used :
FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
IOException(java.io.IOException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
Example 9 with FederationSPAdapter
use of com.sun.identity.federation.plugins.FederationSPAdapter in project OpenAM by OpenRock.
the class FSFedTerminationHandler method processTerminationRequest.
/**
* Processes the termination request received from a
* remote provider. Invoded when Http redirect profile is used.
* @param request HTTP request
* @param response HTTP response
* @param reqTermination the federation termination request received from
* remote provider
*/
public void processTerminationRequest(HttpServletRequest request, HttpServletResponse response, FSFederationTerminationNotification reqTermination) {
FSUtils.debug.message("Entered FSFedTerminationHandler::processTerminationRequest...");
this.request = request;
this.locale = FSServiceUtils.getLocale(request);
this.response = response;
this.relayState = reqTermination.getRelayState();
setTerminationURL();
if (managerInst == null) {
FSUtils.debug.error("FSSPFedTerminationHandler " + FSUtils.bundle.getString(IFSConstants.FEDERATION_FAILED_ACCOUNT_INSTANCE));
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSPFedTerminationHandler::handleFederationTermination" + "failed to get Account Manager instance");
}
returnToSource();
return;
}
boolean bStatus = updateAccountInformation(reqTermination.getNameIdentifier());
if (!bStatus) {
FSUtils.debug.message("Termination request processing failed");
String[] data = { FSUtils.bundle.getString(IFSConstants.TERMINATION_REQUEST_PROCESSING_FAILED) };
LogUtil.error(Level.INFO, LogUtil.TERMINATION_FAILED, data, ssoToken);
returnToSource();
return;
}
FSUtils.debug.message("User sucessfully defederated");
String[] data = { FSUtils.bundle.getString(IFSConstants.TERMINATION_SUCCEEDED) };
LogUtil.access(Level.INFO, LogUtil.TERMINATION_SUCCESS, data, ssoToken);
// Call SP Adaper for remote IDP initiated HTTP profile
if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
FSUtils.debug.message("FSFedTerminationHandler.HTTP");
try {
spAdapter.postTerminationNotificationSuccess(hostedEntityId, request, response, userID, reqTermination, IFSConstants.TERMINATION_IDP_HTTP_PROFILE);
} catch (Exception e) {
// ignore adapter exception
FSUtils.debug.error("postTermNotification.IDP/HTTP", e);
}
}
}
returnToSource();
return;
}
Also used :
FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
IOException(java.io.IOException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
Example 10 with FederationSPAdapter
use of com.sun.identity.federation.plugins.FederationSPAdapter in project OpenAM by OpenRock.
the class FSFedTerminationHandler method doFederationTermination.
/**
* Initiates federation termination at remote end.
* The termination requested is constructed and based on the profile the
* request is sent over SOAP or as HTTP redirect. Profile is always based on
* the SPs profile
* @param acctInfo represents the user account federation information
* @return <code>true</code> if termination request is sent to remote
* provider successfully; <code>false</code> otherwise.
*/
private boolean doFederationTermination(HttpServletRequest request, HttpServletResponse response, FSAccountFedInfo acctInfo) {
FSUtils.debug.message("Entered FSFedTerminationHandler::doFederationTermination");
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSFedTerminationHandler::doFederationTermination create" + " request start");
}
FSFederationTerminationNotification reqFedTermination = createFederationTerminationRequest(acctInfo);
reqFedTermination.setMinorVersion(FSServiceUtils.getMinorVersion(remoteDescriptor.getProtocolSupportEnumeration()));
if (reqFedTermination == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFedTerminationHandler::Termination request could " + "not be formed");
}
// Always show success page since local termination succeeded
FSServiceUtils.returnLocallyAfterOperation(response, termination_done_url, true, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return false;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFedTerminationHandler::Termination request formed" + "successfully");
}
// Find out which profile to use
boolean isSOAPProfile = true;
if (acctInfo.isRoleIDP()) {
List hostProfiles = hostedDescriptor.getFederationTerminationNotificationProtocolProfile();
if (hostProfiles == null || hostProfiles.isEmpty()) {
FSUtils.debug.error("FSFedTerminationHandler::" + "doFederationTermination no termination profile" + " cannot process request");
FSServiceUtils.returnLocallyAfterOperation(response, termination_done_url, true, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return false;
}
String profile = (String) hostProfiles.iterator().next();
if (profile.equalsIgnoreCase(IFSConstants.TERMINATION_SP_SOAP_PROFILE) || profile.equalsIgnoreCase(IFSConstants.TERMINATION_IDP_SOAP_PROFILE)) {
isSOAPProfile = true;
} else if (profile.equalsIgnoreCase(IFSConstants.TERMINATION_SP_HTTP_PROFILE) || profile.equalsIgnoreCase(IFSConstants.TERMINATION_IDP_HTTP_PROFILE)) {
isSOAPProfile = false;
} else {
FSUtils.debug.error("FSFedTerminationHandler::" + "doFederationTermination Invalid termination profile" + " cannot process request");
FSServiceUtils.returnLocallyAfterOperation(response, termination_done_url, true, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return false;
}
} else {
List remoteProfiles = remoteDescriptor.getFederationTerminationNotificationProtocolProfile();
if (remoteProfiles == null || remoteProfiles.isEmpty()) {
FSUtils.debug.error("FSFedTerminationHandler::" + "doFederationTermination no termination profile" + " cannot process request");
FSServiceUtils.returnLocallyAfterOperation(response, termination_done_url, true, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return false;
}
String profile = (String) remoteProfiles.iterator().next();
if (profile.equalsIgnoreCase(IFSConstants.TERMINATION_SP_SOAP_PROFILE) || profile.equalsIgnoreCase(IFSConstants.TERMINATION_IDP_SOAP_PROFILE)) {
isSOAPProfile = true;
} else if (profile.equalsIgnoreCase(IFSConstants.TERMINATION_SP_HTTP_PROFILE) || profile.equalsIgnoreCase(IFSConstants.TERMINATION_IDP_HTTP_PROFILE)) {
isSOAPProfile = false;
} else {
FSUtils.debug.error("FSFedTerminationHandler::" + "doFederationTermination Invalid termination profile" + " cannot process request");
FSServiceUtils.returnLocallyAfterOperation(response, termination_done_url, true, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return false;
}
}
if (isSOAPProfile) {
FSSOAPService instSOAP = FSSOAPService.getInstance();
if (instSOAP != null) {
FSUtils.debug.message("Signing suceeded. To call bindTerminationRequest");
//String id = reqFedTermination.getRequestID();
reqFedTermination.setID(IFSConstants.TERMINATIONID);
SOAPMessage msgTermination = instSOAP.bind(reqFedTermination.toXMLString(true, true));
if (msgTermination != null) {
try {
if (FSServiceUtils.isSigningOn()) {
int minorVersion = reqFedTermination.getMinorVersion();
if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
msgTermination = signTerminationRequest(msgTermination, IFSConstants.ID, reqFedTermination.getID());
} else if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
msgTermination = signTerminationRequest(msgTermination, IFSConstants.REQUEST_ID, reqFedTermination.getRequestID());
} else {
FSUtils.debug.message("invalid minor version.");
}
}
boolean sendStatus = instSOAP.sendTerminationMessage(msgTermination, remoteDescriptor.getSoapEndpoint());
// Call SP Adapter for SP initiated SOAP profile
if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
try {
spAdapter.postTerminationNotificationSuccess(hostedEntityId, request, response, userID, reqFedTermination, IFSConstants.TERMINATION_SP_SOAP_PROFILE);
} catch (Exception e) {
// ignore adapter exception
FSUtils.debug.error("postTerm.SP/SOAP", e);
}
}
}
// Always show success page since local termination
// succeeded and that is what is important
FSServiceUtils.returnLocallyAfterOperation(response, termination_done_url, true, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return sendStatus;
} catch (Exception e) {
FSUtils.debug.error("FSFedTerminationHandler::" + "doFederationTermination " + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
// Always show success page since local
// termination succeeded
FSServiceUtils.returnLocallyAfterOperation(response, termination_done_url, true, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return false;
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSPFedTerminationHandler::doFederation" + "Termination failed. Error in forming Message");
}
FSUtils.debug.error("FSSPFedTerminationHandler.doFederationTermination " + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
// Always show success page since local termination
// succeeded
FSServiceUtils.returnLocallyAfterOperation(response, termination_done_url, true, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return false;
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSFedTerminationHandler::doFederationTermination " + "failed. Cannot get Service Manager instance");
}
FSUtils.debug.error("FSSPFedTerminationHandler::doFederationTermination " + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
// Always show success page since local termination succeeded
FSServiceUtils.returnLocallyAfterOperation(response, termination_done_url, true, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return false;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSFedTerminationHandler::doFederationTermination " + "In Redirect profile");
}
String urlEncodedRequest = reqFedTermination.toURLEncodedQueryString();
// Sign the request querystring
if (FSServiceUtils.isSigningOn()) {
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null || certAlias.length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler:: " + "signSAMLRequest:" + "couldn't obtain this site's cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
}
urlEncodedRequest = FSSignatureUtil.signAndReturnQueryString(urlEncodedRequest, certAlias);
}
StringBuffer redirectURL = new StringBuffer();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Request to be sent : " + urlEncodedRequest);
}
String retURL = remoteDescriptor.getFederationTerminationServiceURL();
redirectURL.append(retURL);
if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
redirectURL.append(IFSConstants.QUESTION_MARK);
} else {
redirectURL.append(IFSConstants.AMPERSAND);
}
redirectURL.append(urlEncodedRequest);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSFedTerminationHandler::Redirect URL is " + redirectURL.toString());
}
// FSTerminationReturnServlet, but info not available there
if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
try {
spAdapter.postTerminationNotificationSuccess(hostedEntityId, request, response, userID, reqFedTermination, IFSConstants.TERMINATION_SP_HTTP_PROFILE);
} catch (Exception e) {
// ignore adapter exception
FSUtils.debug.error("postTerm.SP/HTTP", e);
}
}
}
response.sendRedirect(redirectURL.toString());
return true;
}
} catch (IOException e) {
FSUtils.debug.error("FSFedTerminationHandler" + FSUtils.bundle.getString(IFSConstants.FEDERATION_REDIRECT_FAILED));
} catch (FSMsgException e) {
FSUtils.debug.error("FSFedTerminationHandler::doFederationTermination " + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
} catch (SAMLResponderException e) {
FSUtils.debug.error("FSFedTerminationHandler::doFederationTermination " + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
}
// Always show success page since local termination succeeded
FSServiceUtils.returnLocallyAfterOperation(response, termination_done_url, true, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return false;
}
Also used :
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSFederationTerminationNotification(com.sun.identity.federation.message.FSFederationTerminationNotification)
FSSOAPService(com.sun.identity.federation.services.FSSOAPService)
IOException(java.io.IOException)
SOAPMessage(javax.xml.soap.SOAPMessage)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
IOException(java.io.IOException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
List(java.util.List)
FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Aggregations
FederationSPAdapter (com.sun.identity.federation.plugins.FederationSPAdapter)12
IOException (java.io.IOException)9
SessionException (com.sun.identity.plugin.session.SessionException)8
SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)8
SAMLException (com.sun.identity.saml.common.SAMLException)7
List (java.util.List)7
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)6
FSException (com.sun.identity.federation.common.FSException)6
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)6
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)6
HashMap (java.util.HashMap)6
FSSessionManager (com.sun.identity.federation.services.FSSessionManager)5
Map (java.util.Map)5
Iterator (java.util.Iterator)4
SOAPMessage (javax.xml.soap.SOAPMessage)4
SystemConfigurationException (com.sun.identity.common.SystemConfigurationException)3
FSLogoutResponse (com.sun.identity.federation.message.FSLogoutResponse)3
FSSession (com.sun.identity.federation.services.FSSession)3
NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)3
FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)2
