Example 11 with FederationSPAdapter
use of com.sun.identity.federation.plugins.FederationSPAdapter in project OpenAM by OpenRock.
the class FSAssertionArtifactHandler method processAuthnResponse.
/**
* Processes <code>FSAuthnResponse</code>.
* @param authnResponse <code>FSAuthnResponse</code> objec to be processed
*/
public void processAuthnResponse(FSAuthnResponse authnResponse) {
FSUtils.debug.message("FSAssertionArtifactHandler.ProcessAuthnResponse: Called");
this.authnResponse = authnResponse;
// Call SP adapter SPI
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostEntityId, hostConfig);
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler, POST" + " Invokde spAdapter.preSSOFederationProcess");
}
try {
spAdapter.preSSOFederationProcess(hostEntityId, request, response, authnRequest, authnResponse, null);
} catch (Exception e) {
// log run time exception in Adapter
// implementation, continue
FSUtils.debug.error("FSAssertionArtifactHandler" + " SPAdapter.preSSOFederationSuccess", e);
}
}
String baseURL = FSServiceUtils.getBaseURL(request);
String framedLoginPageURL = FSServiceUtils.getCommonLoginPageURL(hostMetaAlias, authnRequest.getRelayState(), null, request, baseURL);
this.relayState = authnRequest.getRelayState();
if ((this.relayState == null) || (this.relayState.trim().length() == 0)) {
this.relayState = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.PROVIDER_HOME_PAGE_URL);
if ((this.relayState == null) || (this.relayState.trim().length() == 0)) {
this.relayState = baseURL + IFSConstants.SP_DEFAULT_RELAY_STATE;
}
}
try {
if (authnResponse == null) {
String[] data = { FSUtils.bundle.getString("missingAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.MISSING_AUTHN_RESPONSE, data, ssoToken);
FSUtils.debug.error("FSAssertionArtifactHandler." + "processAuthnResponse: " + FSUtils.bundle.getString("missingAuthnResponse") + " AuthnRequest Processing Failed at the IDP " + "Redirecting to the Framed Login Page");
response.sendRedirect(framedLoginPageURL);
return;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler.doPost:Received " + authnResponse.toXMLString());
}
boolean valid = verifyResponseStatus(authnResponse);
if (!valid) {
FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
// clean request map
String inResponseTo = authnResponse.getInResponseTo();
sessionManager.removeAuthnRequest(inResponseTo);
String[] data = { authnResponse.toXMLString() };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data, ssoToken);
FSUtils.debug.warning("FSAssertionArtifactHandler." + " processAuthnResponse: " + FSUtils.bundle.getString("invalidResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
if ((spAdapter == null) || !(spAdapter.postSSOFederationFailure(hostEntityId, request, response, authnRequest, authnResponse, null, FederationSPAdapter.INVALID_AUTHN_RESPONSE))) {
response.sendRedirect(framedLoginPageURL);
}
return;
}
// check Assertion
List assertions = authnResponse.getAssertion();
FSSubject validSubject = (FSSubject) validateAssertions(assertions);
if (validSubject == null) {
String[] data = { FSUtils.bundle.getString("invalidAssertion") };
LogUtil.error(Level.INFO, LogUtil.INVALID_ASSERTION, data, ssoToken);
FSUtils.debug.error("FSAssertionArtifactHandler." + "processAuthnResponse: " + FSUtils.bundle.getString("InvalidResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
response.sendRedirect(framedLoginPageURL);
return;
}
FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
if (doFederate) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "processAuthnResponse: Initiate Account Federation");
}
NameIdentifier ni = validSubject.getIDPProvidedNameIdentifier();
if (ni == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler.processAuthnResponse:" + " IDPProvided NameIdentifier is null");
}
ni = validSubject.getNameIdentifier();
}
if (ni != null) {
int returnCode = doAccountFederation(ni);
if (returnCode == FederationSPAdapter.SUCCESS) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "processAuthnResponse: Account federation" + " successful");
}
String inResponseTo = authnResponse.getInResponseTo();
sessionManager.removeAuthnRequest(inResponseTo);
sessionManager.removeLocalSessionToken(inResponseTo);
return;
} else {
String[] data = { FSUtils.bundle.getString("AccountFederationFailed") };
LogUtil.error(Level.INFO, LogUtil.ACCOUNT_FEDERATION_FAILED, data, ssoToken);
FSUtils.debug.error("FSAssertionArtifactHandler." + "processAuthnResponse: " + FSUtils.bundle.getString("AccountFederationFailed") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
if (spAdapter == null || !spAdapter.postSSOFederationFailure(hostEntityId, request, response, authnRequest, authnResponse, (FSResponse) samlResponse, returnCode)) {
response.sendRedirect(framedLoginPageURL);
}
}
} else {
throw new FSException("missingNIofSubject", null);
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "processAuthnResponse: Initiate SingleSign-On");
}
//check for SPProvidedNameIdentifier
NameIdentifier niIdp = validSubject.getIDPProvidedNameIdentifier();
NameIdentifier ni = validSubject.getNameIdentifier();
if (niIdp == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler.processAuthnResponse:" + " IDPProvided NameIdentifier is null");
}
niIdp = ni;
}
if ((niIdp == null) || (ni == null)) {
String[] data = { FSUtils.bundle.getString("invalidResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data, ssoToken);
FSUtils.debug.error("FSAssertionArtifactHandler." + " processAuthnResponse: " + FSUtils.bundle.getString("invalidResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
response.sendRedirect(framedLoginPageURL);
return;
}
String idpHandle = niIdp.getName();
String spHandle = ni.getName();
int handleType;
if ((idpHandle == null) || (spHandle == null)) {
String[] data = { FSUtils.bundle.getString("invalidResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data, ssoToken);
FSUtils.debug.error("FSAssertionArtifactHandler." + "processAuthnResponse: " + FSUtils.bundle.getString("invalidResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
response.sendRedirect(framedLoginPageURL);
return;
}
if (idpHandle.equals(spHandle)) {
ni = niIdp;
handleType = IFSConstants.REMOTE_OPAQUE_HANDLE;
} else {
handleType = IFSConstants.LOCAL_OPAQUE_HANDLE;
}
Map env = new HashMap();
env.put(IFSConstants.FS_USER_PROVIDER_ENV_AUTHNRESPONSE_KEY, authnResponse);
int returnCode = doSingleSignOn(ni, handleType, niIdp, env);
if (returnCode == FederationSPAdapter.SUCCESS) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "processAuthnResponse: Accountfederation successful");
}
String requestID = authnResponse.getInResponseTo();
sessionManager.removeAuthnRequest(requestID);
if (isIDPProxyEnabled(requestID)) {
sendProxyResponse(requestID);
return;
}
String[] data = { this.relayState };
LogUtil.access(Level.INFO, LogUtil.ACCESS_GRANTED_REDIRECT_TO, data, ssoToken);
FSUtils.debug.message("ArtifactHandler.notfederated, postSSO");
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler," + " Invoke spAdapter.postSSOFederationSuccess");
}
try {
if (spAdapter.postSSOFederationSuccess(hostEntityId, request, response, ssoToken, authnRequest, authnResponse, null)) {
// return if the SP spi redirection happened
return;
}
} catch (Exception e) {
// log run time exception in Adapter
// implementation, continue
FSUtils.debug.error("FSAssertionArtifadctHandler" + " SPAdapter.postSSOFederationSuccess:", e);
}
}
redirectToResource(this.relayState);
return;
} else {
String[] data = { FSUtils.bundle.getString("SSOfailed") };
LogUtil.error(Level.INFO, LogUtil.SINGLE_SIGNON_FAILED, data, ssoToken);
FSUtils.debug.error("FSAssertionArtifactHandler." + "processAuthnResponse: " + FSUtils.bundle.getString("invalidResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
if (spAdapter == null || !spAdapter.postSSOFederationFailure(hostEntityId, request, response, authnRequest, authnResponse, null, returnCode)) {
response.sendRedirect(framedLoginPageURL);
}
return;
}
}
} catch (Exception e) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "processAuthnResponse: Exception Occured: ", e);
try {
FSUtils.debug.error("FSAssertionArtifactHandler." + "processAuthnResponse: " + FSUtils.bundle.getString("invalidResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
response.sendRedirect(framedLoginPageURL);
} catch (IOException ioe) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "processAuthnResponse: IOException Occured: ", ioe);
return;
}
return;
}
}
Also used :
FSSubject(com.sun.identity.federation.message.FSSubject)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
HashMap(java.util.HashMap)
IOException(java.io.IOException)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
FSException(com.sun.identity.federation.common.FSException)
List(java.util.List)
ArrayList(java.util.ArrayList)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 12 with FederationSPAdapter
use of com.sun.identity.federation.plugins.FederationSPAdapter in project OpenAM by OpenRock.
the class FSServiceUtils method getSPAdapter.
public static FederationSPAdapter getSPAdapter(String hostEntityID, BaseConfigType hostSPConfig) {
FSUtils.debug.message("FSServiceUtils.getSPAdapter");
if (hostSPConfig == null) {
FSUtils.debug.message("FSServiceUtils.getSPAdapter:null");
return null;
}
try {
String adapterName = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostSPConfig, IFSConstants.FEDERATION_SP_ADAPTER);
List adapterEnv = IDFFMetaUtils.getAttributeValueFromConfig(hostSPConfig, IFSConstants.FEDERATION_SP_ADAPTER_ENV);
String realm = IDFFMetaUtils.getRealmByMetaAlias(hostSPConfig.getMetaAlias());
if (adapterName != null && adapterName.length() != 0) {
Class adapterClass = Class.forName(adapterName.trim());
FederationSPAdapter adapterInstance = (FederationSPAdapter) adapterClass.newInstance();
Set newEnv = new HashSet();
if (adapterEnv != null && !adapterEnv.isEmpty()) {
newEnv.addAll(adapterEnv);
}
newEnv.add(FederationSPAdapter.ENV_REALM + realm);
adapterInstance.initialize(hostEntityID, newEnv);
return adapterInstance;
}
} catch (Exception e) {
FSUtils.debug.error("FSServiceUtils.getSPAdapter: Unable to get provider", e);
}
return null;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
List(java.util.List)
FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
SessionException(com.sun.identity.plugin.session.SessionException)
FileNotFoundException(java.io.FileNotFoundException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
TransformerException(javax.xml.transform.TransformerException)
FSException(com.sun.identity.federation.common.FSException)
TransformerConfigurationException(javax.xml.transform.TransformerConfigurationException)
IOException(java.io.IOException)
HashSet(java.util.HashSet)
Aggregations
FederationSPAdapter (com.sun.identity.federation.plugins.FederationSPAdapter)12
IOException (java.io.IOException)9
SessionException (com.sun.identity.plugin.session.SessionException)8
SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)8
SAMLException (com.sun.identity.saml.common.SAMLException)7
List (java.util.List)7
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)6
FSException (com.sun.identity.federation.common.FSException)6
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)6
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)6
HashMap (java.util.HashMap)6
FSSessionManager (com.sun.identity.federation.services.FSSessionManager)5
Map (java.util.Map)5
Iterator (java.util.Iterator)4
SOAPMessage (javax.xml.soap.SOAPMessage)4
SystemConfigurationException (com.sun.identity.common.SystemConfigurationException)3
FSLogoutResponse (com.sun.identity.federation.message.FSLogoutResponse)3
FSSession (com.sun.identity.federation.services.FSSession)3
NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)3
FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)2
