Example 1 with FSSOAPService
use of com.sun.identity.federation.services.FSSOAPService in project OpenAM by OpenRock.
the class LibertyManager method getMappedNameIdentifier.
/**
* Returns <code>NameIdentifier</code> between the IDP and
* the other SP for the same principal. This method should
* be used by the code on the hosted SP, where the user
* has logged in, and has an account linking with the IDP.
* Futhermore, the same principal has an account linking
* between his/her other (remote) SP account and the IDP
* account.
*
* @param hostedSPMetaAlias The <code>metaAlias</code> of
* the local service provider.
* @param ssoToken The session token of the logged-
* in user on the local service provider.
* @param remoteSPEntityID The entity ID of the remote
* service provider. In other words, it is the targeted
* name space for the returned name identifier.
* @return <code>NameIdentifier</code> of the same principal
* but original established between the remote SP and
* the IDP
*/
public static NameIdentifier getMappedNameIdentifier(String hostedSPMetaAlias, Object ssoToken, String remoteSPEntityID) {
String classMethod = "LibertyManager.getMappedNameIdentifier: ";
String hostedEntityID = getEntityID(hostedSPMetaAlias);
String realm = IDFFMetaUtils.getRealmByMetaAlias(hostedSPMetaAlias);
if (debug.messageEnabled()) {
debug.message("NameMappingRequester: hostedEntityID=" + hostedEntityID);
}
SPDescriptorType hostedDescriptor = null;
BaseConfigType hostedConfig = null;
try {
hostedDescriptor = metaManager.getSPDescriptor(realm, hostedEntityID);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityID);
} catch (IDFFMetaException ie) {
debug.error(classMethod + "couldn't obtain hosted meta:", ie);
return null;
}
String userID = null;
try {
userID = SessionManager.getProvider().getPrincipalName(ssoToken);
} catch (SessionException ssoe) {
debug.error("SessionException caught when trying to " + "get user DN from session token:", ssoe);
return null;
}
if (debug.messageEnabled()) {
debug.message(classMethod + "userID=" + userID);
}
FSNameMappingHandler handler = new FSNameMappingHandler(hostedEntityID, hostedDescriptor, hostedConfig, hostedSPMetaAlias);
NameIdentifier ni = null;
if (debug.messageEnabled()) {
debug.message(classMethod + "targetNamespace (remoteSPEntityID)=" + remoteSPEntityID);
}
FSSessionManager sMgr = FSSessionManager.getInstance(hostedSPMetaAlias);
FSSession sess = null;
if (sMgr != null) {
sess = sMgr.getSession(ssoToken);
}
FSSessionPartner partner = null;
if (sess != null) {
partner = sess.getCurrentSessionPartner();
} else {
debug.error(classMethod + "session is null");
return null;
}
String remoteIDPEntityID = null;
if (partner != null) {
remoteIDPEntityID = partner.getPartner();
}
if (debug.messageEnabled()) {
debug.message(classMethod + "Remote IDP EntityID = " + remoteIDPEntityID);
}
try {
ni = handler.getNameIdentifier(userID, remoteIDPEntityID, true);
} catch (Exception e) {
debug.error(classMethod + "Exception caught when trying to get Name " + "Identifier between local SP and remote IDP: ", e);
return null;
}
if (debug.messageEnabled()) {
debug.message(classMethod + "Name Identifier between local SP and " + " remote IDP: " + ni.toString());
}
FSNameIdentifierMappingRequest mappingRequest = null;
try {
mappingRequest = new FSNameIdentifierMappingRequest(hostedEntityID, ni, remoteSPEntityID);
} catch (com.sun.identity.federation.message.common.FSMsgException fe) {
debug.error(classMethod, fe);
return null;
}
if (FSServiceUtils.isSigningOn()) {
try {
mappingRequest.signXML(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS));
} catch (SAMLException se) {
debug.error(classMethod, se);
return null;
}
}
IDPDescriptorType remoteProviderDesc = null;
try {
remoteProviderDesc = metaManager.getIDPDescriptor(realm, remoteIDPEntityID);
} catch (IDFFMetaException fme1) {
debug.error(classMethod, fme1);
return null;
}
String remoteSOAPEndPoint = remoteProviderDesc.getSoapEndpoint();
if (debug.messageEnabled()) {
debug.message(classMethod + "IDP's soap end point=" + remoteSOAPEndPoint);
}
FSSOAPService soapService = FSSOAPService.getInstance();
SOAPMessage returnMsg = null;
try {
SOAPMessage msg = soapService.bind(mappingRequest.toXMLString(true, true));
returnMsg = soapService.sendMessage(msg, remoteSOAPEndPoint);
} catch (FSMsgException mex) {
debug.error(classMethod, mex);
return null;
} catch (java.io.IOException ioe) {
debug.error(classMethod, ioe);
return null;
} catch (javax.xml.soap.SOAPException soape) {
debug.error(classMethod, soape);
return null;
}
Element elt = soapService.parseSOAPMessage(returnMsg);
FSNameIdentifierMappingResponse mappingResponse = null;
try {
mappingResponse = new FSNameIdentifierMappingResponse(elt);
} catch (FSMsgException fme2) {
debug.error(classMethod, fme2);
return null;
}
if (debug.messageEnabled()) {
String resStr = null;
try {
resStr = mappingResponse.toXMLString();
} catch (FSMsgException fme3) {
debug.error(classMethod, fme3);
return null;
}
debug.message(classMethod + "NameIdentifierMappingResponse: " + resStr);
}
if (FSServiceUtils.isSigningOn()) {
if (FSNameMappingHandler.verifyNameIdMappingResponseSignature(elt, returnMsg, realm)) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Success in verifying Name Identifier Mapping" + " Response Signature");
}
} else {
debug.error(classMethod + "Failed verifying Name Identifier Mapping " + "Response");
return null;
}
}
return mappingResponse.getNameIdentifier();
}
Also used :
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
FSSOAPService(com.sun.identity.federation.services.FSSOAPService)
SAMLException(com.sun.identity.saml.common.SAMLException)
SOAPMessage(javax.xml.soap.SOAPMessage)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSNameIdentifierMappingResponse(com.sun.identity.federation.message.FSNameIdentifierMappingResponse)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
COTException(com.sun.identity.cot.COTException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSLoginHelperException(com.sun.identity.federation.services.FSLoginHelperException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
FSNameMappingHandler(com.sun.identity.federation.services.namemapping.FSNameMappingHandler)
FSNameIdentifierMappingRequest(com.sun.identity.federation.message.FSNameIdentifierMappingRequest)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
Example 2 with FSSOAPService
use of com.sun.identity.federation.services.FSSOAPService in project OpenAM by OpenRock.
the class FSSingleLogoutHandler method doSoapProfile.
/**
* Initiates SOAP proifle logout.
* @param providerId the first provider with SOAP as logout profile
*/
private FSLogoutStatus doSoapProfile(String providerId) {
FSUtils.debug.message("Entered IDP's doSoapProfile");
try {
FSSessionManager sMgr = FSSessionManager.getInstance(metaAlias);
FSSession session = sMgr.getSession(ssoToken);
FSAccountFedInfo currentAccount = null;
if (session != null) {
currentAccount = session.getAccountFedInfo();
}
if (currentAccount == null && !session.getOneTime()) {
currentAccount = FSLogoutUtil.getCurrentWorkingAccount(userID, providerId, metaAlias);
}
if (currentAccount == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler. User's " + "account may have been terminated.");
}
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
}
FSLogoutNotification reqLogout = createSingleLogoutRequest(currentAccount, sessionIndex);
reqLogout.setMinorVersion(getMinorVersion(remoteDescriptor));
if (reqLogout != null) {
FSSOAPService instSOAP = FSSOAPService.getInstance();
if (instSOAP != null) {
FSUtils.debug.message("Signing suceeded. To call bindLogoutRequest");
reqLogout.setID(IFSConstants.LOGOUTID);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("logout request before sign: " + reqLogout.toXMLString(true, true));
}
SOAPMessage msgLogout = instSOAP.bind(reqLogout.toXMLString(true, true));
if (msgLogout != null) {
SOAPMessage retSOAPMessage = null;
try {
if (FSServiceUtils.isSigningOn()) {
int minorVersion = reqLogout.getMinorVersion();
switch(minorVersion) {
case IFSConstants.FF_11_PROTOCOL_MINOR_VERSION:
msgLogout = signLogoutRequest(msgLogout, IFSConstants.ID, reqLogout.getID());
break;
case IFSConstants.FF_12_PROTOCOL_MINOR_VERSION:
msgLogout = signLogoutRequest(msgLogout, IFSConstants.REQUEST_ID, reqLogout.getRequestID());
break;
default:
FSUtils.debug.message("invalid minor version.");
break;
}
}
retSOAPMessage = instSOAP.sendMessage(msgLogout, remoteDescriptor.getSoapEndpoint());
} catch (Exception e) {
FSUtils.debug.error("FSSOAPException in doSOAPProfile" + " Cannot send request", e);
return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
if (retSOAPMessage != null) {
Element elt = instSOAP.parseSOAPMessage(retSOAPMessage);
if (FSServiceUtils.isSigningOn()) {
if (!verifyResponseSignature(retSOAPMessage)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Response " + "signature verification failed");
}
FSServiceUtils.returnLocallyAfterOperation(response, LOGOUT_DONE_URL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
return new FSLogoutStatus(IFSConstants.SAML_REQUESTER);
}
}
this.requestLogout = reqLogout;
respObj = new FSLogoutResponse(elt);
// Call SP Adapter preSingleLogout for SP/SOAP
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSLOHandler." + "preSingleLogoutProcess, SP/SOAP");
}
try {
spAdapter.preSingleLogoutProcess(hostedEntityId, request, response, userID, reqLogout, respObj, IFSConstants.LOGOUT_SP_SOAP_PROFILE);
} catch (Exception e) {
// ignore adapter error
FSUtils.debug.error("spAdapter." + "preSingleLogoutProcess, SP/SOAP:", e);
}
}
}
Status status = respObj.getStatus();
StatusCode statusCode = status.getStatusCode();
StatusCode secondLevelStatus = statusCode.getStatusCode();
String statusString = statusCode.getValue();
if (statusString.equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler: " + " doSoapProfile returning success");
}
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler: " + "SOAP Profile failure " + statusString);
}
return new FSLogoutStatus(statusString);
}
}
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to bindLogoutRequest." + "Current Provider cannot be processed");
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to create logout request" + " Current Provider cannot be processed");
}
}
} catch (Exception e) {
FSUtils.debug.error("In IOException of doSOAPProfile : ", e);
}
return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
Also used :
Status(com.sun.identity.saml.protocol.Status)
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
Element(org.w3c.dom.Element)
FSSession(com.sun.identity.federation.services.FSSession)
FSLogoutNotification(com.sun.identity.federation.message.FSLogoutNotification)
FSSOAPService(com.sun.identity.federation.services.FSSOAPService)
SOAPMessage(javax.xml.soap.SOAPMessage)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
StatusCode(com.sun.identity.saml.protocol.StatusCode)
ServletException(javax.servlet.ServletException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
IOException(java.io.IOException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)
Example 3 with FSSOAPService
use of com.sun.identity.federation.services.FSSOAPService in project OpenAM by OpenRock.
the class FSBrowserArtifactConsumerHandler method processSAMLRequest.
/**
* Builds <code>SAML</code> request (with artifact),
* sends <code>SAML</code> request to <code>IDP</code> through
* <code>SOAP</code>, receives <code>SAML</code> response, then
* processes the response.
*/
public void processSAMLRequest() {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler.processSAMLRequest: Called");
String baseURL = FSServiceUtils.getBaseURL(request);
String framedPageURL = FSServiceUtils.getCommonLoginPageURL(hostMetaAlias, relayState, null, request, baseURL);
try {
FSSOAPService soapHelper = FSSOAPService.getInstance();
samlRequest.setID(samlRequest.getRequestID());
SOAPMessage msg = soapHelper.bind(samlRequest.toXMLString(true, true));
//sign here
if (FSServiceUtils.isSigningOn()) {
Document doc = (Document) FSServiceUtils.createSOAPDOM(msg);
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager == null) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: could not create meta " + "instance");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: couldn't obtain this site's cert" + " alias.");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: certAlias: " + certAlias);
}
XMLSignatureManager manager = XMLSignatureManager.getInstance();
int minorVersion = samlRequest.getMinorVersion();
if (minorVersion == IFSConstants.FF_11_SAML_PROTOCOL_MINOR_VERSION) {
manager.signXML(doc, certAlias, SystemConfigurationUtil.getProperty(SAMLConstants.XMLSIG_ALGORITHM), IFSConstants.ID, samlRequest.getID(), false);
} else if (minorVersion == IFSConstants.FF_12_SAML_PROTOCOL_MINOR_VERSION) {
manager.signXML(doc, certAlias, SystemConfigurationUtil.getProperty(SAMLConstants.XMLSIG_ALGORITHM), IFSConstants.REQUEST_ID, samlRequest.getRequestID(), false, IFSConstants.ARTIFACT_XPATH);
} else {
FSUtils.debug.message("invalid minor version.");
}
msg = FSServiceUtils.convertDOMToSOAP(doc);
}
//call with saml request
SOAPMessage retMsg = soapHelper.doSyncCall(response, msg, idpDescriptor, false);
if (retMsg == null) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: " + FSUtils.bundle.getString("invalidSOAPResponse") + " Response SOAPMessage is null");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
//getback response
samlResponseElt = soapHelper.parseSOAPMessage(retMsg);
if ((samlResponseElt != null) && (samlResponseElt.getLocalName().trim()).equals("Fault")) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: " + FSUtils.bundle.getString("invalidSOAPResponse") + " SOAPFault occured");
String[] data = { FSUtils.bundle.getString("invalidSOAPResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_SOAP_RESPONSE, data);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
} else if ((samlResponseElt != null) && (samlResponseElt.getLocalName().trim()).equals("Response")) {
samlResponse = new FSResponse(samlResponseElt);
if (samlResponse == null) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: " + FSUtils.bundle.getString("invalidSOAPResponse") + " Could not create SAML Response");
String[] data = { FSUtils.bundle.getString("invalidSOAPResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_SOAP_RESPONSE, data);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
} else {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: " + FSUtils.bundle.getString("invalidSOAPResponse") + " SOAP response does not contain samlp:Response");
String[] data = { FSUtils.bundle.getString("invalidSOAPResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_SOAP_RESPONSE, data);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
//process saml response
processSAMLResponse((FSResponse) samlResponse);
return;
} catch (Exception e) {
StringWriter baos = new StringWriter();
e.printStackTrace(new PrintWriter(baos));
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: Exception occured: " + e.getMessage() + "\n" + baos.getBuffer().toString());
try {
FSUtils.forwardRequest(request, response, framedPageURL);
} catch (Exception ex) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: IOException occured: ", e);
}
return;
}
}
Also used :
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
FSResponse(com.sun.identity.federation.message.FSResponse)
XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager)
FSSOAPService(com.sun.identity.federation.services.FSSOAPService)
Document(org.w3c.dom.Document)
SOAPMessage(javax.xml.soap.SOAPMessage)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
Example 4 with FSSOAPService
use of com.sun.identity.federation.services.FSSOAPService in project OpenAM by OpenRock.
the class FSFedTerminationHandler method doFederationTermination.
/**
* Initiates federation termination at remote end.
* The termination requested is constructed and based on the profile the
* request is sent over SOAP or as HTTP redirect. Profile is always based on
* the SPs profile
* @param acctInfo represents the user account federation information
* @return <code>true</code> if termination request is sent to remote
* provider successfully; <code>false</code> otherwise.
*/
private boolean doFederationTermination(HttpServletRequest request, HttpServletResponse response, FSAccountFedInfo acctInfo) {
FSUtils.debug.message("Entered FSFedTerminationHandler::doFederationTermination");
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSFedTerminationHandler::doFederationTermination create" + " request start");
}
FSFederationTerminationNotification reqFedTermination = createFederationTerminationRequest(acctInfo);
reqFedTermination.setMinorVersion(FSServiceUtils.getMinorVersion(remoteDescriptor.getProtocolSupportEnumeration()));
if (reqFedTermination == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFedTerminationHandler::Termination request could " + "not be formed");
}
// Always show success page since local termination succeeded
FSServiceUtils.returnLocallyAfterOperation(response, termination_done_url, true, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return false;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFedTerminationHandler::Termination request formed" + "successfully");
}
// Find out which profile to use
boolean isSOAPProfile = true;
if (acctInfo.isRoleIDP()) {
List hostProfiles = hostedDescriptor.getFederationTerminationNotificationProtocolProfile();
if (hostProfiles == null || hostProfiles.isEmpty()) {
FSUtils.debug.error("FSFedTerminationHandler::" + "doFederationTermination no termination profile" + " cannot process request");
FSServiceUtils.returnLocallyAfterOperation(response, termination_done_url, true, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return false;
}
String profile = (String) hostProfiles.iterator().next();
if (profile.equalsIgnoreCase(IFSConstants.TERMINATION_SP_SOAP_PROFILE) || profile.equalsIgnoreCase(IFSConstants.TERMINATION_IDP_SOAP_PROFILE)) {
isSOAPProfile = true;
} else if (profile.equalsIgnoreCase(IFSConstants.TERMINATION_SP_HTTP_PROFILE) || profile.equalsIgnoreCase(IFSConstants.TERMINATION_IDP_HTTP_PROFILE)) {
isSOAPProfile = false;
} else {
FSUtils.debug.error("FSFedTerminationHandler::" + "doFederationTermination Invalid termination profile" + " cannot process request");
FSServiceUtils.returnLocallyAfterOperation(response, termination_done_url, true, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return false;
}
} else {
List remoteProfiles = remoteDescriptor.getFederationTerminationNotificationProtocolProfile();
if (remoteProfiles == null || remoteProfiles.isEmpty()) {
FSUtils.debug.error("FSFedTerminationHandler::" + "doFederationTermination no termination profile" + " cannot process request");
FSServiceUtils.returnLocallyAfterOperation(response, termination_done_url, true, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return false;
}
String profile = (String) remoteProfiles.iterator().next();
if (profile.equalsIgnoreCase(IFSConstants.TERMINATION_SP_SOAP_PROFILE) || profile.equalsIgnoreCase(IFSConstants.TERMINATION_IDP_SOAP_PROFILE)) {
isSOAPProfile = true;
} else if (profile.equalsIgnoreCase(IFSConstants.TERMINATION_SP_HTTP_PROFILE) || profile.equalsIgnoreCase(IFSConstants.TERMINATION_IDP_HTTP_PROFILE)) {
isSOAPProfile = false;
} else {
FSUtils.debug.error("FSFedTerminationHandler::" + "doFederationTermination Invalid termination profile" + " cannot process request");
FSServiceUtils.returnLocallyAfterOperation(response, termination_done_url, true, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return false;
}
}
if (isSOAPProfile) {
FSSOAPService instSOAP = FSSOAPService.getInstance();
if (instSOAP != null) {
FSUtils.debug.message("Signing suceeded. To call bindTerminationRequest");
//String id = reqFedTermination.getRequestID();
reqFedTermination.setID(IFSConstants.TERMINATIONID);
SOAPMessage msgTermination = instSOAP.bind(reqFedTermination.toXMLString(true, true));
if (msgTermination != null) {
try {
if (FSServiceUtils.isSigningOn()) {
int minorVersion = reqFedTermination.getMinorVersion();
if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
msgTermination = signTerminationRequest(msgTermination, IFSConstants.ID, reqFedTermination.getID());
} else if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
msgTermination = signTerminationRequest(msgTermination, IFSConstants.REQUEST_ID, reqFedTermination.getRequestID());
} else {
FSUtils.debug.message("invalid minor version.");
}
}
boolean sendStatus = instSOAP.sendTerminationMessage(msgTermination, remoteDescriptor.getSoapEndpoint());
// Call SP Adapter for SP initiated SOAP profile
if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
try {
spAdapter.postTerminationNotificationSuccess(hostedEntityId, request, response, userID, reqFedTermination, IFSConstants.TERMINATION_SP_SOAP_PROFILE);
} catch (Exception e) {
// ignore adapter exception
FSUtils.debug.error("postTerm.SP/SOAP", e);
}
}
}
// Always show success page since local termination
// succeeded and that is what is important
FSServiceUtils.returnLocallyAfterOperation(response, termination_done_url, true, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return sendStatus;
} catch (Exception e) {
FSUtils.debug.error("FSFedTerminationHandler::" + "doFederationTermination " + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
// Always show success page since local
// termination succeeded
FSServiceUtils.returnLocallyAfterOperation(response, termination_done_url, true, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return false;
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSPFedTerminationHandler::doFederation" + "Termination failed. Error in forming Message");
}
FSUtils.debug.error("FSSPFedTerminationHandler.doFederationTermination " + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
// Always show success page since local termination
// succeeded
FSServiceUtils.returnLocallyAfterOperation(response, termination_done_url, true, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return false;
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSFedTerminationHandler::doFederationTermination " + "failed. Cannot get Service Manager instance");
}
FSUtils.debug.error("FSSPFedTerminationHandler::doFederationTermination " + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
// Always show success page since local termination succeeded
FSServiceUtils.returnLocallyAfterOperation(response, termination_done_url, true, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return false;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSFedTerminationHandler::doFederationTermination " + "In Redirect profile");
}
String urlEncodedRequest = reqFedTermination.toURLEncodedQueryString();
// Sign the request querystring
if (FSServiceUtils.isSigningOn()) {
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null || certAlias.length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler:: " + "signSAMLRequest:" + "couldn't obtain this site's cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
}
urlEncodedRequest = FSSignatureUtil.signAndReturnQueryString(urlEncodedRequest, certAlias);
}
StringBuffer redirectURL = new StringBuffer();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Request to be sent : " + urlEncodedRequest);
}
String retURL = remoteDescriptor.getFederationTerminationServiceURL();
redirectURL.append(retURL);
if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
redirectURL.append(IFSConstants.QUESTION_MARK);
} else {
redirectURL.append(IFSConstants.AMPERSAND);
}
redirectURL.append(urlEncodedRequest);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSFedTerminationHandler::Redirect URL is " + redirectURL.toString());
}
// FSTerminationReturnServlet, but info not available there
if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
try {
spAdapter.postTerminationNotificationSuccess(hostedEntityId, request, response, userID, reqFedTermination, IFSConstants.TERMINATION_SP_HTTP_PROFILE);
} catch (Exception e) {
// ignore adapter exception
FSUtils.debug.error("postTerm.SP/HTTP", e);
}
}
}
response.sendRedirect(redirectURL.toString());
return true;
}
} catch (IOException e) {
FSUtils.debug.error("FSFedTerminationHandler" + FSUtils.bundle.getString(IFSConstants.FEDERATION_REDIRECT_FAILED));
} catch (FSMsgException e) {
FSUtils.debug.error("FSFedTerminationHandler::doFederationTermination " + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
} catch (SAMLResponderException e) {
FSUtils.debug.error("FSFedTerminationHandler::doFederationTermination " + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
}
// Always show success page since local termination succeeded
FSServiceUtils.returnLocallyAfterOperation(response, termination_done_url, true, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return false;
}
Also used :
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSFederationTerminationNotification(com.sun.identity.federation.message.FSFederationTerminationNotification)
FSSOAPService(com.sun.identity.federation.services.FSSOAPService)
IOException(java.io.IOException)
SOAPMessage(javax.xml.soap.SOAPMessage)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
IOException(java.io.IOException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
List(java.util.List)
FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Example 5 with FSSOAPService
use of com.sun.identity.federation.services.FSSOAPService in project OpenAM by OpenRock.
the class FSNameRegistrationHandler method doRemoteRegistration.
/**
* Initiates federation registration at remote end.
* The registration request is constructed and based on the profile the
* request is sent over SOAP or as HTTP redirect. Profile is always based on
* the SPs profile.
* @return <code>true</code> if the process is successful;
* <code>false</code> otherwise.
*/
private boolean doRemoteRegistration() {
FSUtils.debug.message("Entered FSNameRegistrationHandler::doRemoteRegistration");
try {
try {
if (acctInfo == null) {
acctInfo = managerInst.readAccountFedInfo(userID, remoteEntityId);
}
} catch (FSAccountMgmtException e) {
returnLocallyAtSource(response, false);
return false;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::doRemoteRegistration create" + " request start");
}
FSNameRegistrationRequest regisRequest = createNameRegistrationRequest(acctInfo);
if (regisRequest == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::Registration request could " + "not be formed");
}
returnLocallyAtSource(response, false);
return false;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::Registration request formed" + "successfully");
}
// Find out which profile to use
boolean isSOAPProfile = true;
if (acctInfo.isRoleIDP()) {
List hostProfiles = hostedDescriptor.getRegisterNameIdentifierProtocolProfile();
if (hostProfiles == null || hostProfiles.isEmpty()) {
FSUtils.debug.error("FSNameRegistrationHandler::" + "doRemoteRegistration no registration profile" + " cannot process request");
returnLocallyAtSource(response, false);
return false;
}
String hostProfile = (String) hostProfiles.iterator().next();
if (hostProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_SP_SOAP_PROFILE) || hostProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_IDP_SOAP_PROFILE)) {
isSOAPProfile = true;
} else if (hostProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_SP_HTTP_PROFILE) || hostProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_IDP_HTTP_PROFILE)) {
isSOAPProfile = false;
} else {
FSUtils.debug.error("FSNameRegistrationHandler::" + "doRemoteRegistration Invalid registration profile" + " cannot process request");
returnLocallyAtSource(response, false);
return false;
}
} else {
List remoteProfiles = remoteDescriptor.getRegisterNameIdentifierProtocolProfile();
if (remoteProfiles == null || remoteProfiles.isEmpty()) {
FSUtils.debug.error("FSNameRegistrationHandler::" + "doRemoteRegistration no registration profile" + " cannot process request");
returnLocallyAtSource(response, false);
return false;
}
String remoteProfile = (String) remoteProfiles.iterator().next();
if (remoteProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_SP_SOAP_PROFILE) || remoteProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_IDP_SOAP_PROFILE)) {
isSOAPProfile = true;
} else if (remoteProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_SP_HTTP_PROFILE) || remoteProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_IDP_HTTP_PROFILE)) {
isSOAPProfile = false;
} else {
FSUtils.debug.error("FSNameRegistrationHandler::" + "doRemoteRegistration Invalid registration profile" + " cannot process request");
returnLocallyAtSource(response, false);
return false;
}
}
if (isSOAPProfile) {
FSSOAPService instSOAP = FSSOAPService.getInstance();
if (instSOAP != null) {
FSUtils.debug.message("Signing suceeded. To call bindRegistrationRequest");
regisRequest.setID(IFSConstants.REGISTRATIONID);
SOAPMessage msgRegistration = instSOAP.bind(regisRequest.toXMLString(true, true));
if (msgRegistration != null) {
SOAPMessage retSOAPMessage = null;
try {
if (FSServiceUtils.isSigningOn()) {
int minorVersion = regisRequest.getMinorVersion();
if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
msgRegistration = signRegistrationRequest(msgRegistration, IFSConstants.ID, regisRequest.getID());
} else if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
msgRegistration = signRegistrationRequest(msgRegistration, IFSConstants.REQUEST_ID, regisRequest.getRequestID());
} else {
FSUtils.debug.message("invalid minor version.");
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("calling " + "sendRegistrationMessage");
}
retSOAPMessage = instSOAP.sendMessage(msgRegistration, remoteDescriptor.getSoapEndpoint());
} catch (SOAPException e) {
FSUtils.debug.error("Error in sending request ", e);
returnLocallyAtSource(response, false);
return false;
} catch (Exception ex) {
FSUtils.debug.error("Error in sending request:", ex);
returnLocallyAtSource(response, false);
return false;
}
if (retSOAPMessage == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("sendRegistrationMessage" + "return response is null");
}
returnLocallyAtSource(response, false);
return false;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("calling" + "parseSOAPMessage after return from IDP");
}
Element elt = instSOAP.parseSOAPMessage(retSOAPMessage);
if (FSServiceUtils.isSigningOn() && regisResponse != null) {
if (!verifyResponseSignature(retSOAPMessage, acctInfo.isRoleIDP())) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Response " + "signature verification failed");
FSUtils.debug.message("Name registration" + " failed in doRemoteRegistration");
}
returnLocallyAtSource(response, false);
return false;
}
}
FSUtils.debug.message("Response signature verification succeeded");
if (elt.getLocalName().equalsIgnoreCase(IFSConstants.NAME_REGISTRATION_RESPONSE)) {
FSNameRegistrationResponse regisResponse = null;
try {
regisResponse = new FSNameRegistrationResponse(elt);
} catch (SAMLException e) {
regisResponse = null;
}
if (regisResponse != null) {
String responseStatus = ((regisResponse.getStatus()).getStatusCode()).getValue();
if (responseStatus.equals(IFSConstants.SAML_SUCCESS)) {
FSUtils.debug.message("Name registration Successful");
// do local update
oldAcctKey = (FSAccountFedInfoKey) returnMap.get("OldAccountKey");
if (oldAcctKey != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Get OldAcctKet Name : " + oldAcctKey.getName() + "\nGet OldAcctKet Qualifier:" + oldAcctKey.getNameSpace());
}
} else {
FSUtils.debug.message("OldAccount Key is null");
}
newAcctKey = (FSAccountFedInfoKey) returnMap.get("AccountKey");
if (newAcctKey != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Get newAcctKey Name : " + newAcctKey.getName() + "\nGet newAcctKey Qualifier:" + newAcctKey.getNameSpace());
}
} else {
FSUtils.debug.message("newAcctKey Key is null");
}
newAcctInfo = (FSAccountFedInfo) returnMap.get("AccountInfo");
userID = (String) returnMap.get("userID");
regisSource = (String) returnMap.get("RegisSource");
returnURL = (String) returnMap.get(IFSConstants.LRURL);
boolean bStatus = doCommonRegistration();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("doCommonRegistration returns " + bStatus);
}
// Call SP Adapter
if (bStatus && hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
FSUtils.debug.message("doRemoteRegis");
callPostRegisterNameIdentifierSuccess(request, response, userID, regisRequest, regisResponse, IFSConstants.NAME_REGISTRATION_SP_SOAP_PROFILE);
}
returnLocallyAtSource(response, bStatus);
return bStatus;
} else if (responseStatus.equals(IFSConstants.FEDERATION_NOT_EXISTS_STATUS)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Name " + "registration Failed. " + "Federation does not exist");
}
returnLocallyAtSource(response, false);
return false;
} else if (responseStatus.equals(IFSConstants.REGISTRATION_FAILURE_STATUS)) {
FSUtils.debug.message("Name registration Failed.");
returnLocallyAtSource(response, false);
return false;
}
}
}
}
}
returnLocallyAtSource(response, false);
return false;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::doRemoteRegistration " + "In Redirect profile");
}
// addition of relay state
FSNameIdentifierHelper nameHelper = new FSNameIdentifierHelper(hostedConfig);
String newId = nameHelper.createNameIdentifier();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Registration Id : " + newId);
}
regisRequest.setRelayState(newId);
// add information to FSRegistrationMap
HashMap valMap = new HashMap();
valMap.put("SSODetails", regisMap);
valMap.put("ReturnEntry", returnMap);
if (returnURL != null) {
valMap.put(IFSConstants.LRURL, returnURL);
}
FSRegistrationManager registInst = FSRegistrationManager.getInstance(metaAlias);
registInst.setRegistrationMapInfo(newId, valMap);
// sat1 add null checks
Set ketSet = valMap.keySet();
Iterator iter = ketSet.iterator();
String key = null;
String value = null;
while (iter.hasNext()) {
key = (String) iter.next();
value = (String) regisMap.get(key);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Putting in Map Key : " + key + "\nPutting in Map Value : " + value);
}
}
String urlEncodedRequest = regisRequest.toURLEncodedQueryString();
// Sign the request querystring
if (FSServiceUtils.isSigningOn()) {
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null || certAlias.length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler:: " + "signSAMLRequest:" + "couldn't obtain this site's cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
}
urlEncodedRequest = FSSignatureUtil.signAndReturnQueryString(urlEncodedRequest, certAlias);
}
StringBuffer redirectURL = new StringBuffer();
String retURL = remoteDescriptor.getRegisterNameIdentifierServiceURL();
redirectURL.append(retURL);
if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
redirectURL.append(IFSConstants.QUESTION_MARK);
} else {
redirectURL.append(IFSConstants.AMPERSAND);
}
redirectURL.append(urlEncodedRequest);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Request to be sent : " + redirectURL.toString());
}
// end of addition
response.sendRedirect(redirectURL.toString());
return true;
}
} catch (IOException e) {
FSUtils.debug.error("FSNameRegistrationHandler" + FSUtils.bundle.getString(IFSConstants.FEDERATION_REDIRECT_FAILED));
} catch (FSMsgException e) {
FSUtils.debug.error("FSNameRegistrationHandler::doRemoteRegistration " + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
} catch (SAMLResponderException e) {
FSUtils.debug.error("FSNameRegistrationHandler::doRemoteRegistration " + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
}
returnLocallyAtSource(response, false);
return false;
}
Also used :
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
Set(java.util.Set)
HashMap(java.util.HashMap)
Element(org.w3c.dom.Element)
FSNameRegistrationRequest(com.sun.identity.federation.message.FSNameRegistrationRequest)
FSSOAPService(com.sun.identity.federation.services.FSSOAPService)
IOException(java.io.IOException)
SOAPMessage(javax.xml.soap.SOAPMessage)
SAMLException(com.sun.identity.saml.common.SAMLException)
SOAPException(javax.xml.soap.SOAPException)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SAMLException(com.sun.identity.saml.common.SAMLException)
IOException(java.io.IOException)
FSNameIdentifierHelper(com.sun.identity.federation.services.util.FSNameIdentifierHelper)
SOAPException(javax.xml.soap.SOAPException)
FSNameRegistrationResponse(com.sun.identity.federation.message.FSNameRegistrationResponse)
Iterator(java.util.Iterator)
List(java.util.List)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Aggregations
FSSOAPService (com.sun.identity.federation.services.FSSOAPService)5
SAMLException (com.sun.identity.saml.common.SAMLException)5
SOAPMessage (javax.xml.soap.SOAPMessage)5
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)4
SessionException (com.sun.identity.plugin.session.SessionException)4
SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)4
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)3
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)3
IOException (java.io.IOException)3
FederationSPAdapter (com.sun.identity.federation.plugins.FederationSPAdapter)2
FSSession (com.sun.identity.federation.services.FSSession)2
FSSessionManager (com.sun.identity.federation.services.FSSessionManager)2
List (java.util.List)2
Element (org.w3c.dom.Element)2
COTException (com.sun.identity.cot.COTException)1
FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)1
FSException (com.sun.identity.federation.common.FSException)1
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)1
FSFederationTerminationNotification (com.sun.identity.federation.message.FSFederationTerminationNotification)1
FSLogoutNotification (com.sun.identity.federation.message.FSLogoutNotification)1
