Example 1 with FSServiceManager
use of com.sun.identity.federation.services.FSServiceManager in project OpenAM by OpenRock.
the class FSAssertionConsumerService method doPost.
/**
* Handles post profile.
* @param request <code>HttpServletRequest</code> object
* @param response <code>HttpServletResponse</code> object
* @exception ServletException, IOException if error occurs.
*/
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
FSUtils.debug.message("FSAssertionConsumerService.doPost : called");
Document doc = null;
if ((request == null) || (response == null)) {
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
return;
}
String metaAlias = FSServiceUtils.getMetaAlias(request);
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
String baseURL = FSServiceUtils.getBaseURL(request);
String framedPageURL = FSServiceUtils.getCommonLoginPageURL(metaAlias, null, null, request, baseURL);
String hostEntityId = null;
SPDescriptorType hostDesc = null;
BaseConfigType hostConfig = null;
try {
hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
hostDesc = metaManager.getSPDescriptor(realm, hostEntityId);
hostConfig = metaManager.getSPDescriptorConfig(realm, hostEntityId);
} catch (Exception e) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Exception when obtain host meta data:", e);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
// obtain AuthnResponse message
String encodedAuthnResponse = request.getParameter(IFSConstants.POST_AUTHN_RESPONSE_PARAM);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "Base64 encoded AuthnResponse: " + encodedAuthnResponse);
}
if (encodedAuthnResponse == null) {
String[] data = { FSUtils.bundle.getString("missingAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.MISSING_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("missingAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
encodedAuthnResponse = encodedAuthnResponse.replace(' ', '\n');
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "Base64 encoded AuthnResponse2: " + encodedAuthnResponse);
}
FSAuthnResponse authnResponse = null;
try {
String decodedAuthnResponse = new String(Base64.decode(encodedAuthnResponse));
FSUtils.debug.message("Decoded authnResponse" + decodedAuthnResponse);
doc = XMLUtils.toDOMDocument(decodedAuthnResponse, FSUtils.debug);
if (doc == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost:Error " + "while parsing input xml string");
}
throw new FSMsgException("parseError", null);
}
authnResponse = new FSAuthnResponse(doc.getDocumentElement());
if (authnResponse == null) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. " + "Can't parse Base64 encoded AuthnResponse");
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
} catch (FSException e) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. FSException" + " occured while parsing Base64 encoded AuthnResponse: ", e);
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
} catch (SAMLException e) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. SAMLException" + " occurred while parsing Base64 encoded AuthnResponse: ", e);
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "AuthnResponse received is valid: " + authnResponse.toXMLString());
}
} catch (FSException e) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. FSException" + " occurred while calling AuthnResponse.toXMLString(): ", e);
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
FSAuthnRequest authnRequest = null;
String requestID = authnResponse.getInResponseTo();
if (requestID == null) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. AuthnResponse " + "received does not have inResponseTo attribute");
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "AuthnResponse received is against requestID: " + requestID);
}
authnRequest = getInResponseToRequest(requestID, metaAlias);
if (authnRequest == null) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. AuthnResponse" + " received does not have an associated AuthnRequest");
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
String framedLoginPageURL = FSServiceUtils.getCommonLoginPageURL(metaAlias, authnRequest.getRelayState(), null, request, baseURL);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "inResponseTo validation is successful");
}
try {
String idpEntityId = null;
IDPDescriptorType idpDescriptor = null;
if (!authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_LECP)) {
idpEntityId = getProvider(authnResponse.getInResponseTo(), metaAlias);
idpDescriptor = metaManager.getIDPDescriptor(realm, idpEntityId);
if (idpEntityId == null || idpDescriptor == null) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. Sender information " + "not found for the received AuthnResponse");
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedLoginPageURL);
return;
}
if ((FSServiceUtils.isSigningOn() || (FSServiceUtils.isSigningOptional() && authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_BROWSER_POST))) && !verifyAuthnResponseSignature(doc, idpDescriptor, idpEntityId)) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: Signature " + "verification failed");
FSUtils.forwardRequest(request, response, framedLoginPageURL);
return;
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "LECP Profile identified. IDP info is unknown so far" + "Get providerId from the response");
}
idpEntityId = authnResponse.getProviderId();
idpDescriptor = metaManager.getIDPDescriptor(realm, idpEntityId);
}
// handle sso
FSServiceManager sm = FSServiceManager.getInstance();
FSAssertionArtifactHandler handler = sm.getAssertionArtifactHandler(request, response, authnRequest, authnResponse, idpDescriptor, idpEntityId);
if (handler == null) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "could not create AssertionArtifactHandler");
String[] data = { FSUtils.bundle.getString("requestProcessingFailed") };
LogUtil.error(Level.INFO, LogUtil.AUTHN_REQUEST_PROCESSING_FAILED, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("requestProcessingFailed") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedLoginPageURL);
return;
}
handler.setHostEntityId(hostEntityId);
handler.setHostDescriptor(hostDesc);
handler.setHostDescriptorConfig(hostConfig);
handler.setMetaAlias(metaAlias);
handler.setRealm(realm);
handler.processAuthnResponse(authnResponse);
return;
} catch (Exception se) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Exception: ", se);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("requestProcessingFailed") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedLoginPageURL);
return;
}
}
Also used :
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest)
Document(org.w3c.dom.Document)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
SAMLException(com.sun.identity.saml.common.SAMLException)
ServletException(javax.servlet.ServletException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
FSServiceManager(com.sun.identity.federation.services.FSServiceManager)
FSAuthnResponse(com.sun.identity.federation.message.FSAuthnResponse)
FSException(com.sun.identity.federation.common.FSException)
Example 2 with FSServiceManager
use of com.sun.identity.federation.services.FSServiceManager in project OpenAM by OpenRock.
the class FSTerminationInitiationServlet method doTerminationInitiation.
/**
* Called when a Termination needs to be initiated with a remote provider.
* @param request <code>HTTPServletRequest</code> object received via a
* HTTP Redirect
* @param response <code>HTTPServletResponse</code> object to send the
* response back to user agent
* @param hostedProviderDesc the provider where termination is initiated
* @param hostedConfig hosted provider's extended meta
* @param realm the realm under which the entity resides
* @param hostedEntityId hosted provider's entity ID
* @param hostedRole hosted provider's role
* @param providerAlias hosted provider's meta alias
*/
private void doTerminationInitiation(HttpServletRequest request, HttpServletResponse response, ProviderDescriptorType hostedProviderDesc, BaseConfigType hostedConfig, String realm, String hostedEntityId, String hostedRole, String providerAlias) {
FSUtils.debug.message("Entered FSTerminationInitiationServlet::doTerminationInitiation");
try {
Object ssoToken = getValidToken(request);
if (ssoToken != null) {
String remoteEntityId = request.getParameter(IFSConstants.TERMINATION_PROVIDER_ID);
if (remoteEntityId == null || remoteEntityId.length() < 1) {
FSUtils.debug.error("Provider Id not found, display error page");
FSServiceUtils.showErrorPage(response, commonErrorPage, IFSConstants.TERMINATION_NO_PROVIDER, IFSConstants.CONTACT_ADMIN);
return;
}
// session token is valid, ProviderId available
FSServiceManager instSManager = FSServiceManager.getInstance();
if (instSManager != null) {
FSUtils.debug.message("FSServiceManager Instance not null");
String remoteProviderRole = IFSConstants.SP;
FSAccountFedInfo fedinfo = null;
if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
remoteProviderRole = IFSConstants.IDP;
FSSessionManager sessManager = FSSessionManager.getInstance(providerAlias);
FSSession ssoSession = sessManager.getSession(ssoToken);
if (ssoSession != null) {
if (!ssoSession.getOneTime()) {
fedinfo = ssoSession.getAccountFedInfo();
}
}
}
FSFedTerminationHandler handlerObj = instSManager.getFedTerminationHandler(remoteEntityId, remoteProviderRole, SessionManager.getProvider().getPrincipalName(ssoToken), realm, hostedEntityId, providerAlias);
if (handlerObj != null) {
handlerObj.setHostedDescriptor(hostedProviderDesc);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setHostedProviderRole(hostedRole);
handlerObj.setMetaAlias(providerAlias);
handlerObj.setRealm(realm);
handlerObj.setHostedEntityId(hostedEntityId);
if (fedinfo != null) {
handlerObj.setAccountInfo(fedinfo);
}
boolean bStatus = handlerObj.handleFederationTermination(request, response, ssoToken);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("handleFederationTermination status is : " + bStatus);
}
return;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to get termination " + "handler. User account Not valid");
}
}
} else {
FSUtils.debug.message("FSServiceManager Instance null");
}
FSServiceUtils.returnLocallyAfterOperation(response, termDoneURL, false, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return;
} else {
FSServiceUtils.redirectForAuthentication(request, response, providerAlias);
return;
}
} catch (IOException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("IOException in doTerminationInitiation", e);
}
} catch (SessionException ex) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("SessionException in doTerminationInitiation", ex);
}
}
FSServiceUtils.returnLocallyAfterOperation(response, termDoneURL, false, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return;
}
Also used :
FSServiceManager(com.sun.identity.federation.services.FSServiceManager)
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
IOException(java.io.IOException)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
Example 3 with FSServiceManager
use of com.sun.identity.federation.services.FSServiceManager in project OpenAM by OpenRock.
the class FSTerminationRequestServlet method doRequestProcessing.
/**
* Called when a Termination request is received from a remote provider.
* @param request <code>HTTPServletRequest</code> object received via HTTP
* Redirect
* @param response <code>HTTPServletResponse</code> object to send the
* response back to user agent
* @param hostedProviderDesc the provider for whom request is received
* @param hostedConfig hosted provider's extended meta
* @param hostedProviderRole hosted provider's role
* @param realm The realm under which the entity resides
* @param hostedEntityId hosted provider's entity ID
* @param providerAlias hosted provider's meta alias
* @param reqTermination the federation termination request
*/
private void doRequestProcessing(HttpServletRequest request, HttpServletResponse response, ProviderDescriptorType hostedProviderDesc, BaseConfigType hostedConfig, String hostedProviderRole, String realm, String hostedEntityId, String providerAlias, FSFederationTerminationNotification reqTermination) {
FSUtils.debug.message("Entered FSTerminationRequestServlet::doRequestProcessing");
String remoteEntityId = reqTermination.getProviderId();
String retURL = null;
ProviderDescriptorType remoteDesc = null;
boolean isIDP = false;
try {
if (hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
isIDP = true;
} else {
remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
}
if (remoteDesc == null) {
throw new IDFFMetaException((String) null);
}
retURL = remoteDesc.getFederationTerminationServiceReturnURL();
} catch (IDFFMetaException e) {
FSUtils.debug.error("FSTerminationRequestServlet.doRequest " + "Processing: Can not retrieve remote provider data." + remoteEntityId);
String[] data = { remoteEntityId, realm };
LogUtil.error(Level.INFO, LogUtil.INVALID_PROVIDER, data);
FSServiceUtils.returnToSource(response, retURL, commonErrorPage, IFSConstants.TERMINATION_INVALID_FEDERATION, IFSConstants.METADATA_ERROR);
return;
}
boolean bVerify = true;
if (FSServiceUtils.isSigningOn()) {
try {
if (remoteDesc != null) {
FSUtils.debug.message("Calling verifyTerminationSignature");
bVerify = verifyTerminationSignature(request, remoteDesc, remoteEntityId, isIDP);
} else {
FSUtils.debug.error("Remote provider metadata not found.");
String[] data = { remoteEntityId, realm };
LogUtil.error(Level.INFO, LogUtil.INVALID_PROVIDER, data);
FSServiceUtils.returnToSource(response, retURL, commonErrorPage, IFSConstants.TERMINATION_INVALID_FEDERATION, IFSConstants.METADATA_ERROR);
return;
}
} catch (FSException e) {
FSUtils.debug.error("FSTerminationRequestServlet::doRequestProcessing " + "Signature on termination request is invalid" + "Cannot proceed federation termination");
String[] data = { FSUtils.bundle.getString(IFSConstants.TERMINATION_INVALID_SIGNATURE) };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data);
FSServiceUtils.returnToSource(response, retURL, commonErrorPage, IFSConstants.TERMINATION_INVALID_FEDERATION, IFSConstants.METADATA_ERROR);
return;
} catch (SAMLException e) {
FSUtils.debug.error("FSFedTerminationHandler::doRequestProcessing " + "Signature on termination request is invalid" + "Cannot proceed federation termination");
String[] data = { FSUtils.bundle.getString(IFSConstants.TERMINATION_INVALID_SIGNATURE) };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data);
FSServiceUtils.returnToSource(response, retURL, commonErrorPage, IFSConstants.TERMINATION_INVALID_FEDERATION, IFSConstants.METADATA_ERROR);
return;
}
}
if (bVerify) {
// Check if trusted provider
if (metaManager.isTrustedProvider(realm, hostedEntityId, remoteEntityId)) {
FSServiceManager instService = FSServiceManager.getInstance();
if (instService != null) {
FSFedTerminationHandler termHandler = instService.getFedTerminationHandler(reqTermination, hostedConfig, realm, hostedEntityId, hostedProviderRole, providerAlias, remoteEntityId);
if (termHandler != null) {
termHandler.setHostedDescriptor(hostedProviderDesc);
termHandler.setHostedDescriptorConfig(hostedConfig);
termHandler.setRealm(realm);
termHandler.setHostedEntityId(hostedEntityId);
termHandler.setHostedProviderRole(hostedProviderRole);
termHandler.setMetaAlias(providerAlias);
termHandler.setRemoteEntityId(remoteEntityId);
termHandler.setRemoteDescriptor(remoteDesc);
termHandler.processTerminationRequest(request, response, reqTermination);
return;
} else {
FSUtils.debug.error("Unable to get termination " + "handler. User account Not valid");
}
} else {
FSUtils.debug.error("FSServiceManager instance is null" + " Cannot process termination request");
}
} else {
FSUtils.debug.error("Remote provider not in trusted list");
}
} else {
FSUtils.debug.error("FSTerminationRequestServlet::doRequestProcesing " + "Signature on termination request is invalid" + "Cannot proceed federation termination");
String[] data = { FSUtils.bundle.getString(IFSConstants.TERMINATION_INVALID_SIGNATURE) };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data);
}
FSServiceUtils.returnToSource(response, retURL, commonErrorPage, IFSConstants.TERMINATION_INVALID_FEDERATION, IFSConstants.METADATA_ERROR);
}
Also used :
FSServiceManager(com.sun.identity.federation.services.FSServiceManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
FSException(com.sun.identity.federation.common.FSException)
SAMLException(com.sun.identity.saml.common.SAMLException)
Example 4 with FSServiceManager
use of com.sun.identity.federation.services.FSServiceManager in project OpenAM by OpenRock.
the class FSProcessLogoutServlet method doLogoutInitiation.
/**
* Initiates logout request processing. Called when a logout is to be
* initiated or when returned from a remote provider.
* @param request <code>HTTPServletRequest</code> object received via a
* HTTP Redirect
* @param response <code>HTTPServletResponse</code> object to be sent back
* to user agent
* @param hostedDescriptor the provider for whom request is received
* @param hostedConfig hosted provider's extended meta config
* @param realm the realm in which the provider resides
* @param hostedEntityId hosted provider's entity id
* @param metaAlias hosted provider's meta alias
* @param ssoToken session token of the user
* @param logoutDoneURL where to go when logout is done
* @param sourceCheck source check string. Possible value:
* <code>local</code> : single logout initiated from local host
* <code>remote</code> : single logout initiated from remmote host
* <code>logoutGet</code> : Http Get action.
*/
private void doLogoutInitiation(HttpServletRequest request, HttpServletResponse response, ProviderDescriptorType hostedDescriptor, BaseConfigType hostedConfig, String realm, String hostedEntityId, String hostedRole, String metaAlias, Object ssoToken, String logoutDoneURL, String sourceCheck) {
FSUtils.debug.message("FSProcessLogoutServlet::doLogoutInitiation");
FSServiceManager instSManager = FSServiceManager.getInstance();
String relayState = request.getParameter(IFSConstants.LOGOUT_RELAY_STATE);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSProcessLogoutServlet.doLogoutInit: relay=" + relayState);
}
if (instSManager != null) {
FSUtils.debug.message("FSServiceManager Instance not null");
FSPreLogoutHandler handlerObj = instSManager.getPreLogoutHandler();
if (handlerObj != null) {
handlerObj.setHostedDescriptor(hostedDescriptor);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setRealm(realm);
handlerObj.setHostedEntityId(hostedEntityId);
handlerObj.setHostedProviderRole(hostedRole);
handlerObj.setMetaAlias(metaAlias);
handlerObj.setRelayState(relayState);
handlerObj.handleSingleLogout(request, response, ssoToken, sourceCheck);
return;
} else {
FSUtils.debug.error("FSPreLogoutHandler is null.Cannot continue logout");
String[] data = { logoutDoneURL };
LogUtil.error(Level.INFO, LogUtil.LOGOUT_FAILED_INVALID_HANDLER, data, ssoToken);
}
} else {
FSUtils.debug.message("FSServiceManager Instance null. Cannot continue logout");
}
FSServiceUtils.returnLocallyAfterOperation(response, logoutDoneURL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
return;
}
Also used :
FSServiceManager(com.sun.identity.federation.services.FSServiceManager)
Example 5 with FSServiceManager
use of com.sun.identity.federation.services.FSServiceManager in project OpenAM by OpenRock.
the class FSProcessLogoutServlet method doRequestProcessing.
/**
* Initiates logout request processing. It is called when a logout request
* is received from a remote provider.
* @param request <code>HTTPServletRequest</code> object received via a
* HTTP Redirect
* @param response <code>HTTPServletResponse</code> object to be sent back
* to user agent
* @param hostedDescriptor the provider for whom request is received
* @param hostedConfig hosted provider's extended meta config
* @param hostedRole hosted provider's role
* @param realm the realm in which the entity resides
* @param hostedEntityId hosted provider's entity id
* @param metaAlias hosted provider's meta alias
* @param reqLogout the single logout request
* @param commonErrorPage where to go if an error occurred
* @param userID user id
* @param ssoToken user session object
*/
private void doRequestProcessing(HttpServletRequest request, HttpServletResponse response, ProviderDescriptorType hostedDescriptor, BaseConfigType hostedConfig, String hostedRole, String realm, String hostedEntityId, String metaAlias, FSLogoutNotification reqLogout, String commonErrorPage, String userID, Object ssoToken) {
FSUtils.debug.message("Entered FSProcessLogoutServlet::doRequestProcessing");
int minorVersion = reqLogout.getMinorVersion();
String remoteEntityId = reqLogout.getProviderId();
ProviderDescriptorType remoteDesc = null;
boolean isIDP = false;
try {
if (hostedRole != null) {
if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
} else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
isIDP = true;
}
}
if (remoteDesc == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException e) {
FSUtils.debug.error("Remote provider metadata not found.");
String[] data = { remoteEntityId, realm };
LogUtil.error(Level.INFO, LogUtil.INVALID_PROVIDER, data, ssoToken);
FSLogoutUtil.returnToSource(response, remoteDesc, IFSConstants.SAML_RESPONDER, commonErrorPage, minorVersion, hostedConfig, hostedEntityId, userID);
return;
}
boolean bVerify = true;
if (FSServiceUtils.isSigningOn()) {
try {
FSUtils.debug.message("Calling verifyLogoutSignature");
bVerify = verifyLogoutSignature(request, remoteDesc, remoteEntityId, isIDP);
} catch (FSException e) {
FSUtils.debug.error("FSProcessLogoutServlet::doRequestProcessing " + "Signature on Logout request is invalid" + "Cannot proceed federation Logout");
String[] data = { userID };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data, ssoToken);
FSLogoutUtil.returnToSource(response, remoteDesc, IFSConstants.SAML_REQUESTER, commonErrorPage, minorVersion, hostedConfig, hostedEntityId, userID);
return;
} catch (SAMLException e) {
FSUtils.debug.error("FSProcessLogoutServlet::doRequestProcessing(SAML) " + "Signature on Logout request is invalid" + "Cannot proceed federation Logout");
String[] data = { userID };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data, ssoToken);
FSLogoutUtil.returnToSource(response, remoteDesc, IFSConstants.SAML_REQUESTER, commonErrorPage, minorVersion, hostedConfig, hostedEntityId, userID);
return;
}
}
String errorStatus = IFSConstants.SAML_RESPONDER;
if (bVerify) {
// Check if trusted provider
if (metaManager.isTrustedProvider(realm, hostedEntityId, remoteEntityId)) {
//Object ssoToken = getValidToken(request);
if (ssoToken != null) {
// session is valid, start single logout
// Invoke Messaging APIs to get providerid from request
FSServiceManager instSManager = FSServiceManager.getInstance();
if (instSManager != null) {
FSUtils.debug.message("FSServiceManager Instance not null");
// Call SP Adapter preSingleLogoutProcess
// for IDP/HTTP case
callPreSingleLogoutProcess(request, response, hostedRole, hostedConfig, hostedEntityId, userID, reqLogout);
FSPreLogoutHandler handlerObj = instSManager.getPreLogoutHandler();
if (handlerObj != null) {
handlerObj.setLogoutRequest(reqLogout);
handlerObj.setHostedDescriptor(hostedDescriptor);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setRealm(realm);
handlerObj.setHostedEntityId(hostedEntityId);
handlerObj.setHostedProviderRole(hostedRole);
handlerObj.setMetaAlias(metaAlias);
handlerObj.setRemoteEntityId(remoteEntityId);
handlerObj.setRemoteDescriptor(remoteDesc);
handlerObj.processHttpSingleLogoutRequest(request, response, ssoToken);
return;
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSServiceManager Instance null. Cannot" + " continue logout");
}
String[] data = { userID };
LogUtil.error(Level.INFO, LogUtil.LOGOUT_FAILED, data, ssoToken);
FSLogoutUtil.returnToSource(response, remoteDesc, IFSConstants.SAML_RESPONDER, commonErrorPage, minorVersion, hostedConfig, hostedEntityId, userID);
return;
}
} else {
// ssoToken is null
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Invalid session in request processing. " + "Nothing to logout");
}
//Verify request,getUserDNcall destroyPrincipalSession
userID = FSLogoutUtil.getUserFromRequest(reqLogout, realm, hostedEntityId, hostedRole, hostedConfig, metaAlias);
if (userID != null) {
FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, reqLogout.getSessionIndex(), request, response);
// Here we need to send back to source
// provider's return URL
FSLogoutUtil.returnToSource(response, remoteDesc, IFSConstants.SAML_RESPONDER, commonErrorPage, minorVersion, hostedConfig, hostedEntityId, userID);
return;
}
}
} else {
FSUtils.debug.error("Remote provider not in trusted list");
}
} else {
FSUtils.debug.error("FSProcessLogoutServlet::doRequestProcesing " + "Signature on Logout request is invalid" + "Cannot proceed federation Logout");
String[] data = { userID };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data, ssoToken);
errorStatus = IFSConstants.SAML_REQUESTER;
}
FSLogoutUtil.returnToSource(response, remoteDesc, errorStatus, commonErrorPage, minorVersion, hostedConfig, hostedEntityId, userID);
return;
}
Also used :
FSServiceManager(com.sun.identity.federation.services.FSServiceManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
FSException(com.sun.identity.federation.common.FSException)
SAMLException(com.sun.identity.saml.common.SAMLException)
Aggregations
FSServiceManager (com.sun.identity.federation.services.FSServiceManager)9
FSException (com.sun.identity.federation.common.FSException)6
IOException (java.io.IOException)6
SessionException (com.sun.identity.plugin.session.SessionException)4
SAMLException (com.sun.identity.saml.common.SAMLException)4
ServletException (javax.servlet.ServletException)4
FSSessionManager (com.sun.identity.federation.services.FSSessionManager)3
FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)2
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)2
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)2
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)2
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)2
FSSession (com.sun.identity.federation.services.FSSession)2
ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)2
SPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)2
SessionProvider (com.sun.identity.plugin.session.SessionProvider)2
List (java.util.List)2
SOAPException (javax.xml.soap.SOAPException)2
FSAssertionArtifact (com.sun.identity.federation.message.FSAssertionArtifact)1
FSAuthnRequest (com.sun.identity.federation.message.FSAuthnRequest)1
