Example 1 with FSSession
use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.
the class FSPostLogin method setTokenListenerAndSessionInfo.
/**
* Sets the Session Listener and session information.
*
* @param request the <code>HttpServletRequest</code> object.
* @param metaAlias the provider alias string.
*/
private void setTokenListenerAndSessionInfo(HttpServletRequest request, String metaAlias) {
Object ssoToken = null;
String sessionID = null;
String userID = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
sessionID = sessionProvider.getSessionID(ssoToken);
userID = sessionProvider.getPrincipalName(ssoToken);
sessionProvider.addListener(ssoToken, new FSTokenListener(metaAlias));
} catch (SessionException ssoExp) {
FSUtils.debug.error("FSPostLogin::setTokenListenerAndSessionInfo " + "Failed during trying to add token Listener:", ssoExp);
return;
}
FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
FSSession session = sessionManager.getSession(userID, sessionID);
if (session == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPostLogin::setTokenListenerAndSessionInfo. " + "No existing session found for user " + userID + " And SessionID: " + sessionID + " Creating a new Session");
}
FSSession newSession = new FSSession(sessionID);
sessionManager.addSession(userID, newSession);
}
}
Also used :
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
FSTokenListener(com.sun.identity.federation.services.logout.FSTokenListener)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 2 with FSSession
use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.
the class FSTerminationInitiationServlet method doTerminationInitiation.
/**
* Called when a Termination needs to be initiated with a remote provider.
* @param request <code>HTTPServletRequest</code> object received via a
* HTTP Redirect
* @param response <code>HTTPServletResponse</code> object to send the
* response back to user agent
* @param hostedProviderDesc the provider where termination is initiated
* @param hostedConfig hosted provider's extended meta
* @param realm the realm under which the entity resides
* @param hostedEntityId hosted provider's entity ID
* @param hostedRole hosted provider's role
* @param providerAlias hosted provider's meta alias
*/
private void doTerminationInitiation(HttpServletRequest request, HttpServletResponse response, ProviderDescriptorType hostedProviderDesc, BaseConfigType hostedConfig, String realm, String hostedEntityId, String hostedRole, String providerAlias) {
FSUtils.debug.message("Entered FSTerminationInitiationServlet::doTerminationInitiation");
try {
Object ssoToken = getValidToken(request);
if (ssoToken != null) {
String remoteEntityId = request.getParameter(IFSConstants.TERMINATION_PROVIDER_ID);
if (remoteEntityId == null || remoteEntityId.length() < 1) {
FSUtils.debug.error("Provider Id not found, display error page");
FSServiceUtils.showErrorPage(response, commonErrorPage, IFSConstants.TERMINATION_NO_PROVIDER, IFSConstants.CONTACT_ADMIN);
return;
}
// session token is valid, ProviderId available
FSServiceManager instSManager = FSServiceManager.getInstance();
if (instSManager != null) {
FSUtils.debug.message("FSServiceManager Instance not null");
String remoteProviderRole = IFSConstants.SP;
FSAccountFedInfo fedinfo = null;
if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
remoteProviderRole = IFSConstants.IDP;
FSSessionManager sessManager = FSSessionManager.getInstance(providerAlias);
FSSession ssoSession = sessManager.getSession(ssoToken);
if (ssoSession != null) {
if (!ssoSession.getOneTime()) {
fedinfo = ssoSession.getAccountFedInfo();
}
}
}
FSFedTerminationHandler handlerObj = instSManager.getFedTerminationHandler(remoteEntityId, remoteProviderRole, SessionManager.getProvider().getPrincipalName(ssoToken), realm, hostedEntityId, providerAlias);
if (handlerObj != null) {
handlerObj.setHostedDescriptor(hostedProviderDesc);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setHostedProviderRole(hostedRole);
handlerObj.setMetaAlias(providerAlias);
handlerObj.setRealm(realm);
handlerObj.setHostedEntityId(hostedEntityId);
if (fedinfo != null) {
handlerObj.setAccountInfo(fedinfo);
}
boolean bStatus = handlerObj.handleFederationTermination(request, response, ssoToken);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("handleFederationTermination status is : " + bStatus);
}
return;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to get termination " + "handler. User account Not valid");
}
}
} else {
FSUtils.debug.message("FSServiceManager Instance null");
}
FSServiceUtils.returnLocallyAfterOperation(response, termDoneURL, false, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return;
} else {
FSServiceUtils.redirectForAuthentication(request, response, providerAlias);
return;
}
} catch (IOException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("IOException in doTerminationInitiation", e);
}
} catch (SessionException ex) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("SessionException in doTerminationInitiation", ex);
}
}
FSServiceUtils.returnLocallyAfterOperation(response, termDoneURL, false, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return;
}
Also used :
FSServiceManager(com.sun.identity.federation.services.FSServiceManager)
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
IOException(java.io.IOException)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
Example 3 with FSSession
use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.
the class FSNameRegistrationHandler method doCommonRegistration.
/**
* Performs the operations on the users federated account at both the SP
* side, IDP side. The input parameters are generated
* at SP side and at the IDP side it is retrieved from the request received.
* @return <code>true</code> if the operation succeeded; <code>false</code>
* otherwise.
*/
private boolean doCommonRegistration() {
try {
// Get userID
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("user id is " + userID);
FSUtils.debug.message("To write account fed info to DS");
}
if (oldAcctKey != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Old Account Key : " + oldAcctKey);
}
String oldNameIDValue = oldAcctKey.getName();
FSAccountFedInfo oldInfo = managerInst.readAccountFedInfo(userID, remoteEntityId, oldNameIDValue);
if (oldInfo != null) {
managerInst.removeAccountFedInfo(userID, oldInfo);
}
managerInst.writeAccountFedInfo(userID, newAcctKey, newAcctInfo, oldAcctKey);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Old Account Key : " + oldAcctKey);
}
if (acctInfo != null) {
managerInst.removeAccountFedInfo(userID, acctInfo);
}
managerInst.writeAccountFedInfo(userID, newAcctKey, newAcctInfo);
}
if ((ssoToken != null) && (hostedProviderRole.equalsIgnoreCase(IFSConstants.SP))) {
FSSessionManager sessManager = FSSessionManager.getInstance(metaAlias);
FSSession ssoSession = sessManager.getSession(ssoToken);
if (ssoSession != null) {
ssoSession.setAccountFedInfo(newAcctInfo);
}
}
return true;
} catch (FSAccountMgmtException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Error when writing user information:", e);
}
return false;
}
}
Also used :
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
FSSession(com.sun.identity.federation.services.FSSession)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
Example 4 with FSSession
use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.
the class FSSingleLogoutHandler method handleIDPProxyLogout.
private FSLogoutStatus handleIDPProxyLogout(String sourceEntityId) {
FSLogoutStatus retStatus = null;
FSUtils.debug.message("FSSingleLogoutHandler.handleIDPProxyLogout.");
// get sp metaAlias if any
String proxySPAlias = null;
boolean isProxy = false;
BaseConfigType proxySPConfig = null;
ProviderDescriptorType proxySPDescriptor = null;
if (hostedRole == IFSConstants.IDP) {
// see if there is a hosted SP with the same hostedEntityId
proxySPAlias = IDFFMetaUtils.getMetaAlias(realm, hostedEntityId, IFSConstants.SP, null);
if (proxySPAlias != null) {
// check to see if original SP is idp proxy enabled
if (metaManager != null) {
try {
BaseConfigType sourceSPConfig = metaManager.getSPDescriptorConfig(realm, sourceEntityId);
String enabledString = IDFFMetaUtils.getFirstAttributeValueFromConfig(sourceSPConfig, IFSConstants.ENABLE_IDP_PROXY);
if (enabledString != null && enabledString.equalsIgnoreCase("true")) {
isProxy = true;
}
} catch (IDFFMetaException ie) {
// Shouldn't be here
isProxy = false;
}
}
}
}
if (isProxy) {
FSUtils.debug.message("FSSingleLogoutHandler.handleIDPProxyLogout:isProxy is true.");
// see if there is any session with that proxySPAlias
try {
FSSessionManager sessionMgr = FSSessionManager.getInstance(proxySPAlias);
FSSession session = sessionMgr.getSession(ssoToken);
if (session != null) {
List partners = session.getSessionPartners();
if (partners != null && !partners.isEmpty()) {
FSSingleLogoutHandler handler = new FSSingleLogoutHandler();
proxySPConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
proxySPDescriptor = metaManager.getSPDescriptor(realm, hostedEntityId);
handler.setHostedDescriptor(proxySPDescriptor);
handler.setHostedDescriptorConfig(proxySPConfig);
handler.setRealm(realm);
handler.setHostedEntityId(hostedEntityId);
handler.setHostedProviderRole(IFSConstants.SP);
handler.setMetaAlias(proxySPAlias);
Iterator iter = partners.iterator();
retStatus = new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
// most of the time it will have only one idp partner
while (iter.hasNext()) {
FSSessionPartner sessionPartner = (FSSessionPartner) iter.next();
String curEntityId = sessionPartner.getPartner();
if (curEntityId.equals(sourceEntityId) || !sessionPartner.getIsRoleIDP()) {
continue;
}
FSLogoutStatus curStatus = handler.doIDPProxySoapProfile(request, response, sessionPartner, userID, session.getSessionIndex(), ssoToken);
if (!curStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
retStatus = curStatus;
}
}
}
}
} catch (Exception e) {
FSUtils.debug.error("FSSingleLogoutHandler.handleIDPProxy:", e);
retStatus = new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
}
return retStatus;
}
Also used :
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
FSSession(com.sun.identity.federation.services.FSSession)
ServletException(javax.servlet.ServletException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
IOException(java.io.IOException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner)
Iterator(java.util.Iterator)
List(java.util.List)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
Example 5 with FSSession
use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.
the class FSSingleLogoutHandler method processSingleLogoutRequest.
/**
* Processes the logout request received from soap profile.
* @param reqLogout the logout request
* @param currentSessionProvider initial provider with whom to broadcast
* @param userID who is presently logging out
* @param sourceEntityId remote provider id
* @param sessionIndex to be sent as part of logout message
* @param isWMLAgent determines if response to be sent to AML agent
* @param isSourceIDP determines the role of the provider
* @return logout status
*/
protected FSLogoutStatus processSingleLogoutRequest(FSLogoutNotification reqLogout, FSSessionPartner currentSessionProvider, String userID, String sourceEntityId, String sessionIndex, boolean isWMLAgent, String isSourceIDP) {
FSUtils.debug.message("Entered FSSingleLogoutHandler::processSingleLogoutRequest - SOAP");
if (currentSessionProvider != null) {
isCurrentProviderIDPRole = currentSessionProvider.getIsRoleIDP();
remoteEntityId = currentSessionProvider.getPartner();
setRemoteDescriptor(getRemoteDescriptor(remoteEntityId));
}
this.requestLogout = reqLogout;
this.userID = userID;
this.sessionIndex = sessionIndex;
this.isWMLAgent = isWMLAgent;
if (reqLogout != null) {
FSUtils.debug.message("FSLogoutNotification formed really well");
if (currentSessionProvider == null) {
FSUtils.debug.message("currentSessionProvider is null. destroy and return");
// get ssoToken corresponding to the session index
Vector sessionObjList = FSLogoutUtil.getSessionObjectList(userID, metaAlias, sessionIndex);
if ((sessionObjList != null) && !sessionObjList.isEmpty()) {
String sessid = ((FSSession) sessionObjList.get(0)).getSessionID();
try {
ssoToken = SessionManager.getProvider().getSession(sessid);
} catch (SessionException ex) {
// ignore;
}
}
// handle idp proxy case
FSLogoutStatus proxyStatus = handleIDPProxyLogout(sourceEntityId);
if (proxyStatus != null && !proxyStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
logoutStatus = false;
}
FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, reqLogout.getSessionIndex(), request, response);
// call multi-federation protocol processing
int retStatus = handleMultiProtocolLogout(true, null, sourceEntityId);
if ((retStatus == SingleLogoutManager.LOGOUT_FAILED_STATUS) || (retStatus == SingleLogoutManager.LOGOUT_PARTIAL_STATUS)) {
return new FSLogoutStatus(IFSConstants.LOGOUT_FAILURE);
} else {
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
}
} else {
// get ssoToken corresponding to the session index
Vector sessionObjList = FSLogoutUtil.getSessionObjectList(userID, metaAlias, sessionIndex);
if ((sessionObjList != null) && !sessionObjList.isEmpty()) {
String sessid = ((FSSession) sessionObjList.get(0)).getSessionID();
try {
ssoToken = SessionManager.getProvider().getSession(sessid);
} catch (SessionException ex) {
// ignore;
}
}
// handle idp proxy case.
FSLogoutStatus proxyStatus = handleIDPProxyLogout(sourceEntityId);
// Check if any of the connections use HTTP GET/Redirect
String currentEntityId = currentSessionProvider.getPartner();
isCurrentProviderIDPRole = currentSessionProvider.getIsRoleIDP();
if (!supportSOAPProfile(remoteDescriptor)) {
return new FSLogoutStatus(IFSConstants.SAML_UNSUPPORTED);
}
FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
FSSession session = sessionManager.getSession(sessionManager.getSessionList(userID), sessionIndex);
FSUtils.debug.message("FSSLOHandler, process logout case 4");
FSLogoutUtil.cleanSessionMapPartnerList(userID, currentEntityId, metaAlias, session);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Communicate with provider " + currentEntityId + " using soap profile.");
}
// In the middle of a SOAP call you can only use
// SOAP profile
FSUtils.debug.message("In SOAP profile");
// This func should take care of initiating
// next provider also as it has control
FSLogoutStatus bLogoutStatus = doIDPSoapProfile(currentEntityId);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Logout completed first round " + "with status : " + bLogoutStatus);
}
if (bLogoutStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS) && (proxyStatus != null) && !proxyStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
bLogoutStatus = proxyStatus;
}
return bLogoutStatus;
}
} else {
String[] data = { userID };
LogUtil.error(Level.INFO, LogUtil.LOGOUT_FAILED_REQUEST_IMPROPER, data);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Request not proper " + "Cannot proceed federation termination");
}
return new FSLogoutStatus(IFSConstants.SAML_REQUESTER);
}
}
Also used :
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
Vector(java.util.Vector)
Aggregations
FSSession (com.sun.identity.federation.services.FSSession)34
FSSessionManager (com.sun.identity.federation.services.FSSessionManager)30
SessionException (com.sun.identity.plugin.session.SessionException)26
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)15
IOException (java.io.IOException)13
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)12
FSSessionPartner (com.sun.identity.federation.services.FSSessionPartner)12
SAMLException (com.sun.identity.saml.common.SAMLException)12
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)9
SessionProvider (com.sun.identity.plugin.session.SessionProvider)9
List (java.util.List)9
FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)8
SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)8
HashMap (java.util.HashMap)8
Iterator (java.util.Iterator)8
COTException (com.sun.identity.cot.COTException)5
FSException (com.sun.identity.federation.common.FSException)5
FSLoginHelperException (com.sun.identity.federation.services.FSLoginHelperException)5
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)4
Vector (java.util.Vector)4
