Search in sources :

Example 16 with FSSession

use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.

the class FSSingleLogoutHandler method doSoapProfile.

/**
     * Initiates SOAP proifle logout.
     * @param providerId the first provider with SOAP as logout profile
     */
private FSLogoutStatus doSoapProfile(String providerId) {
    FSUtils.debug.message("Entered IDP's doSoapProfile");
    try {
        FSSessionManager sMgr = FSSessionManager.getInstance(metaAlias);
        FSSession session = sMgr.getSession(ssoToken);
        FSAccountFedInfo currentAccount = null;
        if (session != null) {
            currentAccount = session.getAccountFedInfo();
        }
        if (currentAccount == null && !session.getOneTime()) {
            currentAccount = FSLogoutUtil.getCurrentWorkingAccount(userID, providerId, metaAlias);
        }
        if (currentAccount == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSingleLogoutHandler. User's " + "account may have been terminated.");
            }
            return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
        }
        FSLogoutNotification reqLogout = createSingleLogoutRequest(currentAccount, sessionIndex);
        reqLogout.setMinorVersion(getMinorVersion(remoteDescriptor));
        if (reqLogout != null) {
            FSSOAPService instSOAP = FSSOAPService.getInstance();
            if (instSOAP != null) {
                FSUtils.debug.message("Signing suceeded. To call bindLogoutRequest");
                reqLogout.setID(IFSConstants.LOGOUTID);
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("logout request before sign: " + reqLogout.toXMLString(true, true));
                }
                SOAPMessage msgLogout = instSOAP.bind(reqLogout.toXMLString(true, true));
                if (msgLogout != null) {
                    SOAPMessage retSOAPMessage = null;
                    try {
                        if (FSServiceUtils.isSigningOn()) {
                            int minorVersion = reqLogout.getMinorVersion();
                            switch(minorVersion) {
                                case IFSConstants.FF_11_PROTOCOL_MINOR_VERSION:
                                    msgLogout = signLogoutRequest(msgLogout, IFSConstants.ID, reqLogout.getID());
                                    break;
                                case IFSConstants.FF_12_PROTOCOL_MINOR_VERSION:
                                    msgLogout = signLogoutRequest(msgLogout, IFSConstants.REQUEST_ID, reqLogout.getRequestID());
                                    break;
                                default:
                                    FSUtils.debug.message("invalid minor version.");
                                    break;
                            }
                        }
                        retSOAPMessage = instSOAP.sendMessage(msgLogout, remoteDescriptor.getSoapEndpoint());
                    } catch (Exception e) {
                        FSUtils.debug.error("FSSOAPException in doSOAPProfile" + " Cannot send request", e);
                        return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
                    }
                    if (retSOAPMessage != null) {
                        Element elt = instSOAP.parseSOAPMessage(retSOAPMessage);
                        if (FSServiceUtils.isSigningOn()) {
                            if (!verifyResponseSignature(retSOAPMessage)) {
                                if (FSUtils.debug.messageEnabled()) {
                                    FSUtils.debug.message("Response " + "signature verification failed");
                                }
                                FSServiceUtils.returnLocallyAfterOperation(response, LOGOUT_DONE_URL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
                                return new FSLogoutStatus(IFSConstants.SAML_REQUESTER);
                            }
                        }
                        this.requestLogout = reqLogout;
                        respObj = new FSLogoutResponse(elt);
                        // Call SP Adapter preSingleLogout for SP/SOAP
                        if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
                            FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
                            if (spAdapter != null) {
                                if (FSUtils.debug.messageEnabled()) {
                                    FSUtils.debug.message("FSSLOHandler." + "preSingleLogoutProcess, SP/SOAP");
                                }
                                try {
                                    spAdapter.preSingleLogoutProcess(hostedEntityId, request, response, userID, reqLogout, respObj, IFSConstants.LOGOUT_SP_SOAP_PROFILE);
                                } catch (Exception e) {
                                    // ignore adapter error
                                    FSUtils.debug.error("spAdapter." + "preSingleLogoutProcess, SP/SOAP:", e);
                                }
                            }
                        }
                        Status status = respObj.getStatus();
                        StatusCode statusCode = status.getStatusCode();
                        StatusCode secondLevelStatus = statusCode.getStatusCode();
                        String statusString = statusCode.getValue();
                        if (statusString.equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
                            if (FSUtils.debug.messageEnabled()) {
                                FSUtils.debug.message("FSSingleLogoutHandler: " + " doSoapProfile returning success");
                            }
                            return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
                        } else {
                            if (FSUtils.debug.messageEnabled()) {
                                FSUtils.debug.message("FSSingleLogoutHandler: " + "SOAP Profile failure " + statusString);
                            }
                            return new FSLogoutStatus(statusString);
                        }
                    }
                }
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Unable to bindLogoutRequest." + "Current Provider cannot be processed");
            }
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Unable to create logout request" + " Current Provider cannot be processed");
            }
        }
    } catch (Exception e) {
        FSUtils.debug.error("In IOException of doSOAPProfile : ", e);
    }
    return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
Also used : Status(com.sun.identity.saml.protocol.Status) FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo) Element(org.w3c.dom.Element) FSSession(com.sun.identity.federation.services.FSSession) FSLogoutNotification(com.sun.identity.federation.message.FSLogoutNotification) FSSOAPService(com.sun.identity.federation.services.FSSOAPService) SOAPMessage(javax.xml.soap.SOAPMessage) FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse) StatusCode(com.sun.identity.saml.protocol.StatusCode) ServletException(javax.servlet.ServletException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) IOException(java.io.IOException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)

Example 17 with FSSession

use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.

the class FSSSOAndFedService method handleAuthnRequest.

private void handleAuthnRequest(HttpServletRequest request, HttpServletResponse response, FSAuthnRequest authnRequest, String realm, String hostEntityId, boolean bLECP, String authnContext) {
    // post authn process
    FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: Called");
    IDPDescriptorType hostedDesc = null;
    BaseConfigType hostedConfig = null;
    String metaAlias = null;
    try {
        hostedDesc = metaManager.getIDPDescriptor(realm, hostEntityId);
        hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
        if (hostedConfig != null) {
            metaAlias = hostedConfig.getMetaAlias();
        }
    } catch (Exception e) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: " + "Couldn't obtain hosted meta:", e);
        }
    }
    /* Not really useful.
        String nameRegisDone = 
            request.getParameter(IFSConstants.NAMEREGIS_INDICATOR_PARAM);
        boolean doNameRegis = false;
        String doNameRegisStr = 
            IDFFMetaUtils.getFirstAttributeValueFromConfig(
                hostedConfig, IFSConstants.ENABLE_REGISTRATION_AFTER_SSO);
        if (doNameRegisStr != null && doNameRegisStr.equalsIgnoreCase("true")) {
            doNameRegis = true;
        }
        */
    Object ssoToken = null;
    String userID = null;
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        ssoToken = sessionProvider.getSession(request);
        if (ssoToken == null) {
            FSUtils.debug.error("FSSSOAndFedService.handleAuthnRequest: " + "session token is null.");
            return;
        } else if (!sessionProvider.isValid(ssoToken)) {
            FSUtils.debug.error("FSSSOAndFedService.handleAuthnRequest: " + "session token is not valid.");
            return;
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: " + "session token is valid.");
            }
        }
        FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
        FSSession session = sessionManager.getSession(ssoToken);
        userID = sessionProvider.getPrincipalName(ssoToken);
        if (session == null) {
            session = new FSSession(sessionProvider.getSessionID(ssoToken));
            session.setAuthnContext(authnContext);
            sessionManager.addSession(userID, session);
        } else {
            session.setAuthnContext(authnContext);
        }
    } catch (SessionException se) {
        FSUtils.debug.error("FSSSOAndFedService.handleAuthnRequest: ", se);
        return;
    }
    try {
        if (userID == null) {
            LogUtil.error(Level.INFO, LogUtil.USER_NOT_FOUND, null, ssoToken);
            return;
        }
        String remoteEntityID = authnRequest.getProviderId();
        FSAccountManager acctMng = FSAccountManager.getInstance(metaAlias);
        acctMng.readAccountFedInfo(userID, remoteEntityID);
    /* Not useful at all.  Commented out for now.
            if (doNameRegis &&
                (nameRegisDone == null || 
                    !nameRegisDone.equals(IFSConstants.TRUE)) && 
                !authnRequest.getFederate()) 
            {
                // have to do nameregis now 
                Map queryMap = new HashMap();
                queryMap.put(IFSConstants.AUTH_REQUEST_ID,
                    authnRequest.getRequestID());
                queryMap.put(IFSConstants.PROVIDER_ID_KEY,hostEntityId);
                queryMap.put(IFSConstants.AUTHN_CONTEXT,authnContext);
                FSServiceManager instSManager = FSServiceManager.getInstance();
                if (instSManager != null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message(
                            "FSSSOAndFedService.handleAuthnRequest:" +
                            "FSServiceManager Instance not null");
                    }
                    try {
                        FSNameRegistrationHandler handlerObj = 
                            instSManager.getNameRegistrationHandler(
                                realm, remoteEntityID, IFSConstants.SP); 
                        SPDescriptorType remoteProviderDesc = 
                            metaManager.getSPDescriptor(realm,remoteEntityID);
                        if (handlerObj != null) {
                            handlerObj.setHostedDescriptor(hostedDesc);
                            handlerObj.setHostedDescriptorConfig(hostedConfig);
                            handlerObj.setMetaAlias(metaAlias);
                            handlerObj.setHostedEntityId(hostEntityId);
                            handlerObj.handleNameRegistration(
                                request,
                                response, 
                                ssoToken,
                                (HashMap)queryMap);
                            if (FSUtils.debug.messageEnabled()) {
                                FSUtils.debug.message(
                                    "FSSSOAndFedService.handleAuthnRequest:" +
                                    "Control returned from name registration");
                            }
                            if (!FSServiceUtils.isRegisProfileSOAP(userID,
                                            remoteEntityID,
                                            remoteProviderDesc,
                                            metaAlias,
                                            hostedDesc))
                            {
                                return;
                            }
                        }
                    } catch (Exception ex){
                        FSUtils.debug.error(
                            "FSSSOAndFedService.handleAuthnRequest:Error in " +
                            "invoking Name registration. returning.", ex);
                        return;
                    }
                }
            }
            */
    } catch (FSAccountMgmtException exp) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedService:: handleAuthnRequest()" + " No account information avialable for user. " + "So no invocation " + " of name registration. ", exp);
        }
    }
    handleAuthnRequest(request, response, authnRequest, true, bLECP, realm, hostEntityId, metaAlias, hostedDesc, hostedConfig);
}
Also used : IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType) BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) FSAccountManager(com.sun.identity.federation.accountmgmt.FSAccountManager) ServletException(javax.servlet.ServletException) SOAPException(javax.xml.soap.SOAPException) SessionException(com.sun.identity.plugin.session.SessionException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 18 with FSSession

use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.

the class FSLogoutUtil method removeCurrentSessionPartner.

/**
     * Removes current session partner from the session partner list.
     *
     * @param metaAlias meta alias of the hosted provider
     * @param remoteEntityId id of the remote provider
     * @param ssoToken session object of the principal who presently login
     * @param userID id of the principal
     */
public static void removeCurrentSessionPartner(String metaAlias, String remoteEntityId, Object ssoToken, String userID) {
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSLogoutUtil.removeCSP, hosted=" + metaAlias + ", remote=" + remoteEntityId + ", userID=" + userID);
    }
    FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
    FSSession session = sessionManager.getSession(ssoToken);
    FSLogoutUtil.cleanSessionMapPartnerList(userID, remoteEntityId, metaAlias, session);
}
Also used : FSSession(com.sun.identity.federation.services.FSSession) FSSessionManager(com.sun.identity.federation.services.FSSessionManager)

Example 19 with FSSession

use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.

the class FSLogoutUtil method getLogoutGETProviders.

/**
     * Returns the list of all providers who want to be
     * notified of logout using HTTP GET profile.
     * @param userID principal who needs to be logged out
     * @param entityId current provider who uses HTTP GET profile for logout
     * @param sessionIndex for the current provider
     * @param realm the realm in which the provider resides
     * @param metaAlias the hosted provider performing logout
     * @return HashMap list of providers who indicate preference to be notified 
     * of logout using GET profile
     */
protected static HashMap getLogoutGETProviders(String userID, String entityId, String sessionIndex, String realm, String metaAlias) {
    try {
        FSUtils.debug.message("Entered FSLogoutUtil::getLogoutGETProviders");
        HashMap retMap = new HashMap();
        Vector providerVector = new Vector();
        HashMap sessionProvider = new HashMap();
        providerVector.addElement(entityId);
        sessionProvider.put(entityId, sessionIndex);
        FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
        synchronized (sessionMgr) {
            FSUtils.debug.message("About to call getSessionList");
            List sessionList = sessionMgr.getSessionList(userID);
            if (sessionList != null && !sessionList.isEmpty()) {
                FSUtils.debug.message("Session List is not empty");
                Iterator iSessionIter = sessionList.iterator();
                FSSession sessionObj;
                while (iSessionIter.hasNext()) {
                    sessionObj = (FSSession) iSessionIter.next();
                    if ((sessionObj.getSessionPartners()).isEmpty()) {
                        continue;
                    } else {
                        String nSessionIndex = sessionObj.getSessionIndex();
                        List sessionPartners = sessionObj.getSessionPartners();
                        Iterator iPartnerIter = sessionPartners.iterator();
                        FSSessionPartner sessionPartner;
                        while (iPartnerIter.hasNext()) {
                            sessionPartner = (FSSessionPartner) iPartnerIter.next();
                            // Only SP can specify GET profile for logout
                            if (!sessionPartner.getIsRoleIDP()) {
                                String curEntityId = sessionPartner.getPartner();
                                ProviderDescriptorType curDesc = metaManager.getSPDescriptor(realm, curEntityId);
                                if (curDesc != null) {
                                    List profiles = curDesc.getSingleLogoutProtocolProfile();
                                    if (profiles != null && !profiles.isEmpty()) {
                                        if (((String) profiles.iterator().next()).equals(IFSConstants.LOGOUT_IDP_GET_PROFILE)) {
                                            if (FSUtils.debug.messageEnabled()) {
                                                FSUtils.debug.message("provider " + curEntityId + " Added for GET");
                                            }
                                            providerVector.addElement(curEntityId);
                                            sessionProvider.put(curEntityId, nSessionIndex);
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            } else {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Session List is  empty, returning " + "current provider from getLogoutGETProviders");
                }
            }
            retMap.put(IFSConstants.PROVIDER, providerVector);
            retMap.put(IFSConstants.SESSION_INDEX, sessionProvider);
            return retMap;
        }
    } catch (IDFFMetaException e) {
        FSUtils.debug.error("IDFFMetaException in function " + " getLogoutGETProviders", e);
        return null;
    }
}
Also used : FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner) HashMap(java.util.HashMap) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType) Iterator(java.util.Iterator) FSSession(com.sun.identity.federation.services.FSSession) List(java.util.List) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) Vector(java.util.Vector)

Example 20 with FSSession

use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.

the class FSLogoutUtil method invalidateActiveSessionIds.

/**
     * Destroys the principal's session information
     * maintained by <code>FSSessionManager</code>.
     * @param sessionObjList the Vector of <code>sessionId</code>s
     * @param request <code>HttpServletRequest</code> object
     * @param response <code>HttpServletResponse</code> object
     */
private static void invalidateActiveSessionIds(Vector sessionObjList, HttpServletRequest request, HttpServletResponse response) {
    FSUtils.debug.message("FSLogoutUtil.invalidateActiveSessionIds, start");
    if (sessionObjList != null && !sessionObjList.isEmpty()) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message(sessionObjList.size() + " Active Session exists");
        }
        SessionProvider sessionProvider = null;
        try {
            sessionProvider = SessionManager.getProvider();
        } catch (SessionException se) {
            FSUtils.debug.error("invalidateActiveSessionIds:" + "Couldn't obtain session provider:", se);
            return;
        }
        for (int i = 0; i < sessionObjList.size(); i++) {
            String sessionId = (String) (((FSSession) sessionObjList.elementAt(i)).getSessionID());
            if (sessionId != null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("To Invalidate session : " + sessionId);
                }
                //Invalidate session
                try {
                    Object ssoToken = sessionProvider.getSession(sessionId);
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("Destroying token : " + sessionProvider.getPrincipalName(ssoToken));
                    }
                    MultiProtocolUtils.invalidateSession(ssoToken, request, response, SingleLogoutManager.IDFF);
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("Completed Destroying token for sessionID :" + sessionId);
                    }
                } catch (SessionException e) {
                    FSUtils.debug.error("invalidateActiveSessionIds : " + sessionId + " - ", e);
                    continue;
                }
            }
        }
    } else {
        FSUtils.debug.message("No active Session exists");
    }
}
Also used : FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Aggregations

FSSession (com.sun.identity.federation.services.FSSession)34 FSSessionManager (com.sun.identity.federation.services.FSSessionManager)30 SessionException (com.sun.identity.plugin.session.SessionException)26 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)15 IOException (java.io.IOException)13 FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)12 FSSessionPartner (com.sun.identity.federation.services.FSSessionPartner)12 SAMLException (com.sun.identity.saml.common.SAMLException)12 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)9 SessionProvider (com.sun.identity.plugin.session.SessionProvider)9 List (java.util.List)9 FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)8 SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)8 HashMap (java.util.HashMap)8 Iterator (java.util.Iterator)8 COTException (com.sun.identity.cot.COTException)5 FSException (com.sun.identity.federation.common.FSException)5 FSLoginHelperException (com.sun.identity.federation.services.FSLoginHelperException)5 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)4 Vector (java.util.Vector)4