use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.
the class FSSingleLogoutHandler method doSoapProfile.
/**
* Initiates SOAP proifle logout.
* @param providerId the first provider with SOAP as logout profile
*/
private FSLogoutStatus doSoapProfile(String providerId) {
FSUtils.debug.message("Entered IDP's doSoapProfile");
try {
FSSessionManager sMgr = FSSessionManager.getInstance(metaAlias);
FSSession session = sMgr.getSession(ssoToken);
FSAccountFedInfo currentAccount = null;
if (session != null) {
currentAccount = session.getAccountFedInfo();
}
if (currentAccount == null && !session.getOneTime()) {
currentAccount = FSLogoutUtil.getCurrentWorkingAccount(userID, providerId, metaAlias);
}
if (currentAccount == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler. User's " + "account may have been terminated.");
}
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
}
FSLogoutNotification reqLogout = createSingleLogoutRequest(currentAccount, sessionIndex);
reqLogout.setMinorVersion(getMinorVersion(remoteDescriptor));
if (reqLogout != null) {
FSSOAPService instSOAP = FSSOAPService.getInstance();
if (instSOAP != null) {
FSUtils.debug.message("Signing suceeded. To call bindLogoutRequest");
reqLogout.setID(IFSConstants.LOGOUTID);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("logout request before sign: " + reqLogout.toXMLString(true, true));
}
SOAPMessage msgLogout = instSOAP.bind(reqLogout.toXMLString(true, true));
if (msgLogout != null) {
SOAPMessage retSOAPMessage = null;
try {
if (FSServiceUtils.isSigningOn()) {
int minorVersion = reqLogout.getMinorVersion();
switch(minorVersion) {
case IFSConstants.FF_11_PROTOCOL_MINOR_VERSION:
msgLogout = signLogoutRequest(msgLogout, IFSConstants.ID, reqLogout.getID());
break;
case IFSConstants.FF_12_PROTOCOL_MINOR_VERSION:
msgLogout = signLogoutRequest(msgLogout, IFSConstants.REQUEST_ID, reqLogout.getRequestID());
break;
default:
FSUtils.debug.message("invalid minor version.");
break;
}
}
retSOAPMessage = instSOAP.sendMessage(msgLogout, remoteDescriptor.getSoapEndpoint());
} catch (Exception e) {
FSUtils.debug.error("FSSOAPException in doSOAPProfile" + " Cannot send request", e);
return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
if (retSOAPMessage != null) {
Element elt = instSOAP.parseSOAPMessage(retSOAPMessage);
if (FSServiceUtils.isSigningOn()) {
if (!verifyResponseSignature(retSOAPMessage)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Response " + "signature verification failed");
}
FSServiceUtils.returnLocallyAfterOperation(response, LOGOUT_DONE_URL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
return new FSLogoutStatus(IFSConstants.SAML_REQUESTER);
}
}
this.requestLogout = reqLogout;
respObj = new FSLogoutResponse(elt);
// Call SP Adapter preSingleLogout for SP/SOAP
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSLOHandler." + "preSingleLogoutProcess, SP/SOAP");
}
try {
spAdapter.preSingleLogoutProcess(hostedEntityId, request, response, userID, reqLogout, respObj, IFSConstants.LOGOUT_SP_SOAP_PROFILE);
} catch (Exception e) {
// ignore adapter error
FSUtils.debug.error("spAdapter." + "preSingleLogoutProcess, SP/SOAP:", e);
}
}
}
Status status = respObj.getStatus();
StatusCode statusCode = status.getStatusCode();
StatusCode secondLevelStatus = statusCode.getStatusCode();
String statusString = statusCode.getValue();
if (statusString.equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler: " + " doSoapProfile returning success");
}
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler: " + "SOAP Profile failure " + statusString);
}
return new FSLogoutStatus(statusString);
}
}
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to bindLogoutRequest." + "Current Provider cannot be processed");
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to create logout request" + " Current Provider cannot be processed");
}
}
} catch (Exception e) {
FSUtils.debug.error("In IOException of doSOAPProfile : ", e);
}
return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.
the class FSSSOAndFedService method handleAuthnRequest.
private void handleAuthnRequest(HttpServletRequest request, HttpServletResponse response, FSAuthnRequest authnRequest, String realm, String hostEntityId, boolean bLECP, String authnContext) {
// post authn process
FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: Called");
IDPDescriptorType hostedDesc = null;
BaseConfigType hostedConfig = null;
String metaAlias = null;
try {
hostedDesc = metaManager.getIDPDescriptor(realm, hostEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
if (hostedConfig != null) {
metaAlias = hostedConfig.getMetaAlias();
}
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: " + "Couldn't obtain hosted meta:", e);
}
}
/* Not really useful.
String nameRegisDone =
request.getParameter(IFSConstants.NAMEREGIS_INDICATOR_PARAM);
boolean doNameRegis = false;
String doNameRegisStr =
IDFFMetaUtils.getFirstAttributeValueFromConfig(
hostedConfig, IFSConstants.ENABLE_REGISTRATION_AFTER_SSO);
if (doNameRegisStr != null && doNameRegisStr.equalsIgnoreCase("true")) {
doNameRegis = true;
}
*/
Object ssoToken = null;
String userID = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
if (ssoToken == null) {
FSUtils.debug.error("FSSSOAndFedService.handleAuthnRequest: " + "session token is null.");
return;
} else if (!sessionProvider.isValid(ssoToken)) {
FSUtils.debug.error("FSSSOAndFedService.handleAuthnRequest: " + "session token is not valid.");
return;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: " + "session token is valid.");
}
}
FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
FSSession session = sessionManager.getSession(ssoToken);
userID = sessionProvider.getPrincipalName(ssoToken);
if (session == null) {
session = new FSSession(sessionProvider.getSessionID(ssoToken));
session.setAuthnContext(authnContext);
sessionManager.addSession(userID, session);
} else {
session.setAuthnContext(authnContext);
}
} catch (SessionException se) {
FSUtils.debug.error("FSSSOAndFedService.handleAuthnRequest: ", se);
return;
}
try {
if (userID == null) {
LogUtil.error(Level.INFO, LogUtil.USER_NOT_FOUND, null, ssoToken);
return;
}
String remoteEntityID = authnRequest.getProviderId();
FSAccountManager acctMng = FSAccountManager.getInstance(metaAlias);
acctMng.readAccountFedInfo(userID, remoteEntityID);
/* Not useful at all. Commented out for now.
if (doNameRegis &&
(nameRegisDone == null ||
!nameRegisDone.equals(IFSConstants.TRUE)) &&
!authnRequest.getFederate())
{
// have to do nameregis now
Map queryMap = new HashMap();
queryMap.put(IFSConstants.AUTH_REQUEST_ID,
authnRequest.getRequestID());
queryMap.put(IFSConstants.PROVIDER_ID_KEY,hostEntityId);
queryMap.put(IFSConstants.AUTHN_CONTEXT,authnContext);
FSServiceManager instSManager = FSServiceManager.getInstance();
if (instSManager != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message(
"FSSSOAndFedService.handleAuthnRequest:" +
"FSServiceManager Instance not null");
}
try {
FSNameRegistrationHandler handlerObj =
instSManager.getNameRegistrationHandler(
realm, remoteEntityID, IFSConstants.SP);
SPDescriptorType remoteProviderDesc =
metaManager.getSPDescriptor(realm,remoteEntityID);
if (handlerObj != null) {
handlerObj.setHostedDescriptor(hostedDesc);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setMetaAlias(metaAlias);
handlerObj.setHostedEntityId(hostEntityId);
handlerObj.handleNameRegistration(
request,
response,
ssoToken,
(HashMap)queryMap);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message(
"FSSSOAndFedService.handleAuthnRequest:" +
"Control returned from name registration");
}
if (!FSServiceUtils.isRegisProfileSOAP(userID,
remoteEntityID,
remoteProviderDesc,
metaAlias,
hostedDesc))
{
return;
}
}
} catch (Exception ex){
FSUtils.debug.error(
"FSSSOAndFedService.handleAuthnRequest:Error in " +
"invoking Name registration. returning.", ex);
return;
}
}
}
*/
} catch (FSAccountMgmtException exp) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedService:: handleAuthnRequest()" + " No account information avialable for user. " + "So no invocation " + " of name registration. ", exp);
}
}
handleAuthnRequest(request, response, authnRequest, true, bLECP, realm, hostEntityId, metaAlias, hostedDesc, hostedConfig);
}
use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.
the class FSLogoutUtil method removeCurrentSessionPartner.
/**
* Removes current session partner from the session partner list.
*
* @param metaAlias meta alias of the hosted provider
* @param remoteEntityId id of the remote provider
* @param ssoToken session object of the principal who presently login
* @param userID id of the principal
*/
public static void removeCurrentSessionPartner(String metaAlias, String remoteEntityId, Object ssoToken, String userID) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSLogoutUtil.removeCSP, hosted=" + metaAlias + ", remote=" + remoteEntityId + ", userID=" + userID);
}
FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
FSSession session = sessionManager.getSession(ssoToken);
FSLogoutUtil.cleanSessionMapPartnerList(userID, remoteEntityId, metaAlias, session);
}
use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.
the class FSLogoutUtil method getLogoutGETProviders.
/**
* Returns the list of all providers who want to be
* notified of logout using HTTP GET profile.
* @param userID principal who needs to be logged out
* @param entityId current provider who uses HTTP GET profile for logout
* @param sessionIndex for the current provider
* @param realm the realm in which the provider resides
* @param metaAlias the hosted provider performing logout
* @return HashMap list of providers who indicate preference to be notified
* of logout using GET profile
*/
protected static HashMap getLogoutGETProviders(String userID, String entityId, String sessionIndex, String realm, String metaAlias) {
try {
FSUtils.debug.message("Entered FSLogoutUtil::getLogoutGETProviders");
HashMap retMap = new HashMap();
Vector providerVector = new Vector();
HashMap sessionProvider = new HashMap();
providerVector.addElement(entityId);
sessionProvider.put(entityId, sessionIndex);
FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
synchronized (sessionMgr) {
FSUtils.debug.message("About to call getSessionList");
List sessionList = sessionMgr.getSessionList(userID);
if (sessionList != null && !sessionList.isEmpty()) {
FSUtils.debug.message("Session List is not empty");
Iterator iSessionIter = sessionList.iterator();
FSSession sessionObj;
while (iSessionIter.hasNext()) {
sessionObj = (FSSession) iSessionIter.next();
if ((sessionObj.getSessionPartners()).isEmpty()) {
continue;
} else {
String nSessionIndex = sessionObj.getSessionIndex();
List sessionPartners = sessionObj.getSessionPartners();
Iterator iPartnerIter = sessionPartners.iterator();
FSSessionPartner sessionPartner;
while (iPartnerIter.hasNext()) {
sessionPartner = (FSSessionPartner) iPartnerIter.next();
// Only SP can specify GET profile for logout
if (!sessionPartner.getIsRoleIDP()) {
String curEntityId = sessionPartner.getPartner();
ProviderDescriptorType curDesc = metaManager.getSPDescriptor(realm, curEntityId);
if (curDesc != null) {
List profiles = curDesc.getSingleLogoutProtocolProfile();
if (profiles != null && !profiles.isEmpty()) {
if (((String) profiles.iterator().next()).equals(IFSConstants.LOGOUT_IDP_GET_PROFILE)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("provider " + curEntityId + " Added for GET");
}
providerVector.addElement(curEntityId);
sessionProvider.put(curEntityId, nSessionIndex);
}
}
}
}
}
}
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Session List is empty, returning " + "current provider from getLogoutGETProviders");
}
}
retMap.put(IFSConstants.PROVIDER, providerVector);
retMap.put(IFSConstants.SESSION_INDEX, sessionProvider);
return retMap;
}
} catch (IDFFMetaException e) {
FSUtils.debug.error("IDFFMetaException in function " + " getLogoutGETProviders", e);
return null;
}
}
use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.
the class FSLogoutUtil method invalidateActiveSessionIds.
/**
* Destroys the principal's session information
* maintained by <code>FSSessionManager</code>.
* @param sessionObjList the Vector of <code>sessionId</code>s
* @param request <code>HttpServletRequest</code> object
* @param response <code>HttpServletResponse</code> object
*/
private static void invalidateActiveSessionIds(Vector sessionObjList, HttpServletRequest request, HttpServletResponse response) {
FSUtils.debug.message("FSLogoutUtil.invalidateActiveSessionIds, start");
if (sessionObjList != null && !sessionObjList.isEmpty()) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message(sessionObjList.size() + " Active Session exists");
}
SessionProvider sessionProvider = null;
try {
sessionProvider = SessionManager.getProvider();
} catch (SessionException se) {
FSUtils.debug.error("invalidateActiveSessionIds:" + "Couldn't obtain session provider:", se);
return;
}
for (int i = 0; i < sessionObjList.size(); i++) {
String sessionId = (String) (((FSSession) sessionObjList.elementAt(i)).getSessionID());
if (sessionId != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("To Invalidate session : " + sessionId);
}
//Invalidate session
try {
Object ssoToken = sessionProvider.getSession(sessionId);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Destroying token : " + sessionProvider.getPrincipalName(ssoToken));
}
MultiProtocolUtils.invalidateSession(ssoToken, request, response, SingleLogoutManager.IDFF);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Completed Destroying token for sessionID :" + sessionId);
}
} catch (SessionException e) {
FSUtils.debug.error("invalidateActiveSessionIds : " + sessionId + " - ", e);
continue;
}
}
}
} else {
FSUtils.debug.message("No active Session exists");
}
}
Aggregations