Search in sources :

Example 26 with FSSession

use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.

the class FSAssertionArtifactHandler method generateToken.

protected int generateToken(NameIdentifier ni, int handleType, NameIdentifier niIdp, Map env) {
    FSUtils.debug.message("FSAssertionArtifactHandler.generateToken: Called");
    if ((ni == null)) {
        FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Invalid userDN input");
        return FederationSPAdapter.SSO_FAILED;
    }
    try {
        String name = ni.getName();
        String nameSpace = ni.getNameQualifier();
        if ((nameSpace == null) || (nameSpace.length() == 0)) {
            nameSpace = hostEntityId;
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: Trying to get userDN for opaqueHandle= " + name + " ,securityDomain= " + nameSpace + " And HandleType=" + handleType);
        }
        String affiliationID = authnRequest.getAffiliationID();
        FSAccountFedInfoKey fedKey = new FSAccountFedInfoKey(nameSpace, name);
        FSAccountManager accountManager = FSAccountManager.getInstance(hostMetaAlias);
        String userID = accountManager.getUserID(fedKey, realm, env);
        FSAccountFedInfo fedInfo = null;
        if (userID == null) {
            if (niIdp != null && nameSpace.equals(affiliationID)) {
                fedKey = new FSAccountFedInfoKey(affiliationID, niIdp.getName());
                userID = accountManager.getUserID(fedKey, realm, env);
                if (userID != null) {
                    FSAccountFedInfo oldInfo = accountManager.readAccountFedInfo(userID, affiliationID);
                    if (oldInfo != null) {
                        accountManager.removeAccountFedInfo(userID, oldInfo);
                    }
                    fedInfo = new FSAccountFedInfo(idpEntityId, ni, niIdp, true);
                    fedInfo.setAffiliation(true);
                    fedKey = new FSAccountFedInfoKey(nameSpace, name);
                    accountManager.writeAccountFedInfo(userID, fedKey, fedInfo);
                } else {
                    FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: " + "Can't dereference handle. fedKey=" + fedKey.toString());
                    return FederationSPAdapter.SSO_FAILED_FEDERATION_DOESNOT_EXIST;
                }
            } else {
                // Check if there is any 6.2 format? 
                FSAccountFedInfoKey oldKey = new FSAccountFedInfoKey(idpEntityId, name);
                if (oldKey != null) {
                    userID = accountManager.getUserID(oldKey, realm, env);
                    if (userID != null) {
                        fedInfo = accountManager.readAccountFedInfo(userID, idpEntityId);
                        if (fedInfo != null && fedInfo.isFedStatusActive()) {
                            // rewrite it.
                            NameIdentifier localNI = fedInfo.getLocalNameIdentifier();
                            if (localNI != null) {
                                localNI.setNameQualifier(hostEntityId);
                            }
                            accountManager.removeAccountFedInfo(userID, fedInfo);
                            NameIdentifier remoteNI = fedInfo.getRemoteNameIdentifier();
                            if (remoteNI != null) {
                                remoteNI.setNameQualifier(hostEntityId);
                            }
                            fedInfo = new FSAccountFedInfo(idpEntityId, localNI, remoteNI, true);
                            accountManager.removeAccountFedInfoKey(userID, oldKey);
                            FSAccountFedInfoKey newKey = new FSAccountFedInfoKey(hostEntityId, name);
                            accountManager.writeAccountFedInfo(userID, newKey, fedInfo);
                        } else {
                            FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Can't dereference handle.");
                            return FederationSPAdapter.SSO_FAILED_FEDERATION_DOESNOT_EXIST;
                        }
                    } else {
                        String enabledStr = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.ENABLE_AUTO_FEDERATION);
                        if (enabledStr != null && enabledStr.equalsIgnoreCase("true") && _autoFedStatement != null) {
                            userID = accountManager.getUserID(autoFedSearchMap, realm, null);
                            if (userID != null) {
                                FSAccountFedInfoKey newKey = new FSAccountFedInfoKey(hostEntityId, name);
                                fedInfo = new FSAccountFedInfo(idpEntityId, null, ni, true);
                                accountManager.writeAccountFedInfo(userID, newKey, fedInfo);
                            } else {
                                FSUtils.debug.error("FSAssertionArtifactHandler. " + "generateToken:" + "Can't dereference handle.");
                                return FederationSPAdapter.SSO_FAILED_AUTO_FED;
                            }
                        } else {
                            FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Can't dereference handle.");
                            return FederationSPAdapter.SSO_FAILED_FEDERATION_DOESNOT_EXIST;
                        }
                    }
                } else {
                    FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Can't dereference handle.");
                    return FederationSPAdapter.SSO_FAILED_FEDERATION_DOESNOT_EXIST;
                }
            }
        } else {
            if (affiliationID != null) {
                fedInfo = accountManager.readAccountFedInfo(userID, affiliationID);
            } else {
                fedInfo = accountManager.readAccountFedInfo(userID, idpEntityId, name);
            }
            if (fedInfo == null) {
                FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: " + "User's account is not federated, id=" + userID);
                return FederationSPAdapter.SSO_FAILED_FEDERATION_DOESNOT_EXIST;
            }
        }
        //get AuthnLevel from authnContext
        String authnContextClassRef = null;
        int authnLevel = 0;
        Map authnContextInfoMap = FSServiceUtils.getSPAuthContextInfo(hostConfig);
        if (authnContextStmt != null && authnContextStmt.getAuthnContextClassRef() != null && authnContextStmt.getAuthnContextClassRef().length() != 0) {
            authnContextClassRef = authnContextStmt.getAuthnContextClassRef();
            if (authnContextClassRef != null && authnContextClassRef.length() != 0) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: AuthnContextClassRef " + "found in AuthenticationStatement:" + authnContextClassRef);
                }
                FSSPAuthenticationContextInfo authnContextInfo = (FSSPAuthenticationContextInfo) authnContextInfoMap.get(authnContextClassRef);
                if (authnContextInfo != null) {
                    authnLevel = authnContextInfo.getAuthenticationLevel();
                } else {
                    FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Could not find " + "AuthnContextClassInfo for authnContextClassRef: " + authnContextClassRef + "Using default authnContextClass");
                    authnContextClassRef = null;
                }
            }
        } else {
            FSUtils.debug.warning("FSAssertionArtifactHandler.generateToken: " + "Could not find AuthnContextClassRef in the " + "AuthenticationStatement. Using default authnContextClass");
        }
        if (authnContextClassRef == null || authnContextClassRef.length() == 0) {
            authnContextClassRef = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
            FSSPAuthenticationContextInfo authnContextInfo = (FSSPAuthenticationContextInfo) authnContextInfoMap.get(authnContextClassRef);
            if (authnContextInfo != null) {
                authnLevel = authnContextInfo.getAuthenticationLevel();
            } else {
                FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Could not find authentication level " + "for default authentication context class");
                return FederationSPAdapter.SSO_FAILED;
            }
        }
        Map valueMap = new HashMap();
        valueMap.put(SessionProvider.PRINCIPAL_NAME, userID);
        valueMap.put(SessionProvider.REALM, realm);
        valueMap.put(SessionProvider.AUTH_LEVEL, String.valueOf(authnLevel));
        valueMap.put(SessionProvider.AUTH_INSTANT, getAuthInstant());
        valueMap.put("idpEntityID", idpEntityId);
        //valueMap.put("resourceOffering",            
        //valueMap.put("securityToken",
        SessionProvider sessionProvider = SessionManager.getProvider();
        Object ssoSession;
        try {
            ssoSession = sessionProvider.createSession(valueMap, request, response, new StringBuffer(this.relayState));
        } catch (SessionException se) {
            FSUtils.debug.error("FSAssertionArtifactHandler.generateToken:" + "cannot generate token:", se);
            int failureCode = se.getErrCode();
            if (failureCode == SessionException.AUTH_USER_INACTIVE) {
                failureCode = FederationSPAdapter.SSO_FAILED_AUTH_USER_INACTIVE;
            } else if (failureCode == SessionException.AUTH_USER_LOCKED) {
                failureCode = FederationSPAdapter.SSO_FAILED_AUTH_USER_LOCKED;
            } else if (failureCode == SessionException.AUTH_ACCOUNT_EXPIRED) {
                failureCode = FederationSPAdapter.SSO_FAILED_AUTH_ACCOUNT_EXPIRED;
            } else {
                failureCode = FederationSPAdapter.SSO_FAILED_TOKEN_GENERATION;
            }
            return failureCode;
        }
        try {
            sessionProvider.addListener(ssoSession, new FSTokenListener(hostMetaAlias));
        } catch (Exception e) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHandler.generateToken:" + "Couldn't add listener to session:", e);
            }
        }
        String value = sessionProvider.getSessionID(ssoSession);
        ssoToken = ssoSession;
        Iterator iter = null;
        //Set fed cookie
        String fedCookieName = SystemConfigurationUtil.getProperty(IFSConstants.FEDERATE_COOKIE_NAME);
        String fedCookieValue = "yes";
        for (String domain : SystemConfigurationUtil.getCookieDomainsForRequest(request)) {
            CookieUtils.addCookieToResponse(response, CookieUtils.newCookie(fedCookieName, fedCookieValue, IFSConstants.PERSISTENT_COOKIE_AGE, "/", domain));
        }
        //keep local session ref
        FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
        FSSession session = sessionManager.getSession(userID, value);
        if (session != null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: An Existing session found for userID:" + userID + " And SessionID: " + value + " Adding partner to the Session");
            }
            session.addSessionPartner(new FSSessionPartner(idpEntityId, true));
            session.setSessionIndex(idpSessionIndex);
            sessionManager.addSession(userID, session);
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: No existing session found for userID:" + userID + " And SessionID: " + value + " Creating a new Session");
            }
            session = new FSSession(value);
            session.addSessionPartner(new FSSessionPartner(idpEntityId, true));
            if (idpSessionIndex != null) {
                session.setSessionIndex(idpSessionIndex);
            }
            sessionManager.addSession(userID, session);
        }
        // keep authncontext in FSSession.
        if (authnContextClassRef != null) {
            session.setAuthnContext(authnContextClassRef);
        }
        if (fedInfo != null) {
            session.setAccountFedInfo(fedInfo);
        }
        // keep the attr statement in FSSession.
        if (bootStrapStatement != null) {
            session.setBootStrapAttributeStatement(bootStrapStatement);
        }
        if (_autoFedStatement != null) {
            session.setAutoFedStatement(_autoFedStatement);
        }
        if (attrStatements.size() != 0) {
            session.setAttributeStatements(attrStatements);
            Map attributeMap = null;
            setAttributeMapper();
            if (realmAttributeMapper != null) {
                attributeMap = realmAttributeMapper.getAttributes(attrStatements, realm, hostEntityId, idpEntityId, ssoToken);
            } else if (attributeMapper != null) {
                attributeMap = attributeMapper.getAttributes(attrStatements, hostEntityId, idpEntityId, ssoToken);
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: Attribute map :" + attributeMap);
            }
            if (attributeMap != null) {
                setAttributeMap(ssoToken, attributeMap);
            }
        }
        if (securityAssertions != null) {
            session.setBootStrapCredential(securityAssertions);
        }
        return FederationSPAdapter.SUCCESS;
    } catch (Exception e) {
        FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: " + "Exception Occured ", e);
        return FederationSPAdapter.SSO_FAILED;
    }
}
Also used : FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) HashMap(java.util.HashMap) FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey) FSAccountManager(com.sun.identity.federation.accountmgmt.FSAccountManager) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner) Iterator(java.util.Iterator) FSTokenListener(com.sun.identity.federation.services.logout.FSTokenListener) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) Map(java.util.Map) HashMap(java.util.HashMap) FSSPAuthenticationContextInfo(com.sun.identity.federation.services.FSSPAuthenticationContextInfo) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 27 with FSSession

use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.

the class FSRegistrationInitiationServlet method doRegistrationInitiation.

/**
     * Called when a registration needs to be initiated with a remote provider.
     * @param request <code>HTTPServletRequest</code> object received via a 
     *  HTTP Redirect
     * @param response <code>HTTPServletResponse</code> object to send the 
     *  response back to user agent
     * @param hostedProviderDesc the provider where registration is initiated
     * @param hostedConfig the hosted provider's extended meta
     * @param hostedEntityId the hosted provider's entity id
     * @param hostedRole hosted provider's role
     * @param hostedProviderAlias hosted provider's meta alias
     */
private void doRegistrationInitiation(HttpServletRequest request, HttpServletResponse response, ProviderDescriptorType hostedProviderDesc, BaseConfigType hostedConfig, String hostedEntityId, String hostedRole, String hostedProviderAlias) {
    FSUtils.debug.message("Entered FSRegistrationInitiationServlet::doRegistrationInitiation");
    try {
        Object ssoToken = getValidToken(request);
        if (ssoToken != null) {
            String providerId = request.getParameter(IFSConstants.REGISTRATION_PROVIDER_ID);
            if (providerId == null || providerId.length() < 1) {
                FSUtils.debug.error("Provider Id not found, display error page");
                FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_NO_PROVIDER, IFSConstants.CONTACT_ADMIN);
                return;
            }
            // session is valid, ProviderId available
            FSServiceManager instSManager = FSServiceManager.getInstance();
            if (instSManager != null) {
                FSUtils.debug.message("FSServiceManager Instance not null");
                String remoteProviderRole = IFSConstants.SP;
                FSAccountFedInfo fedinfo = null;
                if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
                    remoteProviderRole = IFSConstants.IDP;
                    FSSessionManager sessManager = FSSessionManager.getInstance(hostedProviderAlias);
                    FSSession ssoSession = sessManager.getSession(ssoToken);
                    if (ssoSession != null) {
                        if (!ssoSession.getOneTime()) {
                            fedinfo = ssoSession.getAccountFedInfo();
                        }
                    }
                }
                SessionProvider sessionProvider = SessionManager.getProvider();
                FSNameRegistrationHandler handlerObj = instSManager.getNameRegistrationHandler(providerId, remoteProviderRole, sessionProvider.getPrincipalName(ssoToken), hostedEntityId, hostedProviderAlias);
                if (handlerObj != null) {
                    handlerObj.setHostedDescriptor(hostedProviderDesc);
                    handlerObj.setHostedDescriptorConfig(hostedConfig);
                    handlerObj.setMetaAlias(hostedProviderAlias);
                    handlerObj.setHostedProviderRole(hostedRole);
                    handlerObj.setHostedEntityId(hostedEntityId);
                    if (fedinfo != null) {
                        handlerObj.setAccountInfo(fedinfo);
                    }
                    boolean bStatus = handlerObj.handleNameRegistration(request, response, ssoToken);
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("handleNameRegistration status is : " + bStatus);
                    }
                    return;
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("Unable to get registration " + "handler. User account Not valid");
                    }
                }
            } else {
                FSUtils.debug.message("FSServiceManager Instance null");
            }
            FSServiceUtils.returnLocallyAfterOperation(response, REGISTRATION_DONE_URL, false, IFSConstants.REGISTRATION_SUCCESS, IFSConstants.REGISTRATION_FAILURE);
            return;
        } else {
            FSServiceUtils.redirectForAuthentication(request, response, hostedProviderAlias);
            return;
        }
    } catch (IOException e) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("IOException in doRegistrationInitiation:", e);
        }
    } catch (SessionException ex) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("SessionException in doRegistrationInitiation", ex);
        }
    }
    FSServiceUtils.returnLocallyAfterOperation(response, REGISTRATION_DONE_URL, false, IFSConstants.REGISTRATION_SUCCESS, IFSConstants.REGISTRATION_FAILURE);
}
Also used : FSServiceManager(com.sun.identity.federation.services.FSServiceManager) FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo) FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) IOException(java.io.IOException) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 28 with FSSession

use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.

the class FSSingleLogoutHandler method doHttpRedirect.

/**
     * Performs the logout notification in the case of HTTP Redirect profile.
     * @param entityId the remote provider to whom logout message needs to
     *  be sent
     * @return logout status
     */
private FSLogoutStatus doHttpRedirect(String entityId) {
    try {
        FSUtils.debug.message("In HTTP Redirect profile");
        isHttpRedirect = true;
        FSSessionManager sMgr = FSSessionManager.getInstance(metaAlias);
        if (ssoToken == null) {
            try {
                //this is HTTP based protocol, get from HTTP servlet request
                ssoToken = SessionManager.getProvider().getSession(request);
            } catch (SessionException ex) {
                FSUtils.debug.error("FSSLOHandler.doHttpRedirect: null ssoToken:", ex);
            }
        }
        FSSession session = sMgr.getSession(ssoToken);
        FSAccountFedInfo acctObj = null;
        if (session != null) {
            acctObj = session.getAccountFedInfo();
        }
        if (acctObj == null && session != null && !session.getOneTime()) {
            acctObj = FSLogoutUtil.getCurrentWorkingAccount(userID, entityId, metaAlias);
        }
        if (acctObj == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSingleLogoutHandler.doHttp" + "Redirect: Account might have been terminated.");
            }
            return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
        }
        FSLogoutNotification reqLogout = createSingleLogoutRequest(acctObj, sessionIndex);
        if (this.relayState != null) {
            reqLogout.setRelayState(this.relayState);
        }
        if (reqLogout == null) {
            FSUtils.debug.message("Logout Request is null");
            return new FSLogoutStatus(IFSConstants.SAML_REQUESTER);
        }
        reqLogout.setMinorVersion(getMinorVersion(remoteDescriptor));
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSingleLogoutHandler::doHttpRedirect " + remoteDescriptor.getSingleLogoutServiceURL() + "\nLogout request: " + reqLogout.toXMLString());
        }
        String urlEncodedRequest = reqLogout.toURLEncodedQueryString();
        // Sign the request querystring
        if (FSServiceUtils.isSigningOn()) {
            String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Retrieving self certalias  : " + certAlias);
            }
            if (certAlias == null || certAlias.length() == 0) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSingleLogoutHandler::" + " doHttpRedirect: couldn't obtain " + "this site's cert alias.");
                }
                return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
            }
            urlEncodedRequest = FSSignatureUtil.signAndReturnQueryString(urlEncodedRequest, certAlias);
        }
        StringBuffer redirectURL = new StringBuffer();
        String retURL = remoteDescriptor.getSingleLogoutServiceURL();
        FSUtils.debug.message("Encoded Redirect URL " + urlEncodedRequest);
        redirectURL.append(retURL);
        if (retURL.indexOf(QUESTION_MARK) == -1) {
            redirectURL.append(QUESTION_MARK);
        } else {
            redirectURL.append(AMPERSAND);
        }
        redirectURL.append(urlEncodedRequest);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSingleLogoutHandler::doHttpRedirect" + " URL is " + redirectURL.toString());
        }
        response.sendRedirect(redirectURL.toString());
        return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
    } catch (FSMsgException e) {
        FSUtils.debug.error("FSSingleLogoutHandler::" + " doHttpRedirect FSMsgException:", e);
    } catch (IOException e) {
        FSUtils.debug.error("FSSingleLogoutHandler::" + "doHttpRedirect IOException:", e);
    }
    return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
Also used : FSMsgException(com.sun.identity.federation.message.common.FSMsgException) FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo) FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) FSLogoutNotification(com.sun.identity.federation.message.FSLogoutNotification) IOException(java.io.IOException) FSSessionManager(com.sun.identity.federation.services.FSSessionManager)

Example 29 with FSSession

use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.

the class FSSingleLogoutHandler method continueLogout.

/**
     * Invoked in the case of Single Logout using SOAP profile.
     * Only in the case of SOAP do we have control to initiate logout for the
     * next-in-line provider. In the case of HTTP GET/Redirect we send the
     * message to one provider and lose control. Here in SOAP profile 
     * <code>continueLogout</code> continues the logout process.
     * @param isSuccess if true, means logout preformed successfully so far;
     *     if false, means logout failed in one or more providers.
     */
private void continueLogout(boolean isSuccess) {
    FSUtils.debug.message("Entered FSSingleLogoutHandler::continueLogout");
    if (FSLogoutUtil.liveConnectionsExist(userID, metaAlias)) {
        FSUtils.debug.message("More liveConnectionsExist");
        HashMap providerMap = FSLogoutUtil.getCurrentProvider(userID, metaAlias, ssoToken);
        if (providerMap != null) {
            FSSessionPartner currentSessionProvider = (FSSessionPartner) providerMap.get(IFSConstants.PARTNER_SESSION);
            this.sessionIndex = (String) providerMap.get(IFSConstants.SESSION_INDEX);
            if (currentSessionProvider != null) {
                String currentEntityId = currentSessionProvider.getPartner();
                isCurrentProviderIDPRole = currentSessionProvider.getIsRoleIDP();
                ProviderDescriptorType currentDesc = null;
                try {
                    if (isCurrentProviderIDPRole) {
                        currentDesc = metaManager.getIDPDescriptor(realm, currentEntityId);
                    } else {
                        currentDesc = metaManager.getSPDescriptor(realm, currentEntityId);
                    }
                } catch (Exception e) {
                    FSUtils.debug.error("FSSingleLogoutHandler:cannot get meta:", e);
                }
                setRemoteDescriptor(currentDesc);
                // Clean session Map
                FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
                FSSession session = sessionManager.getSession(sessionManager.getSessionList(userID), sessionIndex);
                if (!supportSOAPProfile(remoteDescriptor)) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("Single Logout Profile cannot" + " be processed. Verify profile in metadata");
                    }
                    String[] data = { IFSConstants.LOGOUT_IDP_SOAP_PROFILE };
                    LogUtil.error(Level.INFO, LogUtil.LOGOUT_PROFILE_NOT_SUPPORTED, data, ssoToken);
                    return;
                }
                FSUtils.debug.message("FSSLOHandler, SOAP in case 2");
                // this is IDP
                if ((doIDPSoapProfile(currentEntityId)).getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS) || !isCurrentProviderIDPRole) {
                    FSLogoutUtil.removeCurrentSessionPartner(metaAlias, currentEntityId, ssoToken, userID);
                    FSUtils.debug.message("SOAP partner removed, case 3");
                }
                return;
            } else {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Reached else part " + " currentSessionProvider " + "is null. nothing more to broadcast" + "\nNo more providers, destroy user" + "session call destroyPrincipalSession");
                }
                FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, sessionIndex, request, response);
                if (response != null) {
                    returnAfterCompletion();
                }
                return;
            }
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("GetCurrentProvider returns null HashMap" + " Clean session and return" + "\nNo live connections, destroy user" + "  session call destroyPrincipalSession");
            }
            FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, sessionIndex, request, response);
            if (response != null) {
                returnAfterCompletion();
            }
            return;
        }
    } else {
        FSUtils.debug.message("Reached else part in continuelogout");
        // for SP does not logout local session in case IDP logout failed.
        if (isSuccess || !isCurrentProviderIDPRole) {
            FSUtils.debug.message("No live connections, destroy session");
            FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, sessionIndex, request, response);
        }
        // Call SP Adapter postSingleLogoutSuccess for SP/SOAP
        callPostSingleLogoutSuccess(respObj, IFSConstants.LOGOUT_SP_SOAP_PROFILE);
        if (response != null) {
            returnAfterCompletion();
        }
        return;
    }
}
Also used : FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner) HashMap(java.util.HashMap) ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType) FSSession(com.sun.identity.federation.services.FSSession) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) ServletException(javax.servlet.ServletException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) IOException(java.io.IOException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException)

Example 30 with FSSession

use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.

the class FSLogoutUtil method destroyPrincipalSession.

/**
     * Destroys the principal's session.
     * In order to destroy the user's session the following things need
     * to be done
     * 1. Destroy the Federation Session cookie (eg. iPlanetDirectoryPro)
     * 2. Clean the Session manager (FSSessionManager related API call)
     * @param userID the principal whose session needs to be destroyed
     * @param metaAlias the hostedProvider's meta alias.
     * @param sessionIndex Session Index of the user session.
     * @param request HTTP Request Object.
     * @param response HTTP Response Object.
     * @return <code>true</code> if session cleanup was successful;
     *  <code>false</code> otherwise.
     */
protected static boolean destroyPrincipalSession(String userID, String metaAlias, String sessionIndex, HttpServletRequest request, HttpServletResponse response) {
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("Entered destroyPrincipalSession" + " for user : " + userID + " SessionIndex = " + sessionIndex);
    }
    Vector sessionObjList = getSessionObjectList(userID, metaAlias, sessionIndex);
    if (sessionObjList == null) {
        return false;
    }
    // Invalidate all such session ids 
    // session manager cleanup
    invalidateActiveSessionIds(sessionObjList, request, response);
    FSSession session = null;
    if (sessionIndex != null && (sessionObjList != null && sessionObjList.size() == 1)) {
        session = (FSSession) sessionObjList.elementAt(0);
    }
    // clean FSSession map
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("To call cleanSessionMap for user : " + userID);
    }
    cleanSessionMap(userID, metaAlias, session);
    return true;
}
Also used : FSSession(com.sun.identity.federation.services.FSSession) Vector(java.util.Vector)

Aggregations

FSSession (com.sun.identity.federation.services.FSSession)34 FSSessionManager (com.sun.identity.federation.services.FSSessionManager)30 SessionException (com.sun.identity.plugin.session.SessionException)26 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)15 IOException (java.io.IOException)13 FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)12 FSSessionPartner (com.sun.identity.federation.services.FSSessionPartner)12 SAMLException (com.sun.identity.saml.common.SAMLException)12 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)9 SessionProvider (com.sun.identity.plugin.session.SessionProvider)9 List (java.util.List)9 FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)8 SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)8 HashMap (java.util.HashMap)8 Iterator (java.util.Iterator)8 COTException (com.sun.identity.cot.COTException)5 FSException (com.sun.identity.federation.common.FSException)5 FSLoginHelperException (com.sun.identity.federation.services.FSLoginHelperException)5 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)4 Vector (java.util.Vector)4