Example 26 with FSSession
use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.
the class FSAssertionArtifactHandler method generateToken.
protected int generateToken(NameIdentifier ni, int handleType, NameIdentifier niIdp, Map env) {
FSUtils.debug.message("FSAssertionArtifactHandler.generateToken: Called");
if ((ni == null)) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Invalid userDN input");
return FederationSPAdapter.SSO_FAILED;
}
try {
String name = ni.getName();
String nameSpace = ni.getNameQualifier();
if ((nameSpace == null) || (nameSpace.length() == 0)) {
nameSpace = hostEntityId;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: Trying to get userDN for opaqueHandle= " + name + " ,securityDomain= " + nameSpace + " And HandleType=" + handleType);
}
String affiliationID = authnRequest.getAffiliationID();
FSAccountFedInfoKey fedKey = new FSAccountFedInfoKey(nameSpace, name);
FSAccountManager accountManager = FSAccountManager.getInstance(hostMetaAlias);
String userID = accountManager.getUserID(fedKey, realm, env);
FSAccountFedInfo fedInfo = null;
if (userID == null) {
if (niIdp != null && nameSpace.equals(affiliationID)) {
fedKey = new FSAccountFedInfoKey(affiliationID, niIdp.getName());
userID = accountManager.getUserID(fedKey, realm, env);
if (userID != null) {
FSAccountFedInfo oldInfo = accountManager.readAccountFedInfo(userID, affiliationID);
if (oldInfo != null) {
accountManager.removeAccountFedInfo(userID, oldInfo);
}
fedInfo = new FSAccountFedInfo(idpEntityId, ni, niIdp, true);
fedInfo.setAffiliation(true);
fedKey = new FSAccountFedInfoKey(nameSpace, name);
accountManager.writeAccountFedInfo(userID, fedKey, fedInfo);
} else {
FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: " + "Can't dereference handle. fedKey=" + fedKey.toString());
return FederationSPAdapter.SSO_FAILED_FEDERATION_DOESNOT_EXIST;
}
} else {
// Check if there is any 6.2 format?
FSAccountFedInfoKey oldKey = new FSAccountFedInfoKey(idpEntityId, name);
if (oldKey != null) {
userID = accountManager.getUserID(oldKey, realm, env);
if (userID != null) {
fedInfo = accountManager.readAccountFedInfo(userID, idpEntityId);
if (fedInfo != null && fedInfo.isFedStatusActive()) {
// rewrite it.
NameIdentifier localNI = fedInfo.getLocalNameIdentifier();
if (localNI != null) {
localNI.setNameQualifier(hostEntityId);
}
accountManager.removeAccountFedInfo(userID, fedInfo);
NameIdentifier remoteNI = fedInfo.getRemoteNameIdentifier();
if (remoteNI != null) {
remoteNI.setNameQualifier(hostEntityId);
}
fedInfo = new FSAccountFedInfo(idpEntityId, localNI, remoteNI, true);
accountManager.removeAccountFedInfoKey(userID, oldKey);
FSAccountFedInfoKey newKey = new FSAccountFedInfoKey(hostEntityId, name);
accountManager.writeAccountFedInfo(userID, newKey, fedInfo);
} else {
FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Can't dereference handle.");
return FederationSPAdapter.SSO_FAILED_FEDERATION_DOESNOT_EXIST;
}
} else {
String enabledStr = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.ENABLE_AUTO_FEDERATION);
if (enabledStr != null && enabledStr.equalsIgnoreCase("true") && _autoFedStatement != null) {
userID = accountManager.getUserID(autoFedSearchMap, realm, null);
if (userID != null) {
FSAccountFedInfoKey newKey = new FSAccountFedInfoKey(hostEntityId, name);
fedInfo = new FSAccountFedInfo(idpEntityId, null, ni, true);
accountManager.writeAccountFedInfo(userID, newKey, fedInfo);
} else {
FSUtils.debug.error("FSAssertionArtifactHandler. " + "generateToken:" + "Can't dereference handle.");
return FederationSPAdapter.SSO_FAILED_AUTO_FED;
}
} else {
FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Can't dereference handle.");
return FederationSPAdapter.SSO_FAILED_FEDERATION_DOESNOT_EXIST;
}
}
} else {
FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Can't dereference handle.");
return FederationSPAdapter.SSO_FAILED_FEDERATION_DOESNOT_EXIST;
}
}
} else {
if (affiliationID != null) {
fedInfo = accountManager.readAccountFedInfo(userID, affiliationID);
} else {
fedInfo = accountManager.readAccountFedInfo(userID, idpEntityId, name);
}
if (fedInfo == null) {
FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: " + "User's account is not federated, id=" + userID);
return FederationSPAdapter.SSO_FAILED_FEDERATION_DOESNOT_EXIST;
}
}
//get AuthnLevel from authnContext
String authnContextClassRef = null;
int authnLevel = 0;
Map authnContextInfoMap = FSServiceUtils.getSPAuthContextInfo(hostConfig);
if (authnContextStmt != null && authnContextStmt.getAuthnContextClassRef() != null && authnContextStmt.getAuthnContextClassRef().length() != 0) {
authnContextClassRef = authnContextStmt.getAuthnContextClassRef();
if (authnContextClassRef != null && authnContextClassRef.length() != 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: AuthnContextClassRef " + "found in AuthenticationStatement:" + authnContextClassRef);
}
FSSPAuthenticationContextInfo authnContextInfo = (FSSPAuthenticationContextInfo) authnContextInfoMap.get(authnContextClassRef);
if (authnContextInfo != null) {
authnLevel = authnContextInfo.getAuthenticationLevel();
} else {
FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Could not find " + "AuthnContextClassInfo for authnContextClassRef: " + authnContextClassRef + "Using default authnContextClass");
authnContextClassRef = null;
}
}
} else {
FSUtils.debug.warning("FSAssertionArtifactHandler.generateToken: " + "Could not find AuthnContextClassRef in the " + "AuthenticationStatement. Using default authnContextClass");
}
if (authnContextClassRef == null || authnContextClassRef.length() == 0) {
authnContextClassRef = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
FSSPAuthenticationContextInfo authnContextInfo = (FSSPAuthenticationContextInfo) authnContextInfoMap.get(authnContextClassRef);
if (authnContextInfo != null) {
authnLevel = authnContextInfo.getAuthenticationLevel();
} else {
FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Could not find authentication level " + "for default authentication context class");
return FederationSPAdapter.SSO_FAILED;
}
}
Map valueMap = new HashMap();
valueMap.put(SessionProvider.PRINCIPAL_NAME, userID);
valueMap.put(SessionProvider.REALM, realm);
valueMap.put(SessionProvider.AUTH_LEVEL, String.valueOf(authnLevel));
valueMap.put(SessionProvider.AUTH_INSTANT, getAuthInstant());
valueMap.put("idpEntityID", idpEntityId);
//valueMap.put("resourceOffering",
//valueMap.put("securityToken",
SessionProvider sessionProvider = SessionManager.getProvider();
Object ssoSession;
try {
ssoSession = sessionProvider.createSession(valueMap, request, response, new StringBuffer(this.relayState));
} catch (SessionException se) {
FSUtils.debug.error("FSAssertionArtifactHandler.generateToken:" + "cannot generate token:", se);
int failureCode = se.getErrCode();
if (failureCode == SessionException.AUTH_USER_INACTIVE) {
failureCode = FederationSPAdapter.SSO_FAILED_AUTH_USER_INACTIVE;
} else if (failureCode == SessionException.AUTH_USER_LOCKED) {
failureCode = FederationSPAdapter.SSO_FAILED_AUTH_USER_LOCKED;
} else if (failureCode == SessionException.AUTH_ACCOUNT_EXPIRED) {
failureCode = FederationSPAdapter.SSO_FAILED_AUTH_ACCOUNT_EXPIRED;
} else {
failureCode = FederationSPAdapter.SSO_FAILED_TOKEN_GENERATION;
}
return failureCode;
}
try {
sessionProvider.addListener(ssoSession, new FSTokenListener(hostMetaAlias));
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler.generateToken:" + "Couldn't add listener to session:", e);
}
}
String value = sessionProvider.getSessionID(ssoSession);
ssoToken = ssoSession;
Iterator iter = null;
//Set fed cookie
String fedCookieName = SystemConfigurationUtil.getProperty(IFSConstants.FEDERATE_COOKIE_NAME);
String fedCookieValue = "yes";
for (String domain : SystemConfigurationUtil.getCookieDomainsForRequest(request)) {
CookieUtils.addCookieToResponse(response, CookieUtils.newCookie(fedCookieName, fedCookieValue, IFSConstants.PERSISTENT_COOKIE_AGE, "/", domain));
}
//keep local session ref
FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
FSSession session = sessionManager.getSession(userID, value);
if (session != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: An Existing session found for userID:" + userID + " And SessionID: " + value + " Adding partner to the Session");
}
session.addSessionPartner(new FSSessionPartner(idpEntityId, true));
session.setSessionIndex(idpSessionIndex);
sessionManager.addSession(userID, session);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: No existing session found for userID:" + userID + " And SessionID: " + value + " Creating a new Session");
}
session = new FSSession(value);
session.addSessionPartner(new FSSessionPartner(idpEntityId, true));
if (idpSessionIndex != null) {
session.setSessionIndex(idpSessionIndex);
}
sessionManager.addSession(userID, session);
}
// keep authncontext in FSSession.
if (authnContextClassRef != null) {
session.setAuthnContext(authnContextClassRef);
}
if (fedInfo != null) {
session.setAccountFedInfo(fedInfo);
}
// keep the attr statement in FSSession.
if (bootStrapStatement != null) {
session.setBootStrapAttributeStatement(bootStrapStatement);
}
if (_autoFedStatement != null) {
session.setAutoFedStatement(_autoFedStatement);
}
if (attrStatements.size() != 0) {
session.setAttributeStatements(attrStatements);
Map attributeMap = null;
setAttributeMapper();
if (realmAttributeMapper != null) {
attributeMap = realmAttributeMapper.getAttributes(attrStatements, realm, hostEntityId, idpEntityId, ssoToken);
} else if (attributeMapper != null) {
attributeMap = attributeMapper.getAttributes(attrStatements, hostEntityId, idpEntityId, ssoToken);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: Attribute map :" + attributeMap);
}
if (attributeMap != null) {
setAttributeMap(ssoToken, attributeMap);
}
}
if (securityAssertions != null) {
session.setBootStrapCredential(securityAssertions);
}
return FederationSPAdapter.SUCCESS;
} catch (Exception e) {
FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: " + "Exception Occured ", e);
return FederationSPAdapter.SSO_FAILED;
}
}
Also used :
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
HashMap(java.util.HashMap)
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)
FSAccountManager(com.sun.identity.federation.accountmgmt.FSAccountManager)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner)
Iterator(java.util.Iterator)
FSTokenListener(com.sun.identity.federation.services.logout.FSTokenListener)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
Map(java.util.Map)
HashMap(java.util.HashMap)
FSSPAuthenticationContextInfo(com.sun.identity.federation.services.FSSPAuthenticationContextInfo)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 27 with FSSession
use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.
the class FSRegistrationInitiationServlet method doRegistrationInitiation.
/**
* Called when a registration needs to be initiated with a remote provider.
* @param request <code>HTTPServletRequest</code> object received via a
* HTTP Redirect
* @param response <code>HTTPServletResponse</code> object to send the
* response back to user agent
* @param hostedProviderDesc the provider where registration is initiated
* @param hostedConfig the hosted provider's extended meta
* @param hostedEntityId the hosted provider's entity id
* @param hostedRole hosted provider's role
* @param hostedProviderAlias hosted provider's meta alias
*/
private void doRegistrationInitiation(HttpServletRequest request, HttpServletResponse response, ProviderDescriptorType hostedProviderDesc, BaseConfigType hostedConfig, String hostedEntityId, String hostedRole, String hostedProviderAlias) {
FSUtils.debug.message("Entered FSRegistrationInitiationServlet::doRegistrationInitiation");
try {
Object ssoToken = getValidToken(request);
if (ssoToken != null) {
String providerId = request.getParameter(IFSConstants.REGISTRATION_PROVIDER_ID);
if (providerId == null || providerId.length() < 1) {
FSUtils.debug.error("Provider Id not found, display error page");
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.REGISTRATION_NO_PROVIDER, IFSConstants.CONTACT_ADMIN);
return;
}
// session is valid, ProviderId available
FSServiceManager instSManager = FSServiceManager.getInstance();
if (instSManager != null) {
FSUtils.debug.message("FSServiceManager Instance not null");
String remoteProviderRole = IFSConstants.SP;
FSAccountFedInfo fedinfo = null;
if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
remoteProviderRole = IFSConstants.IDP;
FSSessionManager sessManager = FSSessionManager.getInstance(hostedProviderAlias);
FSSession ssoSession = sessManager.getSession(ssoToken);
if (ssoSession != null) {
if (!ssoSession.getOneTime()) {
fedinfo = ssoSession.getAccountFedInfo();
}
}
}
SessionProvider sessionProvider = SessionManager.getProvider();
FSNameRegistrationHandler handlerObj = instSManager.getNameRegistrationHandler(providerId, remoteProviderRole, sessionProvider.getPrincipalName(ssoToken), hostedEntityId, hostedProviderAlias);
if (handlerObj != null) {
handlerObj.setHostedDescriptor(hostedProviderDesc);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setMetaAlias(hostedProviderAlias);
handlerObj.setHostedProviderRole(hostedRole);
handlerObj.setHostedEntityId(hostedEntityId);
if (fedinfo != null) {
handlerObj.setAccountInfo(fedinfo);
}
boolean bStatus = handlerObj.handleNameRegistration(request, response, ssoToken);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("handleNameRegistration status is : " + bStatus);
}
return;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to get registration " + "handler. User account Not valid");
}
}
} else {
FSUtils.debug.message("FSServiceManager Instance null");
}
FSServiceUtils.returnLocallyAfterOperation(response, REGISTRATION_DONE_URL, false, IFSConstants.REGISTRATION_SUCCESS, IFSConstants.REGISTRATION_FAILURE);
return;
} else {
FSServiceUtils.redirectForAuthentication(request, response, hostedProviderAlias);
return;
}
} catch (IOException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("IOException in doRegistrationInitiation:", e);
}
} catch (SessionException ex) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("SessionException in doRegistrationInitiation", ex);
}
}
FSServiceUtils.returnLocallyAfterOperation(response, REGISTRATION_DONE_URL, false, IFSConstants.REGISTRATION_SUCCESS, IFSConstants.REGISTRATION_FAILURE);
}
Also used :
FSServiceManager(com.sun.identity.federation.services.FSServiceManager)
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
IOException(java.io.IOException)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 28 with FSSession
use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.
the class FSSingleLogoutHandler method doHttpRedirect.
/**
* Performs the logout notification in the case of HTTP Redirect profile.
* @param entityId the remote provider to whom logout message needs to
* be sent
* @return logout status
*/
private FSLogoutStatus doHttpRedirect(String entityId) {
try {
FSUtils.debug.message("In HTTP Redirect profile");
isHttpRedirect = true;
FSSessionManager sMgr = FSSessionManager.getInstance(metaAlias);
if (ssoToken == null) {
try {
//this is HTTP based protocol, get from HTTP servlet request
ssoToken = SessionManager.getProvider().getSession(request);
} catch (SessionException ex) {
FSUtils.debug.error("FSSLOHandler.doHttpRedirect: null ssoToken:", ex);
}
}
FSSession session = sMgr.getSession(ssoToken);
FSAccountFedInfo acctObj = null;
if (session != null) {
acctObj = session.getAccountFedInfo();
}
if (acctObj == null && session != null && !session.getOneTime()) {
acctObj = FSLogoutUtil.getCurrentWorkingAccount(userID, entityId, metaAlias);
}
if (acctObj == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler.doHttp" + "Redirect: Account might have been terminated.");
}
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
}
FSLogoutNotification reqLogout = createSingleLogoutRequest(acctObj, sessionIndex);
if (this.relayState != null) {
reqLogout.setRelayState(this.relayState);
}
if (reqLogout == null) {
FSUtils.debug.message("Logout Request is null");
return new FSLogoutStatus(IFSConstants.SAML_REQUESTER);
}
reqLogout.setMinorVersion(getMinorVersion(remoteDescriptor));
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler::doHttpRedirect " + remoteDescriptor.getSingleLogoutServiceURL() + "\nLogout request: " + reqLogout.toXMLString());
}
String urlEncodedRequest = reqLogout.toURLEncodedQueryString();
// Sign the request querystring
if (FSServiceUtils.isSigningOn()) {
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Retrieving self certalias : " + certAlias);
}
if (certAlias == null || certAlias.length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler::" + " doHttpRedirect: couldn't obtain " + "this site's cert alias.");
}
return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
urlEncodedRequest = FSSignatureUtil.signAndReturnQueryString(urlEncodedRequest, certAlias);
}
StringBuffer redirectURL = new StringBuffer();
String retURL = remoteDescriptor.getSingleLogoutServiceURL();
FSUtils.debug.message("Encoded Redirect URL " + urlEncodedRequest);
redirectURL.append(retURL);
if (retURL.indexOf(QUESTION_MARK) == -1) {
redirectURL.append(QUESTION_MARK);
} else {
redirectURL.append(AMPERSAND);
}
redirectURL.append(urlEncodedRequest);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler::doHttpRedirect" + " URL is " + redirectURL.toString());
}
response.sendRedirect(redirectURL.toString());
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
} catch (FSMsgException e) {
FSUtils.debug.error("FSSingleLogoutHandler::" + " doHttpRedirect FSMsgException:", e);
} catch (IOException e) {
FSUtils.debug.error("FSSingleLogoutHandler::" + "doHttpRedirect IOException:", e);
}
return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
Also used :
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
FSLogoutNotification(com.sun.identity.federation.message.FSLogoutNotification)
IOException(java.io.IOException)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
Example 29 with FSSession
use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.
the class FSSingleLogoutHandler method continueLogout.
/**
* Invoked in the case of Single Logout using SOAP profile.
* Only in the case of SOAP do we have control to initiate logout for the
* next-in-line provider. In the case of HTTP GET/Redirect we send the
* message to one provider and lose control. Here in SOAP profile
* <code>continueLogout</code> continues the logout process.
* @param isSuccess if true, means logout preformed successfully so far;
* if false, means logout failed in one or more providers.
*/
private void continueLogout(boolean isSuccess) {
FSUtils.debug.message("Entered FSSingleLogoutHandler::continueLogout");
if (FSLogoutUtil.liveConnectionsExist(userID, metaAlias)) {
FSUtils.debug.message("More liveConnectionsExist");
HashMap providerMap = FSLogoutUtil.getCurrentProvider(userID, metaAlias, ssoToken);
if (providerMap != null) {
FSSessionPartner currentSessionProvider = (FSSessionPartner) providerMap.get(IFSConstants.PARTNER_SESSION);
this.sessionIndex = (String) providerMap.get(IFSConstants.SESSION_INDEX);
if (currentSessionProvider != null) {
String currentEntityId = currentSessionProvider.getPartner();
isCurrentProviderIDPRole = currentSessionProvider.getIsRoleIDP();
ProviderDescriptorType currentDesc = null;
try {
if (isCurrentProviderIDPRole) {
currentDesc = metaManager.getIDPDescriptor(realm, currentEntityId);
} else {
currentDesc = metaManager.getSPDescriptor(realm, currentEntityId);
}
} catch (Exception e) {
FSUtils.debug.error("FSSingleLogoutHandler:cannot get meta:", e);
}
setRemoteDescriptor(currentDesc);
// Clean session Map
FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
FSSession session = sessionManager.getSession(sessionManager.getSessionList(userID), sessionIndex);
if (!supportSOAPProfile(remoteDescriptor)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Single Logout Profile cannot" + " be processed. Verify profile in metadata");
}
String[] data = { IFSConstants.LOGOUT_IDP_SOAP_PROFILE };
LogUtil.error(Level.INFO, LogUtil.LOGOUT_PROFILE_NOT_SUPPORTED, data, ssoToken);
return;
}
FSUtils.debug.message("FSSLOHandler, SOAP in case 2");
// this is IDP
if ((doIDPSoapProfile(currentEntityId)).getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS) || !isCurrentProviderIDPRole) {
FSLogoutUtil.removeCurrentSessionPartner(metaAlias, currentEntityId, ssoToken, userID);
FSUtils.debug.message("SOAP partner removed, case 3");
}
return;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Reached else part " + " currentSessionProvider " + "is null. nothing more to broadcast" + "\nNo more providers, destroy user" + "session call destroyPrincipalSession");
}
FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, sessionIndex, request, response);
if (response != null) {
returnAfterCompletion();
}
return;
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("GetCurrentProvider returns null HashMap" + " Clean session and return" + "\nNo live connections, destroy user" + " session call destroyPrincipalSession");
}
FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, sessionIndex, request, response);
if (response != null) {
returnAfterCompletion();
}
return;
}
} else {
FSUtils.debug.message("Reached else part in continuelogout");
// for SP does not logout local session in case IDP logout failed.
if (isSuccess || !isCurrentProviderIDPRole) {
FSUtils.debug.message("No live connections, destroy session");
FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, sessionIndex, request, response);
}
// Call SP Adapter postSingleLogoutSuccess for SP/SOAP
callPostSingleLogoutSuccess(respObj, IFSConstants.LOGOUT_SP_SOAP_PROFILE);
if (response != null) {
returnAfterCompletion();
}
return;
}
}
Also used :
FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner)
HashMap(java.util.HashMap)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
FSSession(com.sun.identity.federation.services.FSSession)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
ServletException(javax.servlet.ServletException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
IOException(java.io.IOException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
Example 30 with FSSession
use of com.sun.identity.federation.services.FSSession in project OpenAM by OpenRock.
the class FSLogoutUtil method destroyPrincipalSession.
/**
* Destroys the principal's session.
* In order to destroy the user's session the following things need
* to be done
* 1. Destroy the Federation Session cookie (eg. iPlanetDirectoryPro)
* 2. Clean the Session manager (FSSessionManager related API call)
* @param userID the principal whose session needs to be destroyed
* @param metaAlias the hostedProvider's meta alias.
* @param sessionIndex Session Index of the user session.
* @param request HTTP Request Object.
* @param response HTTP Response Object.
* @return <code>true</code> if session cleanup was successful;
* <code>false</code> otherwise.
*/
protected static boolean destroyPrincipalSession(String userID, String metaAlias, String sessionIndex, HttpServletRequest request, HttpServletResponse response) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Entered destroyPrincipalSession" + " for user : " + userID + " SessionIndex = " + sessionIndex);
}
Vector sessionObjList = getSessionObjectList(userID, metaAlias, sessionIndex);
if (sessionObjList == null) {
return false;
}
// Invalidate all such session ids
// session manager cleanup
invalidateActiveSessionIds(sessionObjList, request, response);
FSSession session = null;
if (sessionIndex != null && (sessionObjList != null && sessionObjList.size() == 1)) {
session = (FSSession) sessionObjList.elementAt(0);
}
// clean FSSession map
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("To call cleanSessionMap for user : " + userID);
}
cleanSessionMap(userID, metaAlias, session);
return true;
}Aggregations
FSSession (com.sun.identity.federation.services.FSSession)34
FSSessionManager (com.sun.identity.federation.services.FSSessionManager)30
SessionException (com.sun.identity.plugin.session.SessionException)26
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)15
IOException (java.io.IOException)13
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)12
FSSessionPartner (com.sun.identity.federation.services.FSSessionPartner)12
SAMLException (com.sun.identity.saml.common.SAMLException)12
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)9
SessionProvider (com.sun.identity.plugin.session.SessionProvider)9
List (java.util.List)9
FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)8
SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)8
HashMap (java.util.HashMap)8
Iterator (java.util.Iterator)8
COTException (com.sun.identity.cot.COTException)5
FSException (com.sun.identity.federation.common.FSException)5
FSLoginHelperException (com.sun.identity.federation.services.FSLoginHelperException)5
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)4
Vector (java.util.Vector)4
