use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.
the class FSPostLogin method setTokenListenerAndSessionInfo.
/**
* Sets the Session Listener and session information.
*
* @param request the <code>HttpServletRequest</code> object.
* @param metaAlias the provider alias string.
*/
private void setTokenListenerAndSessionInfo(HttpServletRequest request, String metaAlias) {
Object ssoToken = null;
String sessionID = null;
String userID = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
sessionID = sessionProvider.getSessionID(ssoToken);
userID = sessionProvider.getPrincipalName(ssoToken);
sessionProvider.addListener(ssoToken, new FSTokenListener(metaAlias));
} catch (SessionException ssoExp) {
FSUtils.debug.error("FSPostLogin::setTokenListenerAndSessionInfo " + "Failed during trying to add token Listener:", ssoExp);
return;
}
FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
FSSession session = sessionManager.getSession(userID, sessionID);
if (session == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPostLogin::setTokenListenerAndSessionInfo. " + "No existing session found for user " + userID + " And SessionID: " + sessionID + " Creating a new Session");
}
FSSession newSession = new FSSession(sessionID);
sessionManager.addSession(userID, newSession);
}
}
use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.
the class FSPostLogin method doPostLogin.
/**
* Retreives and forwards request to URL after login.
*
* @param request <code>HttpServletRequest</code> object.
* @param response <code>HttpServletResponse</code> object.
*/
public void doPostLogin(HttpServletRequest request, HttpServletResponse response) {
String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
String sso = request.getParameter(IFSConstants.SSOKEY);
String lrURL = request.getParameter(IFSConstants.LRURL);
String showFederatePage = request.getParameter(IFSConstants.FEDERATEKEY);
String returnURL = null;
if (metaAlias == null) {
metaAlias = FSServiceUtils.getMetaAlias(request);
String rqst = (new StringBuffer()).append(request.getRequestURL().toString()).append(IFSConstants.QUESTION_MARK).append(request.getQueryString()).toString();
lrURL = getValueFromURL(rqst, IFSConstants.LRURL);
sso = getValueFromURL(rqst, IFSConstants.SSOKEY);
// this is for LECP, we need to map the random id back to
// original URL stored in session manager
FSSessionManager sessMgr = FSSessionManager.getInstance(metaAlias);
String relayStateURL = sessMgr.getRelayState(lrURL);
if (relayStateURL != null) {
sessMgr.removeRelayState(lrURL);
lrURL = relayStateURL;
}
}
try {
setMetaInfo(metaAlias, request);
} catch (FSPostLoginException fsexp) {
sendResponse(request, response, errorPage);
}
if (lrURL == null || lrURL.length() <= 0) {
lrURL = LibertyManager.getHomeURL(realm, entityID, providerRole);
}
if ((sso != null && sso.length() > 0 && sso.equalsIgnoreCase(IFSConstants.SSOVALUE)) || isIDP) {
// means in middle of SSO show consent to introduction page
try {
Set cotSet = LibertyManager.getListOfCOTs(realm, entityID, providerRole);
if (cotSet != null && !cotSet.isEmpty()) {
if (cotSet.size() <= 1) {
String cotSelected = (String) cotSet.iterator().next();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPostLogin::doPostLogin " + "single cot present is " + cotSelected);
}
returnURL = doConsentToIntro(metaAlias, lrURL, cotSelected);
} else {
returnURL = new StringBuffer().append(consentPage).append(IFSConstants.QUESTION_MARK).append(IFSConstants.META_ALIAS).append(IFSConstants.EQUAL_TO).append(metaAlias).append(IFSConstants.AMPERSAND).append(IFSConstants.LRURL).append(IFSConstants.EQUAL_TO).append(URLEncDec.encode(lrURL)).toString();
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPostLogin::doPostLogin: No " + "COTS configured. redirecting to lrurl " + lrURL);
}
returnURL = lrURL;
}
} catch (FSPostLoginException fsexp) {
sendResponse(request, response, errorPage);
}
} else if (showFederatePage != null && !showFederatePage.equalsIgnoreCase(IFSConstants.FEDERATEVALUE)) {
//show do u want to federate page with list of IDP's
String providerID = LibertyManager.getEntityID(metaAlias);
String univId = LibertyManager.getUser(request);
if (univId == null) {
String gotoUrl = new StringBuffer().append(request.getRequestURL()).append(IFSConstants.QUESTION_MARK).append(IFSConstants.AMPERSAND).append(request.getQueryString()).toString();
String preLoginURL = LibertyManager.getLoginURL(request);
sendResponse(request, response, preLoginURL + "&goto=" + URLEncDec.encode(gotoUrl));
return;
}
Set providerSet = LibertyManager.getProvidersToFederate(realm, providerID, providerRole, univId);
if (providerSet != null && providerSet.size() != 0 && federationPage != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPostLogin::doPostLogin: Found " + "provider(s) to federated with " + providerSet);
}
returnURL = new StringBuffer().append(federationPage).append(IFSConstants.QUESTION_MARK).append(IFSConstants.META_ALIAS).append(IFSConstants.EQUAL_TO).append(metaAlias).append(IFSConstants.AMPERSAND).append(IFSConstants.LRURL).append(IFSConstants.EQUAL_TO).append(URLEncDec.encode(lrURL)).toString();
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPostLogin::doPostLogin: No " + "provider(s) to federated with or " + "federationPage null. Redirecting to LRURL " + lrURL);
}
returnURL = lrURL;
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPostLogin::doPostLogin. No cotkey or " + "Federatekey found");
}
returnURL = lrURL;
}
setTokenListenerAndSessionInfo(request, metaAlias);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPostLogin::doPostLogin return url " + returnURL);
}
sendResponse(request, response, returnURL);
}
use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.
the class FSBrowserArtifactConsumerHandler method processSAMLResponse.
private void processSAMLResponse(FSResponse samlResponse) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler.processSAMLResponse: Called");
String baseURL = FSServiceUtils.getBaseURL(request);
String framedPageURL = FSServiceUtils.getCommonLoginPageURL(hostMetaAlias, relayState, null, request, baseURL);
try {
if (samlResponse == null) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: null input " + FSUtils.bundle.getString("missingResponse"));
String[] data = { FSUtils.bundle.getString("missingResponse") };
LogUtil.error(Level.INFO, LogUtil.MISSING_RESPONSE, data);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostEntityId, hostConfig);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: Received " + samlResponse.toXMLString());
}
boolean valid = verifyResponseStatus(samlResponse);
if (!valid) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: verify Status failed " + FSUtils.bundle.getString("invalidResponse"));
String[] data = { samlResponse.toXMLString() };
LogUtil.error(Level.INFO, LogUtil.INVALID_RESPONSE, data);
if (spAdapter == null || !spAdapter.postSSOFederationFailure(hostEntityId, request, response, authnRequest, null, samlResponse, FederationSPAdapter.INVALID_RESPONSE)) {
FSUtils.forwardRequest(request, response, framedPageURL);
}
return;
}
// check Assertion
List assertions = samlResponse.getAssertion();
if ((assertions == null) || !(assertions.size() > 0)) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse" + FSUtils.bundle.getString("invalidResponse") + ": No assertion found inside the AuthnResponse");
String[] data = { samlResponse.toXMLString() };
LogUtil.error(Level.INFO, LogUtil.INVALID_RESPONSE, data);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
Iterator iter = assertions.iterator();
FSAssertion assertion = (FSAssertion) iter.next();
FSAuthnRequest authnRequestRef = getInResponseToRequest(assertion.getInResponseTo());
if (authnRequestRef == null) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: " + FSUtils.bundle.getString("invalidResponse") + ": Assertion does not correspond to any AuthnRequest");
String[] data = { samlResponse.toXMLString() };
LogUtil.error(Level.INFO, LogUtil.INVALID_RESPONSE, data);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
this.authnRequest = authnRequestRef;
this.relayState = authnRequest.getRelayState();
if ((this.relayState == null) || (this.relayState.trim().length() == 0)) {
this.relayState = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.PROVIDER_HOME_PAGE_URL);
if ((this.relayState == null) || (this.relayState.trim().length() == 0)) {
this.relayState = baseURL + IFSConstants.SP_DEFAULT_RELAY_STATE;
}
}
this.doFederate = authnRequest.getFederate();
this.nameIDPolicy = authnRequest.getNameIDPolicy();
// Call SP preSSOFederationProcess for Artifact case
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler, " + "Artifact, Invoke spAdapter.preSSOFederationProcess");
}
try {
spAdapter.preSSOFederationProcess(hostEntityId, request, response, authnRequest, null, (FSResponse) samlResponse);
} catch (Exception e) {
// log run time exception in Adapter
// implementation, continue
FSUtils.debug.error("FSAssertionArtifactHandler" + " SPAdapter.preSSOFederationSuccess", e);
}
}
framedPageURL = FSServiceUtils.getCommonLoginPageURL(hostMetaAlias, authnRequest.getRelayState(), null, request, baseURL);
String idpEntityIdRef = getProvider(assertion.getInResponseTo());
if ((idpEntityIdRef == null) || !(idpEntityIdRef.equals(idpEntityId))) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: " + FSUtils.bundle.getString("invalidAssertion") + ": Assertion does not correspond to any IDP");
String[] data = { FSUtils.bundle.getString("invalidAssertion") };
LogUtil.error(Level.INFO, LogUtil.INVALID_ASSERTION, data);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
FSSubject validSubject = (FSSubject) validateAssertions(assertions);
if (validSubject == null) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: validateAssertions failed: " + FSUtils.bundle.getString("invalidAssertion"));
String[] data = { FSUtils.bundle.getString("invalidAssertion") };
LogUtil.error(Level.INFO, LogUtil.INVALID_ASSERTION, data);
if (spAdapter == null || !spAdapter.postSSOFederationFailure(hostEntityId, request, response, authnRequest, null, samlResponse, FederationSPAdapter.INVALID_RESPONSE)) {
FSUtils.forwardRequest(request, response, framedPageURL);
}
return;
}
if (doFederate) {
NameIdentifier ni = validSubject.getIDPProvidedNameIdentifier();
if (ni == null) {
ni = validSubject.getNameIdentifier();
}
if (ni != null) {
int returnCode = doAccountFederation(ni);
if (returnCode == FederationSPAdapter.SUCCESS) {
// remove it from session manager table
FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
sessionManager.removeAuthnRequest(assertion.getInResponseTo());
return;
} else {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: " + FSUtils.bundle.getString("AccountFederationFailed"));
String[] data = { FSUtils.bundle.getString("AccountFederationFailed") };
LogUtil.error(Level.INFO, LogUtil.ACCOUNT_FEDERATION_FAILED, data);
if (spAdapter == null || !spAdapter.postSSOFederationFailure(hostEntityId, request, response, authnRequest, authnResponse, samlResponse, returnCode)) {
FSUtils.forwardRequest(request, response, framedPageURL);
}
}
} else {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: Single Sign-On failed. " + "NameIdentifier of the subject is null: ");
String[] data = { FSUtils.bundle.getString("SingleSignOnFailed") };
LogUtil.error(Level.INFO, LogUtil.SINGLE_SIGNON_FAILED, data);
throw new FSException("missingNIofSubject", null);
}
} else {
// remove it from session manager table
FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
sessionManager.removeAuthnRequest(assertion.getInResponseTo());
NameIdentifier niIdp = validSubject.getIDPProvidedNameIdentifier();
NameIdentifier ni = validSubject.getNameIdentifier();
if (niIdp == null) {
niIdp = ni;
}
if ((niIdp == null) || (ni == null)) {
String[] data = { FSUtils.bundle.getString("invalidResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_RESPONSE, data);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
String idpHandle = niIdp.getName();
String spHandle = ni.getName();
int handleType;
if ((idpHandle == null) || (spHandle == null)) {
String[] data = { FSUtils.bundle.getString("invalidResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_RESPONSE, data);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
if (idpHandle.equals(spHandle)) {
ni = niIdp;
handleType = IFSConstants.REMOTE_OPAQUE_HANDLE;
} else {
handleType = IFSConstants.LOCAL_OPAQUE_HANDLE;
}
if (ni != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: NameIdentifier=" + ni.getName() + " securityDomain=" + ni.getNameQualifier());
}
Map env = new HashMap();
env.put(IFSConstants.FS_USER_PROVIDER_ENV_FSRESPONSE_KEY, samlResponse);
int returnCode = doSingleSignOn(ni, handleType, niIdp, env);
if (returnCode == FederationSPAdapter.SUCCESS) {
String requestID = assertion.getInResponseTo();
if (isIDPProxyEnabled(requestID)) {
sendProxyResponse(requestID);
return;
}
String[] data = { this.relayState };
LogUtil.access(Level.INFO, LogUtil.ACCESS_GRANTED_REDIRECT_TO, data, ssoToken);
// Call SP Adapter
if (spAdapter != null) {
FSUtils.debug.message("Invoke spAdapter");
try {
if (spAdapter.postSSOFederationSuccess(hostEntityId, request, response, ssoToken, authnRequest, null, samlResponse)) {
return;
}
} catch (Exception e) {
// log run time exception in Adapter
// implementation, continue
FSUtils.debug.error("FSAssertionArtifactHandler" + " SPAdapter.postSSOFederationSuccess:", e);
}
}
redirectToResource(this.relayState);
return;
} else {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: SingleSignOnFailed, ni=" + ni.getName() + "[" + ni.getNameQualifier() + "]");
String[] data = { ni.getName() };
LogUtil.error(Level.INFO, LogUtil.SINGLE_SIGNON_FAILED, data);
if (spAdapter == null || !spAdapter.postSSOFederationFailure(hostEntityId, request, response, authnRequest, null, samlResponse, returnCode)) {
FSUtils.forwardRequest(request, response, framedPageURL);
}
return;
}
} else {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: SingleSignOnFailed (null)");
String[] data = { FSUtils.bundle.getString("SingleSignOnFailed") };
LogUtil.error(Level.INFO, LogUtil.SINGLE_SIGNON_FAILED, data);
throw new FSException("missingNIofSubject", null);
}
}
} catch (Exception e) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: Exception occured: ", e);
return;
}
}
use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.
the class FSAssertionArtifactHandler method getInResponseToRequest.
protected FSAuthnRequest getInResponseToRequest(String requestID) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler.getInResponseToRequest: Called");
FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
return authnRequest = sessionManager.getAuthnRequest(requestID);
}
use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.
the class FSTerminationInitiationServlet method doTerminationInitiation.
/**
* Called when a Termination needs to be initiated with a remote provider.
* @param request <code>HTTPServletRequest</code> object received via a
* HTTP Redirect
* @param response <code>HTTPServletResponse</code> object to send the
* response back to user agent
* @param hostedProviderDesc the provider where termination is initiated
* @param hostedConfig hosted provider's extended meta
* @param realm the realm under which the entity resides
* @param hostedEntityId hosted provider's entity ID
* @param hostedRole hosted provider's role
* @param providerAlias hosted provider's meta alias
*/
private void doTerminationInitiation(HttpServletRequest request, HttpServletResponse response, ProviderDescriptorType hostedProviderDesc, BaseConfigType hostedConfig, String realm, String hostedEntityId, String hostedRole, String providerAlias) {
FSUtils.debug.message("Entered FSTerminationInitiationServlet::doTerminationInitiation");
try {
Object ssoToken = getValidToken(request);
if (ssoToken != null) {
String remoteEntityId = request.getParameter(IFSConstants.TERMINATION_PROVIDER_ID);
if (remoteEntityId == null || remoteEntityId.length() < 1) {
FSUtils.debug.error("Provider Id not found, display error page");
FSServiceUtils.showErrorPage(response, commonErrorPage, IFSConstants.TERMINATION_NO_PROVIDER, IFSConstants.CONTACT_ADMIN);
return;
}
// session token is valid, ProviderId available
FSServiceManager instSManager = FSServiceManager.getInstance();
if (instSManager != null) {
FSUtils.debug.message("FSServiceManager Instance not null");
String remoteProviderRole = IFSConstants.SP;
FSAccountFedInfo fedinfo = null;
if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
remoteProviderRole = IFSConstants.IDP;
FSSessionManager sessManager = FSSessionManager.getInstance(providerAlias);
FSSession ssoSession = sessManager.getSession(ssoToken);
if (ssoSession != null) {
if (!ssoSession.getOneTime()) {
fedinfo = ssoSession.getAccountFedInfo();
}
}
}
FSFedTerminationHandler handlerObj = instSManager.getFedTerminationHandler(remoteEntityId, remoteProviderRole, SessionManager.getProvider().getPrincipalName(ssoToken), realm, hostedEntityId, providerAlias);
if (handlerObj != null) {
handlerObj.setHostedDescriptor(hostedProviderDesc);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setHostedProviderRole(hostedRole);
handlerObj.setMetaAlias(providerAlias);
handlerObj.setRealm(realm);
handlerObj.setHostedEntityId(hostedEntityId);
if (fedinfo != null) {
handlerObj.setAccountInfo(fedinfo);
}
boolean bStatus = handlerObj.handleFederationTermination(request, response, ssoToken);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("handleFederationTermination status is : " + bStatus);
}
return;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to get termination " + "handler. User account Not valid");
}
}
} else {
FSUtils.debug.message("FSServiceManager Instance null");
}
FSServiceUtils.returnLocallyAfterOperation(response, termDoneURL, false, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return;
} else {
FSServiceUtils.redirectForAuthentication(request, response, providerAlias);
return;
}
} catch (IOException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("IOException in doTerminationInitiation", e);
}
} catch (SessionException ex) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("SessionException in doTerminationInitiation", ex);
}
}
FSServiceUtils.returnLocallyAfterOperation(response, termDoneURL, false, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return;
}
Aggregations