Search in sources :

Example 11 with FSSessionManager

use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.

the class FSSSOAndFedHandler method processPreAuthnSSO.

/**
     * Handles authentication request.
     * @param authnRequest <code>FSAuthnRequest</code> object
     * @return <code>true</code> if the request is handled successfully;
     *  <code>false</code> otherwise.
     */
public boolean processPreAuthnSSO(FSAuthnRequest authnRequest) {
    FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: Called");
    String loginURL = null;
    List authenticationContextClassRef = null;
    String currentAuthnContextRef = null;
    String authType = null;
    FSAuthContextResult authnResult = null;
    FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
    if (authnRequest.getAuthnContext() != null) {
        authenticationContextClassRef = authnRequest.getAuthnContext().getAuthnContextClassRefList();
        if (authenticationContextClassRef == null) {
            String authCtxRefDefault = IFSConstants.DEFAULT_AUTHNCONTEXT_PASSWORD;
            authenticationContextClassRef = new ArrayList();
            authenticationContextClassRef.add(authCtxRefDefault);
        }
        authType = authnRequest.getAuthContextCompType();
        currentAuthnContextRef = null;
    }
    boolean authenticated = true;
    Object ssoToken = null;
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        ssoToken = sessionProvider.getSession(request);
        if (ssoToken == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "session is null. User is not authenticated.");
            }
            authenticated = false;
        } else if (!sessionProvider.isValid(ssoToken)) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "session is not valid. User is not authenticated.");
            }
            authenticated = false;
        } else {
            FSSession ssoSession = sessionMgr.getSession(ssoToken);
            if (ssoSession != null) {
                currentAuthnContextRef = ssoSession.getAuthnContext();
                if (currentAuthnContextRef != null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User has an existing " + "valid session with authnContext: " + currentAuthnContextRef);
                    }
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's authentication" + " context information not found using " + "default authentication context");
                    }
                    currentAuthnContextRef = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
                }
            } else {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.process" + "PreAuthnSSO: User's authenticated session " + "information is not present in FSSessionManager. " + "using default authentication context");
                }
                currentAuthnContextRef = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
            }
            authenticated = true;
        }
        if (authenticated) {
            // added in case of multiple SPs
            try {
                sessionProvider.addListener(ssoToken, new FSTokenListener(metaAlias));
            } catch (Exception e) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "Couldn't add listener to session:", e);
                }
            }
        }
    } catch (SessionException se) {
        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "SSOException Occured: User does not have session " + se.getMessage());
        authenticated = false;
    }
    //Initiate proxying
    if (!authenticated) {
        try {
            boolean isProxy = isIDPProxyEnabled(authnRequest);
            if (isProxy && !authnRequest.getFederate()) {
                String preferredIDP = getPreferredIDP(authnRequest);
                if (preferredIDP != null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.process" + "PreAuthnSSO:IDP to be proxied" + preferredIDP);
                    }
                    sendProxyAuthnRequest(authnRequest, preferredIDP);
                    return true;
                }
            //else continue for the local authentication.
            }
        } catch (FSRedirectException re) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandle.processPreAuthnSSO:" + "Redirecting for the proxy handling.");
            }
            return true;
        } catch (Exception ex) {
            FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO:" + "Exception occured while processing for the proxy.", ex);
            return false;
        }
    }
    try {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "User's authentication status: " + authenticated);
        }
        FSAuthnDecisionHandler authnDecisionHandler = new FSAuthnDecisionHandler(realm, hostedEntityId, request);
        List defAuthnCxtList = new ArrayList();
        defAuthnCxtList.add(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT));
        if (authnRequest.getIsPassive()) {
            if (authnRequest.getForceAuthn()) {
                if (FSUtils.debug.warningEnabled()) {
                    FSUtils.debug.warning("FSSSOAndFedHandler.PreAuthnSSO: " + "IDP is passive can't force authentication.");
                }
                return false;
            } else {
                if (authenticated) {
                    if (authenticationContextClassRef != null) {
                        authnResult = authnDecisionHandler.decideAuthnContext(authenticationContextClassRef, currentAuthnContextRef, authType);
                    } else {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication context is default");
                        }
                        authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList, authType);
                    }
                    if (authnResult == null) {
                        return false;
                    }
                    if (authnResult.getLoginURL() != null) {
                        // When it's not null.,
                        // we should show the login page
                        // may be it'asking for higher auth context.
                        loginURL = authnResult.getLoginURL();
                        loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
                        FSUtils.forwardRequest(request, response, loginURL);
                        return true;
                    } else {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is evaluated to be valid");
                        }
                        return processPostAuthnSSO(authnRequest);
                    }
                } else {
                    if (FSUtils.debug.warningEnabled()) {
                        FSUtils.debug.warning("FSSSOAndFedHandler.processPreAuthnSSO: " + "IDP is passive and user is not authenticated");
                    }
                    noFedStatus = new Status(new StatusCode("samlp:Responder", new StatusCode("lib:NoPassive", null)), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null);
                    return false;
                }
            }
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: AuthnRequest is active");
            }
            if (authnRequest.getForceAuthn()) {
                if (authenticationContextClassRef != null) {
                    authnResult = authnDecisionHandler.getURLForAuthnContext(authenticationContextClassRef, authType);
                } else {
                    authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList);
                }
                if (authnResult == null || authnResult.getLoginURL() == null || authnResult.getLoginURL().length() == 0) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO:" + "AuthnDecision engine failed to take a " + "authn decision");
                    }
                    return false;
                } else {
                    if (ssoToken != null) {
                        try {
                            SessionManager.getProvider().invalidateSession(ssoToken, request, response);
                        } catch (SessionException ssoe) {
                            FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO:" + "Unable to invalidate the sso session.");
                        }
                        ssoToken = null;
                    }
                    loginURL = authnResult.getLoginURL();
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "AuthnDecision engine returned: " + loginURL);
                    }
                }
                loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
                FSUtils.forwardRequest(request, response, loginURL);
                response.flushBuffer();
                return true;
            } else {
                if (authenticated) {
                    if (authenticationContextClassRef != null) {
                        authnResult = authnDecisionHandler.decideAuthnContext(authenticationContextClassRef, currentAuthnContextRef, authType);
                    } else {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is default");
                        }
                        authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList, authType);
                    }
                    if (authnResult == null) {
                        return false;
                    } else if (authnResult.getLoginURL() == null) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is evaluated to be valid");
                        }
                        return processPostAuthnSSO(authnRequest);
                    } else if (authnResult.getLoginURL().length() == 0) {
                        return false;
                    } else {
                        loginURL = authnResult.getLoginURL();
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO" + ": AuthnDecision engine returned: " + loginURL);
                        }
                    }
                    loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
                    FSUtils.forwardRequest(request, response, loginURL);
                    return true;
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: AuthnRequest is active");
                    }
                    //redirect for authentication authnContextRef
                    if (authenticationContextClassRef != null) {
                        authnResult = authnDecisionHandler.getURLForAuthnContext(authenticationContextClassRef, authType);
                    } else {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is default");
                        }
                        authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList, authType);
                    }
                    if (authnResult == null || authnResult.getLoginURL() == null || authnResult.getLoginURL().length() == 0) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler. processPreAuthnSSO: " + " AuthnDecision engine" + " failed to take a decision");
                        }
                        noFedStatus = new Status(new StatusCode("samlp:Responder", new StatusCode("lib:NoAuthnContext", null)), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null);
                        return false;
                    } else {
                        loginURL = authnResult.getLoginURL();
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "AuthnDecision engine returned: " + loginURL);
                        }
                    }
                    loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
                    FSUtils.forwardRequest(request, response, loginURL);
                    return true;
                }
            }
        }
    } catch (Exception e) {
        FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO: " + "Exception occured");
        return processPostAuthnSSO(authnRequest);
    }
}
Also used : Status(com.sun.identity.saml.protocol.Status) ArrayList(java.util.ArrayList) FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) FSRedirectException(com.sun.identity.federation.common.FSRedirectException) StatusCode(com.sun.identity.saml.protocol.StatusCode) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) FSRedirectException(com.sun.identity.federation.common.FSRedirectException) FSAuthContextResult(com.sun.identity.federation.services.FSAuthContextResult) FSAuthnDecisionHandler(com.sun.identity.federation.services.FSAuthnDecisionHandler) List(java.util.List) ArrayList(java.util.ArrayList) FSTokenListener(com.sun.identity.federation.services.logout.FSTokenListener) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 12 with FSSessionManager

use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.

the class FSIDPFinderService method doGet.

/**
     * Gets <code>IDP</code> from common domain and sends proxy authentication
     * request to the <code>IDP</code>.
     * @param request <code>HttpServletRequest</code> object
     * @param response <code>HttpServletResponse</code> object
     * @exception ServletException, IOException if error occurred.
     */
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    if (request == null || response == null) {
        FSUtils.debug.error("FSIDPFinderService.doGet:: Null Input");
        return;
    }
    FSUtils.debug.message("FSIDPFinderService.doGet::Init");
    String entityID = request.getParameter("ProviderID");
    String requestID = request.getParameter("RequestID");
    String realm = request.getParameter("Realm");
    if (entityID == null || requestID == null || realm == null) {
        FSUtils.debug.error("FSIDPFinderService.doGet:: Request is missing" + "either ProviderID or the RequestID");
        throw new ServletException("invalidRequest");
    }
    String idpID = null;
    try {
        idpID = getCommonDomainIDP(request, response, realm, entityID, requestID);
    } catch (FSRedirectException fe) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSIDPFinderService.doGet:Redirection" + " has happened");
        }
        return;
    }
    String hostMetaAlias = null;
    BaseConfigType hostConfig = null;
    IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
    try {
        if (metaManager != null) {
            hostConfig = metaManager.getIDPDescriptorConfig(realm, entityID);
            if (hostConfig != null) {
                hostMetaAlias = hostConfig.getMetaAlias();
            }
        }
    } catch (IDFFMetaException ie) {
        FSUtils.debug.error("FSIDPFinderService.doGet:: Failure in " + "getting proxying hosted meta:", ie);
        return;
    }
    FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
    FSAuthnRequest authnReq = sessionManager.getAuthnRequest(requestID);
    // is same as the local provider then do a local login.
    if (idpID == null || idpID.equals(entityID)) {
        String loginURL = getLoginURL(authnReq, realm, entityID, request);
        if (loginURL == null) {
            FSUtils.debug.error("FSIDPFinderService.doGet : login url" + " is null");
            return;
        }
        response.setHeader("Location", loginURL);
        response.sendRedirect(loginURL);
    } else {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSIDPFinderService.doGet:IDP to be proxied:" + idpID);
        }
        // Now proxy the authentication request to the preferred IDP.
        try {
            FSProxyHandler handler = new FSProxyHandler(request, response);
            handler.setHostedEntityId(entityID);
            IDPDescriptorType hostDesc = null;
            SPDescriptorType origSPDesc = null;
            if (metaManager != null) {
                hostDesc = metaManager.getIDPDescriptor(realm, entityID);
                origSPDesc = metaManager.getSPDescriptor(realm, authnReq.getProviderId());
            }
            handler.setSPDescriptor(origSPDesc);
            handler.setHostedDescriptor(hostDesc);
            handler.setHostedDescriptorConfig(hostConfig);
            handler.setMetaAlias(hostMetaAlias);
            handler.setRealm(realm);
            handler.sendProxyAuthnRequest(authnReq, idpID);
        } catch (IDFFMetaException ie) {
            FSUtils.debug.error("FSIDPFinderService.doGet:: Failure in " + "getting proxying hosted meta:", ie);
        } catch (FSException fe) {
            FSUtils.debug.error("FSIDPFinderService.doGet:: Failure in " + "sending the proxy authentication request.", fe);
        }
    }
}
Also used : ServletException(javax.servlet.ServletException) BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest) FSException(com.sun.identity.federation.common.FSException) FSRedirectException(com.sun.identity.federation.common.FSRedirectException) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)

Example 13 with FSSessionManager

use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.

the class FSIntersiteTransferService method doGet.

/**
     * Generates <code>AuthnRequest</code> and sends it to <code>IDP</code>.
     * @param request <code>HttpServletRequest</code> object
     * @param response <code>HttpServletResponse</code> object
     * @exception ServletException,IOException if error occurred
     */
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    FSUtils.debug.message("FSIntersiteTransferService.doGet: Called");
    /**
         * Check to see if there is a need to set lb cookie.
         * This is for the use case that AuthnRequest is not created by the 
         * preLogin process and lb cookie wasn't set there.
         */
    if (FSUtils.needSetLBCookieAndRedirect(request, response, false)) {
        return;
    }
    try {
        IDPDescriptorType idpDescriptor = null;
        String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
        if (metaAlias == null || metaAlias.length() == 0) {
            metaAlias = FSServiceUtils.getMetaAlias(request);
        }
        IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
        String hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
        String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
        if ((request == null) || (response == null)) {
            response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
            return;
        }
        String qs = request.getQueryString();
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "QueryString Received from CommonDomain: " + qs);
        }
        String requestID = findRequestID(request);
        if (requestID == null) {
            //throw error page
            FSUtils.debug.error("FSIntersiteTransferService.doGet: " + FSUtils.bundle.getString("nullInputParameter"));
            response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
            return;
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "RequestID found: " + requestID);
        }
        FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
        FSAuthnRequest authnRequest = sessionMgr.getAuthnRequest(requestID);
        if (authnRequest == null) {
            FSUtils.debug.error("FSIntersiteTransferService.doGet: " + FSUtils.bundle.getString("invalidRequestId"));
            String[] data = { FSUtils.bundle.getString("invalidRequestId") };
            LogUtil.error(Level.INFO, "INVALID_AUTHN_REQUEST", data);
            response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("invalidRequestId"));
            return;
        }
        String resourceUrl = authnRequest.getRelayState();
        String baseURL = FSServiceUtils.getBaseURL(request);
        framedLoginPageURL = FSServiceUtils.getCommonLoginPageURL(metaAlias, resourceUrl, null, request, baseURL);
        String idpID = FSUtils.findPreferredIDP(realm, request);
        if (idpID == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "No Preffered IDP found in this Common Domain. " + "Try to find PrefferedIDP in other common domains");
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "RequestID :" + requestID);
            }
            redirectToCommonDomain(request, response, requestID);
            return;
        } else {
            idpDescriptor = metaManager.getIDPDescriptor(realm, idpID);
            if (idpDescriptor == null) {
                FSUtils.debug.error("FSIntersiteTransferService.doGet: " + FSUtils.bundle.getString("noTrust"));
                String[] data = { idpID };
                LogUtil.error(Level.INFO, "PROVIDER_NOT_TRUSTED", data);
                response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("noTrust"));
                return;
            }
            HttpSession session = request.getSession(true);
            session.removeAttribute(IFSConstants.SESSION_COTSET_ATTR);
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "Preffered IDP found:" + idpID);
        }
        sessionMgr.setIDPEntityID(requestID, idpID);
        // Set the authn request version here
        int minorVersion = FSServiceUtils.getMinorVersion(idpDescriptor.getProtocolSupportEnumeration());
        authnRequest.setMinorVersion(minorVersion);
        authnRequest.getAuthnContext().setMinorVersion(minorVersion);
        SPDescriptorType hostDesc = metaManager.getSPDescriptor(realm, hostEntityId);
        BaseConfigType hostConfig = metaManager.getSPDescriptorConfig(realm, hostEntityId);
        if (IDFFMetaUtils.getBooleanAttributeValueFromConfig(hostConfig, IFSConstants.ENABLE_AFFILIATION)) {
            Set affiliations = metaManager.getAffiliateEntity(realm, idpID);
            if (affiliations != null && !affiliations.isEmpty()) {
                AffiliationDescriptorType affiliateDescriptor = (AffiliationDescriptorType) affiliations.iterator().next();
                authnRequest.setAffiliationID(affiliateDescriptor.getAffiliationID());
            }
        }
        if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION && IDFFMetaUtils.getBooleanAttributeValueFromConfig(hostConfig, IFSConstants.ENABLE_IDP_PROXY)) {
            FSScoping scoping = new FSScoping();
            scoping.setProxyCount(Integer.parseInt(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.IDP_PROXY_COUNT)));
            List proxyIDPs = IDFFMetaUtils.getAttributeValueFromConfig(hostConfig, IFSConstants.IDP_PROXY_LIST);
            if (proxyIDPs != null && !proxyIDPs.isEmpty()) {
                Iterator iter = proxyIDPs.iterator();
                ArrayList list = new ArrayList();
                while (iter.hasNext()) {
                    IDPEntry entry = new IDPEntry((String) iter.next(), null, null);
                    list.add(entry);
                }
                IDPEntries entries = new IDPEntries(list);
                FSIDPList idpList = new FSIDPList(entries, null);
                scoping.setIDPList(idpList);
            }
            authnRequest.setScoping(scoping);
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "AuthnRequest:" + authnRequest.toXMLString(true, true));
        }
        if (authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_BROWSER_ART) || authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_BROWSER_POST)) {
            handleBrowserArtifactPOSTIST(request, response, authnRequest, idpDescriptor, hostDesc, hostConfig);
            return;
        } else if (authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_WML_POST)) {
            handleWMLIST(request, response, authnRequest, idpDescriptor);
            return;
        }
        FSUtils.debug.error("FSIntersiteTransferService.doGet: " + "Unknown Protocol Profile");
        String[] data = { FSUtils.bundle.getString("invalidAuthnRequest") };
        LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_REQUEST, data);
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("invalidAuthnRequest"));
        return;
    } catch (Exception e) {
        FSUtils.debug.error("FSIntersiteTransferService.doGet: ", e);
        try {
            response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("Exception"));
            return;
        } catch (IOException ioe) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSIntersiteTransferService.doGet: " + FSUtils.bundle.getString("sendFailed") + ioe.getMessage());
            }
        }
    }
}
Also used : Set(java.util.Set) HttpSession(javax.servlet.http.HttpSession) FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest) ArrayList(java.util.ArrayList) AffiliationDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType) IOException(java.io.IOException) SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType) IDPEntries(com.sun.identity.federation.message.common.IDPEntries) ServletException(javax.servlet.ServletException) FSSignatureException(com.sun.identity.federation.services.util.FSSignatureException) COTException(com.sun.identity.cot.COTException) IOException(java.io.IOException) IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType) BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) FSIDPList(com.sun.identity.federation.message.FSIDPList) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) Iterator(java.util.Iterator) FSScoping(com.sun.identity.federation.message.FSScoping) ArrayList(java.util.ArrayList) List(java.util.List) FSIDPList(com.sun.identity.federation.message.FSIDPList) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) IDPEntry(com.sun.identity.federation.message.common.IDPEntry)

Example 14 with FSSessionManager

use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.

the class FSLogoutUtil method cleanSessionMapPartnerList.

/**
     * Cleans the <code>FSSessionManager</code> maintained session
     * for the given principal, provider Id and removes all references to 
     * the provider since logout notification has already been sent to 
     * that provider.
     * @param userDN the principal whose session needs to be destroyed
     * @param currentEntityId the provider to whom logout notification is 
     *  about to be sent
     * @param metaAlias the hostedProvider doing logout cleanup
     * @param session Liberty session.
     */
public static void cleanSessionMapPartnerList(String userDN, String currentEntityId, String metaAlias, FSSession session) {
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("In cleanSessionMapPartnerList for user : " + userDN + "and provider : " + currentEntityId);
    }
    FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
    sessionMgr.removeProvider(userDN, currentEntityId, session);
}
Also used : FSSessionManager(com.sun.identity.federation.services.FSSessionManager)

Example 15 with FSSessionManager

use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.

the class FSLogoutUtil method getCurrentProvider.

public static HashMap getCurrentProvider(String userID, String metaAlias, Object ssoToken, FSSession curSession) {
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("Entered getCurrentProvider for user : " + userID);
    }
    HashMap providerMap = new HashMap();
    try {
        FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
        FSSession session = sessionMgr.getSession(ssoToken);
        if (session == null && curSession != null) {
            session = curSession;
        }
        if (session != null) {
            List partners = session.getSessionPartners();
            if (partners != null && !partners.isEmpty()) {
                Iterator iter = partners.iterator();
                FSSessionPartner sessionPartner = (FSSessionPartner) iter.next();
                providerMap.put(IFSConstants.PARTNER_SESSION, sessionPartner);
                providerMap.put(IFSConstants.SESSION_INDEX, session.getSessionIndex());
                return providerMap;
            } else {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSLogoutUtil.getCurrentProvider:" + "No more session partners");
                }
                return null;
            }
        }
        return null;
    } catch (Exception e) {
        FSUtils.debug.error("FSLogoutUtil.getCurrentProvider:: Exception" + " in getting the current provider", e);
        return null;
    }
}
Also used : FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner) HashMap(java.util.HashMap) FSSession(com.sun.identity.federation.services.FSSession) Iterator(java.util.Iterator) List(java.util.List) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) IOException(java.io.IOException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)

Aggregations

FSSessionManager (com.sun.identity.federation.services.FSSessionManager)48 FSSession (com.sun.identity.federation.services.FSSession)30 SessionException (com.sun.identity.plugin.session.SessionException)29 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)19 IOException (java.io.IOException)19 FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)18 SAMLException (com.sun.identity.saml.common.SAMLException)16 FSSessionPartner (com.sun.identity.federation.services.FSSessionPartner)13 List (java.util.List)13 FSException (com.sun.identity.federation.common.FSException)12 HashMap (java.util.HashMap)11 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)10 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)10 SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)10 Iterator (java.util.Iterator)10 SessionProvider (com.sun.identity.plugin.session.SessionProvider)9 ServletException (javax.servlet.ServletException)9 FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)8 IDPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)8 COTException (com.sun.identity.cot.COTException)7