use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.
the class FSLogoutUtil method removeTokenFromSession.
/*
* Cleans the FSSessionMap when the session token expires, idles out and/or
* when the user has closed his browser without actually performing a
* logout.
* @param token the session token used to identify the user's
* session
* @param metaAlias the hosted provider performing logout
*/
public static void removeTokenFromSession(Object token, String metaAlias) {
String univId = "";
String tokenId = "";
try {
SessionProvider sessionProvider = SessionManager.getProvider();
univId = sessionProvider.getPrincipalName(token);
tokenId = sessionProvider.getSessionID(token);
} catch (SessionException e) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("SessionException in removeTokenFromSession", e);
}
return;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Entered removeTokenFromSession for user: " + univId);
}
FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
FSSession currentSession = sessionMgr.getSession(univId, tokenId);
if (currentSession != null) {
sessionMgr.removeSession(univId, currentSession);
}
}
use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.
the class FSPreLogoutHandler method processHttpSingleLogoutRequest.
/**
* Processes logout request received via HTTP redirect/GET.
* @param request <code>HttpServletRequest</code> object from the user agent
* @param response <code>HttpServletRsponse</code> to be sent back to the
* user agent
* @param ssoToken used to identify the principal who wants to logout
* @return <code>FSLogoutStatus</code> object to indicate the status of
* the logout process.
*/
public FSLogoutStatus processHttpSingleLogoutRequest(HttpServletRequest request, HttpServletResponse response, Object ssoToken) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Entered FSPrelogoutHandler::" + "processSingleLogoutRequest HTTP Redirect");
}
this.request = request;
this.locale = FSServiceUtils.getLocale(request);
setLogoutURL();
this.response = response;
this.ssoToken = ssoToken;
FSSessionManager sMgr = FSSessionManager.getInstance(metaAlias);
FSSession session = sMgr.getSession(ssoToken);
String sessionIndex = session.getSessionIndex();
try {
if (session != null && session.getOneTime()) {
this.userID = SessionManager.getProvider().getPrincipalName(ssoToken);
FSUtils.debug.message("FSPH:processSingleLogout: Onetime case");
} else {
this.userID = FSLogoutUtil.getUserFromRequest(reqLogout, realm, hostedEntityId, hostedRole, hostedConfig, metaAlias);
}
} catch (SessionException se) {
FSUtils.debug.error("processSingleLogoutRequest", se);
this.userID = null;
}
if (userID == null) {
FSUtils.debug.message("FSPrelogoutHandler::User Not found");
FSLogoutUtil.returnToSource(response, remoteDescriptor, IFSConstants.SAML_RESPONDER, COMMON_ERROR_URL, reqLogout.getMinorVersion(), hostedConfig, hostedEntityId, userID);
return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
String acceptString = request.getHeader("Accept");
if ((acceptString != null) && (acceptString.indexOf("text/vnd.wap.wml") != -1)) {
isWMLAgent = true;
}
String relayState = reqLogout.getRelayState();
FSLogoutUtil.cleanSessionMapPartnerList(userID, remoteEntityID, metaAlias, session);
FSUtils.debug.message("FSPrelogoutHandler::calling getCurrentProvider");
boolean bHasAnyOtherProvider = false;
HashMap providerMap = new HashMap();
FSSessionPartner sessionPartner = null;
providerMap = FSLogoutUtil.getCurrentProvider(userID, metaAlias, ssoToken);
if (providerMap != null) {
sessionPartner = (FSSessionPartner) providerMap.get(IFSConstants.PARTNER_SESSION);
sessionIndex = (String) providerMap.get(IFSConstants.SESSION_INDEX);
if (sessionPartner != null) {
bHasAnyOtherProvider = true;
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("bHasAnyOtherProvider = " + bHasAnyOtherProvider);
}
currentEntityId = sessionPartner.getPartner();
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("bHasAnyOtherProvider other than source : " + bHasAnyOtherProvider);
}
// this is SP initiated HTTP based single logout
FSUtils.debug.message("FSPreLogout::creating FSSingleLogoutHandler");
FSSingleLogoutHandler handlerObj = new FSSingleLogoutHandler();
handlerObj.setHostedDescriptor(hostedDescriptor);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setRealm(realm);
handlerObj.setHostedEntityId(hostedEntityId);
handlerObj.setHostedProviderRole(hostedRole);
handlerObj.setMetaAlias(metaAlias);
handlerObj.setSingleLogoutProtocol(IFSConstants.LOGOUT_SP_REDIRECT_PROFILE);
//handlerObj.setRemoteEntityId(remoteEntityID);
return handlerObj.processHttpSingleLogoutRequest(response, request, reqLogout, sessionPartner, userID, ssoToken, remoteEntityID, sessionIndex, isWMLAgent, relayState, (hostedRole.equals(IFSConstants.SP) ? IFSConstants.IDP : IFSConstants.SP));
}
use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.
the class FSPreLogoutHandler method handleSingleLogout.
/**
* Initiates logout at this provider when the user has clicked on the
* logout option.
* @param request <code>HttPServletRequest</code> object from the user agent
* @param response <code>HttPServletRsponse</code> to be sent back to the
* user agent
* @param ssoToken used to identify the principal who wants to logout
* @param sourceCheck where the logout coming from
* @return <code>true</code> if the logout is successful; <code>false</code>
* otherwise.
*/
public FSLogoutStatus handleSingleLogout(HttpServletRequest request, HttpServletResponse response, Object ssoToken, String sourceCheck) {
this.request = request;
setLogoutURL();
FSUtils.debug.message("Entered FSPreLogoutHandler::handleSingleLogout");
try {
this.response = response;
this.ssoToken = ssoToken;
this.userID = SessionManager.getProvider().getPrincipalName(ssoToken);
String acceptString = request.getHeader("Accept");
if ((acceptString != null) && (acceptString.indexOf("text/vnd.wap.wml") != -1)) {
isWMLAgent = true;
}
FSSessionManager sMgr = FSSessionManager.getInstance(metaAlias);
FSSession session = sMgr.getSession(ssoToken);
String sessionIndex = null;
List partners = null;
if (session != null) {
sessionIndex = session.getSessionIndex();
partners = session.getSessionPartners();
}
if (FSUtils.debug.messageEnabled()) {
if (partners != null && partners.size() != 0) {
Iterator iter = partners.iterator();
while (iter.hasNext()) {
FSSessionPartner partner = (FSSessionPartner) iter.next();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("PARTNER:" + partner.getPartner());
}
}
}
}
if (FSLogoutUtil.liveConnectionsExist(userID, metaAlias)) {
HashMap providerMap = FSLogoutUtil.getCurrentProvider(userID, metaAlias, ssoToken);
if (providerMap != null) {
FSSessionPartner currentSessionProvider = (FSSessionPartner) providerMap.get(IFSConstants.PARTNER_SESSION);
sessionIndex = (String) providerMap.get(IFSConstants.SESSION_INDEX);
if (currentSessionProvider != null) {
// this is IDP initiated based single logout
// HTTP or SOAP is based on metadata
FSUtils.debug.message("creating IDP handler");
FSSingleLogoutHandler handlerObj = new FSSingleLogoutHandler();
handlerObj.setHostedDescriptor(hostedDescriptor);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setRealm(realm);
handlerObj.setHostedEntityId(hostedEntityId);
handlerObj.setHostedProviderRole(hostedRole);
handlerObj.setMetaAlias(metaAlias);
handlerObj.setRelayState(relayState);
return handlerObj.handleSingleLogout(response, request, currentSessionProvider, userID, sessionIndex, isWMLAgent, ssoToken);
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("No more providers, nothing to broadcast " + "\ndestroy user session call destroyPrincipalSession");
}
FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, sessionIndex, request, response);
// control could come here when local login has happened
// In this FSSessionmap will not have anything and so we destroy
// the session based on ssoToken
FSLogoutUtil.destroyLocalSession(ssoToken, request, response);
returnToPostLogout(IFSConstants.SAML_SUCCESS);
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("No live connections, destroy user" + " session call destroyPrincipalSession. source=" + sourceCheck);
}
FSLogoutResponse logoutResponse = null;
FederationSPAdapter spAdapter = null;
// Call SP Adapter preSingleLogoutProcess for SP/HTTP
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP) && sourceCheck.equals("remote")) {
spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPreLogoutHandler, " + "call preSingleLogoutProcess, SP/HTTP");
}
try {
logoutResponse = FSLogoutResponse.parseURLEncodedRequest(request);
relayState = logoutResponse.getRelayState();
// unabled to access logoutRequest here
spAdapter.preSingleLogoutProcess(hostedEntityId, request, response, userID, null, logoutResponse, IFSConstants.LOGOUT_SP_REDIRECT_PROFILE);
} catch (Exception e) {
// ignore adapter error
FSUtils.debug.error("preSingleLogoutProcess.SP/HTTP", e);
}
}
}
FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, sessionIndex, request, response);
// the session based on ssoToken
if (SessionManager.getProvider().isValid(ssoToken)) {
FSLogoutUtil.destroyLocalSession(ssoToken, request, response);
}
// Call SP Adapter postSingleLogoutProcess for SP/HTTP
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP) && sourceCheck.equals("remote")) {
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPreLogoutHandler, " + "call postSingleLogoutProcess, SP/HTTP");
}
try {
spAdapter.postSingleLogoutSuccess(hostedEntityId, request, response, userID, null, logoutResponse, IFSConstants.LOGOUT_SP_REDIRECT_PROFILE);
} catch (Exception e) {
// ignore adapter exception
FSUtils.debug.error("postSingleLogoutSuccess.SP/HTTP:", e);
}
}
}
returnToPostLogout(IFSConstants.SAML_SUCCESS);
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
}
} catch (SessionException e) {
FSUtils.debug.error("SessionException in liveConnectionsExist" + " So destroy self and exit");
FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, null, request, response);
// cannot call FSLogoutUtil.destroyLocalSession(ssoToken)
// since session exception has occurred
returnToPostLogout(IFSConstants.SAML_SUCCESS);
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
}
}
use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.
the class FSSingleLogoutHandler method doSoapProfile.
/**
* Initiates SOAP proifle logout.
* @param providerId the first provider with SOAP as logout profile
*/
private FSLogoutStatus doSoapProfile(String providerId) {
FSUtils.debug.message("Entered IDP's doSoapProfile");
try {
FSSessionManager sMgr = FSSessionManager.getInstance(metaAlias);
FSSession session = sMgr.getSession(ssoToken);
FSAccountFedInfo currentAccount = null;
if (session != null) {
currentAccount = session.getAccountFedInfo();
}
if (currentAccount == null && !session.getOneTime()) {
currentAccount = FSLogoutUtil.getCurrentWorkingAccount(userID, providerId, metaAlias);
}
if (currentAccount == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler. User's " + "account may have been terminated.");
}
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
}
FSLogoutNotification reqLogout = createSingleLogoutRequest(currentAccount, sessionIndex);
reqLogout.setMinorVersion(getMinorVersion(remoteDescriptor));
if (reqLogout != null) {
FSSOAPService instSOAP = FSSOAPService.getInstance();
if (instSOAP != null) {
FSUtils.debug.message("Signing suceeded. To call bindLogoutRequest");
reqLogout.setID(IFSConstants.LOGOUTID);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("logout request before sign: " + reqLogout.toXMLString(true, true));
}
SOAPMessage msgLogout = instSOAP.bind(reqLogout.toXMLString(true, true));
if (msgLogout != null) {
SOAPMessage retSOAPMessage = null;
try {
if (FSServiceUtils.isSigningOn()) {
int minorVersion = reqLogout.getMinorVersion();
switch(minorVersion) {
case IFSConstants.FF_11_PROTOCOL_MINOR_VERSION:
msgLogout = signLogoutRequest(msgLogout, IFSConstants.ID, reqLogout.getID());
break;
case IFSConstants.FF_12_PROTOCOL_MINOR_VERSION:
msgLogout = signLogoutRequest(msgLogout, IFSConstants.REQUEST_ID, reqLogout.getRequestID());
break;
default:
FSUtils.debug.message("invalid minor version.");
break;
}
}
retSOAPMessage = instSOAP.sendMessage(msgLogout, remoteDescriptor.getSoapEndpoint());
} catch (Exception e) {
FSUtils.debug.error("FSSOAPException in doSOAPProfile" + " Cannot send request", e);
return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
if (retSOAPMessage != null) {
Element elt = instSOAP.parseSOAPMessage(retSOAPMessage);
if (FSServiceUtils.isSigningOn()) {
if (!verifyResponseSignature(retSOAPMessage)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Response " + "signature verification failed");
}
FSServiceUtils.returnLocallyAfterOperation(response, LOGOUT_DONE_URL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
return new FSLogoutStatus(IFSConstants.SAML_REQUESTER);
}
}
this.requestLogout = reqLogout;
respObj = new FSLogoutResponse(elt);
// Call SP Adapter preSingleLogout for SP/SOAP
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSLOHandler." + "preSingleLogoutProcess, SP/SOAP");
}
try {
spAdapter.preSingleLogoutProcess(hostedEntityId, request, response, userID, reqLogout, respObj, IFSConstants.LOGOUT_SP_SOAP_PROFILE);
} catch (Exception e) {
// ignore adapter error
FSUtils.debug.error("spAdapter." + "preSingleLogoutProcess, SP/SOAP:", e);
}
}
}
Status status = respObj.getStatus();
StatusCode statusCode = status.getStatusCode();
StatusCode secondLevelStatus = statusCode.getStatusCode();
String statusString = statusCode.getValue();
if (statusString.equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler: " + " doSoapProfile returning success");
}
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler: " + "SOAP Profile failure " + statusString);
}
return new FSLogoutStatus(statusString);
}
}
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to bindLogoutRequest." + "Current Provider cannot be processed");
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to create logout request" + " Current Provider cannot be processed");
}
}
} catch (Exception e) {
FSUtils.debug.error("In IOException of doSOAPProfile : ", e);
}
return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.
the class FSSSOAndFedService method handleAuthnRequest.
private void handleAuthnRequest(HttpServletRequest request, HttpServletResponse response, FSAuthnRequest authnRequest, String realm, String hostEntityId, boolean bLECP, String authnContext) {
// post authn process
FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: Called");
IDPDescriptorType hostedDesc = null;
BaseConfigType hostedConfig = null;
String metaAlias = null;
try {
hostedDesc = metaManager.getIDPDescriptor(realm, hostEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
if (hostedConfig != null) {
metaAlias = hostedConfig.getMetaAlias();
}
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: " + "Couldn't obtain hosted meta:", e);
}
}
/* Not really useful.
String nameRegisDone =
request.getParameter(IFSConstants.NAMEREGIS_INDICATOR_PARAM);
boolean doNameRegis = false;
String doNameRegisStr =
IDFFMetaUtils.getFirstAttributeValueFromConfig(
hostedConfig, IFSConstants.ENABLE_REGISTRATION_AFTER_SSO);
if (doNameRegisStr != null && doNameRegisStr.equalsIgnoreCase("true")) {
doNameRegis = true;
}
*/
Object ssoToken = null;
String userID = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
if (ssoToken == null) {
FSUtils.debug.error("FSSSOAndFedService.handleAuthnRequest: " + "session token is null.");
return;
} else if (!sessionProvider.isValid(ssoToken)) {
FSUtils.debug.error("FSSSOAndFedService.handleAuthnRequest: " + "session token is not valid.");
return;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: " + "session token is valid.");
}
}
FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
FSSession session = sessionManager.getSession(ssoToken);
userID = sessionProvider.getPrincipalName(ssoToken);
if (session == null) {
session = new FSSession(sessionProvider.getSessionID(ssoToken));
session.setAuthnContext(authnContext);
sessionManager.addSession(userID, session);
} else {
session.setAuthnContext(authnContext);
}
} catch (SessionException se) {
FSUtils.debug.error("FSSSOAndFedService.handleAuthnRequest: ", se);
return;
}
try {
if (userID == null) {
LogUtil.error(Level.INFO, LogUtil.USER_NOT_FOUND, null, ssoToken);
return;
}
String remoteEntityID = authnRequest.getProviderId();
FSAccountManager acctMng = FSAccountManager.getInstance(metaAlias);
acctMng.readAccountFedInfo(userID, remoteEntityID);
/* Not useful at all. Commented out for now.
if (doNameRegis &&
(nameRegisDone == null ||
!nameRegisDone.equals(IFSConstants.TRUE)) &&
!authnRequest.getFederate())
{
// have to do nameregis now
Map queryMap = new HashMap();
queryMap.put(IFSConstants.AUTH_REQUEST_ID,
authnRequest.getRequestID());
queryMap.put(IFSConstants.PROVIDER_ID_KEY,hostEntityId);
queryMap.put(IFSConstants.AUTHN_CONTEXT,authnContext);
FSServiceManager instSManager = FSServiceManager.getInstance();
if (instSManager != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message(
"FSSSOAndFedService.handleAuthnRequest:" +
"FSServiceManager Instance not null");
}
try {
FSNameRegistrationHandler handlerObj =
instSManager.getNameRegistrationHandler(
realm, remoteEntityID, IFSConstants.SP);
SPDescriptorType remoteProviderDesc =
metaManager.getSPDescriptor(realm,remoteEntityID);
if (handlerObj != null) {
handlerObj.setHostedDescriptor(hostedDesc);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setMetaAlias(metaAlias);
handlerObj.setHostedEntityId(hostEntityId);
handlerObj.handleNameRegistration(
request,
response,
ssoToken,
(HashMap)queryMap);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message(
"FSSSOAndFedService.handleAuthnRequest:" +
"Control returned from name registration");
}
if (!FSServiceUtils.isRegisProfileSOAP(userID,
remoteEntityID,
remoteProviderDesc,
metaAlias,
hostedDesc))
{
return;
}
}
} catch (Exception ex){
FSUtils.debug.error(
"FSSSOAndFedService.handleAuthnRequest:Error in " +
"invoking Name registration. returning.", ex);
return;
}
}
}
*/
} catch (FSAccountMgmtException exp) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedService:: handleAuthnRequest()" + " No account information avialable for user. " + "So no invocation " + " of name registration. ", exp);
}
}
handleAuthnRequest(request, response, authnRequest, true, bLECP, realm, hostEntityId, metaAlias, hostedDesc, hostedConfig);
}
Aggregations