use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.
the class FSSSOAndFedService method doGet.
/**
* Processes single sign on request.
* @param request <code>HttpServletRequest</code> object
* @param response <code>HttpServletResponse</code> object
* @exception ServletException, IOException if an error occurred
*/
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
FSUtils.debug.message("FSSSOAndFedService.doGet: Called");
if ((request == null) || (response == null)) {
FSUtils.debug.error("FSSSOAndFedService: " + FSUtils.bundle.getString("nullInputParameter"));
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
return;
}
if (FSUtils.needSetLBCookieAndRedirect(request, response, true)) {
return;
}
// check for post authn
boolean bPostAuthn = false;
boolean bLECP = false;
String authnIndicator = request.getParameter(IFSConstants.AUTHN_INDICATOR_PARAM);
if (authnIndicator == null) {
FSUtils.debug.message("FSSSOAndFedService.doGet:Pre Authentication SSO");
bPostAuthn = false;
} else {
FSUtils.debug.message("FSSSOAndFedService.doGet:Post Authentication SSO");
bPostAuthn = true;
String lecpIndicator = request.getParameter(IFSConstants.LECP_INDICATOR_PARAM);
if (lecpIndicator == null) {
FSUtils.debug.message("FSSSOAndFedService.doGet:non LECP request");
bLECP = false;
} else {
FSUtils.debug.message("FSSSOAndFedService.doGet:post Authn LECP request");
bLECP = true;
}
//Start Change
String requestId = request.getParameter(IFSConstants.AUTH_REQUEST_ID);
String hostEntityId = request.getParameter(IFSConstants.PROVIDER_ID_KEY);
String authnContext = request.getParameter(IFSConstants.AUTHN_CONTEXT);
String realm = request.getParameter(IFSConstants.REALM);
String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
FSSessionManager sessionService = FSSessionManager.getInstance(metaAlias);
FSAuthnRequest authnRequest = sessionService.getAuthnRequest(requestId);
if (authnRequest == null) {
FSUtils.debug.message("FSSSOAndFedService.doGet: authnRequest is null");
}
if ((authnContext == null) || (authnContext.length() == 0)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedService.doGet: authnContext is null. " + "Using default password");
}
authnContext = IFSConstants.DEFAULT_AUTHNCONTEXT_PASSWORD;
}
//End Change
if (authnRequest != null && realm != null && realm.length() != 0 && hostEntityId != null && hostEntityId.length() != 0 && authnContext != null && authnContext.length() != 0) {
handleAuthnRequest(request, response, authnRequest, realm, hostEntityId, bLECP, authnContext);
return;
} else {
FSUtils.debug.error("FSSSOAndFedService.doGet: " + "AuthnRequest not found in FSSessionManager");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInput"));
return;
}
}
// obtain AuthnRequest message
//decode and create FSAuthnRequest object
FSAuthnRequest authnRequest = null;
try {
authnRequest = FSAuthnRequest.parseURLEncodedRequest(request);
if (authnRequest == null) {
FSUtils.debug.error("FSSSOAndFedService: " + FSUtils.bundle.getString("invalidAuthnRequest"));
String[] data = { FSUtils.bundle.getString("invalidAuthnRequest") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_REQUEST, data);
response.sendError(response.SC_BAD_REQUEST, FSUtils.bundle.getString("invalidAuthnRequest"));
return;
}
} catch (FSException e) {
FSUtils.debug.error("FSSSOAndFedService: " + FSUtils.bundle.getString("invalidAuthnRequest") + ", queryString=" + request.getQueryString(), e);
String[] data = { FSUtils.bundle.getString("invalidAuthnRequest") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_REQUEST, data);
response.sendError(response.SC_BAD_REQUEST, FSUtils.bundle.getString("invalidAuthnRequest"));
return;
}
String metaAlias = null;
String realm = null;
String hostEntityId = null;
IDPDescriptorType hostedDesc = null;
BaseConfigType hostedConfig = null;
try {
metaAlias = FSServiceUtils.getMetaAlias(request);
realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
hostedDesc = metaManager.getIDPDescriptor(realm, hostEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedService: couldn't obtain hosted entity id:", e);
}
}
handleAuthnRequest(request, response, authnRequest, bPostAuthn, bLECP, realm, hostEntityId, metaAlias, hostedDesc, hostedConfig);
return;
}
use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.
the class FSSSOAndFedService method handleAuthnRequest.
private void handleAuthnRequest(HttpServletRequest request, HttpServletResponse response, FSAuthnRequest authnRequest, boolean bPostAuthn, boolean bLECP, String realm, String hostEntityId, String metaAlias, IDPDescriptorType hostedDesc, BaseConfigType hostedConfig) {
FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: Called");
Object session = null;
try {
SessionProvider provider = SessionManager.getProvider();
session = provider.getSession(request);
if ((session != null) && (provider.isValid(session))) {
MultiProtocolUtils.addFederationProtocol(session, SingleLogoutManager.IDFF);
}
} catch (SessionException e) {
FSUtils.debug.warning("FSSSOFedService.handleAuthnRequest: hub", e);
}
try {
if (!bPostAuthn && !authnRequest.getIsPassive()) {
FSSessionManager sessionService = FSSessionManager.getInstance(metaAlias);
sessionService.setAuthnRequest(authnRequest.getRequestID(), authnRequest);
} else {
// remove it from authn request map
FSSessionManager sessionService = FSSessionManager.getInstance(metaAlias);
sessionService.removeAuthnRequest(authnRequest.getRequestID());
}
// handle sso
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: " + "Trying to handle AuthnRequest message: " + authnRequest.toXMLString());
List extensions = authnRequest.getExtensions();
if ((extensions != null) && (!extensions.isEmpty())) {
FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: " + "AuthnRequest extensions: " + ((Extension) extensions.get(0)).getAttributeMap());
;
}
}
FSServiceManager sm = FSServiceManager.getInstance();
FSSSOAndFedHandler handler = null;
if (!bLECP) {
handler = sm.getSSOAndFedHandler(request, response, authnRequest, realm);
} else {
handler = sm.getLECPProfileHandler(request, response, authnRequest, realm);
}
if (handler == null) {
FSUtils.debug.error("FSSSOAndFedService.handleAuthnRequest: " + "could not create SSOAndFedHandler");
String[] data = { FSUtils.bundle.getString("requestProcessingFailed") };
LogUtil.error(Level.INFO, LogUtil.AUTHN_REQUEST_PROCESSING_FAILED, data, session);
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("requestProcessingFailed"));
return;
}
if ((agent != null) && agent.isRunning() && (idffSvc != null)) {
idffSvc.incIdAuthnRqt();
}
handler.setHostedEntityId(hostEntityId);
handler.setMetaAlias(metaAlias);
handler.setHostedDescriptor(hostedDesc);
handler.setHostedDescriptorConfig(hostedConfig);
handler.setRealm(realm);
handler.processAuthnRequest(authnRequest, bPostAuthn);
return;
} catch (Exception se) {
FSUtils.debug.error("FSSSOAndFedService: Exception occured:", se);
try {
response.sendError(response.SC_INTERNAL_SERVER_ERROR, se.getMessage());
} catch (IOException ex) {
FSUtils.debug.error("FSSSOAndFedService: Exception occured " + ex.getMessage());
}
return;
}
}
use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.
the class FSLogoutUtil method removeCurrentSessionPartner.
/**
* Removes current session partner from the session partner list.
*
* @param metaAlias meta alias of the hosted provider
* @param remoteEntityId id of the remote provider
* @param ssoToken session object of the principal who presently login
* @param userID id of the principal
*/
public static void removeCurrentSessionPartner(String metaAlias, String remoteEntityId, Object ssoToken, String userID) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSLogoutUtil.removeCSP, hosted=" + metaAlias + ", remote=" + remoteEntityId + ", userID=" + userID);
}
FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
FSSession session = sessionManager.getSession(ssoToken);
FSLogoutUtil.cleanSessionMapPartnerList(userID, remoteEntityId, metaAlias, session);
}
use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.
the class FSLogoutUtil method getLogoutGETProviders.
/**
* Returns the list of all providers who want to be
* notified of logout using HTTP GET profile.
* @param userID principal who needs to be logged out
* @param entityId current provider who uses HTTP GET profile for logout
* @param sessionIndex for the current provider
* @param realm the realm in which the provider resides
* @param metaAlias the hosted provider performing logout
* @return HashMap list of providers who indicate preference to be notified
* of logout using GET profile
*/
protected static HashMap getLogoutGETProviders(String userID, String entityId, String sessionIndex, String realm, String metaAlias) {
try {
FSUtils.debug.message("Entered FSLogoutUtil::getLogoutGETProviders");
HashMap retMap = new HashMap();
Vector providerVector = new Vector();
HashMap sessionProvider = new HashMap();
providerVector.addElement(entityId);
sessionProvider.put(entityId, sessionIndex);
FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
synchronized (sessionMgr) {
FSUtils.debug.message("About to call getSessionList");
List sessionList = sessionMgr.getSessionList(userID);
if (sessionList != null && !sessionList.isEmpty()) {
FSUtils.debug.message("Session List is not empty");
Iterator iSessionIter = sessionList.iterator();
FSSession sessionObj;
while (iSessionIter.hasNext()) {
sessionObj = (FSSession) iSessionIter.next();
if ((sessionObj.getSessionPartners()).isEmpty()) {
continue;
} else {
String nSessionIndex = sessionObj.getSessionIndex();
List sessionPartners = sessionObj.getSessionPartners();
Iterator iPartnerIter = sessionPartners.iterator();
FSSessionPartner sessionPartner;
while (iPartnerIter.hasNext()) {
sessionPartner = (FSSessionPartner) iPartnerIter.next();
// Only SP can specify GET profile for logout
if (!sessionPartner.getIsRoleIDP()) {
String curEntityId = sessionPartner.getPartner();
ProviderDescriptorType curDesc = metaManager.getSPDescriptor(realm, curEntityId);
if (curDesc != null) {
List profiles = curDesc.getSingleLogoutProtocolProfile();
if (profiles != null && !profiles.isEmpty()) {
if (((String) profiles.iterator().next()).equals(IFSConstants.LOGOUT_IDP_GET_PROFILE)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("provider " + curEntityId + " Added for GET");
}
providerVector.addElement(curEntityId);
sessionProvider.put(curEntityId, nSessionIndex);
}
}
}
}
}
}
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Session List is empty, returning " + "current provider from getLogoutGETProviders");
}
}
retMap.put(IFSConstants.PROVIDER, providerVector);
retMap.put(IFSConstants.SESSION_INDEX, sessionProvider);
return retMap;
}
} catch (IDFFMetaException e) {
FSUtils.debug.error("IDFFMetaException in function " + " getLogoutGETProviders", e);
return null;
}
}
use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.
the class FSLogoutUtil method cleanSessionMap.
/**
* Cleans the FSSessionManager maintained session for the given principal,
* provider Id and removes all references to the provider since logout
* notification has already been sent to that provider.
* @param userDN the principal whose session needs to be destroyed
* @param currentEntityId the provider to whom logout notification is
* about to be sent
* @param the hostedProvider doing logout cleanup
*/
/*
protected static void cleanSessionWithNoPartners(
String userDN,
String currentEntityId,
String metaAlias)
{
FSSessionManager sessionMgr =
FSSessionManager.getInstance(metaAlias);
synchronized (sessionMgr) {
List sessionList = sessionMgr.getSessionList(userDN);
if (sessionList != null){
FSUtils.debug.message("Session list is not null");
Iterator iter = sessionList.iterator();
FSSession sessionObj;
while (iter.hasNext()){
sessionObj = (FSSession)iter.next();
if ((sessionObj.getSessionPartners()).isEmpty()) {
sessionMgr.removeSession(userDN, sessionObj);
}
}
} else {
FSUtils.debug.message("Session list is null");
}
}
}
*/
/**
* Cleans the <code>FSSessionManager</code> maintained session
* for the given principal. Logout notification has already been sent to all
* providers that had live connections for this user
* If <code>FSSession</code> is null, then it cleans up the user's all
* sessions.
* @param userDn the principal whose session needs to be destroyed
* @param metaAlias the hostedProvider doing logout cleanup
* @param session Liberty session.
* @return <code>true</code> if session map cleaning was successful;
* <code>false</code> otherwise.
*/
protected static boolean cleanSessionMap(String userDn, String metaAlias, FSSession session) {
FSUtils.debug.message("Entered cleanSessionMap");
FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
synchronized (sessionMgr) {
if (session == null) {
sessionMgr.removeSessionList(userDn);
} else {
sessionMgr.removeSession(userDn, session);
}
}
FSUtils.debug.message("Leaving cleanSessionMap");
return true;
}
Aggregations