Search in sources :

Example 21 with FSSessionManager

use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.

the class FSSSOAndFedService method doGet.

/**
     * Processes single sign on request.
     * @param request <code>HttpServletRequest</code> object
     * @param response <code>HttpServletResponse</code> object
     * @exception ServletException, IOException if an error occurred
     */
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    FSUtils.debug.message("FSSSOAndFedService.doGet: Called");
    if ((request == null) || (response == null)) {
        FSUtils.debug.error("FSSSOAndFedService: " + FSUtils.bundle.getString("nullInputParameter"));
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
        return;
    }
    if (FSUtils.needSetLBCookieAndRedirect(request, response, true)) {
        return;
    }
    // check for post authn
    boolean bPostAuthn = false;
    boolean bLECP = false;
    String authnIndicator = request.getParameter(IFSConstants.AUTHN_INDICATOR_PARAM);
    if (authnIndicator == null) {
        FSUtils.debug.message("FSSSOAndFedService.doGet:Pre Authentication SSO");
        bPostAuthn = false;
    } else {
        FSUtils.debug.message("FSSSOAndFedService.doGet:Post Authentication SSO");
        bPostAuthn = true;
        String lecpIndicator = request.getParameter(IFSConstants.LECP_INDICATOR_PARAM);
        if (lecpIndicator == null) {
            FSUtils.debug.message("FSSSOAndFedService.doGet:non LECP request");
            bLECP = false;
        } else {
            FSUtils.debug.message("FSSSOAndFedService.doGet:post Authn LECP request");
            bLECP = true;
        }
        //Start Change
        String requestId = request.getParameter(IFSConstants.AUTH_REQUEST_ID);
        String hostEntityId = request.getParameter(IFSConstants.PROVIDER_ID_KEY);
        String authnContext = request.getParameter(IFSConstants.AUTHN_CONTEXT);
        String realm = request.getParameter(IFSConstants.REALM);
        String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
        FSSessionManager sessionService = FSSessionManager.getInstance(metaAlias);
        FSAuthnRequest authnRequest = sessionService.getAuthnRequest(requestId);
        if (authnRequest == null) {
            FSUtils.debug.message("FSSSOAndFedService.doGet: authnRequest is null");
        }
        if ((authnContext == null) || (authnContext.length() == 0)) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedService.doGet: authnContext is null. " + "Using default password");
            }
            authnContext = IFSConstants.DEFAULT_AUTHNCONTEXT_PASSWORD;
        }
        //End Change
        if (authnRequest != null && realm != null && realm.length() != 0 && hostEntityId != null && hostEntityId.length() != 0 && authnContext != null && authnContext.length() != 0) {
            handleAuthnRequest(request, response, authnRequest, realm, hostEntityId, bLECP, authnContext);
            return;
        } else {
            FSUtils.debug.error("FSSSOAndFedService.doGet: " + "AuthnRequest not found in FSSessionManager");
            response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInput"));
            return;
        }
    }
    // obtain AuthnRequest message
    //decode and create FSAuthnRequest object
    FSAuthnRequest authnRequest = null;
    try {
        authnRequest = FSAuthnRequest.parseURLEncodedRequest(request);
        if (authnRequest == null) {
            FSUtils.debug.error("FSSSOAndFedService: " + FSUtils.bundle.getString("invalidAuthnRequest"));
            String[] data = { FSUtils.bundle.getString("invalidAuthnRequest") };
            LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_REQUEST, data);
            response.sendError(response.SC_BAD_REQUEST, FSUtils.bundle.getString("invalidAuthnRequest"));
            return;
        }
    } catch (FSException e) {
        FSUtils.debug.error("FSSSOAndFedService: " + FSUtils.bundle.getString("invalidAuthnRequest") + ", queryString=" + request.getQueryString(), e);
        String[] data = { FSUtils.bundle.getString("invalidAuthnRequest") };
        LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_REQUEST, data);
        response.sendError(response.SC_BAD_REQUEST, FSUtils.bundle.getString("invalidAuthnRequest"));
        return;
    }
    String metaAlias = null;
    String realm = null;
    String hostEntityId = null;
    IDPDescriptorType hostedDesc = null;
    BaseConfigType hostedConfig = null;
    try {
        metaAlias = FSServiceUtils.getMetaAlias(request);
        realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
        hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
        hostedDesc = metaManager.getIDPDescriptor(realm, hostEntityId);
        hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
    } catch (Exception e) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedService: couldn't obtain hosted entity id:", e);
        }
    }
    handleAuthnRequest(request, response, authnRequest, bPostAuthn, bLECP, realm, hostEntityId, metaAlias, hostedDesc, hostedConfig);
    return;
}
Also used : IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType) BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest) FSException(com.sun.identity.federation.common.FSException) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) ServletException(javax.servlet.ServletException) SOAPException(javax.xml.soap.SOAPException) SessionException(com.sun.identity.plugin.session.SessionException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)

Example 22 with FSSessionManager

use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.

the class FSSSOAndFedService method handleAuthnRequest.

private void handleAuthnRequest(HttpServletRequest request, HttpServletResponse response, FSAuthnRequest authnRequest, boolean bPostAuthn, boolean bLECP, String realm, String hostEntityId, String metaAlias, IDPDescriptorType hostedDesc, BaseConfigType hostedConfig) {
    FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: Called");
    Object session = null;
    try {
        SessionProvider provider = SessionManager.getProvider();
        session = provider.getSession(request);
        if ((session != null) && (provider.isValid(session))) {
            MultiProtocolUtils.addFederationProtocol(session, SingleLogoutManager.IDFF);
        }
    } catch (SessionException e) {
        FSUtils.debug.warning("FSSSOFedService.handleAuthnRequest: hub", e);
    }
    try {
        if (!bPostAuthn && !authnRequest.getIsPassive()) {
            FSSessionManager sessionService = FSSessionManager.getInstance(metaAlias);
            sessionService.setAuthnRequest(authnRequest.getRequestID(), authnRequest);
        } else {
            // remove it from authn request map
            FSSessionManager sessionService = FSSessionManager.getInstance(metaAlias);
            sessionService.removeAuthnRequest(authnRequest.getRequestID());
        }
        // handle sso
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: " + "Trying to handle AuthnRequest message: " + authnRequest.toXMLString());
            List extensions = authnRequest.getExtensions();
            if ((extensions != null) && (!extensions.isEmpty())) {
                FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: " + "AuthnRequest extensions: " + ((Extension) extensions.get(0)).getAttributeMap());
                ;
            }
        }
        FSServiceManager sm = FSServiceManager.getInstance();
        FSSSOAndFedHandler handler = null;
        if (!bLECP) {
            handler = sm.getSSOAndFedHandler(request, response, authnRequest, realm);
        } else {
            handler = sm.getLECPProfileHandler(request, response, authnRequest, realm);
        }
        if (handler == null) {
            FSUtils.debug.error("FSSSOAndFedService.handleAuthnRequest: " + "could not create SSOAndFedHandler");
            String[] data = { FSUtils.bundle.getString("requestProcessingFailed") };
            LogUtil.error(Level.INFO, LogUtil.AUTHN_REQUEST_PROCESSING_FAILED, data, session);
            response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("requestProcessingFailed"));
            return;
        }
        if ((agent != null) && agent.isRunning() && (idffSvc != null)) {
            idffSvc.incIdAuthnRqt();
        }
        handler.setHostedEntityId(hostEntityId);
        handler.setMetaAlias(metaAlias);
        handler.setHostedDescriptor(hostedDesc);
        handler.setHostedDescriptorConfig(hostedConfig);
        handler.setRealm(realm);
        handler.processAuthnRequest(authnRequest, bPostAuthn);
        return;
    } catch (Exception se) {
        FSUtils.debug.error("FSSSOAndFedService: Exception occured:", se);
        try {
            response.sendError(response.SC_INTERNAL_SERVER_ERROR, se.getMessage());
        } catch (IOException ex) {
            FSUtils.debug.error("FSSSOAndFedService: Exception occured " + ex.getMessage());
        }
        return;
    }
}
Also used : Extension(com.sun.identity.federation.message.common.Extension) FSServiceManager(com.sun.identity.federation.services.FSServiceManager) SessionException(com.sun.identity.plugin.session.SessionException) List(java.util.List) IOException(java.io.IOException) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) ServletException(javax.servlet.ServletException) SOAPException(javax.xml.soap.SOAPException) SessionException(com.sun.identity.plugin.session.SessionException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 23 with FSSessionManager

use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.

the class FSLogoutUtil method removeCurrentSessionPartner.

/**
     * Removes current session partner from the session partner list.
     *
     * @param metaAlias meta alias of the hosted provider
     * @param remoteEntityId id of the remote provider
     * @param ssoToken session object of the principal who presently login
     * @param userID id of the principal
     */
public static void removeCurrentSessionPartner(String metaAlias, String remoteEntityId, Object ssoToken, String userID) {
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSLogoutUtil.removeCSP, hosted=" + metaAlias + ", remote=" + remoteEntityId + ", userID=" + userID);
    }
    FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
    FSSession session = sessionManager.getSession(ssoToken);
    FSLogoutUtil.cleanSessionMapPartnerList(userID, remoteEntityId, metaAlias, session);
}
Also used : FSSession(com.sun.identity.federation.services.FSSession) FSSessionManager(com.sun.identity.federation.services.FSSessionManager)

Example 24 with FSSessionManager

use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.

the class FSLogoutUtil method getLogoutGETProviders.

/**
     * Returns the list of all providers who want to be
     * notified of logout using HTTP GET profile.
     * @param userID principal who needs to be logged out
     * @param entityId current provider who uses HTTP GET profile for logout
     * @param sessionIndex for the current provider
     * @param realm the realm in which the provider resides
     * @param metaAlias the hosted provider performing logout
     * @return HashMap list of providers who indicate preference to be notified 
     * of logout using GET profile
     */
protected static HashMap getLogoutGETProviders(String userID, String entityId, String sessionIndex, String realm, String metaAlias) {
    try {
        FSUtils.debug.message("Entered FSLogoutUtil::getLogoutGETProviders");
        HashMap retMap = new HashMap();
        Vector providerVector = new Vector();
        HashMap sessionProvider = new HashMap();
        providerVector.addElement(entityId);
        sessionProvider.put(entityId, sessionIndex);
        FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
        synchronized (sessionMgr) {
            FSUtils.debug.message("About to call getSessionList");
            List sessionList = sessionMgr.getSessionList(userID);
            if (sessionList != null && !sessionList.isEmpty()) {
                FSUtils.debug.message("Session List is not empty");
                Iterator iSessionIter = sessionList.iterator();
                FSSession sessionObj;
                while (iSessionIter.hasNext()) {
                    sessionObj = (FSSession) iSessionIter.next();
                    if ((sessionObj.getSessionPartners()).isEmpty()) {
                        continue;
                    } else {
                        String nSessionIndex = sessionObj.getSessionIndex();
                        List sessionPartners = sessionObj.getSessionPartners();
                        Iterator iPartnerIter = sessionPartners.iterator();
                        FSSessionPartner sessionPartner;
                        while (iPartnerIter.hasNext()) {
                            sessionPartner = (FSSessionPartner) iPartnerIter.next();
                            // Only SP can specify GET profile for logout
                            if (!sessionPartner.getIsRoleIDP()) {
                                String curEntityId = sessionPartner.getPartner();
                                ProviderDescriptorType curDesc = metaManager.getSPDescriptor(realm, curEntityId);
                                if (curDesc != null) {
                                    List profiles = curDesc.getSingleLogoutProtocolProfile();
                                    if (profiles != null && !profiles.isEmpty()) {
                                        if (((String) profiles.iterator().next()).equals(IFSConstants.LOGOUT_IDP_GET_PROFILE)) {
                                            if (FSUtils.debug.messageEnabled()) {
                                                FSUtils.debug.message("provider " + curEntityId + " Added for GET");
                                            }
                                            providerVector.addElement(curEntityId);
                                            sessionProvider.put(curEntityId, nSessionIndex);
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            } else {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Session List is  empty, returning " + "current provider from getLogoutGETProviders");
                }
            }
            retMap.put(IFSConstants.PROVIDER, providerVector);
            retMap.put(IFSConstants.SESSION_INDEX, sessionProvider);
            return retMap;
        }
    } catch (IDFFMetaException e) {
        FSUtils.debug.error("IDFFMetaException in function " + " getLogoutGETProviders", e);
        return null;
    }
}
Also used : FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner) HashMap(java.util.HashMap) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType) Iterator(java.util.Iterator) FSSession(com.sun.identity.federation.services.FSSession) List(java.util.List) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) Vector(java.util.Vector)

Example 25 with FSSessionManager

use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.

the class FSLogoutUtil method cleanSessionMap.

/**
     * Cleans the FSSessionManager maintained session for the given principal, 
     * provider Id and removes all references to the provider since logout 
     * notification has already been sent to that provider.
     * @param userDN the principal whose session needs to be destroyed
     * @param currentEntityId the provider to whom logout notification is 
     * about to be sent
     * @param  the hostedProvider doing logout cleanup
     */
/* 
    protected static void cleanSessionWithNoPartners(
      String userDN,
      String currentEntityId,
      String metaAlias)
    {
        FSSessionManager sessionMgr =
            FSSessionManager.getInstance(metaAlias);
        synchronized (sessionMgr) {
            List sessionList = sessionMgr.getSessionList(userDN);
            if (sessionList != null){
                FSUtils.debug.message("Session list is not null");
                Iterator iter = sessionList.iterator();
                FSSession sessionObj;
                while (iter.hasNext()){
                    sessionObj = (FSSession)iter.next();
                    if ((sessionObj.getSessionPartners()).isEmpty()) {
                        sessionMgr.removeSession(userDN, sessionObj);
                    }
                }
            } else {
                FSUtils.debug.message("Session list is null");
            }
        }
    }
*/
/**
     * Cleans the <code>FSSessionManager</code> maintained session
     * for the given principal. Logout notification has already been sent to all
     * providers that had live connections for this user
     * If <code>FSSession</code> is null, then it cleans up the user's all 
     * sessions.
     * @param userDn the principal whose session needs to be destroyed
     * @param metaAlias the hostedProvider doing logout cleanup
     * @param session Liberty session.
     * @return <code>true</code> if session map cleaning was successful;
     *  <code>false</code> otherwise.
     */
protected static boolean cleanSessionMap(String userDn, String metaAlias, FSSession session) {
    FSUtils.debug.message("Entered cleanSessionMap");
    FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
    synchronized (sessionMgr) {
        if (session == null) {
            sessionMgr.removeSessionList(userDn);
        } else {
            sessionMgr.removeSession(userDn, session);
        }
    }
    FSUtils.debug.message("Leaving cleanSessionMap");
    return true;
}
Also used : FSSessionManager(com.sun.identity.federation.services.FSSessionManager)

Aggregations

FSSessionManager (com.sun.identity.federation.services.FSSessionManager)48 FSSession (com.sun.identity.federation.services.FSSession)30 SessionException (com.sun.identity.plugin.session.SessionException)29 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)19 IOException (java.io.IOException)19 FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)18 SAMLException (com.sun.identity.saml.common.SAMLException)16 FSSessionPartner (com.sun.identity.federation.services.FSSessionPartner)13 List (java.util.List)13 FSException (com.sun.identity.federation.common.FSException)12 HashMap (java.util.HashMap)11 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)10 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)10 SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)10 Iterator (java.util.Iterator)10 SessionProvider (com.sun.identity.plugin.session.SessionProvider)9 ServletException (javax.servlet.ServletException)9 FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)8 IDPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)8 COTException (com.sun.identity.cot.COTException)7