Search in sources :

Example 26 with FSSessionManager

use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.

the class FSBrowserArtifactConsumerHandler method processSAMLResponse.

private void processSAMLResponse(FSResponse samlResponse) {
    FSUtils.debug.message("FSBrowserArtifactConsumerHandler.processSAMLResponse: Called");
    String baseURL = FSServiceUtils.getBaseURL(request);
    String framedPageURL = FSServiceUtils.getCommonLoginPageURL(hostMetaAlias, relayState, null, request, baseURL);
    try {
        if (samlResponse == null) {
            FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: null input " + FSUtils.bundle.getString("missingResponse"));
            String[] data = { FSUtils.bundle.getString("missingResponse") };
            LogUtil.error(Level.INFO, LogUtil.MISSING_RESPONSE, data);
            FSUtils.forwardRequest(request, response, framedPageURL);
            return;
        }
        FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostEntityId, hostConfig);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: Received " + samlResponse.toXMLString());
        }
        boolean valid = verifyResponseStatus(samlResponse);
        if (!valid) {
            FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: verify Status failed " + FSUtils.bundle.getString("invalidResponse"));
            String[] data = { samlResponse.toXMLString() };
            LogUtil.error(Level.INFO, LogUtil.INVALID_RESPONSE, data);
            if (spAdapter == null || !spAdapter.postSSOFederationFailure(hostEntityId, request, response, authnRequest, null, samlResponse, FederationSPAdapter.INVALID_RESPONSE)) {
                FSUtils.forwardRequest(request, response, framedPageURL);
            }
            return;
        }
        // check Assertion
        List assertions = samlResponse.getAssertion();
        if ((assertions == null) || !(assertions.size() > 0)) {
            FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse" + FSUtils.bundle.getString("invalidResponse") + ": No assertion found inside the AuthnResponse");
            String[] data = { samlResponse.toXMLString() };
            LogUtil.error(Level.INFO, LogUtil.INVALID_RESPONSE, data);
            FSUtils.forwardRequest(request, response, framedPageURL);
            return;
        }
        Iterator iter = assertions.iterator();
        FSAssertion assertion = (FSAssertion) iter.next();
        FSAuthnRequest authnRequestRef = getInResponseToRequest(assertion.getInResponseTo());
        if (authnRequestRef == null) {
            FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: " + FSUtils.bundle.getString("invalidResponse") + ": Assertion does not correspond to any AuthnRequest");
            String[] data = { samlResponse.toXMLString() };
            LogUtil.error(Level.INFO, LogUtil.INVALID_RESPONSE, data);
            FSUtils.forwardRequest(request, response, framedPageURL);
            return;
        }
        this.authnRequest = authnRequestRef;
        this.relayState = authnRequest.getRelayState();
        if ((this.relayState == null) || (this.relayState.trim().length() == 0)) {
            this.relayState = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.PROVIDER_HOME_PAGE_URL);
            if ((this.relayState == null) || (this.relayState.trim().length() == 0)) {
                this.relayState = baseURL + IFSConstants.SP_DEFAULT_RELAY_STATE;
            }
        }
        this.doFederate = authnRequest.getFederate();
        this.nameIDPolicy = authnRequest.getNameIDPolicy();
        // Call SP preSSOFederationProcess for Artifact case
        if (spAdapter != null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSBrowserArtifactConsumerHandler, " + "Artifact, Invoke spAdapter.preSSOFederationProcess");
            }
            try {
                spAdapter.preSSOFederationProcess(hostEntityId, request, response, authnRequest, null, (FSResponse) samlResponse);
            } catch (Exception e) {
                // log run time exception in Adapter
                // implementation, continue
                FSUtils.debug.error("FSAssertionArtifactHandler" + " SPAdapter.preSSOFederationSuccess", e);
            }
        }
        framedPageURL = FSServiceUtils.getCommonLoginPageURL(hostMetaAlias, authnRequest.getRelayState(), null, request, baseURL);
        String idpEntityIdRef = getProvider(assertion.getInResponseTo());
        if ((idpEntityIdRef == null) || !(idpEntityIdRef.equals(idpEntityId))) {
            FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: " + FSUtils.bundle.getString("invalidAssertion") + ": Assertion does not correspond to any IDP");
            String[] data = { FSUtils.bundle.getString("invalidAssertion") };
            LogUtil.error(Level.INFO, LogUtil.INVALID_ASSERTION, data);
            FSUtils.forwardRequest(request, response, framedPageURL);
            return;
        }
        FSSubject validSubject = (FSSubject) validateAssertions(assertions);
        if (validSubject == null) {
            FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: validateAssertions failed: " + FSUtils.bundle.getString("invalidAssertion"));
            String[] data = { FSUtils.bundle.getString("invalidAssertion") };
            LogUtil.error(Level.INFO, LogUtil.INVALID_ASSERTION, data);
            if (spAdapter == null || !spAdapter.postSSOFederationFailure(hostEntityId, request, response, authnRequest, null, samlResponse, FederationSPAdapter.INVALID_RESPONSE)) {
                FSUtils.forwardRequest(request, response, framedPageURL);
            }
            return;
        }
        if (doFederate) {
            NameIdentifier ni = validSubject.getIDPProvidedNameIdentifier();
            if (ni == null) {
                ni = validSubject.getNameIdentifier();
            }
            if (ni != null) {
                int returnCode = doAccountFederation(ni);
                if (returnCode == FederationSPAdapter.SUCCESS) {
                    // remove it from session manager table
                    FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
                    sessionManager.removeAuthnRequest(assertion.getInResponseTo());
                    return;
                } else {
                    FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: " + FSUtils.bundle.getString("AccountFederationFailed"));
                    String[] data = { FSUtils.bundle.getString("AccountFederationFailed") };
                    LogUtil.error(Level.INFO, LogUtil.ACCOUNT_FEDERATION_FAILED, data);
                    if (spAdapter == null || !spAdapter.postSSOFederationFailure(hostEntityId, request, response, authnRequest, authnResponse, samlResponse, returnCode)) {
                        FSUtils.forwardRequest(request, response, framedPageURL);
                    }
                }
            } else {
                FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: Single Sign-On failed. " + "NameIdentifier of the subject is null: ");
                String[] data = { FSUtils.bundle.getString("SingleSignOnFailed") };
                LogUtil.error(Level.INFO, LogUtil.SINGLE_SIGNON_FAILED, data);
                throw new FSException("missingNIofSubject", null);
            }
        } else {
            // remove it from session manager table
            FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
            sessionManager.removeAuthnRequest(assertion.getInResponseTo());
            NameIdentifier niIdp = validSubject.getIDPProvidedNameIdentifier();
            NameIdentifier ni = validSubject.getNameIdentifier();
            if (niIdp == null) {
                niIdp = ni;
            }
            if ((niIdp == null) || (ni == null)) {
                String[] data = { FSUtils.bundle.getString("invalidResponse") };
                LogUtil.error(Level.INFO, LogUtil.INVALID_RESPONSE, data);
                FSUtils.forwardRequest(request, response, framedPageURL);
                return;
            }
            String idpHandle = niIdp.getName();
            String spHandle = ni.getName();
            int handleType;
            if ((idpHandle == null) || (spHandle == null)) {
                String[] data = { FSUtils.bundle.getString("invalidResponse") };
                LogUtil.error(Level.INFO, LogUtil.INVALID_RESPONSE, data);
                FSUtils.forwardRequest(request, response, framedPageURL);
                return;
            }
            if (idpHandle.equals(spHandle)) {
                ni = niIdp;
                handleType = IFSConstants.REMOTE_OPAQUE_HANDLE;
            } else {
                handleType = IFSConstants.LOCAL_OPAQUE_HANDLE;
            }
            if (ni != null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: NameIdentifier=" + ni.getName() + " securityDomain=" + ni.getNameQualifier());
                }
                Map env = new HashMap();
                env.put(IFSConstants.FS_USER_PROVIDER_ENV_FSRESPONSE_KEY, samlResponse);
                int returnCode = doSingleSignOn(ni, handleType, niIdp, env);
                if (returnCode == FederationSPAdapter.SUCCESS) {
                    String requestID = assertion.getInResponseTo();
                    if (isIDPProxyEnabled(requestID)) {
                        sendProxyResponse(requestID);
                        return;
                    }
                    String[] data = { this.relayState };
                    LogUtil.access(Level.INFO, LogUtil.ACCESS_GRANTED_REDIRECT_TO, data, ssoToken);
                    // Call SP Adapter
                    if (spAdapter != null) {
                        FSUtils.debug.message("Invoke spAdapter");
                        try {
                            if (spAdapter.postSSOFederationSuccess(hostEntityId, request, response, ssoToken, authnRequest, null, samlResponse)) {
                                return;
                            }
                        } catch (Exception e) {
                            // log run time exception in Adapter
                            // implementation, continue
                            FSUtils.debug.error("FSAssertionArtifactHandler" + " SPAdapter.postSSOFederationSuccess:", e);
                        }
                    }
                    redirectToResource(this.relayState);
                    return;
                } else {
                    FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: SingleSignOnFailed, ni=" + ni.getName() + "[" + ni.getNameQualifier() + "]");
                    String[] data = { ni.getName() };
                    LogUtil.error(Level.INFO, LogUtil.SINGLE_SIGNON_FAILED, data);
                    if (spAdapter == null || !spAdapter.postSSOFederationFailure(hostEntityId, request, response, authnRequest, null, samlResponse, returnCode)) {
                        FSUtils.forwardRequest(request, response, framedPageURL);
                    }
                    return;
                }
            } else {
                FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: SingleSignOnFailed (null)");
                String[] data = { FSUtils.bundle.getString("SingleSignOnFailed") };
                LogUtil.error(Level.INFO, LogUtil.SINGLE_SIGNON_FAILED, data);
                throw new FSException("missingNIofSubject", null);
            }
        }
    } catch (Exception e) {
        FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: Exception occured: ", e);
        return;
    }
}
Also used : FSSubject(com.sun.identity.federation.message.FSSubject) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) HashMap(java.util.HashMap) FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) FSAssertion(com.sun.identity.federation.message.FSAssertion) Iterator(java.util.Iterator) FSException(com.sun.identity.federation.common.FSException) List(java.util.List) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter) HashMap(java.util.HashMap) Map(java.util.Map)

Example 27 with FSSessionManager

use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.

the class FSAssertionArtifactHandler method getInResponseToRequest.

protected FSAuthnRequest getInResponseToRequest(String requestID) {
    FSUtils.debug.message("FSBrowserArtifactConsumerHandler.getInResponseToRequest: Called");
    FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
    return authnRequest = sessionManager.getAuthnRequest(requestID);
}
Also used : FSSessionManager(com.sun.identity.federation.services.FSSessionManager)

Example 28 with FSSessionManager

use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.

the class FSPostLogin method setTokenListenerAndSessionInfo.

/**
     * Sets the Session Listener and session information.
     *
     * @param request the <code>HttpServletRequest</code> object.
     * @param metaAlias the provider alias string.
     */
private void setTokenListenerAndSessionInfo(HttpServletRequest request, String metaAlias) {
    Object ssoToken = null;
    String sessionID = null;
    String userID = null;
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        ssoToken = sessionProvider.getSession(request);
        sessionID = sessionProvider.getSessionID(ssoToken);
        userID = sessionProvider.getPrincipalName(ssoToken);
        sessionProvider.addListener(ssoToken, new FSTokenListener(metaAlias));
    } catch (SessionException ssoExp) {
        FSUtils.debug.error("FSPostLogin::setTokenListenerAndSessionInfo " + "Failed during trying to add token Listener:", ssoExp);
        return;
    }
    FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
    FSSession session = sessionManager.getSession(userID, sessionID);
    if (session == null) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSPostLogin::setTokenListenerAndSessionInfo. " + "No existing session found for user " + userID + " And SessionID: " + sessionID + " Creating a new Session");
        }
        FSSession newSession = new FSSession(sessionID);
        sessionManager.addSession(userID, newSession);
    }
}
Also used : FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) FSTokenListener(com.sun.identity.federation.services.logout.FSTokenListener) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 29 with FSSessionManager

use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.

the class FSPostLogin method doPostLogin.

/**
     * Retreives and forwards request to URL after login.
     *
     * @param request <code>HttpServletRequest</code> object.
     * @param response <code>HttpServletResponse</code> object.
     */
public void doPostLogin(HttpServletRequest request, HttpServletResponse response) {
    String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
    String sso = request.getParameter(IFSConstants.SSOKEY);
    String lrURL = request.getParameter(IFSConstants.LRURL);
    String showFederatePage = request.getParameter(IFSConstants.FEDERATEKEY);
    String returnURL = null;
    if (metaAlias == null) {
        metaAlias = FSServiceUtils.getMetaAlias(request);
        String rqst = (new StringBuffer()).append(request.getRequestURL().toString()).append(IFSConstants.QUESTION_MARK).append(request.getQueryString()).toString();
        lrURL = getValueFromURL(rqst, IFSConstants.LRURL);
        sso = getValueFromURL(rqst, IFSConstants.SSOKEY);
        // this is for LECP, we need to map the random id back to
        // original URL stored in session manager
        FSSessionManager sessMgr = FSSessionManager.getInstance(metaAlias);
        String relayStateURL = sessMgr.getRelayState(lrURL);
        if (relayStateURL != null) {
            sessMgr.removeRelayState(lrURL);
            lrURL = relayStateURL;
        }
    }
    try {
        setMetaInfo(metaAlias, request);
    } catch (FSPostLoginException fsexp) {
        sendResponse(request, response, errorPage);
    }
    if (lrURL == null || lrURL.length() <= 0) {
        lrURL = LibertyManager.getHomeURL(realm, entityID, providerRole);
    }
    if ((sso != null && sso.length() > 0 && sso.equalsIgnoreCase(IFSConstants.SSOVALUE)) || isIDP) {
        // means in middle of SSO show consent to introduction page
        try {
            Set cotSet = LibertyManager.getListOfCOTs(realm, entityID, providerRole);
            if (cotSet != null && !cotSet.isEmpty()) {
                if (cotSet.size() <= 1) {
                    String cotSelected = (String) cotSet.iterator().next();
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSPostLogin::doPostLogin " + "single cot present is " + cotSelected);
                    }
                    returnURL = doConsentToIntro(metaAlias, lrURL, cotSelected);
                } else {
                    returnURL = new StringBuffer().append(consentPage).append(IFSConstants.QUESTION_MARK).append(IFSConstants.META_ALIAS).append(IFSConstants.EQUAL_TO).append(metaAlias).append(IFSConstants.AMPERSAND).append(IFSConstants.LRURL).append(IFSConstants.EQUAL_TO).append(URLEncDec.encode(lrURL)).toString();
                }
            } else {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSPostLogin::doPostLogin: No " + "COTS configured. redirecting to lrurl " + lrURL);
                }
                returnURL = lrURL;
            }
        } catch (FSPostLoginException fsexp) {
            sendResponse(request, response, errorPage);
        }
    } else if (showFederatePage != null && !showFederatePage.equalsIgnoreCase(IFSConstants.FEDERATEVALUE)) {
        //show do u want to federate page with list of IDP's
        String providerID = LibertyManager.getEntityID(metaAlias);
        String univId = LibertyManager.getUser(request);
        if (univId == null) {
            String gotoUrl = new StringBuffer().append(request.getRequestURL()).append(IFSConstants.QUESTION_MARK).append(IFSConstants.AMPERSAND).append(request.getQueryString()).toString();
            String preLoginURL = LibertyManager.getLoginURL(request);
            sendResponse(request, response, preLoginURL + "&goto=" + URLEncDec.encode(gotoUrl));
            return;
        }
        Set providerSet = LibertyManager.getProvidersToFederate(realm, providerID, providerRole, univId);
        if (providerSet != null && providerSet.size() != 0 && federationPage != null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSPostLogin::doPostLogin: Found " + "provider(s) to federated with " + providerSet);
            }
            returnURL = new StringBuffer().append(federationPage).append(IFSConstants.QUESTION_MARK).append(IFSConstants.META_ALIAS).append(IFSConstants.EQUAL_TO).append(metaAlias).append(IFSConstants.AMPERSAND).append(IFSConstants.LRURL).append(IFSConstants.EQUAL_TO).append(URLEncDec.encode(lrURL)).toString();
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSPostLogin::doPostLogin: No " + "provider(s) to federated with or " + "federationPage null. Redirecting to LRURL " + lrURL);
            }
            returnURL = lrURL;
        }
    } else {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSPostLogin::doPostLogin. No cotkey or " + "Federatekey found");
        }
        returnURL = lrURL;
    }
    setTokenListenerAndSessionInfo(request, metaAlias);
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSPostLogin::doPostLogin return url " + returnURL);
    }
    sendResponse(request, response, returnURL);
}
Also used : Set(java.util.Set) FSSessionManager(com.sun.identity.federation.services.FSSessionManager)

Example 30 with FSSessionManager

use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.

the class FSAssertionArtifactHandler method doAccountFederation.

protected int doAccountFederation(NameIdentifier ni) {
    FSUtils.debug.message("FSAssertionArtifactHandler.doAccountFederation:Called");
    if (ni == null) {
        FSUtils.debug.error("FSAssertionArtifactHandler.doAccountFederation:" + FSUtils.bundle.getString("invalidInput"));
        return FederationSPAdapter.FEDERATION_FAILED;
    }
    Object ssoToken = null;
    SessionProvider sessionProvider = null;
    try {
        sessionProvider = SessionManager.getProvider();
    } catch (SessionException se) {
        FSUtils.debug.error("FSAssertionArtifactHandler.doAccountFederation: " + "Couldn't obtain session provider:", se);
        String[] data = { FSUtils.bundle.getString("failGenerateSSOToken") };
        LogUtil.error(Level.INFO, LogUtil.FAILED_SSO_TOKEN_GENERATION, data);
        return FederationSPAdapter.FEDERATION_FAILED_SSO_TOKEN_GENERATION;
    }
    try {
        ssoToken = sessionProvider.getSession(request);
        if ((ssoToken == null) || (!sessionProvider.isValid(ssoToken))) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHandler." + "doAccountFederation: couldn't obtain session from " + "cookie");
            }
            ssoToken = null;
        }
    } catch (SessionException se) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionArtifactHandler." + "doAccountFederation: exception when getting session " + "from cookie:");
        }
        ssoToken = null;
    }
    // try URL rewriting
    FSSessionManager sessionManager = null;
    if (ssoToken == null && nameIDPolicy != null && nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
        try {
            ssoToken = generateAnonymousToken(response);
        } catch (SessionException se) {
            int failureCode = se.getErrCode();
            if (failureCode == SessionException.AUTH_USER_INACTIVE) {
                failureCode = FederationSPAdapter.FEDERATION_FAILED_ANON_AUTH_USER_INACTIVE;
            } else if (failureCode == SessionException.AUTH_USER_LOCKED) {
                failureCode = FederationSPAdapter.FEDERATION_FAILED_ANON_AUTH_USER_LOCKED;
            } else if (failureCode == SessionException.AUTH_ACCOUNT_EXPIRED) {
                failureCode = FederationSPAdapter.FEDERATION_FAILED_ANON_AUTH_ACCOUNT_EXPIRED;
            } else {
                failureCode = FederationSPAdapter.FEDERATION_FAILED_ANON_TOKEN_GENERATION;
            }
            return failureCode;
        }
    }
    if (ssoToken == null) {
        FSUtils.debug.error("FSAssertionArtifactHandler.doAccountFederation:" + "Account federation failed. Invalid session");
        return FederationSPAdapter.FEDERATION_FAILED_ANON_TOKEN_GENERATION;
    }
    try {
        String opaqueHandle = ni.getName();
        String userID = sessionProvider.getPrincipalName(ssoToken);
        String securityDomain = ni.getNameQualifier();
        if ((securityDomain == null) || (securityDomain.length() == 0)) {
            securityDomain = hostEntityId;
        }
        FSAccountFedInfo accountInfo = new FSAccountFedInfo(idpEntityId, null, ni, true);
        FSAccountManager accountManager = FSAccountManager.getInstance(hostMetaAlias);
        FSAccountFedInfoKey fedKey = null;
        String affiliationID = authnRequest.getAffiliationID();
        if (affiliationID != null) {
            fedKey = new FSAccountFedInfoKey(affiliationID, opaqueHandle);
            accountInfo.setAffiliation(true);
        } else {
            fedKey = new FSAccountFedInfoKey(securityDomain, opaqueHandle);
        }
        if (nameIDPolicy == null || !nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
            accountManager.writeAccountFedInfo(userID, fedKey, accountInfo);
        }
        //keep local session ref
        if (sessionManager == null) {
            sessionManager = FSSessionManager.getInstance(hostMetaAlias);
        }
        String sessionID = sessionProvider.getSessionID(ssoToken);
        FSSession session = sessionManager.getSession(userID, sessionID);
        if (session != null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHandler." + "doAccountFederation: No existing session found " + " for userID:" + userID + " And SessionID: " + sessionID + " Creating a new Session");
            }
            session.addSessionPartner(new FSSessionPartner(idpEntityId, true));
            session.setSessionIndex(idpSessionIndex);
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHandler." + "doAccountFederation: An Existing session found" + "for userID:" + userID + " And SessionID: " + sessionID + " Adding partner to the Session");
            }
            session = new FSSession(sessionID);
            session.addSessionPartner(new FSSessionPartner(idpEntityId, true));
            if (idpSessionIndex != null) {
                session.setSessionIndex(idpSessionIndex);
            }
        }
        if (nameIDPolicy != null && nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
            session.setOneTime(true);
            session.setUserID(userID);
        }
        String authnContextClassRef = null;
        if (authnContextStmt != null) {
            authnContextClassRef = authnContextStmt.getAuthnContextClassRef();
        }
        if ((authnContextClassRef == null) || (authnContextClassRef.length() == 0)) {
            authnContextClassRef = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
        }
        if (authnContextClassRef != null) {
            session.setAuthnContext(authnContextClassRef);
        }
        session.setAccountFedInfo(accountInfo);
        if (bootStrapStatement != null) {
            session.setBootStrapAttributeStatement(bootStrapStatement);
        }
        if (attrStatements.size() != 0) {
            Map attributeMap = null;
            setAttributeMapper();
            if (realmAttributeMapper != null) {
                attributeMap = realmAttributeMapper.getAttributes(attrStatements, realm, hostEntityId, idpEntityId, ssoToken);
            } else if (attributeMapper != null) {
                attributeMap = attributeMapper.getAttributes(attrStatements, hostEntityId, idpEntityId, ssoToken);
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: Attribute map :" + attributeMap);
            }
            if (attributeMap != null) {
                setAttributeMap(ssoToken, attributeMap);
            }
        }
        if (securityAssertions != null) {
            session.setBootStrapCredential(securityAssertions);
        }
        sessionManager.addSession(userID, session);
    } catch (Exception ex) {
        FSUtils.debug.error("FSAssertionArtifactHandler.doAccountFederation:" + FSUtils.bundle.getString("ExceptionOccured"), ex);
        return FederationSPAdapter.FEDERATION_FAILED_WRITING_ACCOUNT_INFO;
    }
    String[] data = { this.relayState };
    LogUtil.access(Level.INFO, LogUtil.ACCESS_GRANTED_REDIRECT_TO, data, ssoToken);
    //Set fed cookie
    if (nameIDPolicy == null || !nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
        String fedCookieName = SystemConfigurationUtil.getProperty(IFSConstants.FEDERATE_COOKIE_NAME);
        String fedCookieValue = "yes";
        for (String domain : SystemConfigurationUtil.getCookieDomainsForRequest(request)) {
            CookieUtils.addCookieToResponse(response, CookieUtils.newCookie(fedCookieName, fedCookieValue, IFSConstants.PERSISTENT_COOKIE_AGE, "/", domain));
        }
    }
    //Name registration        
    // comment it out for now as the spec doesn't mendate this.
    /*
        try {
            // get if need name registration from sp extended meta
            String indicator = IDFFMetaUtils.getFirstAttributeValueFromConfig(
                hostConfig, IFSConstants.ENABLE_REGISTRATION_AFTER_SSO);
            if (indicator != null && indicator.equalsIgnoreCase("true")) {
                FSServiceManager serviceManager = 
                    FSServiceManager.getInstance();
                FSNameRegistrationHandler handlerObj = 
                    serviceManager.getNameRegistrationHandler(
                        realm,
                        idpEntityId,
                        IFSConstants.IDP);
                if (handlerObj != null) {
                    handlerObj.setHostedDescriptor(hostDesc);
                    handlerObj.setHostedDescriptorConfig(hostConfig);
                    handlerObj.setHostedEntityId(hostEntityId);
                    handlerObj.setMetaAlias(hostMetaAlias);
                    handlerObj.setAccountInfo(accountInfo);
                    handlerObj.handleRegistrationAfterFederation(
                        this.relayState, response);
                }
                if (!FSServieUtils.isRegisProfileSOAP(
                    sessionProvider.getPrincipalName(ssoToken),
                    idpEntityId,
                    idpDescriptor,
                    hostMetaAlias,
                    hostDesc)) 
                {
                    return FederationSPAdapter.SUCCESS;
                }
            }
        } catch (SessionException se) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("doAccountFederation: exception:", se);
            }
        }
        */
    // Call SP adapter
    FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostEntityId, hostConfig);
    if (spAdapter != null) {
        FSUtils.debug.message("Invoke spAdapter");
        try {
            if (spAdapter.postSSOFederationSuccess(hostEntityId, request, response, ssoToken, authnRequest, authnResponse, (FSResponse) samlResponse)) {
                // return true if service provider SPI redirection happened
                return FederationSPAdapter.SUCCESS;
            }
        } catch (Exception e) {
            // log run time exception in Adapter
            // implementation, continue
            FSUtils.debug.error("FSAssertionArtifactHandler" + " SPAdapter.postSSOFederationSuccess", e);
        }
    }
    try {
        redirectToResource(this.relayState);
        return FederationSPAdapter.SUCCESS;
    } catch (Exception e) {
        return FederationSPAdapter.FEDERATION_FAILED;
    }
}
Also used : FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo) FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey) FSAccountManager(com.sun.identity.federation.accountmgmt.FSAccountManager) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) Map(java.util.Map) HashMap(java.util.HashMap) FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Aggregations

FSSessionManager (com.sun.identity.federation.services.FSSessionManager)48 FSSession (com.sun.identity.federation.services.FSSession)30 SessionException (com.sun.identity.plugin.session.SessionException)29 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)19 IOException (java.io.IOException)19 FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)18 SAMLException (com.sun.identity.saml.common.SAMLException)16 FSSessionPartner (com.sun.identity.federation.services.FSSessionPartner)13 List (java.util.List)13 FSException (com.sun.identity.federation.common.FSException)12 HashMap (java.util.HashMap)11 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)10 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)10 SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)10 Iterator (java.util.Iterator)10 SessionProvider (com.sun.identity.plugin.session.SessionProvider)9 ServletException (javax.servlet.ServletException)9 FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)8 IDPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)8 COTException (com.sun.identity.cot.COTException)7