Example 26 with FSSessionManager
use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.
the class FSBrowserArtifactConsumerHandler method processSAMLResponse.
private void processSAMLResponse(FSResponse samlResponse) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler.processSAMLResponse: Called");
String baseURL = FSServiceUtils.getBaseURL(request);
String framedPageURL = FSServiceUtils.getCommonLoginPageURL(hostMetaAlias, relayState, null, request, baseURL);
try {
if (samlResponse == null) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: null input " + FSUtils.bundle.getString("missingResponse"));
String[] data = { FSUtils.bundle.getString("missingResponse") };
LogUtil.error(Level.INFO, LogUtil.MISSING_RESPONSE, data);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostEntityId, hostConfig);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: Received " + samlResponse.toXMLString());
}
boolean valid = verifyResponseStatus(samlResponse);
if (!valid) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: verify Status failed " + FSUtils.bundle.getString("invalidResponse"));
String[] data = { samlResponse.toXMLString() };
LogUtil.error(Level.INFO, LogUtil.INVALID_RESPONSE, data);
if (spAdapter == null || !spAdapter.postSSOFederationFailure(hostEntityId, request, response, authnRequest, null, samlResponse, FederationSPAdapter.INVALID_RESPONSE)) {
FSUtils.forwardRequest(request, response, framedPageURL);
}
return;
}
// check Assertion
List assertions = samlResponse.getAssertion();
if ((assertions == null) || !(assertions.size() > 0)) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse" + FSUtils.bundle.getString("invalidResponse") + ": No assertion found inside the AuthnResponse");
String[] data = { samlResponse.toXMLString() };
LogUtil.error(Level.INFO, LogUtil.INVALID_RESPONSE, data);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
Iterator iter = assertions.iterator();
FSAssertion assertion = (FSAssertion) iter.next();
FSAuthnRequest authnRequestRef = getInResponseToRequest(assertion.getInResponseTo());
if (authnRequestRef == null) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: " + FSUtils.bundle.getString("invalidResponse") + ": Assertion does not correspond to any AuthnRequest");
String[] data = { samlResponse.toXMLString() };
LogUtil.error(Level.INFO, LogUtil.INVALID_RESPONSE, data);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
this.authnRequest = authnRequestRef;
this.relayState = authnRequest.getRelayState();
if ((this.relayState == null) || (this.relayState.trim().length() == 0)) {
this.relayState = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.PROVIDER_HOME_PAGE_URL);
if ((this.relayState == null) || (this.relayState.trim().length() == 0)) {
this.relayState = baseURL + IFSConstants.SP_DEFAULT_RELAY_STATE;
}
}
this.doFederate = authnRequest.getFederate();
this.nameIDPolicy = authnRequest.getNameIDPolicy();
// Call SP preSSOFederationProcess for Artifact case
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler, " + "Artifact, Invoke spAdapter.preSSOFederationProcess");
}
try {
spAdapter.preSSOFederationProcess(hostEntityId, request, response, authnRequest, null, (FSResponse) samlResponse);
} catch (Exception e) {
// log run time exception in Adapter
// implementation, continue
FSUtils.debug.error("FSAssertionArtifactHandler" + " SPAdapter.preSSOFederationSuccess", e);
}
}
framedPageURL = FSServiceUtils.getCommonLoginPageURL(hostMetaAlias, authnRequest.getRelayState(), null, request, baseURL);
String idpEntityIdRef = getProvider(assertion.getInResponseTo());
if ((idpEntityIdRef == null) || !(idpEntityIdRef.equals(idpEntityId))) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: " + FSUtils.bundle.getString("invalidAssertion") + ": Assertion does not correspond to any IDP");
String[] data = { FSUtils.bundle.getString("invalidAssertion") };
LogUtil.error(Level.INFO, LogUtil.INVALID_ASSERTION, data);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
FSSubject validSubject = (FSSubject) validateAssertions(assertions);
if (validSubject == null) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: validateAssertions failed: " + FSUtils.bundle.getString("invalidAssertion"));
String[] data = { FSUtils.bundle.getString("invalidAssertion") };
LogUtil.error(Level.INFO, LogUtil.INVALID_ASSERTION, data);
if (spAdapter == null || !spAdapter.postSSOFederationFailure(hostEntityId, request, response, authnRequest, null, samlResponse, FederationSPAdapter.INVALID_RESPONSE)) {
FSUtils.forwardRequest(request, response, framedPageURL);
}
return;
}
if (doFederate) {
NameIdentifier ni = validSubject.getIDPProvidedNameIdentifier();
if (ni == null) {
ni = validSubject.getNameIdentifier();
}
if (ni != null) {
int returnCode = doAccountFederation(ni);
if (returnCode == FederationSPAdapter.SUCCESS) {
// remove it from session manager table
FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
sessionManager.removeAuthnRequest(assertion.getInResponseTo());
return;
} else {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: " + FSUtils.bundle.getString("AccountFederationFailed"));
String[] data = { FSUtils.bundle.getString("AccountFederationFailed") };
LogUtil.error(Level.INFO, LogUtil.ACCOUNT_FEDERATION_FAILED, data);
if (spAdapter == null || !spAdapter.postSSOFederationFailure(hostEntityId, request, response, authnRequest, authnResponse, samlResponse, returnCode)) {
FSUtils.forwardRequest(request, response, framedPageURL);
}
}
} else {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: Single Sign-On failed. " + "NameIdentifier of the subject is null: ");
String[] data = { FSUtils.bundle.getString("SingleSignOnFailed") };
LogUtil.error(Level.INFO, LogUtil.SINGLE_SIGNON_FAILED, data);
throw new FSException("missingNIofSubject", null);
}
} else {
// remove it from session manager table
FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
sessionManager.removeAuthnRequest(assertion.getInResponseTo());
NameIdentifier niIdp = validSubject.getIDPProvidedNameIdentifier();
NameIdentifier ni = validSubject.getNameIdentifier();
if (niIdp == null) {
niIdp = ni;
}
if ((niIdp == null) || (ni == null)) {
String[] data = { FSUtils.bundle.getString("invalidResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_RESPONSE, data);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
String idpHandle = niIdp.getName();
String spHandle = ni.getName();
int handleType;
if ((idpHandle == null) || (spHandle == null)) {
String[] data = { FSUtils.bundle.getString("invalidResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_RESPONSE, data);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
if (idpHandle.equals(spHandle)) {
ni = niIdp;
handleType = IFSConstants.REMOTE_OPAQUE_HANDLE;
} else {
handleType = IFSConstants.LOCAL_OPAQUE_HANDLE;
}
if (ni != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: NameIdentifier=" + ni.getName() + " securityDomain=" + ni.getNameQualifier());
}
Map env = new HashMap();
env.put(IFSConstants.FS_USER_PROVIDER_ENV_FSRESPONSE_KEY, samlResponse);
int returnCode = doSingleSignOn(ni, handleType, niIdp, env);
if (returnCode == FederationSPAdapter.SUCCESS) {
String requestID = assertion.getInResponseTo();
if (isIDPProxyEnabled(requestID)) {
sendProxyResponse(requestID);
return;
}
String[] data = { this.relayState };
LogUtil.access(Level.INFO, LogUtil.ACCESS_GRANTED_REDIRECT_TO, data, ssoToken);
// Call SP Adapter
if (spAdapter != null) {
FSUtils.debug.message("Invoke spAdapter");
try {
if (spAdapter.postSSOFederationSuccess(hostEntityId, request, response, ssoToken, authnRequest, null, samlResponse)) {
return;
}
} catch (Exception e) {
// log run time exception in Adapter
// implementation, continue
FSUtils.debug.error("FSAssertionArtifactHandler" + " SPAdapter.postSSOFederationSuccess:", e);
}
}
redirectToResource(this.relayState);
return;
} else {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: SingleSignOnFailed, ni=" + ni.getName() + "[" + ni.getNameQualifier() + "]");
String[] data = { ni.getName() };
LogUtil.error(Level.INFO, LogUtil.SINGLE_SIGNON_FAILED, data);
if (spAdapter == null || !spAdapter.postSSOFederationFailure(hostEntityId, request, response, authnRequest, null, samlResponse, returnCode)) {
FSUtils.forwardRequest(request, response, framedPageURL);
}
return;
}
} else {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: SingleSignOnFailed (null)");
String[] data = { FSUtils.bundle.getString("SingleSignOnFailed") };
LogUtil.error(Level.INFO, LogUtil.SINGLE_SIGNON_FAILED, data);
throw new FSException("missingNIofSubject", null);
}
}
} catch (Exception e) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLResponse: Exception occured: ", e);
return;
}
}
Also used :
FSSubject(com.sun.identity.federation.message.FSSubject)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
HashMap(java.util.HashMap)
FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
FSAssertion(com.sun.identity.federation.message.FSAssertion)
Iterator(java.util.Iterator)
FSException(com.sun.identity.federation.common.FSException)
List(java.util.List)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 27 with FSSessionManager
use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.
the class FSAssertionArtifactHandler method getInResponseToRequest.
protected FSAuthnRequest getInResponseToRequest(String requestID) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler.getInResponseToRequest: Called");
FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
return authnRequest = sessionManager.getAuthnRequest(requestID);
}
Also used :
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
Example 28 with FSSessionManager
use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.
the class FSPostLogin method setTokenListenerAndSessionInfo.
/**
* Sets the Session Listener and session information.
*
* @param request the <code>HttpServletRequest</code> object.
* @param metaAlias the provider alias string.
*/
private void setTokenListenerAndSessionInfo(HttpServletRequest request, String metaAlias) {
Object ssoToken = null;
String sessionID = null;
String userID = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
sessionID = sessionProvider.getSessionID(ssoToken);
userID = sessionProvider.getPrincipalName(ssoToken);
sessionProvider.addListener(ssoToken, new FSTokenListener(metaAlias));
} catch (SessionException ssoExp) {
FSUtils.debug.error("FSPostLogin::setTokenListenerAndSessionInfo " + "Failed during trying to add token Listener:", ssoExp);
return;
}
FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
FSSession session = sessionManager.getSession(userID, sessionID);
if (session == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPostLogin::setTokenListenerAndSessionInfo. " + "No existing session found for user " + userID + " And SessionID: " + sessionID + " Creating a new Session");
}
FSSession newSession = new FSSession(sessionID);
sessionManager.addSession(userID, newSession);
}
}
Also used :
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
FSTokenListener(com.sun.identity.federation.services.logout.FSTokenListener)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 29 with FSSessionManager
use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.
the class FSPostLogin method doPostLogin.
/**
* Retreives and forwards request to URL after login.
*
* @param request <code>HttpServletRequest</code> object.
* @param response <code>HttpServletResponse</code> object.
*/
public void doPostLogin(HttpServletRequest request, HttpServletResponse response) {
String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
String sso = request.getParameter(IFSConstants.SSOKEY);
String lrURL = request.getParameter(IFSConstants.LRURL);
String showFederatePage = request.getParameter(IFSConstants.FEDERATEKEY);
String returnURL = null;
if (metaAlias == null) {
metaAlias = FSServiceUtils.getMetaAlias(request);
String rqst = (new StringBuffer()).append(request.getRequestURL().toString()).append(IFSConstants.QUESTION_MARK).append(request.getQueryString()).toString();
lrURL = getValueFromURL(rqst, IFSConstants.LRURL);
sso = getValueFromURL(rqst, IFSConstants.SSOKEY);
// this is for LECP, we need to map the random id back to
// original URL stored in session manager
FSSessionManager sessMgr = FSSessionManager.getInstance(metaAlias);
String relayStateURL = sessMgr.getRelayState(lrURL);
if (relayStateURL != null) {
sessMgr.removeRelayState(lrURL);
lrURL = relayStateURL;
}
}
try {
setMetaInfo(metaAlias, request);
} catch (FSPostLoginException fsexp) {
sendResponse(request, response, errorPage);
}
if (lrURL == null || lrURL.length() <= 0) {
lrURL = LibertyManager.getHomeURL(realm, entityID, providerRole);
}
if ((sso != null && sso.length() > 0 && sso.equalsIgnoreCase(IFSConstants.SSOVALUE)) || isIDP) {
// means in middle of SSO show consent to introduction page
try {
Set cotSet = LibertyManager.getListOfCOTs(realm, entityID, providerRole);
if (cotSet != null && !cotSet.isEmpty()) {
if (cotSet.size() <= 1) {
String cotSelected = (String) cotSet.iterator().next();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPostLogin::doPostLogin " + "single cot present is " + cotSelected);
}
returnURL = doConsentToIntro(metaAlias, lrURL, cotSelected);
} else {
returnURL = new StringBuffer().append(consentPage).append(IFSConstants.QUESTION_MARK).append(IFSConstants.META_ALIAS).append(IFSConstants.EQUAL_TO).append(metaAlias).append(IFSConstants.AMPERSAND).append(IFSConstants.LRURL).append(IFSConstants.EQUAL_TO).append(URLEncDec.encode(lrURL)).toString();
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPostLogin::doPostLogin: No " + "COTS configured. redirecting to lrurl " + lrURL);
}
returnURL = lrURL;
}
} catch (FSPostLoginException fsexp) {
sendResponse(request, response, errorPage);
}
} else if (showFederatePage != null && !showFederatePage.equalsIgnoreCase(IFSConstants.FEDERATEVALUE)) {
//show do u want to federate page with list of IDP's
String providerID = LibertyManager.getEntityID(metaAlias);
String univId = LibertyManager.getUser(request);
if (univId == null) {
String gotoUrl = new StringBuffer().append(request.getRequestURL()).append(IFSConstants.QUESTION_MARK).append(IFSConstants.AMPERSAND).append(request.getQueryString()).toString();
String preLoginURL = LibertyManager.getLoginURL(request);
sendResponse(request, response, preLoginURL + "&goto=" + URLEncDec.encode(gotoUrl));
return;
}
Set providerSet = LibertyManager.getProvidersToFederate(realm, providerID, providerRole, univId);
if (providerSet != null && providerSet.size() != 0 && federationPage != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPostLogin::doPostLogin: Found " + "provider(s) to federated with " + providerSet);
}
returnURL = new StringBuffer().append(federationPage).append(IFSConstants.QUESTION_MARK).append(IFSConstants.META_ALIAS).append(IFSConstants.EQUAL_TO).append(metaAlias).append(IFSConstants.AMPERSAND).append(IFSConstants.LRURL).append(IFSConstants.EQUAL_TO).append(URLEncDec.encode(lrURL)).toString();
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPostLogin::doPostLogin: No " + "provider(s) to federated with or " + "federationPage null. Redirecting to LRURL " + lrURL);
}
returnURL = lrURL;
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPostLogin::doPostLogin. No cotkey or " + "Federatekey found");
}
returnURL = lrURL;
}
setTokenListenerAndSessionInfo(request, metaAlias);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPostLogin::doPostLogin return url " + returnURL);
}
sendResponse(request, response, returnURL);
}
Also used :
Set(java.util.Set)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
Example 30 with FSSessionManager
use of com.sun.identity.federation.services.FSSessionManager in project OpenAM by OpenRock.
the class FSAssertionArtifactHandler method doAccountFederation.
protected int doAccountFederation(NameIdentifier ni) {
FSUtils.debug.message("FSAssertionArtifactHandler.doAccountFederation:Called");
if (ni == null) {
FSUtils.debug.error("FSAssertionArtifactHandler.doAccountFederation:" + FSUtils.bundle.getString("invalidInput"));
return FederationSPAdapter.FEDERATION_FAILED;
}
Object ssoToken = null;
SessionProvider sessionProvider = null;
try {
sessionProvider = SessionManager.getProvider();
} catch (SessionException se) {
FSUtils.debug.error("FSAssertionArtifactHandler.doAccountFederation: " + "Couldn't obtain session provider:", se);
String[] data = { FSUtils.bundle.getString("failGenerateSSOToken") };
LogUtil.error(Level.INFO, LogUtil.FAILED_SSO_TOKEN_GENERATION, data);
return FederationSPAdapter.FEDERATION_FAILED_SSO_TOKEN_GENERATION;
}
try {
ssoToken = sessionProvider.getSession(request);
if ((ssoToken == null) || (!sessionProvider.isValid(ssoToken))) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "doAccountFederation: couldn't obtain session from " + "cookie");
}
ssoToken = null;
}
} catch (SessionException se) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "doAccountFederation: exception when getting session " + "from cookie:");
}
ssoToken = null;
}
// try URL rewriting
FSSessionManager sessionManager = null;
if (ssoToken == null && nameIDPolicy != null && nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
try {
ssoToken = generateAnonymousToken(response);
} catch (SessionException se) {
int failureCode = se.getErrCode();
if (failureCode == SessionException.AUTH_USER_INACTIVE) {
failureCode = FederationSPAdapter.FEDERATION_FAILED_ANON_AUTH_USER_INACTIVE;
} else if (failureCode == SessionException.AUTH_USER_LOCKED) {
failureCode = FederationSPAdapter.FEDERATION_FAILED_ANON_AUTH_USER_LOCKED;
} else if (failureCode == SessionException.AUTH_ACCOUNT_EXPIRED) {
failureCode = FederationSPAdapter.FEDERATION_FAILED_ANON_AUTH_ACCOUNT_EXPIRED;
} else {
failureCode = FederationSPAdapter.FEDERATION_FAILED_ANON_TOKEN_GENERATION;
}
return failureCode;
}
}
if (ssoToken == null) {
FSUtils.debug.error("FSAssertionArtifactHandler.doAccountFederation:" + "Account federation failed. Invalid session");
return FederationSPAdapter.FEDERATION_FAILED_ANON_TOKEN_GENERATION;
}
try {
String opaqueHandle = ni.getName();
String userID = sessionProvider.getPrincipalName(ssoToken);
String securityDomain = ni.getNameQualifier();
if ((securityDomain == null) || (securityDomain.length() == 0)) {
securityDomain = hostEntityId;
}
FSAccountFedInfo accountInfo = new FSAccountFedInfo(idpEntityId, null, ni, true);
FSAccountManager accountManager = FSAccountManager.getInstance(hostMetaAlias);
FSAccountFedInfoKey fedKey = null;
String affiliationID = authnRequest.getAffiliationID();
if (affiliationID != null) {
fedKey = new FSAccountFedInfoKey(affiliationID, opaqueHandle);
accountInfo.setAffiliation(true);
} else {
fedKey = new FSAccountFedInfoKey(securityDomain, opaqueHandle);
}
if (nameIDPolicy == null || !nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
accountManager.writeAccountFedInfo(userID, fedKey, accountInfo);
}
//keep local session ref
if (sessionManager == null) {
sessionManager = FSSessionManager.getInstance(hostMetaAlias);
}
String sessionID = sessionProvider.getSessionID(ssoToken);
FSSession session = sessionManager.getSession(userID, sessionID);
if (session != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "doAccountFederation: No existing session found " + " for userID:" + userID + " And SessionID: " + sessionID + " Creating a new Session");
}
session.addSessionPartner(new FSSessionPartner(idpEntityId, true));
session.setSessionIndex(idpSessionIndex);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "doAccountFederation: An Existing session found" + "for userID:" + userID + " And SessionID: " + sessionID + " Adding partner to the Session");
}
session = new FSSession(sessionID);
session.addSessionPartner(new FSSessionPartner(idpEntityId, true));
if (idpSessionIndex != null) {
session.setSessionIndex(idpSessionIndex);
}
}
if (nameIDPolicy != null && nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
session.setOneTime(true);
session.setUserID(userID);
}
String authnContextClassRef = null;
if (authnContextStmt != null) {
authnContextClassRef = authnContextStmt.getAuthnContextClassRef();
}
if ((authnContextClassRef == null) || (authnContextClassRef.length() == 0)) {
authnContextClassRef = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
}
if (authnContextClassRef != null) {
session.setAuthnContext(authnContextClassRef);
}
session.setAccountFedInfo(accountInfo);
if (bootStrapStatement != null) {
session.setBootStrapAttributeStatement(bootStrapStatement);
}
if (attrStatements.size() != 0) {
Map attributeMap = null;
setAttributeMapper();
if (realmAttributeMapper != null) {
attributeMap = realmAttributeMapper.getAttributes(attrStatements, realm, hostEntityId, idpEntityId, ssoToken);
} else if (attributeMapper != null) {
attributeMap = attributeMapper.getAttributes(attrStatements, hostEntityId, idpEntityId, ssoToken);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: Attribute map :" + attributeMap);
}
if (attributeMap != null) {
setAttributeMap(ssoToken, attributeMap);
}
}
if (securityAssertions != null) {
session.setBootStrapCredential(securityAssertions);
}
sessionManager.addSession(userID, session);
} catch (Exception ex) {
FSUtils.debug.error("FSAssertionArtifactHandler.doAccountFederation:" + FSUtils.bundle.getString("ExceptionOccured"), ex);
return FederationSPAdapter.FEDERATION_FAILED_WRITING_ACCOUNT_INFO;
}
String[] data = { this.relayState };
LogUtil.access(Level.INFO, LogUtil.ACCESS_GRANTED_REDIRECT_TO, data, ssoToken);
//Set fed cookie
if (nameIDPolicy == null || !nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
String fedCookieName = SystemConfigurationUtil.getProperty(IFSConstants.FEDERATE_COOKIE_NAME);
String fedCookieValue = "yes";
for (String domain : SystemConfigurationUtil.getCookieDomainsForRequest(request)) {
CookieUtils.addCookieToResponse(response, CookieUtils.newCookie(fedCookieName, fedCookieValue, IFSConstants.PERSISTENT_COOKIE_AGE, "/", domain));
}
}
//Name registration
// comment it out for now as the spec doesn't mendate this.
/*
try {
// get if need name registration from sp extended meta
String indicator = IDFFMetaUtils.getFirstAttributeValueFromConfig(
hostConfig, IFSConstants.ENABLE_REGISTRATION_AFTER_SSO);
if (indicator != null && indicator.equalsIgnoreCase("true")) {
FSServiceManager serviceManager =
FSServiceManager.getInstance();
FSNameRegistrationHandler handlerObj =
serviceManager.getNameRegistrationHandler(
realm,
idpEntityId,
IFSConstants.IDP);
if (handlerObj != null) {
handlerObj.setHostedDescriptor(hostDesc);
handlerObj.setHostedDescriptorConfig(hostConfig);
handlerObj.setHostedEntityId(hostEntityId);
handlerObj.setMetaAlias(hostMetaAlias);
handlerObj.setAccountInfo(accountInfo);
handlerObj.handleRegistrationAfterFederation(
this.relayState, response);
}
if (!FSServieUtils.isRegisProfileSOAP(
sessionProvider.getPrincipalName(ssoToken),
idpEntityId,
idpDescriptor,
hostMetaAlias,
hostDesc))
{
return FederationSPAdapter.SUCCESS;
}
}
} catch (SessionException se) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("doAccountFederation: exception:", se);
}
}
*/
// Call SP adapter
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostEntityId, hostConfig);
if (spAdapter != null) {
FSUtils.debug.message("Invoke spAdapter");
try {
if (spAdapter.postSSOFederationSuccess(hostEntityId, request, response, ssoToken, authnRequest, authnResponse, (FSResponse) samlResponse)) {
// return true if service provider SPI redirection happened
return FederationSPAdapter.SUCCESS;
}
} catch (Exception e) {
// log run time exception in Adapter
// implementation, continue
FSUtils.debug.error("FSAssertionArtifactHandler" + " SPAdapter.postSSOFederationSuccess", e);
}
}
try {
redirectToResource(this.relayState);
return FederationSPAdapter.SUCCESS;
} catch (Exception e) {
return FederationSPAdapter.FEDERATION_FAILED;
}
}
Also used :
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)
FSAccountManager(com.sun.identity.federation.accountmgmt.FSAccountManager)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
Map(java.util.Map)
HashMap(java.util.HashMap)
FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Aggregations
FSSessionManager (com.sun.identity.federation.services.FSSessionManager)48
FSSession (com.sun.identity.federation.services.FSSession)30
SessionException (com.sun.identity.plugin.session.SessionException)29
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)19
IOException (java.io.IOException)19
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)18
SAMLException (com.sun.identity.saml.common.SAMLException)16
FSSessionPartner (com.sun.identity.federation.services.FSSessionPartner)13
List (java.util.List)13
FSException (com.sun.identity.federation.common.FSException)12
HashMap (java.util.HashMap)11
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)10
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)10
SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)10
Iterator (java.util.Iterator)10
SessionProvider (com.sun.identity.plugin.session.SessionProvider)9
ServletException (javax.servlet.ServletException)9
FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)8
IDPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)8
COTException (com.sun.identity.cot.COTException)7
