Search in sources :

Example 1 with FSSessionPartner

use of com.sun.identity.federation.services.FSSessionPartner in project OpenAM by OpenRock.

the class FSSingleLogoutHandler method handleIDPProxyLogout.

private FSLogoutStatus handleIDPProxyLogout(String sourceEntityId) {
    FSLogoutStatus retStatus = null;
    FSUtils.debug.message("FSSingleLogoutHandler.handleIDPProxyLogout.");
    // get sp metaAlias if any
    String proxySPAlias = null;
    boolean isProxy = false;
    BaseConfigType proxySPConfig = null;
    ProviderDescriptorType proxySPDescriptor = null;
    if (hostedRole == IFSConstants.IDP) {
        // see if there is a hosted SP with the same hostedEntityId
        proxySPAlias = IDFFMetaUtils.getMetaAlias(realm, hostedEntityId, IFSConstants.SP, null);
        if (proxySPAlias != null) {
            // check to see if original SP is idp proxy enabled
            if (metaManager != null) {
                try {
                    BaseConfigType sourceSPConfig = metaManager.getSPDescriptorConfig(realm, sourceEntityId);
                    String enabledString = IDFFMetaUtils.getFirstAttributeValueFromConfig(sourceSPConfig, IFSConstants.ENABLE_IDP_PROXY);
                    if (enabledString != null && enabledString.equalsIgnoreCase("true")) {
                        isProxy = true;
                    }
                } catch (IDFFMetaException ie) {
                    // Shouldn't be here
                    isProxy = false;
                }
            }
        }
    }
    if (isProxy) {
        FSUtils.debug.message("FSSingleLogoutHandler.handleIDPProxyLogout:isProxy is true.");
        // see if there is any session with that proxySPAlias
        try {
            FSSessionManager sessionMgr = FSSessionManager.getInstance(proxySPAlias);
            FSSession session = sessionMgr.getSession(ssoToken);
            if (session != null) {
                List partners = session.getSessionPartners();
                if (partners != null && !partners.isEmpty()) {
                    FSSingleLogoutHandler handler = new FSSingleLogoutHandler();
                    proxySPConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
                    proxySPDescriptor = metaManager.getSPDescriptor(realm, hostedEntityId);
                    handler.setHostedDescriptor(proxySPDescriptor);
                    handler.setHostedDescriptorConfig(proxySPConfig);
                    handler.setRealm(realm);
                    handler.setHostedEntityId(hostedEntityId);
                    handler.setHostedProviderRole(IFSConstants.SP);
                    handler.setMetaAlias(proxySPAlias);
                    Iterator iter = partners.iterator();
                    retStatus = new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
                    // most of the time it will have only one idp partner
                    while (iter.hasNext()) {
                        FSSessionPartner sessionPartner = (FSSessionPartner) iter.next();
                        String curEntityId = sessionPartner.getPartner();
                        if (curEntityId.equals(sourceEntityId) || !sessionPartner.getIsRoleIDP()) {
                            continue;
                        }
                        FSLogoutStatus curStatus = handler.doIDPProxySoapProfile(request, response, sessionPartner, userID, session.getSessionIndex(), ssoToken);
                        if (!curStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
                            retStatus = curStatus;
                        }
                    }
                }
            }
        } catch (Exception e) {
            FSUtils.debug.error("FSSingleLogoutHandler.handleIDPProxy:", e);
            retStatus = new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
        }
    }
    return retStatus;
}
Also used : IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType) FSSession(com.sun.identity.federation.services.FSSession) ServletException(javax.servlet.ServletException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) IOException(java.io.IOException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner) Iterator(java.util.Iterator) List(java.util.List) FSSessionManager(com.sun.identity.federation.services.FSSessionManager)

Example 2 with FSSessionPartner

use of com.sun.identity.federation.services.FSSessionPartner in project OpenAM by OpenRock.

the class LibertyManager method getMappedNameIdentifier.

/**
     * Returns <code>NameIdentifier</code> between the IDP and
     * the other SP for the same principal. This method should
     * be used by the code on the hosted SP, where the user
     * has logged in, and has an account linking with the IDP.
     * Futhermore, the same principal has an account linking
     * between his/her other (remote) SP account and the IDP
     * account.
     *
     * @param hostedSPMetaAlias The <code>metaAlias</code> of
     * the local service provider.
     * @param ssoToken The session token of the logged-
     * in user on the local service provider.
     * @param remoteSPEntityID The entity ID of the remote
     * service provider. In other words, it is the targeted
     * name space for the returned name identifier.
     * @return <code>NameIdentifier</code> of the same principal
     * but original established between the remote SP and
     * the IDP
     */
public static NameIdentifier getMappedNameIdentifier(String hostedSPMetaAlias, Object ssoToken, String remoteSPEntityID) {
    String classMethod = "LibertyManager.getMappedNameIdentifier: ";
    String hostedEntityID = getEntityID(hostedSPMetaAlias);
    String realm = IDFFMetaUtils.getRealmByMetaAlias(hostedSPMetaAlias);
    if (debug.messageEnabled()) {
        debug.message("NameMappingRequester: hostedEntityID=" + hostedEntityID);
    }
    SPDescriptorType hostedDescriptor = null;
    BaseConfigType hostedConfig = null;
    try {
        hostedDescriptor = metaManager.getSPDescriptor(realm, hostedEntityID);
        hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityID);
    } catch (IDFFMetaException ie) {
        debug.error(classMethod + "couldn't obtain hosted meta:", ie);
        return null;
    }
    String userID = null;
    try {
        userID = SessionManager.getProvider().getPrincipalName(ssoToken);
    } catch (SessionException ssoe) {
        debug.error("SessionException caught when trying to " + "get user DN from session token:", ssoe);
        return null;
    }
    if (debug.messageEnabled()) {
        debug.message(classMethod + "userID=" + userID);
    }
    FSNameMappingHandler handler = new FSNameMappingHandler(hostedEntityID, hostedDescriptor, hostedConfig, hostedSPMetaAlias);
    NameIdentifier ni = null;
    if (debug.messageEnabled()) {
        debug.message(classMethod + "targetNamespace (remoteSPEntityID)=" + remoteSPEntityID);
    }
    FSSessionManager sMgr = FSSessionManager.getInstance(hostedSPMetaAlias);
    FSSession sess = null;
    if (sMgr != null) {
        sess = sMgr.getSession(ssoToken);
    }
    FSSessionPartner partner = null;
    if (sess != null) {
        partner = sess.getCurrentSessionPartner();
    } else {
        debug.error(classMethod + "session is null");
        return null;
    }
    String remoteIDPEntityID = null;
    if (partner != null) {
        remoteIDPEntityID = partner.getPartner();
    }
    if (debug.messageEnabled()) {
        debug.message(classMethod + "Remote IDP EntityID = " + remoteIDPEntityID);
    }
    try {
        ni = handler.getNameIdentifier(userID, remoteIDPEntityID, true);
    } catch (Exception e) {
        debug.error(classMethod + "Exception caught when trying to get Name " + "Identifier between local SP and remote IDP: ", e);
        return null;
    }
    if (debug.messageEnabled()) {
        debug.message(classMethod + "Name Identifier between local SP and " + " remote IDP: " + ni.toString());
    }
    FSNameIdentifierMappingRequest mappingRequest = null;
    try {
        mappingRequest = new FSNameIdentifierMappingRequest(hostedEntityID, ni, remoteSPEntityID);
    } catch (com.sun.identity.federation.message.common.FSMsgException fe) {
        debug.error(classMethod, fe);
        return null;
    }
    if (FSServiceUtils.isSigningOn()) {
        try {
            mappingRequest.signXML(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS));
        } catch (SAMLException se) {
            debug.error(classMethod, se);
            return null;
        }
    }
    IDPDescriptorType remoteProviderDesc = null;
    try {
        remoteProviderDesc = metaManager.getIDPDescriptor(realm, remoteIDPEntityID);
    } catch (IDFFMetaException fme1) {
        debug.error(classMethod, fme1);
        return null;
    }
    String remoteSOAPEndPoint = remoteProviderDesc.getSoapEndpoint();
    if (debug.messageEnabled()) {
        debug.message(classMethod + "IDP's soap end point=" + remoteSOAPEndPoint);
    }
    FSSOAPService soapService = FSSOAPService.getInstance();
    SOAPMessage returnMsg = null;
    try {
        SOAPMessage msg = soapService.bind(mappingRequest.toXMLString(true, true));
        returnMsg = soapService.sendMessage(msg, remoteSOAPEndPoint);
    } catch (FSMsgException mex) {
        debug.error(classMethod, mex);
        return null;
    } catch (java.io.IOException ioe) {
        debug.error(classMethod, ioe);
        return null;
    } catch (javax.xml.soap.SOAPException soape) {
        debug.error(classMethod, soape);
        return null;
    }
    Element elt = soapService.parseSOAPMessage(returnMsg);
    FSNameIdentifierMappingResponse mappingResponse = null;
    try {
        mappingResponse = new FSNameIdentifierMappingResponse(elt);
    } catch (FSMsgException fme2) {
        debug.error(classMethod, fme2);
        return null;
    }
    if (debug.messageEnabled()) {
        String resStr = null;
        try {
            resStr = mappingResponse.toXMLString();
        } catch (FSMsgException fme3) {
            debug.error(classMethod, fme3);
            return null;
        }
        debug.message(classMethod + "NameIdentifierMappingResponse: " + resStr);
    }
    if (FSServiceUtils.isSigningOn()) {
        if (FSNameMappingHandler.verifyNameIdMappingResponseSignature(elt, returnMsg, realm)) {
            if (debug.messageEnabled()) {
                debug.message(classMethod + "Success in verifying Name Identifier Mapping" + " Response Signature");
            }
        } else {
            debug.error(classMethod + "Failed verifying Name Identifier Mapping " + "Response");
            return null;
        }
    }
    return mappingResponse.getNameIdentifier();
}
Also used : NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) FSSOAPService(com.sun.identity.federation.services.FSSOAPService) SAMLException(com.sun.identity.saml.common.SAMLException) SOAPMessage(javax.xml.soap.SOAPMessage) BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSNameIdentifierMappingResponse(com.sun.identity.federation.message.FSNameIdentifierMappingResponse) SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType) COTException(com.sun.identity.cot.COTException) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSLoginHelperException(com.sun.identity.federation.services.FSLoginHelperException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType) FSNameMappingHandler(com.sun.identity.federation.services.namemapping.FSNameMappingHandler) FSNameIdentifierMappingRequest(com.sun.identity.federation.message.FSNameIdentifierMappingRequest) FSMsgException(com.sun.identity.federation.message.common.FSMsgException)

Example 3 with FSSessionPartner

use of com.sun.identity.federation.services.FSSessionPartner in project OpenAM by OpenRock.

the class FSPreLogoutHandler method processSingleLogoutRequest.

/**
     * Processes logout request received via SOAP profile.
     * @param reqLogout <code>FSLogoutNotification</code> request received from 
     *                  remote provider
     * @return <code>FSLogoutStatus</code> object indicates the status of
     *  the logout process
     */
public FSLogoutStatus processSingleLogoutRequest(FSLogoutNotification reqLogout) {
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("Entered FSPreLogoutHandler::" + " processSingleLogoutRequest SOAP Profile");
    }
    // User DN needs to be figured from logout request
    userID = FSLogoutUtil.getUserFromRequest(reqLogout, realm, hostedEntityId, hostedRole, hostedConfig, metaAlias);
    if (userID == null) {
        FSUtils.debug.error("User does not exist. Invalid request");
        return new FSLogoutStatus(IFSConstants.SAML_REQUESTER);
    }
    FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
    String sessionIndex = reqLogout.getSessionIndex();
    FSSession session = sessionManager.getSession(sessionManager.getSessionList(userID), sessionIndex);
    FSLogoutUtil.cleanSessionMapPartnerList(userID, remoteEntityID, metaAlias, session);
    boolean bHasAnyOtherProvider = false;
    HashMap providerMap = new HashMap();
    FSSessionPartner sessionPartner = null;
    providerMap = FSLogoutUtil.getCurrentProvider(userID, metaAlias, ssoToken, session);
    if (providerMap != null) {
        sessionPartner = (FSSessionPartner) providerMap.get(IFSConstants.PARTNER_SESSION);
        sessionIndex = (String) providerMap.get(IFSConstants.SESSION_INDEX);
        if (sessionPartner != null) {
            bHasAnyOtherProvider = true;
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("bHasAnyOtherProvider = " + bHasAnyOtherProvider);
            }
            currentEntityId = sessionPartner.getPartner();
        }
    }
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("bHasAnyOtherProvider other than source : " + bHasAnyOtherProvider);
    }
    // this is SP initiated SOAP based single logout
    FSUtils.debug.message("creating FSSingleLogoutHandler");
    FSSingleLogoutHandler handlerObj = new FSSingleLogoutHandler();
    handlerObj.setHostedDescriptor(hostedDescriptor);
    handlerObj.setHostedDescriptorConfig(hostedConfig);
    handlerObj.setRealm(realm);
    handlerObj.setHostedEntityId(hostedEntityId);
    handlerObj.setHostedProviderRole(hostedRole);
    handlerObj.setMetaAlias(metaAlias);
    handlerObj.setSingleLogoutProtocol(IFSConstants.LOGOUT_SP_SOAP_PROFILE);
    //handlerObj.setRemoteEntityId(remoteEntityID);
    return handlerObj.processSingleLogoutRequest(reqLogout, sessionPartner, userID, remoteEntityID, sessionIndex, isWMLAgent, (hostedRole.equals(IFSConstants.SP) ? IFSConstants.IDP : IFSConstants.SP));
}
Also used : FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner) HashMap(java.util.HashMap) FSSession(com.sun.identity.federation.services.FSSession) FSSessionManager(com.sun.identity.federation.services.FSSessionManager)

Example 4 with FSSessionPartner

use of com.sun.identity.federation.services.FSSessionPartner in project OpenAM by OpenRock.

the class FSLogoutUtil method getCurrentProvider.

public static HashMap getCurrentProvider(String userID, String metaAlias, Object ssoToken, FSSession curSession) {
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("Entered getCurrentProvider for user : " + userID);
    }
    HashMap providerMap = new HashMap();
    try {
        FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
        FSSession session = sessionMgr.getSession(ssoToken);
        if (session == null && curSession != null) {
            session = curSession;
        }
        if (session != null) {
            List partners = session.getSessionPartners();
            if (partners != null && !partners.isEmpty()) {
                Iterator iter = partners.iterator();
                FSSessionPartner sessionPartner = (FSSessionPartner) iter.next();
                providerMap.put(IFSConstants.PARTNER_SESSION, sessionPartner);
                providerMap.put(IFSConstants.SESSION_INDEX, session.getSessionIndex());
                return providerMap;
            } else {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSLogoutUtil.getCurrentProvider:" + "No more session partners");
                }
                return null;
            }
        }
        return null;
    } catch (Exception e) {
        FSUtils.debug.error("FSLogoutUtil.getCurrentProvider:: Exception" + " in getting the current provider", e);
        return null;
    }
}
Also used : FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner) HashMap(java.util.HashMap) FSSession(com.sun.identity.federation.services.FSSession) Iterator(java.util.Iterator) List(java.util.List) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) IOException(java.io.IOException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)

Example 5 with FSSessionPartner

use of com.sun.identity.federation.services.FSSessionPartner in project OpenAM by OpenRock.

the class FSPreLogoutHandler method processHttpSingleLogoutRequest.

/**
     * Processes logout request received via HTTP redirect/GET.
     * @param request <code>HttpServletRequest</code> object from the user agent
     * @param response <code>HttpServletRsponse</code> to be sent back to the
     *  user agent
     * @param ssoToken used to identify the principal who wants to logout
     * @return <code>FSLogoutStatus</code> object to indicate the status of
     *  the logout process.
     */
public FSLogoutStatus processHttpSingleLogoutRequest(HttpServletRequest request, HttpServletResponse response, Object ssoToken) {
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("Entered FSPrelogoutHandler::" + "processSingleLogoutRequest HTTP Redirect");
    }
    this.request = request;
    this.locale = FSServiceUtils.getLocale(request);
    setLogoutURL();
    this.response = response;
    this.ssoToken = ssoToken;
    FSSessionManager sMgr = FSSessionManager.getInstance(metaAlias);
    FSSession session = sMgr.getSession(ssoToken);
    String sessionIndex = session.getSessionIndex();
    try {
        if (session != null && session.getOneTime()) {
            this.userID = SessionManager.getProvider().getPrincipalName(ssoToken);
            FSUtils.debug.message("FSPH:processSingleLogout: Onetime case");
        } else {
            this.userID = FSLogoutUtil.getUserFromRequest(reqLogout, realm, hostedEntityId, hostedRole, hostedConfig, metaAlias);
        }
    } catch (SessionException se) {
        FSUtils.debug.error("processSingleLogoutRequest", se);
        this.userID = null;
    }
    if (userID == null) {
        FSUtils.debug.message("FSPrelogoutHandler::User Not found");
        FSLogoutUtil.returnToSource(response, remoteDescriptor, IFSConstants.SAML_RESPONDER, COMMON_ERROR_URL, reqLogout.getMinorVersion(), hostedConfig, hostedEntityId, userID);
        return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
    }
    String acceptString = request.getHeader("Accept");
    if ((acceptString != null) && (acceptString.indexOf("text/vnd.wap.wml") != -1)) {
        isWMLAgent = true;
    }
    String relayState = reqLogout.getRelayState();
    FSLogoutUtil.cleanSessionMapPartnerList(userID, remoteEntityID, metaAlias, session);
    FSUtils.debug.message("FSPrelogoutHandler::calling getCurrentProvider");
    boolean bHasAnyOtherProvider = false;
    HashMap providerMap = new HashMap();
    FSSessionPartner sessionPartner = null;
    providerMap = FSLogoutUtil.getCurrentProvider(userID, metaAlias, ssoToken);
    if (providerMap != null) {
        sessionPartner = (FSSessionPartner) providerMap.get(IFSConstants.PARTNER_SESSION);
        sessionIndex = (String) providerMap.get(IFSConstants.SESSION_INDEX);
        if (sessionPartner != null) {
            bHasAnyOtherProvider = true;
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("bHasAnyOtherProvider = " + bHasAnyOtherProvider);
            }
            currentEntityId = sessionPartner.getPartner();
        }
    }
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("bHasAnyOtherProvider other than source : " + bHasAnyOtherProvider);
    }
    // this is SP initiated HTTP based single logout
    FSUtils.debug.message("FSPreLogout::creating FSSingleLogoutHandler");
    FSSingleLogoutHandler handlerObj = new FSSingleLogoutHandler();
    handlerObj.setHostedDescriptor(hostedDescriptor);
    handlerObj.setHostedDescriptorConfig(hostedConfig);
    handlerObj.setRealm(realm);
    handlerObj.setHostedEntityId(hostedEntityId);
    handlerObj.setHostedProviderRole(hostedRole);
    handlerObj.setMetaAlias(metaAlias);
    handlerObj.setSingleLogoutProtocol(IFSConstants.LOGOUT_SP_REDIRECT_PROFILE);
    //handlerObj.setRemoteEntityId(remoteEntityID);
    return handlerObj.processHttpSingleLogoutRequest(response, request, reqLogout, sessionPartner, userID, ssoToken, remoteEntityID, sessionIndex, isWMLAgent, relayState, (hostedRole.equals(IFSConstants.SP) ? IFSConstants.IDP : IFSConstants.SP));
}
Also used : FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner) HashMap(java.util.HashMap) FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) FSSessionManager(com.sun.identity.federation.services.FSSessionManager)

Aggregations

FSSessionManager (com.sun.identity.federation.services.FSSessionManager)13 FSSessionPartner (com.sun.identity.federation.services.FSSessionPartner)13 FSSession (com.sun.identity.federation.services.FSSession)12 SessionException (com.sun.identity.plugin.session.SessionException)10 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)9 HashMap (java.util.HashMap)9 SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)7 IOException (java.io.IOException)7 SAMLException (com.sun.identity.saml.common.SAMLException)6 Iterator (java.util.Iterator)6 FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)5 List (java.util.List)5 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)4 ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)4 FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)3 FSException (com.sun.identity.federation.common.FSException)3 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)3 SessionProvider (com.sun.identity.plugin.session.SessionProvider)3 NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)3 FSAccountFedInfoKey (com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)2