use of com.sun.identity.federation.services.FSSessionPartner in project OpenAM by OpenRock.
the class FSSingleLogoutHandler method handleIDPProxyLogout.
private FSLogoutStatus handleIDPProxyLogout(String sourceEntityId) {
FSLogoutStatus retStatus = null;
FSUtils.debug.message("FSSingleLogoutHandler.handleIDPProxyLogout.");
// get sp metaAlias if any
String proxySPAlias = null;
boolean isProxy = false;
BaseConfigType proxySPConfig = null;
ProviderDescriptorType proxySPDescriptor = null;
if (hostedRole == IFSConstants.IDP) {
// see if there is a hosted SP with the same hostedEntityId
proxySPAlias = IDFFMetaUtils.getMetaAlias(realm, hostedEntityId, IFSConstants.SP, null);
if (proxySPAlias != null) {
// check to see if original SP is idp proxy enabled
if (metaManager != null) {
try {
BaseConfigType sourceSPConfig = metaManager.getSPDescriptorConfig(realm, sourceEntityId);
String enabledString = IDFFMetaUtils.getFirstAttributeValueFromConfig(sourceSPConfig, IFSConstants.ENABLE_IDP_PROXY);
if (enabledString != null && enabledString.equalsIgnoreCase("true")) {
isProxy = true;
}
} catch (IDFFMetaException ie) {
// Shouldn't be here
isProxy = false;
}
}
}
}
if (isProxy) {
FSUtils.debug.message("FSSingleLogoutHandler.handleIDPProxyLogout:isProxy is true.");
// see if there is any session with that proxySPAlias
try {
FSSessionManager sessionMgr = FSSessionManager.getInstance(proxySPAlias);
FSSession session = sessionMgr.getSession(ssoToken);
if (session != null) {
List partners = session.getSessionPartners();
if (partners != null && !partners.isEmpty()) {
FSSingleLogoutHandler handler = new FSSingleLogoutHandler();
proxySPConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
proxySPDescriptor = metaManager.getSPDescriptor(realm, hostedEntityId);
handler.setHostedDescriptor(proxySPDescriptor);
handler.setHostedDescriptorConfig(proxySPConfig);
handler.setRealm(realm);
handler.setHostedEntityId(hostedEntityId);
handler.setHostedProviderRole(IFSConstants.SP);
handler.setMetaAlias(proxySPAlias);
Iterator iter = partners.iterator();
retStatus = new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
// most of the time it will have only one idp partner
while (iter.hasNext()) {
FSSessionPartner sessionPartner = (FSSessionPartner) iter.next();
String curEntityId = sessionPartner.getPartner();
if (curEntityId.equals(sourceEntityId) || !sessionPartner.getIsRoleIDP()) {
continue;
}
FSLogoutStatus curStatus = handler.doIDPProxySoapProfile(request, response, sessionPartner, userID, session.getSessionIndex(), ssoToken);
if (!curStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
retStatus = curStatus;
}
}
}
}
} catch (Exception e) {
FSUtils.debug.error("FSSingleLogoutHandler.handleIDPProxy:", e);
retStatus = new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
}
return retStatus;
}
use of com.sun.identity.federation.services.FSSessionPartner in project OpenAM by OpenRock.
the class LibertyManager method getMappedNameIdentifier.
/**
* Returns <code>NameIdentifier</code> between the IDP and
* the other SP for the same principal. This method should
* be used by the code on the hosted SP, where the user
* has logged in, and has an account linking with the IDP.
* Futhermore, the same principal has an account linking
* between his/her other (remote) SP account and the IDP
* account.
*
* @param hostedSPMetaAlias The <code>metaAlias</code> of
* the local service provider.
* @param ssoToken The session token of the logged-
* in user on the local service provider.
* @param remoteSPEntityID The entity ID of the remote
* service provider. In other words, it is the targeted
* name space for the returned name identifier.
* @return <code>NameIdentifier</code> of the same principal
* but original established between the remote SP and
* the IDP
*/
public static NameIdentifier getMappedNameIdentifier(String hostedSPMetaAlias, Object ssoToken, String remoteSPEntityID) {
String classMethod = "LibertyManager.getMappedNameIdentifier: ";
String hostedEntityID = getEntityID(hostedSPMetaAlias);
String realm = IDFFMetaUtils.getRealmByMetaAlias(hostedSPMetaAlias);
if (debug.messageEnabled()) {
debug.message("NameMappingRequester: hostedEntityID=" + hostedEntityID);
}
SPDescriptorType hostedDescriptor = null;
BaseConfigType hostedConfig = null;
try {
hostedDescriptor = metaManager.getSPDescriptor(realm, hostedEntityID);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityID);
} catch (IDFFMetaException ie) {
debug.error(classMethod + "couldn't obtain hosted meta:", ie);
return null;
}
String userID = null;
try {
userID = SessionManager.getProvider().getPrincipalName(ssoToken);
} catch (SessionException ssoe) {
debug.error("SessionException caught when trying to " + "get user DN from session token:", ssoe);
return null;
}
if (debug.messageEnabled()) {
debug.message(classMethod + "userID=" + userID);
}
FSNameMappingHandler handler = new FSNameMappingHandler(hostedEntityID, hostedDescriptor, hostedConfig, hostedSPMetaAlias);
NameIdentifier ni = null;
if (debug.messageEnabled()) {
debug.message(classMethod + "targetNamespace (remoteSPEntityID)=" + remoteSPEntityID);
}
FSSessionManager sMgr = FSSessionManager.getInstance(hostedSPMetaAlias);
FSSession sess = null;
if (sMgr != null) {
sess = sMgr.getSession(ssoToken);
}
FSSessionPartner partner = null;
if (sess != null) {
partner = sess.getCurrentSessionPartner();
} else {
debug.error(classMethod + "session is null");
return null;
}
String remoteIDPEntityID = null;
if (partner != null) {
remoteIDPEntityID = partner.getPartner();
}
if (debug.messageEnabled()) {
debug.message(classMethod + "Remote IDP EntityID = " + remoteIDPEntityID);
}
try {
ni = handler.getNameIdentifier(userID, remoteIDPEntityID, true);
} catch (Exception e) {
debug.error(classMethod + "Exception caught when trying to get Name " + "Identifier between local SP and remote IDP: ", e);
return null;
}
if (debug.messageEnabled()) {
debug.message(classMethod + "Name Identifier between local SP and " + " remote IDP: " + ni.toString());
}
FSNameIdentifierMappingRequest mappingRequest = null;
try {
mappingRequest = new FSNameIdentifierMappingRequest(hostedEntityID, ni, remoteSPEntityID);
} catch (com.sun.identity.federation.message.common.FSMsgException fe) {
debug.error(classMethod, fe);
return null;
}
if (FSServiceUtils.isSigningOn()) {
try {
mappingRequest.signXML(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS));
} catch (SAMLException se) {
debug.error(classMethod, se);
return null;
}
}
IDPDescriptorType remoteProviderDesc = null;
try {
remoteProviderDesc = metaManager.getIDPDescriptor(realm, remoteIDPEntityID);
} catch (IDFFMetaException fme1) {
debug.error(classMethod, fme1);
return null;
}
String remoteSOAPEndPoint = remoteProviderDesc.getSoapEndpoint();
if (debug.messageEnabled()) {
debug.message(classMethod + "IDP's soap end point=" + remoteSOAPEndPoint);
}
FSSOAPService soapService = FSSOAPService.getInstance();
SOAPMessage returnMsg = null;
try {
SOAPMessage msg = soapService.bind(mappingRequest.toXMLString(true, true));
returnMsg = soapService.sendMessage(msg, remoteSOAPEndPoint);
} catch (FSMsgException mex) {
debug.error(classMethod, mex);
return null;
} catch (java.io.IOException ioe) {
debug.error(classMethod, ioe);
return null;
} catch (javax.xml.soap.SOAPException soape) {
debug.error(classMethod, soape);
return null;
}
Element elt = soapService.parseSOAPMessage(returnMsg);
FSNameIdentifierMappingResponse mappingResponse = null;
try {
mappingResponse = new FSNameIdentifierMappingResponse(elt);
} catch (FSMsgException fme2) {
debug.error(classMethod, fme2);
return null;
}
if (debug.messageEnabled()) {
String resStr = null;
try {
resStr = mappingResponse.toXMLString();
} catch (FSMsgException fme3) {
debug.error(classMethod, fme3);
return null;
}
debug.message(classMethod + "NameIdentifierMappingResponse: " + resStr);
}
if (FSServiceUtils.isSigningOn()) {
if (FSNameMappingHandler.verifyNameIdMappingResponseSignature(elt, returnMsg, realm)) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Success in verifying Name Identifier Mapping" + " Response Signature");
}
} else {
debug.error(classMethod + "Failed verifying Name Identifier Mapping " + "Response");
return null;
}
}
return mappingResponse.getNameIdentifier();
}
use of com.sun.identity.federation.services.FSSessionPartner in project OpenAM by OpenRock.
the class FSPreLogoutHandler method processSingleLogoutRequest.
/**
* Processes logout request received via SOAP profile.
* @param reqLogout <code>FSLogoutNotification</code> request received from
* remote provider
* @return <code>FSLogoutStatus</code> object indicates the status of
* the logout process
*/
public FSLogoutStatus processSingleLogoutRequest(FSLogoutNotification reqLogout) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Entered FSPreLogoutHandler::" + " processSingleLogoutRequest SOAP Profile");
}
// User DN needs to be figured from logout request
userID = FSLogoutUtil.getUserFromRequest(reqLogout, realm, hostedEntityId, hostedRole, hostedConfig, metaAlias);
if (userID == null) {
FSUtils.debug.error("User does not exist. Invalid request");
return new FSLogoutStatus(IFSConstants.SAML_REQUESTER);
}
FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
String sessionIndex = reqLogout.getSessionIndex();
FSSession session = sessionManager.getSession(sessionManager.getSessionList(userID), sessionIndex);
FSLogoutUtil.cleanSessionMapPartnerList(userID, remoteEntityID, metaAlias, session);
boolean bHasAnyOtherProvider = false;
HashMap providerMap = new HashMap();
FSSessionPartner sessionPartner = null;
providerMap = FSLogoutUtil.getCurrentProvider(userID, metaAlias, ssoToken, session);
if (providerMap != null) {
sessionPartner = (FSSessionPartner) providerMap.get(IFSConstants.PARTNER_SESSION);
sessionIndex = (String) providerMap.get(IFSConstants.SESSION_INDEX);
if (sessionPartner != null) {
bHasAnyOtherProvider = true;
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("bHasAnyOtherProvider = " + bHasAnyOtherProvider);
}
currentEntityId = sessionPartner.getPartner();
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("bHasAnyOtherProvider other than source : " + bHasAnyOtherProvider);
}
// this is SP initiated SOAP based single logout
FSUtils.debug.message("creating FSSingleLogoutHandler");
FSSingleLogoutHandler handlerObj = new FSSingleLogoutHandler();
handlerObj.setHostedDescriptor(hostedDescriptor);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setRealm(realm);
handlerObj.setHostedEntityId(hostedEntityId);
handlerObj.setHostedProviderRole(hostedRole);
handlerObj.setMetaAlias(metaAlias);
handlerObj.setSingleLogoutProtocol(IFSConstants.LOGOUT_SP_SOAP_PROFILE);
//handlerObj.setRemoteEntityId(remoteEntityID);
return handlerObj.processSingleLogoutRequest(reqLogout, sessionPartner, userID, remoteEntityID, sessionIndex, isWMLAgent, (hostedRole.equals(IFSConstants.SP) ? IFSConstants.IDP : IFSConstants.SP));
}
use of com.sun.identity.federation.services.FSSessionPartner in project OpenAM by OpenRock.
the class FSLogoutUtil method getCurrentProvider.
public static HashMap getCurrentProvider(String userID, String metaAlias, Object ssoToken, FSSession curSession) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Entered getCurrentProvider for user : " + userID);
}
HashMap providerMap = new HashMap();
try {
FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
FSSession session = sessionMgr.getSession(ssoToken);
if (session == null && curSession != null) {
session = curSession;
}
if (session != null) {
List partners = session.getSessionPartners();
if (partners != null && !partners.isEmpty()) {
Iterator iter = partners.iterator();
FSSessionPartner sessionPartner = (FSSessionPartner) iter.next();
providerMap.put(IFSConstants.PARTNER_SESSION, sessionPartner);
providerMap.put(IFSConstants.SESSION_INDEX, session.getSessionIndex());
return providerMap;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSLogoutUtil.getCurrentProvider:" + "No more session partners");
}
return null;
}
}
return null;
} catch (Exception e) {
FSUtils.debug.error("FSLogoutUtil.getCurrentProvider:: Exception" + " in getting the current provider", e);
return null;
}
}
use of com.sun.identity.federation.services.FSSessionPartner in project OpenAM by OpenRock.
the class FSPreLogoutHandler method processHttpSingleLogoutRequest.
/**
* Processes logout request received via HTTP redirect/GET.
* @param request <code>HttpServletRequest</code> object from the user agent
* @param response <code>HttpServletRsponse</code> to be sent back to the
* user agent
* @param ssoToken used to identify the principal who wants to logout
* @return <code>FSLogoutStatus</code> object to indicate the status of
* the logout process.
*/
public FSLogoutStatus processHttpSingleLogoutRequest(HttpServletRequest request, HttpServletResponse response, Object ssoToken) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Entered FSPrelogoutHandler::" + "processSingleLogoutRequest HTTP Redirect");
}
this.request = request;
this.locale = FSServiceUtils.getLocale(request);
setLogoutURL();
this.response = response;
this.ssoToken = ssoToken;
FSSessionManager sMgr = FSSessionManager.getInstance(metaAlias);
FSSession session = sMgr.getSession(ssoToken);
String sessionIndex = session.getSessionIndex();
try {
if (session != null && session.getOneTime()) {
this.userID = SessionManager.getProvider().getPrincipalName(ssoToken);
FSUtils.debug.message("FSPH:processSingleLogout: Onetime case");
} else {
this.userID = FSLogoutUtil.getUserFromRequest(reqLogout, realm, hostedEntityId, hostedRole, hostedConfig, metaAlias);
}
} catch (SessionException se) {
FSUtils.debug.error("processSingleLogoutRequest", se);
this.userID = null;
}
if (userID == null) {
FSUtils.debug.message("FSPrelogoutHandler::User Not found");
FSLogoutUtil.returnToSource(response, remoteDescriptor, IFSConstants.SAML_RESPONDER, COMMON_ERROR_URL, reqLogout.getMinorVersion(), hostedConfig, hostedEntityId, userID);
return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
String acceptString = request.getHeader("Accept");
if ((acceptString != null) && (acceptString.indexOf("text/vnd.wap.wml") != -1)) {
isWMLAgent = true;
}
String relayState = reqLogout.getRelayState();
FSLogoutUtil.cleanSessionMapPartnerList(userID, remoteEntityID, metaAlias, session);
FSUtils.debug.message("FSPrelogoutHandler::calling getCurrentProvider");
boolean bHasAnyOtherProvider = false;
HashMap providerMap = new HashMap();
FSSessionPartner sessionPartner = null;
providerMap = FSLogoutUtil.getCurrentProvider(userID, metaAlias, ssoToken);
if (providerMap != null) {
sessionPartner = (FSSessionPartner) providerMap.get(IFSConstants.PARTNER_SESSION);
sessionIndex = (String) providerMap.get(IFSConstants.SESSION_INDEX);
if (sessionPartner != null) {
bHasAnyOtherProvider = true;
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("bHasAnyOtherProvider = " + bHasAnyOtherProvider);
}
currentEntityId = sessionPartner.getPartner();
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("bHasAnyOtherProvider other than source : " + bHasAnyOtherProvider);
}
// this is SP initiated HTTP based single logout
FSUtils.debug.message("FSPreLogout::creating FSSingleLogoutHandler");
FSSingleLogoutHandler handlerObj = new FSSingleLogoutHandler();
handlerObj.setHostedDescriptor(hostedDescriptor);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setRealm(realm);
handlerObj.setHostedEntityId(hostedEntityId);
handlerObj.setHostedProviderRole(hostedRole);
handlerObj.setMetaAlias(metaAlias);
handlerObj.setSingleLogoutProtocol(IFSConstants.LOGOUT_SP_REDIRECT_PROFILE);
//handlerObj.setRemoteEntityId(remoteEntityID);
return handlerObj.processHttpSingleLogoutRequest(response, request, reqLogout, sessionPartner, userID, ssoToken, remoteEntityID, sessionIndex, isWMLAgent, relayState, (hostedRole.equals(IFSConstants.SP) ? IFSConstants.IDP : IFSConstants.SP));
}
Aggregations