Search in sources :

Example 11 with FSSessionPartner

use of com.sun.identity.federation.services.FSSessionPartner in project OpenAM by OpenRock.

the class FSAssertionArtifactHandler method sendProxyResponse.

/**
     * Sends the proxy authentication response to the proxying service
     * provider which has originally requested for the authentication.
     * @param requestID authnRequest id that is sent to the authenticating
     *  Identity Provider.
     */
protected void sendProxyResponse(String requestID) {
    FSUtils.debug.message("FSAssertionArtifactHandler.sendProxyResponse::");
    FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
    FSAuthnRequest origRequest = sessionManager.getProxySPAuthnRequest(requestID);
    if (FSUtils.debug.messageEnabled()) {
        try {
            FSUtils.debug.message("FSAssertionHandler.sendProxyResponse:" + origRequest.toXMLString());
        } catch (Exception ex) {
            FSUtils.debug.error("FSAssertionHandler.sendProxyResponse:" + "toString(): Failed.", ex);
        }
    }
    SPDescriptorType proxyDescriptor = sessionManager.getProxySPDescriptor(requestID);
    String proxySPEntityId = origRequest.getProviderId();
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSAssertionArtifactHandler.sendProxyResponse" + ":Original requesting service provider id:" + proxySPEntityId);
    }
    FSSession session = sessionManager.getSession(ssoToken);
    if (authnContextStmt != null) {
        String authnContext = authnContextStmt.getAuthnContextClassRef();
        session.setAuthnContext(authnContext);
    }
    session.addSessionPartner(new FSSessionPartner(proxySPEntityId, false));
    if (FSUtils.debug.messageEnabled()) {
        Iterator partners = session.getSessionPartners().iterator();
        while (partners.hasNext()) {
            FSSessionPartner part = (FSSessionPartner) partners.next();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("PARTNERS" + part.getPartner());
            }
        }
    }
    IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
    BaseConfigType proxySPConfig = null;
    try {
        proxySPConfig = metaManager.getSPDescriptorConfig(realm, proxySPEntityId);
    } catch (Exception e) {
        FSUtils.debug.error("FSAssertionArtifactHandler.sendProxyResponse:" + "Couldn't obtain proxy sp meta:", e);
    }
    FSProxyHandler handler = new FSProxyHandler(request, response, origRequest, proxyDescriptor, proxySPConfig, proxySPEntityId, origRequest.getRelayState(), ssoToken);
    IDPDescriptorType localIDPDesc = null;
    BaseConfigType localIDPConfig = null;
    String localIDPMetaAlias = null;
    try {
        localIDPDesc = metaManager.getIDPDescriptor(realm, hostEntityId);
        localIDPConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
        localIDPMetaAlias = localIDPConfig.getMetaAlias();
    } catch (Exception e) {
        FSUtils.debug.error("FSAssertionartifactHandler.sendProxyResponse:" + "Exception when obtaining local idp meta:", e);
    }
    handler.setRealm(realm);
    handler.setHostedEntityId(hostEntityId);
    handler.setHostedDescriptor(localIDPDesc);
    handler.setHostedDescriptorConfig(localIDPConfig);
    handler.setMetaAlias(localIDPMetaAlias);
    handler.processAuthnRequest(origRequest, true);
}
Also used : BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType) FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest) FSSession(com.sun.identity.federation.services.FSSession) Iterator(java.util.Iterator) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException)

Example 12 with FSSessionPartner

use of com.sun.identity.federation.services.FSSessionPartner in project OpenAM by OpenRock.

the class FSSSOAndFedHandler method processPostAuthnSSO.

/**
     * Handles authentication request after local login.
     * @param authnRequest <code>FSAuthnRequest</code> object
     * @return <code>true</code> if the request is handled successfully;
     *  <code>false</code> otherwise.
     */
public boolean processPostAuthnSSO(FSAuthnRequest authnRequest) {
    FSUtils.debug.message("FSSSOAndFedHandler.processPostAuthnSSO: Called");
    SessionProvider sessionProvider = null;
    try {
        sessionProvider = SessionManager.getProvider();
        if (ssoToken == null) {
            ssoToken = sessionProvider.getSession(request);
        }
        if ((ssoToken == null) || (!sessionProvider.isValid(ssoToken))) {
            FSUtils.debug.error("FSSSOAndFedHandler.processPostAuthnSSO: " + "session is not valid.");
            return false;
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.processPostAuthnSSO: " + "session is valid.");
            }
        }
    } catch (SessionException se) {
        FSUtils.debug.error("FSSSOAndFedHandler.processPostAuthnSSO: ", se);
        return false;
    }
    //save session
    String userID = null;
    String sessionID = null;
    try {
        userID = sessionProvider.getPrincipalName(ssoToken);
        sessionID = sessionProvider.getSessionID(ssoToken);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedHandler.processPostAuthnSSO: " + "UserID of the principal in the session: " + userID + "sessionID of the session: " + sessionID);
        }
    } catch (SessionException ex) {
        FSUtils.debug.error("FSSSOAndFedHandler.processPostAuthnSSO: " + "SessionException occured. " + "Principal information not found in the session: ", ex);
        return false;
    }
    FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
    FSSession session = sessionManager.getSession(userID, sessionID);
    if (session != null) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedHandler.processPostAuthnSSO: " + "An existing SSO session found with ID:" + session.getSessionID());
        }
        session.addSessionPartner(new FSSessionPartner(spEntityId, false));
        sessionManager.addSession(userID, session);
    } else {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedHandler.processPostAuthnSSO: " + "No existing SSO session found. " + "Entering a new session to the session manager with ID: " + sessionID);
        }
        session = new FSSession(sessionID);
        String sessionIndex = SAMLUtils.generateID();
        session.setSessionIndex(sessionIndex);
        session.addSessionPartner(new FSSessionPartner(spEntityId, false));
        sessionManager.addSession(userID, session);
    }
    // check for federation
    String autoFedStr = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.ENABLE_AUTO_FEDERATION);
    if (authnRequest.getFederate() || (autoFedStr != null && autoFedStr.equalsIgnoreCase("true"))) {
        FSAccountFedInfo fedInfo = doAccountFederation(ssoToken, authnRequest, session);
        NameIdentifier spNI = null;
        NameIdentifier idpNI = null;
        if (fedInfo == null) {
            FSUtils.debug.error("FSSSOAndFedHandler.processPostAuthnSSO: " + "Accountfederation failed");
            return false;
        } else {
            spNI = fedInfo.getRemoteNameIdentifier();
            idpNI = fedInfo.getLocalNameIdentifier();
            if (idpNI == null) {
                idpNI = fedInfo.getRemoteNameIdentifier();
                if (idpNI == null) {
                    FSUtils.debug.error("FSSSOAndFedHandler.processPost" + "AuthnSSO: Opaque handle not found");
                    return false;
                }
            }
            if (spNI == null) {
                spNI = idpNI;
            }
        }
        return doSingleSignOn(ssoToken, authnRequest.getRequestID(), spNI, idpNI);
    } else {
        return doSingleSignOn(ssoToken, authnRequest.getRequestID());
    }
}
Also used : FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo) FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 13 with FSSessionPartner

use of com.sun.identity.federation.services.FSSessionPartner in project OpenAM by OpenRock.

the class IDFFSingleLogoutHandler method handleSOAPInitiatedSingleLogout.

private int handleSOAPInitiatedSingleLogout(Set userSession, String userID, HttpServletRequest request, HttpServletResponse response, String realm, String idpMetaAlias, String idpEntityId, String relayState, IDFFMetaManager metaManager) throws Exception {
    // TODO : verify this works under LB
    Object ssoToken = null;
    if ((userSession != null) && !userSession.isEmpty()) {
        // TODO : handle multiple SSO token case
        ssoToken = (Object) userSession.iterator().next();
    } else {
        FSSessionManager manager = FSSessionManager.getInstance(idpMetaAlias);
        List sessions = manager.getSessionList(userID);
        if ((sessions != null) && !sessions.isEmpty()) {
            // TODO : handle multiple SSO token case
            ssoToken = sessions.iterator().next();
        } else {
            return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
        }
    }
    // call Single Logout Handler
    FSUtils.debug.message("creating FSSingleLogoutHandler");
    HashMap providerMap = FSLogoutUtil.getCurrentProvider(userID, idpEntityId, ssoToken);
    if (providerMap != null) {
        FSSessionPartner currentSessionProvider = (FSSessionPartner) providerMap.get(IFSConstants.PARTNER_SESSION);
        String sessionIndex = (String) providerMap.get(IFSConstants.SESSION_INDEX);
        if (currentSessionProvider != null) {
            ProviderDescriptorType hostedProviderDesc = metaManager.getIDPDescriptor(realm, idpEntityId);
            BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, idpEntityId);
            FSSingleLogoutHandler handlerObj = new FSSingleLogoutHandler();
            handlerObj.setHostedDescriptor(hostedProviderDesc);
            handlerObj.setHostedDescriptorConfig(hostedConfig);
            handlerObj.setHostedEntityId(idpEntityId);
            handlerObj.setHostedProviderRole(IFSConstants.IDP);
            handlerObj.setMetaAlias(idpMetaAlias);
            handlerObj.setSingleLogoutProtocol(IFSConstants.LOGOUT_IDP_SOAP_PROFILE);
            handlerObj.setRelayState(relayState);
            handlerObj.setRealm(realm);
            FSLogoutStatus logoutStatus = handlerObj.handleSingleLogout(response, request, currentSessionProvider, userID, sessionIndex, false, ssoToken);
            if (SingleLogoutManager.debug.messageEnabled()) {
                SingleLogoutManager.debug.message("IDFFSLOHandler." + "handleSOAPInitiatedSLO: logout status=" + logoutStatus.toString());
            }
            if (logoutStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
                return SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS;
            } else {
                return SingleLogoutManager.LOGOUT_FAILED_STATUS;
            }
        }
    }
    return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
}
Also used : BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) FSSingleLogoutHandler(com.sun.identity.federation.services.logout.FSSingleLogoutHandler) FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner) HashMap(java.util.HashMap) ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType) FSLogoutStatus(com.sun.identity.federation.services.logout.FSLogoutStatus) List(java.util.List) FSSessionManager(com.sun.identity.federation.services.FSSessionManager)

Aggregations

FSSessionManager (com.sun.identity.federation.services.FSSessionManager)13 FSSessionPartner (com.sun.identity.federation.services.FSSessionPartner)13 FSSession (com.sun.identity.federation.services.FSSession)12 SessionException (com.sun.identity.plugin.session.SessionException)10 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)9 HashMap (java.util.HashMap)9 SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)7 IOException (java.io.IOException)7 SAMLException (com.sun.identity.saml.common.SAMLException)6 Iterator (java.util.Iterator)6 FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)5 List (java.util.List)5 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)4 ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)4 FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)3 FSException (com.sun.identity.federation.common.FSException)3 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)3 SessionProvider (com.sun.identity.plugin.session.SessionProvider)3 NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)3 FSAccountFedInfoKey (com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)2