Example 1 with FSTokenListener
use of com.sun.identity.federation.services.logout.FSTokenListener in project OpenAM by OpenRock.
the class FSPostLogin method setTokenListenerAndSessionInfo.
/**
* Sets the Session Listener and session information.
*
* @param request the <code>HttpServletRequest</code> object.
* @param metaAlias the provider alias string.
*/
private void setTokenListenerAndSessionInfo(HttpServletRequest request, String metaAlias) {
Object ssoToken = null;
String sessionID = null;
String userID = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
sessionID = sessionProvider.getSessionID(ssoToken);
userID = sessionProvider.getPrincipalName(ssoToken);
sessionProvider.addListener(ssoToken, new FSTokenListener(metaAlias));
} catch (SessionException ssoExp) {
FSUtils.debug.error("FSPostLogin::setTokenListenerAndSessionInfo " + "Failed during trying to add token Listener:", ssoExp);
return;
}
FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
FSSession session = sessionManager.getSession(userID, sessionID);
if (session == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPostLogin::setTokenListenerAndSessionInfo. " + "No existing session found for user " + userID + " And SessionID: " + sessionID + " Creating a new Session");
}
FSSession newSession = new FSSession(sessionID);
sessionManager.addSession(userID, newSession);
}
}
Also used :
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
FSTokenListener(com.sun.identity.federation.services.logout.FSTokenListener)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 2 with FSTokenListener
use of com.sun.identity.federation.services.logout.FSTokenListener in project OpenAM by OpenRock.
the class FSAssertionArtifactHandler method generateAnonymousToken.
/**
* Generates an anonymous token for onetime case.
*/
protected Object generateAnonymousToken(HttpServletResponse response) throws SessionException {
FSUtils.debug.message("FSAssertionArtifactHandler.generateAnonymous");
try {
Map valueMap = new HashMap();
valueMap.put(SessionProvider.PRINCIPAL_NAME, ANONYMOUS_PRINCIPAL);
valueMap.put(SessionProvider.REALM, realm);
// default auth level to "0" for anonymous
valueMap.put(SessionProvider.AUTH_LEVEL, "0");
valueMap.put(SessionProvider.AUTH_INSTANT, getAuthInstant());
valueMap.put("idpEntityID", idpEntityId);
SessionProvider sessionProvider = SessionManager.getProvider();
Object ssoSession = sessionProvider.createSession(valueMap, request, response, new StringBuffer(this.relayState));
try {
sessionProvider.addListener(ssoSession, new FSTokenListener(hostMetaAlias));
} catch (Exception e) {
FSUtils.debug.error("FSAssertionArtifactHandler.generateAnonymousToken:" + "Couldn't add listener to session:", e);
}
return ssoSession;
} catch (SessionException se) {
FSUtils.debug.error("FSAssertionArtifactHandler.genAnonymousToken failed.", se);
throw se;
} catch (Exception ae) {
FSUtils.debug.error("FSAssertionArtifactHandler.generateAnonymousToken failed.", ae);
return null;
}
}
Also used :
HashMap(java.util.HashMap)
SessionException(com.sun.identity.plugin.session.SessionException)
FSTokenListener(com.sun.identity.federation.services.logout.FSTokenListener)
Map(java.util.Map)
HashMap(java.util.HashMap)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 3 with FSTokenListener
use of com.sun.identity.federation.services.logout.FSTokenListener in project OpenAM by OpenRock.
the class FSSSOAndFedHandler method processPreAuthnSSO.
/**
* Handles authentication request.
* @param authnRequest <code>FSAuthnRequest</code> object
* @return <code>true</code> if the request is handled successfully;
* <code>false</code> otherwise.
*/
public boolean processPreAuthnSSO(FSAuthnRequest authnRequest) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: Called");
String loginURL = null;
List authenticationContextClassRef = null;
String currentAuthnContextRef = null;
String authType = null;
FSAuthContextResult authnResult = null;
FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
if (authnRequest.getAuthnContext() != null) {
authenticationContextClassRef = authnRequest.getAuthnContext().getAuthnContextClassRefList();
if (authenticationContextClassRef == null) {
String authCtxRefDefault = IFSConstants.DEFAULT_AUTHNCONTEXT_PASSWORD;
authenticationContextClassRef = new ArrayList();
authenticationContextClassRef.add(authCtxRefDefault);
}
authType = authnRequest.getAuthContextCompType();
currentAuthnContextRef = null;
}
boolean authenticated = true;
Object ssoToken = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
if (ssoToken == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "session is null. User is not authenticated.");
}
authenticated = false;
} else if (!sessionProvider.isValid(ssoToken)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "session is not valid. User is not authenticated.");
}
authenticated = false;
} else {
FSSession ssoSession = sessionMgr.getSession(ssoToken);
if (ssoSession != null) {
currentAuthnContextRef = ssoSession.getAuthnContext();
if (currentAuthnContextRef != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User has an existing " + "valid session with authnContext: " + currentAuthnContextRef);
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's authentication" + " context information not found using " + "default authentication context");
}
currentAuthnContextRef = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.process" + "PreAuthnSSO: User's authenticated session " + "information is not present in FSSessionManager. " + "using default authentication context");
}
currentAuthnContextRef = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
}
authenticated = true;
}
if (authenticated) {
// added in case of multiple SPs
try {
sessionProvider.addListener(ssoToken, new FSTokenListener(metaAlias));
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "Couldn't add listener to session:", e);
}
}
}
} catch (SessionException se) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "SSOException Occured: User does not have session " + se.getMessage());
authenticated = false;
}
//Initiate proxying
if (!authenticated) {
try {
boolean isProxy = isIDPProxyEnabled(authnRequest);
if (isProxy && !authnRequest.getFederate()) {
String preferredIDP = getPreferredIDP(authnRequest);
if (preferredIDP != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.process" + "PreAuthnSSO:IDP to be proxied" + preferredIDP);
}
sendProxyAuthnRequest(authnRequest, preferredIDP);
return true;
}
//else continue for the local authentication.
}
} catch (FSRedirectException re) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandle.processPreAuthnSSO:" + "Redirecting for the proxy handling.");
}
return true;
} catch (Exception ex) {
FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO:" + "Exception occured while processing for the proxy.", ex);
return false;
}
}
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "User's authentication status: " + authenticated);
}
FSAuthnDecisionHandler authnDecisionHandler = new FSAuthnDecisionHandler(realm, hostedEntityId, request);
List defAuthnCxtList = new ArrayList();
defAuthnCxtList.add(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT));
if (authnRequest.getIsPassive()) {
if (authnRequest.getForceAuthn()) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("FSSSOAndFedHandler.PreAuthnSSO: " + "IDP is passive can't force authentication.");
}
return false;
} else {
if (authenticated) {
if (authenticationContextClassRef != null) {
authnResult = authnDecisionHandler.decideAuthnContext(authenticationContextClassRef, currentAuthnContextRef, authType);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication context is default");
}
authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList, authType);
}
if (authnResult == null) {
return false;
}
if (authnResult.getLoginURL() != null) {
// When it's not null.,
// we should show the login page
// may be it'asking for higher auth context.
loginURL = authnResult.getLoginURL();
loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
FSUtils.forwardRequest(request, response, loginURL);
return true;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is evaluated to be valid");
}
return processPostAuthnSSO(authnRequest);
}
} else {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("FSSSOAndFedHandler.processPreAuthnSSO: " + "IDP is passive and user is not authenticated");
}
noFedStatus = new Status(new StatusCode("samlp:Responder", new StatusCode("lib:NoPassive", null)), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null);
return false;
}
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: AuthnRequest is active");
}
if (authnRequest.getForceAuthn()) {
if (authenticationContextClassRef != null) {
authnResult = authnDecisionHandler.getURLForAuthnContext(authenticationContextClassRef, authType);
} else {
authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList);
}
if (authnResult == null || authnResult.getLoginURL() == null || authnResult.getLoginURL().length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO:" + "AuthnDecision engine failed to take a " + "authn decision");
}
return false;
} else {
if (ssoToken != null) {
try {
SessionManager.getProvider().invalidateSession(ssoToken, request, response);
} catch (SessionException ssoe) {
FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO:" + "Unable to invalidate the sso session.");
}
ssoToken = null;
}
loginURL = authnResult.getLoginURL();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "AuthnDecision engine returned: " + loginURL);
}
}
loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
FSUtils.forwardRequest(request, response, loginURL);
response.flushBuffer();
return true;
} else {
if (authenticated) {
if (authenticationContextClassRef != null) {
authnResult = authnDecisionHandler.decideAuthnContext(authenticationContextClassRef, currentAuthnContextRef, authType);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is default");
}
authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList, authType);
}
if (authnResult == null) {
return false;
} else if (authnResult.getLoginURL() == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is evaluated to be valid");
}
return processPostAuthnSSO(authnRequest);
} else if (authnResult.getLoginURL().length() == 0) {
return false;
} else {
loginURL = authnResult.getLoginURL();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO" + ": AuthnDecision engine returned: " + loginURL);
}
}
loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
FSUtils.forwardRequest(request, response, loginURL);
return true;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: AuthnRequest is active");
}
//redirect for authentication authnContextRef
if (authenticationContextClassRef != null) {
authnResult = authnDecisionHandler.getURLForAuthnContext(authenticationContextClassRef, authType);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is default");
}
authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList, authType);
}
if (authnResult == null || authnResult.getLoginURL() == null || authnResult.getLoginURL().length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler. processPreAuthnSSO: " + " AuthnDecision engine" + " failed to take a decision");
}
noFedStatus = new Status(new StatusCode("samlp:Responder", new StatusCode("lib:NoAuthnContext", null)), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null);
return false;
} else {
loginURL = authnResult.getLoginURL();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "AuthnDecision engine returned: " + loginURL);
}
}
loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
FSUtils.forwardRequest(request, response, loginURL);
return true;
}
}
}
} catch (Exception e) {
FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO: " + "Exception occured");
return processPostAuthnSSO(authnRequest);
}
}
Also used :
Status(com.sun.identity.saml.protocol.Status)
ArrayList(java.util.ArrayList)
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
FSRedirectException(com.sun.identity.federation.common.FSRedirectException)
StatusCode(com.sun.identity.saml.protocol.StatusCode)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
FSRedirectException(com.sun.identity.federation.common.FSRedirectException)
FSAuthContextResult(com.sun.identity.federation.services.FSAuthContextResult)
FSAuthnDecisionHandler(com.sun.identity.federation.services.FSAuthnDecisionHandler)
List(java.util.List)
ArrayList(java.util.ArrayList)
FSTokenListener(com.sun.identity.federation.services.logout.FSTokenListener)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 4 with FSTokenListener
use of com.sun.identity.federation.services.logout.FSTokenListener in project OpenAM by OpenRock.
the class FSAssertionArtifactHandler method generateToken.
protected int generateToken(NameIdentifier ni, int handleType, NameIdentifier niIdp, Map env) {
FSUtils.debug.message("FSAssertionArtifactHandler.generateToken: Called");
if ((ni == null)) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Invalid userDN input");
return FederationSPAdapter.SSO_FAILED;
}
try {
String name = ni.getName();
String nameSpace = ni.getNameQualifier();
if ((nameSpace == null) || (nameSpace.length() == 0)) {
nameSpace = hostEntityId;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: Trying to get userDN for opaqueHandle= " + name + " ,securityDomain= " + nameSpace + " And HandleType=" + handleType);
}
String affiliationID = authnRequest.getAffiliationID();
FSAccountFedInfoKey fedKey = new FSAccountFedInfoKey(nameSpace, name);
FSAccountManager accountManager = FSAccountManager.getInstance(hostMetaAlias);
String userID = accountManager.getUserID(fedKey, realm, env);
FSAccountFedInfo fedInfo = null;
if (userID == null) {
if (niIdp != null && nameSpace.equals(affiliationID)) {
fedKey = new FSAccountFedInfoKey(affiliationID, niIdp.getName());
userID = accountManager.getUserID(fedKey, realm, env);
if (userID != null) {
FSAccountFedInfo oldInfo = accountManager.readAccountFedInfo(userID, affiliationID);
if (oldInfo != null) {
accountManager.removeAccountFedInfo(userID, oldInfo);
}
fedInfo = new FSAccountFedInfo(idpEntityId, ni, niIdp, true);
fedInfo.setAffiliation(true);
fedKey = new FSAccountFedInfoKey(nameSpace, name);
accountManager.writeAccountFedInfo(userID, fedKey, fedInfo);
} else {
FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: " + "Can't dereference handle. fedKey=" + fedKey.toString());
return FederationSPAdapter.SSO_FAILED_FEDERATION_DOESNOT_EXIST;
}
} else {
// Check if there is any 6.2 format?
FSAccountFedInfoKey oldKey = new FSAccountFedInfoKey(idpEntityId, name);
if (oldKey != null) {
userID = accountManager.getUserID(oldKey, realm, env);
if (userID != null) {
fedInfo = accountManager.readAccountFedInfo(userID, idpEntityId);
if (fedInfo != null && fedInfo.isFedStatusActive()) {
// rewrite it.
NameIdentifier localNI = fedInfo.getLocalNameIdentifier();
if (localNI != null) {
localNI.setNameQualifier(hostEntityId);
}
accountManager.removeAccountFedInfo(userID, fedInfo);
NameIdentifier remoteNI = fedInfo.getRemoteNameIdentifier();
if (remoteNI != null) {
remoteNI.setNameQualifier(hostEntityId);
}
fedInfo = new FSAccountFedInfo(idpEntityId, localNI, remoteNI, true);
accountManager.removeAccountFedInfoKey(userID, oldKey);
FSAccountFedInfoKey newKey = new FSAccountFedInfoKey(hostEntityId, name);
accountManager.writeAccountFedInfo(userID, newKey, fedInfo);
} else {
FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Can't dereference handle.");
return FederationSPAdapter.SSO_FAILED_FEDERATION_DOESNOT_EXIST;
}
} else {
String enabledStr = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.ENABLE_AUTO_FEDERATION);
if (enabledStr != null && enabledStr.equalsIgnoreCase("true") && _autoFedStatement != null) {
userID = accountManager.getUserID(autoFedSearchMap, realm, null);
if (userID != null) {
FSAccountFedInfoKey newKey = new FSAccountFedInfoKey(hostEntityId, name);
fedInfo = new FSAccountFedInfo(idpEntityId, null, ni, true);
accountManager.writeAccountFedInfo(userID, newKey, fedInfo);
} else {
FSUtils.debug.error("FSAssertionArtifactHandler. " + "generateToken:" + "Can't dereference handle.");
return FederationSPAdapter.SSO_FAILED_AUTO_FED;
}
} else {
FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Can't dereference handle.");
return FederationSPAdapter.SSO_FAILED_FEDERATION_DOESNOT_EXIST;
}
}
} else {
FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Can't dereference handle.");
return FederationSPAdapter.SSO_FAILED_FEDERATION_DOESNOT_EXIST;
}
}
} else {
if (affiliationID != null) {
fedInfo = accountManager.readAccountFedInfo(userID, affiliationID);
} else {
fedInfo = accountManager.readAccountFedInfo(userID, idpEntityId, name);
}
if (fedInfo == null) {
FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: " + "User's account is not federated, id=" + userID);
return FederationSPAdapter.SSO_FAILED_FEDERATION_DOESNOT_EXIST;
}
}
//get AuthnLevel from authnContext
String authnContextClassRef = null;
int authnLevel = 0;
Map authnContextInfoMap = FSServiceUtils.getSPAuthContextInfo(hostConfig);
if (authnContextStmt != null && authnContextStmt.getAuthnContextClassRef() != null && authnContextStmt.getAuthnContextClassRef().length() != 0) {
authnContextClassRef = authnContextStmt.getAuthnContextClassRef();
if (authnContextClassRef != null && authnContextClassRef.length() != 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: AuthnContextClassRef " + "found in AuthenticationStatement:" + authnContextClassRef);
}
FSSPAuthenticationContextInfo authnContextInfo = (FSSPAuthenticationContextInfo) authnContextInfoMap.get(authnContextClassRef);
if (authnContextInfo != null) {
authnLevel = authnContextInfo.getAuthenticationLevel();
} else {
FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Could not find " + "AuthnContextClassInfo for authnContextClassRef: " + authnContextClassRef + "Using default authnContextClass");
authnContextClassRef = null;
}
}
} else {
FSUtils.debug.warning("FSAssertionArtifactHandler.generateToken: " + "Could not find AuthnContextClassRef in the " + "AuthenticationStatement. Using default authnContextClass");
}
if (authnContextClassRef == null || authnContextClassRef.length() == 0) {
authnContextClassRef = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
FSSPAuthenticationContextInfo authnContextInfo = (FSSPAuthenticationContextInfo) authnContextInfoMap.get(authnContextClassRef);
if (authnContextInfo != null) {
authnLevel = authnContextInfo.getAuthenticationLevel();
} else {
FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Could not find authentication level " + "for default authentication context class");
return FederationSPAdapter.SSO_FAILED;
}
}
Map valueMap = new HashMap();
valueMap.put(SessionProvider.PRINCIPAL_NAME, userID);
valueMap.put(SessionProvider.REALM, realm);
valueMap.put(SessionProvider.AUTH_LEVEL, String.valueOf(authnLevel));
valueMap.put(SessionProvider.AUTH_INSTANT, getAuthInstant());
valueMap.put("idpEntityID", idpEntityId);
//valueMap.put("resourceOffering",
//valueMap.put("securityToken",
SessionProvider sessionProvider = SessionManager.getProvider();
Object ssoSession;
try {
ssoSession = sessionProvider.createSession(valueMap, request, response, new StringBuffer(this.relayState));
} catch (SessionException se) {
FSUtils.debug.error("FSAssertionArtifactHandler.generateToken:" + "cannot generate token:", se);
int failureCode = se.getErrCode();
if (failureCode == SessionException.AUTH_USER_INACTIVE) {
failureCode = FederationSPAdapter.SSO_FAILED_AUTH_USER_INACTIVE;
} else if (failureCode == SessionException.AUTH_USER_LOCKED) {
failureCode = FederationSPAdapter.SSO_FAILED_AUTH_USER_LOCKED;
} else if (failureCode == SessionException.AUTH_ACCOUNT_EXPIRED) {
failureCode = FederationSPAdapter.SSO_FAILED_AUTH_ACCOUNT_EXPIRED;
} else {
failureCode = FederationSPAdapter.SSO_FAILED_TOKEN_GENERATION;
}
return failureCode;
}
try {
sessionProvider.addListener(ssoSession, new FSTokenListener(hostMetaAlias));
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler.generateToken:" + "Couldn't add listener to session:", e);
}
}
String value = sessionProvider.getSessionID(ssoSession);
ssoToken = ssoSession;
Iterator iter = null;
//Set fed cookie
String fedCookieName = SystemConfigurationUtil.getProperty(IFSConstants.FEDERATE_COOKIE_NAME);
String fedCookieValue = "yes";
for (String domain : SystemConfigurationUtil.getCookieDomainsForRequest(request)) {
CookieUtils.addCookieToResponse(response, CookieUtils.newCookie(fedCookieName, fedCookieValue, IFSConstants.PERSISTENT_COOKIE_AGE, "/", domain));
}
//keep local session ref
FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
FSSession session = sessionManager.getSession(userID, value);
if (session != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: An Existing session found for userID:" + userID + " And SessionID: " + value + " Adding partner to the Session");
}
session.addSessionPartner(new FSSessionPartner(idpEntityId, true));
session.setSessionIndex(idpSessionIndex);
sessionManager.addSession(userID, session);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: No existing session found for userID:" + userID + " And SessionID: " + value + " Creating a new Session");
}
session = new FSSession(value);
session.addSessionPartner(new FSSessionPartner(idpEntityId, true));
if (idpSessionIndex != null) {
session.setSessionIndex(idpSessionIndex);
}
sessionManager.addSession(userID, session);
}
// keep authncontext in FSSession.
if (authnContextClassRef != null) {
session.setAuthnContext(authnContextClassRef);
}
if (fedInfo != null) {
session.setAccountFedInfo(fedInfo);
}
// keep the attr statement in FSSession.
if (bootStrapStatement != null) {
session.setBootStrapAttributeStatement(bootStrapStatement);
}
if (_autoFedStatement != null) {
session.setAutoFedStatement(_autoFedStatement);
}
if (attrStatements.size() != 0) {
session.setAttributeStatements(attrStatements);
Map attributeMap = null;
setAttributeMapper();
if (realmAttributeMapper != null) {
attributeMap = realmAttributeMapper.getAttributes(attrStatements, realm, hostEntityId, idpEntityId, ssoToken);
} else if (attributeMapper != null) {
attributeMap = attributeMapper.getAttributes(attrStatements, hostEntityId, idpEntityId, ssoToken);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: Attribute map :" + attributeMap);
}
if (attributeMap != null) {
setAttributeMap(ssoToken, attributeMap);
}
}
if (securityAssertions != null) {
session.setBootStrapCredential(securityAssertions);
}
return FederationSPAdapter.SUCCESS;
} catch (Exception e) {
FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: " + "Exception Occured ", e);
return FederationSPAdapter.SSO_FAILED;
}
}
Also used :
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
HashMap(java.util.HashMap)
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)
FSAccountManager(com.sun.identity.federation.accountmgmt.FSAccountManager)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner)
Iterator(java.util.Iterator)
FSTokenListener(com.sun.identity.federation.services.logout.FSTokenListener)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
Map(java.util.Map)
HashMap(java.util.HashMap)
FSSPAuthenticationContextInfo(com.sun.identity.federation.services.FSSPAuthenticationContextInfo)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Aggregations
FSTokenListener (com.sun.identity.federation.services.logout.FSTokenListener)4
SessionException (com.sun.identity.plugin.session.SessionException)4
SessionProvider (com.sun.identity.plugin.session.SessionProvider)4
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)3
FSException (com.sun.identity.federation.common.FSException)3
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)3
FSSession (com.sun.identity.federation.services.FSSession)3
FSSessionManager (com.sun.identity.federation.services.FSSessionManager)3
SAMLException (com.sun.identity.saml.common.SAMLException)3
IOException (java.io.IOException)3
SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)2
HashMap (java.util.HashMap)2
Map (java.util.Map)2
FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)1
FSAccountFedInfoKey (com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)1
FSAccountManager (com.sun.identity.federation.accountmgmt.FSAccountManager)1
FSRedirectException (com.sun.identity.federation.common.FSRedirectException)1
FSAuthContextResult (com.sun.identity.federation.services.FSAuthContextResult)1
FSAuthnDecisionHandler (com.sun.identity.federation.services.FSAuthnDecisionHandler)1
FSSPAuthenticationContextInfo (com.sun.identity.federation.services.FSSPAuthenticationContextInfo)1
