Example 1 with FSFedTerminationHandler
use of com.sun.identity.federation.services.termination.FSFedTerminationHandler in project OpenAM by OpenRock.
the class FSSOAPReceiver method handleTerminationRequest.
private boolean handleTerminationRequest(Element elt, SOAPMessage terminationMsg, HttpServletRequest request, HttpServletResponse response) {
try {
String providerAlias = FSServiceUtils.getMetaAlias(request);
if (providerAlias == null || providerAlias.length() < 1) {
FSUtils.debug.error("Unable to retrieve alias, Hosted Provider." + "Cannot process the termination request");
return false;
}
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager == null) {
FSUtils.debug.error("Unable to get meta manager");
return false;
}
String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
FSFederationTerminationNotification terminationRequest = new FSFederationTerminationNotification(elt);
ProviderDescriptorType hostedProviderDesc = null;
String remoteEntityId = terminationRequest.getProviderId();
ProviderDescriptorType remoteDesc = null;
String hostedRole = null;
String hostedEntityId = null;
BaseConfigType hostedConfig = null;
try {
hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedRole == null) {
return false;
} else if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
} else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
}
if (hostedProviderDesc == null) {
return false;
}
if (remoteDesc == null) {
return false;
}
} catch (IDFFMetaException eam) {
FSUtils.debug.error("Unable to find Hosted Provider. Cannot process request:", eam);
return false;
}
X509Certificate cert = KeyUtil.getVerificationCert(remoteDesc, remoteEntityId, true);
if (!FSServiceUtils.isSigningOn() || verifyRequestSignature(elt, terminationMsg, cert)) {
FSUtils.debug.message("Termination Signature successfully verified");
if (metaManager.isTrustedProvider(realm, hostedEntityId, remoteEntityId)) {
FSServiceManager instService = FSServiceManager.getInstance();
if (instService != null) {
FSFedTerminationHandler terminationHandler = instService.getFedTerminationHandler(terminationRequest, hostedConfig, realm, hostedEntityId, hostedRole, providerAlias, remoteEntityId);
if (terminationHandler != null) {
terminationHandler.setHostedDescriptor(hostedProviderDesc);
terminationHandler.setHostedDescriptorConfig(hostedConfig);
terminationHandler.setRealm(realm);
terminationHandler.setHostedEntityId(hostedEntityId);
terminationHandler.setMetaAlias(providerAlias);
terminationHandler.setHostedProviderRole(hostedRole);
terminationHandler.setRemoteEntityId(remoteEntityId);
terminationHandler.setRemoteDescriptor(remoteDesc);
boolean bProcessStatus = terminationHandler.processSOAPTerminationRequest(request, response, terminationRequest);
return bProcessStatus;
} else {
FSUtils.debug.error("Unable to get Termination Handler");
return false;
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSServiceManager instance is null. " + "Cannot process termination request");
}
return false;
}
}
FSUtils.debug.message("Remote provider not in trusted list");
return false;
} else {
FSUtils.debug.message("Termination Signature failed verification");
return false;
}
} catch (Exception se) {
FSUtils.debug.error("FSSOAPService::handleTerminationRequest failed ", se);
return false;
}
}
Also used :
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
FSFederationTerminationNotification(com.sun.identity.federation.message.FSFederationTerminationNotification)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
X509Certificate(java.security.cert.X509Certificate)
FSFedTerminationHandler(com.sun.identity.federation.services.termination.FSFedTerminationHandler)
SOAPException(javax.xml.soap.SOAPException)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSException(com.sun.identity.federation.common.FSException)
Example 2 with FSFedTerminationHandler
use of com.sun.identity.federation.services.termination.FSFedTerminationHandler in project OpenAM by OpenRock.
the class FSServiceManager method getFedTerminationHandler.
/*
* Returns federation termination handler. This method is invoked at the
* end where the termination is initiated. The handler is responsible
* for doing account defederation locally and then invoking termination at
* remote provider end.
* @param remoteEntityId provider with whom termination needs to be done
* @param remoteProviderRole role of remote provider
* @param userID user who is terminating federation with remote provider
* @param realm the realm under which the entity resides
* @param hostedEntityId hosted provider's entity id
* @param metaAlias hosted provider's meta alias
* @return <code>FSFedTerminationHandler</code> object
*/
public FSFedTerminationHandler getFedTerminationHandler(String remoteEntityId, String remoteProviderRole, String userID, String realm, String hostEntityId, String metaAlias) {
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Entered FSServicemanager::" + " getFedTerminationHandler");
}
// check for null
FSFedTerminationHandler handlerTermination = null;
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
FSAccountManager managerInst = FSAccountManager.getInstance(metaAlias);
if (metaManager == null || managerInst == null) {
FSUtils.debug.message("Error in retrieving meta, account manager");
return null;
}
FSAccountFedInfo acctInfo = managerInst.readAccountFedInfo(userID, remoteEntityId);
if (acctInfo == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Account federation with provider " + remoteEntityId + " does not exist");
}
return null;
}
// Pass USERDN TO HANDLER to AVOID SEARCH AGAIN
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSServiceManager.getFedTermination" + "Handler: remoteEntityID = " + remoteEntityId + " remoteProviderRole = " + remoteProviderRole);
}
handlerTermination = new FSFedTerminationHandler();
if (handlerTermination != null) {
ProviderDescriptorType remoteDesc = null;
if (remoteProviderRole.equalsIgnoreCase(IFSConstants.IDP)) {
remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
} else {
remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
}
handlerTermination.setRemoteDescriptor(remoteDesc);
handlerTermination.setRemoteEntityId(remoteEntityId);
handlerTermination.setUserID(userID);
handlerTermination.setAccountInfo(acctInfo);
return handlerTermination;
} else {
FSUtils.debug.message("Termination Handler is null");
return null;
}
} catch (Exception e) {
FSUtils.debug.error("FSServiceManager::getFedTerminationHandler " + "failed to get termination handler");
}
return null;
}
Also used :
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
FSAccountManager(com.sun.identity.federation.accountmgmt.FSAccountManager)
FSFedTerminationHandler(com.sun.identity.federation.services.termination.FSFedTerminationHandler)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
Example 3 with FSFedTerminationHandler
use of com.sun.identity.federation.services.termination.FSFedTerminationHandler in project OpenAM by OpenRock.
the class FSServiceManager method getFedTerminationHandler.
/*
* Returns <code>FSFedTerminationHandler</code>. This method is invoked at
* the end where the termination request is received. The handler is
* responsible for doing account defederation.
* @param terminationRequest federation termination request
* @param hostedConfig Hosted Provider's extended meta
* @param hostedEntityId hosted provider's entity ID
* @param hostedProviderRole hosted provider's role
* @param metaAlias hosted provider's meta alias
* @param remoteEntityId remote provider's entity ID
* @return <code>FSFedTerminationHandler</code> object
*/
public FSFedTerminationHandler getFedTerminationHandler(FSFederationTerminationNotification terminationRequest, BaseConfigType hostedConfig, String realm, String hostedEntityId, String hostedProviderRole, String metaAlias, String remoteEntityId) {
try {
FSUtils.debug.message("Entered FSServicemanager::getFedTerminationHandler");
FSAccountManager managerInst = FSAccountManager.getInstance(metaAlias);
if (managerInst == null) {
FSUtils.debug.error("Error in retrieving account manager");
return null;
}
NameIdentifier nameIdObj = terminationRequest.getNameIdentifier();
String nameIDValue = nameIdObj.getName();
// Get amId
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Remote provider : " + remoteEntityId + ", Name Qualifier : " + nameIdObj.getNameQualifier() + ", Name : " + nameIDValue + ", Realm : " + realm);
}
String nameQualifier = nameIdObj.getNameQualifier();
String searchDomain = hostedEntityId;
if (nameQualifier != null && !nameQualifier.equals(remoteEntityId)) {
searchDomain = nameQualifier;
}
FSAccountFedInfoKey acctkey = null;
// for IDP, search remote SP, then local
if (hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
acctkey = new FSAccountFedInfoKey(searchDomain, nameIDValue);
} else {
acctkey = new FSAccountFedInfoKey(remoteEntityId, nameIDValue);
}
Map env = new HashMap();
env.put(IFSConstants.FS_USER_PROVIDER_ENV_TERMINATION_KEY, terminationRequest);
String userID = managerInst.getUserID(acctkey, realm, env);
if (userID == null) {
if (hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
acctkey = new FSAccountFedInfoKey(remoteEntityId, nameIDValue);
} else {
acctkey = new FSAccountFedInfoKey(hostedEntityId, nameIDValue);
}
userID = managerInst.getUserID(acctkey, realm, env);
if (userID == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("UserID is null");
}
return null;
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("user ID is " + userID);
}
FSAccountFedInfo acctInfo = managerInst.readAccountFedInfo(userID, remoteEntityId, nameIDValue);
if (acctInfo == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Account federation with provider " + remoteEntityId + " does not exist");
}
return null;
}
// Pass USERID TO HANDLER to AVOID SEARCH AGAIN
FSFedTerminationHandler handlerTermination = new FSFedTerminationHandler();
if (handlerTermination != null) {
handlerTermination.setUserID(userID);
handlerTermination.setAccountInfo(acctInfo);
return handlerTermination;
} else {
FSUtils.debug.message("Termination Handler is null");
return null;
}
} catch (Exception e) {
FSUtils.debug.error("FSServiceManager::getFedTerminationHandler " + "failed to get termination handler");
}
return null;
}
Also used :
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
HashMap(java.util.HashMap)
FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)
FSAccountManager(com.sun.identity.federation.accountmgmt.FSAccountManager)
HashMap(java.util.HashMap)
Map(java.util.Map)
FSFedTerminationHandler(com.sun.identity.federation.services.termination.FSFedTerminationHandler)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
Aggregations
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)3
FSFedTerminationHandler (com.sun.identity.federation.services.termination.FSFedTerminationHandler)3
FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)2
FSAccountManager (com.sun.identity.federation.accountmgmt.FSAccountManager)2
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)2
ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)2
SystemConfigurationException (com.sun.identity.common.SystemConfigurationException)1
FSAccountFedInfoKey (com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)1
FSException (com.sun.identity.federation.common.FSException)1
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)1
FSFederationTerminationNotification (com.sun.identity.federation.message.FSFederationTerminationNotification)1
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)1
NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)1
X509Certificate (java.security.cert.X509Certificate)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
SOAPException (javax.xml.soap.SOAPException)1
