Search in sources :

Example 1 with AffiliationDescriptorType

use of com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType in project OpenAM by OpenRock.

the class FSIntersiteTransferService method doGet.

/**
     * Generates <code>AuthnRequest</code> and sends it to <code>IDP</code>.
     * @param request <code>HttpServletRequest</code> object
     * @param response <code>HttpServletResponse</code> object
     * @exception ServletException,IOException if error occurred
     */
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    FSUtils.debug.message("FSIntersiteTransferService.doGet: Called");
    /**
         * Check to see if there is a need to set lb cookie.
         * This is for the use case that AuthnRequest is not created by the 
         * preLogin process and lb cookie wasn't set there.
         */
    if (FSUtils.needSetLBCookieAndRedirect(request, response, false)) {
        return;
    }
    try {
        IDPDescriptorType idpDescriptor = null;
        String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
        if (metaAlias == null || metaAlias.length() == 0) {
            metaAlias = FSServiceUtils.getMetaAlias(request);
        }
        IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
        String hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
        String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
        if ((request == null) || (response == null)) {
            response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
            return;
        }
        String qs = request.getQueryString();
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "QueryString Received from CommonDomain: " + qs);
        }
        String requestID = findRequestID(request);
        if (requestID == null) {
            //throw error page
            FSUtils.debug.error("FSIntersiteTransferService.doGet: " + FSUtils.bundle.getString("nullInputParameter"));
            response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
            return;
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "RequestID found: " + requestID);
        }
        FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
        FSAuthnRequest authnRequest = sessionMgr.getAuthnRequest(requestID);
        if (authnRequest == null) {
            FSUtils.debug.error("FSIntersiteTransferService.doGet: " + FSUtils.bundle.getString("invalidRequestId"));
            String[] data = { FSUtils.bundle.getString("invalidRequestId") };
            LogUtil.error(Level.INFO, "INVALID_AUTHN_REQUEST", data);
            response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("invalidRequestId"));
            return;
        }
        String resourceUrl = authnRequest.getRelayState();
        String baseURL = FSServiceUtils.getBaseURL(request);
        framedLoginPageURL = FSServiceUtils.getCommonLoginPageURL(metaAlias, resourceUrl, null, request, baseURL);
        String idpID = FSUtils.findPreferredIDP(realm, request);
        if (idpID == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "No Preffered IDP found in this Common Domain. " + "Try to find PrefferedIDP in other common domains");
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "RequestID :" + requestID);
            }
            redirectToCommonDomain(request, response, requestID);
            return;
        } else {
            idpDescriptor = metaManager.getIDPDescriptor(realm, idpID);
            if (idpDescriptor == null) {
                FSUtils.debug.error("FSIntersiteTransferService.doGet: " + FSUtils.bundle.getString("noTrust"));
                String[] data = { idpID };
                LogUtil.error(Level.INFO, "PROVIDER_NOT_TRUSTED", data);
                response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("noTrust"));
                return;
            }
            HttpSession session = request.getSession(true);
            session.removeAttribute(IFSConstants.SESSION_COTSET_ATTR);
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "Preffered IDP found:" + idpID);
        }
        sessionMgr.setIDPEntityID(requestID, idpID);
        // Set the authn request version here
        int minorVersion = FSServiceUtils.getMinorVersion(idpDescriptor.getProtocolSupportEnumeration());
        authnRequest.setMinorVersion(minorVersion);
        authnRequest.getAuthnContext().setMinorVersion(minorVersion);
        SPDescriptorType hostDesc = metaManager.getSPDescriptor(realm, hostEntityId);
        BaseConfigType hostConfig = metaManager.getSPDescriptorConfig(realm, hostEntityId);
        if (IDFFMetaUtils.getBooleanAttributeValueFromConfig(hostConfig, IFSConstants.ENABLE_AFFILIATION)) {
            Set affiliations = metaManager.getAffiliateEntity(realm, idpID);
            if (affiliations != null && !affiliations.isEmpty()) {
                AffiliationDescriptorType affiliateDescriptor = (AffiliationDescriptorType) affiliations.iterator().next();
                authnRequest.setAffiliationID(affiliateDescriptor.getAffiliationID());
            }
        }
        if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION && IDFFMetaUtils.getBooleanAttributeValueFromConfig(hostConfig, IFSConstants.ENABLE_IDP_PROXY)) {
            FSScoping scoping = new FSScoping();
            scoping.setProxyCount(Integer.parseInt(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.IDP_PROXY_COUNT)));
            List proxyIDPs = IDFFMetaUtils.getAttributeValueFromConfig(hostConfig, IFSConstants.IDP_PROXY_LIST);
            if (proxyIDPs != null && !proxyIDPs.isEmpty()) {
                Iterator iter = proxyIDPs.iterator();
                ArrayList list = new ArrayList();
                while (iter.hasNext()) {
                    IDPEntry entry = new IDPEntry((String) iter.next(), null, null);
                    list.add(entry);
                }
                IDPEntries entries = new IDPEntries(list);
                FSIDPList idpList = new FSIDPList(entries, null);
                scoping.setIDPList(idpList);
            }
            authnRequest.setScoping(scoping);
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "AuthnRequest:" + authnRequest.toXMLString(true, true));
        }
        if (authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_BROWSER_ART) || authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_BROWSER_POST)) {
            handleBrowserArtifactPOSTIST(request, response, authnRequest, idpDescriptor, hostDesc, hostConfig);
            return;
        } else if (authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_WML_POST)) {
            handleWMLIST(request, response, authnRequest, idpDescriptor);
            return;
        }
        FSUtils.debug.error("FSIntersiteTransferService.doGet: " + "Unknown Protocol Profile");
        String[] data = { FSUtils.bundle.getString("invalidAuthnRequest") };
        LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_REQUEST, data);
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("invalidAuthnRequest"));
        return;
    } catch (Exception e) {
        FSUtils.debug.error("FSIntersiteTransferService.doGet: ", e);
        try {
            response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("Exception"));
            return;
        } catch (IOException ioe) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSIntersiteTransferService.doGet: " + FSUtils.bundle.getString("sendFailed") + ioe.getMessage());
            }
        }
    }
}
Also used : Set(java.util.Set) HttpSession(javax.servlet.http.HttpSession) FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest) ArrayList(java.util.ArrayList) AffiliationDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType) IOException(java.io.IOException) SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType) IDPEntries(com.sun.identity.federation.message.common.IDPEntries) ServletException(javax.servlet.ServletException) FSSignatureException(com.sun.identity.federation.services.util.FSSignatureException) COTException(com.sun.identity.cot.COTException) IOException(java.io.IOException) IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType) BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) FSIDPList(com.sun.identity.federation.message.FSIDPList) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) Iterator(java.util.Iterator) FSScoping(com.sun.identity.federation.message.FSScoping) ArrayList(java.util.ArrayList) List(java.util.List) FSIDPList(com.sun.identity.federation.message.FSIDPList) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) IDPEntry(com.sun.identity.federation.message.common.IDPEntry)

Example 2 with AffiliationDescriptorType

use of com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType in project OpenAM by OpenRock.

the class FSLogoutUtil method getCurrentWorkingAccount.

/**
     * Returns the <code>FSAccountFedInfo</code> object for the given 
     * principal and provider Id.
     * @param userID principal whose working account we want to retrieve
     * @param entityID the provider Id to whom logout notification needs to 
     *  be sent
     * @param metaAlias hosted provider's meta alias
     * @return account object for the given user, provider
     */
protected static FSAccountFedInfo getCurrentWorkingAccount(String userID, String entityID, String metaAlias) {
    try {
        FSAccountManager accountInst = FSAccountManager.getInstance(metaAlias);
        if (metaManager != null) {
            try {
                String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
                Set affiliates = metaManager.getAffiliateEntity(realm, entityID);
                if (affiliates != null && !affiliates.isEmpty()) {
                    Iterator iter = affiliates.iterator();
                    while (iter.hasNext()) {
                        AffiliationDescriptorType desc = (AffiliationDescriptorType) iter.next();
                        String affiliationID = desc.getAffiliationID();
                        FSAccountFedInfo accountInfo = accountInst.readAccountFedInfo(userID, affiliationID);
                        if ((accountInfo != null) && (accountInfo.isFedStatusActive())) {
                            return accountInfo;
                        }
                    }
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSLogoutUtil.getCurrent" + "WorkingAccount: No affiliations");
                    }
                }
            } catch (Exception ex) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSLogoutUtil.getCurrentWorking" + "Account. No Affiliation for:" + entityID, ex);
                }
            }
            FSAccountFedInfo acctInfo = accountInst.readAccountFedInfo(userID, entityID);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSLogoutUtil::" + "getCurrentWorkingAccount after readAccountFedInfo");
            }
            return acctInfo;
        } else {
            return null;
        }
    } catch (Exception e) {
        FSUtils.debug.error("FSLogoutUtil::getCurrentWorkingAccount" + " readAccountFedInfo failed", e);
    }
    return null;
}
Also used : Set(java.util.Set) FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo) Iterator(java.util.Iterator) AffiliationDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType) FSAccountManager(com.sun.identity.federation.accountmgmt.FSAccountManager) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) IOException(java.io.IOException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)

Example 3 with AffiliationDescriptorType

use of com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType in project OpenAM by OpenRock.

the class IDFFMetaManager method getAffiliateEntity.

/**
     * Returns a set of Affiliation Entity Descriptors of which the
     * provider identifier is a member of.
     *
     * @param realm The realm under which the entity resides.
     * @param providerID the provider identifier.
     * @return a set of Affliation Entity Descriptors. An empty set is
     *         returned if there are no affiliation descriptors found or
     *         if there is an retrieving the descriptors.
     */
public Set getAffiliateEntity(String realm, String providerID) {
    String classMethod = "IDFFMetaManager:getAffiliateEntity:";
    Set affDescSet = new HashSet();
    if ((realm == null) || (realm.length() == 0)) {
        realm = ROOT_REALM;
    }
    try {
        Set entityIDs = getAllEntities(realm);
        if (entityIDs != null && !entityIDs.isEmpty()) {
            Iterator eIter = entityIDs.iterator();
            while (eIter.hasNext()) {
                String entityID = (String) eIter.next();
                AffiliationDescriptorType affDesc = getAffiliationDescriptor(realm, entityID);
                if (affDesc != null) {
                    String affId = affDesc.getAffiliationID();
                    if (isAffiliateMember(realm, providerID, affId)) {
                        affDescSet.add(affDesc);
                    }
                }
            }
        }
    } catch (IDFFMetaException ide) {
        if (debug.messageEnabled()) {
            debug.error(classMethod + "Error getting affiliate entities", ide);
        }
    }
    return affDescSet;
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) Iterator(java.util.Iterator) AffiliationDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType) HashSet(java.util.HashSet)

Example 4 with AffiliationDescriptorType

use of com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType in project OpenAM by OpenRock.

the class IDFFMetaManager method getAffiliationDescriptor.

/**
     * Returns the Affiliation Descriptor for the entity identifier.
     *
     * @param realm The realm under which the entity resides.
     * @param entityID Entity Identifier to retrieve Affiliation Descriptor
     *        from.
     * @return <code>AffiliationDescriptorType</code> the Affliation
     *         descriptor.
     * @throws IDFFMetaException if there is an error retreiving the
     *         affiliation.
     */
public AffiliationDescriptorType getAffiliationDescriptor(String realm, String entityID) throws IDFFMetaException {
    AffiliationDescriptorType affiliationDescriptor = null;
    EntityDescriptorElement entityDescriptor = getEntityDescriptor(realm, entityID);
    if (entityDescriptor != null) {
        affiliationDescriptor = entityDescriptor.getAffiliationDescriptor();
    }
    return affiliationDescriptor;
}
Also used : AffiliationDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType) EntityDescriptorElement(com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement)

Example 5 with AffiliationDescriptorType

use of com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType in project OpenAM by OpenRock.

the class IDFFModelImpl method isAffiliate.

/**
     * Returns true if entity descriptor is an affiliate.
     *
     * @param entityName of entity descriptor.
     * @return true if entity descriptor is an affiliate.
     * @throws AMConsoleException if entity cannot be retrieved.
     */
public boolean isAffiliate(String realm, String entityName) throws AMConsoleException {
    boolean isAffiliate = false;
    try {
        IDFFMetaManager idffManager = getIDFFMetaManager();
        AffiliationDescriptorType ad = (AffiliationDescriptorType) idffManager.getAffiliationDescriptor(realm, entityName);
        if (ad != null) {
            isAffiliate = true;
        }
    } catch (IDFFMetaException e) {
        debug.warning("IDFFModel.isAffiliate", e);
        throw new AMConsoleException(getErrorString(e));
    }
    return isAffiliate;
}
Also used : IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) AffiliationDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType) AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)

Aggregations

AffiliationDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType)9 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)5 IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)5 Iterator (java.util.Iterator)5 Set (java.util.Set)5 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)4 HashSet (java.util.HashSet)3 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)2 EntityDescriptorElement (com.sun.identity.liberty.ws.meta.jaxb.EntityDescriptorElement)2 IOException (java.io.IOException)2 ArrayList (java.util.ArrayList)2 List (java.util.List)2 COTException (com.sun.identity.cot.COTException)1 FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)1 FSAccountManager (com.sun.identity.federation.accountmgmt.FSAccountManager)1 FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)1 FSAuthnRequest (com.sun.identity.federation.message.FSAuthnRequest)1 FSIDPList (com.sun.identity.federation.message.FSIDPList)1 FSScoping (com.sun.identity.federation.message.FSScoping)1 IDPEntries (com.sun.identity.federation.message.common.IDPEntries)1