Example 1 with IDPDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType in project OpenAM by OpenRock.
the class LibertyManager method getMappedNameIdentifier.
/**
* Returns <code>NameIdentifier</code> between the IDP and
* the other SP for the same principal. This method should
* be used by the code on the hosted SP, where the user
* has logged in, and has an account linking with the IDP.
* Futhermore, the same principal has an account linking
* between his/her other (remote) SP account and the IDP
* account.
*
* @param hostedSPMetaAlias The <code>metaAlias</code> of
* the local service provider.
* @param ssoToken The session token of the logged-
* in user on the local service provider.
* @param remoteSPEntityID The entity ID of the remote
* service provider. In other words, it is the targeted
* name space for the returned name identifier.
* @return <code>NameIdentifier</code> of the same principal
* but original established between the remote SP and
* the IDP
*/
public static NameIdentifier getMappedNameIdentifier(String hostedSPMetaAlias, Object ssoToken, String remoteSPEntityID) {
String classMethod = "LibertyManager.getMappedNameIdentifier: ";
String hostedEntityID = getEntityID(hostedSPMetaAlias);
String realm = IDFFMetaUtils.getRealmByMetaAlias(hostedSPMetaAlias);
if (debug.messageEnabled()) {
debug.message("NameMappingRequester: hostedEntityID=" + hostedEntityID);
}
SPDescriptorType hostedDescriptor = null;
BaseConfigType hostedConfig = null;
try {
hostedDescriptor = metaManager.getSPDescriptor(realm, hostedEntityID);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityID);
} catch (IDFFMetaException ie) {
debug.error(classMethod + "couldn't obtain hosted meta:", ie);
return null;
}
String userID = null;
try {
userID = SessionManager.getProvider().getPrincipalName(ssoToken);
} catch (SessionException ssoe) {
debug.error("SessionException caught when trying to " + "get user DN from session token:", ssoe);
return null;
}
if (debug.messageEnabled()) {
debug.message(classMethod + "userID=" + userID);
}
FSNameMappingHandler handler = new FSNameMappingHandler(hostedEntityID, hostedDescriptor, hostedConfig, hostedSPMetaAlias);
NameIdentifier ni = null;
if (debug.messageEnabled()) {
debug.message(classMethod + "targetNamespace (remoteSPEntityID)=" + remoteSPEntityID);
}
FSSessionManager sMgr = FSSessionManager.getInstance(hostedSPMetaAlias);
FSSession sess = null;
if (sMgr != null) {
sess = sMgr.getSession(ssoToken);
}
FSSessionPartner partner = null;
if (sess != null) {
partner = sess.getCurrentSessionPartner();
} else {
debug.error(classMethod + "session is null");
return null;
}
String remoteIDPEntityID = null;
if (partner != null) {
remoteIDPEntityID = partner.getPartner();
}
if (debug.messageEnabled()) {
debug.message(classMethod + "Remote IDP EntityID = " + remoteIDPEntityID);
}
try {
ni = handler.getNameIdentifier(userID, remoteIDPEntityID, true);
} catch (Exception e) {
debug.error(classMethod + "Exception caught when trying to get Name " + "Identifier between local SP and remote IDP: ", e);
return null;
}
if (debug.messageEnabled()) {
debug.message(classMethod + "Name Identifier between local SP and " + " remote IDP: " + ni.toString());
}
FSNameIdentifierMappingRequest mappingRequest = null;
try {
mappingRequest = new FSNameIdentifierMappingRequest(hostedEntityID, ni, remoteSPEntityID);
} catch (com.sun.identity.federation.message.common.FSMsgException fe) {
debug.error(classMethod, fe);
return null;
}
if (FSServiceUtils.isSigningOn()) {
try {
mappingRequest.signXML(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS));
} catch (SAMLException se) {
debug.error(classMethod, se);
return null;
}
}
IDPDescriptorType remoteProviderDesc = null;
try {
remoteProviderDesc = metaManager.getIDPDescriptor(realm, remoteIDPEntityID);
} catch (IDFFMetaException fme1) {
debug.error(classMethod, fme1);
return null;
}
String remoteSOAPEndPoint = remoteProviderDesc.getSoapEndpoint();
if (debug.messageEnabled()) {
debug.message(classMethod + "IDP's soap end point=" + remoteSOAPEndPoint);
}
FSSOAPService soapService = FSSOAPService.getInstance();
SOAPMessage returnMsg = null;
try {
SOAPMessage msg = soapService.bind(mappingRequest.toXMLString(true, true));
returnMsg = soapService.sendMessage(msg, remoteSOAPEndPoint);
} catch (FSMsgException mex) {
debug.error(classMethod, mex);
return null;
} catch (java.io.IOException ioe) {
debug.error(classMethod, ioe);
return null;
} catch (javax.xml.soap.SOAPException soape) {
debug.error(classMethod, soape);
return null;
}
Element elt = soapService.parseSOAPMessage(returnMsg);
FSNameIdentifierMappingResponse mappingResponse = null;
try {
mappingResponse = new FSNameIdentifierMappingResponse(elt);
} catch (FSMsgException fme2) {
debug.error(classMethod, fme2);
return null;
}
if (debug.messageEnabled()) {
String resStr = null;
try {
resStr = mappingResponse.toXMLString();
} catch (FSMsgException fme3) {
debug.error(classMethod, fme3);
return null;
}
debug.message(classMethod + "NameIdentifierMappingResponse: " + resStr);
}
if (FSServiceUtils.isSigningOn()) {
if (FSNameMappingHandler.verifyNameIdMappingResponseSignature(elt, returnMsg, realm)) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Success in verifying Name Identifier Mapping" + " Response Signature");
}
} else {
debug.error(classMethod + "Failed verifying Name Identifier Mapping " + "Response");
return null;
}
}
return mappingResponse.getNameIdentifier();
}
Also used :
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
FSSOAPService(com.sun.identity.federation.services.FSSOAPService)
SAMLException(com.sun.identity.saml.common.SAMLException)
SOAPMessage(javax.xml.soap.SOAPMessage)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSNameIdentifierMappingResponse(com.sun.identity.federation.message.FSNameIdentifierMappingResponse)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
COTException(com.sun.identity.cot.COTException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSLoginHelperException(com.sun.identity.federation.services.FSLoginHelperException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
FSNameMappingHandler(com.sun.identity.federation.services.namemapping.FSNameMappingHandler)
FSNameIdentifierMappingRequest(com.sun.identity.federation.message.FSNameIdentifierMappingRequest)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
Example 2 with IDPDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType in project OpenAM by OpenRock.
the class FSIDPFinderService method doGet.
/**
* Gets <code>IDP</code> from common domain and sends proxy authentication
* request to the <code>IDP</code>.
* @param request <code>HttpServletRequest</code> object
* @param response <code>HttpServletResponse</code> object
* @exception ServletException, IOException if error occurred.
*/
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
if (request == null || response == null) {
FSUtils.debug.error("FSIDPFinderService.doGet:: Null Input");
return;
}
FSUtils.debug.message("FSIDPFinderService.doGet::Init");
String entityID = request.getParameter("ProviderID");
String requestID = request.getParameter("RequestID");
String realm = request.getParameter("Realm");
if (entityID == null || requestID == null || realm == null) {
FSUtils.debug.error("FSIDPFinderService.doGet:: Request is missing" + "either ProviderID or the RequestID");
throw new ServletException("invalidRequest");
}
String idpID = null;
try {
idpID = getCommonDomainIDP(request, response, realm, entityID, requestID);
} catch (FSRedirectException fe) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFinderService.doGet:Redirection" + " has happened");
}
return;
}
String hostMetaAlias = null;
BaseConfigType hostConfig = null;
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
try {
if (metaManager != null) {
hostConfig = metaManager.getIDPDescriptorConfig(realm, entityID);
if (hostConfig != null) {
hostMetaAlias = hostConfig.getMetaAlias();
}
}
} catch (IDFFMetaException ie) {
FSUtils.debug.error("FSIDPFinderService.doGet:: Failure in " + "getting proxying hosted meta:", ie);
return;
}
FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
FSAuthnRequest authnReq = sessionManager.getAuthnRequest(requestID);
// is same as the local provider then do a local login.
if (idpID == null || idpID.equals(entityID)) {
String loginURL = getLoginURL(authnReq, realm, entityID, request);
if (loginURL == null) {
FSUtils.debug.error("FSIDPFinderService.doGet : login url" + " is null");
return;
}
response.setHeader("Location", loginURL);
response.sendRedirect(loginURL);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIDPFinderService.doGet:IDP to be proxied:" + idpID);
}
// Now proxy the authentication request to the preferred IDP.
try {
FSProxyHandler handler = new FSProxyHandler(request, response);
handler.setHostedEntityId(entityID);
IDPDescriptorType hostDesc = null;
SPDescriptorType origSPDesc = null;
if (metaManager != null) {
hostDesc = metaManager.getIDPDescriptor(realm, entityID);
origSPDesc = metaManager.getSPDescriptor(realm, authnReq.getProviderId());
}
handler.setSPDescriptor(origSPDesc);
handler.setHostedDescriptor(hostDesc);
handler.setHostedDescriptorConfig(hostConfig);
handler.setMetaAlias(hostMetaAlias);
handler.setRealm(realm);
handler.sendProxyAuthnRequest(authnReq, idpID);
} catch (IDFFMetaException ie) {
FSUtils.debug.error("FSIDPFinderService.doGet:: Failure in " + "getting proxying hosted meta:", ie);
} catch (FSException fe) {
FSUtils.debug.error("FSIDPFinderService.doGet:: Failure in " + "sending the proxy authentication request.", fe);
}
}
}
Also used :
ServletException(javax.servlet.ServletException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest)
FSException(com.sun.identity.federation.common.FSException)
FSRedirectException(com.sun.identity.federation.common.FSRedirectException)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
Example 3 with IDPDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType in project OpenAM by OpenRock.
the class FSIntersiteTransferService method doGet.
/**
* Generates <code>AuthnRequest</code> and sends it to <code>IDP</code>.
* @param request <code>HttpServletRequest</code> object
* @param response <code>HttpServletResponse</code> object
* @exception ServletException,IOException if error occurred
*/
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
FSUtils.debug.message("FSIntersiteTransferService.doGet: Called");
/**
* Check to see if there is a need to set lb cookie.
* This is for the use case that AuthnRequest is not created by the
* preLogin process and lb cookie wasn't set there.
*/
if (FSUtils.needSetLBCookieAndRedirect(request, response, false)) {
return;
}
try {
IDPDescriptorType idpDescriptor = null;
String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
if (metaAlias == null || metaAlias.length() == 0) {
metaAlias = FSServiceUtils.getMetaAlias(request);
}
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
String hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
if ((request == null) || (response == null)) {
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
return;
}
String qs = request.getQueryString();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "QueryString Received from CommonDomain: " + qs);
}
String requestID = findRequestID(request);
if (requestID == null) {
//throw error page
FSUtils.debug.error("FSIntersiteTransferService.doGet: " + FSUtils.bundle.getString("nullInputParameter"));
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
return;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "RequestID found: " + requestID);
}
FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
FSAuthnRequest authnRequest = sessionMgr.getAuthnRequest(requestID);
if (authnRequest == null) {
FSUtils.debug.error("FSIntersiteTransferService.doGet: " + FSUtils.bundle.getString("invalidRequestId"));
String[] data = { FSUtils.bundle.getString("invalidRequestId") };
LogUtil.error(Level.INFO, "INVALID_AUTHN_REQUEST", data);
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("invalidRequestId"));
return;
}
String resourceUrl = authnRequest.getRelayState();
String baseURL = FSServiceUtils.getBaseURL(request);
framedLoginPageURL = FSServiceUtils.getCommonLoginPageURL(metaAlias, resourceUrl, null, request, baseURL);
String idpID = FSUtils.findPreferredIDP(realm, request);
if (idpID == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "No Preffered IDP found in this Common Domain. " + "Try to find PrefferedIDP in other common domains");
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "RequestID :" + requestID);
}
redirectToCommonDomain(request, response, requestID);
return;
} else {
idpDescriptor = metaManager.getIDPDescriptor(realm, idpID);
if (idpDescriptor == null) {
FSUtils.debug.error("FSIntersiteTransferService.doGet: " + FSUtils.bundle.getString("noTrust"));
String[] data = { idpID };
LogUtil.error(Level.INFO, "PROVIDER_NOT_TRUSTED", data);
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("noTrust"));
return;
}
HttpSession session = request.getSession(true);
session.removeAttribute(IFSConstants.SESSION_COTSET_ATTR);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "Preffered IDP found:" + idpID);
}
sessionMgr.setIDPEntityID(requestID, idpID);
// Set the authn request version here
int minorVersion = FSServiceUtils.getMinorVersion(idpDescriptor.getProtocolSupportEnumeration());
authnRequest.setMinorVersion(minorVersion);
authnRequest.getAuthnContext().setMinorVersion(minorVersion);
SPDescriptorType hostDesc = metaManager.getSPDescriptor(realm, hostEntityId);
BaseConfigType hostConfig = metaManager.getSPDescriptorConfig(realm, hostEntityId);
if (IDFFMetaUtils.getBooleanAttributeValueFromConfig(hostConfig, IFSConstants.ENABLE_AFFILIATION)) {
Set affiliations = metaManager.getAffiliateEntity(realm, idpID);
if (affiliations != null && !affiliations.isEmpty()) {
AffiliationDescriptorType affiliateDescriptor = (AffiliationDescriptorType) affiliations.iterator().next();
authnRequest.setAffiliationID(affiliateDescriptor.getAffiliationID());
}
}
if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION && IDFFMetaUtils.getBooleanAttributeValueFromConfig(hostConfig, IFSConstants.ENABLE_IDP_PROXY)) {
FSScoping scoping = new FSScoping();
scoping.setProxyCount(Integer.parseInt(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.IDP_PROXY_COUNT)));
List proxyIDPs = IDFFMetaUtils.getAttributeValueFromConfig(hostConfig, IFSConstants.IDP_PROXY_LIST);
if (proxyIDPs != null && !proxyIDPs.isEmpty()) {
Iterator iter = proxyIDPs.iterator();
ArrayList list = new ArrayList();
while (iter.hasNext()) {
IDPEntry entry = new IDPEntry((String) iter.next(), null, null);
list.add(entry);
}
IDPEntries entries = new IDPEntries(list);
FSIDPList idpList = new FSIDPList(entries, null);
scoping.setIDPList(idpList);
}
authnRequest.setScoping(scoping);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + "AuthnRequest:" + authnRequest.toXMLString(true, true));
}
if (authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_BROWSER_ART) || authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_BROWSER_POST)) {
handleBrowserArtifactPOSTIST(request, response, authnRequest, idpDescriptor, hostDesc, hostConfig);
return;
} else if (authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_WML_POST)) {
handleWMLIST(request, response, authnRequest, idpDescriptor);
return;
}
FSUtils.debug.error("FSIntersiteTransferService.doGet: " + "Unknown Protocol Profile");
String[] data = { FSUtils.bundle.getString("invalidAuthnRequest") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_REQUEST, data);
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("invalidAuthnRequest"));
return;
} catch (Exception e) {
FSUtils.debug.error("FSIntersiteTransferService.doGet: ", e);
try {
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("Exception"));
return;
} catch (IOException ioe) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSIntersiteTransferService.doGet: " + FSUtils.bundle.getString("sendFailed") + ioe.getMessage());
}
}
}
}
Also used :
Set(java.util.Set)
HttpSession(javax.servlet.http.HttpSession)
FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest)
ArrayList(java.util.ArrayList)
AffiliationDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType)
IOException(java.io.IOException)
SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)
IDPEntries(com.sun.identity.federation.message.common.IDPEntries)
ServletException(javax.servlet.ServletException)
FSSignatureException(com.sun.identity.federation.services.util.FSSignatureException)
COTException(com.sun.identity.cot.COTException)
IOException(java.io.IOException)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSIDPList(com.sun.identity.federation.message.FSIDPList)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
Iterator(java.util.Iterator)
FSScoping(com.sun.identity.federation.message.FSScoping)
ArrayList(java.util.ArrayList)
List(java.util.List)
FSIDPList(com.sun.identity.federation.message.FSIDPList)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
IDPEntry(com.sun.identity.federation.message.common.IDPEntry)
Example 4 with IDPDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType in project OpenAM by OpenRock.
the class FSSSOAndFedService method handleAuthnRequest.
private void handleAuthnRequest(HttpServletRequest request, HttpServletResponse response, FSAuthnRequest authnRequest, String realm, String hostEntityId, boolean bLECP, String authnContext) {
// post authn process
FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: Called");
IDPDescriptorType hostedDesc = null;
BaseConfigType hostedConfig = null;
String metaAlias = null;
try {
hostedDesc = metaManager.getIDPDescriptor(realm, hostEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
if (hostedConfig != null) {
metaAlias = hostedConfig.getMetaAlias();
}
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: " + "Couldn't obtain hosted meta:", e);
}
}
/* Not really useful.
String nameRegisDone =
request.getParameter(IFSConstants.NAMEREGIS_INDICATOR_PARAM);
boolean doNameRegis = false;
String doNameRegisStr =
IDFFMetaUtils.getFirstAttributeValueFromConfig(
hostedConfig, IFSConstants.ENABLE_REGISTRATION_AFTER_SSO);
if (doNameRegisStr != null && doNameRegisStr.equalsIgnoreCase("true")) {
doNameRegis = true;
}
*/
Object ssoToken = null;
String userID = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
if (ssoToken == null) {
FSUtils.debug.error("FSSSOAndFedService.handleAuthnRequest: " + "session token is null.");
return;
} else if (!sessionProvider.isValid(ssoToken)) {
FSUtils.debug.error("FSSSOAndFedService.handleAuthnRequest: " + "session token is not valid.");
return;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedService.handleAuthnRequest: " + "session token is valid.");
}
}
FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
FSSession session = sessionManager.getSession(ssoToken);
userID = sessionProvider.getPrincipalName(ssoToken);
if (session == null) {
session = new FSSession(sessionProvider.getSessionID(ssoToken));
session.setAuthnContext(authnContext);
sessionManager.addSession(userID, session);
} else {
session.setAuthnContext(authnContext);
}
} catch (SessionException se) {
FSUtils.debug.error("FSSSOAndFedService.handleAuthnRequest: ", se);
return;
}
try {
if (userID == null) {
LogUtil.error(Level.INFO, LogUtil.USER_NOT_FOUND, null, ssoToken);
return;
}
String remoteEntityID = authnRequest.getProviderId();
FSAccountManager acctMng = FSAccountManager.getInstance(metaAlias);
acctMng.readAccountFedInfo(userID, remoteEntityID);
/* Not useful at all. Commented out for now.
if (doNameRegis &&
(nameRegisDone == null ||
!nameRegisDone.equals(IFSConstants.TRUE)) &&
!authnRequest.getFederate())
{
// have to do nameregis now
Map queryMap = new HashMap();
queryMap.put(IFSConstants.AUTH_REQUEST_ID,
authnRequest.getRequestID());
queryMap.put(IFSConstants.PROVIDER_ID_KEY,hostEntityId);
queryMap.put(IFSConstants.AUTHN_CONTEXT,authnContext);
FSServiceManager instSManager = FSServiceManager.getInstance();
if (instSManager != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message(
"FSSSOAndFedService.handleAuthnRequest:" +
"FSServiceManager Instance not null");
}
try {
FSNameRegistrationHandler handlerObj =
instSManager.getNameRegistrationHandler(
realm, remoteEntityID, IFSConstants.SP);
SPDescriptorType remoteProviderDesc =
metaManager.getSPDescriptor(realm,remoteEntityID);
if (handlerObj != null) {
handlerObj.setHostedDescriptor(hostedDesc);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setMetaAlias(metaAlias);
handlerObj.setHostedEntityId(hostEntityId);
handlerObj.handleNameRegistration(
request,
response,
ssoToken,
(HashMap)queryMap);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message(
"FSSSOAndFedService.handleAuthnRequest:" +
"Control returned from name registration");
}
if (!FSServiceUtils.isRegisProfileSOAP(userID,
remoteEntityID,
remoteProviderDesc,
metaAlias,
hostedDesc))
{
return;
}
}
} catch (Exception ex){
FSUtils.debug.error(
"FSSSOAndFedService.handleAuthnRequest:Error in " +
"invoking Name registration. returning.", ex);
return;
}
}
}
*/
} catch (FSAccountMgmtException exp) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedService:: handleAuthnRequest()" + " No account information avialable for user. " + "So no invocation " + " of name registration. ", exp);
}
}
handleAuthnRequest(request, response, authnRequest, true, bLECP, realm, hostEntityId, metaAlias, hostedDesc, hostedConfig);
}
Also used :
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
FSAccountManager(com.sun.identity.federation.accountmgmt.FSAccountManager)
ServletException(javax.servlet.ServletException)
SOAPException(javax.xml.soap.SOAPException)
SessionException(com.sun.identity.plugin.session.SessionException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 5 with IDPDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType in project OpenAM by OpenRock.
the class FSSSOAndFedService method doGet.
/**
* Processes single sign on request.
* @param request <code>HttpServletRequest</code> object
* @param response <code>HttpServletResponse</code> object
* @exception ServletException, IOException if an error occurred
*/
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
FSUtils.debug.message("FSSSOAndFedService.doGet: Called");
if ((request == null) || (response == null)) {
FSUtils.debug.error("FSSSOAndFedService: " + FSUtils.bundle.getString("nullInputParameter"));
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
return;
}
if (FSUtils.needSetLBCookieAndRedirect(request, response, true)) {
return;
}
// check for post authn
boolean bPostAuthn = false;
boolean bLECP = false;
String authnIndicator = request.getParameter(IFSConstants.AUTHN_INDICATOR_PARAM);
if (authnIndicator == null) {
FSUtils.debug.message("FSSSOAndFedService.doGet:Pre Authentication SSO");
bPostAuthn = false;
} else {
FSUtils.debug.message("FSSSOAndFedService.doGet:Post Authentication SSO");
bPostAuthn = true;
String lecpIndicator = request.getParameter(IFSConstants.LECP_INDICATOR_PARAM);
if (lecpIndicator == null) {
FSUtils.debug.message("FSSSOAndFedService.doGet:non LECP request");
bLECP = false;
} else {
FSUtils.debug.message("FSSSOAndFedService.doGet:post Authn LECP request");
bLECP = true;
}
//Start Change
String requestId = request.getParameter(IFSConstants.AUTH_REQUEST_ID);
String hostEntityId = request.getParameter(IFSConstants.PROVIDER_ID_KEY);
String authnContext = request.getParameter(IFSConstants.AUTHN_CONTEXT);
String realm = request.getParameter(IFSConstants.REALM);
String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
FSSessionManager sessionService = FSSessionManager.getInstance(metaAlias);
FSAuthnRequest authnRequest = sessionService.getAuthnRequest(requestId);
if (authnRequest == null) {
FSUtils.debug.message("FSSSOAndFedService.doGet: authnRequest is null");
}
if ((authnContext == null) || (authnContext.length() == 0)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedService.doGet: authnContext is null. " + "Using default password");
}
authnContext = IFSConstants.DEFAULT_AUTHNCONTEXT_PASSWORD;
}
//End Change
if (authnRequest != null && realm != null && realm.length() != 0 && hostEntityId != null && hostEntityId.length() != 0 && authnContext != null && authnContext.length() != 0) {
handleAuthnRequest(request, response, authnRequest, realm, hostEntityId, bLECP, authnContext);
return;
} else {
FSUtils.debug.error("FSSSOAndFedService.doGet: " + "AuthnRequest not found in FSSessionManager");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInput"));
return;
}
}
// obtain AuthnRequest message
//decode and create FSAuthnRequest object
FSAuthnRequest authnRequest = null;
try {
authnRequest = FSAuthnRequest.parseURLEncodedRequest(request);
if (authnRequest == null) {
FSUtils.debug.error("FSSSOAndFedService: " + FSUtils.bundle.getString("invalidAuthnRequest"));
String[] data = { FSUtils.bundle.getString("invalidAuthnRequest") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_REQUEST, data);
response.sendError(response.SC_BAD_REQUEST, FSUtils.bundle.getString("invalidAuthnRequest"));
return;
}
} catch (FSException e) {
FSUtils.debug.error("FSSSOAndFedService: " + FSUtils.bundle.getString("invalidAuthnRequest") + ", queryString=" + request.getQueryString(), e);
String[] data = { FSUtils.bundle.getString("invalidAuthnRequest") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_REQUEST, data);
response.sendError(response.SC_BAD_REQUEST, FSUtils.bundle.getString("invalidAuthnRequest"));
return;
}
String metaAlias = null;
String realm = null;
String hostEntityId = null;
IDPDescriptorType hostedDesc = null;
BaseConfigType hostedConfig = null;
try {
metaAlias = FSServiceUtils.getMetaAlias(request);
realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
hostedDesc = metaManager.getIDPDescriptor(realm, hostEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedService: couldn't obtain hosted entity id:", e);
}
}
handleAuthnRequest(request, response, authnRequest, bPostAuthn, bLECP, realm, hostEntityId, metaAlias, hostedDesc, hostedConfig);
return;
}
Also used :
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest)
FSException(com.sun.identity.federation.common.FSException)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
ServletException(javax.servlet.ServletException)
SOAPException(javax.xml.soap.SOAPException)
SessionException(com.sun.identity.plugin.session.SessionException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
Aggregations
IDPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)20
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)13
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)13
FSException (com.sun.identity.federation.common.FSException)11
FSAuthnRequest (com.sun.identity.federation.message.FSAuthnRequest)11
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)10
IOException (java.io.IOException)10
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)8
FSSessionManager (com.sun.identity.federation.services.FSSessionManager)8
SessionException (com.sun.identity.plugin.session.SessionException)8
ServletException (javax.servlet.ServletException)8
SPDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType)7
Iterator (java.util.Iterator)7
Set (java.util.Set)7
HashSet (java.util.HashSet)6
COTException (com.sun.identity.cot.COTException)5
SAMLException (com.sun.identity.saml.common.SAMLException)5
List (java.util.List)5
SOAPException (javax.xml.soap.SOAPException)5
ArrayList (java.util.ArrayList)4
