use of com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType in project OpenAM by OpenRock.
the class FSLogoutUtil method getLogoutGETProviders.
/**
* Returns the list of all providers who want to be
* notified of logout using HTTP GET profile.
* @param userID principal who needs to be logged out
* @param entityId current provider who uses HTTP GET profile for logout
* @param sessionIndex for the current provider
* @param realm the realm in which the provider resides
* @param metaAlias the hosted provider performing logout
* @return HashMap list of providers who indicate preference to be notified
* of logout using GET profile
*/
protected static HashMap getLogoutGETProviders(String userID, String entityId, String sessionIndex, String realm, String metaAlias) {
try {
FSUtils.debug.message("Entered FSLogoutUtil::getLogoutGETProviders");
HashMap retMap = new HashMap();
Vector providerVector = new Vector();
HashMap sessionProvider = new HashMap();
providerVector.addElement(entityId);
sessionProvider.put(entityId, sessionIndex);
FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
synchronized (sessionMgr) {
FSUtils.debug.message("About to call getSessionList");
List sessionList = sessionMgr.getSessionList(userID);
if (sessionList != null && !sessionList.isEmpty()) {
FSUtils.debug.message("Session List is not empty");
Iterator iSessionIter = sessionList.iterator();
FSSession sessionObj;
while (iSessionIter.hasNext()) {
sessionObj = (FSSession) iSessionIter.next();
if ((sessionObj.getSessionPartners()).isEmpty()) {
continue;
} else {
String nSessionIndex = sessionObj.getSessionIndex();
List sessionPartners = sessionObj.getSessionPartners();
Iterator iPartnerIter = sessionPartners.iterator();
FSSessionPartner sessionPartner;
while (iPartnerIter.hasNext()) {
sessionPartner = (FSSessionPartner) iPartnerIter.next();
// Only SP can specify GET profile for logout
if (!sessionPartner.getIsRoleIDP()) {
String curEntityId = sessionPartner.getPartner();
ProviderDescriptorType curDesc = metaManager.getSPDescriptor(realm, curEntityId);
if (curDesc != null) {
List profiles = curDesc.getSingleLogoutProtocolProfile();
if (profiles != null && !profiles.isEmpty()) {
if (((String) profiles.iterator().next()).equals(IFSConstants.LOGOUT_IDP_GET_PROFILE)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("provider " + curEntityId + " Added for GET");
}
providerVector.addElement(curEntityId);
sessionProvider.put(curEntityId, nSessionIndex);
}
}
}
}
}
}
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Session List is empty, returning " + "current provider from getLogoutGETProviders");
}
}
retMap.put(IFSConstants.PROVIDER, providerVector);
retMap.put(IFSConstants.SESSION_INDEX, sessionProvider);
return retMap;
}
} catch (IDFFMetaException e) {
FSUtils.debug.error("IDFFMetaException in function " + " getLogoutGETProviders", e);
return null;
}
}
use of com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType in project OpenAM by OpenRock.
the class EncryptedNameIdentifier method getEncryptedNameIdentifier.
/**
* Returns the <code>EncryptedNameIdentifier</code> for a given name
* identifier and the provider ID.
*
* @param ni the <code>NameIdentifier</code> object.
* @param realm The realm under which the entity resides.
* @param providerID the remote provider identifier.
* @return the <code>NameIdentifier</code> object.
* @throws FSException on error.
*/
public static NameIdentifier getEncryptedNameIdentifier(NameIdentifier ni, String realm, String providerID) throws FSException {
if (ni == null || providerID == null) {
FSUtils.debug.error("EncryptedNameIdentifier.construct: " + "nullInputParameter");
throw new FSException("nullInputParameter", null);
}
ProviderDescriptorType providerDesc = null;
try {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager != null) {
providerDesc = metaManager.getSPDescriptor(realm, providerID);
if (providerDesc == null) {
providerDesc = metaManager.getIDPDescriptor(realm, providerID);
}
}
if (providerDesc == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException ae) {
FSUtils.debug.error("EncryptedNameIdentifier.construct: Could" + "not retrieve the meta for provider" + providerID);
throw new FSException(ae);
}
EncInfo encInfo = KeyUtil.getEncInfo(providerDesc, providerID, false);
return getEncryptedNameIdentifier(ni, providerID, encInfo.getWrappingKey(), encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength());
}
use of com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType in project OpenAM by OpenRock.
the class FSTerminationRequestServlet method doGetPost.
/**
* Handles termination request.
* @param request <code>HttpServletRequest</code> object that contains the
* request the client has made of the servlet.
* @param response <code>HttpServletResponse</code> object that contains
* the response the servlet sends to the client.
* @exception IOException if the request could not be handled
*/
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// Alias processing
String providerAlias = FSServiceUtils.getMetaAlias(request);
if (providerAlias == null || providerAlias.length() < 1) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to retrieve alias, Hosted " + "Provider. Cannot process request");
}
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("aliasNotFound"));
return;
}
if (metaManager == null) {
FSUtils.debug.error("Cannot retrieve hosted descriptor. Cannot process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
return;
}
ProviderDescriptorType hostedProviderDesc = null;
BaseConfigType hostedConfig = null;
String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
String hostedEntityId = null;
String hostedProviderRole = null;
try {
hostedProviderRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.IDP)) {
hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
} else if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
}
if (hostedProviderDesc == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException eam) {
FSUtils.debug.error("Unable to find Hosted Provider. not process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
return;
}
this.request = request;
setTerminationURL(hostedConfig, providerAlias);
FSFederationTerminationNotification fedTermObj = new FSFederationTerminationNotification();
try {
fedTermObj = FSFederationTerminationNotification.parseURLEncodedRequest(request);
} catch (FSMsgException e) {
FSServiceUtils.showErrorPage(response, commonErrorPage, IFSConstants.TERMINATION_REQUEST_IMPROPER, IFSConstants.TERMINATION_LOCAL_FAILED);
return;
} catch (SAMLException e) {
FSServiceUtils.showErrorPage(response, commonErrorPage, IFSConstants.TERMINATION_REQUEST_IMPROPER, IFSConstants.TERMINATION_LOCAL_FAILED);
return;
}
if (fedTermObj == null) {
FSServiceUtils.showErrorPage(response, commonErrorPage, IFSConstants.TERMINATION_REQUEST_IMPROPER, IFSConstants.TERMINATION_LOCAL_FAILED);
} else {
doRequestProcessing(request, response, hostedProviderDesc, hostedConfig, hostedProviderRole, realm, hostedEntityId, providerAlias, fedTermObj);
}
return;
}
use of com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType in project OpenAM by OpenRock.
the class SingleLogoutManager method sendLogoutResponse.
/**
* Sends logout response, this is for the case of HTTP binding
* There are two cases here:
* 1. IDP initiated HTTP Logout, just redirect user browser to original
* relaystate.
* 2. SP initiated HTTP logout, need to send LogoutResponse back to SP.
*/
void sendLogoutResponse(HttpServletRequest request, HttpServletResponse response, String relayState) throws IOException {
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutResponse: relaystate=" + relayState);
}
String logoutResponseXML = (String) sloResponseXMLMap.get(relayState);
if (logoutResponseXML == null) {
// first case, just redirect to original relayState
String origRelayState = (String) relayStateMap.get(relayState);
int logoutStatus = ((Integer) currentStatusMap.get(relayState)).intValue();
String statusString = MultiProtocolUtils.getLogoutStatus(logoutStatus);
if ((origRelayState == null) || (origRelayState.length() == 0)) {
// TODO : get default single logout URL for each protocol
response.getWriter().print("Logout DONE. Status = " + statusString);
} else {
// include logout status
if (origRelayState.indexOf("?") == -1) {
response.sendRedirect(origRelayState + "?" + SingleLogoutManager.STATUS_PARAM + "=" + statusString);
} else {
response.sendRedirect(origRelayState + "&" + SingleLogoutManager.STATUS_PARAM + "=" + statusString);
}
}
} else {
String protocol = (String) origProtocolMap.get(relayState);
String spEntityID = (String) spEntityIDMap.get(relayState);
String origRelayState = (String) relayStateMap.get(relayState);
String realm = (String) realmMap.get(relayState);
String idpEntityID = (String) idpEntityIDMap.get(relayState);
int currentStatus = ((Integer) currentStatusMap.get(relayState)).intValue();
if (protocol.equals(SingleLogoutManager.SAML2)) {
try {
LogoutResponse logResp = ProtocolFactory.getInstance().createLogoutResponse(logoutResponseXML);
String location = logResp.getDestination();
String statusVal = logResp.getStatus().getStatusCode().getValue();
String newVal = getNewStatusCode(currentStatus, statusVal);
if (!statusVal.equals(newVal)) {
logResp.getStatus().getStatusCode().setValue(statusVal);
}
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "(SAML2) location=" + location + " orig status=" + statusVal + ", new status=" + newVal + ", orig relay=" + origRelayState + ", realm=" + realm + ", idpEntityID=" + idpEntityID + ", spEntityID=" + spEntityID);
}
LogoutUtil.sendSLOResponse(response, logResp, location, origRelayState, realm, idpEntityID, SAML2Constants.IDP_ROLE, spEntityID);
} catch (SAML2Exception ex) {
debug.error("SingleLogoutManager.sendLogoutResponse:saml2", ex);
throw new IOException(ex.getMessage());
}
} else if (protocol.equals(SingleLogoutManager.IDFF)) {
boolean failed = false;
String logoutDoneURL = null;
try {
debug.message("SingleLogoutManager.sendLogoutResp: IDFF");
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
ProviderDescriptorType descriptor = metaManager.getSPDescriptor(realm, spEntityID);
String retURL = descriptor.getSingleLogoutServiceReturnURL();
Element elem = XMLUtils.toDOMDocument(logoutResponseXML, SingleLogoutManager.debug).getDocumentElement();
FSLogoutResponse responseLogout = new FSLogoutResponse(elem);
BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, idpEntityID);
logoutDoneURL = FSServiceUtils.getLogoutDonePageURL(request, hostedConfig, null);
Status status = responseLogout.getStatus();
String statusVal = status.getStatusCode().getValue();
String newVal = getNewStatusCode(currentStatus, statusVal);
if (!statusVal.equals(newVal)) {
com.sun.identity.saml.protocol.StatusCode statCode = new com.sun.identity.saml.protocol.StatusCode(newVal);
com.sun.identity.saml.protocol.Status stat = new com.sun.identity.saml.protocol.Status(statCode);
responseLogout.setStatus(stat);
}
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "(IDFF) orig status=" + statusVal + ", new status=" + newVal + ", orig relay=" + origRelayState + ", logout done URL=" + logoutDoneURL + ", realm=" + realm + ", idpEntityID=" + idpEntityID + ", spEntityID=" + spEntityID);
}
String urlEncodedResponse = responseLogout.toURLEncodedQueryString();
// Sign the request querystring
if (FSServiceUtils.isSigningOn()) {
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null || certAlias.length() == 0) {
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "signSAMLRequest couldn't obtain cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
} else {
urlEncodedResponse = FSSignatureUtil.signAndReturnQueryString(urlEncodedResponse, certAlias);
}
}
StringBuffer redirectURL = new StringBuffer();
redirectURL.append(retURL);
if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
redirectURL.append(IFSConstants.QUESTION_MARK);
} else {
redirectURL.append(IFSConstants.AMPERSAND);
}
redirectURL.append(urlEncodedResponse);
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendResponse " + "for IDFF, url = " + redirectURL.toString());
}
response.sendRedirect(redirectURL.toString());
} catch (FSMsgException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
} catch (SAMLException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
;
} catch (IDFFMetaException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
} catch (IOException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
}
if (failed) {
FSServiceUtils.returnLocallyAfterOperation(response, logoutDoneURL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
}
} else if (protocol.equals(SingleLogoutManager.WS_FED)) {
debug.message("SingleLogoutManager.sendLogoutResponse: WSFED");
if (origRelayState != null) {
response.sendRedirect(origRelayState);
} else {
response.getWriter().print("Logout DONE.");
}
} else {
// should never come here
debug.error("SingleLogoutManager.sendLogoutResponse: invalid" + " protocol : " + protocol);
}
}
cleanupParameters(relayState);
return;
}
use of com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType in project OpenAM by OpenRock.
the class IDFFSingleLogoutHandler method handleSOAPInitiatedSingleLogout.
private int handleSOAPInitiatedSingleLogout(Set userSession, String userID, HttpServletRequest request, HttpServletResponse response, String realm, String idpMetaAlias, String idpEntityId, String relayState, IDFFMetaManager metaManager) throws Exception {
// TODO : verify this works under LB
Object ssoToken = null;
if ((userSession != null) && !userSession.isEmpty()) {
// TODO : handle multiple SSO token case
ssoToken = (Object) userSession.iterator().next();
} else {
FSSessionManager manager = FSSessionManager.getInstance(idpMetaAlias);
List sessions = manager.getSessionList(userID);
if ((sessions != null) && !sessions.isEmpty()) {
// TODO : handle multiple SSO token case
ssoToken = sessions.iterator().next();
} else {
return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
}
}
// call Single Logout Handler
FSUtils.debug.message("creating FSSingleLogoutHandler");
HashMap providerMap = FSLogoutUtil.getCurrentProvider(userID, idpEntityId, ssoToken);
if (providerMap != null) {
FSSessionPartner currentSessionProvider = (FSSessionPartner) providerMap.get(IFSConstants.PARTNER_SESSION);
String sessionIndex = (String) providerMap.get(IFSConstants.SESSION_INDEX);
if (currentSessionProvider != null) {
ProviderDescriptorType hostedProviderDesc = metaManager.getIDPDescriptor(realm, idpEntityId);
BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, idpEntityId);
FSSingleLogoutHandler handlerObj = new FSSingleLogoutHandler();
handlerObj.setHostedDescriptor(hostedProviderDesc);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setHostedEntityId(idpEntityId);
handlerObj.setHostedProviderRole(IFSConstants.IDP);
handlerObj.setMetaAlias(idpMetaAlias);
handlerObj.setSingleLogoutProtocol(IFSConstants.LOGOUT_IDP_SOAP_PROFILE);
handlerObj.setRelayState(relayState);
handlerObj.setRealm(realm);
FSLogoutStatus logoutStatus = handlerObj.handleSingleLogout(response, request, currentSessionProvider, userID, sessionIndex, false, ssoToken);
if (SingleLogoutManager.debug.messageEnabled()) {
SingleLogoutManager.debug.message("IDFFSLOHandler." + "handleSOAPInitiatedSLO: logout status=" + logoutStatus.toString());
}
if (logoutStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
return SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS;
} else {
return SingleLogoutManager.LOGOUT_FAILED_STATUS;
}
}
}
return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
}
Aggregations