Search in sources :

Example 1 with FedMonAgent

use of com.sun.identity.plugin.monitoring.FedMonAgent in project OpenAM by OpenRock.

the class UtilProxySAMLAuthenticatorLookup method retrieveAuthenticationFromCache.

@Override
public void retrieveAuthenticationFromCache() throws SessionException, ServerFaultException, ClientFaultException {
    final String classMethod = "UtilProxySAMLAuthenticatorLookup.retrieveAuthenticationFromCache: ";
    // the second visit, the user has already authenticated
    // retrieve the cache authn request and relay state
    // We need the session to pass it to the IDP Adapter preSendResponse
    SessionProvider sessionProvider = SessionManager.getProvider();
    try {
        data.setSession(sessionProvider.getSession(request));
        data.getEventAuditor().setSSOTokenId(data.getSession());
    } catch (SessionException se) {
        SAML2Utils.debug.error("An error occurred while retrieving the session: " + se.getMessage());
        data.setSession(null);
    }
    // Get the cached Authentication Request and Relay State before
    // invoking the IDP Adapter
    CacheObject cacheObj;
    synchronized (IDPCache.authnRequestCache) {
        cacheObj = (CacheObject) IDPCache.authnRequestCache.get(data.getRequestID());
    }
    if (cacheObj != null) {
        data.setAuthnRequest((AuthnRequest) cacheObj.getObject());
    }
    data.setRelayState((String) IDPCache.relayStateCache.get(data.getRequestID()));
    if (!isSessionValid(sessionProvider)) {
        return;
    }
    // Invoke the IDP Adapter after the user has been authenticated
    if (preSendResponse(request, response, data)) {
        return;
    }
    synchronized (IDPCache.authnRequestCache) {
        cacheObj = (CacheObject) IDPCache.authnRequestCache.remove(data.getRequestID());
    }
    if (cacheObj != null) {
        data.setAuthnRequest((AuthnRequest) cacheObj.getObject());
    }
    synchronized (IDPCache.idpAuthnContextCache) {
        cacheObj = (CacheObject) IDPCache.idpAuthnContextCache.remove(data.getRequestID());
    }
    if (cacheObj != null) {
        data.setMatchingAuthnContext((AuthnContext) cacheObj.getObject());
    }
    data.setRelayState((String) IDPCache.relayStateCache.remove(data.getRequestID()));
    if (data.getAuthnRequest() == null) {
        authNotAvailable();
        return;
    }
    SAML2Utils.debug.message("{} RequestID= {}", classMethod, data.getRequestID());
    boolean isSessionUpgrade = false;
    if (CollectionUtils.isNotEmpty(IDPCache.isSessionUpgradeCache)) {
        isSessionUpgrade = IDPCache.isSessionUpgradeCache.contains(data.getRequestID());
    }
    if (isSessionUpgrade) {
        IDPSession oldSess = (IDPSession) IDPCache.oldIDPSessionCache.remove(data.getRequestID());
        String sessionIndex = IDPSSOUtil.getSessionIndex(data.getSession());
        if (StringUtils.isNotEmpty(sessionIndex)) {
            IDPCache.idpSessionsByIndices.put(sessionIndex, oldSess);
            final FedMonAgent agent = MonitorManager.getAgent();
            if (agent != null && agent.isRunning()) {
                final FedMonSAML2Svc saml2Svc = MonitorManager.getSAML2Svc();
                if (saml2Svc != null) {
                    saml2Svc.setIdpSessionCount(IDPCache.idpSessionsByIndices.size());
                }
            }
        }
    }
    if (data.getSession() != null) {
        // call multi-federation protocol to set the protocol
        MultiProtocolUtils.addFederationProtocol(data.getSession(), SingleLogoutManager.SAML2);
    }
    // generate assertion response
    data.setSpEntityID(data.getAuthnRequest().getIssuer().getValue());
    NameIDPolicy policy = data.getAuthnRequest().getNameIDPolicy();
    String nameIDFormat = (policy == null) ? null : policy.getFormat();
    try {
        IDPSSOUtil.sendResponseToACS(request, response, out, data.getSession(), data.getAuthnRequest(), data.getSpEntityID(), data.getIdpEntityID(), data.getIdpMetaAlias(), data.getRealm(), nameIDFormat, data.getRelayState(), data.getMatchingAuthnContext());
    } catch (SAML2Exception se) {
        SAML2Utils.debug.error(classMethod + "Unable to do sso or federation.", se);
        throw new ServerFaultException(data.getIdpAdapter(), SSO_OR_FEDERATION_ERROR, se.getMessage());
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) IDPSession(com.sun.identity.saml2.profile.IDPSession) FedMonSAML2Svc(com.sun.identity.plugin.monitoring.FedMonSAML2Svc) NameIDPolicy(com.sun.identity.saml2.protocol.NameIDPolicy) ServerFaultException(com.sun.identity.saml2.profile.ServerFaultException) SessionException(com.sun.identity.plugin.session.SessionException) CacheObject(com.sun.identity.saml2.profile.CacheObject) FedMonAgent(com.sun.identity.plugin.monitoring.FedMonAgent) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Aggregations

FedMonAgent (com.sun.identity.plugin.monitoring.FedMonAgent)1 FedMonSAML2Svc (com.sun.identity.plugin.monitoring.FedMonSAML2Svc)1 SessionException (com.sun.identity.plugin.session.SessionException)1 SessionProvider (com.sun.identity.plugin.session.SessionProvider)1 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)1 CacheObject (com.sun.identity.saml2.profile.CacheObject)1 IDPSession (com.sun.identity.saml2.profile.IDPSession)1 ServerFaultException (com.sun.identity.saml2.profile.ServerFaultException)1 NameIDPolicy (com.sun.identity.saml2.protocol.NameIDPolicy)1