Example 1 with SessionException
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class FMSubjectMapper method mapToNativeSubject.
/**
* Returns native subject, OpenAM SSOToken
* @param xacmlContextSubjects XACML context Subject(s) from the
* xacml-context:Request
* @return native subject, OpenAM SSOToken, returns null if
* Subject did not match
* @exception XACMLException if can not map to native subject
*/
public Object mapToNativeSubject(List xacmlContextSubjects) throws XACMLException {
if (xacmlContextSubjects == null) {
return null;
}
String sid = null;
String userName = null;
//for (int subCount=0;subCount<xacmlContextSubjects.length;subCount++) {
for (Iterator iter = xacmlContextSubjects.iterator(); iter.hasNext(); ) {
//Subject subject = xacmlContextSubjects[subCount];
Subject subject = (Subject) iter.next();
if (subject == null) {
continue;
}
URI subjectCategory = subject.getSubjectCategory();
if ((subjectCategory != null) && (!subjectCategory.toString().equals(XACMLConstants.ACCESS_SUBJECT))) {
continue;
}
List attributes = subject.getAttributes();
if (attributes != null) {
for (int count = 0; count < attributes.size(); count++) {
Attribute attr = (Attribute) attributes.get(count);
if (attr != null) {
URI tmpURI = attr.getAttributeId();
if (tmpURI.toString().equals(XACMLConstants.SUBJECT_ID)) {
tmpURI = attr.getDataType();
if (tmpURI.toString().equals(XACMLConstants.OPENSSO_SESSION_ID)) {
Element sidElement = (Element) attr.getAttributeValues().get(0);
sid = XMLUtils.getElementValue(sidElement);
} else if (tmpURI.toString().equals(XACMLConstants.X500NAME)) {
Element sidElement = (Element) attr.getAttributeValues().get(0);
userName = XMLUtils.getElementValue(sidElement);
} else if (tmpURI.toString().equals(XACMLConstants.SAML2_NAMEID)) {
Element sidElement = (Element) attr.getAttributeValues().get(0);
String nameID = XMLUtils.getElementValue(sidElement);
if (nameID != null) {
userName = (String) IDPCache.userIDByTransientNameIDValue.get(nameID);
}
// TODO:Need to support non-transient nameid format
}
}
}
}
}
}
SSOToken ssoToken = null;
if (sid != null) {
//create ssoToken based on sessionId
try {
SSOTokenManager tokenManager = SSOTokenManager.getInstance();
ssoToken = tokenManager.createSSOToken(sid);
} catch (SSOException ssoExp) {
if (XACMLSDKUtils.debug.messageEnabled()) {
XACMLSDKUtils.debug.message("FMSubjectMapper.mapToNativeSubject()" + ":caught SSOException:", ssoExp);
}
}
}
//create ssoToken based on x500name (userName)
if ((ssoToken == null) && (userName != null)) {
try {
ssoToken = createFMSession(userName);
} catch (SessionException se) {
if (XACMLSDKUtils.debug.messageEnabled()) {
XACMLSDKUtils.debug.message("FMSubjectMapper.mapToNativeSubject()" + ":caught SessionException:", se);
}
}
}
return ssoToken;
}
Also used :
SSOTokenManager(com.iplanet.sso.SSOTokenManager)
SSOToken(com.iplanet.sso.SSOToken)
Attribute(com.sun.identity.xacml.context.Attribute)
Element(org.w3c.dom.Element)
Iterator(java.util.Iterator)
SessionException(com.sun.identity.plugin.session.SessionException)
List(java.util.List)
SSOException(com.iplanet.sso.SSOException)
URI(java.net.URI)
Subject(com.sun.identity.xacml.context.Subject)
Example 2 with SessionException
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class FSTerminationInitiationServlet method doTerminationInitiation.
/**
* Called when a Termination needs to be initiated with a remote provider.
* @param request <code>HTTPServletRequest</code> object received via a
* HTTP Redirect
* @param response <code>HTTPServletResponse</code> object to send the
* response back to user agent
* @param hostedProviderDesc the provider where termination is initiated
* @param hostedConfig hosted provider's extended meta
* @param realm the realm under which the entity resides
* @param hostedEntityId hosted provider's entity ID
* @param hostedRole hosted provider's role
* @param providerAlias hosted provider's meta alias
*/
private void doTerminationInitiation(HttpServletRequest request, HttpServletResponse response, ProviderDescriptorType hostedProviderDesc, BaseConfigType hostedConfig, String realm, String hostedEntityId, String hostedRole, String providerAlias) {
FSUtils.debug.message("Entered FSTerminationInitiationServlet::doTerminationInitiation");
try {
Object ssoToken = getValidToken(request);
if (ssoToken != null) {
String remoteEntityId = request.getParameter(IFSConstants.TERMINATION_PROVIDER_ID);
if (remoteEntityId == null || remoteEntityId.length() < 1) {
FSUtils.debug.error("Provider Id not found, display error page");
FSServiceUtils.showErrorPage(response, commonErrorPage, IFSConstants.TERMINATION_NO_PROVIDER, IFSConstants.CONTACT_ADMIN);
return;
}
// session token is valid, ProviderId available
FSServiceManager instSManager = FSServiceManager.getInstance();
if (instSManager != null) {
FSUtils.debug.message("FSServiceManager Instance not null");
String remoteProviderRole = IFSConstants.SP;
FSAccountFedInfo fedinfo = null;
if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
remoteProviderRole = IFSConstants.IDP;
FSSessionManager sessManager = FSSessionManager.getInstance(providerAlias);
FSSession ssoSession = sessManager.getSession(ssoToken);
if (ssoSession != null) {
if (!ssoSession.getOneTime()) {
fedinfo = ssoSession.getAccountFedInfo();
}
}
}
FSFedTerminationHandler handlerObj = instSManager.getFedTerminationHandler(remoteEntityId, remoteProviderRole, SessionManager.getProvider().getPrincipalName(ssoToken), realm, hostedEntityId, providerAlias);
if (handlerObj != null) {
handlerObj.setHostedDescriptor(hostedProviderDesc);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setHostedProviderRole(hostedRole);
handlerObj.setMetaAlias(providerAlias);
handlerObj.setRealm(realm);
handlerObj.setHostedEntityId(hostedEntityId);
if (fedinfo != null) {
handlerObj.setAccountInfo(fedinfo);
}
boolean bStatus = handlerObj.handleFederationTermination(request, response, ssoToken);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("handleFederationTermination status is : " + bStatus);
}
return;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to get termination " + "handler. User account Not valid");
}
}
} else {
FSUtils.debug.message("FSServiceManager Instance null");
}
FSServiceUtils.returnLocallyAfterOperation(response, termDoneURL, false, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return;
} else {
FSServiceUtils.redirectForAuthentication(request, response, providerAlias);
return;
}
} catch (IOException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("IOException in doTerminationInitiation", e);
}
} catch (SessionException ex) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("SessionException in doTerminationInitiation", ex);
}
}
FSServiceUtils.returnLocallyAfterOperation(response, termDoneURL, false, IFSConstants.TERMINATION_SUCCESS, IFSConstants.TERMINATION_FAILURE);
return;
}
Also used :
FSServiceManager(com.sun.identity.federation.services.FSServiceManager)
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
IOException(java.io.IOException)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
Example 3 with SessionException
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class FSAttributeStatementHelper method getAutoFedAttributeStatement.
/**
* Gets a SAML <code>AttributeStatement</code> by using an
* <code>AutoFederate</code> attribute that is configured in Local Provider.
* @param realm The realm under which the entity resides.
* @param entityID Host Provider's entity ID.
* @param sub Liberty Subject.
* @param ssoToken session of the user
* @return Generated Auto Federate Attribute Statement.
* @exception FSException if an error occurred
*/
public static AttributeStatement getAutoFedAttributeStatement(String realm, String entityID, FSSubject sub, Object ssoToken) throws FSException {
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
BaseConfigType hostConfig = null;
try {
if (metaManager != null) {
hostConfig = metaManager.getIDPDescriptorConfig(realm, entityID);
}
} catch (IDFFMetaException fae) {
FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: IDFFMetaException ", fae);
throw new FSException(fae);
}
String autoFedAttr = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.AUTO_FEDERATION_ATTRIBUTE);
if (autoFedAttr == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAttributeStatementHelper.getAutoFed:" + "AttributeStatement: AutoFederate Attribute is null");
}
return null;
}
List values = new ArrayList();
try {
String userID = SessionManager.getProvider().getPrincipalName(ssoToken);
DataStoreProvider provider = DataStoreProviderManager.getInstance().getDataStoreProvider(IFSConstants.IDFF);
Set vals = provider.getAttribute(userID, autoFedAttr);
Iterator iter = vals.iterator();
while (iter.hasNext()) {
values.add(getAttributeValue((String) iter.next()));
}
} catch (SessionException se) {
FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: SessionException ", se);
throw new FSException(se);
} catch (DataStoreProviderException ie) {
FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: DataStoreProviderException ", ie);
throw new FSException(ie);
}
if (values == null || values.size() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAtributeStatementHelper.getAuto:" + "FedAttributeStatement. No values for autofed attribute");
}
return null;
}
try {
Attribute attribute = new Attribute(IFSConstants.AUTO_FED_ATTR, IFSConstants.assertionSAMLNameSpaceURI, values);
List attributeList = new ArrayList();
attributeList.add(attribute);
return new AttributeStatement(sub, attributeList);
} catch (SAMLException ex) {
FSUtils.debug.error("FSAttributeStatementHelper.getAutoFed" + "AttributeStatement: SAMLException ", ex);
throw new FSException(ex);
}
}
Also used :
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
Set(java.util.Set)
Attribute(com.sun.identity.saml.assertion.Attribute)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
DataStoreProvider(com.sun.identity.plugin.datastore.DataStoreProvider)
ArrayList(java.util.ArrayList)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement)
FSException(com.sun.identity.federation.common.FSException)
Iterator(java.util.Iterator)
ArrayList(java.util.ArrayList)
List(java.util.List)
Example 4 with SessionException
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class FSSingleLogoutHandler method handleMultiProtocolLogout.
private int handleMultiProtocolLogout(boolean isSOAPInited, String responseXML, String remoteSPId) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSLOHandler.handleMultiProtocolLogout: " + "isSOAP initiated = " + isSOAPInited + ", response XML=" + responseXML);
}
if (ssoToken == null) {
try {
// this is HTTP based protocol, get from HTTP servlet request
ssoToken = SessionManager.getProvider().getSession(request);
} catch (SessionException ex) {
FSUtils.debug.message("FSSLOHandler.handleMPLogout: null", ex);
return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
}
}
try {
if (!SessionManager.getProvider().isValid(ssoToken)) {
return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
}
} catch (SessionException ex) {
FSUtils.debug.message("FSSLOHandler.handleMPLogout: invalid", ex);
return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
}
Set set = new HashSet();
set.add(ssoToken);
int currentStatus = (logoutStatus) ? SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS : SingleLogoutManager.LOGOUT_FAILED_STATUS;
int retStatus = SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS;
try {
String requestXML = (requestLogout == null) ? null : requestLogout.toXMLString(true, true);
String finalRelayState = relayState;
if ((finalRelayState == null) || (finalRelayState.length() == 0)) {
finalRelayState = LOGOUT_DONE_URL;
}
retStatus = SingleLogoutManager.getInstance().doIDPSingleLogout(set, userID, request, response, isSOAPInited, FSLogoutUtil.isIDPInitiatedProfile(singleLogoutProtocol), SingleLogoutManager.IDFF, realm, hostedEntityId, remoteSPId, finalRelayState, requestXML, responseXML, currentStatus);
} catch (Exception e) {
FSUtils.debug.error("FSSLOHandler.doIDPProfile: MP/SOAP", e);
retStatus = SingleLogoutManager.LOGOUT_FAILED_STATUS;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSLOHandler.handleMultiProtocolLogout: " + "return status = " + retStatus);
}
return retStatus;
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
SessionException(com.sun.identity.plugin.session.SessionException)
ServletException(javax.servlet.ServletException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
IOException(java.io.IOException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
HashSet(java.util.HashSet)
Example 5 with SessionException
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class FSSingleLogoutHandler method processSingleLogoutRequest.
/**
* Processes the logout request received from soap profile.
* @param reqLogout the logout request
* @param currentSessionProvider initial provider with whom to broadcast
* @param userID who is presently logging out
* @param sourceEntityId remote provider id
* @param sessionIndex to be sent as part of logout message
* @param isWMLAgent determines if response to be sent to AML agent
* @param isSourceIDP determines the role of the provider
* @return logout status
*/
protected FSLogoutStatus processSingleLogoutRequest(FSLogoutNotification reqLogout, FSSessionPartner currentSessionProvider, String userID, String sourceEntityId, String sessionIndex, boolean isWMLAgent, String isSourceIDP) {
FSUtils.debug.message("Entered FSSingleLogoutHandler::processSingleLogoutRequest - SOAP");
if (currentSessionProvider != null) {
isCurrentProviderIDPRole = currentSessionProvider.getIsRoleIDP();
remoteEntityId = currentSessionProvider.getPartner();
setRemoteDescriptor(getRemoteDescriptor(remoteEntityId));
}
this.requestLogout = reqLogout;
this.userID = userID;
this.sessionIndex = sessionIndex;
this.isWMLAgent = isWMLAgent;
if (reqLogout != null) {
FSUtils.debug.message("FSLogoutNotification formed really well");
if (currentSessionProvider == null) {
FSUtils.debug.message("currentSessionProvider is null. destroy and return");
// get ssoToken corresponding to the session index
Vector sessionObjList = FSLogoutUtil.getSessionObjectList(userID, metaAlias, sessionIndex);
if ((sessionObjList != null) && !sessionObjList.isEmpty()) {
String sessid = ((FSSession) sessionObjList.get(0)).getSessionID();
try {
ssoToken = SessionManager.getProvider().getSession(sessid);
} catch (SessionException ex) {
// ignore;
}
}
// handle idp proxy case
FSLogoutStatus proxyStatus = handleIDPProxyLogout(sourceEntityId);
if (proxyStatus != null && !proxyStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
logoutStatus = false;
}
FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, reqLogout.getSessionIndex(), request, response);
// call multi-federation protocol processing
int retStatus = handleMultiProtocolLogout(true, null, sourceEntityId);
if ((retStatus == SingleLogoutManager.LOGOUT_FAILED_STATUS) || (retStatus == SingleLogoutManager.LOGOUT_PARTIAL_STATUS)) {
return new FSLogoutStatus(IFSConstants.LOGOUT_FAILURE);
} else {
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
}
} else {
// get ssoToken corresponding to the session index
Vector sessionObjList = FSLogoutUtil.getSessionObjectList(userID, metaAlias, sessionIndex);
if ((sessionObjList != null) && !sessionObjList.isEmpty()) {
String sessid = ((FSSession) sessionObjList.get(0)).getSessionID();
try {
ssoToken = SessionManager.getProvider().getSession(sessid);
} catch (SessionException ex) {
// ignore;
}
}
// handle idp proxy case.
FSLogoutStatus proxyStatus = handleIDPProxyLogout(sourceEntityId);
// Check if any of the connections use HTTP GET/Redirect
String currentEntityId = currentSessionProvider.getPartner();
isCurrentProviderIDPRole = currentSessionProvider.getIsRoleIDP();
if (!supportSOAPProfile(remoteDescriptor)) {
return new FSLogoutStatus(IFSConstants.SAML_UNSUPPORTED);
}
FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
FSSession session = sessionManager.getSession(sessionManager.getSessionList(userID), sessionIndex);
FSUtils.debug.message("FSSLOHandler, process logout case 4");
FSLogoutUtil.cleanSessionMapPartnerList(userID, currentEntityId, metaAlias, session);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Communicate with provider " + currentEntityId + " using soap profile.");
}
// In the middle of a SOAP call you can only use
// SOAP profile
FSUtils.debug.message("In SOAP profile");
// This func should take care of initiating
// next provider also as it has control
FSLogoutStatus bLogoutStatus = doIDPSoapProfile(currentEntityId);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Logout completed first round " + "with status : " + bLogoutStatus);
}
if (bLogoutStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS) && (proxyStatus != null) && !proxyStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
bLogoutStatus = proxyStatus;
}
return bLogoutStatus;
}
} else {
String[] data = { userID };
LogUtil.error(Level.INFO, LogUtil.LOGOUT_FAILED_REQUEST_IMPROPER, data);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Request not proper " + "Cannot proceed federation termination");
}
return new FSLogoutStatus(IFSConstants.SAML_REQUESTER);
}
}
Also used :
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
Vector(java.util.Vector)
Aggregations
SessionException (com.sun.identity.plugin.session.SessionException)121
SessionProvider (com.sun.identity.plugin.session.SessionProvider)55
List (java.util.List)40
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)35
IOException (java.io.IOException)28
ArrayList (java.util.ArrayList)28
Set (java.util.Set)24
SAMLException (com.sun.identity.saml.common.SAMLException)23
Iterator (java.util.Iterator)20
HashMap (java.util.HashMap)18
HashSet (java.util.HashSet)18
Map (java.util.Map)18
FSSession (com.sun.identity.federation.services.FSSession)17
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)17
FSSessionManager (com.sun.identity.federation.services.FSSessionManager)15
FSException (com.sun.identity.federation.common.FSException)13
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)12
SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)11
ServletException (javax.servlet.ServletException)10
DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)9
