use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class FSSingleLogoutHandler method doHttpRedirect.
/**
* Performs the logout notification in the case of HTTP Redirect profile.
* @param entityId the remote provider to whom logout message needs to
* be sent
* @return logout status
*/
private FSLogoutStatus doHttpRedirect(String entityId) {
try {
FSUtils.debug.message("In HTTP Redirect profile");
isHttpRedirect = true;
FSSessionManager sMgr = FSSessionManager.getInstance(metaAlias);
if (ssoToken == null) {
try {
//this is HTTP based protocol, get from HTTP servlet request
ssoToken = SessionManager.getProvider().getSession(request);
} catch (SessionException ex) {
FSUtils.debug.error("FSSLOHandler.doHttpRedirect: null ssoToken:", ex);
}
}
FSSession session = sMgr.getSession(ssoToken);
FSAccountFedInfo acctObj = null;
if (session != null) {
acctObj = session.getAccountFedInfo();
}
if (acctObj == null && session != null && !session.getOneTime()) {
acctObj = FSLogoutUtil.getCurrentWorkingAccount(userID, entityId, metaAlias);
}
if (acctObj == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler.doHttp" + "Redirect: Account might have been terminated.");
}
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
}
FSLogoutNotification reqLogout = createSingleLogoutRequest(acctObj, sessionIndex);
if (this.relayState != null) {
reqLogout.setRelayState(this.relayState);
}
if (reqLogout == null) {
FSUtils.debug.message("Logout Request is null");
return new FSLogoutStatus(IFSConstants.SAML_REQUESTER);
}
reqLogout.setMinorVersion(getMinorVersion(remoteDescriptor));
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler::doHttpRedirect " + remoteDescriptor.getSingleLogoutServiceURL() + "\nLogout request: " + reqLogout.toXMLString());
}
String urlEncodedRequest = reqLogout.toURLEncodedQueryString();
// Sign the request querystring
if (FSServiceUtils.isSigningOn()) {
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Retrieving self certalias : " + certAlias);
}
if (certAlias == null || certAlias.length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler::" + " doHttpRedirect: couldn't obtain " + "this site's cert alias.");
}
return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
urlEncodedRequest = FSSignatureUtil.signAndReturnQueryString(urlEncodedRequest, certAlias);
}
StringBuffer redirectURL = new StringBuffer();
String retURL = remoteDescriptor.getSingleLogoutServiceURL();
FSUtils.debug.message("Encoded Redirect URL " + urlEncodedRequest);
redirectURL.append(retURL);
if (retURL.indexOf(QUESTION_MARK) == -1) {
redirectURL.append(QUESTION_MARK);
} else {
redirectURL.append(AMPERSAND);
}
redirectURL.append(urlEncodedRequest);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler::doHttpRedirect" + " URL is " + redirectURL.toString());
}
response.sendRedirect(redirectURL.toString());
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
} catch (FSMsgException e) {
FSUtils.debug.error("FSSingleLogoutHandler::" + " doHttpRedirect FSMsgException:", e);
} catch (IOException e) {
FSUtils.debug.error("FSSingleLogoutHandler::" + "doHttpRedirect IOException:", e);
}
return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class FSProcessLogoutServlet method getValidToken.
/**
* Retrieves valid session from HTTP Request.
* @param request HTTP request object
* @return session if the session is valid; <code>null</code>
* otherwise.
*/
private Object getValidToken(HttpServletRequest request) {
FSUtils.debug.message("Entered FSProcessLogoutServlet::getValidToken");
try {
SessionProvider sessionProvider = SessionManager.getProvider();
Object ssoToken = sessionProvider.getSession(request);
if ((ssoToken == null) || (!sessionProvider.isValid(ssoToken))) {
FSUtils.debug.message("session is not valid, redirecting for authentication");
return null;
}
return ssoToken;
} catch (SessionException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("SessionException caught: " + e);
}
return null;
}
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class AssertionManager method createAssertion.
private Assertion createAssertion(String id, AssertionArtifact artifact, String destID, List attributes, String confirmationMethod, int minorVersion, String nameIDFormat) throws SAMLException {
// check input
if ((id == null) || (id.length() == 0)) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("AssertionManager.createAssertion(id):" + "null input.");
}
throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
}
validateNumberOfAssertions(idEntryMap);
String authMethod = null;
Date authInstant = null;
Object token = null;
String clientIP = null;
try {
if (sessionProvider == null) {
throw new SAMLException(SAMLUtils.bundle.getString("nullSessionProvider"));
}
token = sessionProvider.getSession(id);
authMethod = (String) sessionProvider.getProperty(token, SessionProvider.AUTH_METHOD)[0];
String authSSOInstant = (String) sessionProvider.getProperty(token, "authInstant")[0];
if (authSSOInstant == null || authSSOInstant.equals("")) {
authInstant = new Date();
} else {
authInstant = DateUtils.stringToDate(authSSOInstant);
}
try {
InetAddress clientIPAddress = InetAddress.getByName(sessionProvider.getProperty(token, "Host")[0]);
clientIP = clientIPAddress.getHostAddress();
} catch (Exception e) {
// catching exception here since client ip is optional
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("AssertionManager." + "createAssertion(id):" + "exception when obtaining client ip: ", e);
}
}
} catch (Exception e) {
SAMLUtils.debug.error("AssertionManager." + "createAssertion(id):" + " exception retrieving info from the Session: ", e);
return null;
}
Map partnerURLs = (Map) SAMLServiceManager.getAttribute(SAMLConstants.PARTNER_URLS);
SAMLServiceManager.SOAPEntry partnerEntry = (SAMLServiceManager.SOAPEntry) partnerURLs.get(destID);
NameIdentifierMapper niMapper = null;
if (partnerEntry != null) {
niMapper = partnerEntry.getNameIdentifierMapper();
}
if (niMapper == null) {
niMapper = new DefaultNameIdentifierMapper();
}
String srcID = (String) SAMLServiceManager.getAttribute(SAMLConstants.SITE_ID);
NameIdentifier ni = niMapper.getNameIdentifier(token, srcID, destID, nameIDFormat);
if (ni == null) {
SAMLUtils.debug.error("AssertionManager.createAssertion(id): " + "name identifier is null.");
return null;
}
SubjectConfirmation subConfirmation = null;
String artString = null;
if ((confirmationMethod != null) && (confirmationMethod.length() > 0)) {
subConfirmation = new SubjectConfirmation(confirmationMethod);
} else {
if (artifact != null) {
if (minorVersion == 0) {
// set default for SAML Artifact profile
// here, we use SAML 1.0 confirmation method as default.
confirmationMethod = SAMLConstants.DEPRECATED_CONFIRMATION_METHOD_ARTIFACT;
} else {
confirmationMethod = SAMLConstants.CONFIRMATION_METHOD_ARTIFACT;
}
subConfirmation = new SubjectConfirmation(confirmationMethod);
} else {
// set to bearer for POST profile
subConfirmation = new SubjectConfirmation(SAMLConstants.CONFIRMATION_METHOD_BEARER);
}
}
if (artifact != null) {
artString = artifact.getAssertionArtifact();
}
Subject sub = new Subject(ni, subConfirmation);
SubjectLocality subjLocality = null;
if ((clientIP != null) && (clientIP.length() != 0)) {
subjLocality = new SubjectLocality(clientIP, null);
}
Set statements = new HashSet();
statements.add(new AuthenticationStatement(authMethod, authInstant, sub, subjLocality, null));
if ((attributes != null) && (!attributes.isEmpty())) {
statements.add(new AttributeStatement(sub, attributes));
}
Date issueInstant = new Date();
Date notBefore = new Date(issueInstant.getTime() - notBeforeSkew);
// TODO: this period will be different for bearer
Date notAfter = new Date(issueInstant.getTime() + assertionTimeout);
Conditions cond = new Conditions(notBefore, notAfter);
String issuer = (String) SAMLServiceManager.getAttribute(SAMLConstants.ISSUER_NAME);
Assertion assertion = new Assertion(null, issuer, issueInstant, cond, statements);
assertion.setMinorVersion(minorVersion);
String aIDString = assertion.getAssertionID();
if (((Boolean) SAMLServiceManager.getAttribute(SAMLConstants.SIGN_ASSERTION)).booleanValue()) {
assertion.signXML();
}
Entry entry = new Entry(assertion, destID, artString, token);
try {
Object oldEntry = null;
synchronized (idEntryMap) {
oldEntry = idEntryMap.put(aIDString, entry);
}
if (oldEntry != null) {
assertionTimeoutRunnable.removeElement(aIDString);
}
assertionTimeoutRunnable.addElement(aIDString);
if ((agent != null) && agent.isRunning() && (saml1Svc != null)) {
saml1Svc.incSAML1Cache(FedMonSAML1Svc.ASSERTIONS, FedMonSAML1Svc.CWRITE);
}
} catch (Exception e) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("AssertionManager: couldn't add " + "to idEntryMap.", e);
}
throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateAssertion"));
}
if (LogUtils.isAccessLoggable(java.util.logging.Level.FINER)) {
String[] data = { SAMLUtils.bundle.getString("assertionCreated"), assertion.toString(true, true) };
LogUtils.access(java.util.logging.Level.FINER, LogUtils.ASSERTION_CREATED, data);
} else {
String[] data = { SAMLUtils.bundle.getString("assertionCreated"), aIDString };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.ASSERTION_CREATED, data);
}
if (artString != null) {
// put artifact in artEntryMap
try {
Object oldEntry = null;
synchronized (artEntryMap) {
oldEntry = artEntryMap.put(artString, new ArtEntry(aIDString, (System.currentTimeMillis() + artifactTimeout)));
}
if (oldEntry != null) {
artifactTimeoutRunnable.removeElement(artString);
}
artifactTimeoutRunnable.addElement(artString);
if ((agent != null) && agent.isRunning() && (saml1Svc != null)) {
saml1Svc.incSAML1Cache(FedMonSAML1Svc.ARTIFACTS, FedMonSAML1Svc.CWRITE);
}
} catch (Exception e) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("AssertionManager: couldn't add " + "artifact to the artEntryMap.", e);
}
throw new SAMLResponderException(SAMLUtils.bundle.getString("errorCreateArtifact"));
}
String[] data = { SAMLUtils.bundle.getString("assertionArtifactCreated"), artString, aIDString };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.ASSERTION_ARTIFACT_CREATED, data);
}
if (token != null) {
// create a listener and add the listener to the token
AssertionSSOTokenListener listener = new AssertionSSOTokenListener(aIDString, artString);
try {
sessionProvider.addListener(token, listener);
} catch (SessionException e) {
SAMLUtils.debug.error("AssertionManager.createAssertion(id):" + " Couldn't add listener to session:", e);
} catch (UnsupportedOperationException uoe) {
SAMLUtils.debug.warning("AssertionManager.createAssertion(id):" + " Operation add listener to session not supported:", uoe);
}
}
return assertion;
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class AssertionManager method createSSOAssertion.
/**
* Returns Assertion that contains <code>AuthenticationStatement</code>.
* @param id The String that contains authentication information which
* is needed to create the assertion. It could be a string
* representation of an id, a cookie, etc.
* @param artifact the value to be set in the SubjectConfirmation of the
* <code>AuthenticationStatement</code>. If it's null,
* <code>SubjectConfirmation</code> is set to bearer.
* @param request The HttpServletRerquest object of the request.
* @param response The HttpServletResponse object.
* @param destID A String that is the site the assertion is created for.
* @param targetUrl A URL String representing the target site
* @param version The relying party preferred Assertion version number.
* @return Assertion The created Assertion.
* @throws SAMLException If the Assertion cannot be created.
*/
public Assertion createSSOAssertion(String id, AssertionArtifact artifact, HttpServletRequest request, HttpServletResponse response, String destID, String targetUrl, String version) throws SAMLException {
List attributes = null;
Map partnerURLs = (Map) SAMLServiceManager.getAttribute(SAMLConstants.PARTNER_URLS);
SAMLServiceManager.SOAPEntry partnerEntry = (SAMLServiceManager.SOAPEntry) partnerURLs.get(destID);
if (partnerEntry != null) {
try {
if (sessionProvider == null) {
throw new SAMLException(SAMLUtils.bundle.getString("nullSessionProvider"));
}
Object userSession = sessionProvider.getSession(id);
ConsumerSiteAttributeMapper cMapper = partnerEntry.getConsumerSiteAttributeMapper();
if (cMapper != null) {
attributes = cMapper.getAttributes(userSession, request, response, targetUrl);
} else {
PartnerSiteAttributeMapper pMapper = partnerEntry.getPartnerSiteAttributeMapper();
if (pMapper != null) {
attributes = pMapper.getAttributes(userSession, targetUrl);
} else {
SiteAttributeMapper mapper = partnerEntry.getSiteAttributeMapper();
if (mapper != null) {
attributes = mapper.getAttributes(userSession);
}
}
}
} catch (SessionException ssoe) {
SAMLUtils.debug.error("AssertionManager.createAssertion(id):" + " exception retrieving info from the Session", ssoe);
return null;
}
}
String nameIDFormat = request.getParameter(SAMLConstants.NAME_ID_FORMAT);
if (artifact == null) {
// SAML post profile
if (version.equals(SAMLConstants.ASSERTION_VERSION_1_1)) {
// set minor version to 1
return createAssertion(id, artifact, destID, attributes, SAMLConstants.CONFIRMATION_METHOD_BEARER, 1, nameIDFormat);
} else {
// set minor version to 0
return createAssertion(id, artifact, destID, attributes, SAMLConstants.CONFIRMATION_METHOD_BEARER, 0, nameIDFormat);
}
} else {
if (version == null || version.equals(SAMLConstants.ASSERTION_VERSION_1_0)) {
return createAssertion(id, artifact, destID, attributes, SAMLConstants.DEPRECATED_CONFIRMATION_METHOD_ARTIFACT, 0, nameIDFormat);
} else if (version.equals(SAMLConstants.ASSERTION_VERSION_1_1)) {
return createAssertion(id, artifact, destID, attributes, SAMLConstants.CONFIRMATION_METHOD_ARTIFACT, 1, nameIDFormat);
} else {
SAMLUtils.debug.error("Input version " + version + " is not supported.");
return null;
}
}
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class AssertionManagerImpl method getAssertions.
public Set getAssertions(String ssoToken) throws SAMLException {
checkInitialization();
try {
SessionProvider sessionProvider = SessionManager.getProvider();
Object token = sessionProvider.getSession(ssoToken);
return (assertionManager.getAssertions(token));
} catch (SessionException ssoe) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("AssertionManagerImpl:getAssertions: " + ssoe);
}
throw (new SAMLException(ssoe.getMessage()));
}
}
Aggregations