Search in sources :

Example 11 with SessionException

use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.

the class LibertyManager method getUser.

/** 
     * Returns the user from <code>HttpServletRequest</code>.
     *
     * @param request HTTP servlet request.
     * @return the user from <code>HttpServletRequest</code>.
     */
public static String getUser(HttpServletRequest request) {
    Object ssoToken = null;
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        ssoToken = sessionProvider.getSession(request);
        if (ssoToken != null && sessionProvider.isValid(ssoToken)) {
            debug.message("LibertyManager: getUser: token is valid");
            return sessionProvider.getPrincipalName(ssoToken);
        }
        return null;
    } catch (SessionException ssoe) {
        debug.error("LibertyManager: getUser: SessionException: ", ssoe);
        return null;
    }
}
Also used : SessionException(com.sun.identity.plugin.session.SessionException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 12 with SessionException

use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.

the class LibertyManagerClient method getDiscoveryResourceOffering.

/**
     * Returns the discovery service bootstrap resource offering. 
     * @param token Single Sign On Token.
     * @param hostProviderID Hosted <code>ProviderID</code>.
     * @return <code>ResourceOffering</code> Discovery Service bootstrap
     *  resource offering.
     * @exception FSException if any failure.
     */
public ResourceOffering getDiscoveryResourceOffering(Object token, String hostProviderID) throws FSException {
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        String tokenID = sessionProvider.getSessionID(token);
        String cacheKey = tokenID + DISCO_RO;
        ResourceOffering ro = (ResourceOffering) bootStrapCache.get(cacheKey);
        if (ro != null) {
            return ro;
        }
        String[] objs = { tokenID, hostProviderID };
        String resourceOffering = (String) client.send("getDiscoveryResourceOffering", objs, null, null);
        if ((resourceOffering == null) || (resourceOffering.length() == 0)) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("LibertyManagerClient.getDiscovery" + "ResourceOffering: ResouceOffering is null or empty");
            }
            return null;
        }
        Document doc = XMLUtils.toDOMDocument(resourceOffering, FSUtils.debug);
        ro = new ResourceOffering(doc.getDocumentElement());
        sessionProvider.addListener(token, new LibertyClientSSOTokenListener());
        bootStrapCache.put(cacheKey, ro);
        return ro;
    } catch (SessionException se) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("LibertyManagerClient.getDiscovery" + "ResourceOffering: InvalidSessionToken", se);
        }
        throw new FSException(FSUtils.bundle.getString("invalidSSOToken"));
    } catch (DiscoveryException de) {
        FSUtils.debug.error("LibertyManagerClient.getDiscovery" + "ResourceOffering: Invalid ResourceOffering", de);
        throw new FSException(FSUtils.bundle.getString("invalidResourceOffering"));
    } catch (Exception ex) {
        FSUtils.debug.error("LibertyManagerClient.getDiscovery" + "ResourceOffering: SOAPClient Exception", ex);
        throw new FSException(FSUtils.bundle.getString("soapException"));
    }
}
Also used : ResourceOffering(com.sun.identity.liberty.ws.disco.ResourceOffering) FSException(com.sun.identity.federation.common.FSException) SessionException(com.sun.identity.plugin.session.SessionException) Document(org.w3c.dom.Document) DiscoveryException(com.sun.identity.liberty.ws.disco.DiscoveryException) DiscoveryException(com.sun.identity.liberty.ws.disco.DiscoveryException) SessionException(com.sun.identity.plugin.session.SessionException) FSException(com.sun.identity.federation.common.FSException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 13 with SessionException

use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.

the class LibertyManagerImpl method getDiscoveryServiceCredential.

/**
     * Returns the discovery service credential.
     * @param tokenID Single Sign On Token ID.
     * @param hostProviderID Hosted <code>ProviderID</code>.
     * @return <code>String</code> Credential to access the discovery service.
     *         <code>null</code> if the credential does not present.
     * @exception RemoteException if any failure.
     */
public String getDiscoveryServiceCredential(String tokenID, String hostProviderID) throws RemoteException {
    try {
        Object token = SessionManager.getProvider().getSession(tokenID);
        FSSession session = FSSessionManager.getInstance(IDFFMetaUtils.getMetaAlias(IFSConstants.ROOT_REALM, hostProviderID, IFSConstants.SP, null)).getSession(token);
        if (session == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("LibertyManagerImpl.getDiscoveryServiceCredential:" + "ResourceOffering: no FSSession found");
            }
            return null;
        }
        List creds = session.getBootStrapCredential();
        if (creds == null || creds.size() == 0) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("LibertyManagerImpl.getDiscovery:" + "ServiceCredential: bootstrap credential is null");
            }
            return null;
        }
        return ((SecurityAssertion) creds.get(0)).toString();
    } catch (SessionException se) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("LibertyManagerImpl.getDiscoveryService" + "Credential: SessionException", se);
        }
        throw new RemoteException(FSUtils.bundle.getString("invalidSSOToken"));
    }
}
Also used : FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) NodeList(org.w3c.dom.NodeList) List(java.util.List) SecurityAssertion(com.sun.identity.liberty.ws.security.SecurityAssertion) RemoteException(java.rmi.RemoteException)

Example 14 with SessionException

use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.

the class FSProcessLogoutServlet method doGetPost.

/**
     * Handles single logout request.
     * @param request an <code>HttpServletRequest</code> object that contains
     *  the request the client has made of the servlet.
     * @param response an <code>HttpServletResponse</code> object that contains
     *  the response the servlet sends to the client.
     * @exception ServletException if an input or output error is detected when
     *                             the servlet handles the request
     * @exception IOException if the request could not be handled
     */
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    FSUtils.debug.message("FSProcessLogoutServlet doGetPost...");
    // Alias processing
    String providerAlias = request.getParameter(IFSConstants.META_ALIAS);
    if (providerAlias == null || providerAlias.length() == 0) {
        providerAlias = FSServiceUtils.getMetaAlias(request);
    }
    if (providerAlias == null || providerAlias.length() < 1) {
        FSUtils.debug.error("Unable to retrieve alias, Hosted Provider. " + "Cannot process request");
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("aliasNotFound"));
        return;
    }
    if (metaManager == null) {
        FSUtils.debug.error("Cannot retrieve hosted descriptor. " + "Cannot process request");
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
        return;
    }
    String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
    ProviderDescriptorType hostedProviderDesc = null;
    BaseConfigType hostedConfig = null;
    String hostedRole = null;
    String hostedEntityId = null;
    try {
        hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
        hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
        if (hostedRole != null) {
            if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
                hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
                hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
            } else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
                hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
                hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
            }
        }
        if (hostedProviderDesc == null) {
            throw new IDFFMetaException((String) null);
        }
    } catch (IDFFMetaException eam) {
        FSUtils.debug.error("Unable to find Hosted Provider. " + "not process request", eam);
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
        return;
    }
    String logoutDoneURL = FSServiceUtils.getLogoutDonePageURL(request, hostedConfig, providerAlias);
    String commonErrorPage = FSServiceUtils.getErrorPageURL(request, hostedConfig, providerAlias);
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("logoutDoneURL : " + logoutDoneURL + "\ncommonErrorPage : " + commonErrorPage);
    }
    String sourceCheck = (String) request.getAttribute("logoutSource");
    if (sourceCheck == null) {
        sourceCheck = request.getParameter("logoutSource");
    }
    Object ssoToken = getValidToken(request);
    String userID = null;
    if (ssoToken == null) {
        if (sourceCheck != null) {
            if (sourceCheck.equalsIgnoreCase("local")) {
                // status=noSession
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSProcessLogoutServlet, " + "control where Source is local");
                }
                FSServiceUtils.returnLocallyAfterOperation(response, logoutDoneURL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_NO_SESSION);
                return;
            } else if (sourceCheck.equalsIgnoreCase("remote")) {
                // logout return
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Control where Source is remote - not from app" + "link but from other provider");
                }
                FSServiceUtils.returnLocallyAfterOperation(response, logoutDoneURL, true, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
                return;
            } else if (sourceCheck.equalsIgnoreCase("logoutGet")) {
                // logout Get profile
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Control where Source is Http Get action - " + "not from app link ");
                }
                FSServiceUtils.returnLocallyAfterOperation(response, logoutDoneURL, true, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
                return;
            }
        }
    } else {
        try {
            userID = SessionManager.getProvider().getPrincipalName(ssoToken);
        } catch (SessionException ssoExp) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Couldn't get user object:", ssoExp);
            }
        }
        if (sourceCheck != null) {
            if (sourceCheck.equalsIgnoreCase("local")) {
                // initiate logout
                FSUtils.debug.message("Control where Source is local -  from applink");
                doLogoutInitiation(request, response, hostedProviderDesc, hostedConfig, realm, hostedEntityId, hostedRole, providerAlias, ssoToken, logoutDoneURL, sourceCheck);
                return;
            } else if (sourceCheck.equalsIgnoreCase("remote")) {
                // logout return
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Control where Source is remote - not from app" + "link but from other provider. Token valid");
                }
                doLogoutInitiation(request, response, hostedProviderDesc, hostedConfig, realm, hostedEntityId, hostedRole, providerAlias, ssoToken, logoutDoneURL, sourceCheck);
                return;
            } else if (sourceCheck.equalsIgnoreCase("logoutGet")) {
                // logout Get profile
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Control where Source is Http Get action - not from" + " applink. Initiation will take care in " + "preLogouthandler ");
                }
                doLogoutInitiation(request, response, hostedProviderDesc, hostedConfig, realm, hostedEntityId, hostedRole, providerAlias, ssoToken, logoutDoneURL, sourceCheck);
                return;
            }
        }
    }
    // received logout request from remote provider
    FSLogoutNotification logoutObj = null;
    try {
        logoutObj = FSLogoutNotification.parseURLEncodedRequest(request);
    } catch (FSMsgException e) {
        // FSMsgException would mean that the request does not have the
        // FSLogoutNotification message, so show error page
        FSUtils.debug.message("Bad Logout request. calling showErrorPage");
        FSServiceUtils.showErrorPage(response, commonErrorPage, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
        return;
    }
    if (logoutObj == null) {
        FSUtils.debug.message("Bad Logout request. calling showErrorPage");
        FSServiceUtils.showErrorPage(response, commonErrorPage, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
    } else {
        doRequestProcessing(request, response, hostedProviderDesc, hostedConfig, hostedRole, realm, hostedEntityId, providerAlias, logoutObj, commonErrorPage, userID, ssoToken);
    }
    return;
}
Also used : BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType) SessionException(com.sun.identity.plugin.session.SessionException) FSLogoutNotification(com.sun.identity.federation.message.FSLogoutNotification)

Example 15 with SessionException

use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.

the class FSReturnLogoutServlet method doGetPost.

/**
     * Processes logout response.
     * @param request an <code>HttpServletRequest</code> object that contains 
     *  the request the client has made of the servlet.
     * @param response an <code>HttpServletResponse</code> object that contains
     *  the response the servlet sends to the client.
     * @exception ServletException if an input or output error is detected when
     *                             the servlet handles the request
     * @exception IOException if the request could not be handled
     */
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    FSUtils.debug.message("FSReturnLogoutServlet doGetPost...");
    // Alias processing
    String providerAlias = request.getParameter(IFSConstants.META_ALIAS);
    if (providerAlias == null || providerAlias.length() < 1) {
        providerAlias = FSServiceUtils.getMetaAlias(request);
    }
    if (providerAlias == null || providerAlias.length() < 1) {
        FSUtils.debug.message("Unable to retrieve alias, Hosted" + " Provider. Cannot process request");
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("aliasNotFound"));
        return;
    }
    Object ssoToken = null;
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        ssoToken = sessionProvider.getSession(request);
        if ((ssoToken == null) || (!sessionProvider.isValid(ssoToken))) {
            FSUtils.debug.message("FSReturnLogoutRequest: Unable to get principal");
            response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullSSOToken"));
            return;
        }
        univId = sessionProvider.getPrincipalName(ssoToken);
    } catch (SessionException ssoExp) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSReturnLogoutRequest: Unable to get principal", ssoExp);
        }
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullSSOToken"));
        return;
    }
    if (metaManager == null) {
        FSUtils.debug.error("Failed to get meta manager");
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FEDERATION_FAILED_META_INSTANCE));
        return;
    }
    String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
    String hostedRole = null;
    String hostedEntityId = null;
    BaseConfigType hostedConfig = null;
    try {
        hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
        hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
        if (hostedRole != null) {
            if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
                hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
            } else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
                hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
            }
        }
        if (hostedConfig == null) {
            throw new IDFFMetaException((String) null);
        }
    } catch (IDFFMetaException e) {
        FSUtils.debug.error("Failed to get Hosted Provider");
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
        return;
    }
    setLogoutURL(request, hostedConfig, providerAlias);
    // Here we will need to
    //   1. verify response signature
    //   2. verify response status
    //   3. retrieve registration request Id from Map
    //   4. if status success then do locally else not do locally and
    //   5. show status page or LRURL if found in MAP (eg intersiteTransfer)
    FSLogoutResponse logoutResponse = null;
    try {
        logoutResponse = FSLogoutResponse.parseURLEncodedRequest(request);
    } catch (FSMsgException e) {
        FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
        return;
    } catch (SAMLException e) {
        FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
        return;
    }
    String remoteEntityId = logoutResponse.getProviderId();
    ProviderDescriptorType remoteDesc = null;
    boolean isRemoteIDP = false;
    try {
        if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
            remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
        } else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
            remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
            isRemoteIDP = true;
        }
    } catch (IDFFMetaException e) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSLogoutReturnServlet.doGetPost:", e);
        }
    }
    if (remoteDesc == null) {
        FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
        return;
    }
    boolean bVerify = true;
    if (FSServiceUtils.isSigningOn()) {
        try {
            bVerify = verifyResponseSignature(request, remoteDesc, remoteEntityId, isRemoteIDP);
        } catch (SAMLException e) {
            bVerify = false;
        } catch (FSException e) {
            bVerify = false;
        }
    }
    Status status = logoutResponse.getStatus();
    String logoutStatus = status.getStatusCode().getValue();
    // remove session partner in case of logout success or this is IDP
    if (logoutStatus.equalsIgnoreCase(IFSConstants.SAML_SUCCESS) || !isRemoteIDP) {
        FSLogoutUtil.removeCurrentSessionPartner(providerAlias, remoteEntityId, ssoToken, univId);
    }
    if (bVerify) {
        // in ReturnSessionManager only if it is failure
        if (!logoutStatus.equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
            FSReturnSessionManager localManager = FSReturnSessionManager.getInstance(providerAlias);
            if (localManager != null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("update status of logout to failure " + " in session manager");
                }
                localManager.setLogoutStatus(logoutStatus, univId);
            } else {
                FSUtils.debug.message("Cannot get FSReturnSessionManager");
            }
            FSUtils.debug.error("FSReturnLogoutServlet, failed logout response " + logoutStatus);
            String[] data = { univId };
            LogUtil.error(Level.INFO, LogUtil.LOGOUT_FAILED, data, ssoToken);
            FSLogoutUtil.sendErrorPage(request, response, providerAlias);
            return;
        }
    } else {
        FSUtils.debug.error("FSReturnLogoutServlet " + "Signature on logout response is invalid" + "Cannot proceed logout");
        String[] data = { univId };
        LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data, ssoToken);
        FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
        return;
    }
    StringBuffer processLogout = new StringBuffer();
    request.setAttribute("logoutSource", "remote");
    processLogout.append(IFSConstants.SLO_VALUE).append("/").append(IFSConstants.META_ALIAS).append(providerAlias);
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("About to get RequestDispatcher for " + processLogout.toString());
    }
    RequestDispatcher dispatcher = getServletConfig().getServletContext().getRequestDispatcher(processLogout.toString());
    if (dispatcher == null) {
        FSUtils.debug.message("RequestDispatcher is null");
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Unable to find " + processLogout + "\ncalling sendErrorPage ");
        }
        FSLogoutUtil.sendErrorPage(request, response, providerAlias);
        return;
    }
    dispatcher.forward(request, response);
    return;
}
Also used : Status(com.sun.identity.saml.protocol.Status) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType) SessionException(com.sun.identity.plugin.session.SessionException) FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse) SAMLException(com.sun.identity.saml.common.SAMLException) RequestDispatcher(javax.servlet.RequestDispatcher) BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) FSException(com.sun.identity.federation.common.FSException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Aggregations

SessionException (com.sun.identity.plugin.session.SessionException)121 SessionProvider (com.sun.identity.plugin.session.SessionProvider)55 List (java.util.List)40 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)35 IOException (java.io.IOException)28 ArrayList (java.util.ArrayList)28 Set (java.util.Set)24 SAMLException (com.sun.identity.saml.common.SAMLException)23 Iterator (java.util.Iterator)20 HashMap (java.util.HashMap)18 HashSet (java.util.HashSet)18 Map (java.util.Map)18 FSSession (com.sun.identity.federation.services.FSSession)17 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)17 FSSessionManager (com.sun.identity.federation.services.FSSessionManager)15 FSException (com.sun.identity.federation.common.FSException)13 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)12 SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)11 ServletException (javax.servlet.ServletException)10 DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)9