use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class FSSSOAndFedHandler method processPreAuthnSSO.
/**
* Handles authentication request.
* @param authnRequest <code>FSAuthnRequest</code> object
* @return <code>true</code> if the request is handled successfully;
* <code>false</code> otherwise.
*/
public boolean processPreAuthnSSO(FSAuthnRequest authnRequest) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: Called");
String loginURL = null;
List authenticationContextClassRef = null;
String currentAuthnContextRef = null;
String authType = null;
FSAuthContextResult authnResult = null;
FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
if (authnRequest.getAuthnContext() != null) {
authenticationContextClassRef = authnRequest.getAuthnContext().getAuthnContextClassRefList();
if (authenticationContextClassRef == null) {
String authCtxRefDefault = IFSConstants.DEFAULT_AUTHNCONTEXT_PASSWORD;
authenticationContextClassRef = new ArrayList();
authenticationContextClassRef.add(authCtxRefDefault);
}
authType = authnRequest.getAuthContextCompType();
currentAuthnContextRef = null;
}
boolean authenticated = true;
Object ssoToken = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
if (ssoToken == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "session is null. User is not authenticated.");
}
authenticated = false;
} else if (!sessionProvider.isValid(ssoToken)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "session is not valid. User is not authenticated.");
}
authenticated = false;
} else {
FSSession ssoSession = sessionMgr.getSession(ssoToken);
if (ssoSession != null) {
currentAuthnContextRef = ssoSession.getAuthnContext();
if (currentAuthnContextRef != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User has an existing " + "valid session with authnContext: " + currentAuthnContextRef);
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's authentication" + " context information not found using " + "default authentication context");
}
currentAuthnContextRef = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.process" + "PreAuthnSSO: User's authenticated session " + "information is not present in FSSessionManager. " + "using default authentication context");
}
currentAuthnContextRef = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
}
authenticated = true;
}
if (authenticated) {
// added in case of multiple SPs
try {
sessionProvider.addListener(ssoToken, new FSTokenListener(metaAlias));
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "Couldn't add listener to session:", e);
}
}
}
} catch (SessionException se) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "SSOException Occured: User does not have session " + se.getMessage());
authenticated = false;
}
//Initiate proxying
if (!authenticated) {
try {
boolean isProxy = isIDPProxyEnabled(authnRequest);
if (isProxy && !authnRequest.getFederate()) {
String preferredIDP = getPreferredIDP(authnRequest);
if (preferredIDP != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.process" + "PreAuthnSSO:IDP to be proxied" + preferredIDP);
}
sendProxyAuthnRequest(authnRequest, preferredIDP);
return true;
}
//else continue for the local authentication.
}
} catch (FSRedirectException re) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandle.processPreAuthnSSO:" + "Redirecting for the proxy handling.");
}
return true;
} catch (Exception ex) {
FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO:" + "Exception occured while processing for the proxy.", ex);
return false;
}
}
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "User's authentication status: " + authenticated);
}
FSAuthnDecisionHandler authnDecisionHandler = new FSAuthnDecisionHandler(realm, hostedEntityId, request);
List defAuthnCxtList = new ArrayList();
defAuthnCxtList.add(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT));
if (authnRequest.getIsPassive()) {
if (authnRequest.getForceAuthn()) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("FSSSOAndFedHandler.PreAuthnSSO: " + "IDP is passive can't force authentication.");
}
return false;
} else {
if (authenticated) {
if (authenticationContextClassRef != null) {
authnResult = authnDecisionHandler.decideAuthnContext(authenticationContextClassRef, currentAuthnContextRef, authType);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication context is default");
}
authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList, authType);
}
if (authnResult == null) {
return false;
}
if (authnResult.getLoginURL() != null) {
// When it's not null.,
// we should show the login page
// may be it'asking for higher auth context.
loginURL = authnResult.getLoginURL();
loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
FSUtils.forwardRequest(request, response, loginURL);
return true;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is evaluated to be valid");
}
return processPostAuthnSSO(authnRequest);
}
} else {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("FSSSOAndFedHandler.processPreAuthnSSO: " + "IDP is passive and user is not authenticated");
}
noFedStatus = new Status(new StatusCode("samlp:Responder", new StatusCode("lib:NoPassive", null)), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null);
return false;
}
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: AuthnRequest is active");
}
if (authnRequest.getForceAuthn()) {
if (authenticationContextClassRef != null) {
authnResult = authnDecisionHandler.getURLForAuthnContext(authenticationContextClassRef, authType);
} else {
authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList);
}
if (authnResult == null || authnResult.getLoginURL() == null || authnResult.getLoginURL().length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO:" + "AuthnDecision engine failed to take a " + "authn decision");
}
return false;
} else {
if (ssoToken != null) {
try {
SessionManager.getProvider().invalidateSession(ssoToken, request, response);
} catch (SessionException ssoe) {
FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO:" + "Unable to invalidate the sso session.");
}
ssoToken = null;
}
loginURL = authnResult.getLoginURL();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "AuthnDecision engine returned: " + loginURL);
}
}
loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
FSUtils.forwardRequest(request, response, loginURL);
response.flushBuffer();
return true;
} else {
if (authenticated) {
if (authenticationContextClassRef != null) {
authnResult = authnDecisionHandler.decideAuthnContext(authenticationContextClassRef, currentAuthnContextRef, authType);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is default");
}
authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList, authType);
}
if (authnResult == null) {
return false;
} else if (authnResult.getLoginURL() == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is evaluated to be valid");
}
return processPostAuthnSSO(authnRequest);
} else if (authnResult.getLoginURL().length() == 0) {
return false;
} else {
loginURL = authnResult.getLoginURL();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO" + ": AuthnDecision engine returned: " + loginURL);
}
}
loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
FSUtils.forwardRequest(request, response, loginURL);
return true;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: AuthnRequest is active");
}
//redirect for authentication authnContextRef
if (authenticationContextClassRef != null) {
authnResult = authnDecisionHandler.getURLForAuthnContext(authenticationContextClassRef, authType);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is default");
}
authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList, authType);
}
if (authnResult == null || authnResult.getLoginURL() == null || authnResult.getLoginURL().length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler. processPreAuthnSSO: " + " AuthnDecision engine" + " failed to take a decision");
}
noFedStatus = new Status(new StatusCode("samlp:Responder", new StatusCode("lib:NoAuthnContext", null)), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null);
return false;
} else {
loginURL = authnResult.getLoginURL();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "AuthnDecision engine returned: " + loginURL);
}
}
loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
FSUtils.forwardRequest(request, response, loginURL);
return true;
}
}
}
} catch (Exception e) {
FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO: " + "Exception occured");
return processPostAuthnSSO(authnRequest);
}
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class FSLogoutUtil method getValidToken.
/**
* Retrieves the session token from the Http Request, and
* validates the token with the OpenAM session manager.
* @param request <code>HTTPServletRequest</code> object containing the
* session cookie information
* @return session token if request contained valid
* session info; <code>false</code> otherwise.
*/
protected static Object getValidToken(HttpServletRequest request) {
try {
SessionProvider sessionProvider = SessionManager.getProvider();
Object ssoToken = sessionProvider.getSession(request);
if ((ssoToken == null) || (!sessionProvider.isValid(ssoToken))) {
FSUtils.debug.message("session is not valid,redirecting for authentication");
return null;
}
return ssoToken;
} catch (SessionException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("getValidToken: SessionException caught:", e);
}
return null;
}
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class FSLogoutUtil method removeTokenFromSession.
/*
* Cleans the FSSessionMap when the session token expires, idles out and/or
* when the user has closed his browser without actually performing a
* logout.
* @param token the session token used to identify the user's
* session
* @param metaAlias the hosted provider performing logout
*/
public static void removeTokenFromSession(Object token, String metaAlias) {
String univId = "";
String tokenId = "";
try {
SessionProvider sessionProvider = SessionManager.getProvider();
univId = sessionProvider.getPrincipalName(token);
tokenId = sessionProvider.getSessionID(token);
} catch (SessionException e) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("SessionException in removeTokenFromSession", e);
}
return;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Entered removeTokenFromSession for user: " + univId);
}
FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
FSSession currentSession = sessionMgr.getSession(univId, tokenId);
if (currentSession != null) {
sessionMgr.removeSession(univId, currentSession);
}
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class FSPreLogoutHandler method processHttpSingleLogoutRequest.
/**
* Processes logout request received via HTTP redirect/GET.
* @param request <code>HttpServletRequest</code> object from the user agent
* @param response <code>HttpServletRsponse</code> to be sent back to the
* user agent
* @param ssoToken used to identify the principal who wants to logout
* @return <code>FSLogoutStatus</code> object to indicate the status of
* the logout process.
*/
public FSLogoutStatus processHttpSingleLogoutRequest(HttpServletRequest request, HttpServletResponse response, Object ssoToken) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Entered FSPrelogoutHandler::" + "processSingleLogoutRequest HTTP Redirect");
}
this.request = request;
this.locale = FSServiceUtils.getLocale(request);
setLogoutURL();
this.response = response;
this.ssoToken = ssoToken;
FSSessionManager sMgr = FSSessionManager.getInstance(metaAlias);
FSSession session = sMgr.getSession(ssoToken);
String sessionIndex = session.getSessionIndex();
try {
if (session != null && session.getOneTime()) {
this.userID = SessionManager.getProvider().getPrincipalName(ssoToken);
FSUtils.debug.message("FSPH:processSingleLogout: Onetime case");
} else {
this.userID = FSLogoutUtil.getUserFromRequest(reqLogout, realm, hostedEntityId, hostedRole, hostedConfig, metaAlias);
}
} catch (SessionException se) {
FSUtils.debug.error("processSingleLogoutRequest", se);
this.userID = null;
}
if (userID == null) {
FSUtils.debug.message("FSPrelogoutHandler::User Not found");
FSLogoutUtil.returnToSource(response, remoteDescriptor, IFSConstants.SAML_RESPONDER, COMMON_ERROR_URL, reqLogout.getMinorVersion(), hostedConfig, hostedEntityId, userID);
return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
String acceptString = request.getHeader("Accept");
if ((acceptString != null) && (acceptString.indexOf("text/vnd.wap.wml") != -1)) {
isWMLAgent = true;
}
String relayState = reqLogout.getRelayState();
FSLogoutUtil.cleanSessionMapPartnerList(userID, remoteEntityID, metaAlias, session);
FSUtils.debug.message("FSPrelogoutHandler::calling getCurrentProvider");
boolean bHasAnyOtherProvider = false;
HashMap providerMap = new HashMap();
FSSessionPartner sessionPartner = null;
providerMap = FSLogoutUtil.getCurrentProvider(userID, metaAlias, ssoToken);
if (providerMap != null) {
sessionPartner = (FSSessionPartner) providerMap.get(IFSConstants.PARTNER_SESSION);
sessionIndex = (String) providerMap.get(IFSConstants.SESSION_INDEX);
if (sessionPartner != null) {
bHasAnyOtherProvider = true;
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("bHasAnyOtherProvider = " + bHasAnyOtherProvider);
}
currentEntityId = sessionPartner.getPartner();
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("bHasAnyOtherProvider other than source : " + bHasAnyOtherProvider);
}
// this is SP initiated HTTP based single logout
FSUtils.debug.message("FSPreLogout::creating FSSingleLogoutHandler");
FSSingleLogoutHandler handlerObj = new FSSingleLogoutHandler();
handlerObj.setHostedDescriptor(hostedDescriptor);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setRealm(realm);
handlerObj.setHostedEntityId(hostedEntityId);
handlerObj.setHostedProviderRole(hostedRole);
handlerObj.setMetaAlias(metaAlias);
handlerObj.setSingleLogoutProtocol(IFSConstants.LOGOUT_SP_REDIRECT_PROFILE);
//handlerObj.setRemoteEntityId(remoteEntityID);
return handlerObj.processHttpSingleLogoutRequest(response, request, reqLogout, sessionPartner, userID, ssoToken, remoteEntityID, sessionIndex, isWMLAgent, relayState, (hostedRole.equals(IFSConstants.SP) ? IFSConstants.IDP : IFSConstants.SP));
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class FSPreLogoutHandler method handleSingleLogout.
/**
* Initiates logout at this provider when the user has clicked on the
* logout option.
* @param request <code>HttPServletRequest</code> object from the user agent
* @param response <code>HttPServletRsponse</code> to be sent back to the
* user agent
* @param ssoToken used to identify the principal who wants to logout
* @param sourceCheck where the logout coming from
* @return <code>true</code> if the logout is successful; <code>false</code>
* otherwise.
*/
public FSLogoutStatus handleSingleLogout(HttpServletRequest request, HttpServletResponse response, Object ssoToken, String sourceCheck) {
this.request = request;
setLogoutURL();
FSUtils.debug.message("Entered FSPreLogoutHandler::handleSingleLogout");
try {
this.response = response;
this.ssoToken = ssoToken;
this.userID = SessionManager.getProvider().getPrincipalName(ssoToken);
String acceptString = request.getHeader("Accept");
if ((acceptString != null) && (acceptString.indexOf("text/vnd.wap.wml") != -1)) {
isWMLAgent = true;
}
FSSessionManager sMgr = FSSessionManager.getInstance(metaAlias);
FSSession session = sMgr.getSession(ssoToken);
String sessionIndex = null;
List partners = null;
if (session != null) {
sessionIndex = session.getSessionIndex();
partners = session.getSessionPartners();
}
if (FSUtils.debug.messageEnabled()) {
if (partners != null && partners.size() != 0) {
Iterator iter = partners.iterator();
while (iter.hasNext()) {
FSSessionPartner partner = (FSSessionPartner) iter.next();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("PARTNER:" + partner.getPartner());
}
}
}
}
if (FSLogoutUtil.liveConnectionsExist(userID, metaAlias)) {
HashMap providerMap = FSLogoutUtil.getCurrentProvider(userID, metaAlias, ssoToken);
if (providerMap != null) {
FSSessionPartner currentSessionProvider = (FSSessionPartner) providerMap.get(IFSConstants.PARTNER_SESSION);
sessionIndex = (String) providerMap.get(IFSConstants.SESSION_INDEX);
if (currentSessionProvider != null) {
// this is IDP initiated based single logout
// HTTP or SOAP is based on metadata
FSUtils.debug.message("creating IDP handler");
FSSingleLogoutHandler handlerObj = new FSSingleLogoutHandler();
handlerObj.setHostedDescriptor(hostedDescriptor);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setRealm(realm);
handlerObj.setHostedEntityId(hostedEntityId);
handlerObj.setHostedProviderRole(hostedRole);
handlerObj.setMetaAlias(metaAlias);
handlerObj.setRelayState(relayState);
return handlerObj.handleSingleLogout(response, request, currentSessionProvider, userID, sessionIndex, isWMLAgent, ssoToken);
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("No more providers, nothing to broadcast " + "\ndestroy user session call destroyPrincipalSession");
}
FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, sessionIndex, request, response);
// control could come here when local login has happened
// In this FSSessionmap will not have anything and so we destroy
// the session based on ssoToken
FSLogoutUtil.destroyLocalSession(ssoToken, request, response);
returnToPostLogout(IFSConstants.SAML_SUCCESS);
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("No live connections, destroy user" + " session call destroyPrincipalSession. source=" + sourceCheck);
}
FSLogoutResponse logoutResponse = null;
FederationSPAdapter spAdapter = null;
// Call SP Adapter preSingleLogoutProcess for SP/HTTP
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP) && sourceCheck.equals("remote")) {
spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPreLogoutHandler, " + "call preSingleLogoutProcess, SP/HTTP");
}
try {
logoutResponse = FSLogoutResponse.parseURLEncodedRequest(request);
relayState = logoutResponse.getRelayState();
// unabled to access logoutRequest here
spAdapter.preSingleLogoutProcess(hostedEntityId, request, response, userID, null, logoutResponse, IFSConstants.LOGOUT_SP_REDIRECT_PROFILE);
} catch (Exception e) {
// ignore adapter error
FSUtils.debug.error("preSingleLogoutProcess.SP/HTTP", e);
}
}
}
FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, sessionIndex, request, response);
// the session based on ssoToken
if (SessionManager.getProvider().isValid(ssoToken)) {
FSLogoutUtil.destroyLocalSession(ssoToken, request, response);
}
// Call SP Adapter postSingleLogoutProcess for SP/HTTP
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP) && sourceCheck.equals("remote")) {
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPreLogoutHandler, " + "call postSingleLogoutProcess, SP/HTTP");
}
try {
spAdapter.postSingleLogoutSuccess(hostedEntityId, request, response, userID, null, logoutResponse, IFSConstants.LOGOUT_SP_REDIRECT_PROFILE);
} catch (Exception e) {
// ignore adapter exception
FSUtils.debug.error("postSingleLogoutSuccess.SP/HTTP:", e);
}
}
}
returnToPostLogout(IFSConstants.SAML_SUCCESS);
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
}
} catch (SessionException e) {
FSUtils.debug.error("SessionException in liveConnectionsExist" + " So destroy self and exit");
FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, null, request, response);
// cannot call FSLogoutUtil.destroyLocalSession(ssoToken)
// since session exception has occurred
returnToPostLogout(IFSConstants.SAML_SUCCESS);
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
}
}
Aggregations