use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class FSAssertionArtifactHandler method generateAnonymousToken.
/**
* Generates an anonymous token for onetime case.
*/
protected Object generateAnonymousToken(HttpServletResponse response) throws SessionException {
FSUtils.debug.message("FSAssertionArtifactHandler.generateAnonymous");
try {
Map valueMap = new HashMap();
valueMap.put(SessionProvider.PRINCIPAL_NAME, ANONYMOUS_PRINCIPAL);
valueMap.put(SessionProvider.REALM, realm);
// default auth level to "0" for anonymous
valueMap.put(SessionProvider.AUTH_LEVEL, "0");
valueMap.put(SessionProvider.AUTH_INSTANT, getAuthInstant());
valueMap.put("idpEntityID", idpEntityId);
SessionProvider sessionProvider = SessionManager.getProvider();
Object ssoSession = sessionProvider.createSession(valueMap, request, response, new StringBuffer(this.relayState));
try {
sessionProvider.addListener(ssoSession, new FSTokenListener(hostMetaAlias));
} catch (Exception e) {
FSUtils.debug.error("FSAssertionArtifactHandler.generateAnonymousToken:" + "Couldn't add listener to session:", e);
}
return ssoSession;
} catch (SessionException se) {
FSUtils.debug.error("FSAssertionArtifactHandler.genAnonymousToken failed.", se);
throw se;
} catch (Exception ae) {
FSUtils.debug.error("FSAssertionArtifactHandler.generateAnonymousToken failed.", ae);
return null;
}
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class DoManageNameID method processPOSTRequest.
public static void processPOSTRequest(HttpServletRequest request, HttpServletResponse response, Map paramsMap) throws SAML2Exception, IOException, SOAPException, SessionException, ServletException {
String classMethod = "DoManageNameID.processPOSTRequest:";
String samlRequest = request.getParameter(SAML2Constants.SAML_REQUEST);
if (samlRequest == null) {
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "MissingSAMLRequest", SAML2Utils.bundle.getString("MissingSAMLRequest"));
throw new SAML2Exception(SAML2Utils.bundle.getString("MissingSAMLRequest"));
}
String metaAlias = SAML2MetaUtils.getMetaAliasByUri(request.getRequestURI());
if (metaAlias == null) {
logError("MetaAliasNotFound", LogUtil.MISSING_META_ALIAS, metaAlias);
throw new SAML2Exception(SAML2Utils.bundle.getString("MetaAliasNotFound"));
}
String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
String hostEntityID = metaManager.getEntityByMetaAlias(metaAlias);
String hostEntityRole = SAML2Utils.getHostEntityRole(paramsMap);
boolean isSupported = false;
if (SAML2Constants.IDP_ROLE.equals(hostEntityRole)) {
isSupported = SAML2Utils.isIDPProfileBindingSupported(realm, hostEntityID, SAML2Constants.MNI_SERVICE, SAML2Constants.HTTP_POST);
} else {
isSupported = SAML2Utils.isSPProfileBindingSupported(realm, hostEntityID, SAML2Constants.MNI_SERVICE, SAML2Constants.HTTP_POST);
}
if (!isSupported) {
debug.error(classMethod + "MNI binding: POST is not supported for " + hostEntityID);
String[] data = { hostEntityID, SAML2Constants.HTTP_POST };
LogUtil.error(Level.INFO, LogUtil.BINDING_NOT_SUPPORTED, data, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
ManageNameIDRequest mniRequest = null;
ByteArrayInputStream bis = null;
try {
byte[] raw = Base64.decode(samlRequest);
if (raw != null) {
bis = new ByteArrayInputStream(raw);
Document doc = XMLUtils.toDOMDocument(bis, SAML2Utils.debug);
if (doc != null) {
mniRequest = ProtocolFactory.getInstance().createManageNameIDRequest(doc.getDocumentElement());
}
}
} catch (SAML2Exception se) {
debug.error("DoManageNameID.processPOSTRequest:", se);
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "nullDecodedStrFromSamlResponse", SAML2Utils.bundle.getString("nullDecodedStrFromSamlResponse") + " " + se.getMessage());
throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlResponse"));
} catch (Exception e) {
debug.error("DoManageNameID.processPOSTRequest:", e);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "nullDecodedStrFromSamlResponse", SAML2Utils.bundle.getString("nullDecodedStrFromSamlResponse") + " " + e.getMessage());
throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlResponse"));
} finally {
if (bis != null) {
try {
bis.close();
} catch (Exception ie) {
if (debug.messageEnabled()) {
debug.message("DoManageNameID.processPOSTRequest:", ie);
}
}
}
}
if (mniRequest != null) {
String remoteEntityID = mniRequest.getIssuer().getValue();
if (remoteEntityID == null) {
logError("nullRemoteEntityID", LogUtil.MISSING_ENTITY, metaAlias);
throw new SAML2Exception(SAML2Utils.bundle.getString("nullRemoteEntityID"));
}
if (debug.messageEnabled()) {
debug.message("DoManageNameID.processPOSTRequest: " + "Meta Alias is : " + metaAlias);
debug.message("DoManageNameID.processPOSTRequest: " + "Host EntityID is : " + hostEntityID);
debug.message("DoManageNameID.processPOSTRequest: " + "Remote EntityID is : " + remoteEntityID);
}
String dest = mniRequest.getDestination();
boolean valid = verifyMNIRequest(mniRequest, realm, remoteEntityID, hostEntityID, hostEntityRole, dest);
if (!valid) {
logError("invalidSignInRequest", LogUtil.MNI_REQUEST_INVALID_SIGNATURE, metaAlias);
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInRequest"));
}
ManageNameIDServiceElement mniService = getMNIServiceElement(realm, remoteEntityID, hostEntityRole, SAML2Constants.HTTP_POST);
String mniURL = mniService.getResponseLocation();
if (mniURL == null) {
mniURL = mniService.getLocation();
}
///common for post, redirect, soap
ManageNameIDResponse mniResponse = processManageNameIDRequest(mniRequest, metaAlias, remoteEntityID, paramsMap, null, SAML2Constants.HTTP_POST, request, response);
signMNIResponse(mniResponse, realm, hostEntityID, hostEntityRole, remoteEntityID);
//send MNI Response by POST
String mniRespString = mniResponse.toXMLString(true, true);
String encMsg = SAML2Utils.encodeForPOST(mniRespString);
String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
try {
SAML2Utils.postToTarget(request, response, "SAMLResponse", encMsg, "RelayState", relayState, mniURL);
} catch (Exception e) {
debug.message("DoManageNameID.processPOSTRequest:", e);
throw new SAML2Exception("Error posting to target");
}
}
return;
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class DoManageNameID method getMNIBindingInfo.
/**
* Returns binding information of MNI Service for remote entity
* from request or meta configuration.
*
* @param request the HttpServletRequest.
* @param metaAlias entityID of hosted entity.
* @param hostEntityRole Role of hosted entity.
* @param remoteEntityID entityID of remote entity.
* @return return true if the processing is successful.
* @throws SAML2Exception if no binding information is configured.
*/
public static String getMNIBindingInfo(HttpServletRequest request, String metaAlias, String hostEntityRole, String remoteEntityID) throws SAML2Exception {
String binding = request.getParameter(SAML2Constants.BINDING);
try {
if (binding == null) {
String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
ManageNameIDServiceElement mniService = getMNIServiceElement(realm, remoteEntityID, hostEntityRole, null);
if (mniService != null) {
binding = mniService.getBinding();
}
}
} catch (SessionException e) {
logError("invalidSSOToken", LogUtil.INVALID_SSOTOKEN, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSSOToken"));
}
if (binding == null) {
logError("UnableTofindBinding", LogUtil.METADATA_ERROR, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("UnableTofindBinding"));
}
return binding;
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class DefaultNameIdentifierMapper method getNameIdentifier.
/**
* Returns name identifier for assertion subject based on user account.
*
* @param session the session of the user performing the operation.
* @param sourceID source ID for the site from which the assertion
* originated.
* @param destID destination ID for the site for which the assertion will be
* created.
* @return a <code>NameIdentifier</code> for assertion subject.
* @exception SAMLException if an error occurs
*/
public NameIdentifier getNameIdentifier(Object session, String sourceID, String destID, String nameIDFormat) throws SAMLException {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultNameIdentifierMapper." + "getNameIdentifier: sourceID = " + sourceID + ", destID = " + destID);
}
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultNameIdentifierMapper." + "getNameIdentifier: nameIDFormat = " + nameIDFormat);
}
try {
String nameQualifier = XMLUtils.escapeSpecialCharacters((SessionManager.getProvider().getProperty(session, "Organization")[0]));
String userID = SessionManager.getProvider().getPrincipalName(session);
String name = null;
if (nameIDFormat != null) {
Map nameIDFormatAttrMap = (Map) SAMLServiceManager.getAttribute(SAMLConstants.NAME_ID_FORMAT_MAP);
if ((nameIDFormatAttrMap != null) && (!nameIDFormatAttrMap.isEmpty()) && (nameIDFormatAttrMap.keySet().contains(nameIDFormat))) {
String attrName = (String) nameIDFormatAttrMap.get(nameIDFormat);
try {
DataStoreProvider dsProvider = DataStoreProviderManager.getInstance().getDataStoreProvider(SAMLConstants.SAML);
Set attrValues = dsProvider.getAttribute(userID, attrName);
if ((attrValues != null) && (!attrValues.isEmpty())) {
name = (String) attrValues.iterator().next();
}
} catch (DataStoreProviderException dspe) {
if (SAMLUtils.debug.warningEnabled()) {
SAMLUtils.debug.warning("DefaultNameIdentifierMapper." + "getNameIdentifier:", dspe);
}
}
}
}
if (name == null) {
name = XMLUtils.escapeSpecialCharacters(userID);
} else {
name = XMLUtils.escapeSpecialCharacters(name);
}
return new NameIdentifier(name, nameQualifier, nameIDFormat);
} catch (SessionException sx) {
SAMLUtils.debug.error("DefaultNameIdentifierMapper." + "getNameIdentifier: Invalid Session ", sx);
return null;
} catch (Exception ex) {
SAMLUtils.debug.error("DefaultNameIdentifierMapper." + "getNameIdentifier:", ex);
return null;
}
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class SAMLClient method doSSO.
/**
* This private method is designed to do the SAML Single-Sign-On.
* It is called internally by doWebArtifact and doWebPOST methods.
* @param request HTTP Servlet Request
* @param response HTTP Servlet Response
* @param target the target URL
* @param service the service name
* @exception IOException if an input or output exception occurs when
* redirecting to service <code>URL</code>
* @exception SAMLException if SAML error occurs during Single-Sign-On.
*/
private static void doSSO(HttpServletRequest request, HttpServletResponse response, String target, String service) throws IOException, SAMLException {
if (request == null || response == null || target == null) {
SAMLUtils.debug.error("SAMLClient:Input parameter is null.");
throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
}
if ((!service.equals(SAMLConstants.SAML_AWARE_NAMING)) && (!service.equals(SAMLConstants.SAML_POST_NAMING)) && (!service.equals(SAMLConstants.SAML_SOAP_NAMING))) {
SAMLUtils.debug.error("SAMLClient:illegal naming service name.");
throw new SAMLException(SAMLUtils.bundle.getString("illegalNamingService"));
}
Object ssoToken = null;
SessionProvider sessionProvider;
try {
sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
if (ssoToken == null) {
SAMLUtils.debug.error("SAMLClient:SSOToken is null.");
throw new SAMLException(SAMLUtils.bundle.getString("nullSSOToken"));
}
if (!sessionProvider.isValid(ssoToken)) {
SAMLUtils.debug.error("SAMLClient:Session is invalid.");
throw new SAMLException(SAMLUtils.bundle.getString("invalidSSOToken"));
}
} catch (SessionException se) {
SAMLUtils.debug.error("SAMLClient", se);
throw new SAMLException("SAMLClient:doSSO:" + se.getMessage());
}
URL weburl = null;
try {
URL serverurl = new URL(SAMLServiceManager.getServerURL());
weburl = SystemConfigurationUtil.getServiceURL(service, serverurl.getProtocol(), serverurl.getHost(), serverurl.getPort(), serverurl.getPath());
} catch (SystemConfigurationException ue) {
SAMLUtils.debug.error("SAMLClient", ue);
throw new SAMLException(SAMLUtils.bundle.getString("URLNotFoundException"));
}
StringBuffer redirectedurl = new StringBuffer(200);
String tname = (String) SAMLServiceManager.getAttribute(SAMLConstants.TARGET_SPECIFIER);
redirectedurl.append(weburl).append("?").append(tname).append("=").append(target);
response.sendRedirect(redirectedurl.toString());
}
Aggregations