Search in sources :

Example 36 with SessionException

use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.

the class FSAssertionArtifactHandler method generateAnonymousToken.

/**
     * Generates an anonymous token for onetime case.
     */
protected Object generateAnonymousToken(HttpServletResponse response) throws SessionException {
    FSUtils.debug.message("FSAssertionArtifactHandler.generateAnonymous");
    try {
        Map valueMap = new HashMap();
        valueMap.put(SessionProvider.PRINCIPAL_NAME, ANONYMOUS_PRINCIPAL);
        valueMap.put(SessionProvider.REALM, realm);
        // default auth level to "0" for anonymous 
        valueMap.put(SessionProvider.AUTH_LEVEL, "0");
        valueMap.put(SessionProvider.AUTH_INSTANT, getAuthInstant());
        valueMap.put("idpEntityID", idpEntityId);
        SessionProvider sessionProvider = SessionManager.getProvider();
        Object ssoSession = sessionProvider.createSession(valueMap, request, response, new StringBuffer(this.relayState));
        try {
            sessionProvider.addListener(ssoSession, new FSTokenListener(hostMetaAlias));
        } catch (Exception e) {
            FSUtils.debug.error("FSAssertionArtifactHandler.generateAnonymousToken:" + "Couldn't add listener to session:", e);
        }
        return ssoSession;
    } catch (SessionException se) {
        FSUtils.debug.error("FSAssertionArtifactHandler.genAnonymousToken failed.", se);
        throw se;
    } catch (Exception ae) {
        FSUtils.debug.error("FSAssertionArtifactHandler.generateAnonymousToken failed.", ae);
        return null;
    }
}
Also used : HashMap(java.util.HashMap) SessionException(com.sun.identity.plugin.session.SessionException) FSTokenListener(com.sun.identity.federation.services.logout.FSTokenListener) Map(java.util.Map) HashMap(java.util.HashMap) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 37 with SessionException

use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.

the class DoManageNameID method processPOSTRequest.

public static void processPOSTRequest(HttpServletRequest request, HttpServletResponse response, Map paramsMap) throws SAML2Exception, IOException, SOAPException, SessionException, ServletException {
    String classMethod = "DoManageNameID.processPOSTRequest:";
    String samlRequest = request.getParameter(SAML2Constants.SAML_REQUEST);
    if (samlRequest == null) {
        SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "MissingSAMLRequest", SAML2Utils.bundle.getString("MissingSAMLRequest"));
        throw new SAML2Exception(SAML2Utils.bundle.getString("MissingSAMLRequest"));
    }
    String metaAlias = SAML2MetaUtils.getMetaAliasByUri(request.getRequestURI());
    if (metaAlias == null) {
        logError("MetaAliasNotFound", LogUtil.MISSING_META_ALIAS, metaAlias);
        throw new SAML2Exception(SAML2Utils.bundle.getString("MetaAliasNotFound"));
    }
    String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
    String hostEntityID = metaManager.getEntityByMetaAlias(metaAlias);
    String hostEntityRole = SAML2Utils.getHostEntityRole(paramsMap);
    boolean isSupported = false;
    if (SAML2Constants.IDP_ROLE.equals(hostEntityRole)) {
        isSupported = SAML2Utils.isIDPProfileBindingSupported(realm, hostEntityID, SAML2Constants.MNI_SERVICE, SAML2Constants.HTTP_POST);
    } else {
        isSupported = SAML2Utils.isSPProfileBindingSupported(realm, hostEntityID, SAML2Constants.MNI_SERVICE, SAML2Constants.HTTP_POST);
    }
    if (!isSupported) {
        debug.error(classMethod + "MNI binding: POST is not supported for " + hostEntityID);
        String[] data = { hostEntityID, SAML2Constants.HTTP_POST };
        LogUtil.error(Level.INFO, LogUtil.BINDING_NOT_SUPPORTED, data, null);
        throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
    }
    ManageNameIDRequest mniRequest = null;
    ByteArrayInputStream bis = null;
    try {
        byte[] raw = Base64.decode(samlRequest);
        if (raw != null) {
            bis = new ByteArrayInputStream(raw);
            Document doc = XMLUtils.toDOMDocument(bis, SAML2Utils.debug);
            if (doc != null) {
                mniRequest = ProtocolFactory.getInstance().createManageNameIDRequest(doc.getDocumentElement());
            }
        }
    } catch (SAML2Exception se) {
        debug.error("DoManageNameID.processPOSTRequest:", se);
        SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "nullDecodedStrFromSamlResponse", SAML2Utils.bundle.getString("nullDecodedStrFromSamlResponse") + " " + se.getMessage());
        throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlResponse"));
    } catch (Exception e) {
        debug.error("DoManageNameID.processPOSTRequest:", e);
        SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "nullDecodedStrFromSamlResponse", SAML2Utils.bundle.getString("nullDecodedStrFromSamlResponse") + " " + e.getMessage());
        throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlResponse"));
    } finally {
        if (bis != null) {
            try {
                bis.close();
            } catch (Exception ie) {
                if (debug.messageEnabled()) {
                    debug.message("DoManageNameID.processPOSTRequest:", ie);
                }
            }
        }
    }
    if (mniRequest != null) {
        String remoteEntityID = mniRequest.getIssuer().getValue();
        if (remoteEntityID == null) {
            logError("nullRemoteEntityID", LogUtil.MISSING_ENTITY, metaAlias);
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullRemoteEntityID"));
        }
        if (debug.messageEnabled()) {
            debug.message("DoManageNameID.processPOSTRequest: " + "Meta Alias is : " + metaAlias);
            debug.message("DoManageNameID.processPOSTRequest: " + "Host EntityID is : " + hostEntityID);
            debug.message("DoManageNameID.processPOSTRequest: " + "Remote EntityID is : " + remoteEntityID);
        }
        String dest = mniRequest.getDestination();
        boolean valid = verifyMNIRequest(mniRequest, realm, remoteEntityID, hostEntityID, hostEntityRole, dest);
        if (!valid) {
            logError("invalidSignInRequest", LogUtil.MNI_REQUEST_INVALID_SIGNATURE, metaAlias);
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInRequest"));
        }
        ManageNameIDServiceElement mniService = getMNIServiceElement(realm, remoteEntityID, hostEntityRole, SAML2Constants.HTTP_POST);
        String mniURL = mniService.getResponseLocation();
        if (mniURL == null) {
            mniURL = mniService.getLocation();
        }
        ///common for post, redirect, soap
        ManageNameIDResponse mniResponse = processManageNameIDRequest(mniRequest, metaAlias, remoteEntityID, paramsMap, null, SAML2Constants.HTTP_POST, request, response);
        signMNIResponse(mniResponse, realm, hostEntityID, hostEntityRole, remoteEntityID);
        //send MNI Response by POST
        String mniRespString = mniResponse.toXMLString(true, true);
        String encMsg = SAML2Utils.encodeForPOST(mniRespString);
        String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
        try {
            SAML2Utils.postToTarget(request, response, "SAMLResponse", encMsg, "RelayState", relayState, mniURL);
        } catch (Exception e) {
            debug.message("DoManageNameID.processPOSTRequest:", e);
            throw new SAML2Exception("Error posting to target");
        }
    }
    return;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) ManageNameIDServiceElement(com.sun.identity.saml2.jaxb.metadata.ManageNameIDServiceElement) ManageNameIDRequest(com.sun.identity.saml2.protocol.ManageNameIDRequest) ByteArrayInputStream(java.io.ByteArrayInputStream) Document(org.w3c.dom.Document) ManageNameIDResponse(com.sun.identity.saml2.protocol.ManageNameIDResponse) ServletException(javax.servlet.ServletException) SOAPException(javax.xml.soap.SOAPException) SessionException(com.sun.identity.plugin.session.SessionException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) IOException(java.io.IOException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)

Example 38 with SessionException

use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.

the class DoManageNameID method getMNIBindingInfo.

/**
     * Returns binding information of MNI Service for remote entity 
     * from request or meta configuration.
     *
     * @param request the HttpServletRequest.
     * @param metaAlias entityID of hosted entity.
     * @param hostEntityRole Role of hosted entity.
     * @param remoteEntityID entityID of remote entity.
     * @return return true if the processing is successful.
     * @throws SAML2Exception if no binding information is configured.
     */
public static String getMNIBindingInfo(HttpServletRequest request, String metaAlias, String hostEntityRole, String remoteEntityID) throws SAML2Exception {
    String binding = request.getParameter(SAML2Constants.BINDING);
    try {
        if (binding == null) {
            String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
            ManageNameIDServiceElement mniService = getMNIServiceElement(realm, remoteEntityID, hostEntityRole, null);
            if (mniService != null) {
                binding = mniService.getBinding();
            }
        }
    } catch (SessionException e) {
        logError("invalidSSOToken", LogUtil.INVALID_SSOTOKEN, null);
        throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSSOToken"));
    }
    if (binding == null) {
        logError("UnableTofindBinding", LogUtil.METADATA_ERROR, null);
        throw new SAML2Exception(SAML2Utils.bundle.getString("UnableTofindBinding"));
    }
    return binding;
}
Also used : ManageNameIDServiceElement(com.sun.identity.saml2.jaxb.metadata.ManageNameIDServiceElement) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SessionException(com.sun.identity.plugin.session.SessionException)

Example 39 with SessionException

use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.

the class DefaultNameIdentifierMapper method getNameIdentifier.

/**
     * Returns name identifier for assertion subject based on user account.
     *
     * @param session the session of the user performing the operation.
     * @param sourceID source ID for the site from which the assertion
     *        originated.
     * @param destID destination ID for the site for which the assertion will be
     *     created.
     * @return a <code>NameIdentifier</code> for assertion subject.
     * @exception SAMLException if an error occurs
     */
public NameIdentifier getNameIdentifier(Object session, String sourceID, String destID, String nameIDFormat) throws SAMLException {
    if (SAMLUtils.debug.messageEnabled()) {
        SAMLUtils.debug.message("DefaultNameIdentifierMapper." + "getNameIdentifier: sourceID = " + sourceID + ", destID = " + destID);
    }
    if (SAMLUtils.debug.messageEnabled()) {
        SAMLUtils.debug.message("DefaultNameIdentifierMapper." + "getNameIdentifier: nameIDFormat = " + nameIDFormat);
    }
    try {
        String nameQualifier = XMLUtils.escapeSpecialCharacters((SessionManager.getProvider().getProperty(session, "Organization")[0]));
        String userID = SessionManager.getProvider().getPrincipalName(session);
        String name = null;
        if (nameIDFormat != null) {
            Map nameIDFormatAttrMap = (Map) SAMLServiceManager.getAttribute(SAMLConstants.NAME_ID_FORMAT_MAP);
            if ((nameIDFormatAttrMap != null) && (!nameIDFormatAttrMap.isEmpty()) && (nameIDFormatAttrMap.keySet().contains(nameIDFormat))) {
                String attrName = (String) nameIDFormatAttrMap.get(nameIDFormat);
                try {
                    DataStoreProvider dsProvider = DataStoreProviderManager.getInstance().getDataStoreProvider(SAMLConstants.SAML);
                    Set attrValues = dsProvider.getAttribute(userID, attrName);
                    if ((attrValues != null) && (!attrValues.isEmpty())) {
                        name = (String) attrValues.iterator().next();
                    }
                } catch (DataStoreProviderException dspe) {
                    if (SAMLUtils.debug.warningEnabled()) {
                        SAMLUtils.debug.warning("DefaultNameIdentifierMapper." + "getNameIdentifier:", dspe);
                    }
                }
            }
        }
        if (name == null) {
            name = XMLUtils.escapeSpecialCharacters(userID);
        } else {
            name = XMLUtils.escapeSpecialCharacters(name);
        }
        return new NameIdentifier(name, nameQualifier, nameIDFormat);
    } catch (SessionException sx) {
        SAMLUtils.debug.error("DefaultNameIdentifierMapper." + "getNameIdentifier: Invalid Session ", sx);
        return null;
    } catch (Exception ex) {
        SAMLUtils.debug.error("DefaultNameIdentifierMapper." + "getNameIdentifier:", ex);
        return null;
    }
}
Also used : DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) Set(java.util.Set) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) DataStoreProvider(com.sun.identity.plugin.datastore.DataStoreProvider) SessionException(com.sun.identity.plugin.session.SessionException) Map(java.util.Map) DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException)

Example 40 with SessionException

use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.

the class SAMLClient method doSSO.

/**
     * This private method is designed to do the SAML Single-Sign-On. 
     * It is called internally by doWebArtifact and doWebPOST methods. 
     * @param request HTTP Servlet Request
     * @param response HTTP Servlet Response
     * @param target the target URL
     * @param service the service name 
     * @exception IOException if an input or output exception occurs when 
     *     redirecting to service <code>URL</code>
     * @exception SAMLException if SAML error occurs during Single-Sign-On.
     */
private static void doSSO(HttpServletRequest request, HttpServletResponse response, String target, String service) throws IOException, SAMLException {
    if (request == null || response == null || target == null) {
        SAMLUtils.debug.error("SAMLClient:Input parameter is null.");
        throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
    }
    if ((!service.equals(SAMLConstants.SAML_AWARE_NAMING)) && (!service.equals(SAMLConstants.SAML_POST_NAMING)) && (!service.equals(SAMLConstants.SAML_SOAP_NAMING))) {
        SAMLUtils.debug.error("SAMLClient:illegal naming service name.");
        throw new SAMLException(SAMLUtils.bundle.getString("illegalNamingService"));
    }
    Object ssoToken = null;
    SessionProvider sessionProvider;
    try {
        sessionProvider = SessionManager.getProvider();
        ssoToken = sessionProvider.getSession(request);
        if (ssoToken == null) {
            SAMLUtils.debug.error("SAMLClient:SSOToken is null.");
            throw new SAMLException(SAMLUtils.bundle.getString("nullSSOToken"));
        }
        if (!sessionProvider.isValid(ssoToken)) {
            SAMLUtils.debug.error("SAMLClient:Session is invalid.");
            throw new SAMLException(SAMLUtils.bundle.getString("invalidSSOToken"));
        }
    } catch (SessionException se) {
        SAMLUtils.debug.error("SAMLClient", se);
        throw new SAMLException("SAMLClient:doSSO:" + se.getMessage());
    }
    URL weburl = null;
    try {
        URL serverurl = new URL(SAMLServiceManager.getServerURL());
        weburl = SystemConfigurationUtil.getServiceURL(service, serverurl.getProtocol(), serverurl.getHost(), serverurl.getPort(), serverurl.getPath());
    } catch (SystemConfigurationException ue) {
        SAMLUtils.debug.error("SAMLClient", ue);
        throw new SAMLException(SAMLUtils.bundle.getString("URLNotFoundException"));
    }
    StringBuffer redirectedurl = new StringBuffer(200);
    String tname = (String) SAMLServiceManager.getAttribute(SAMLConstants.TARGET_SPECIFIER);
    redirectedurl.append(weburl).append("?").append(tname).append("=").append(target);
    response.sendRedirect(redirectedurl.toString());
}
Also used : SessionException(com.sun.identity.plugin.session.SessionException) SystemConfigurationException(com.sun.identity.common.SystemConfigurationException) URL(java.net.URL) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Aggregations

SessionException (com.sun.identity.plugin.session.SessionException)121 SessionProvider (com.sun.identity.plugin.session.SessionProvider)55 List (java.util.List)40 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)35 IOException (java.io.IOException)28 ArrayList (java.util.ArrayList)28 Set (java.util.Set)24 SAMLException (com.sun.identity.saml.common.SAMLException)23 Iterator (java.util.Iterator)20 HashMap (java.util.HashMap)18 HashSet (java.util.HashSet)18 Map (java.util.Map)18 FSSession (com.sun.identity.federation.services.FSSession)17 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)17 FSSessionManager (com.sun.identity.federation.services.FSSessionManager)15 FSException (com.sun.identity.federation.common.FSException)13 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)12 SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)11 ServletException (javax.servlet.ServletException)10 DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)9