use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class AssertionManagerImpl method createAssertion.
public String createAssertion(String ssoToken) throws SAMLException {
checkInitialization();
Object token = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
token = sessionProvider.getSession(ssoToken);
} catch (SessionException ssoe) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("AssertionManagerImpl:createAssertion(SSO) " + ssoe);
}
throw (new SAMLException(ssoe.getMessage()));
}
Assertion a = assertionManager.createAssertion(token);
// would be thrown
return (a.toString(true, true));
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class AssertionManagerImpl method getAssertionByIdRefToken.
public String getAssertionByIdRefToken(String idref, String ssoToken) throws SAMLException {
checkInitialization();
Object token = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
token = sessionProvider.getSession(ssoToken);
} catch (SessionException ssoe) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("AssertionManagerImpl:getAssertionByIdRefToken: " + ssoe);
}
throw (new SAMLException(ssoe.getMessage()));
}
Assertion a = assertionManager.getAssertion(new AssertionIDReference(idref), token);
return (a.toString(true, true));
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class RPSigninResponse method process.
/**
* Processes the sign-in response, redirecting the browser wreply URL
* supplied in the sign-in request via the HttpServletResponse passed to
* the constructor.
*/
public void process() throws WSFederationException, IOException {
String classMethod = "RPSigninResponse.process: ";
if ((wresult == null) || (wresult.length() == 0)) {
String[] data = { request.getQueryString() };
LogUtil.error(Level.INFO, LogUtil.MISSING_WRESULT, data, null);
throw new WSFederationException(WSFederationUtils.bundle.getString("nullWresult"));
}
RequestSecurityTokenResponse rstr = null;
try {
rstr = RequestSecurityTokenResponse.parseXML(wresult);
} catch (WSFederationException wsfe) {
String[] data = { wresult };
LogUtil.error(Level.INFO, LogUtil.INVALID_WRESULT, data, null);
throw new WSFederationException(WSFederationUtils.bundle.getString("invalidWresult"));
}
if (debug.messageEnabled()) {
debug.message(classMethod + "Received RSTR: " + rstr.toString());
}
String realm = null;
String requestURL = request.getRequestURL().toString();
// get entity id and orgName
String metaAlias = WSFederationMetaUtils.getMetaAliasByUri(requestURL);
realm = WSFederationMetaUtils.getRealmByMetaAlias(metaAlias);
WSFederationMetaManager metaManager = WSFederationUtils.getMetaManager();
String spEntityId = null;
try {
spEntityId = metaManager.getEntityByMetaAlias(metaAlias);
} catch (WSFederationException wsfe) {
String[] data = { wsfe.getLocalizedMessage(), metaAlias, realm };
LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_GET_ENTITY_CONFIG, data, null);
String[] args = { metaAlias, realm };
throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "invalidMetaAlias", args);
}
if (realm == null || realm.length() == 0) {
realm = "/";
}
SPSSOConfigElement spssoconfig = metaManager.getSPSSOConfig(realm, spEntityId);
int timeskew = SAML2Constants.ASSERTION_TIME_SKEW_DEFAULT;
String timeskewStr = WSFederationMetaUtils.getAttribute(spssoconfig, SAML2Constants.ASSERTION_TIME_SKEW);
if (timeskewStr != null && timeskewStr.trim().length() > 0) {
timeskew = Integer.parseInt(timeskewStr);
if (timeskew < 0) {
timeskew = SAML2Constants.ASSERTION_TIME_SKEW_DEFAULT;
}
}
if (debug.messageEnabled()) {
debug.message(classMethod + "timeskew = " + timeskew);
}
// Subject, SOAPEntry for the partner and the List of Assertions.
if (debug.messageEnabled()) {
debug.message(classMethod + " - verifying assertion");
}
// verifyToken will throw an exception, rather than return null, so we
// need not test the return value
Map<String, Object> smap = rstr.getRequestedSecurityToken().verifyToken(realm, spEntityId, timeskew);
assert smap != null;
Map attributes = WSFederationMetaUtils.getAttributes(spssoconfig);
SPAccountMapper acctMapper = getSPAccountMapper(attributes);
SPAttributeMapper attrMapper = getSPAttributeMapper(attributes);
String userName = acctMapper.getIdentity(rstr, spEntityId, realm);
if (userName == null) {
throw new WSFederationException(WSFederationUtils.bundle.getString("nullUserID"));
}
String idpEntityId = metaManager.getEntityByTokenIssuerName(realm, rstr.getRequestedSecurityToken().getIssuer());
List attrs = rstr.getRequestedSecurityToken().getAttributes();
Map attrMap = null;
if (attrs != null) {
attrMap = attrMapper.getAttributes(attrs, userName, spEntityId, idpEntityId, realm);
}
String authLevel = smap.get(SAML2Constants.AUTH_LEVEL).toString();
// Set up Attributes for session creation
Map sessionInfoMap = new HashMap();
sessionInfoMap.put(SessionProvider.REALM, realm);
sessionInfoMap.put(SessionProvider.PRINCIPAL_NAME, userName);
sessionInfoMap.put(SessionProvider.AUTH_LEVEL, authLevel);
Object session = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
session = sessionProvider.createSession(sessionInfoMap, request, response, null);
SPACSUtils.setAttrMapInSession(sessionProvider, attrMap, session);
String[] idpArray = { idpEntityId };
sessionProvider.setProperty(session, WSFederationConstants.SESSION_IDP, idpArray);
RequestedSecurityToken rst = rstr.getRequestedSecurityToken();
if (isAssertionCacheEnabled(spssoconfig)) {
String tokenID = rst.getTokenId();
String[] assertionID = { tokenID };
sessionProvider.setProperty(session, "AssertionID", assertionID);
SPCache.assertionByIDCache.put(tokenID, rst.toString());
}
} catch (SessionException se) {
String[] data = { se.getLocalizedMessage(), realm, userName, authLevel };
LogUtil.error(Level.INFO, LogUtil.CANT_CREATE_SESSION, data, null);
throw new WSFederationException(se);
}
String target = null;
if (wctx != null) {
target = WSFederationUtils.removeReplyURL(wctx);
} else {
target = WSFederationMetaUtils.getAttribute(spssoconfig, SAML2Constants.DEFAULT_RELAY_STATE);
}
String[] data = { wctx, LogUtil.isErrorLoggable(Level.FINER) ? wresult : rstr.getRequestedSecurityToken().getTokenId(), realm, userName, authLevel, target };
LogUtil.access(Level.INFO, LogUtil.SSO_SUCCESSFUL, data, session);
if (target == null) {
// What to do? There was no wreply URL specified, and there is no
// default target configured
PrintWriter pw = response.getWriter();
pw.println("Logged in");
return;
}
response.sendRedirect(target);
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class DefaultIDPAccountMapper method getNameID.
/**
* Returns the user's <code>NameID</code>information that contains
* account federation with the corresponding remote and local entities.
*
* @param session Session object.
* @param realm Realm where user resides.
* @param hostEntityID <code>EntityID</code> of the hosted provider.
* @param remoteEntityID <code>EntityID</code> of the remote provider.
* @return the <code>NameID</code> corresponding to the authenticated user.
* null if the authenticated user does not container account
* federation information.
* @exception WSFederationException if any failure.
*/
public NameIdentifier getNameID(Object session, String realm, String hostEntityID, String remoteEntityID) throws WSFederationException {
String userID = null;
try {
SessionProvider sessionProv = SessionManager.getProvider();
userID = sessionProv.getPrincipalName(session);
} catch (SessionException se) {
throw new WSFederationException(WSFederationUtils.bundle.getString("invalidSSOToken"));
}
IDPSSOConfigElement idpConfig = WSFederationUtils.getMetaManager().getIDPSSOConfig(realm, hostEntityID);
String name2 = null;
String attrName = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.NAMEID_ATTRIBUTE);
if (attrName == null || attrName.length() == 0) {
attrName = WSFederationConstants.UID;
}
try {
Set attrValues = dsProvider.getAttribute(userID, attrName);
if ((attrValues != null) && (!attrValues.isEmpty())) {
name2 = (String) attrValues.iterator().next();
} else {
String[] args = { attrName, userID };
throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "missingNameAttribute", args);
}
} catch (DataStoreProviderException dspe) {
throw new WSFederationException(dspe);
}
String nameIdFormat = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.NAMEID_FORMAT);
if (nameIdFormat == null || nameIdFormat.length() == 0) {
nameIdFormat = WSFederationConstants.NAMED_CLAIM_TYPES[WSFederationConstants.NAMED_CLAIM_UPN];
}
String strNameIncludesDomain = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.NAME_INCLUDES_DOMAIN);
boolean nameIncludesDomain = Boolean.valueOf(strNameIncludesDomain);
String name = null;
if (nameIdFormat.equals(WSFederationConstants.NAMED_CLAIM_TYPES[WSFederationConstants.NAMED_CLAIM_UPN]) && !nameIncludesDomain) {
// Need to get a domain from somewhere and append it to name2
// Try user profile first
String domainAttribute = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.DOMAIN_ATTRIBUTE);
String upnDomain = null;
if (domainAttribute != null && domainAttribute.length() > 0) {
Set attrValues;
try {
attrValues = dsProvider.getAttribute(userID, domainAttribute);
} catch (DataStoreProviderException dspe) {
throw new WSFederationException(dspe);
}
if ((attrValues != null) && (!attrValues.isEmpty())) {
upnDomain = (String) attrValues.iterator().next();
}
}
if (upnDomain == null || upnDomain.length() == 0) {
// Nothing on the user profile - get from config
upnDomain = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.UPN_DOMAIN);
}
if (upnDomain == null || upnDomain.length() == 0) {
// OK - now we have a problem
throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "noDomainConfigured", null);
}
name = name2 + "@" + upnDomain;
} else {
name = name2;
}
try {
return new NameIdentifier(name, null, nameIdFormat);
} catch (SAMLException se) {
throw new WSFederationException(se);
}
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class DefaultIDPAttributeMapper method getAttributes.
/**
* Returns list of SAML <code>Attribute</code> objects for the
* IDP framework to insert into the generated <code>Assertion</code>.
* @param session Single sign-on session.
* @param hostEntityID <code>EntityID</code> of the hosted entity.
* @param remoteEntityID <code>EntityID</code> of the remote entity.
* @param realm name of the realm.
* @exception WSFederationException if any failure.
*/
public List getAttributes(Object session, String hostEntityID, String remoteEntityID, String realm) throws WSFederationException {
if (hostEntityID == null) {
throw new WSFederationException(bundle.getString("nullHostEntityID"));
}
if (realm == null) {
throw new WSFederationException(bundle.getString("nullRealm"));
}
if (session == null) {
throw new WSFederationException(bundle.getString("nullSSOToken"));
}
try {
if (!SessionManager.getProvider().isValid(session)) {
if (debug.warningEnabled()) {
debug.warning("DefaultIDPAttributeMapper.getAttributes: " + "Invalid session");
}
return null;
}
Map configMap = getConfigAttributeMap(realm, hostEntityID);
if (configMap == null || configMap.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("DefaultIDPAttributeMapper.getAttributes:" + "Configuration map is not defined.");
}
return null;
}
List attributes = new ArrayList();
Set localAttributes = new HashSet();
localAttributes.addAll(configMap.values());
Map valueMap = null;
try {
valueMap = dsProvider.getAttributes(SessionManager.getProvider().getPrincipalName(session), localAttributes);
} catch (DataStoreProviderException dse) {
if (debug.warningEnabled()) {
debug.warning("DefaultIDPAttributeMapper.getAttributes: " + "Datastore exception", dse);
}
//continue to check in ssotoken.
}
Iterator iter = configMap.keySet().iterator();
while (iter.hasNext()) {
String samlAttribute = (String) iter.next();
String localAttribute = (String) configMap.get(samlAttribute);
String[] localAttributeValues = null;
if (valueMap != null && !valueMap.isEmpty()) {
Set values = (Set) valueMap.get(localAttribute);
if (values == null || values.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("DefaultIDPAttributeMapper.getAttribute:" + " user profile does not have value for " + localAttribute + " but is going to check ssotoken:");
}
localAttributeValues = SessionManager.getProvider().getProperty(session, localAttribute);
if (localAttributeValues != null && localAttributeValues.length == 0) {
localAttributeValues = null;
}
} else {
localAttributeValues = (String[]) values.toArray(new String[values.size()]);
}
}
if (localAttributeValues == null) {
if (debug.messageEnabled()) {
debug.message("DefaultIDPAttributeMapper.getAttribute:" + " user does not have " + localAttribute);
}
continue;
}
attributes.add(getSAMLAttribute(samlAttribute, localAttributeValues));
}
return attributes;
} catch (WSFederationException sme) {
debug.error("DefaultIDPAttribute.getAttributes: " + "SAML Exception", sme);
throw new WSFederationException(sme);
} catch (SessionException se) {
debug.error("DefaultIDPAttribute.getAttributes: " + "SessionException", se);
throw new WSFederationException(se);
}
}
Aggregations