Search in sources :

Example 41 with SessionException

use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.

the class AssertionManagerImpl method createAssertion.

public String createAssertion(String ssoToken) throws SAMLException {
    checkInitialization();
    Object token = null;
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        token = sessionProvider.getSession(ssoToken);
    } catch (SessionException ssoe) {
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionManagerImpl:createAssertion(SSO) " + ssoe);
        }
        throw (new SAMLException(ssoe.getMessage()));
    }
    Assertion a = assertionManager.createAssertion(token);
    // would be thrown
    return (a.toString(true, true));
}
Also used : Assertion(com.sun.identity.saml.assertion.Assertion) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 42 with SessionException

use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.

the class AssertionManagerImpl method getAssertionByIdRefToken.

public String getAssertionByIdRefToken(String idref, String ssoToken) throws SAMLException {
    checkInitialization();
    Object token = null;
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        token = sessionProvider.getSession(ssoToken);
    } catch (SessionException ssoe) {
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionManagerImpl:getAssertionByIdRefToken: " + ssoe);
        }
        throw (new SAMLException(ssoe.getMessage()));
    }
    Assertion a = assertionManager.getAssertion(new AssertionIDReference(idref), token);
    return (a.toString(true, true));
}
Also used : Assertion(com.sun.identity.saml.assertion.Assertion) SessionException(com.sun.identity.plugin.session.SessionException) AssertionIDReference(com.sun.identity.saml.assertion.AssertionIDReference) SAMLException(com.sun.identity.saml.common.SAMLException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 43 with SessionException

use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.

the class RPSigninResponse method process.

/**
     * Processes the sign-in response, redirecting the browser wreply URL 
     * supplied in the sign-in request via the HttpServletResponse passed to 
     * the constructor.
     */
public void process() throws WSFederationException, IOException {
    String classMethod = "RPSigninResponse.process: ";
    if ((wresult == null) || (wresult.length() == 0)) {
        String[] data = { request.getQueryString() };
        LogUtil.error(Level.INFO, LogUtil.MISSING_WRESULT, data, null);
        throw new WSFederationException(WSFederationUtils.bundle.getString("nullWresult"));
    }
    RequestSecurityTokenResponse rstr = null;
    try {
        rstr = RequestSecurityTokenResponse.parseXML(wresult);
    } catch (WSFederationException wsfe) {
        String[] data = { wresult };
        LogUtil.error(Level.INFO, LogUtil.INVALID_WRESULT, data, null);
        throw new WSFederationException(WSFederationUtils.bundle.getString("invalidWresult"));
    }
    if (debug.messageEnabled()) {
        debug.message(classMethod + "Received RSTR: " + rstr.toString());
    }
    String realm = null;
    String requestURL = request.getRequestURL().toString();
    // get entity id and orgName
    String metaAlias = WSFederationMetaUtils.getMetaAliasByUri(requestURL);
    realm = WSFederationMetaUtils.getRealmByMetaAlias(metaAlias);
    WSFederationMetaManager metaManager = WSFederationUtils.getMetaManager();
    String spEntityId = null;
    try {
        spEntityId = metaManager.getEntityByMetaAlias(metaAlias);
    } catch (WSFederationException wsfe) {
        String[] data = { wsfe.getLocalizedMessage(), metaAlias, realm };
        LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_GET_ENTITY_CONFIG, data, null);
        String[] args = { metaAlias, realm };
        throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "invalidMetaAlias", args);
    }
    if (realm == null || realm.length() == 0) {
        realm = "/";
    }
    SPSSOConfigElement spssoconfig = metaManager.getSPSSOConfig(realm, spEntityId);
    int timeskew = SAML2Constants.ASSERTION_TIME_SKEW_DEFAULT;
    String timeskewStr = WSFederationMetaUtils.getAttribute(spssoconfig, SAML2Constants.ASSERTION_TIME_SKEW);
    if (timeskewStr != null && timeskewStr.trim().length() > 0) {
        timeskew = Integer.parseInt(timeskewStr);
        if (timeskew < 0) {
            timeskew = SAML2Constants.ASSERTION_TIME_SKEW_DEFAULT;
        }
    }
    if (debug.messageEnabled()) {
        debug.message(classMethod + "timeskew = " + timeskew);
    }
    // Subject, SOAPEntry for the partner and the List of Assertions.
    if (debug.messageEnabled()) {
        debug.message(classMethod + " - verifying assertion");
    }
    // verifyToken will throw an exception, rather than return null, so we
    // need not test the return value
    Map<String, Object> smap = rstr.getRequestedSecurityToken().verifyToken(realm, spEntityId, timeskew);
    assert smap != null;
    Map attributes = WSFederationMetaUtils.getAttributes(spssoconfig);
    SPAccountMapper acctMapper = getSPAccountMapper(attributes);
    SPAttributeMapper attrMapper = getSPAttributeMapper(attributes);
    String userName = acctMapper.getIdentity(rstr, spEntityId, realm);
    if (userName == null) {
        throw new WSFederationException(WSFederationUtils.bundle.getString("nullUserID"));
    }
    String idpEntityId = metaManager.getEntityByTokenIssuerName(realm, rstr.getRequestedSecurityToken().getIssuer());
    List attrs = rstr.getRequestedSecurityToken().getAttributes();
    Map attrMap = null;
    if (attrs != null) {
        attrMap = attrMapper.getAttributes(attrs, userName, spEntityId, idpEntityId, realm);
    }
    String authLevel = smap.get(SAML2Constants.AUTH_LEVEL).toString();
    // Set up Attributes for session creation
    Map sessionInfoMap = new HashMap();
    sessionInfoMap.put(SessionProvider.REALM, realm);
    sessionInfoMap.put(SessionProvider.PRINCIPAL_NAME, userName);
    sessionInfoMap.put(SessionProvider.AUTH_LEVEL, authLevel);
    Object session = null;
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        session = sessionProvider.createSession(sessionInfoMap, request, response, null);
        SPACSUtils.setAttrMapInSession(sessionProvider, attrMap, session);
        String[] idpArray = { idpEntityId };
        sessionProvider.setProperty(session, WSFederationConstants.SESSION_IDP, idpArray);
        RequestedSecurityToken rst = rstr.getRequestedSecurityToken();
        if (isAssertionCacheEnabled(spssoconfig)) {
            String tokenID = rst.getTokenId();
            String[] assertionID = { tokenID };
            sessionProvider.setProperty(session, "AssertionID", assertionID);
            SPCache.assertionByIDCache.put(tokenID, rst.toString());
        }
    } catch (SessionException se) {
        String[] data = { se.getLocalizedMessage(), realm, userName, authLevel };
        LogUtil.error(Level.INFO, LogUtil.CANT_CREATE_SESSION, data, null);
        throw new WSFederationException(se);
    }
    String target = null;
    if (wctx != null) {
        target = WSFederationUtils.removeReplyURL(wctx);
    } else {
        target = WSFederationMetaUtils.getAttribute(spssoconfig, SAML2Constants.DEFAULT_RELAY_STATE);
    }
    String[] data = { wctx, LogUtil.isErrorLoggable(Level.FINER) ? wresult : rstr.getRequestedSecurityToken().getTokenId(), realm, userName, authLevel, target };
    LogUtil.access(Level.INFO, LogUtil.SSO_SUCCESSFUL, data, session);
    if (target == null) {
        // What to do? There was no wreply URL specified, and there is no
        // default target configured
        PrintWriter pw = response.getWriter();
        pw.println("Logged in");
        return;
    }
    response.sendRedirect(target);
}
Also used : WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager) WSFederationException(com.sun.identity.wsfederation.common.WSFederationException) RequestedSecurityToken(com.sun.identity.wsfederation.profile.RequestedSecurityToken) HashMap(java.util.HashMap) SPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement) SessionException(com.sun.identity.plugin.session.SessionException) SPAccountMapper(com.sun.identity.wsfederation.plugins.SPAccountMapper) SPAttributeMapper(com.sun.identity.wsfederation.plugins.SPAttributeMapper) List(java.util.List) RequestSecurityTokenResponse(com.sun.identity.wsfederation.profile.RequestSecurityTokenResponse) HashMap(java.util.HashMap) Map(java.util.Map) SessionProvider(com.sun.identity.plugin.session.SessionProvider) PrintWriter(java.io.PrintWriter)

Example 44 with SessionException

use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.

the class DefaultIDPAccountMapper method getNameID.

/**
     * Returns the user's <code>NameID</code>information that contains
     * account federation with the corresponding remote and local entities.
     *
     * @param session Session object.
     * @param realm Realm where user resides.
     * @param hostEntityID <code>EntityID</code> of the hosted provider.
     * @param remoteEntityID <code>EntityID</code> of the remote provider.
     * @return the <code>NameID</code> corresponding to the authenticated user.
     *         null if the authenticated user does not container account
     *              federation information.
     * @exception WSFederationException if any failure.
     */
public NameIdentifier getNameID(Object session, String realm, String hostEntityID, String remoteEntityID) throws WSFederationException {
    String userID = null;
    try {
        SessionProvider sessionProv = SessionManager.getProvider();
        userID = sessionProv.getPrincipalName(session);
    } catch (SessionException se) {
        throw new WSFederationException(WSFederationUtils.bundle.getString("invalidSSOToken"));
    }
    IDPSSOConfigElement idpConfig = WSFederationUtils.getMetaManager().getIDPSSOConfig(realm, hostEntityID);
    String name2 = null;
    String attrName = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.NAMEID_ATTRIBUTE);
    if (attrName == null || attrName.length() == 0) {
        attrName = WSFederationConstants.UID;
    }
    try {
        Set attrValues = dsProvider.getAttribute(userID, attrName);
        if ((attrValues != null) && (!attrValues.isEmpty())) {
            name2 = (String) attrValues.iterator().next();
        } else {
            String[] args = { attrName, userID };
            throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "missingNameAttribute", args);
        }
    } catch (DataStoreProviderException dspe) {
        throw new WSFederationException(dspe);
    }
    String nameIdFormat = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.NAMEID_FORMAT);
    if (nameIdFormat == null || nameIdFormat.length() == 0) {
        nameIdFormat = WSFederationConstants.NAMED_CLAIM_TYPES[WSFederationConstants.NAMED_CLAIM_UPN];
    }
    String strNameIncludesDomain = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.NAME_INCLUDES_DOMAIN);
    boolean nameIncludesDomain = Boolean.valueOf(strNameIncludesDomain);
    String name = null;
    if (nameIdFormat.equals(WSFederationConstants.NAMED_CLAIM_TYPES[WSFederationConstants.NAMED_CLAIM_UPN]) && !nameIncludesDomain) {
        // Need to get a domain from somewhere and append it to name2
        // Try user profile first
        String domainAttribute = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.DOMAIN_ATTRIBUTE);
        String upnDomain = null;
        if (domainAttribute != null && domainAttribute.length() > 0) {
            Set attrValues;
            try {
                attrValues = dsProvider.getAttribute(userID, domainAttribute);
            } catch (DataStoreProviderException dspe) {
                throw new WSFederationException(dspe);
            }
            if ((attrValues != null) && (!attrValues.isEmpty())) {
                upnDomain = (String) attrValues.iterator().next();
            }
        }
        if (upnDomain == null || upnDomain.length() == 0) {
            // Nothing on the user profile - get from config
            upnDomain = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.UPN_DOMAIN);
        }
        if (upnDomain == null || upnDomain.length() == 0) {
            // OK - now we have a problem
            throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "noDomainConfigured", null);
        }
        name = name2 + "@" + upnDomain;
    } else {
        name = name2;
    }
    try {
        return new NameIdentifier(name, null, nameIdFormat);
    } catch (SAMLException se) {
        throw new WSFederationException(se);
    }
}
Also used : DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) Set(java.util.Set) WSFederationException(com.sun.identity.wsfederation.common.WSFederationException) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) SessionException(com.sun.identity.plugin.session.SessionException) IDPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement) SAMLException(com.sun.identity.saml.common.SAMLException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 45 with SessionException

use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.

the class DefaultIDPAttributeMapper method getAttributes.

/**
     * Returns list of SAML <code>Attribute</code> objects for the 
     * IDP framework to insert into the generated <code>Assertion</code>. 
     * @param session Single sign-on session.
     * @param hostEntityID <code>EntityID</code> of the hosted entity.
     * @param remoteEntityID <code>EntityID</code> of the remote entity.
     * @param realm name of the realm.
     * @exception WSFederationException if any failure.
     */
public List getAttributes(Object session, String hostEntityID, String remoteEntityID, String realm) throws WSFederationException {
    if (hostEntityID == null) {
        throw new WSFederationException(bundle.getString("nullHostEntityID"));
    }
    if (realm == null) {
        throw new WSFederationException(bundle.getString("nullRealm"));
    }
    if (session == null) {
        throw new WSFederationException(bundle.getString("nullSSOToken"));
    }
    try {
        if (!SessionManager.getProvider().isValid(session)) {
            if (debug.warningEnabled()) {
                debug.warning("DefaultIDPAttributeMapper.getAttributes: " + "Invalid session");
            }
            return null;
        }
        Map configMap = getConfigAttributeMap(realm, hostEntityID);
        if (configMap == null || configMap.isEmpty()) {
            if (debug.messageEnabled()) {
                debug.message("DefaultIDPAttributeMapper.getAttributes:" + "Configuration map is not defined.");
            }
            return null;
        }
        List attributes = new ArrayList();
        Set localAttributes = new HashSet();
        localAttributes.addAll(configMap.values());
        Map valueMap = null;
        try {
            valueMap = dsProvider.getAttributes(SessionManager.getProvider().getPrincipalName(session), localAttributes);
        } catch (DataStoreProviderException dse) {
            if (debug.warningEnabled()) {
                debug.warning("DefaultIDPAttributeMapper.getAttributes: " + "Datastore exception", dse);
            }
        //continue to check in ssotoken.
        }
        Iterator iter = configMap.keySet().iterator();
        while (iter.hasNext()) {
            String samlAttribute = (String) iter.next();
            String localAttribute = (String) configMap.get(samlAttribute);
            String[] localAttributeValues = null;
            if (valueMap != null && !valueMap.isEmpty()) {
                Set values = (Set) valueMap.get(localAttribute);
                if (values == null || values.isEmpty()) {
                    if (debug.messageEnabled()) {
                        debug.message("DefaultIDPAttributeMapper.getAttribute:" + " user profile does not have value for " + localAttribute + " but is going to check ssotoken:");
                    }
                    localAttributeValues = SessionManager.getProvider().getProperty(session, localAttribute);
                    if (localAttributeValues != null && localAttributeValues.length == 0) {
                        localAttributeValues = null;
                    }
                } else {
                    localAttributeValues = (String[]) values.toArray(new String[values.size()]);
                }
            }
            if (localAttributeValues == null) {
                if (debug.messageEnabled()) {
                    debug.message("DefaultIDPAttributeMapper.getAttribute:" + " user does not have " + localAttribute);
                }
                continue;
            }
            attributes.add(getSAMLAttribute(samlAttribute, localAttributeValues));
        }
        return attributes;
    } catch (WSFederationException sme) {
        debug.error("DefaultIDPAttribute.getAttributes: " + "SAML Exception", sme);
        throw new WSFederationException(sme);
    } catch (SessionException se) {
        debug.error("DefaultIDPAttribute.getAttributes: " + "SessionException", se);
        throw new WSFederationException(se);
    }
}
Also used : DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) Set(java.util.Set) HashSet(java.util.HashSet) WSFederationException(com.sun.identity.wsfederation.common.WSFederationException) ArrayList(java.util.ArrayList) Iterator(java.util.Iterator) SessionException(com.sun.identity.plugin.session.SessionException) ArrayList(java.util.ArrayList) List(java.util.List) Map(java.util.Map) HashSet(java.util.HashSet)

Aggregations

SessionException (com.sun.identity.plugin.session.SessionException)121 SessionProvider (com.sun.identity.plugin.session.SessionProvider)55 List (java.util.List)40 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)35 IOException (java.io.IOException)28 ArrayList (java.util.ArrayList)28 Set (java.util.Set)24 SAMLException (com.sun.identity.saml.common.SAMLException)23 Iterator (java.util.Iterator)20 HashMap (java.util.HashMap)18 HashSet (java.util.HashSet)18 Map (java.util.Map)18 FSSession (com.sun.identity.federation.services.FSSession)17 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)17 FSSessionManager (com.sun.identity.federation.services.FSSessionManager)15 FSException (com.sun.identity.federation.common.FSException)13 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)12 SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)11 ServletException (javax.servlet.ServletException)10 DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)9