use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.
the class SAML2SDKUtils method getDiscoveryBootStrapResourceOffering.
/**
* Gets the Discovery bootstrap resource offering in an attribute
* statement. After a single sign-on with an Identity Provider, a service
* provider may get Discovery service esource Offerings through a SAML2
* assertion. This APIs helps in retrieving the resource offerings
* if the user has been authenticated through the SAML2 SSO. It will
* need to have a valid single sign on token (generated through the
* SAML2 SSO).
*
* @param request <code>HttpServletRequest</code> associated with a user
* session.
* @return <code>ResourceOffering</code> Discovery Resource Offering,
* null if there is any failure or if there is not one
*/
public static ResourceOffering getDiscoveryBootStrapResourceOffering(HttpServletRequest request) {
if (request == null) {
if (debug.messageEnabled()) {
debug.message("SAML2Utils.getDiscoveryBootStrapResource" + "Offerings: null Input params");
}
return null;
}
try {
SessionProvider sessionProvider = SessionManager.getProvider();
Object session = sessionProvider.getSession(request);
String[] roStr = sessionProvider.getProperty(session, SAML2Constants.DISCOVERY_BOOTSTRAP_ATTRIBUTE_NAME);
if ((roStr == null) || (roStr.length == 0)) {
return null;
}
return new ResourceOffering(XMLUtils.toDOMDocument(roStr[0], debug).getDocumentElement());
} catch (Exception ex) {
debug.error("SAML2Utils.getDiscoveryBootStrapResourceOfferings: " + " Exception while retrieving discovery boot strap info.", ex);
return null;
}
}
use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.
the class UtilProxySAMLAuthenticatorLookup method retrieveAuthenticationFromCache.
@Override
public void retrieveAuthenticationFromCache() throws SessionException, ServerFaultException, ClientFaultException {
final String classMethod = "UtilProxySAMLAuthenticatorLookup.retrieveAuthenticationFromCache: ";
// the second visit, the user has already authenticated
// retrieve the cache authn request and relay state
// We need the session to pass it to the IDP Adapter preSendResponse
SessionProvider sessionProvider = SessionManager.getProvider();
try {
data.setSession(sessionProvider.getSession(request));
data.getEventAuditor().setSSOTokenId(data.getSession());
} catch (SessionException se) {
SAML2Utils.debug.error("An error occurred while retrieving the session: " + se.getMessage());
data.setSession(null);
}
// Get the cached Authentication Request and Relay State before
// invoking the IDP Adapter
CacheObject cacheObj;
synchronized (IDPCache.authnRequestCache) {
cacheObj = (CacheObject) IDPCache.authnRequestCache.get(data.getRequestID());
}
if (cacheObj != null) {
data.setAuthnRequest((AuthnRequest) cacheObj.getObject());
}
data.setRelayState((String) IDPCache.relayStateCache.get(data.getRequestID()));
if (!isSessionValid(sessionProvider)) {
return;
}
// Invoke the IDP Adapter after the user has been authenticated
if (preSendResponse(request, response, data)) {
return;
}
synchronized (IDPCache.authnRequestCache) {
cacheObj = (CacheObject) IDPCache.authnRequestCache.remove(data.getRequestID());
}
if (cacheObj != null) {
data.setAuthnRequest((AuthnRequest) cacheObj.getObject());
}
synchronized (IDPCache.idpAuthnContextCache) {
cacheObj = (CacheObject) IDPCache.idpAuthnContextCache.remove(data.getRequestID());
}
if (cacheObj != null) {
data.setMatchingAuthnContext((AuthnContext) cacheObj.getObject());
}
data.setRelayState((String) IDPCache.relayStateCache.remove(data.getRequestID()));
if (data.getAuthnRequest() == null) {
authNotAvailable();
return;
}
SAML2Utils.debug.message("{} RequestID= {}", classMethod, data.getRequestID());
boolean isSessionUpgrade = false;
if (CollectionUtils.isNotEmpty(IDPCache.isSessionUpgradeCache)) {
isSessionUpgrade = IDPCache.isSessionUpgradeCache.contains(data.getRequestID());
}
if (isSessionUpgrade) {
IDPSession oldSess = (IDPSession) IDPCache.oldIDPSessionCache.remove(data.getRequestID());
String sessionIndex = IDPSSOUtil.getSessionIndex(data.getSession());
if (StringUtils.isNotEmpty(sessionIndex)) {
IDPCache.idpSessionsByIndices.put(sessionIndex, oldSess);
final FedMonAgent agent = MonitorManager.getAgent();
if (agent != null && agent.isRunning()) {
final FedMonSAML2Svc saml2Svc = MonitorManager.getSAML2Svc();
if (saml2Svc != null) {
saml2Svc.setIdpSessionCount(IDPCache.idpSessionsByIndices.size());
}
}
}
}
if (data.getSession() != null) {
// call multi-federation protocol to set the protocol
MultiProtocolUtils.addFederationProtocol(data.getSession(), SingleLogoutManager.SAML2);
}
// generate assertion response
data.setSpEntityID(data.getAuthnRequest().getIssuer().getValue());
NameIDPolicy policy = data.getAuthnRequest().getNameIDPolicy();
String nameIDFormat = (policy == null) ? null : policy.getFormat();
try {
IDPSSOUtil.sendResponseToACS(request, response, out, data.getSession(), data.getAuthnRequest(), data.getSpEntityID(), data.getIdpEntityID(), data.getIdpMetaAlias(), data.getRealm(), nameIDFormat, data.getRelayState(), data.getMatchingAuthnContext());
} catch (SAML2Exception se) {
SAML2Utils.debug.error(classMethod + "Unable to do sso or federation.", se);
throw new ServerFaultException(data.getIdpAdapter(), SSO_OR_FEDERATION_ERROR, se.getMessage());
}
}
use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.
the class FSSSOAndFedHandler method doAccountFederation.
protected FSAccountFedInfo doAccountFederation(Object ssoToken, FSAuthnRequest authnRequest, FSSession session) {
FSUtils.debug.message("FSSSOAndFedHandler.doAccountFederation: Called");
String nameIDPolicy = authnRequest.getNameIDPolicy();
String affiliationID = authnRequest.getAffiliationID();
boolean isAffiliationFed = false;
if (affiliationID != null) {
try {
isAffiliationFed = metaManager.isAffiliateMember(realm, hostedEntityId, affiliationID);
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.doAccount" + "Federation:Error in checking for the affiliation:", e);
}
}
}
try {
SessionProvider sessionProvider = SessionManager.getProvider();
String userID = sessionProvider.getPrincipalName(ssoToken);
FSAccountFedInfo existActInfo = null;
if (isAffiliationFed) {
existActInfo = accountManager.readAccountFedInfo(userID, affiliationID);
if (existActInfo != null && existActInfo.isFedStatusActive()) {
return existActInfo;
}
}
// Check if there is an existing fed info
String nameQualifier = authnRequest.getProviderId();
existActInfo = accountManager.readAccountFedInfo(userID, nameQualifier);
if (existActInfo != null && existActInfo.isFedStatusActive()) {
return existActInfo;
}
FSNameIdentifierHelper nameHelper = new FSNameIdentifierHelper(hostedConfig);
String opaqueHandle = nameHelper.createNameIdentifier();
if (opaqueHandle == null) {
FSUtils.debug.error("FSSSOAndFedHandler.doAccountFederation: " + "Could not generate handle");
return null;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.doAccountFederation: " + "Generated handle: " + opaqueHandle);
}
if (isAffiliationFed) {
nameQualifier = affiliationID;
}
NameIdentifier ni = new NameIdentifier(opaqueHandle, nameQualifier);
if (authnRequest.getMinorVersion() == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
if (nameIDPolicy == null || !nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_ONETIME)) {
ni.setFormat(IFSConstants.NI_FEDERATED_FORMAT_URI);
} else {
ni.setFormat(IFSConstants.NI_ONETIME_FORMAT_URI);
}
}
FSAccountFedInfo accountInfo = new FSAccountFedInfo(authnRequest.getProviderId(), ni, null, false);
FSAccountFedInfoKey fedKey = null;
if (isAffiliationFed) {
fedKey = new FSAccountFedInfoKey(affiliationID, opaqueHandle);
accountInfo.setAffiliation(true);
} else {
fedKey = new FSAccountFedInfoKey(authnRequest.getProviderId(), opaqueHandle);
}
if (nameIDPolicy == null || !nameIDPolicy.equals("onetime")) {
accountManager.writeAccountFedInfo(userID, fedKey, accountInfo);
} else {
session.setOneTime(true);
session.setAccountFedInfo(accountInfo);
session.setUserID(userID);
}
return accountInfo;
} catch (Exception ex) {
FSUtils.debug.error("FSSSOAndFedHandler.doAccountFederation: " + "Exception when doing account federation", ex);
return null;
}
}
use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.
the class FSSSOAndFedHandler method processPostAuthnSSO.
/**
* Handles authentication request after local login.
* @param authnRequest <code>FSAuthnRequest</code> object
* @return <code>true</code> if the request is handled successfully;
* <code>false</code> otherwise.
*/
public boolean processPostAuthnSSO(FSAuthnRequest authnRequest) {
FSUtils.debug.message("FSSSOAndFedHandler.processPostAuthnSSO: Called");
SessionProvider sessionProvider = null;
try {
sessionProvider = SessionManager.getProvider();
if (ssoToken == null) {
ssoToken = sessionProvider.getSession(request);
}
if ((ssoToken == null) || (!sessionProvider.isValid(ssoToken))) {
FSUtils.debug.error("FSSSOAndFedHandler.processPostAuthnSSO: " + "session is not valid.");
return false;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPostAuthnSSO: " + "session is valid.");
}
}
} catch (SessionException se) {
FSUtils.debug.error("FSSSOAndFedHandler.processPostAuthnSSO: ", se);
return false;
}
//save session
String userID = null;
String sessionID = null;
try {
userID = sessionProvider.getPrincipalName(ssoToken);
sessionID = sessionProvider.getSessionID(ssoToken);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPostAuthnSSO: " + "UserID of the principal in the session: " + userID + "sessionID of the session: " + sessionID);
}
} catch (SessionException ex) {
FSUtils.debug.error("FSSSOAndFedHandler.processPostAuthnSSO: " + "SessionException occured. " + "Principal information not found in the session: ", ex);
return false;
}
FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
FSSession session = sessionManager.getSession(userID, sessionID);
if (session != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPostAuthnSSO: " + "An existing SSO session found with ID:" + session.getSessionID());
}
session.addSessionPartner(new FSSessionPartner(spEntityId, false));
sessionManager.addSession(userID, session);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processPostAuthnSSO: " + "No existing SSO session found. " + "Entering a new session to the session manager with ID: " + sessionID);
}
session = new FSSession(sessionID);
String sessionIndex = SAMLUtils.generateID();
session.setSessionIndex(sessionIndex);
session.addSessionPartner(new FSSessionPartner(spEntityId, false));
sessionManager.addSession(userID, session);
}
// check for federation
String autoFedStr = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.ENABLE_AUTO_FEDERATION);
if (authnRequest.getFederate() || (autoFedStr != null && autoFedStr.equalsIgnoreCase("true"))) {
FSAccountFedInfo fedInfo = doAccountFederation(ssoToken, authnRequest, session);
NameIdentifier spNI = null;
NameIdentifier idpNI = null;
if (fedInfo == null) {
FSUtils.debug.error("FSSSOAndFedHandler.processPostAuthnSSO: " + "Accountfederation failed");
return false;
} else {
spNI = fedInfo.getRemoteNameIdentifier();
idpNI = fedInfo.getLocalNameIdentifier();
if (idpNI == null) {
idpNI = fedInfo.getRemoteNameIdentifier();
if (idpNI == null) {
FSUtils.debug.error("FSSSOAndFedHandler.processPost" + "AuthnSSO: Opaque handle not found");
return false;
}
}
if (spNI == null) {
spNI = idpNI;
}
}
return doSingleSignOn(ssoToken, authnRequest.getRequestID(), spNI, idpNI);
} else {
return doSingleSignOn(ssoToken, authnRequest.getRequestID());
}
}
use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.
the class FSTerminationInitiationServlet method getValidToken.
/**
* Retrieves session token from <code>HTTPServletRequest</code>
* object.
* @param request HTTP request object
* @return the valid session token from the request object;
* <code>null</code> otherwise.
*/
private Object getValidToken(HttpServletRequest request) {
FSUtils.debug.message("Entered FSTerminationInitiationServlet::getValidToken");
try {
SessionProvider sessionProvider = SessionManager.getProvider();
Object ssoToken = sessionProvider.getSession(request);
if ((ssoToken == null) || (!sessionProvider.isValid(ssoToken))) {
FSUtils.debug.error("session token is not valid, " + "redirecting for authentication");
return null;
}
return ssoToken;
} catch (SessionException e) {
FSUtils.debug.error("SessionException caught: ", e);
return null;
}
}
Aggregations