Example 56 with SessionProvider
use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.
the class MultiProtocolUtils method isMultipleProtocolSession.
/**
* Returns true if the session is used in other federation protocols.
* @param session Session object
* @param protocol Protocol of the caller. Value is one of the following:
* <code>SingleLogoutManager.IDFF</code>
* <code>SingleLogoutManager.SAML2</code>
* <code>SingleLogoutManager.WS_FED</code>
* @return true if the session is used in other federation protocols,
* false otherwise.
*/
public static boolean isMultipleProtocolSession(Object session, String protocol) {
SingleLogoutManager.debug.message("MultiProtocolUtils.isMPSession");
if ((session == null) || (protocol == null)) {
return false;
}
if (SingleLogoutManager.debug.messageEnabled()) {
SingleLogoutManager.debug.message("MultiProtocolUtils.isMPSession:" + " protocol=" + protocol + ", session=" + session);
}
try {
SessionProvider provider = SessionManager.getProvider();
String[] vals = provider.getProperty(session, SingleLogoutManager.FEDERATION_PROTOCOLS);
if ((vals != null) && SingleLogoutManager.debug.messageEnabled()) {
SingleLogoutManager.debug.message("MultiProtocolUtils.isMPSession: size=" + vals.length);
for (int i = 0; i < vals.length; i++) {
SingleLogoutManager.debug.message("MultiProtocolUtils.isMPSession: protocols=" + vals[i]);
}
}
if ((vals == null) || (vals.length == 0)) {
return false;
} else if (vals.length > 1) {
return true;
} else if (protocol.equals(vals[0])) {
return false;
} else {
return true;
}
} catch (SessionException ex) {
SingleLogoutManager.debug.message("MPUtils.isMPSession", ex);
} catch (UnsupportedOperationException ex) {
SingleLogoutManager.debug.message("MPUtils.isMPSession2", ex);
}
return false;
}
Also used :
SessionException(com.sun.identity.plugin.session.SessionException)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 57 with SessionProvider
use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.
the class SAML2SingleLogoutHandler method handleSOAPInitiatedSingleLogout.
private int handleSOAPInitiatedSingleLogout(Set userSession, String userID, HttpServletRequest request, HttpServletResponse response, String realm, String idpMetaAlias, String idpEntityId, String relayState, SAML2MetaManager saml2Manager) throws SAML2Exception, SessionException {
debug.message("SAML2SingleLogoutHanlder: handleSOAPInitiatedSLO");
// TODO : verify this works under LB
Object session = null;
SessionProvider provider = SessionManager.getProvider();
if ((userSession != null) && !userSession.isEmpty()) {
// TODO : handle multiple SSO token case
session = (Object) userSession.iterator().next();
if (!provider.isValid(session)) {
return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
}
} else {
return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
}
if (debug.messageEnabled()) {
debug.message("SAML2SLOHandler.handleSOAPSLO: " + "handler session " + session + " for user " + userID);
}
// get IDP session index from session
String[] sessIndex = provider.getProperty(session, SAML2Constants.IDP_SESSION_INDEX);
if (debug.messageEnabled()) {
debug.message("SAML2SLOHandler.handleSOAPSLO: " + "session index = " + sessIndex);
}
if ((sessIndex == null) || (sessIndex.length == 0)) {
if (debug.warningEnabled()) {
debug.warning("SAML2SLOHandler.handleSOAPSLO: " + "Null session index for " + session);
}
return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
}
IDPSession idpSession = (IDPSession) IDPCache.idpSessionsByIndices.get(sessIndex[0]);
if (idpSession == null) {
debug.error("SAML2SLOHanlder.handleSOAPSLO: " + "IDP no longer has this session index " + sessIndex[0]);
return SingleLogoutManager.LOGOUT_FAILED_STATUS;
}
List list = (List) idpSession.getNameIDandSPpairs();
int n = list.size();
if (debug.messageEnabled()) {
debug.message("SAML2SLOHanlder.handleSOAPSLO: " + "NameIDandSPpair for " + sessIndex[0] + " is " + list + ", size=" + n);
}
NameIDandSPpair pair = null;
int soapFailCount = 0;
for (int i = 0; i < n; i++) {
pair = (NameIDandSPpair) list.get(i);
String spEntityID = pair.getSPEntityID();
if (debug.messageEnabled()) {
debug.message("SAML2SLOHanlder.handleSOAPSLO: " + "SP for " + sessIndex[0] + " is " + spEntityID);
}
SPSSODescriptorElement sp = null;
sp = SAML2Utils.getSAML2MetaManager().getSPSSODescriptor(realm, spEntityID);
List slosList = sp.getSingleLogoutService();
// get IDP entity config for basic auth info
SPSSOConfigElement spConfig = SAML2Utils.getSAML2MetaManager().getSPSSOConfig(realm, spEntityID);
HashMap paramsMap = new HashMap();
paramsMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE);
try {
LogoutUtil.doLogout(idpMetaAlias, spEntityID, slosList, null, SAML2Constants.SOAP, relayState, sessIndex[0], pair.getNameID(), request, response, paramsMap, spConfig);
} catch (SAML2Exception ex) {
debug.error("SAML2SLOHandler:handleSOAPSLO.doLogout", ex);
soapFailCount++;
continue;
}
}
int retStatus = SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS;
if (soapFailCount == n) {
retStatus = SingleLogoutManager.LOGOUT_FAILED_STATUS;
} else if (soapFailCount > 0) {
retStatus = SingleLogoutManager.LOGOUT_PARTIAL_STATUS;
}
// invaidate session
MultiProtocolUtils.invalidateSession(session, request, response, SingleLogoutManager.SAML2);
IDPCache.idpSessionsByIndices.remove(sessIndex[0]);
IDPCache.authnContextCache.remove(sessIndex[0]);
if (debug.messageEnabled()) {
debug.message("SAML2SLOHandler.doSOAPSLO: return status for " + session + " is " + retStatus);
}
return retStatus;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
NameIDandSPpair(com.sun.identity.saml2.profile.NameIDandSPpair)
IDPSession(com.sun.identity.saml2.profile.IDPSession)
HashMap(java.util.HashMap)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
List(java.util.List)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 58 with SessionProvider
use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.
the class MultiProtocolUtils method addFederationProtocol.
/**
* Updates session property (<code>SingleLogoutManager.FEDERATION_PROTOCOLS
* </code>) with the new protocol information.
* @param session Session Object to be updated
* @param protocol Name of the Federation protocol to be added.
*/
public static void addFederationProtocol(Object session, String protocol) {
if (SingleLogoutManager.debug.messageEnabled()) {
SingleLogoutManager.debug.message("MPUtils.addFedProtocol:" + " protocol=" + protocol + ", session=" + session);
}
try {
SessionProvider provider = SessionManager.getProvider();
String[] values = provider.getProperty(session, SingleLogoutManager.FEDERATION_PROTOCOLS);
if (SingleLogoutManager.debug.messageEnabled()) {
SingleLogoutManager.debug.message("MPUtils.addFedProtocol:" + " current protocols=" + values);
}
if ((values == null) || (values.length == 0)) {
values = new String[] { protocol };
provider.setProperty(session, SingleLogoutManager.FEDERATION_PROTOCOLS, values);
} else {
Set set = new HashSet();
for (int i = 0; i < values.length; i++) {
set.add(values[i]);
}
if (!set.contains(protocol)) {
set.add(protocol);
String[] newVals = new String[set.size()];
set.toArray(newVals);
provider.setProperty(session, SingleLogoutManager.FEDERATION_PROTOCOLS, newVals);
}
}
} catch (UnsupportedOperationException ex) {
SingleLogoutManager.debug.warning("MPUtils.addFedProtocol", ex);
} catch (SessionException ex) {
SingleLogoutManager.debug.warning("MPUtils.addFedProtocol2", ex);
}
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
SessionException(com.sun.identity.plugin.session.SessionException)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
HashSet(java.util.HashSet)
Example 59 with SessionProvider
use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.
the class MultiProtocolUtils method isMultipleProtocolSession.
/**
* Returns true if the session is used in other federation protocols.
* @param request HttpServlet object
* @param protocol Protocol of the caller. Value is one of the following:
* <code>SingleLogoutManager.IDFF</code>
* <code>SingleLogoutManager.SAML2</code>
* <code>SingleLogoutManager.WS_FED</code>
* @return true if the session is used in other federation protocols,
* false otherwise.
*/
public static boolean isMultipleProtocolSession(HttpServletRequest request, String protocol) {
try {
SessionProvider provider = SessionManager.getProvider();
Object session = provider.getSession(request);
return isMultipleProtocolSession(session, protocol);
} catch (SessionException ex) {
SingleLogoutManager.debug.message("MPUtils.isMPSession?", ex);
return false;
}
}
Also used :
SessionException(com.sun.identity.plugin.session.SessionException)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 60 with SessionProvider
use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.
the class SAMLAwareServlet method IntersiteTransfer.
/**
* Creates a list of AssertionArtifact's id.
*
* @param request the <code>HttpServletRequest</code> object.
* @param response the <code>HttpServletResponse</code> object.
* @param target String representing the target host.
* @throws IOException if there is an error.
* @throws SAMLException if there is an error.
*/
private void IntersiteTransfer(HttpServletRequest request, HttpServletResponse response, String target) throws IOException, ServletException {
// put _Sites as HashSet, loop through _Sites.
// to check if the real target contains the siteid from the config
// and if the targte port number equals the port number in config
// (the port number is optional)
URL theTarget = new URL(target);
String theHost = theTarget.getHost();
int thePort = theTarget.getPort();
if (theHost == null) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.error("SAMLAwareServlet:IntersiteTransfer:" + "Failed to get host name of target URL.");
}
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "missingTargetHost", SAMLUtils.bundle.getString("missingTargetHost"));
return;
}
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("TargetUrl Host = " + theHost + " Port= " + thePort);
}
// target break on ":"
SAMLServiceManager.SiteEntry thisSite = null;
Set trustedserver = (Set) SAMLServiceManager.getAttribute(SAMLConstants.TRUSTED_SERVER_LIST);
if (trustedserver == null) {
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "nullTrustedSite", SAMLUtils.bundle.getString("nullTrustedSite"));
return;
}
Iterator iter = trustedserver.iterator();
while (iter.hasNext()) {
String key = null;
int portNum = 0;
SAMLServiceManager.SiteEntry se = (SAMLServiceManager.SiteEntry) iter.next();
key = se.getHostName();
portNum = se.getPort();
if (portNum != -1) {
if (theHost.indexOf(key) != -1) {
if (thePort != -1) {
if (thePort == portNum) {
thisSite = se;
break;
}
}
}
} else {
// there is no port number specified in the SiteEntry:Target
if (theHost.indexOf(key) != -1) {
thisSite = se;
}
}
}
if (thisSite != null) {
//create Session
Object ssoToken = null;
boolean loggedIn = false;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
if (ssoToken != null && sessionProvider.isValid(ssoToken)) {
loggedIn = true;
}
} catch (SessionException se) {
SAMLUtils.debug.message("Invalid SSO!");
}
if (!loggedIn) {
response.sendRedirect(SAMLUtils.getLoginRedirectURL(request));
return;
}
// create AssertionArtifact(s)
List artis = new ArrayList();
try {
artis = createArtifact(ssoToken, thisSite.getSourceID(), request, response, target, thisSite.getVersion());
} catch (SAMLException se) {
SAMLUtils.debug.error("IntersiteTransfer:Failed to create" + " AssertionArtifact(s)");
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "errorCreateArtifact", se.getMessage());
;
return;
}
//bounce the user off to the remote site, pointing them to the
//location of SamlAwareServlet at that site, and adding the
//assertion artifact
String targetName = (String) SAMLServiceManager.getAttribute(SAMLConstants.TARGET_SPECIFIER);
String artifactName = (String) SAMLServiceManager.getAttribute(SAMLConstants.ARTIFACT_NAME);
iter = artis.iterator();
StringBuffer sb = new StringBuffer(1000);
String samltmp = null;
while (iter.hasNext()) {
samltmp = URLEncDec.encode((String) iter.next());
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("Encoded SAML AssertionArtifact " + samltmp);
}
sb.append("&").append(artifactName).append("=").append(samltmp);
}
String redirecto = thisSite.getSAMLUrl() + "?" + targetName + "=" + URLEncDec.encode(target) + sb.toString();
response.setStatus(response.SC_MOVED_TEMPORARILY);
response.setHeader("Location", redirecto);
String[] data = { SAMLUtils.bundle.getString("redirectTo"), target, redirecto };
LogUtils.access(java.util.logging.Level.FINE, LogUtils.REDIRECT_TO_URL, data, ssoToken);
response.sendRedirect(redirecto);
} else {
String[] data = { SAMLUtils.bundle.getString("targetForbidden"), target };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.TARGET_FORBIDDEN, data);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_FORBIDDEN, "targetForbidden", SAMLUtils.bundle.getString("targetForbidden") + " " + target);
return;
}
}
Also used :
Set(java.util.Set)
ArrayList(java.util.ArrayList)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
URL(java.net.URL)
Iterator(java.util.Iterator)
SAMLServiceManager(com.sun.identity.saml.common.SAMLServiceManager)
ArrayList(java.util.ArrayList)
List(java.util.List)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Aggregations
SessionProvider (com.sun.identity.plugin.session.SessionProvider)66
SessionException (com.sun.identity.plugin.session.SessionException)61
SAMLException (com.sun.identity.saml.common.SAMLException)22
List (java.util.List)15
IOException (java.io.IOException)14
FSException (com.sun.identity.federation.common.FSException)13
HashMap (java.util.HashMap)12
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)11
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)10
Set (java.util.Set)10
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)9
FSSession (com.sun.identity.federation.services.FSSession)9
FSSessionManager (com.sun.identity.federation.services.FSSessionManager)9
ArrayList (java.util.ArrayList)9
Iterator (java.util.Iterator)8
Map (java.util.Map)8
FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)6
Assertion (com.sun.identity.saml.assertion.Assertion)6
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)6
HashSet (java.util.HashSet)6
