Search in sources :

Example 66 with SessionProvider

use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.

the class SAML2PostAuthenticationPlugin method onLoginSuccess.

/**
     * If enabled, performs the first-stage of SLO - by recording the currently logged in user.
     * The information relating to a remote user is stored alongside their local information, and upon
     * active-logout is used to trigger a call to the IdP requesting their logout.
     *
     * @param requestParamsMap map containing <code>HttpServletRequest</code>
     *        parameters
     * @param request <code>HttpServletRequest</code> object.
     * @param response <code>HttpServletResponse</code> object.
     * @param ssoToken authenticated user's single sign token.
     */
@Override
public void onLoginSuccess(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) {
    try {
        final String metaAlias = ssoToken.getProperty(SAML2Constants.METAALIAS);
        final String sessionIndex = ssoToken.getProperty(SAML2Constants.SESSION_INDEX);
        final String spEntityId = ssoToken.getProperty(SAML2Constants.SPENTITYID);
        final String idpEntityId = ssoToken.getProperty(SAML2Constants.IDPENTITYID);
        final String nameIdXML = ssoToken.getProperty(SAML2Constants.NAMEID);
        final NameID nameId = new NameIDImplWithoutSPNameQualifier(nameIdXML);
        final boolean isTransient = Boolean.parseBoolean(ssoToken.getProperty(Constants.IS_TRANSIENT));
        final String requestId = ssoToken.getProperty(Constants.REQUEST_ID);
        final SessionProvider sessionProvider = SessionManager.getProvider();
        final NameIDInfo info = new NameIDInfo(spEntityId, idpEntityId, nameId, SAML2Constants.SP_ROLE, false);
        final String ssOutEnabled = ssoToken.getProperty(SAML2Constants.SINGLE_LOGOUT);
        final String cacheKey = ssoToken.getProperty(Constants.CACHE_KEY);
        final String realm = DNMapper.orgNameToRealmName(ssoToken.getProperty(com.sun.identity.shared.Constants.ORGANIZATION));
        SAML2ResponseData data = (SAML2ResponseData) SAML2Store.getTokenFromStore(cacheKey);
        if (data == null && SAML2FailoverUtils.isSAML2FailoverEnabled()) {
            data = (SAML2ResponseData) SAML2FailoverUtils.retrieveSAML2Token(cacheKey);
        }
        if (data == null) {
            throw new SAML2Exception("Unable to retrieve response map from data cache.");
        }
        if (Boolean.parseBoolean(ssOutEnabled)) {
            setupSingleLogOut(ssoToken, metaAlias, sessionIndex, spEntityId, idpEntityId, nameId);
        }
        configureIdpInitSLO(sessionProvider, ssoToken, sessionIndex, metaAlias, info, isTransient, requestId);
        configurePostSSO(spEntityId, realm, request, response, ssoToken, sessionProvider, data.getResponseInfo(), cacheKey);
        clearSession(ssoToken);
    } catch (SAML2Exception | SessionException | SSOException | SAML2TokenRepositoryException e) {
        //debug warning and fall through
        DEBUG.warning("Error saving SAML assertion information in memory. SLO not configured for this session.", e);
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) NameIDInfo(com.sun.identity.saml2.common.NameIDInfo) NameID(com.sun.identity.saml2.assertion.NameID) NameIDImplWithoutSPNameQualifier(com.sun.identity.saml2.assertion.impl.NameIDImplWithoutSPNameQualifier) SessionException(com.sun.identity.plugin.session.SessionException) SSOException(com.iplanet.sso.SSOException) SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Aggregations

SessionProvider (com.sun.identity.plugin.session.SessionProvider)66 SessionException (com.sun.identity.plugin.session.SessionException)61 SAMLException (com.sun.identity.saml.common.SAMLException)22 List (java.util.List)15 IOException (java.io.IOException)14 FSException (com.sun.identity.federation.common.FSException)13 HashMap (java.util.HashMap)12 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)11 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)10 Set (java.util.Set)10 FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)9 FSSession (com.sun.identity.federation.services.FSSession)9 FSSessionManager (com.sun.identity.federation.services.FSSessionManager)9 ArrayList (java.util.ArrayList)9 Iterator (java.util.Iterator)8 Map (java.util.Map)8 FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)6 Assertion (com.sun.identity.saml.assertion.Assertion)6 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)6 HashSet (java.util.HashSet)6