use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.
the class SAML2PostAuthenticationPlugin method onLoginSuccess.
/**
* If enabled, performs the first-stage of SLO - by recording the currently logged in user.
* The information relating to a remote user is stored alongside their local information, and upon
* active-logout is used to trigger a call to the IdP requesting their logout.
*
* @param requestParamsMap map containing <code>HttpServletRequest</code>
* parameters
* @param request <code>HttpServletRequest</code> object.
* @param response <code>HttpServletResponse</code> object.
* @param ssoToken authenticated user's single sign token.
*/
@Override
public void onLoginSuccess(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) {
try {
final String metaAlias = ssoToken.getProperty(SAML2Constants.METAALIAS);
final String sessionIndex = ssoToken.getProperty(SAML2Constants.SESSION_INDEX);
final String spEntityId = ssoToken.getProperty(SAML2Constants.SPENTITYID);
final String idpEntityId = ssoToken.getProperty(SAML2Constants.IDPENTITYID);
final String nameIdXML = ssoToken.getProperty(SAML2Constants.NAMEID);
final NameID nameId = new NameIDImplWithoutSPNameQualifier(nameIdXML);
final boolean isTransient = Boolean.parseBoolean(ssoToken.getProperty(Constants.IS_TRANSIENT));
final String requestId = ssoToken.getProperty(Constants.REQUEST_ID);
final SessionProvider sessionProvider = SessionManager.getProvider();
final NameIDInfo info = new NameIDInfo(spEntityId, idpEntityId, nameId, SAML2Constants.SP_ROLE, false);
final String ssOutEnabled = ssoToken.getProperty(SAML2Constants.SINGLE_LOGOUT);
final String cacheKey = ssoToken.getProperty(Constants.CACHE_KEY);
final String realm = DNMapper.orgNameToRealmName(ssoToken.getProperty(com.sun.identity.shared.Constants.ORGANIZATION));
SAML2ResponseData data = (SAML2ResponseData) SAML2Store.getTokenFromStore(cacheKey);
if (data == null && SAML2FailoverUtils.isSAML2FailoverEnabled()) {
data = (SAML2ResponseData) SAML2FailoverUtils.retrieveSAML2Token(cacheKey);
}
if (data == null) {
throw new SAML2Exception("Unable to retrieve response map from data cache.");
}
if (Boolean.parseBoolean(ssOutEnabled)) {
setupSingleLogOut(ssoToken, metaAlias, sessionIndex, spEntityId, idpEntityId, nameId);
}
configureIdpInitSLO(sessionProvider, ssoToken, sessionIndex, metaAlias, info, isTransient, requestId);
configurePostSSO(spEntityId, realm, request, response, ssoToken, sessionProvider, data.getResponseInfo(), cacheKey);
clearSession(ssoToken);
} catch (SAML2Exception | SessionException | SSOException | SAML2TokenRepositoryException e) {
//debug warning and fall through
DEBUG.warning("Error saving SAML assertion information in memory. SLO not configured for this session.", e);
}
}
Aggregations