Search in sources :

Example 6 with SessionProvider

use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.

the class FSReturnLogoutServlet method doGetPost.

/**
     * Processes logout response.
     * @param request an <code>HttpServletRequest</code> object that contains 
     *  the request the client has made of the servlet.
     * @param response an <code>HttpServletResponse</code> object that contains
     *  the response the servlet sends to the client.
     * @exception ServletException if an input or output error is detected when
     *                             the servlet handles the request
     * @exception IOException if the request could not be handled
     */
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    FSUtils.debug.message("FSReturnLogoutServlet doGetPost...");
    // Alias processing
    String providerAlias = request.getParameter(IFSConstants.META_ALIAS);
    if (providerAlias == null || providerAlias.length() < 1) {
        providerAlias = FSServiceUtils.getMetaAlias(request);
    }
    if (providerAlias == null || providerAlias.length() < 1) {
        FSUtils.debug.message("Unable to retrieve alias, Hosted" + " Provider. Cannot process request");
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("aliasNotFound"));
        return;
    }
    Object ssoToken = null;
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        ssoToken = sessionProvider.getSession(request);
        if ((ssoToken == null) || (!sessionProvider.isValid(ssoToken))) {
            FSUtils.debug.message("FSReturnLogoutRequest: Unable to get principal");
            response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullSSOToken"));
            return;
        }
        univId = sessionProvider.getPrincipalName(ssoToken);
    } catch (SessionException ssoExp) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSReturnLogoutRequest: Unable to get principal", ssoExp);
        }
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullSSOToken"));
        return;
    }
    if (metaManager == null) {
        FSUtils.debug.error("Failed to get meta manager");
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FEDERATION_FAILED_META_INSTANCE));
        return;
    }
    String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
    String hostedRole = null;
    String hostedEntityId = null;
    BaseConfigType hostedConfig = null;
    try {
        hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
        hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
        if (hostedRole != null) {
            if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
                hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
            } else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
                hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
            }
        }
        if (hostedConfig == null) {
            throw new IDFFMetaException((String) null);
        }
    } catch (IDFFMetaException e) {
        FSUtils.debug.error("Failed to get Hosted Provider");
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
        return;
    }
    setLogoutURL(request, hostedConfig, providerAlias);
    // Here we will need to
    //   1. verify response signature
    //   2. verify response status
    //   3. retrieve registration request Id from Map
    //   4. if status success then do locally else not do locally and
    //   5. show status page or LRURL if found in MAP (eg intersiteTransfer)
    FSLogoutResponse logoutResponse = null;
    try {
        logoutResponse = FSLogoutResponse.parseURLEncodedRequest(request);
    } catch (FSMsgException e) {
        FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
        return;
    } catch (SAMLException e) {
        FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
        return;
    }
    String remoteEntityId = logoutResponse.getProviderId();
    ProviderDescriptorType remoteDesc = null;
    boolean isRemoteIDP = false;
    try {
        if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
            remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
        } else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
            remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
            isRemoteIDP = true;
        }
    } catch (IDFFMetaException e) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSLogoutReturnServlet.doGetPost:", e);
        }
    }
    if (remoteDesc == null) {
        FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
        return;
    }
    boolean bVerify = true;
    if (FSServiceUtils.isSigningOn()) {
        try {
            bVerify = verifyResponseSignature(request, remoteDesc, remoteEntityId, isRemoteIDP);
        } catch (SAMLException e) {
            bVerify = false;
        } catch (FSException e) {
            bVerify = false;
        }
    }
    Status status = logoutResponse.getStatus();
    String logoutStatus = status.getStatusCode().getValue();
    // remove session partner in case of logout success or this is IDP
    if (logoutStatus.equalsIgnoreCase(IFSConstants.SAML_SUCCESS) || !isRemoteIDP) {
        FSLogoutUtil.removeCurrentSessionPartner(providerAlias, remoteEntityId, ssoToken, univId);
    }
    if (bVerify) {
        // in ReturnSessionManager only if it is failure
        if (!logoutStatus.equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
            FSReturnSessionManager localManager = FSReturnSessionManager.getInstance(providerAlias);
            if (localManager != null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("update status of logout to failure " + " in session manager");
                }
                localManager.setLogoutStatus(logoutStatus, univId);
            } else {
                FSUtils.debug.message("Cannot get FSReturnSessionManager");
            }
            FSUtils.debug.error("FSReturnLogoutServlet, failed logout response " + logoutStatus);
            String[] data = { univId };
            LogUtil.error(Level.INFO, LogUtil.LOGOUT_FAILED, data, ssoToken);
            FSLogoutUtil.sendErrorPage(request, response, providerAlias);
            return;
        }
    } else {
        FSUtils.debug.error("FSReturnLogoutServlet " + "Signature on logout response is invalid" + "Cannot proceed logout");
        String[] data = { univId };
        LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data, ssoToken);
        FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
        return;
    }
    StringBuffer processLogout = new StringBuffer();
    request.setAttribute("logoutSource", "remote");
    processLogout.append(IFSConstants.SLO_VALUE).append("/").append(IFSConstants.META_ALIAS).append(providerAlias);
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("About to get RequestDispatcher for " + processLogout.toString());
    }
    RequestDispatcher dispatcher = getServletConfig().getServletContext().getRequestDispatcher(processLogout.toString());
    if (dispatcher == null) {
        FSUtils.debug.message("RequestDispatcher is null");
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Unable to find " + processLogout + "\ncalling sendErrorPage ");
        }
        FSLogoutUtil.sendErrorPage(request, response, providerAlias);
        return;
    }
    dispatcher.forward(request, response);
    return;
}
Also used : Status(com.sun.identity.saml.protocol.Status) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType) SessionException(com.sun.identity.plugin.session.SessionException) FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse) SAMLException(com.sun.identity.saml.common.SAMLException) RequestDispatcher(javax.servlet.RequestDispatcher) BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) FSException(com.sun.identity.federation.common.FSException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 7 with SessionProvider

use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.

the class FSSSOAndFedHandler method doSingleSignOn.

protected boolean doSingleSignOn(Object ssoToken, String inResponseTo) {
    FSUtils.debug.message("FSSSOAndFedHandler.doSingleSignOn(2):  Called");
    try {
        String securityDomain = authnRequest.getProviderId();
        String affiliationID = authnRequest.getAffiliationID();
        if (affiliationID != null) {
            securityDomain = affiliationID;
        }
        SessionProvider sessionProvider = SessionManager.getProvider();
        String userID = sessionProvider.getPrincipalName(ssoToken);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedHandler.doSingleSignOn: " + "Initiating SSO for user with ID: " + userID);
        }
        FSAccountFedInfo accountInfo = accountManager.readAccountFedInfo(userID, securityDomain);
        if (accountInfo == null) {
            FSUtils.debug.error("FSSSOAndFedHandler.doSingleSignOn: Account Federation " + "Information not found for user with ID: " + userID);
            noFedStatus = new Status(new StatusCode("samlp:Responder", new StatusCode("lib:FederationDoesNotExist", null)), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null);
            String[] data = { userID };
            LogUtil.error(Level.INFO, LogUtil.USER_ACCOUNT_FEDERATION_INFO_NOT_FOUND, data, ssoToken);
            return false;
        }
        if (accountInfo != null && accountInfo.isFedStatusActive() && accountInfo.getLocalNameIdentifier() != null) {
            // Check if this is 6.2
            NameIdentifier localNI = accountInfo.getLocalNameIdentifier();
            String qualifier = localNI.getNameQualifier();
            if (qualifier != null && qualifier.equals(hostedEntityId)) {
                localNI = new NameIdentifier(localNI.getName(), securityDomain);
                NameIdentifier remoteNI = accountInfo.getRemoteNameIdentifier();
                if (remoteNI != null) {
                    remoteNI = new NameIdentifier(remoteNI.getName(), securityDomain);
                }
                FSAccountFedInfoKey newFedKey = new FSAccountFedInfoKey(securityDomain, localNI.getName());
                accountInfo = new FSAccountFedInfo(securityDomain, localNI, remoteNI, false);
                accountManager.writeAccountFedInfo(userID, newFedKey, accountInfo);
                FSAccountFedInfoKey oldFedKey = new FSAccountFedInfoKey(hostedEntityId, localNI.getName());
                accountManager.removeAccountFedInfoKey(userID, oldFedKey);
            }
        }
        NameIdentifier idpNI = accountInfo.getLocalNameIdentifier();
        if (idpNI == null) {
            idpNI = accountInfo.getRemoteNameIdentifier();
            if (idpNI == null) {
                FSUtils.debug.error("FSSSOAndFedHandler.doSingleSignOn: " + "NameIdentifier not found");
                return false;
            }
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.doSingleSignOn: " + "IDP generated opaque handle: " + idpNI.getName());
            }
        }
        NameIdentifier spNI = accountInfo.getRemoteNameIdentifier();
        if (spNI == null) {
            spNI = idpNI;
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.doSingleSignOn: " + "SP generated opaque handle: " + spNI.getName());
            }
        }
        return doSingleSignOn(ssoToken, inResponseTo, spNI, idpNI);
    } catch (Exception e) {
        FSUtils.debug.error("FSSSOAndFedHandler.doSingleSignOn: " + "Exception during Single Sign-On:", e);
        return false;
    }
}
Also used : Status(com.sun.identity.saml.protocol.Status) FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey) StatusCode(com.sun.identity.saml.protocol.StatusCode) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) FSRedirectException(com.sun.identity.federation.common.FSRedirectException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 8 with SessionProvider

use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.

the class FSSSOAndFedHandler method processPreAuthnSSO.

/**
     * Handles authentication request.
     * @param authnRequest <code>FSAuthnRequest</code> object
     * @return <code>true</code> if the request is handled successfully;
     *  <code>false</code> otherwise.
     */
public boolean processPreAuthnSSO(FSAuthnRequest authnRequest) {
    FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: Called");
    String loginURL = null;
    List authenticationContextClassRef = null;
    String currentAuthnContextRef = null;
    String authType = null;
    FSAuthContextResult authnResult = null;
    FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
    if (authnRequest.getAuthnContext() != null) {
        authenticationContextClassRef = authnRequest.getAuthnContext().getAuthnContextClassRefList();
        if (authenticationContextClassRef == null) {
            String authCtxRefDefault = IFSConstants.DEFAULT_AUTHNCONTEXT_PASSWORD;
            authenticationContextClassRef = new ArrayList();
            authenticationContextClassRef.add(authCtxRefDefault);
        }
        authType = authnRequest.getAuthContextCompType();
        currentAuthnContextRef = null;
    }
    boolean authenticated = true;
    Object ssoToken = null;
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        ssoToken = sessionProvider.getSession(request);
        if (ssoToken == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "session is null. User is not authenticated.");
            }
            authenticated = false;
        } else if (!sessionProvider.isValid(ssoToken)) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "session is not valid. User is not authenticated.");
            }
            authenticated = false;
        } else {
            FSSession ssoSession = sessionMgr.getSession(ssoToken);
            if (ssoSession != null) {
                currentAuthnContextRef = ssoSession.getAuthnContext();
                if (currentAuthnContextRef != null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User has an existing " + "valid session with authnContext: " + currentAuthnContextRef);
                    }
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's authentication" + " context information not found using " + "default authentication context");
                    }
                    currentAuthnContextRef = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
                }
            } else {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.process" + "PreAuthnSSO: User's authenticated session " + "information is not present in FSSessionManager. " + "using default authentication context");
                }
                currentAuthnContextRef = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
            }
            authenticated = true;
        }
        if (authenticated) {
            // added in case of multiple SPs
            try {
                sessionProvider.addListener(ssoToken, new FSTokenListener(metaAlias));
            } catch (Exception e) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "Couldn't add listener to session:", e);
                }
            }
        }
    } catch (SessionException se) {
        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "SSOException Occured: User does not have session " + se.getMessage());
        authenticated = false;
    }
    //Initiate proxying
    if (!authenticated) {
        try {
            boolean isProxy = isIDPProxyEnabled(authnRequest);
            if (isProxy && !authnRequest.getFederate()) {
                String preferredIDP = getPreferredIDP(authnRequest);
                if (preferredIDP != null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.process" + "PreAuthnSSO:IDP to be proxied" + preferredIDP);
                    }
                    sendProxyAuthnRequest(authnRequest, preferredIDP);
                    return true;
                }
            //else continue for the local authentication.
            }
        } catch (FSRedirectException re) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandle.processPreAuthnSSO:" + "Redirecting for the proxy handling.");
            }
            return true;
        } catch (Exception ex) {
            FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO:" + "Exception occured while processing for the proxy.", ex);
            return false;
        }
    }
    try {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "User's authentication status: " + authenticated);
        }
        FSAuthnDecisionHandler authnDecisionHandler = new FSAuthnDecisionHandler(realm, hostedEntityId, request);
        List defAuthnCxtList = new ArrayList();
        defAuthnCxtList.add(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT));
        if (authnRequest.getIsPassive()) {
            if (authnRequest.getForceAuthn()) {
                if (FSUtils.debug.warningEnabled()) {
                    FSUtils.debug.warning("FSSSOAndFedHandler.PreAuthnSSO: " + "IDP is passive can't force authentication.");
                }
                return false;
            } else {
                if (authenticated) {
                    if (authenticationContextClassRef != null) {
                        authnResult = authnDecisionHandler.decideAuthnContext(authenticationContextClassRef, currentAuthnContextRef, authType);
                    } else {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication context is default");
                        }
                        authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList, authType);
                    }
                    if (authnResult == null) {
                        return false;
                    }
                    if (authnResult.getLoginURL() != null) {
                        // When it's not null.,
                        // we should show the login page
                        // may be it'asking for higher auth context.
                        loginURL = authnResult.getLoginURL();
                        loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
                        FSUtils.forwardRequest(request, response, loginURL);
                        return true;
                    } else {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is evaluated to be valid");
                        }
                        return processPostAuthnSSO(authnRequest);
                    }
                } else {
                    if (FSUtils.debug.warningEnabled()) {
                        FSUtils.debug.warning("FSSSOAndFedHandler.processPreAuthnSSO: " + "IDP is passive and user is not authenticated");
                    }
                    noFedStatus = new Status(new StatusCode("samlp:Responder", new StatusCode("lib:NoPassive", null)), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null);
                    return false;
                }
            }
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: AuthnRequest is active");
            }
            if (authnRequest.getForceAuthn()) {
                if (authenticationContextClassRef != null) {
                    authnResult = authnDecisionHandler.getURLForAuthnContext(authenticationContextClassRef, authType);
                } else {
                    authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList);
                }
                if (authnResult == null || authnResult.getLoginURL() == null || authnResult.getLoginURL().length() == 0) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO:" + "AuthnDecision engine failed to take a " + "authn decision");
                    }
                    return false;
                } else {
                    if (ssoToken != null) {
                        try {
                            SessionManager.getProvider().invalidateSession(ssoToken, request, response);
                        } catch (SessionException ssoe) {
                            FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO:" + "Unable to invalidate the sso session.");
                        }
                        ssoToken = null;
                    }
                    loginURL = authnResult.getLoginURL();
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "AuthnDecision engine returned: " + loginURL);
                    }
                }
                loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
                FSUtils.forwardRequest(request, response, loginURL);
                response.flushBuffer();
                return true;
            } else {
                if (authenticated) {
                    if (authenticationContextClassRef != null) {
                        authnResult = authnDecisionHandler.decideAuthnContext(authenticationContextClassRef, currentAuthnContextRef, authType);
                    } else {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is default");
                        }
                        authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList, authType);
                    }
                    if (authnResult == null) {
                        return false;
                    } else if (authnResult.getLoginURL() == null) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is evaluated to be valid");
                        }
                        return processPostAuthnSSO(authnRequest);
                    } else if (authnResult.getLoginURL().length() == 0) {
                        return false;
                    } else {
                        loginURL = authnResult.getLoginURL();
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO" + ": AuthnDecision engine returned: " + loginURL);
                        }
                    }
                    loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
                    FSUtils.forwardRequest(request, response, loginURL);
                    return true;
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: AuthnRequest is active");
                    }
                    //redirect for authentication authnContextRef
                    if (authenticationContextClassRef != null) {
                        authnResult = authnDecisionHandler.getURLForAuthnContext(authenticationContextClassRef, authType);
                    } else {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is default");
                        }
                        authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList, authType);
                    }
                    if (authnResult == null || authnResult.getLoginURL() == null || authnResult.getLoginURL().length() == 0) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler. processPreAuthnSSO: " + " AuthnDecision engine" + " failed to take a decision");
                        }
                        noFedStatus = new Status(new StatusCode("samlp:Responder", new StatusCode("lib:NoAuthnContext", null)), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null);
                        return false;
                    } else {
                        loginURL = authnResult.getLoginURL();
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "AuthnDecision engine returned: " + loginURL);
                        }
                    }
                    loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
                    FSUtils.forwardRequest(request, response, loginURL);
                    return true;
                }
            }
        }
    } catch (Exception e) {
        FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO: " + "Exception occured");
        return processPostAuthnSSO(authnRequest);
    }
}
Also used : Status(com.sun.identity.saml.protocol.Status) ArrayList(java.util.ArrayList) FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) FSRedirectException(com.sun.identity.federation.common.FSRedirectException) StatusCode(com.sun.identity.saml.protocol.StatusCode) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) FSRedirectException(com.sun.identity.federation.common.FSRedirectException) FSAuthContextResult(com.sun.identity.federation.services.FSAuthContextResult) FSAuthnDecisionHandler(com.sun.identity.federation.services.FSAuthnDecisionHandler) List(java.util.List) ArrayList(java.util.ArrayList) FSTokenListener(com.sun.identity.federation.services.logout.FSTokenListener) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 9 with SessionProvider

use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.

the class FSLogoutUtil method getValidToken.

/**
     * Retrieves the session token from the Http Request, and
     * validates the token with the OpenAM session manager.
     * @param request <code>HTTPServletRequest</code> object containing the 
     *  session cookie information
     * @return session token if request contained valid
     *  session info; <code>false</code> otherwise.
     */
protected static Object getValidToken(HttpServletRequest request) {
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        Object ssoToken = sessionProvider.getSession(request);
        if ((ssoToken == null) || (!sessionProvider.isValid(ssoToken))) {
            FSUtils.debug.message("session is not valid,redirecting for authentication");
            return null;
        }
        return ssoToken;
    } catch (SessionException e) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("getValidToken: SessionException caught:", e);
        }
        return null;
    }
}
Also used : SessionException(com.sun.identity.plugin.session.SessionException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 10 with SessionProvider

use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.

the class FSLogoutUtil method removeTokenFromSession.

/*
     * Cleans the FSSessionMap when the session token expires, idles out and/or 
     * when the user has closed his browser without actually performing a 
     * logout.
     * @param token the session token used to identify the user's 
     *  session
     * @param metaAlias the hosted provider performing logout
     */
public static void removeTokenFromSession(Object token, String metaAlias) {
    String univId = "";
    String tokenId = "";
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        univId = sessionProvider.getPrincipalName(token);
        tokenId = sessionProvider.getSessionID(token);
    } catch (SessionException e) {
        if (FSUtils.debug.warningEnabled()) {
            FSUtils.debug.warning("SessionException in removeTokenFromSession", e);
        }
        return;
    }
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("Entered removeTokenFromSession for user: " + univId);
    }
    FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
    FSSession currentSession = sessionMgr.getSession(univId, tokenId);
    if (currentSession != null) {
        sessionMgr.removeSession(univId, currentSession);
    }
}
Also used : FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Aggregations

SessionProvider (com.sun.identity.plugin.session.SessionProvider)66 SessionException (com.sun.identity.plugin.session.SessionException)61 SAMLException (com.sun.identity.saml.common.SAMLException)22 List (java.util.List)15 IOException (java.io.IOException)14 FSException (com.sun.identity.federation.common.FSException)13 HashMap (java.util.HashMap)12 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)11 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)10 Set (java.util.Set)10 FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)9 FSSession (com.sun.identity.federation.services.FSSession)9 FSSessionManager (com.sun.identity.federation.services.FSSessionManager)9 ArrayList (java.util.ArrayList)9 Iterator (java.util.Iterator)8 Map (java.util.Map)8 FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)6 Assertion (com.sun.identity.saml.assertion.Assertion)6 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)6 HashSet (java.util.HashSet)6