Search in sources :

Example 36 with SessionProvider

use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.

the class FSAssertionManager method createFSAssertion.

/**
     * Creates an assertion artifact.
     * @param id session ID
     * @param artifact assertion artifact
     * @param realm the realm under which the entity resides.
     * @param spEntityID service provider's entity ID
     * @param spHandle service provider issued <code>NameIdentifier</code>
     * @param idpHandle identity provider issued <code>NameIdentifier</code>
     * @param inResponseTo value to InResponseTo attribute. It's the request ID.
     * @param assertionMinorVersion minor version the assertion should use
     * @exception FSException,SAMLException if error occurrs
     */
public FSAssertion createFSAssertion(String id, AssertionArtifact artifact, String realm, String spEntityID, NameIdentifier spHandle, NameIdentifier idpHandle, String inResponseTo, int assertionMinorVersion) throws FSException, SAMLException {
    FSUtils.debug.message("FSAssertionManager.createFSAssertion(id): Called");
    // check input
    if ((id == null) || (spEntityID == null)) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionManager: null input for" + " method createFSAssertion.");
        }
        throw new FSException("nullInput", null);
    }
    String destID = spEntityID;
    String authMethod = null;
    String authnContextStatementRef = null;
    String authnContextClassRef = null;
    Date authInstant = null;
    String securityDomain = null;
    Object token = null;
    String univId = null;
    SubjectLocality authLocality = null;
    FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
    IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
    Map attributes = new HashMap();
    if (metaManager != null) {
        BaseConfigType idpConfig = null;
        try {
            idpConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
        } catch (IDFFMetaException e) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionManager.createFSAssertion: exception while" + " obtaining idp extended meta:", e);
            }
            idpConfig = null;
        }
        if (idpConfig != null) {
            attributes = IDFFMetaUtils.getAttributes(idpConfig);
        }
    }
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        token = sessionProvider.getSession(id);
        String[] strAuthInst = null;
        try {
            strAuthInst = sessionProvider.getProperty(token, SessionProvider.AUTH_INSTANT);
        } catch (UnsupportedOperationException ue) {
            if (FSUtils.debug.warningEnabled()) {
                FSUtils.debug.warning("FSAssertionManager.createFSAssertion(id):", ue);
            }
        } catch (SessionException se) {
            if (FSUtils.debug.warningEnabled()) {
                FSUtils.debug.warning("FSAssertionManager.createFSAssertion(id):", se);
            }
        }
        if ((strAuthInst != null) && (strAuthInst.length >= 1)) {
            try {
                authInstant = DateUtils.stringToDate(strAuthInst[0]);
            } catch (ParseException ex) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSAssertionManager." + "createFSAssertion(id): AuthInstant not found" + "in the Token");
                }
            }
        } else {
            authInstant = new java.util.Date();
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionManager.createFSAssertion(id):AuthInstant = " + authInstant);
        }
        try {
            String[] strAuthMethod = sessionProvider.getProperty(token, SessionProvider.AUTH_METHOD);
            if ((strAuthMethod != null) && (strAuthMethod.length >= 1)) {
                authMethod = strAuthMethod[0];
            }
        } catch (UnsupportedOperationException ue) {
            if (FSUtils.debug.warningEnabled()) {
                FSUtils.debug.warning("FSAssertionManager.createFSAssertion(id):", ue);
            }
        } catch (SessionException se) {
            if (FSUtils.debug.warningEnabled()) {
                FSUtils.debug.warning("FSAssertionManager.createFSAssertion(id):", se);
            }
        }
        String assertionIssuer = IDFFMetaUtils.getFirstAttributeValue(attributes, IFSConstants.ASSERTION_ISSUER);
        if (assertionIssuer == null) {
            assertionIssuer = SystemConfigurationUtil.getProperty("com.iplanet.am.server.host");
        }
        try {
            String ipAddress = InetAddress.getByName(assertionIssuer).getHostAddress();
            authLocality = new SubjectLocality(ipAddress, assertionIssuer);
        } catch (UnknownHostException uhe) {
            FSUtils.debug.error("FSAssertionManager.constructor: couldn't" + " obtain the localhost's ipaddress:", uhe);
        }
        try {
            FSSession session = sessionManager.getSession(token);
            authnContextClassRef = session.getAuthnContext();
            authnContextStatementRef = authnContextClassRef;
        } catch (Exception ex) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionManager.createFSAssertion" + "(id): AuthnContextStatement for the token is null" + " Assertion will not contain any " + " AuthenticationStatement");
            }
            authnContextStatementRef = null;
        }
        if (authnContextStatementRef != null) {
            if (assertionMinorVersion == IFSConstants.FF_11_ASSERTION_MINOR_VERSION) {
                authMethod = IFSConstants.AC_XML_NS;
            } else {
                authMethod = IFSConstants.AC_12_XML_NS;
            }
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionManager.createFSAssertion(id):" + "AuthnContextStatement used for authenticating the user: " + authnContextStatementRef);
        }
        univId = sessionProvider.getPrincipalName(token);
        securityDomain = hostEntityId;
    } catch (Exception e) {
        FSUtils.debug.error("FSAssertionManager.createAssertion(id):" + " exception retrieving info from the session: ", e);
        throw new FSException("alliance_manager_no_local_descriptor", null, e);
    }
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Creating Authentication Assertion for user with" + "opaqueHandle= " + spHandle.getName() + " And SecurityDomain= " + securityDomain);
    }
    SubjectConfirmation subConfirmation = null;
    String artString = null;
    if (artifact != null) {
        artString = artifact.getAssertionArtifact();
        if (assertionMinorVersion == IFSConstants.FF_11_ASSERTION_MINOR_VERSION) {
            subConfirmation = new SubjectConfirmation(SAMLConstants.DEPRECATED_CONFIRMATION_METHOD_ARTIFACT);
        } else {
            subConfirmation = new SubjectConfirmation(SAMLConstants.CONFIRMATION_METHOD_ARTIFACT);
        }
        subConfirmation.setSubjectConfirmationData(artString);
    } else {
        // set to bearer for POST profile
        subConfirmation = new SubjectConfirmation(SAMLConstants.CONFIRMATION_METHOD_BEARER);
    }
    IDPProvidedNameIdentifier idpNi = null;
    if (assertionMinorVersion == IFSConstants.FF_12_POST_ASSERTION_MINOR_VERSION || assertionMinorVersion == IFSConstants.FF_12_ART_ASSERTION_MINOR_VERSION) {
        idpNi = new IDPProvidedNameIdentifier(idpHandle.getName(), idpHandle.getNameQualifier(), spHandle.getFormat());
        idpNi.setMinorVersion(IFSConstants.FF_12_PROTOCOL_MINOR_VERSION);
    } else {
        idpNi = new IDPProvidedNameIdentifier(idpHandle.getNameQualifier(), idpHandle.getName());
    }
    FSSubject sub = new FSSubject(spHandle, subConfirmation, idpNi);
    AuthnContext authnContext = new AuthnContext(authnContextClassRef, authnContextStatementRef);
    authnContext.setMinorVersion(assertionMinorVersion);
    FSAuthenticationStatement statement = new FSAuthenticationStatement(authMethod, authInstant, sub, authLocality, null, authnContext);
    FSSession session = sessionManager.getSession(univId, id);
    if (session == null) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionManager.createAssertion(id): " + "AssertionManager could not find a valid Session for" + "userId: " + univId + " SessionID: " + id);
        }
        return null;
    }
    String sessionIndex = session.getSessionIndex();
    if (sessionIndex == null) {
        sessionIndex = SAMLUtils.generateID();
        session.setSessionIndex(sessionIndex);
    }
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSAssertionManager.createAssertion(id): SessionIndex: " + sessionIndex);
    }
    statement.setSessionIndex(sessionIndex);
    //setReauthenticateOnOrAfter date
    Date issueInstant = new Date();
    // get this period from the config
    FSUtils.debug.message("here before date");
    Date notAfter;
    if (artifact != null) {
        notAfter = new Date(issueInstant.getTime() + artifactTimeout);
    } else {
        notAfter = new Date(issueInstant.getTime() + assertionTimeout);
    }
    FSUtils.debug.message("here after date");
    statement.setReauthenticateOnOrAfter(notAfter);
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Authentication Statement: " + statement.toXMLString());
    }
    Conditions cond = new Conditions(null, notAfter);
    if ((destID != null) && (destID.length() != 0)) {
        List targets = new ArrayList();
        targets.add(destID);
        cond.addAudienceRestrictionCondition(new AudienceRestrictionCondition(targets));
    }
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Authentication Statement: " + statement.toXMLString());
    }
    /**
         * This is added to create an attribute statement for the bootstrap
         * information.
         */
    AttributeStatement attribStatement = null;
    Advice advice = null;
    String generateBootstrapping = IDFFMetaUtils.getFirstAttributeValue(attributes, IFSConstants.GENERATE_BOOTSTRAPPING);
    if (assertionMinorVersion != IFSConstants.FF_11_ASSERTION_MINOR_VERSION && (generateBootstrapping != null && generateBootstrapping.equals("true"))) {
        AuthnContext authContext = new AuthnContext(null, authnContextStatementRef);
        authContext.setMinorVersion(IFSConstants.FF_12_PROTOCOL_MINOR_VERSION);
        try {
            FSDiscoveryBootStrap bootStrap = new FSDiscoveryBootStrap(token, authContext, sub, univId, destID, realm);
            attribStatement = bootStrap.getBootStrapStatement();
            if (bootStrap.hasCredentials()) {
                advice = bootStrap.getCredentials();
            }
        } catch (Exception e) {
            FSUtils.debug.error("FSAssertionManager.createAssertion(id):" + "exception when generating bootstrapping resource " + "offering:", e);
        }
    }
    AssertionIDReference aID = new AssertionIDReference();
    Set statements = new HashSet();
    statements.add(statement);
    if (attribStatement != null) {
        statements.add(attribStatement);
    }
    String attributePluginImpl = IDFFMetaUtils.getFirstAttributeValue(attributes, IFSConstants.ATTRIBUTE_PLUGIN);
    if ((attributePluginImpl != null) && (attributePluginImpl.length() != 0)) {
        try {
            Object pluginClass = Thread.currentThread().getContextClassLoader().loadClass(attributePluginImpl).newInstance();
            List attribStatements = null;
            if (pluginClass instanceof FSRealmAttributePlugin) {
                FSRealmAttributePlugin attributePlugin = (FSRealmAttributePlugin) pluginClass;
                attribStatements = attributePlugin.getAttributeStatements(realm, hostEntityId, destID, sub, token);
            } else if (pluginClass instanceof FSAttributePlugin) {
                FSAttributePlugin attributePlugin = (FSAttributePlugin) pluginClass;
                attribStatements = attributePlugin.getAttributeStatements(hostEntityId, destID, sub, token);
            }
            if ((attribStatements != null) && (attribStatements.size() != 0)) {
                Iterator iter = attribStatements.iterator();
                while (iter.hasNext()) {
                    statements.add((AttributeStatement) iter.next());
                }
            }
        } catch (Exception ex) {
            FSUtils.debug.error("FSAssertion.createAssertion(id):getAttributePlugin:", ex);
        }
    }
    if (IDFFMetaUtils.isAutoFedEnabled(attributes)) {
        AttributeStatement autoFedStatement = FSAttributeStatementHelper.getAutoFedAttributeStatement(realm, hostEntityId, sub, token);
        statements.add(autoFedStatement);
    }
    FSAssertion assertion = new FSAssertion(aID.getAssertionIDReference(), hostEntityId, issueInstant, cond, advice, statements, inResponseTo);
    assertion.setMinorVersion(assertionMinorVersion);
    assertion.setID(aID.getAssertionIDReference());
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Assertion created successfully: " + assertion.toXMLString());
    }
    String aIDString = assertion.getAssertionID();
    Entry entry = new Entry(assertion, destID, artString, token);
    Integer maxNumber = null;
    try {
        int temp = Integer.parseInt(IDFFMetaUtils.getFirstAttributeValue(attributes, IFSConstants.ASSERTION_LIMIT));
        maxNumber = new Integer(temp);
    } catch (Exception ex) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Assertion MAX number configuration not found in " + "FSConfig. Using Default");
        }
        maxNumber = null;
    }
    if (maxNumber == null) {
        maxNumber = new Integer(IFSConstants.ASSERTION_MAX_NUMBER_DEFAULT);
    }
    int maxValue = maxNumber.intValue();
    if ((maxValue != 0) && (idEntryMap.size() > maxValue)) {
        FSUtils.debug.error("FSAssertionManager.createAssertion: " + "reached maxNumber of assertions.");
        throw new FSException("errorCreateAssertion", null);
    }
    Object oldEntry = null;
    try {
        synchronized (idEntryMap) {
            oldEntry = idEntryMap.put(aIDString, entry);
        }
        if ((agent != null) && agent.isRunning() && (idffSvc != null)) {
            idffSvc.setAssertions((long) idEntryMap.size());
        }
    } catch (Exception e) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionManager: couldn't add " + "to idEntryMap.", e);
        }
        throw new FSException("errorCreateAssertion", null);
    }
    if (LogUtil.isAccessLoggable(Level.FINER)) {
        String[] data = { assertion.toString() };
        LogUtil.access(Level.FINER, LogUtil.CREATE_ASSERTION, data, token);
    } else {
        String[] data = { assertion.getAssertionID() };
        LogUtil.access(Level.INFO, LogUtil.CREATE_ASSERTION, data, token);
    }
    if (artString != null) {
        try {
            synchronized (artIdMap) {
                oldEntry = artIdMap.put(artString, aIDString);
            }
            if ((agent != null) && agent.isRunning() && (idffSvc != null)) {
                idffSvc.setArtifacts((long) artIdMap.size());
            }
        } catch (Exception e) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionManager: couldn't add " + "artifact to the artIdMap.", e);
            }
            throw new FSException("errorCreateArtifact", null);
        }
        if (oldEntry != null) {
            artifactTimeoutRunnable.removeElement(aIDString);
        }
        artifactTimeoutRunnable.addElement(aIDString);
    } else {
        if (oldEntry != null) {
            assertionTimeoutRunnable.removeElement(aIDString);
        }
        assertionTimeoutRunnable.addElement(aIDString);
    }
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Returning Assertion: " + assertion.toXMLString());
    }
    return assertion;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) HashMap(java.util.HashMap) FSSubject(com.sun.identity.federation.message.FSSubject) Date(java.util.Date) ArrayList(java.util.ArrayList) SessionException(com.sun.identity.plugin.session.SessionException) SubjectLocality(com.sun.identity.saml.assertion.SubjectLocality) Conditions(com.sun.identity.saml.assertion.Conditions) AuthnContext(com.sun.identity.federation.message.common.AuthnContext) BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) SubjectConfirmation(com.sun.identity.saml.assertion.SubjectConfirmation) FSAssertion(com.sun.identity.federation.message.FSAssertion) FSException(com.sun.identity.federation.common.FSException) Iterator(java.util.Iterator) List(java.util.List) ArrayList(java.util.ArrayList) AudienceRestrictionCondition(com.sun.identity.saml.assertion.AudienceRestrictionCondition) SessionProvider(com.sun.identity.plugin.session.SessionProvider) HashSet(java.util.HashSet) UnknownHostException(java.net.UnknownHostException) FSAuthenticationStatement(com.sun.identity.federation.message.FSAuthenticationStatement) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) Date(java.util.Date) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) ParseException(java.text.ParseException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) UnknownHostException(java.net.UnknownHostException) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement) ParseException(java.text.ParseException) Advice(com.sun.identity.saml.assertion.Advice) IDPProvidedNameIdentifier(com.sun.identity.federation.message.common.IDPProvidedNameIdentifier) AssertionIDReference(com.sun.identity.saml.assertion.AssertionIDReference) Map(java.util.Map) HashMap(java.util.HashMap)

Example 37 with SessionProvider

use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.

the class FSDefaultAttributePlugin method getAttributeValue.

private String getAttributeValue(Object token, String attrName) {
    if (attrName == null) {
        FSUtils.debug.error("FSDefaultAttributePlugin.getAttribute" + "Value: attribute Name is null. Check the attribute map");
        return null;
    }
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        String userID = sessionProvider.getPrincipalName(token);
        DataStoreProvider dsProvider = DataStoreProviderManager.getInstance().getDataStoreProvider(IFSConstants.IDFF);
        Set attrValues = dsProvider.getAttribute(userID, attrName);
        if (attrValues == null || attrValues.isEmpty()) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSDefaultAttributePlugin.getAttribute" + "Value: values not found for : " + attrName);
            }
            return null;
        }
        return (String) attrValues.iterator().next();
    } catch (SessionException se) {
        FSUtils.debug.error("FSDefaultAttributePlugin.getAttributeValue: exception:", se);
    } catch (DataStoreProviderException dspe) {
        FSUtils.debug.error("FSDefaultAttributePlugin.getAttributeValue: exception: ", dspe);
    }
    return null;
}
Also used : DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) Set(java.util.Set) DataStoreProvider(com.sun.identity.plugin.datastore.DataStoreProvider) SessionException(com.sun.identity.plugin.session.SessionException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 38 with SessionProvider

use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.

the class SAMLPOSTProfileServlet method doGet.

/**
     * Initiates <code>SAML</code> web browser POST profile.
     * This method takes in a TARGET in the request, creates a SAMLResponse,
     * then redirects user to the destination site.
     *
     * @param request <code>HttpServletRequest</code> instance
     * @param response <code>HttpServletResponse</code> instance
     * @throws ServletException if there is an error.
     * @throws IOException if there is an error.
     */
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    if ((request == null) || (response == null)) {
        String[] data = { SAMLUtils.bundle.getString("nullInputParameter") };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.NULL_PARAMETER, data);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "nullInputParameter", SAMLUtils.bundle.getString("nullInputParameter"));
        return;
    }
    SAMLUtils.checkHTTPContentLength(request);
    // get Session
    Object token = getSession(request);
    if (token == null) {
        response.sendRedirect(SAMLUtils.getLoginRedirectURL(request));
        return;
    }
    // obtain TARGET
    String target = request.getParameter(SAMLConstants.POST_TARGET_PARAM);
    if (target == null || target.length() == 0) {
        String[] data = { SAMLUtils.bundle.getString("missingTargetSite") };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.MISSING_TARGET, data, token);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_BAD_REQUEST, "missingTargetSite", SAMLUtils.bundle.getString("missingTargetSite"));
        return;
    }
    // Get the Destination site Entry
    // find the destSite POST URL, which is the Receipient
    SAMLServiceManager.SiteEntry destSite = getDestSite(target);
    String destSiteUrl = null;
    if ((destSite == null) || ((destSiteUrl = destSite.getPOSTUrl()) == null)) {
        String[] data = { SAMLUtils.bundle.getString("targetForbidden"), target };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.TARGET_FORBIDDEN, data, token);
        SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "targetForbidden", SAMLUtils.bundle.getString("targetForbidden") + " " + target);
        return;
    }
    Response samlResponse = null;
    try {
        String version = destSite.getVersion();
        int majorVersion = SAMLConstants.PROTOCOL_MAJOR_VERSION;
        int minorVersion = SAMLConstants.PROTOCOL_MINOR_VERSION;
        if (version != null) {
            StringTokenizer st = new StringTokenizer(version, ".");
            if (st.countTokens() == 2) {
                majorVersion = Integer.parseInt(st.nextToken().trim());
                minorVersion = Integer.parseInt(st.nextToken().trim());
            }
        }
        // create assertion
        AssertionManager am = AssertionManager.getInstance();
        SessionProvider sessionProvider = SessionManager.getProvider();
        Assertion assertion = am.createSSOAssertion(sessionProvider.getSessionID(token), null, request, response, destSite.getSourceID(), target, majorVersion + "." + minorVersion);
        // create SAMLResponse
        StatusCode statusCode = new StatusCode(SAMLConstants.STATUS_CODE_SUCCESS);
        Status status = new Status(statusCode);
        List contents = new ArrayList();
        contents.add(assertion);
        samlResponse = new Response(null, status, destSiteUrl, contents);
        samlResponse.setMajorVersion(majorVersion);
        samlResponse.setMinorVersion(minorVersion);
    } catch (SessionException sse) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "Couldn't get SessionProvider:", sse);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", sse.getMessage());
        return;
    } catch (NumberFormatException ne) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when creating Response: ", ne);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", ne.getMessage());
        return;
    } catch (SAMLException se) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when creating Response: ", se);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", se.getMessage());
        return;
    }
    // sign the samlResponse
    byte[] signedBytes = null;
    try {
        samlResponse.signXML();
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("SAMLPOSTProfileServlet.doGet: " + "signed samlResponse is" + samlResponse.toString(true, true, true));
        }
        signedBytes = SAMLUtils.getResponseBytes(samlResponse);
    } catch (Exception e) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when signing the response:", e);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "errorSigningResponse", SAMLUtils.bundle.getString("errorSigningResponse"));
        return;
    }
    // base64 encode the signed samlResponse
    String encodedResponse = null;
    try {
        encodedResponse = Base64.encode(signedBytes, true).trim();
    } catch (Exception e) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when encoding the response:", e);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "errorEncodeResponse", SAMLUtils.bundle.getString("errorEncodeResponse"));
        return;
    }
    if (LogUtils.isAccessLoggable(java.util.logging.Level.FINE)) {
        String[] data = { SAMLUtils.bundle.getString("redirectTo"), target, destSiteUrl, new String(signedBytes, "UTF-8") };
        LogUtils.access(java.util.logging.Level.FINE, LogUtils.REDIRECT_TO_URL, data, token);
    } else {
        String[] data = { SAMLUtils.bundle.getString("redirectTo"), target, destSiteUrl };
        LogUtils.access(java.util.logging.Level.INFO, LogUtils.REDIRECT_TO_URL, data, token);
    }
    response.setContentType("text/html; charset=UTF-8");
    PrintWriter out = response.getWriter();
    out.println("<HTML>");
    out.println("<BODY Onload=\"document.forms[0].submit()\">");
    out.println("<FORM METHOD=\"POST\" ACTION=\"" + destSiteUrl + "\">");
    out.println("<INPUT TYPE=\"HIDDEN\" NAME=\"" + SAMLConstants.POST_SAML_RESPONSE_PARAM + "\" ");
    out.println("VALUE=\"" + encodedResponse + "\">");
    out.println("<INPUT TYPE=\"HIDDEN\" NAME=\"" + SAMLConstants.POST_TARGET_PARAM + "\" VALUE=\"" + target + "\"> </FORM>");
    out.println("</BODY></HTML>");
    out.close();
}
Also used : Status(com.sun.identity.saml.protocol.Status) Assertion(com.sun.identity.saml.assertion.Assertion) ArrayList(java.util.ArrayList) SessionException(com.sun.identity.plugin.session.SessionException) StatusCode(com.sun.identity.saml.protocol.StatusCode) SAMLException(com.sun.identity.saml.common.SAMLException) ServletException(javax.servlet.ServletException) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException) IOException(java.io.IOException) HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(com.sun.identity.saml.protocol.Response) StringTokenizer(java.util.StringTokenizer) AssertionManager(com.sun.identity.saml.AssertionManager) SAMLServiceManager(com.sun.identity.saml.common.SAMLServiceManager) ArrayList(java.util.ArrayList) List(java.util.List) SessionProvider(com.sun.identity.plugin.session.SessionProvider) PrintWriter(java.io.PrintWriter)

Example 39 with SessionProvider

use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.

the class SAMLPOSTProfileServlet method getSession.

private Object getSession(HttpServletRequest request) {
    Object token = null;
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        token = sessionProvider.getSession(request);
        if (token == null) {
            SAMLUtils.debug.error("SAMLPOSTProfileServlet.getSession: " + "Session is null.");
            return null;
        }
        if (!sessionProvider.isValid(token)) {
            SAMLUtils.debug.error("SAMLPOSTProfileServlet.getSession: " + "Session is invalid.");
            return null;
        }
    } catch (SessionException se) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.getSession: " + "Exception when getting Session:", se);
        return null;
    }
    return token;
}
Also used : SessionException(com.sun.identity.plugin.session.SessionException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 40 with SessionProvider

use of com.sun.identity.plugin.session.SessionProvider in project OpenAM by OpenRock.

the class FSPreLogin method validateISCookie.

/**
     * Validates the OpenAM Session Token String.
     *
     * @param token the Session Token String.
     * @return a boolean value true if valid otherwise false.
     */
private boolean validateISCookie(HttpServletRequest request) {
    boolean isValidToken = false;
    FSUtils.debug.message("FSPreLogin::validateISCookie.Called ");
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        Object ssoToken = sessionProvider.getSession(request);
        isValidToken = sessionProvider.isValid(ssoToken);
    } catch (SessionException ssoe) {
        FSUtils.debug.message("FSPreLogin::validateISCookie():", ssoe);
    } catch (Exception ex) {
        FSUtils.debug.message("FSPreLogin::validateISCookie():", ex);
    }
    return isValidToken;
}
Also used : SessionException(com.sun.identity.plugin.session.SessionException) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSLoginHelperException(com.sun.identity.federation.services.FSLoginHelperException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Aggregations

SessionProvider (com.sun.identity.plugin.session.SessionProvider)66 SessionException (com.sun.identity.plugin.session.SessionException)61 SAMLException (com.sun.identity.saml.common.SAMLException)22 List (java.util.List)15 IOException (java.io.IOException)14 FSException (com.sun.identity.federation.common.FSException)13 HashMap (java.util.HashMap)12 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)11 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)10 Set (java.util.Set)10 FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)9 FSSession (com.sun.identity.federation.services.FSSession)9 FSSessionManager (com.sun.identity.federation.services.FSSessionManager)9 ArrayList (java.util.ArrayList)9 Iterator (java.util.Iterator)8 Map (java.util.Map)8 FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)6 Assertion (com.sun.identity.saml.assertion.Assertion)6 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)6 HashSet (java.util.HashSet)6