Search in sources :

Example 1 with AssertionManager

use of com.sun.identity.saml.AssertionManager in project OpenAM by OpenRock.

the class SAMLPOSTProfileServlet method doGet.

/**
     * Initiates <code>SAML</code> web browser POST profile.
     * This method takes in a TARGET in the request, creates a SAMLResponse,
     * then redirects user to the destination site.
     *
     * @param request <code>HttpServletRequest</code> instance
     * @param response <code>HttpServletResponse</code> instance
     * @throws ServletException if there is an error.
     * @throws IOException if there is an error.
     */
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    if ((request == null) || (response == null)) {
        String[] data = { SAMLUtils.bundle.getString("nullInputParameter") };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.NULL_PARAMETER, data);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "nullInputParameter", SAMLUtils.bundle.getString("nullInputParameter"));
        return;
    }
    SAMLUtils.checkHTTPContentLength(request);
    // get Session
    Object token = getSession(request);
    if (token == null) {
        response.sendRedirect(SAMLUtils.getLoginRedirectURL(request));
        return;
    }
    // obtain TARGET
    String target = request.getParameter(SAMLConstants.POST_TARGET_PARAM);
    if (target == null || target.length() == 0) {
        String[] data = { SAMLUtils.bundle.getString("missingTargetSite") };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.MISSING_TARGET, data, token);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_BAD_REQUEST, "missingTargetSite", SAMLUtils.bundle.getString("missingTargetSite"));
        return;
    }
    // Get the Destination site Entry
    // find the destSite POST URL, which is the Receipient
    SAMLServiceManager.SiteEntry destSite = getDestSite(target);
    String destSiteUrl = null;
    if ((destSite == null) || ((destSiteUrl = destSite.getPOSTUrl()) == null)) {
        String[] data = { SAMLUtils.bundle.getString("targetForbidden"), target };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.TARGET_FORBIDDEN, data, token);
        SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "targetForbidden", SAMLUtils.bundle.getString("targetForbidden") + " " + target);
        return;
    }
    Response samlResponse = null;
    try {
        String version = destSite.getVersion();
        int majorVersion = SAMLConstants.PROTOCOL_MAJOR_VERSION;
        int minorVersion = SAMLConstants.PROTOCOL_MINOR_VERSION;
        if (version != null) {
            StringTokenizer st = new StringTokenizer(version, ".");
            if (st.countTokens() == 2) {
                majorVersion = Integer.parseInt(st.nextToken().trim());
                minorVersion = Integer.parseInt(st.nextToken().trim());
            }
        }
        // create assertion
        AssertionManager am = AssertionManager.getInstance();
        SessionProvider sessionProvider = SessionManager.getProvider();
        Assertion assertion = am.createSSOAssertion(sessionProvider.getSessionID(token), null, request, response, destSite.getSourceID(), target, majorVersion + "." + minorVersion);
        // create SAMLResponse
        StatusCode statusCode = new StatusCode(SAMLConstants.STATUS_CODE_SUCCESS);
        Status status = new Status(statusCode);
        List contents = new ArrayList();
        contents.add(assertion);
        samlResponse = new Response(null, status, destSiteUrl, contents);
        samlResponse.setMajorVersion(majorVersion);
        samlResponse.setMinorVersion(minorVersion);
    } catch (SessionException sse) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "Couldn't get SessionProvider:", sse);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", sse.getMessage());
        return;
    } catch (NumberFormatException ne) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when creating Response: ", ne);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", ne.getMessage());
        return;
    } catch (SAMLException se) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when creating Response: ", se);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", se.getMessage());
        return;
    }
    // sign the samlResponse
    byte[] signedBytes = null;
    try {
        samlResponse.signXML();
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("SAMLPOSTProfileServlet.doGet: " + "signed samlResponse is" + samlResponse.toString(true, true, true));
        }
        signedBytes = SAMLUtils.getResponseBytes(samlResponse);
    } catch (Exception e) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when signing the response:", e);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "errorSigningResponse", SAMLUtils.bundle.getString("errorSigningResponse"));
        return;
    }
    // base64 encode the signed samlResponse
    String encodedResponse = null;
    try {
        encodedResponse = Base64.encode(signedBytes, true).trim();
    } catch (Exception e) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when encoding the response:", e);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "errorEncodeResponse", SAMLUtils.bundle.getString("errorEncodeResponse"));
        return;
    }
    if (LogUtils.isAccessLoggable(java.util.logging.Level.FINE)) {
        String[] data = { SAMLUtils.bundle.getString("redirectTo"), target, destSiteUrl, new String(signedBytes, "UTF-8") };
        LogUtils.access(java.util.logging.Level.FINE, LogUtils.REDIRECT_TO_URL, data, token);
    } else {
        String[] data = { SAMLUtils.bundle.getString("redirectTo"), target, destSiteUrl };
        LogUtils.access(java.util.logging.Level.INFO, LogUtils.REDIRECT_TO_URL, data, token);
    }
    response.setContentType("text/html; charset=UTF-8");
    PrintWriter out = response.getWriter();
    out.println("<HTML>");
    out.println("<BODY Onload=\"document.forms[0].submit()\">");
    out.println("<FORM METHOD=\"POST\" ACTION=\"" + destSiteUrl + "\">");
    out.println("<INPUT TYPE=\"HIDDEN\" NAME=\"" + SAMLConstants.POST_SAML_RESPONSE_PARAM + "\" ");
    out.println("VALUE=\"" + encodedResponse + "\">");
    out.println("<INPUT TYPE=\"HIDDEN\" NAME=\"" + SAMLConstants.POST_TARGET_PARAM + "\" VALUE=\"" + target + "\"> </FORM>");
    out.println("</BODY></HTML>");
    out.close();
}
Also used : Status(com.sun.identity.saml.protocol.Status) Assertion(com.sun.identity.saml.assertion.Assertion) ArrayList(java.util.ArrayList) SessionException(com.sun.identity.plugin.session.SessionException) StatusCode(com.sun.identity.saml.protocol.StatusCode) SAMLException(com.sun.identity.saml.common.SAMLException) ServletException(javax.servlet.ServletException) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException) IOException(java.io.IOException) HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(com.sun.identity.saml.protocol.Response) StringTokenizer(java.util.StringTokenizer) AssertionManager(com.sun.identity.saml.AssertionManager) SAMLServiceManager(com.sun.identity.saml.common.SAMLServiceManager) ArrayList(java.util.ArrayList) List(java.util.List) SessionProvider(com.sun.identity.plugin.session.SessionProvider) PrintWriter(java.io.PrintWriter)

Example 2 with AssertionManager

use of com.sun.identity.saml.AssertionManager in project OpenAM by OpenRock.

the class DefaultActionMapper method getSSOAssertion.

/**
     * This method exams the Evidence in the AuthorizationDecisionQuery.
     * It returns the first valid Assertion that contains at least one
     * AuthenticationStatement.
     * <p>
     * @see com.sun.identity.saml.plugins.ActionMapper#getSSOAssertion
     */
public Assertion getSSOAssertion(AuthorizationDecisionQuery query, String sourceID) {
    if (query == null) {
        return null;
    }
    Assertion assertion = null;
    // check evidence
    Evidence evi = query.getEvidence();
    if (evi != null) {
        Set assertions = evi.getAssertion();
        if (assertions != null) {
            Iterator iter = assertions.iterator();
            while (iter.hasNext()) {
                assertion = (Assertion) iter.next();
                if (SAMLUtils.isAuthNAssertion(assertion)) {
                    return assertion;
                }
            }
        // loop through assertions
        }
        Set idRefs = evi.getAssertionIDReference();
        if (idRefs != null) {
            Iterator iter = idRefs.iterator();
            try {
                AssertionManager am = AssertionManager.getInstance();
                AssertionIDReference idRef = null;
                while (iter.hasNext()) {
                    idRef = (AssertionIDReference) iter.next();
                    try {
                        // get the assertion from server id
                        String remoteUrl = SAMLUtils.getServerURL(idRef.getAssertionIDReference());
                        if (remoteUrl != null) {
                            // call AssertionManagerClient.getAssertion
                            if (SAMLUtils.debug.messageEnabled()) {
                                SAMLUtils.debug.message("DefaultActionMap" + "per: calling another in lb site:" + remoteUrl);
                            }
                            AssertionManagerClient amc = new AssertionManagerClient(SAMLUtils.getFullServiceURL(remoteUrl));
                            assertion = amc.getAssertion(idRef, sourceID);
                        } else {
                            assertion = am.getAssertion(idRef, sourceID);
                        }
                    } catch (Exception e) {
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message("DefaultActionMapper." + "getSSOAssertion: exception when retrieving " + "Assertion from IDRef:" + e);
                        }
                        continue;
                    }
                    if (SAMLUtils.isAuthNAssertion(assertion)) {
                        return assertion;
                    }
                }
            } catch (Exception e) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("DefaultActionMapper: Couldn't" + " obtain AssertionManager instance:" + e);
                }
            }
        }
    }
    return null;
}
Also used : Set(java.util.Set) AssertionManager(com.sun.identity.saml.AssertionManager) Assertion(com.sun.identity.saml.assertion.Assertion) Iterator(java.util.Iterator) Evidence(com.sun.identity.saml.assertion.Evidence) AssertionIDReference(com.sun.identity.saml.assertion.AssertionIDReference) AssertionManagerClient(com.sun.identity.saml.AssertionManagerClient) SAMLException(com.sun.identity.saml.common.SAMLException) MissingResourceException(java.util.MissingResourceException)

Example 3 with AssertionManager

use of com.sun.identity.saml.AssertionManager in project OpenAM by OpenRock.

the class DefaultActionMapper method convertEvidence.

private Map convertEvidence(Evidence evidence, Subject subject, String sourceID) {
    Map envParams = new HashMap();
    if (evidence == null) {
        return envParams;
    }
    Iterator iterator = null;
    Assertion assertion = null;
    String siteName = (String) SAMLServiceManager.getAttribute(SAMLConstants.ISSUER_NAME);
    String issuer = null;
    Set idRefs = evidence.getAssertionIDReference();
    if (idRefs != null) {
        iterator = idRefs.iterator();
        try {
            AssertionManager am = AssertionManager.getInstance();
            AssertionIDReference idRef = null;
            while (iterator.hasNext()) {
                idRef = (AssertionIDReference) iterator.next();
                try {
                    // get the assertion from server id
                    String remoteUrl = SAMLUtils.getServerURL(idRef.getAssertionIDReference());
                    if (remoteUrl != null) {
                        // call AssertionManagerClient.getAssertion
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message("DefaultActionMapper:" + "calling another server in lb site:" + remoteUrl);
                        }
                        AssertionManagerClient amc = new AssertionManagerClient(SAMLUtils.getFullServiceURL(remoteUrl));
                        assertion = amc.getAssertion(idRef, sourceID);
                    } else {
                        assertion = am.getAssertion(idRef, sourceID);
                    }
                } catch (Exception e) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("DefaultActionMapper: " + "couldn't retrieve assertion from idRef:" + e);
                    }
                    continue;
                }
                // no need to check signature or time validation
                SAMLUtils.addEnvParamsFromAssertion(envParams, assertion, subject);
            }
        } catch (Exception e) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("DefaultActionMapper: Couldn't " + "obtain AssertionManager instance:" + e);
            }
        }
    }
    Set assertions = evidence.getAssertion();
    if (assertions != null) {
        iterator = assertions.iterator();
        while (iterator.hasNext()) {
            assertion = (Assertion) iterator.next();
            if ((!assertion.isSignatureValid()) || (!assertion.isTimeValid())) {
                continue;
            }
            issuer = assertion.getIssuer();
            if ((siteName != null) && (siteName.equals(issuer))) {
            // this server is the issuer
            } else {
                // is issuer trusted
                SAMLServiceManager.SOAPEntry sourceSite = SAMLUtils.getSourceSite(issuer);
                if (sourceSite == null) {
                    continue;
                }
            }
            SAMLUtils.addEnvParamsFromAssertion(envParams, assertion, subject);
        }
    }
    return envParams;
}
Also used : Set(java.util.Set) AssertionManager(com.sun.identity.saml.AssertionManager) HashMap(java.util.HashMap) Iterator(java.util.Iterator) Assertion(com.sun.identity.saml.assertion.Assertion) SAMLServiceManager(com.sun.identity.saml.common.SAMLServiceManager) AssertionIDReference(com.sun.identity.saml.assertion.AssertionIDReference) HashMap(java.util.HashMap) Map(java.util.Map) AssertionManagerClient(com.sun.identity.saml.AssertionManagerClient) SAMLException(com.sun.identity.saml.common.SAMLException) MissingResourceException(java.util.MissingResourceException)

Example 4 with AssertionManager

use of com.sun.identity.saml.AssertionManager in project OpenAM by OpenRock.

the class SAMLSOAPReceiver method extractProcessRequest.

/**
     * Extracts the Request object from the SOAPMessage return corresponding
     * response.
     */
private Response extractProcessRequest(HttpServletRequest servletReq, org.w3c.dom.Element body, Set partnerSourceID) {
    Response retResponse = null;
    String respID = SAMLUtils.generateID();
    String inResponseTo = null;
    List contents = new ArrayList();
    String message = null;
    Status status;
    String remoteAddr = ClientUtils.getClientIPAddress(servletReq);
    String recipient = remoteAddr;
    String invalidRespPrefix = SAMLUtils.bundle.getString("invalidRequestLogMessage") + " " + remoteAddr + ": ";
    String respPrefix = SAMLUtils.bundle.getString("responseLogMessage") + " " + remoteAddr + ": ";
    NodeList nl = body.getElementsByTagNameNS(sc.PROTOCOL_NAMESPACE_URI, "Request");
    int length = nl.getLength();
    if (length == 0) {
        SAMLUtils.debug.error("SOAPReceiver: Body does not have a Request");
        message = SAMLUtils.bundle.getString("missingRequest");
        try {
            status = new Status(new StatusCode("samlp:Requester"), message, null);
            retResponse = new Response(respID, inResponseTo, status, recipient, contents);
        } catch (SAMLException se) {
            SAMLUtils.debug.error("SOAPReceiver:Fatal error, cannot " + "create status or response:" + se.getMessage());
        }
        String[] data = { invalidRespPrefix, retResponse.toString() };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
        return retResponse;
    }
    boolean foundRequest = false;
    Request req = null;
    for (int i = 0; i < length; i++) {
        Node child = (Node) nl.item(i);
        if (child.getNodeType() != Node.ELEMENT_NODE) {
            continue;
        }
        if (child.getLocalName().equals("Request")) {
            try {
                req = new Request((Element) child);
                SAMLUtils.debug.message("found request ");
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message(" Received Request:" + req.toString());
                }
                String[] data = { SAMLUtils.bundle.getString("requestLogMessage") + " " + remoteAddr, req.toString() };
                LogUtils.access(java.util.logging.Level.FINE, LogUtils.SOAP_REQUEST_MESSAGE, data);
                inResponseTo = req.getRequestID();
                foundRequest = true;
                break;
            } catch (SAMLRequesterException ss) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("SOAPReceiver:setting " + "status to samlp:Requester" + " " + ss.getMessage());
                }
                message = new String(ss.getMessage());
                try {
                    status = new Status(new StatusCode("samlp:Requester"), message, null);
                    retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                } catch (SAMLException se) {
                    SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
                }
                String[] data = { invalidRespPrefix, retResponse.toString() };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
                return retResponse;
            } catch (SAMLRequestVersionTooHighException sv) {
                String mesg = new String(sv.getMessage());
                StringTokenizer tok1 = new StringTokenizer(mesg, "|");
                inResponseTo = tok1.nextToken();
                message = tok1.nextToken();
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("SOAPReceiver:setting " + "status to samlp:VersionMismatch" + " " + message);
                }
                try {
                    status = new Status(new StatusCode("samlp:RequestVersionTooHigh"), message, null);
                    retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                } catch (SAMLException se) {
                    SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
                }
                String[] data = { invalidRespPrefix, retResponse.toString() };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
                return retResponse;
            } catch (SAMLRequestVersionTooLowException sv) {
                String mesg = new String(sv.getMessage());
                StringTokenizer tok1 = new StringTokenizer(mesg, "|");
                inResponseTo = tok1.nextToken();
                message = tok1.nextToken();
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("SOAPReceiver:setting " + "status to samlp:VersionMismatch" + " " + message);
                }
                try {
                    status = new Status(new StatusCode("samlp:RequestVersionTooLow"), message, null);
                    retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                } catch (SAMLException se) {
                    SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
                }
                String[] data = { invalidRespPrefix, retResponse.toString() };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
                return retResponse;
            } catch (Exception e) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("SOAPReceiver:setting " + "status to samlp:Responder" + " " + e.getMessage());
                }
                message = new String(e.getMessage());
                try {
                    status = new Status(new StatusCode("samlp:Responder"), message, null);
                    retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                } catch (SAMLException se) {
                    SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
                }
                String[] data = { invalidRespPrefix, retResponse.toString() };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
                return retResponse;
            }
        }
    }
    if (!(foundRequest)) {
        SAMLUtils.debug.error("SOAPReceiver: Body does not have a Request");
        message = SAMLUtils.bundle.getString("missingRequest");
        try {
            status = new Status(new StatusCode("samlp:Requester"), message, null);
            retResponse = new Response(respID, inResponseTo, status, recipient, contents);
        } catch (SAMLException se) {
            SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
        }
        String[] data = { invalidRespPrefix, retResponse.toString() };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
        return retResponse;
    } else {
        // found request now process it
        if (!req.isSignatureValid()) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("SOAPReceiver: couldn't verify " + "the signature on Request.");
            }
            message = SAMLUtils.bundle.getString("cannotVerifyRequest");
            try {
                status = new Status(new StatusCode("samlp:Requester"), message, null);
                retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
            } catch (SAMLException se) {
                SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
            }
            String[] data = { respPrefix, retResponse.toString() };
            LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
            return retResponse;
        }
        int reqType = req.getContentType();
        if (reqType == Request.NOT_SUPPORTED) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("SOAPReceiver:Found " + "element in the request which are not supported");
            }
            message = SAMLUtils.bundle.getString("unsupportedElement");
            try {
                status = new Status(new StatusCode("samlp:Responder"), message, null);
                retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
            } catch (SAMLException se) {
                SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
            }
            String[] data = { respPrefix, retResponse.toString() };
            LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
            return retResponse;
        }
        List respondWith = req.getRespondWith();
        if (!parseRespondWith(respondWith)) {
            SAMLUtils.debug.error("SOAPReceiver:Supported statements " + "are not present in the RespondWith element.");
            message = SAMLUtils.bundle.getString("unsupportedStatement");
            try {
                status = new Status(new StatusCode("samlp:Responder"), message, null);
                retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
            } catch (SAMLException se) {
                SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
            }
            String[] data = { respPrefix, retResponse.toString() };
            LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
            return retResponse;
        }
        AssertionManager am = null;
        try {
            am = AssertionManager.getInstance();
        } catch (SAMLException se) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("SOAPReceiver: Cannot" + " instantiate AssertionManager");
            }
            message = se.getMessage();
            try {
                status = new Status(new StatusCode("samlp:Responder"), message, null);
                retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
            } catch (SAMLException sse) {
                SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", sse);
                String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
            }
            String[] data = { respPrefix, retResponse.toString() };
            LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
            return retResponse;
        }
        List artifacts = null;
        List assertions = new ArrayList();
        if (reqType == Request.ASSERTION_ARTIFACT) {
            artifacts = req.getAssertionArtifact();
            length = artifacts.size();
            // ensure that all the artifacts have this site's sourceID
            for (int j = 0; j < length; j++) {
                AssertionArtifact art = (AssertionArtifact) artifacts.get(j);
                if (!isThisSiteID(art.getSourceID())) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("SOAPReceiver:Artifact" + " has invalid SourceID");
                    }
                    message = SAMLUtils.bundle.getString("mismatchSourceID");
                    try {
                        status = new Status(new StatusCode("samlp:Requester"), message, null);
                        retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                        retResponse.setMajorVersion(req.getMajorVersion());
                        retResponse.setMinorVersion(req.getMinorVersion());
                    } catch (SAMLException ex) {
                        SAMLUtils.debug.error("SOAPReceiver:" + "Fatal error, " + "cannot create status or response", ex);
                        String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                        LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
                    }
                    String[] data = { respPrefix, retResponse.toString() };
                    LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
                    return retResponse;
                }
            }
            // for loop to go through artifacts to check for sourceID
            for (int i = 0; i < length; i++) {
                AssertionArtifact artifact = (AssertionArtifact) artifacts.get(i);
                Assertion assertion = null;
                try {
                    assertion = am.getAssertion(artifact, partnerSourceID);
                } catch (SAMLException se) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("SOAPReceiver:" + " could not find matching assertion");
                    }
                    message = se.getMessage();
                    try {
                        status = new Status(new StatusCode("samlp:Success"), message, null);
                        retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                        retResponse.setMajorVersion(req.getMajorVersion());
                        retResponse.setMinorVersion(req.getMinorVersion());
                    } catch (SAMLException sse) {
                        SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", sse);
                        String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                        LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
                    }
                    String[] data = { respPrefix, retResponse.toString() };
                    LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
                    return retResponse;
                }
                if (assertion != null) {
                    assertions.add(i, assertion);
                }
            }
        } else if (reqType == Request.ASSERTION_ID_REFERENCE) {
            List assertionIdRefs = req.getAssertionIDReference();
            length = assertionIdRefs.size();
            for (int i = 0; i < length; i++) {
                AssertionIDReference aidRef = (AssertionIDReference) assertionIdRefs.get(i);
                Assertion assertion = null;
                try {
                    assertion = am.getAssertion(aidRef, partnerSourceID);
                } catch (SAMLException se) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("SOAPReceiver:" + " could not find matching assertion");
                    }
                    message = se.getMessage();
                    try {
                        status = new Status(new StatusCode("samlp:Success"), message, null);
                        retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                        retResponse.setMajorVersion(req.getMajorVersion());
                        retResponse.setMinorVersion(req.getMinorVersion());
                    } catch (SAMLException sse) {
                        SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", sse);
                        String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                        LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
                    }
                    String[] data = { respPrefix, retResponse.toString() };
                    LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
                    return retResponse;
                }
                if (assertion != null) {
                    assertions.add(i, assertion);
                }
            }
        } else if ((reqType == Request.AUTHENTICATION_QUERY) || (reqType == Request.AUTHORIZATION_DECISION_QUERY) || (reqType == Request.ATTRIBUTE_QUERY)) {
            Query query = req.getQuery();
            if (query != null) {
                Assertion assertion = null;
                try {
                    // if we come here, partnerSourceID is not empty
                    // always pass the first matching sourceID in
                    // need to find solution to handle multiple matches:TBD
                    assertion = am.getAssertion(query, (String) ((Iterator) partnerSourceID.iterator()).next());
                } catch (SAMLException se) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("SOAPReceiver:" + " could not find matching assertion");
                    }
                    message = se.getMessage();
                    try {
                        status = new Status(new StatusCode("samlp:Success"), message, null);
                        retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                        retResponse.setMajorVersion(req.getMajorVersion());
                        retResponse.setMinorVersion(req.getMinorVersion());
                    } catch (SAMLException sse) {
                        SAMLUtils.debug.error("SOAPReceiver:Fatal " + " error, cannot create status or " + " response", sse);
                        String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                        LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
                    }
                    String[] data = { respPrefix, retResponse.toString() };
                    LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
                    return retResponse;
                }
                if (assertion != null) {
                    assertions.add(assertion);
                }
            }
        } else {
            //
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("SOAPReceiver:Request " + "contents has element which is not supported at this" + " time");
            }
            message = SAMLUtils.bundle.getString("unsupportedElement");
            try {
                status = new Status(new StatusCode("samlp:Responder"), message, null);
                retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
            } catch (SAMLException se) {
                SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
            }
            String[] data = { respPrefix, retResponse.toString() };
            LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
            return retResponse;
        }
        int assertionSize = assertions.size();
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("found " + assertionSize + " assertions.");
        }
        // Request received. 
        for (int i = 0; i < assertionSize; i++) {
            Response resp = validateStatements((Assertion) assertions.get(i), respondWith, contents, i, respID, inResponseTo, recipient);
            if (resp != null) {
                String[] data = { respPrefix, retResponse.toString() };
                LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
                return resp;
            }
        // else there was no mismatch with respondWith element
        }
        if (reqType == Request.ASSERTION_ARTIFACT) {
            if (contents.size() == artifacts.size()) {
                message = null;
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("SOAPReceiver: Matching " + "Assertion found");
                }
                try {
                    status = new Status(new StatusCode("samlp:Success"), message, null);
                    retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                    retResponse.setMajorVersion(req.getMajorVersion());
                    retResponse.setMinorVersion(req.getMinorVersion());
                } catch (SAMLException se) {
                    SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                    String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                    LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
                }
                String[] data = { respPrefix, retResponse.toString() };
                LogUtils.access(java.util.logging.Level.FINE, LogUtils.SENDING_RESPONSE, data);
                return retResponse;
            } else {
                message = SAMLUtils.bundle.getString("unequalMatch");
                try {
                    status = new Status(new StatusCode("samlp:Success"), message, null);
                    //contents = null;
                    retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                    retResponse.setMajorVersion(req.getMajorVersion());
                    retResponse.setMinorVersion(req.getMinorVersion());
                } catch (SAMLException se) {
                    SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                    String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                    LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
                }
                String[] data = { respPrefix, retResponse.toString() };
                LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
                return retResponse;
            }
        } else {
            // build response for all the other type of request
            try {
                status = new Status(new StatusCode("samlp:Success"), message, null);
                retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
            } catch (SAMLException se) {
                SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
            }
        }
    }
    // end of else found request
    if (LogUtils.isAccessLoggable(java.util.logging.Level.FINER)) {
        String[] data = { respPrefix, retResponse.toString() };
        LogUtils.access(java.util.logging.Level.FINER, LogUtils.SENDING_RESPONSE, data);
    } else {
        String[] data = { respPrefix, retResponse.getResponseID() };
        LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
    }
    return retResponse;
}
Also used : Status(com.sun.identity.saml.protocol.Status) Query(com.sun.identity.saml.protocol.Query) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) SOAPElement(javax.xml.soap.SOAPElement) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) Request(com.sun.identity.saml.protocol.Request) HttpServletRequest(javax.servlet.http.HttpServletRequest) Assertion(com.sun.identity.saml.assertion.Assertion) SAMLRequesterException(com.sun.identity.saml.common.SAMLRequesterException) StatusCode(com.sun.identity.saml.protocol.StatusCode) SAMLException(com.sun.identity.saml.common.SAMLException) ServletException(javax.servlet.ServletException) SOAPException(javax.xml.soap.SOAPException) SAMLRequestVersionTooHighException(com.sun.identity.saml.common.SAMLRequestVersionTooHighException) SAMLRequesterException(com.sun.identity.saml.common.SAMLRequesterException) SAMLRequestVersionTooLowException(com.sun.identity.saml.common.SAMLRequestVersionTooLowException) SAMLException(com.sun.identity.saml.common.SAMLException) AssertionArtifact(com.sun.identity.saml.protocol.AssertionArtifact) Response(com.sun.identity.saml.protocol.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) StringTokenizer(java.util.StringTokenizer) AssertionManager(com.sun.identity.saml.AssertionManager) SAMLRequestVersionTooLowException(com.sun.identity.saml.common.SAMLRequestVersionTooLowException) SAMLRequestVersionTooHighException(com.sun.identity.saml.common.SAMLRequestVersionTooHighException) List(java.util.List) ArrayList(java.util.ArrayList) NodeList(org.w3c.dom.NodeList) AssertionIDReference(com.sun.identity.saml.assertion.AssertionIDReference)

Example 5 with AssertionManager

use of com.sun.identity.saml.AssertionManager in project OpenAM by OpenRock.

the class SAMLAwareServlet method createArtifact.

/**
     * Creates a list of AssertionArtifact's id.
     *
     * @param sso the user Session object
     * @param target A String representing the target host
     * @param targetUrl A URL String representing the target site
     * @param version The relying party preferred Assertion version number
     * @return a List representing a list of AssertionArtifact's id
     * @throws SAMLException if there is an error.
     */
private List createArtifact(Object sso, String target, HttpServletRequest request, HttpServletResponse response, String targetUrl, String version) throws SAMLException {
    if (sso == null || target == null || target.length() == 0 || version == null || version.length() == 0) {
        throw new SAMLException(SAMLUtils.bundle.getString("createArtifactError"));
    }
    List artifactList = new ArrayList();
    AssertionManager assertManager = AssertionManager.getInstance();
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        AssertionArtifact artifact = assertManager.createAssertionArtifact(sessionProvider.getSessionID(sso), target, request, response, targetUrl, version);
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionArtifact id = " + artifact.toString());
        }
        String artid = artifact.getAssertionArtifact();
        artifactList.add(artid);
    } catch (SessionException se) {
        SAMLUtils.debug.error("Couldn't get SessionProvider.");
        throw new SAMLException(SAMLUtils.bundle.getString("nullSessionProvider"));
    }
    return artifactList;
}
Also used : AssertionManager(com.sun.identity.saml.AssertionManager) ArrayList(java.util.ArrayList) SessionException(com.sun.identity.plugin.session.SessionException) ArrayList(java.util.ArrayList) List(java.util.List) SAMLException(com.sun.identity.saml.common.SAMLException) AssertionArtifact(com.sun.identity.saml.protocol.AssertionArtifact) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Aggregations

AssertionManager (com.sun.identity.saml.AssertionManager)5 SAMLException (com.sun.identity.saml.common.SAMLException)5 Assertion (com.sun.identity.saml.assertion.Assertion)4 AssertionIDReference (com.sun.identity.saml.assertion.AssertionIDReference)3 ArrayList (java.util.ArrayList)3 List (java.util.List)3 SessionException (com.sun.identity.plugin.session.SessionException)2 SessionProvider (com.sun.identity.plugin.session.SessionProvider)2 AssertionManagerClient (com.sun.identity.saml.AssertionManagerClient)2 SAMLServiceManager (com.sun.identity.saml.common.SAMLServiceManager)2 AssertionArtifact (com.sun.identity.saml.protocol.AssertionArtifact)2 Response (com.sun.identity.saml.protocol.Response)2 Status (com.sun.identity.saml.protocol.Status)2 StatusCode (com.sun.identity.saml.protocol.StatusCode)2 Iterator (java.util.Iterator)2 MissingResourceException (java.util.MissingResourceException)2 Set (java.util.Set)2 StringTokenizer (java.util.StringTokenizer)2 ServletException (javax.servlet.ServletException)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2