Search in sources :

Example 1 with Assertion

use of com.sun.identity.saml.assertion.Assertion in project OpenAM by OpenRock.

the class FSAssertionManager method setErrStatus.

/**
     * Store the status of a given artifact (original error)
     * @param aa reference artifact
     * @param s stored status
     */
public void setErrStatus(AssertionArtifact aa, Status s) {
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("setErrStatus( " + aa + ", " + s + " )");
    }
    String artString = aa.getAssertionArtifact();
    Assertion assertion = new ErrorAssertion(new java.util.Date(), s);
    Entry e = new Entry(assertion, null, artString, null);
    Object oldEntry = null;
    synchronized (idEntryMap) {
        oldEntry = idEntryMap.put(artString, e);
    }
    if (oldEntry != null) {
        assertionTimeoutRunnable.removeElement(artString);
        if ((agent != null) && agent.isRunning() && (idffSvc != null)) {
            idffSvc.setAssertions((long) idEntryMap.size());
        }
    }
    assertionTimeoutRunnable.addElement(artString);
}
Also used : Date(java.util.Date) Assertion(com.sun.identity.saml.assertion.Assertion) FSAssertion(com.sun.identity.federation.message.FSAssertion)

Example 2 with Assertion

use of com.sun.identity.saml.assertion.Assertion in project OpenAM by OpenRock.

the class FSAssertionManager method createFSAssertionArtifact.

/**
     * Creates an assertion artifact.
     * @param id session ID
     * @param realm the realm in which the provider resides
     * @param spEntityID service provider's entity ID
     * @param spHandle service provider issued <code>NameIdentifier</code>
     * @param idpHandle identity provider issued <code>NameIdentifier</code>
     * @param inResponseTo value to InResponseTo attribute. It's the request ID.
     * @param minorVersion request minor version, used to determine assertion's
     *  minor version
     * @exception FSException,SAMLException if error occurrs
     */
public AssertionArtifact createFSAssertionArtifact(String id, String realm, String spEntityID, NameIdentifier spHandle, NameIdentifier idpHandle, String inResponseTo, int minorVersion) throws FSException, SAMLException {
    // check input
    if ((id == null) || (spEntityID == null)) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionManager: null input for" + " method createFSAssertionArtifact.");
        }
        throw new FSException("nullInput", null);
    }
    // create assertion id and artifact
    String handle = SAMLUtils.generateAssertionHandle();
    if (handle == null) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionManager.createFSAssertionArt" + "ifact: couldn't generate assertion handle.");
        }
        throw new FSException("errorCreateArtifact", null);
    }
    // TODO: should obtain it through meta
    String sourceSuccinctID = FSUtils.generateSourceID(hostEntityId);
    byte[] bytesSourceId = SAMLUtils.stringToByteArray(sourceSuccinctID);
    byte[] bytesHandle = null;
    try {
        bytesHandle = handle.getBytes(IFSConstants.SOURCEID_ENCODING);
    } catch (Exception e) {
        FSUtils.debug.error("FSAssertionManager.createFSAssertionArt: ", e);
        return null;
    }
    AssertionArtifact art = new FSAssertionArtifact(bytesSourceId, bytesHandle);
    int assertionMinorVersion = IFSConstants.FF_11_ASSERTION_MINOR_VERSION;
    if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
        assertionMinorVersion = IFSConstants.FF_12_ART_ASSERTION_MINOR_VERSION;
    }
    Assertion assertion = createFSAssertion(id, art, realm, spEntityID, spHandle, idpHandle, inResponseTo, assertionMinorVersion);
    return art;
}
Also used : FSException(com.sun.identity.federation.common.FSException) Assertion(com.sun.identity.saml.assertion.Assertion) FSAssertion(com.sun.identity.federation.message.FSAssertion) FSAssertionArtifact(com.sun.identity.federation.message.FSAssertionArtifact) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) ParseException(java.text.ParseException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) UnknownHostException(java.net.UnknownHostException) AssertionArtifact(com.sun.identity.saml.protocol.AssertionArtifact) FSAssertionArtifact(com.sun.identity.federation.message.FSAssertionArtifact)

Example 3 with Assertion

use of com.sun.identity.saml.assertion.Assertion in project OpenAM by OpenRock.

the class FSAssertionManager method getErrorStatus.

/**
     * Retrieve the original status of a reference artifact.
     * @param aa reference artifact
     * @return The status as originally recorded.
     */
public Status getErrorStatus(AssertionArtifact aa) {
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("getErrorStatus( " + aa + " )");
    }
    Entry e = null;
    Status s = null;
    String remoteUrl = SAMLUtils.getServerURL(aa.getAssertionHandle());
    if (remoteUrl != null) {
        // call AssertionManagerClient.getAssertion
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("AssertionManager.getAssertion(art, " + "destid: calling another server in lb site:" + remoteUrl);
        }
        try {
            FSAssertionManagerClient amc = new FSAssertionManagerClient(metaAlias, getFullServiceURL(remoteUrl));
            s = amc.getErrorStatus(aa);
        } catch (FSException fse) {
            FSUtils.debug.error(fse.getMessage());
        }
    } else {
        e = (Entry) idEntryMap.get(aa.getAssertionArtifact());
        if (null != e) {
            Assertion assertion = e.getAssertion();
            if (assertion instanceof ErrorAssertion) {
                ErrorAssertion eassert = (ErrorAssertion) assertion;
                s = eassert.getStatus();
            }
        }
    }
    return s;
}
Also used : Status(com.sun.identity.saml.protocol.Status) FSException(com.sun.identity.federation.common.FSException) Assertion(com.sun.identity.saml.assertion.Assertion) FSAssertion(com.sun.identity.federation.message.FSAssertion)

Example 4 with Assertion

use of com.sun.identity.saml.assertion.Assertion in project OpenAM by OpenRock.

the class SAMLPOSTProfileServlet method doGet.

/**
     * Initiates <code>SAML</code> web browser POST profile.
     * This method takes in a TARGET in the request, creates a SAMLResponse,
     * then redirects user to the destination site.
     *
     * @param request <code>HttpServletRequest</code> instance
     * @param response <code>HttpServletResponse</code> instance
     * @throws ServletException if there is an error.
     * @throws IOException if there is an error.
     */
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    if ((request == null) || (response == null)) {
        String[] data = { SAMLUtils.bundle.getString("nullInputParameter") };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.NULL_PARAMETER, data);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "nullInputParameter", SAMLUtils.bundle.getString("nullInputParameter"));
        return;
    }
    SAMLUtils.checkHTTPContentLength(request);
    // get Session
    Object token = getSession(request);
    if (token == null) {
        response.sendRedirect(SAMLUtils.getLoginRedirectURL(request));
        return;
    }
    // obtain TARGET
    String target = request.getParameter(SAMLConstants.POST_TARGET_PARAM);
    if (target == null || target.length() == 0) {
        String[] data = { SAMLUtils.bundle.getString("missingTargetSite") };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.MISSING_TARGET, data, token);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_BAD_REQUEST, "missingTargetSite", SAMLUtils.bundle.getString("missingTargetSite"));
        return;
    }
    // Get the Destination site Entry
    // find the destSite POST URL, which is the Receipient
    SAMLServiceManager.SiteEntry destSite = getDestSite(target);
    String destSiteUrl = null;
    if ((destSite == null) || ((destSiteUrl = destSite.getPOSTUrl()) == null)) {
        String[] data = { SAMLUtils.bundle.getString("targetForbidden"), target };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.TARGET_FORBIDDEN, data, token);
        SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "targetForbidden", SAMLUtils.bundle.getString("targetForbidden") + " " + target);
        return;
    }
    Response samlResponse = null;
    try {
        String version = destSite.getVersion();
        int majorVersion = SAMLConstants.PROTOCOL_MAJOR_VERSION;
        int minorVersion = SAMLConstants.PROTOCOL_MINOR_VERSION;
        if (version != null) {
            StringTokenizer st = new StringTokenizer(version, ".");
            if (st.countTokens() == 2) {
                majorVersion = Integer.parseInt(st.nextToken().trim());
                minorVersion = Integer.parseInt(st.nextToken().trim());
            }
        }
        // create assertion
        AssertionManager am = AssertionManager.getInstance();
        SessionProvider sessionProvider = SessionManager.getProvider();
        Assertion assertion = am.createSSOAssertion(sessionProvider.getSessionID(token), null, request, response, destSite.getSourceID(), target, majorVersion + "." + minorVersion);
        // create SAMLResponse
        StatusCode statusCode = new StatusCode(SAMLConstants.STATUS_CODE_SUCCESS);
        Status status = new Status(statusCode);
        List contents = new ArrayList();
        contents.add(assertion);
        samlResponse = new Response(null, status, destSiteUrl, contents);
        samlResponse.setMajorVersion(majorVersion);
        samlResponse.setMinorVersion(minorVersion);
    } catch (SessionException sse) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "Couldn't get SessionProvider:", sse);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", sse.getMessage());
        return;
    } catch (NumberFormatException ne) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when creating Response: ", ne);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", ne.getMessage());
        return;
    } catch (SAMLException se) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when creating Response: ", se);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", se.getMessage());
        return;
    }
    // sign the samlResponse
    byte[] signedBytes = null;
    try {
        samlResponse.signXML();
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("SAMLPOSTProfileServlet.doGet: " + "signed samlResponse is" + samlResponse.toString(true, true, true));
        }
        signedBytes = SAMLUtils.getResponseBytes(samlResponse);
    } catch (Exception e) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when signing the response:", e);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "errorSigningResponse", SAMLUtils.bundle.getString("errorSigningResponse"));
        return;
    }
    // base64 encode the signed samlResponse
    String encodedResponse = null;
    try {
        encodedResponse = Base64.encode(signedBytes, true).trim();
    } catch (Exception e) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when encoding the response:", e);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "errorEncodeResponse", SAMLUtils.bundle.getString("errorEncodeResponse"));
        return;
    }
    if (LogUtils.isAccessLoggable(java.util.logging.Level.FINE)) {
        String[] data = { SAMLUtils.bundle.getString("redirectTo"), target, destSiteUrl, new String(signedBytes, "UTF-8") };
        LogUtils.access(java.util.logging.Level.FINE, LogUtils.REDIRECT_TO_URL, data, token);
    } else {
        String[] data = { SAMLUtils.bundle.getString("redirectTo"), target, destSiteUrl };
        LogUtils.access(java.util.logging.Level.INFO, LogUtils.REDIRECT_TO_URL, data, token);
    }
    response.setContentType("text/html; charset=UTF-8");
    PrintWriter out = response.getWriter();
    out.println("<HTML>");
    out.println("<BODY Onload=\"document.forms[0].submit()\">");
    out.println("<FORM METHOD=\"POST\" ACTION=\"" + destSiteUrl + "\">");
    out.println("<INPUT TYPE=\"HIDDEN\" NAME=\"" + SAMLConstants.POST_SAML_RESPONSE_PARAM + "\" ");
    out.println("VALUE=\"" + encodedResponse + "\">");
    out.println("<INPUT TYPE=\"HIDDEN\" NAME=\"" + SAMLConstants.POST_TARGET_PARAM + "\" VALUE=\"" + target + "\"> </FORM>");
    out.println("</BODY></HTML>");
    out.close();
}
Also used : Status(com.sun.identity.saml.protocol.Status) Assertion(com.sun.identity.saml.assertion.Assertion) ArrayList(java.util.ArrayList) SessionException(com.sun.identity.plugin.session.SessionException) StatusCode(com.sun.identity.saml.protocol.StatusCode) SAMLException(com.sun.identity.saml.common.SAMLException) ServletException(javax.servlet.ServletException) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException) IOException(java.io.IOException) HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(com.sun.identity.saml.protocol.Response) StringTokenizer(java.util.StringTokenizer) AssertionManager(com.sun.identity.saml.AssertionManager) SAMLServiceManager(com.sun.identity.saml.common.SAMLServiceManager) ArrayList(java.util.ArrayList) List(java.util.List) SessionProvider(com.sun.identity.plugin.session.SessionProvider) PrintWriter(java.io.PrintWriter)

Example 5 with Assertion

use of com.sun.identity.saml.assertion.Assertion in project OpenAM by OpenRock.

the class DefaultAttributeMapper method getSSOAssertion.

/**
     * This method exams the SubjectConfirmationData of the Subject in the
     * AttributeQuery. It returns the first Assertion that contains at least
     * one AuthenticationStatement.
     * <p>
     * @see com.sun.identity.saml.plugins.AttributeMapper#getSSOAssertion
     */
public Assertion getSSOAssertion(AttributeQuery query) {
    if (query == null) {
        return null;
    }
    SubjectConfirmation sc = query.getSubject().getSubjectConfirmation();
    if (sc == null) {
        return null;
    }
    Element scData = sc.getSubjectConfirmationData();
    if (scData == null) {
        return null;
    }
    Assertion assertion = null;
    try {
        NodeList nl = scData.getChildNodes();
        Node child = null;
        for (int i = 0, length = nl.getLength(); i < length; i++) {
            child = nl.item(i);
            if (child.getNodeType() == Node.ELEMENT_NODE) {
                try {
                    assertion = new Assertion((Element) child);
                    if (SAMLUtils.isAuthNAssertion(assertion)) {
                        return assertion;
                    }
                } catch (SAMLException se) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("DefaultAttributeMapper: " + "SAMLException when trying to obtain Assertion:" + se);
                    }
                }
            }
        }
    } catch (Exception e) {
        SAMLUtils.debug.error("DefaultAttributeMapper: Exception when " + "parsing the SubjectConfirmationData:", e);
    }
    return null;
}
Also used : SubjectConfirmation(com.sun.identity.saml.assertion.SubjectConfirmation) Element(org.w3c.dom.Element) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) Assertion(com.sun.identity.saml.assertion.Assertion) SAMLException(com.sun.identity.saml.common.SAMLException) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException) DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) MissingResourceException(java.util.MissingResourceException)

Aggregations

Assertion (com.sun.identity.saml.assertion.Assertion)32 SAMLException (com.sun.identity.saml.common.SAMLException)18 SessionException (com.sun.identity.plugin.session.SessionException)16 Iterator (java.util.Iterator)9 SessionProvider (com.sun.identity.plugin.session.SessionProvider)7 AssertionIDReference (com.sun.identity.saml.assertion.AssertionIDReference)6 AssertionArtifact (com.sun.identity.saml.protocol.AssertionArtifact)6 ArrayList (java.util.ArrayList)6 List (java.util.List)6 Set (java.util.Set)6 FSException (com.sun.identity.federation.common.FSException)4 FSAssertion (com.sun.identity.federation.message.FSAssertion)4 AssertionManager (com.sun.identity.saml.AssertionManager)4 Statement (com.sun.identity.saml.assertion.Statement)4 Subject (com.sun.identity.saml.assertion.Subject)4 SubjectConfirmation (com.sun.identity.saml.assertion.SubjectConfirmation)4 SubjectStatement (com.sun.identity.saml.assertion.SubjectStatement)4 Status (com.sun.identity.saml.protocol.Status)4 AttributeStatement (com.sun.identity.saml.assertion.AttributeStatement)3 StatusCode (com.sun.identity.saml.protocol.StatusCode)3