Example 16 with Assertion
use of com.sun.identity.saml.assertion.Assertion in project OpenAM by OpenRock.
the class FSAssertionManager method createFSAssertionArtifact.
/**
* Creates an assertion artifact.
* @param id session ID
* @param realm the realm in which the provider resides
* @param spEntityID service provider's entity ID
* @param spHandle service provider issued <code>NameIdentifier</code>
* @param idpHandle identity provider issued <code>NameIdentifier</code>
* @param inResponseTo value to InResponseTo attribute. It's the request ID.
* @param minorVersion request minor version, used to determine assertion's
* minor version
* @exception FSException,SAMLException if error occurrs
*/
public AssertionArtifact createFSAssertionArtifact(String id, String realm, String spEntityID, NameIdentifier spHandle, NameIdentifier idpHandle, String inResponseTo, int minorVersion) throws FSException, SAMLException {
// check input
if ((id == null) || (spEntityID == null)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager: null input for" + " method createFSAssertionArtifact.");
}
throw new FSException("nullInput", null);
}
// create assertion id and artifact
String handle = SAMLUtils.generateAssertionHandle();
if (handle == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createFSAssertionArt" + "ifact: couldn't generate assertion handle.");
}
throw new FSException("errorCreateArtifact", null);
}
// TODO: should obtain it through meta
String sourceSuccinctID = FSUtils.generateSourceID(hostEntityId);
byte[] bytesSourceId = SAMLUtils.stringToByteArray(sourceSuccinctID);
byte[] bytesHandle = null;
try {
bytesHandle = handle.getBytes(IFSConstants.SOURCEID_ENCODING);
} catch (Exception e) {
FSUtils.debug.error("FSAssertionManager.createFSAssertionArt: ", e);
return null;
}
AssertionArtifact art = new FSAssertionArtifact(bytesSourceId, bytesHandle);
int assertionMinorVersion = IFSConstants.FF_11_ASSERTION_MINOR_VERSION;
if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
assertionMinorVersion = IFSConstants.FF_12_ART_ASSERTION_MINOR_VERSION;
}
Assertion assertion = createFSAssertion(id, art, realm, spEntityID, spHandle, idpHandle, inResponseTo, assertionMinorVersion);
return art;
}
Also used :
FSException(com.sun.identity.federation.common.FSException)
Assertion(com.sun.identity.saml.assertion.Assertion)
FSAssertion(com.sun.identity.federation.message.FSAssertion)
FSAssertionArtifact(com.sun.identity.federation.message.FSAssertionArtifact)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ParseException(java.text.ParseException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
UnknownHostException(java.net.UnknownHostException)
AssertionArtifact(com.sun.identity.saml.protocol.AssertionArtifact)
FSAssertionArtifact(com.sun.identity.federation.message.FSAssertionArtifact)
Example 17 with Assertion
use of com.sun.identity.saml.assertion.Assertion in project OpenAM by OpenRock.
the class FSAssertionManager method getErrorStatus.
/**
* Retrieve the original status of a reference artifact.
* @param aa reference artifact
* @return The status as originally recorded.
*/
public Status getErrorStatus(AssertionArtifact aa) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("getErrorStatus( " + aa + " )");
}
Entry e = null;
Status s = null;
String remoteUrl = SAMLUtils.getServerURL(aa.getAssertionHandle());
if (remoteUrl != null) {
// call AssertionManagerClient.getAssertion
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("AssertionManager.getAssertion(art, " + "destid: calling another server in lb site:" + remoteUrl);
}
try {
FSAssertionManagerClient amc = new FSAssertionManagerClient(metaAlias, getFullServiceURL(remoteUrl));
s = amc.getErrorStatus(aa);
} catch (FSException fse) {
FSUtils.debug.error(fse.getMessage());
}
} else {
e = (Entry) idEntryMap.get(aa.getAssertionArtifact());
if (null != e) {
Assertion assertion = e.getAssertion();
if (assertion instanceof ErrorAssertion) {
ErrorAssertion eassert = (ErrorAssertion) assertion;
s = eassert.getStatus();
}
}
}
return s;
}
Also used :
Status(com.sun.identity.saml.protocol.Status)
FSException(com.sun.identity.federation.common.FSException)
Assertion(com.sun.identity.saml.assertion.Assertion)
FSAssertion(com.sun.identity.federation.message.FSAssertion)
Example 18 with Assertion
use of com.sun.identity.saml.assertion.Assertion in project OpenAM by OpenRock.
the class SAMLPOSTProfileServlet method doGet.
/**
* Initiates <code>SAML</code> web browser POST profile.
* This method takes in a TARGET in the request, creates a SAMLResponse,
* then redirects user to the destination site.
*
* @param request <code>HttpServletRequest</code> instance
* @param response <code>HttpServletResponse</code> instance
* @throws ServletException if there is an error.
* @throws IOException if there is an error.
*/
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
if ((request == null) || (response == null)) {
String[] data = { SAMLUtils.bundle.getString("nullInputParameter") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.NULL_PARAMETER, data);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "nullInputParameter", SAMLUtils.bundle.getString("nullInputParameter"));
return;
}
SAMLUtils.checkHTTPContentLength(request);
// get Session
Object token = getSession(request);
if (token == null) {
response.sendRedirect(SAMLUtils.getLoginRedirectURL(request));
return;
}
// obtain TARGET
String target = request.getParameter(SAMLConstants.POST_TARGET_PARAM);
if (target == null || target.length() == 0) {
String[] data = { SAMLUtils.bundle.getString("missingTargetSite") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.MISSING_TARGET, data, token);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_BAD_REQUEST, "missingTargetSite", SAMLUtils.bundle.getString("missingTargetSite"));
return;
}
// Get the Destination site Entry
// find the destSite POST URL, which is the Receipient
SAMLServiceManager.SiteEntry destSite = getDestSite(target);
String destSiteUrl = null;
if ((destSite == null) || ((destSiteUrl = destSite.getPOSTUrl()) == null)) {
String[] data = { SAMLUtils.bundle.getString("targetForbidden"), target };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.TARGET_FORBIDDEN, data, token);
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "targetForbidden", SAMLUtils.bundle.getString("targetForbidden") + " " + target);
return;
}
Response samlResponse = null;
try {
String version = destSite.getVersion();
int majorVersion = SAMLConstants.PROTOCOL_MAJOR_VERSION;
int minorVersion = SAMLConstants.PROTOCOL_MINOR_VERSION;
if (version != null) {
StringTokenizer st = new StringTokenizer(version, ".");
if (st.countTokens() == 2) {
majorVersion = Integer.parseInt(st.nextToken().trim());
minorVersion = Integer.parseInt(st.nextToken().trim());
}
}
// create assertion
AssertionManager am = AssertionManager.getInstance();
SessionProvider sessionProvider = SessionManager.getProvider();
Assertion assertion = am.createSSOAssertion(sessionProvider.getSessionID(token), null, request, response, destSite.getSourceID(), target, majorVersion + "." + minorVersion);
// create SAMLResponse
StatusCode statusCode = new StatusCode(SAMLConstants.STATUS_CODE_SUCCESS);
Status status = new Status(statusCode);
List contents = new ArrayList();
contents.add(assertion);
samlResponse = new Response(null, status, destSiteUrl, contents);
samlResponse.setMajorVersion(majorVersion);
samlResponse.setMinorVersion(minorVersion);
} catch (SessionException sse) {
SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "Couldn't get SessionProvider:", sse);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", sse.getMessage());
return;
} catch (NumberFormatException ne) {
SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when creating Response: ", ne);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", ne.getMessage());
return;
} catch (SAMLException se) {
SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when creating Response: ", se);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", se.getMessage());
return;
}
// sign the samlResponse
byte[] signedBytes = null;
try {
samlResponse.signXML();
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SAMLPOSTProfileServlet.doGet: " + "signed samlResponse is" + samlResponse.toString(true, true, true));
}
signedBytes = SAMLUtils.getResponseBytes(samlResponse);
} catch (Exception e) {
SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when signing the response:", e);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "errorSigningResponse", SAMLUtils.bundle.getString("errorSigningResponse"));
return;
}
// base64 encode the signed samlResponse
String encodedResponse = null;
try {
encodedResponse = Base64.encode(signedBytes, true).trim();
} catch (Exception e) {
SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when encoding the response:", e);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "errorEncodeResponse", SAMLUtils.bundle.getString("errorEncodeResponse"));
return;
}
if (LogUtils.isAccessLoggable(java.util.logging.Level.FINE)) {
String[] data = { SAMLUtils.bundle.getString("redirectTo"), target, destSiteUrl, new String(signedBytes, "UTF-8") };
LogUtils.access(java.util.logging.Level.FINE, LogUtils.REDIRECT_TO_URL, data, token);
} else {
String[] data = { SAMLUtils.bundle.getString("redirectTo"), target, destSiteUrl };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.REDIRECT_TO_URL, data, token);
}
response.setContentType("text/html; charset=UTF-8");
PrintWriter out = response.getWriter();
out.println("<HTML>");
out.println("<BODY Onload=\"document.forms[0].submit()\">");
out.println("<FORM METHOD=\"POST\" ACTION=\"" + destSiteUrl + "\">");
out.println("<INPUT TYPE=\"HIDDEN\" NAME=\"" + SAMLConstants.POST_SAML_RESPONSE_PARAM + "\" ");
out.println("VALUE=\"" + encodedResponse + "\">");
out.println("<INPUT TYPE=\"HIDDEN\" NAME=\"" + SAMLConstants.POST_TARGET_PARAM + "\" VALUE=\"" + target + "\"> </FORM>");
out.println("</BODY></HTML>");
out.close();
}
Also used :
Status(com.sun.identity.saml.protocol.Status)
Assertion(com.sun.identity.saml.assertion.Assertion)
ArrayList(java.util.ArrayList)
SessionException(com.sun.identity.plugin.session.SessionException)
StatusCode(com.sun.identity.saml.protocol.StatusCode)
SAMLException(com.sun.identity.saml.common.SAMLException)
ServletException(javax.servlet.ServletException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
IOException(java.io.IOException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Response(com.sun.identity.saml.protocol.Response)
StringTokenizer(java.util.StringTokenizer)
AssertionManager(com.sun.identity.saml.AssertionManager)
SAMLServiceManager(com.sun.identity.saml.common.SAMLServiceManager)
ArrayList(java.util.ArrayList)
List(java.util.List)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
PrintWriter(java.io.PrintWriter)
Example 19 with Assertion
use of com.sun.identity.saml.assertion.Assertion in project OpenAM by OpenRock.
the class AssertionManagerClient method getAssertion.
/**
* Returns assertion associated with the <code>AssertionArtifact</code>.
* @param artifact An <code>AssertionArtifact</code>.
* @param destID The destination site requesting the assertion using
* the artifact. This String is compared with the
* <code>destID</code> that the artifact is created for originally.
* @return The Assertion referenced to by artifact.
* @throws SAMLException If an error occurred during the process, or no
* assertion maps to the input artifact.
*/
protected Assertion getAssertion(AssertionArtifact artifact, String destID) throws SAMLException {
if (useLocal) {
return (assertionManager.getAssertion(artifact, destID));
}
String assertion = null;
try {
Object[] args = { artifact.getAssertionArtifact(), Base64.encode(SAMLUtils.stringToByteArray(destID)) };
assertion = (String) stub.send("getAssertion2", args, null, null);
return (new Assertion(XMLUtils.toDOMDocument(assertion, SAMLUtils.debug).getDocumentElement()));
} catch (Exception re) {
if (SAMLUtils.debug.warningEnabled()) {
SAMLUtils.debug.warning("AMC:getAssertion: " + artifact, re);
}
throw (new SAMLException(re.getMessage()));
}
}
Also used :
Assertion(com.sun.identity.saml.assertion.Assertion)
SAMLException(com.sun.identity.saml.common.SAMLException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
Example 20 with Assertion
use of com.sun.identity.saml.assertion.Assertion in project OpenAM by OpenRock.
the class AssertionManagerClient method getAssertion.
/**
* Returns assertion associated with the <code>AssertionArtifact</code>.
* @param artifact An <code>AssertionArtifact</code>.
* @param destID A Set of String that represents the destination id.
* The destination site requesting the assertion using the
* artifact. This String is compared with the <code>destID</code>
* that the artifact is created for originally. This field must not
* be null or empty set.
* @return The Assertion referenced to by artifact.
* @throws SAMLException If an error occurred during the process, or no
* assertion maps to the input artifact.
*/
public Assertion getAssertion(AssertionArtifact artifact, Set destID) throws SAMLException {
if (useLocal) {
return (assertionManager.getAssertion(artifact, destID));
}
String assertion = null;
try {
if (destID == null || destID.isEmpty()) {
SAMLUtils.debug.error("AssertionManagerClient:getAssertion(" + "AssertionArtifact, Set): destID set is null");
throw new SAMLException("nullInput");
}
Set destSet = new HashSet();
Iterator it = destID.iterator();
while (it.hasNext()) {
destSet.add(Base64.encode(SAMLUtils.stringToByteArray((String) it.next())));
}
Object[] args = { artifact.getAssertionArtifact(), destSet };
assertion = (String) stub.send("getAssertion", args, null, null);
return (new Assertion(XMLUtils.toDOMDocument(assertion, SAMLUtils.debug).getDocumentElement()));
} catch (Exception re) {
if (SAMLUtils.debug.warningEnabled()) {
SAMLUtils.debug.warning("AMC:getAssertion: " + artifact, re);
}
throw (new SAMLException(re.getMessage()));
}
}
Also used :
Assertion(com.sun.identity.saml.assertion.Assertion)
SAMLException(com.sun.identity.saml.common.SAMLException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
Aggregations
Assertion (com.sun.identity.saml.assertion.Assertion)32
SAMLException (com.sun.identity.saml.common.SAMLException)18
SessionException (com.sun.identity.plugin.session.SessionException)16
Iterator (java.util.Iterator)9
SessionProvider (com.sun.identity.plugin.session.SessionProvider)7
AssertionIDReference (com.sun.identity.saml.assertion.AssertionIDReference)6
AssertionArtifact (com.sun.identity.saml.protocol.AssertionArtifact)6
ArrayList (java.util.ArrayList)6
List (java.util.List)6
Set (java.util.Set)6
FSException (com.sun.identity.federation.common.FSException)4
FSAssertion (com.sun.identity.federation.message.FSAssertion)4
AssertionManager (com.sun.identity.saml.AssertionManager)4
Statement (com.sun.identity.saml.assertion.Statement)4
Subject (com.sun.identity.saml.assertion.Subject)4
SubjectConfirmation (com.sun.identity.saml.assertion.SubjectConfirmation)4
SubjectStatement (com.sun.identity.saml.assertion.SubjectStatement)4
Status (com.sun.identity.saml.protocol.Status)4
AttributeStatement (com.sun.identity.saml.assertion.AttributeStatement)3
StatusCode (com.sun.identity.saml.protocol.StatusCode)3
