Example 26 with NameIdentifier
use of com.sun.identity.saml.assertion.NameIdentifier in project OpenAM by OpenRock.
the class FSFederationTerminationNotification method parseURLEncodedRequest.
/**
* Returns <code>FSFederationTerminationNotification</code> object. The
* object is creating by parsing the <code>HttpServletRequest</code>
* object.
*
* @param request the <code>HttpServletRequest</code> object.
* @throws FSMsgException if there is an error
* creating <code>FSFederationTerminationNotification</code> object.
*/
public static FSFederationTerminationNotification parseURLEncodedRequest(HttpServletRequest request) throws FSMsgException, SAMLException {
FSFederationTerminationNotification retFederationTerminationNotification = new FSFederationTerminationNotification();
try {
FSUtils.debug.message("checking minor version");
retFederationTerminationNotification.majorVersion = Integer.parseInt(request.getParameter(IFSConstants.MAJOR_VERSION));
retFederationTerminationNotification.minorVersion = Integer.parseInt(request.getParameter(IFSConstants.MINOR_VERSION));
} catch (NumberFormatException ex) {
throw new FSMsgException("invalidNumber", null);
}
String requestID = request.getParameter(IFSConstants.REQUEST_ID);
if (request != null) {
retFederationTerminationNotification.requestID = requestID;
} else {
String[] args = { IFSConstants.REQUEST_ID };
throw new FSMsgException("missingAttribute", args);
}
String instantString = request.getParameter(IFSConstants.ISSUE_INSTANT);
if (instantString == null || instantString.length() == 0) {
String[] args = { IFSConstants.ISSUE_INSTANT };
throw new FSMsgException("missingAttribute", args);
}
try {
retFederationTerminationNotification.issueInstant = DateUtils.stringToDate(instantString);
} catch (ParseException e) {
throw new FSMsgException("parseError", null);
}
String providerID = request.getParameter(IFSConstants.PROVIDER_ID);
if (providerID != null) {
retFederationTerminationNotification.providerId = providerID;
} else {
throw new FSMsgException("missingElement", null);
}
String nameFormat = request.getParameter(IFSConstants.NAME_FORMAT);
String nameQualifier = request.getParameter(IFSConstants.NAME_QUALIFIER);
String name = request.getParameter("Name");
if (name == null) {
throw new FSMsgException("missingNameIdentifier", null);
}
String relayState = request.getParameter(IFSConstants.RELAY_STATE);
if (relayState != null) {
retFederationTerminationNotification.relayState = relayState;
}
retFederationTerminationNotification.nameIdentifier = new NameIdentifier(name, nameQualifier, nameFormat);
FSUtils.debug.message("Returning Termination Object");
return retFederationTerminationNotification;
}
Also used :
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
ParseException(java.text.ParseException)
Example 27 with NameIdentifier
use of com.sun.identity.saml.assertion.NameIdentifier in project OpenAM by OpenRock.
the class FSAccountUtils method stringToObject.
/**
* Parses federation information string and put corresponding parts in
* object fields.
*
* @param fedInfoString - String containg federation information.
* @return Account federation information object.
* @throws FSAccountMgmtException if <code>fedInfoString</code> cannot be
* parsed.
*/
public static FSAccountFedInfo stringToObject(String fedInfoString) throws FSAccountMgmtException {
FSAccountFedInfo fedInfoObject = null;
StringTokenizer str = new StringTokenizer(fedInfoString, FED_INFO_DELIM);
String token;
fedInfoObject = new FSAccountFedInfo();
try {
token = str.nextToken();
fedInfoObject.setProviderID(token);
NameIdentifier localNI = null;
NameIdentifier remoteNI = null;
// Local Name Identifier fields.
token = str.nextToken();
if (!token.equalsIgnoreCase("null")) {
String localName = token;
String localNameQualifier = "";
String localNameFormat = "";
token = str.nextToken();
if (!token.equalsIgnoreCase("null")) {
localNameQualifier = token;
}
token = str.nextToken();
if (!token.equalsIgnoreCase("null")) {
localNameFormat = token;
}
try {
localNI = new NameIdentifier(localName, localNameQualifier, localNameFormat);
} catch (SAMLException se) {
FSUtils.debug.error("FSAccountUtils.stringToObject(): " + "SAMLException: ", se);
throw new FSAccountMgmtException(se.getMessage());
}
} else {
// just ignore two tokens.
token = str.nextToken();
token = str.nextToken();
}
fedInfoObject.setLocalNameIdentifier(localNI);
// Remote Name Identifier fields.
token = str.nextToken();
if (!token.equalsIgnoreCase("null")) {
String remoteName = token;
String remoteNameQualifier = "";
String remoteNameFormat = "";
token = str.nextToken();
if (!token.equalsIgnoreCase("null")) {
remoteNameQualifier = token;
}
token = str.nextToken();
if (!token.equalsIgnoreCase("null")) {
remoteNameFormat = token;
}
try {
remoteNI = new NameIdentifier(remoteName, remoteNameQualifier, remoteNameFormat);
} catch (SAMLException se) {
FSUtils.debug.error("FSAccountUtils.stringToObject(): " + "SAMLException: ", se);
throw new FSAccountMgmtException(se.getMessage());
}
} else {
// just ignore two tokens.
token = str.nextToken();
token = str.nextToken();
}
fedInfoObject.setRemoteNameIdentifier(remoteNI);
token = str.nextToken();
if (token.equalsIgnoreCase("IDPRole")) {
fedInfoObject.setRole(true);
} else if (token.equalsIgnoreCase("SPRole")) {
fedInfoObject.setRole(false);
} else {
FSUtils.debug.error("FSAccountUtils.stringToObject():" + " You have modified IDP/SP Role" + " in iDS :: set it to IDPRole/SPRole ");
throw new FSAccountMgmtException(IFSConstants.INVALID_ACT_FED_INFO_IN_IDS, null);
}
token = str.nextToken();
if (token.equalsIgnoreCase("Active")) {
fedInfoObject.activateFedStatus();
} else if (token.equalsIgnoreCase("InActive")) {
fedInfoObject.deActivateFedStatus();
} else {
FSUtils.debug.error("FSAccountUtils.stringToObject():" + " You have modified Active/InActive in iDS ");
throw new FSAccountMgmtException(IFSConstants.INVALID_ACT_FED_INFO_IN_IDS, null);
}
if (str.hasMoreTokens()) {
token = str.nextToken();
if (token != null && token.equalsIgnoreCase(IFSConstants.AFFILIATED)) {
fedInfoObject.setAffiliation(true);
}
}
} catch (NoSuchElementException nsee) {
FSUtils.debug.error("FSAccountUtils.stringToObject() : NoSuchElementException: ", nsee);
throw new FSAccountMgmtException(nsee.getMessage());
}
return fedInfoObject;
}
Also used :
StringTokenizer(java.util.StringTokenizer)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
SAMLException(com.sun.identity.saml.common.SAMLException)
NoSuchElementException(java.util.NoSuchElementException)
Example 28 with NameIdentifier
use of com.sun.identity.saml.assertion.NameIdentifier in project OpenAM by OpenRock.
the class FSAccountUtils method objectToInfoString.
/**
* Returns string equalivent of <code>FSAccountFedInfo</code> object.
*
* @return Account Federation information.
* @param fedInfoObject federation info as an object.
* @exception FSAccountMgmtException if <code>fedInfoObject</code> cannot
* be converted to string.
*/
public static String objectToInfoString(FSAccountFedInfo fedInfoObject) throws FSAccountMgmtException {
StringBuffer fedInfoSB = new StringBuffer(1000);
fedInfoSB.append(FED_INFO_DELIM);
fedInfoSB.append(fedInfoObject.getProviderID());
NameIdentifier lni = fedInfoObject.getLocalNameIdentifier();
NameIdentifier rni = fedInfoObject.getRemoteNameIdentifier();
if (lni == null && rni == null) {
FSUtils.debug.error("FSAccountUtils.objectToInfoString(): " + "both NameIdentifiers are null");
throw new FSAccountMgmtException(IFSConstants.NULL_NAME_IDENTIFIER, null);
}
if (lni != null) {
fedInfoSB.append(FED_INFO_DELIM);
String name = lni.getName();
if (name != null && name.length() > 0) {
fedInfoSB.append(name);
} else {
FSUtils.debug.error("FSAccountUtils.objectToInfoString(): local Name is null");
throw new FSAccountMgmtException(IFSConstants.NULL_NAME, null);
}
fedInfoSB.append(FED_INFO_DELIM);
String nameQual = lni.getNameQualifier();
if (nameQual != null && nameQual.length() > 0) {
fedInfoSB.append(nameQual);
} else {
fedInfoSB.append("null");
}
fedInfoSB.append(FED_INFO_DELIM);
String nameFormat = lni.getFormat();
if (nameFormat != null && nameFormat.length() > 0) {
fedInfoSB.append(nameFormat);
} else {
fedInfoSB.append("null");
}
} else {
fedInfoSB.append(FED_INFO_DELIM);
fedInfoSB.append("null");
fedInfoSB.append(FED_INFO_DELIM);
fedInfoSB.append("null");
fedInfoSB.append(FED_INFO_DELIM);
fedInfoSB.append("null");
}
if (rni != null) {
fedInfoSB.append(FED_INFO_DELIM);
String name = rni.getName();
if (name != null && name.length() > 0) {
fedInfoSB.append(name);
} else {
FSUtils.debug.error("FSAccountUtils.objectToInfoString(): remote Name is null");
throw new FSAccountMgmtException(IFSConstants.NULL_NAME, null);
}
fedInfoSB.append(FED_INFO_DELIM);
String nameQual = rni.getNameQualifier();
if (nameQual != null && nameQual.length() > 0) {
fedInfoSB.append(nameQual);
} else {
fedInfoSB.append("null");
}
fedInfoSB.append(FED_INFO_DELIM);
String nameFormat = rni.getFormat();
if (nameFormat != null && nameFormat.length() > 0) {
fedInfoSB.append(nameFormat);
} else {
fedInfoSB.append("null");
}
} else {
fedInfoSB.append(FED_INFO_DELIM).append("null").append(FED_INFO_DELIM).append("null").append(FED_INFO_DELIM).append("null");
}
fedInfoSB.append(FED_INFO_DELIM);
if (fedInfoObject.isRoleIDP()) {
fedInfoSB.append("IDPRole");
} else {
fedInfoSB.append("SPRole");
}
fedInfoSB.append(FED_INFO_DELIM);
if (fedInfoObject.isFedStatusActive()) {
fedInfoSB.append("Active");
} else {
fedInfoSB.append("InActive");
}
fedInfoSB.append(FED_INFO_DELIM);
if (fedInfoObject.getAffiliation()) {
fedInfoSB.append(IFSConstants.AFFILIATED);
fedInfoSB.append(FED_INFO_DELIM);
}
return fedInfoSB.toString();
}
Also used :
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
Example 29 with NameIdentifier
use of com.sun.identity.saml.assertion.NameIdentifier in project OpenAM by OpenRock.
the class FSAssertionArtifactHandler method generateToken.
protected int generateToken(NameIdentifier ni, int handleType, NameIdentifier niIdp, Map env) {
FSUtils.debug.message("FSAssertionArtifactHandler.generateToken: Called");
if ((ni == null)) {
FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Invalid userDN input");
return FederationSPAdapter.SSO_FAILED;
}
try {
String name = ni.getName();
String nameSpace = ni.getNameQualifier();
if ((nameSpace == null) || (nameSpace.length() == 0)) {
nameSpace = hostEntityId;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: Trying to get userDN for opaqueHandle= " + name + " ,securityDomain= " + nameSpace + " And HandleType=" + handleType);
}
String affiliationID = authnRequest.getAffiliationID();
FSAccountFedInfoKey fedKey = new FSAccountFedInfoKey(nameSpace, name);
FSAccountManager accountManager = FSAccountManager.getInstance(hostMetaAlias);
String userID = accountManager.getUserID(fedKey, realm, env);
FSAccountFedInfo fedInfo = null;
if (userID == null) {
if (niIdp != null && nameSpace.equals(affiliationID)) {
fedKey = new FSAccountFedInfoKey(affiliationID, niIdp.getName());
userID = accountManager.getUserID(fedKey, realm, env);
if (userID != null) {
FSAccountFedInfo oldInfo = accountManager.readAccountFedInfo(userID, affiliationID);
if (oldInfo != null) {
accountManager.removeAccountFedInfo(userID, oldInfo);
}
fedInfo = new FSAccountFedInfo(idpEntityId, ni, niIdp, true);
fedInfo.setAffiliation(true);
fedKey = new FSAccountFedInfoKey(nameSpace, name);
accountManager.writeAccountFedInfo(userID, fedKey, fedInfo);
} else {
FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: " + "Can't dereference handle. fedKey=" + fedKey.toString());
return FederationSPAdapter.SSO_FAILED_FEDERATION_DOESNOT_EXIST;
}
} else {
// Check if there is any 6.2 format?
FSAccountFedInfoKey oldKey = new FSAccountFedInfoKey(idpEntityId, name);
if (oldKey != null) {
userID = accountManager.getUserID(oldKey, realm, env);
if (userID != null) {
fedInfo = accountManager.readAccountFedInfo(userID, idpEntityId);
if (fedInfo != null && fedInfo.isFedStatusActive()) {
// rewrite it.
NameIdentifier localNI = fedInfo.getLocalNameIdentifier();
if (localNI != null) {
localNI.setNameQualifier(hostEntityId);
}
accountManager.removeAccountFedInfo(userID, fedInfo);
NameIdentifier remoteNI = fedInfo.getRemoteNameIdentifier();
if (remoteNI != null) {
remoteNI.setNameQualifier(hostEntityId);
}
fedInfo = new FSAccountFedInfo(idpEntityId, localNI, remoteNI, true);
accountManager.removeAccountFedInfoKey(userID, oldKey);
FSAccountFedInfoKey newKey = new FSAccountFedInfoKey(hostEntityId, name);
accountManager.writeAccountFedInfo(userID, newKey, fedInfo);
} else {
FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Can't dereference handle.");
return FederationSPAdapter.SSO_FAILED_FEDERATION_DOESNOT_EXIST;
}
} else {
String enabledStr = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.ENABLE_AUTO_FEDERATION);
if (enabledStr != null && enabledStr.equalsIgnoreCase("true") && _autoFedStatement != null) {
userID = accountManager.getUserID(autoFedSearchMap, realm, null);
if (userID != null) {
FSAccountFedInfoKey newKey = new FSAccountFedInfoKey(hostEntityId, name);
fedInfo = new FSAccountFedInfo(idpEntityId, null, ni, true);
accountManager.writeAccountFedInfo(userID, newKey, fedInfo);
} else {
FSUtils.debug.error("FSAssertionArtifactHandler. " + "generateToken:" + "Can't dereference handle.");
return FederationSPAdapter.SSO_FAILED_AUTO_FED;
}
} else {
FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Can't dereference handle.");
return FederationSPAdapter.SSO_FAILED_FEDERATION_DOESNOT_EXIST;
}
}
} else {
FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Can't dereference handle.");
return FederationSPAdapter.SSO_FAILED_FEDERATION_DOESNOT_EXIST;
}
}
} else {
if (affiliationID != null) {
fedInfo = accountManager.readAccountFedInfo(userID, affiliationID);
} else {
fedInfo = accountManager.readAccountFedInfo(userID, idpEntityId, name);
}
if (fedInfo == null) {
FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: " + "User's account is not federated, id=" + userID);
return FederationSPAdapter.SSO_FAILED_FEDERATION_DOESNOT_EXIST;
}
}
//get AuthnLevel from authnContext
String authnContextClassRef = null;
int authnLevel = 0;
Map authnContextInfoMap = FSServiceUtils.getSPAuthContextInfo(hostConfig);
if (authnContextStmt != null && authnContextStmt.getAuthnContextClassRef() != null && authnContextStmt.getAuthnContextClassRef().length() != 0) {
authnContextClassRef = authnContextStmt.getAuthnContextClassRef();
if (authnContextClassRef != null && authnContextClassRef.length() != 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: AuthnContextClassRef " + "found in AuthenticationStatement:" + authnContextClassRef);
}
FSSPAuthenticationContextInfo authnContextInfo = (FSSPAuthenticationContextInfo) authnContextInfoMap.get(authnContextClassRef);
if (authnContextInfo != null) {
authnLevel = authnContextInfo.getAuthenticationLevel();
} else {
FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Could not find " + "AuthnContextClassInfo for authnContextClassRef: " + authnContextClassRef + "Using default authnContextClass");
authnContextClassRef = null;
}
}
} else {
FSUtils.debug.warning("FSAssertionArtifactHandler.generateToken: " + "Could not find AuthnContextClassRef in the " + "AuthenticationStatement. Using default authnContextClass");
}
if (authnContextClassRef == null || authnContextClassRef.length() == 0) {
authnContextClassRef = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
FSSPAuthenticationContextInfo authnContextInfo = (FSSPAuthenticationContextInfo) authnContextInfoMap.get(authnContextClassRef);
if (authnContextInfo != null) {
authnLevel = authnContextInfo.getAuthenticationLevel();
} else {
FSUtils.debug.error("FSAssertionArtifactHandler." + "generateToken: Could not find authentication level " + "for default authentication context class");
return FederationSPAdapter.SSO_FAILED;
}
}
Map valueMap = new HashMap();
valueMap.put(SessionProvider.PRINCIPAL_NAME, userID);
valueMap.put(SessionProvider.REALM, realm);
valueMap.put(SessionProvider.AUTH_LEVEL, String.valueOf(authnLevel));
valueMap.put(SessionProvider.AUTH_INSTANT, getAuthInstant());
valueMap.put("idpEntityID", idpEntityId);
//valueMap.put("resourceOffering",
//valueMap.put("securityToken",
SessionProvider sessionProvider = SessionManager.getProvider();
Object ssoSession;
try {
ssoSession = sessionProvider.createSession(valueMap, request, response, new StringBuffer(this.relayState));
} catch (SessionException se) {
FSUtils.debug.error("FSAssertionArtifactHandler.generateToken:" + "cannot generate token:", se);
int failureCode = se.getErrCode();
if (failureCode == SessionException.AUTH_USER_INACTIVE) {
failureCode = FederationSPAdapter.SSO_FAILED_AUTH_USER_INACTIVE;
} else if (failureCode == SessionException.AUTH_USER_LOCKED) {
failureCode = FederationSPAdapter.SSO_FAILED_AUTH_USER_LOCKED;
} else if (failureCode == SessionException.AUTH_ACCOUNT_EXPIRED) {
failureCode = FederationSPAdapter.SSO_FAILED_AUTH_ACCOUNT_EXPIRED;
} else {
failureCode = FederationSPAdapter.SSO_FAILED_TOKEN_GENERATION;
}
return failureCode;
}
try {
sessionProvider.addListener(ssoSession, new FSTokenListener(hostMetaAlias));
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler.generateToken:" + "Couldn't add listener to session:", e);
}
}
String value = sessionProvider.getSessionID(ssoSession);
ssoToken = ssoSession;
Iterator iter = null;
//Set fed cookie
String fedCookieName = SystemConfigurationUtil.getProperty(IFSConstants.FEDERATE_COOKIE_NAME);
String fedCookieValue = "yes";
for (String domain : SystemConfigurationUtil.getCookieDomainsForRequest(request)) {
CookieUtils.addCookieToResponse(response, CookieUtils.newCookie(fedCookieName, fedCookieValue, IFSConstants.PERSISTENT_COOKIE_AGE, "/", domain));
}
//keep local session ref
FSSessionManager sessionManager = FSSessionManager.getInstance(hostMetaAlias);
FSSession session = sessionManager.getSession(userID, value);
if (session != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: An Existing session found for userID:" + userID + " And SessionID: " + value + " Adding partner to the Session");
}
session.addSessionPartner(new FSSessionPartner(idpEntityId, true));
session.setSessionIndex(idpSessionIndex);
sessionManager.addSession(userID, session);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: No existing session found for userID:" + userID + " And SessionID: " + value + " Creating a new Session");
}
session = new FSSession(value);
session.addSessionPartner(new FSSessionPartner(idpEntityId, true));
if (idpSessionIndex != null) {
session.setSessionIndex(idpSessionIndex);
}
sessionManager.addSession(userID, session);
}
// keep authncontext in FSSession.
if (authnContextClassRef != null) {
session.setAuthnContext(authnContextClassRef);
}
if (fedInfo != null) {
session.setAccountFedInfo(fedInfo);
}
// keep the attr statement in FSSession.
if (bootStrapStatement != null) {
session.setBootStrapAttributeStatement(bootStrapStatement);
}
if (_autoFedStatement != null) {
session.setAutoFedStatement(_autoFedStatement);
}
if (attrStatements.size() != 0) {
session.setAttributeStatements(attrStatements);
Map attributeMap = null;
setAttributeMapper();
if (realmAttributeMapper != null) {
attributeMap = realmAttributeMapper.getAttributes(attrStatements, realm, hostEntityId, idpEntityId, ssoToken);
} else if (attributeMapper != null) {
attributeMap = attributeMapper.getAttributes(attrStatements, hostEntityId, idpEntityId, ssoToken);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionArtifactHandler." + "generateToken: Attribute map :" + attributeMap);
}
if (attributeMap != null) {
setAttributeMap(ssoToken, attributeMap);
}
}
if (securityAssertions != null) {
session.setBootStrapCredential(securityAssertions);
}
return FederationSPAdapter.SUCCESS;
} catch (Exception e) {
FSUtils.debug.error("FSAssertionArtifactHandler.generateToken: " + "Exception Occured ", e);
return FederationSPAdapter.SSO_FAILED;
}
}
Also used :
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
HashMap(java.util.HashMap)
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)
FSAccountManager(com.sun.identity.federation.accountmgmt.FSAccountManager)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner)
Iterator(java.util.Iterator)
FSTokenListener(com.sun.identity.federation.services.logout.FSTokenListener)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
Map(java.util.Map)
HashMap(java.util.HashMap)
FSSPAuthenticationContextInfo(com.sun.identity.federation.services.FSSPAuthenticationContextInfo)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 30 with NameIdentifier
use of com.sun.identity.saml.assertion.NameIdentifier in project OpenAM by OpenRock.
the class FSServiceManager method getFedTerminationHandler.
/*
* Returns <code>FSFedTerminationHandler</code>. This method is invoked at
* the end where the termination request is received. The handler is
* responsible for doing account defederation.
* @param terminationRequest federation termination request
* @param hostedConfig Hosted Provider's extended meta
* @param hostedEntityId hosted provider's entity ID
* @param hostedProviderRole hosted provider's role
* @param metaAlias hosted provider's meta alias
* @param remoteEntityId remote provider's entity ID
* @return <code>FSFedTerminationHandler</code> object
*/
public FSFedTerminationHandler getFedTerminationHandler(FSFederationTerminationNotification terminationRequest, BaseConfigType hostedConfig, String realm, String hostedEntityId, String hostedProviderRole, String metaAlias, String remoteEntityId) {
try {
FSUtils.debug.message("Entered FSServicemanager::getFedTerminationHandler");
FSAccountManager managerInst = FSAccountManager.getInstance(metaAlias);
if (managerInst == null) {
FSUtils.debug.error("Error in retrieving account manager");
return null;
}
NameIdentifier nameIdObj = terminationRequest.getNameIdentifier();
String nameIDValue = nameIdObj.getName();
// Get amId
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Remote provider : " + remoteEntityId + ", Name Qualifier : " + nameIdObj.getNameQualifier() + ", Name : " + nameIDValue + ", Realm : " + realm);
}
String nameQualifier = nameIdObj.getNameQualifier();
String searchDomain = hostedEntityId;
if (nameQualifier != null && !nameQualifier.equals(remoteEntityId)) {
searchDomain = nameQualifier;
}
FSAccountFedInfoKey acctkey = null;
// for IDP, search remote SP, then local
if (hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
acctkey = new FSAccountFedInfoKey(searchDomain, nameIDValue);
} else {
acctkey = new FSAccountFedInfoKey(remoteEntityId, nameIDValue);
}
Map env = new HashMap();
env.put(IFSConstants.FS_USER_PROVIDER_ENV_TERMINATION_KEY, terminationRequest);
String userID = managerInst.getUserID(acctkey, realm, env);
if (userID == null) {
if (hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
acctkey = new FSAccountFedInfoKey(remoteEntityId, nameIDValue);
} else {
acctkey = new FSAccountFedInfoKey(hostedEntityId, nameIDValue);
}
userID = managerInst.getUserID(acctkey, realm, env);
if (userID == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("UserID is null");
}
return null;
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("user ID is " + userID);
}
FSAccountFedInfo acctInfo = managerInst.readAccountFedInfo(userID, remoteEntityId, nameIDValue);
if (acctInfo == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Account federation with provider " + remoteEntityId + " does not exist");
}
return null;
}
// Pass USERID TO HANDLER to AVOID SEARCH AGAIN
FSFedTerminationHandler handlerTermination = new FSFedTerminationHandler();
if (handlerTermination != null) {
handlerTermination.setUserID(userID);
handlerTermination.setAccountInfo(acctInfo);
return handlerTermination;
} else {
FSUtils.debug.message("Termination Handler is null");
return null;
}
} catch (Exception e) {
FSUtils.debug.error("FSServiceManager::getFedTerminationHandler " + "failed to get termination handler");
}
return null;
}
Also used :
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
HashMap(java.util.HashMap)
FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)
FSAccountManager(com.sun.identity.federation.accountmgmt.FSAccountManager)
HashMap(java.util.HashMap)
Map(java.util.Map)
FSFedTerminationHandler(com.sun.identity.federation.services.termination.FSFedTerminationHandler)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
Aggregations
NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)39
SAMLException (com.sun.identity.saml.common.SAMLException)17
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)11
FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)10
FSException (com.sun.identity.federation.common.FSException)10
SessionException (com.sun.identity.plugin.session.SessionException)10
Map (java.util.Map)10
FSAccountFedInfoKey (com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey)9
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)9
HashMap (java.util.HashMap)8
List (java.util.List)8
Set (java.util.Set)6
IDPProvidedNameIdentifier (com.sun.identity.federation.message.common.IDPProvidedNameIdentifier)5
FSSessionManager (com.sun.identity.federation.services.FSSessionManager)5
SessionProvider (com.sun.identity.plugin.session.SessionProvider)5
Iterator (java.util.Iterator)5
FSAssertion (com.sun.identity.federation.message.FSAssertion)4
FSSubject (com.sun.identity.federation.message.FSSubject)4
EncryptedNameIdentifier (com.sun.identity.federation.message.common.EncryptedNameIdentifier)4
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)4
