Search in sources :

Example 71 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class DefaultLibrarySPAccountMapper method getAttribute.

/**
     * Returns the attribute name.
     */
private Set getAttribute(AttributeStatement statement, String attributeName, String realm, String hostEntityID) {
    if (debug.messageEnabled()) {
        debug.message("DefaultLibrarySPAccountMapper.getAttribute: attribute" + "Name =" + attributeName);
    }
    List list = statement.getAttribute();
    for (Iterator iter = list.iterator(); iter.hasNext(); ) {
        Attribute attribute = (Attribute) iter.next();
        if (!attributeName.equalsIgnoreCase(attribute.getAttributeName())) {
            continue;
        }
        List values = null;
        try {
            values = attribute.getAttributeValue();
        } catch (SAMLException se) {
        // Just ignore it and carry on - getAttributeValue doesn't
        // really throw an exception - it just says it does
        }
        if (values == null || values.size() == 0) {
            return null;
        }
        Set set = new HashSet();
        set.addAll(values);
        return set;
    }
    return null;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) Attribute(com.sun.identity.saml.assertion.Attribute) Iterator(java.util.Iterator) List(java.util.List) SAMLException(com.sun.identity.saml.common.SAMLException) HashSet(java.util.HashSet)

Example 72 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class DefaultSPAttributeMapper method getAttributes.

/**
     * Returns attribute map for the given list of <code>Attribute</code>
     * objects. 
     * @param attributes list <code>Attribute</code>objects.
     * @param userID universal identifier or distinguished name(DN) of the user.
     * @param hostEntityID <code>EntityID</code> of the hosted provider.
     * @param remoteEntityID <code>EntityID</code> of the remote provider. 
     * @param realm realm name.
     * @return a map of mapped attribute value pair. This map has the
     *         key as the attribute name and the value as the attribute value
     * @exception WSFederationException if any failure.
     */
public Map getAttributes(List attributes, String userID, String hostEntityID, String remoteEntityID, String realm) throws WSFederationException {
    if (attributes == null || attributes.size() == 0) {
        throw new WSFederationException(bundle.getString("nullAttributes"));
    }
    if (hostEntityID == null) {
        throw new WSFederationException(bundle.getString("nullHostEntityID"));
    }
    if (realm == null) {
        throw new WSFederationException(bundle.getString("nullRealm"));
    }
    Map<String, Set<String>> map = new HashMap<String, Set<String>>();
    Map configMap = getConfigAttributeMap(realm, hostEntityID);
    for (Iterator iter = attributes.iterator(); iter.hasNext(); ) {
        Attribute attribute = (Attribute) iter.next();
        Set<String> values = new HashSet();
        try {
            List attrValues = attribute.getAttributeValue();
            for (Iterator iter2 = attrValues.iterator(); iter2.hasNext(); ) {
                Element attrValue = (Element) iter2.next();
                values.add(XMLUtils.getElementValue(attrValue));
            }
        } catch (SAMLException se) {
            throw new WSFederationException(se);
        }
        String attributeName = attribute.getAttributeName();
        String localAttribute = (String) configMap.get(attributeName);
        if (localAttribute == null || localAttribute.length() == 0) {
            localAttribute = attributeName;
        }
        Set<String> existingValues = map.get(localAttribute);
        if (existingValues != null) {
            existingValues.addAll(values);
        } else {
            map.put(localAttribute, values);
        }
    }
    return map;
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) WSFederationException(com.sun.identity.wsfederation.common.WSFederationException) HashMap(java.util.HashMap) Attribute(com.sun.identity.saml.assertion.Attribute) Element(org.w3c.dom.Element) SAMLException(com.sun.identity.saml.common.SAMLException) Iterator(java.util.Iterator) List(java.util.List) Map(java.util.Map) HashMap(java.util.HashMap) HashSet(java.util.HashSet)

Example 73 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class DefaultActionMapper method getAuthorizationDecisions.

/**
     * This method first converts the AttributeStatements in Evidence to
     * OpenAM Policy API environment variables. The Attributes in
     * the AttributeStatement(s) are expected to be OpenAM
     * attributes.
     * It then query the Policy decision one action at a time. Currently,
     * it handles actions defined in urn:oasis:names:tc:SAML:1.0:ghpp only.
     * This action Namespace is mapped to OpenAM
     * iPlanetAMWebAgentService.
     */
public Map getAuthorizationDecisions(AuthorizationDecisionQuery query, Object token, String sourceID) throws SAMLException {
    if ((query == null) || (token == null)) {
        SAMLUtils.debug.message("DefaultActionMapper: null input.");
        throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
    }
    Evidence evidence = query.getEvidence();
    Subject querySubject = query.getSubject();
    Map envParameters = convertEvidence(evidence, querySubject, sourceID);
    List permitActions = new ArrayList();
    List denyActions = new ArrayList();
    List actions = query.getAction();
    Iterator iterator = actions.iterator();
    PolicyEvaluator pe = null;
    String resource = query.getResource();
    Action action = null;
    String actionNamespace = null;
    while (iterator.hasNext()) {
        action = (Action) iterator.next();
        // get ActionNameSpace
        actionNamespace = action.getNameSpace();
        if ((actionNamespace != null) && (actionNamespace.equals(SAMLConstants.ACTION_NAMESPACE_GHPP))) {
            try {
                if (pe == null) {
                    pe = new PolicyEvaluator("iPlanetAMWebAgentService");
                }
                boolean result = pe.isAllowed((SSOToken) token, resource, action.getAction(), envParameters);
                if (result) {
                    permitActions.add(action);
                } else {
                    denyActions.add(action);
                }
            } catch (Exception e) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("DefaultActionMapper: " + "Exception from policy:" + e);
                }
                // indeterminate
                continue;
            }
        }
    }
    // while loop for each action
    Map resultMap = new HashMap();
    if (!permitActions.isEmpty()) {
        resultMap.put(ActionMapper.PERMIT, permitActions);
    } else if (!denyActions.isEmpty()) {
        resultMap.put(ActionMapper.DENY, denyActions);
    } else {
        resultMap.put(ActionMapper.INDETERMINATE, actions);
    }
    return resultMap;
}
Also used : Action(com.sun.identity.saml.assertion.Action) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) SAMLException(com.sun.identity.saml.common.SAMLException) Subject(com.sun.identity.saml.assertion.Subject) SAMLException(com.sun.identity.saml.common.SAMLException) MissingResourceException(java.util.MissingResourceException) PolicyEvaluator(com.sun.identity.policy.PolicyEvaluator) Iterator(java.util.Iterator) Evidence(com.sun.identity.saml.assertion.Evidence) ArrayList(java.util.ArrayList) NodeList(org.w3c.dom.NodeList) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map)

Example 74 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class FSSSOBrowserArtifactProfileHandler method createSAMLResponse.

private FSResponse createSAMLResponse(FSSAMLRequest samlRequest) throws FSException {
    FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Called");
    FSResponse retResponse = null;
    String respID = FSUtils.generateID();
    String inResponseTo = samlRequest.getRequestID();
    List contents = new ArrayList();
    String message = null;
    int length;
    Status status;
    String remoteAddr = ClientUtils.getClientIPAddress(request);
    String respPrefix = FSUtils.bundle.getString("responseLogMessage") + " " + remoteAddr;
    int reqType = samlRequest.getContentType();
    if (reqType == Request.NOT_SUPPORTED) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "Found element in the request which are not supported");
        }
        message = FSUtils.bundle.getString("unsupportedElement");
        try {
            status = new Status(new StatusCode("samlp:Responder"), message, null);
            retResponse = new FSResponse(respID, inResponseTo, status, contents);
            retResponse.setMinorVersion(samlRequest.getMinorVersion());
        } catch (SAMLException se) {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "Fatal error, cannot create status or response: ", se);
        }
        if (LogUtil.isAccessLoggable(Level.FINER)) {
            String[] data = { respPrefix, retResponse.toString() };
            LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
        } else {
            String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
            LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
        }
        return retResponse;
    }
    FSAssertionManager am = null;
    try {
        am = FSAssertionManager.getInstance(metaAlias);
    } catch (FSException se) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Cannot instantiate " + "FSAssertionManager");
        }
        message = se.getMessage();
        try {
            status = new Status(new StatusCode("samlp:Responder"), message, null);
            retResponse = new FSResponse(respID, inResponseTo, status, contents);
            retResponse.setMinorVersion(samlRequest.getMinorVersion());
        } catch (SAMLException sse) {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "Fatal error, cannot create status or response: ", sse);
        }
        if (LogUtil.isAccessLoggable(Level.FINER)) {
            String[] data = { respPrefix, retResponse.toString() };
            LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
        } else {
            String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
            LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
        }
        return retResponse;
    }
    List artifacts = null;
    List assertions = new ArrayList();
    if (reqType == Request.ASSERTION_ARTIFACT) {
        artifacts = samlRequest.getAssertionArtifact();
        length = artifacts.size();
        // ensure that all the artifacts have the same sourceID
        String sourceID = null;
        String providerID = null;
        AssertionArtifact art = null;
        for (int j = 0; j < length; j++) {
            art = (AssertionArtifact) artifacts.get(j);
            if (sourceID != null) {
                if (!sourceID.equals(art.getSourceID())) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Artifacts not from " + "the same source");
                    }
                    message = FSUtils.bundle.getString("mismatchSourceID");
                    try {
                        /**
                            * Need a second level status for the federation
                            * does not exist. 
                            */
                        status = new Status(new StatusCode("samlp:Requester", new StatusCode(IFSConstants.FEDERATION_NOT_EXISTS_STATUS, null)), message, null);
                        retResponse = new FSResponse(respID, inResponseTo, status, contents);
                        retResponse.setMinorVersion(samlRequest.getMinorVersion());
                    } catch (SAMLException ex) {
                        FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response: ", ex);
                    }
                    if (LogUtil.isAccessLoggable(Level.FINER)) {
                        String[] data = { respPrefix, retResponse.toString() };
                        LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
                    } else {
                        String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
                        LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
                    }
                    return retResponse;
                } else {
                    //sourceids are equal
                    continue;
                }
            } else {
                // sourceID == null
                sourceID = art.getSourceID();
            }
        }
        // while loop to go through artifacts to check for sourceID
        if (art != null) {
            try {
                providerID = am.getDestIdForArtifact(art);
            } catch (FSException ex) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: FSException Occured while " + "retrieving sp's providerID for the artifact: ", ex);
                providerID = null;
            }
            if (providerID == null) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "artifact received does not correspond to any SP");
                message = FSUtils.bundle.getString("invalidSource");
                try {
                    /**
                         * Need a second level status for the federation
                         * does not exist. 
                         */
                    /**
                         * First, let's check we haven't recorded a status
                         * beforehand (by another call) related to this
                         * artifact. If so, use it.
                         */
                    Status sorig = am.getErrorStatus(art);
                    if (sorig != null) {
                        status = sorig;
                    } else {
                        status = new Status(new StatusCode("samlp:Requester", new StatusCode(IFSConstants.FEDERATION_NOT_EXISTS_STATUS, null)), message, null);
                    }
                    retResponse = new FSResponse(respID, inResponseTo, status, contents);
                    retResponse.setMinorVersion(samlRequest.getMinorVersion());
                    return retResponse;
                } catch (SAMLException sse) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse:Fatal error, " + "cannot create status or response: ", sse);
                    return null;
                }
            //return error response
            } else {
                try {
                    if (!metaManager.isTrustedProvider(realm, hostedEntityId, providerID)) {
                        FSUtils.debug.error("FSSSOAndFedHandler.processAuthnRequest: " + "RemoteProvider is not trusted");
                        message = FSUtils.bundle.getString("AuthnRequestProcessingFailed");
                        status = new Status(new StatusCode("samlp:Requester"), message, null);
                        retResponse = new FSResponse(respID, inResponseTo, status, contents);
                        retResponse.setMinorVersion(samlRequest.getMinorVersion());
                        return retResponse;
                    }
                    spDescriptor = metaManager.getSPDescriptor(realm, providerID);
                    spEntityId = providerID;
                    remoteAddr = providerID;
                } catch (Exception ae) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "FSAllianceManagementException " + "Occured while getting", ae);
                    message = ae.getMessage();
                    try {
                        status = new Status(new StatusCode("samlp:Requester"), message, null);
                        retResponse = new FSResponse(respID, inResponseTo, status, contents);
                        retResponse.setMinorVersion(samlRequest.getMinorVersion());
                        return retResponse;
                    } catch (SAMLException sse) {
                        FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse:Fatal error, " + "cannot create status or response: ", sse);
                        return null;
                    }
                }
            }
            //Verify signature
            if (FSServiceUtils.isSigningOn()) {
                if (!verifySAMLRequestSignature(samlRequestElement, soapMsg)) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "SAMLRequest signature verification failed");
                    message = FSUtils.bundle.getString("signatureVerificationFailed");
                    try {
                        status = new Status(new StatusCode("samlp:Requester"), message, null);
                        retResponse = new FSResponse(respID, inResponseTo, status, contents);
                        retResponse.setMinorVersion(samlRequest.getMinorVersion());
                        return retResponse;
                    } catch (SAMLException sse) {
                        FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse:Fatal error, " + "cannot create status or response: " + sse.getMessage());
                    }
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOBrowserArtProfileHandler.createSAMLResp:" + " SAMLRequest signature verified");
                    }
                }
            }
        //end signature verification
        } else {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: No artifact found in samlRequest");
            message = FSUtils.bundle.getString("missingArtifact");
            try {
                status = new Status(new StatusCode("samlp:Requester"), message, null);
                retResponse = new FSResponse(respID, inResponseTo, status, contents);
                retResponse.setMinorVersion(samlRequest.getMinorVersion());
                return retResponse;
            } catch (SAMLException sse) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse:Fatal error, " + "cannot create status or response: ", sse);
                return null;
            }
        }
        for (int i = 0; i < length; i++) {
            AssertionArtifact artifact = (AssertionArtifact) artifacts.get(i);
            Assertion assertion = null;
            try {
                assertion = am.getAssertion(artifact, spEntityId);
            } catch (FSException e) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAML" + "Response:could not find matching assertion:", e);
                }
                message = e.getMessage();
                try {
                    status = new Status(new StatusCode("samlp:Success"), message, null);
                    retResponse = new FSResponse(respID, inResponseTo, status, contents);
                    retResponse.setMinorVersion(samlRequest.getMinorVersion());
                } catch (SAMLException sse) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse:Fatal error, " + "cannot create status or response: ", sse);
                }
                if (LogUtil.isAccessLoggable(Level.FINER)) {
                    String[] data = { respPrefix, retResponse.toString() };
                    LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
                } else {
                    String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
                    LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
                }
                return retResponse;
            }
            if (assertion != null) {
                assertions.add(i, assertion);
            }
        }
    }
    int assertionSize = assertions.size();
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: found " + assertionSize + "assertions.");
    }
    // inside the assertion has the calling host's address in it.
    for (int i = 0; i < assertionSize; i++) {
        Assertion assn = (Assertion) assertions.get(i);
        Conditions conds = assn.getConditions();
        Set trcs = conds.getAudienceRestrictionCondition();
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: checking to see if assertions" + " are for host:" + remoteAddr);
        }
        if (trcs != null && !trcs.isEmpty()) {
            Iterator trcsIterator = trcs.iterator();
            while (trcsIterator.hasNext()) {
                if (!((AudienceRestrictionCondition) trcsIterator.next()).containsAudience(remoteAddr)) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: removing TRC not" + "meant for this host");
                    }
                    assertions.remove(assn);
                }
            }
        }
    }
    assertionSize = assertions.size();
    if (assertionSize == 0) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Matching Assertions(s) not " + "created for this host");
        }
        message = FSUtils.bundle.getString("mismatchDest");
        try {
            status = new Status(new StatusCode("samlp:Success"), message, null);
            retResponse = new FSResponse(respID, inResponseTo, status, contents);
            retResponse.setMinorVersion(samlRequest.getMinorVersion());
        } catch (SAMLException se) {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response:", se);
        }
        if (LogUtil.isAccessLoggable(Level.FINER)) {
            String[] data = { respPrefix, retResponse.toString() };
            LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
        } else {
            String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
            LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
        }
        return retResponse;
    }
    if (reqType == Request.ASSERTION_ARTIFACT) {
        if (assertions.size() == artifacts.size()) {
            message = null;
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Matching Assertion found");
            }
            try {
                status = new Status(new StatusCode("samlp:Success"), message, null);
                retResponse = new FSResponse(respID, inResponseTo, status, assertions);
                retResponse.setMinorVersion(samlRequest.getMinorVersion());
            } catch (SAMLException se) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response:", se);
                return null;
            } catch (Exception e) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response:", e);
                return null;
            }
            if (LogUtil.isAccessLoggable(Level.FINER)) {
                String[] data = { respPrefix, retResponse.toString() };
                LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
            } else {
                String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
                LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
            }
            return retResponse;
        } else {
            message = FSUtils.bundle.getString("unequalMatch");
            try {
                status = new Status(new StatusCode("samlp:Success"), message, null);
                retResponse = new FSResponse(respID, inResponseTo, status, assertions);
                retResponse.setMinorVersion(samlRequest.getMinorVersion());
            } catch (SAMLException se) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response:", se);
            }
            if (LogUtil.isAccessLoggable(Level.FINER)) {
                String[] data = { respPrefix, retResponse.toString() };
                LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
            } else {
                String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
                LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
            }
            return retResponse;
        }
    } else {
        // build response for all the other type of request
        try {
            message = null;
            status = new Status(new StatusCode("samlp:Success"), message, null);
            retResponse = new FSResponse(respID, inResponseTo, status, assertions);
            retResponse.setMinorVersion(samlRequest.getMinorVersion());
        } catch (SAMLException se) {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response:", se);
        }
    }
    if (LogUtil.isAccessLoggable(Level.FINER)) {
        String[] data = { respPrefix, retResponse.toString() };
        LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
    } else {
        String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
        LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
    }
    return retResponse;
}
Also used : Status(com.sun.identity.saml.protocol.Status) Set(java.util.Set) ArrayList(java.util.ArrayList) Assertion(com.sun.identity.saml.assertion.Assertion) StatusCode(com.sun.identity.saml.protocol.StatusCode) SAMLException(com.sun.identity.saml.common.SAMLException) AssertionArtifact(com.sun.identity.saml.protocol.AssertionArtifact) FSAssertionArtifact(com.sun.identity.federation.message.FSAssertionArtifact) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) Conditions(com.sun.identity.saml.assertion.Conditions) FSAssertionManager(com.sun.identity.federation.services.FSAssertionManager) FSResponse(com.sun.identity.federation.message.FSResponse) FSException(com.sun.identity.federation.common.FSException) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) List(java.util.List)

Example 75 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class FSSSOBrowserArtifactProfileHandler method createSAMLAssertionArtifact.

/**
     * Creates assertion and assertion artifact.
     */
protected List createSAMLAssertionArtifact(Object ssoToken, String inResponseTo, NameIdentifier userHandle, NameIdentifier idpHandle) {
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLAssertionArtifact: Called");
    }
    List artifactList = new ArrayList();
    try {
        FSAssertionManager am = FSAssertionManager.getInstance(metaAlias);
        AssertionArtifact artifact = am.createFSAssertionArtifact(SessionManager.getProvider().getSessionID(ssoToken), realm, spEntityId, userHandle, idpHandle, inResponseTo, authnRequest.getMinorVersion());
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("AssertionArtifact id = " + artifact.toString());
        }
        String artid = artifact.getAssertionArtifact();
        artifactList.add(artid);
        return artifactList;
    } catch (FSException se) {
        FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLAssertionArtifact(0): ", se);
        return null;
    } catch (SAMLException se) {
        FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLAssertionArtifact(1): ", se);
        return null;
    } catch (SessionException se) {
        FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLAssertionArtifact(2): ", se);
        return null;
    }
}
Also used : FSAssertionManager(com.sun.identity.federation.services.FSAssertionManager) ArrayList(java.util.ArrayList) FSException(com.sun.identity.federation.common.FSException) SessionException(com.sun.identity.plugin.session.SessionException) ArrayList(java.util.ArrayList) List(java.util.List) SAMLException(com.sun.identity.saml.common.SAMLException) AssertionArtifact(com.sun.identity.saml.protocol.AssertionArtifact) FSAssertionArtifact(com.sun.identity.federation.message.FSAssertionArtifact)

Aggregations

SAMLException (com.sun.identity.saml.common.SAMLException)86 SessionException (com.sun.identity.plugin.session.SessionException)30 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)26 List (java.util.List)23 SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)19 ArrayList (java.util.ArrayList)19 FSException (com.sun.identity.federation.common.FSException)17 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)17 Iterator (java.util.Iterator)17 XMLSignatureManager (com.sun.identity.saml.xmlsig.XMLSignatureManager)16 SessionProvider (com.sun.identity.plugin.session.SessionProvider)15 Assertion (com.sun.identity.saml.assertion.Assertion)15 Set (java.util.Set)15 Attribute (com.sun.identity.saml.assertion.Attribute)13 Element (org.w3c.dom.Element)13 ParseException (java.text.ParseException)12 Map (java.util.Map)12 Status (com.sun.identity.saml.protocol.Status)11 Document (org.w3c.dom.Document)11 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)10