Search in sources :

Example 76 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class FSAssertionConsumerService method doGet.

/**
     * Handles artifact profile.
     * @param request <code>HttpServletRequest</code> object
     * @param response <code>HttpServletResponse</code> object
     * @exception ServletException, IOException if error occurrs.
     */
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    if ((request == null) || (response == null)) {
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
        return;
    }
    FSUtils.debug.message("FSAssertionConsumerService.doGet(): called");
    String relayState = request.getParameter(IFSConstants.LRURL);
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSAssertionConsumerService.doGet():Resource URL: " + relayState);
    }
    String metaAlias = FSServiceUtils.getMetaAlias(request);
    String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
    String baseURL = FSServiceUtils.getBaseURL(request);
    String framedPageURL = FSServiceUtils.getCommonLoginPageURL(metaAlias, relayState, null, request, baseURL);
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSAssertionConsumerService: CommonLoginPage: " + framedPageURL);
    }
    SPDescriptorType hostDesc = null;
    BaseConfigType hostConfig = null;
    String hostEntityId = null;
    try {
        hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
        hostDesc = metaManager.getSPDescriptor(realm, hostEntityId);
        hostConfig = metaManager.getSPDescriptorConfig(realm, hostEntityId);
    } catch (Exception e) {
        FSUtils.debug.error("FSAssertionConsumerService.doGet: ", e);
        FSUtils.forwardRequest(request, response, framedPageURL);
        return;
    }
    FSRequest samlRequest = null;
    String firstSourceID = null;
    String artifactName = IFSConstants.ARTIFACT_NAME_DEFAULT;
    String[] arti = (String[]) request.getParameterValues(artifactName);
    if ((arti == null) || (arti.length < 0) || (arti[0] == null)) {
        FSUtils.debug.error("FSAssertionConsumerService.doGet: " + "AuthnRequest Processing Failed at the IDP " + "Redirecting to the Framed Login Page");
        FSUtils.forwardRequest(request, response, framedPageURL);
    }
    List al = new ArrayList();
    try {
        FSAssertionArtifact firstArtifact = new FSAssertionArtifact(arti[0]);
        firstSourceID = firstArtifact.getSourceID();
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionConsumerService.doGet: " + "SourceID within the Artifact is " + firstSourceID);
        }
        al.add(firstArtifact);
        for (int k = 1; k < arti.length; k++) {
            // check all artifacts coming from the same source id
            FSAssertionArtifact assertArtifact = new FSAssertionArtifact(arti[k]);
            String dest = assertArtifact.getSourceID();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionConsumerService.doGet: " + "SourceID within the Artifact is " + dest);
            }
            if (!dest.equals(firstSourceID)) {
                FSUtils.debug.error("FSAssertionConsumerService.doGet: " + "Received multiple artifacts have different source id");
                FSUtils.forwardRequest(request, response, framedPageURL);
                return;
            }
            al.add(assertArtifact);
        }
        samlRequest = new FSRequest(null, al);
    } catch (SAMLException se) {
        FSUtils.debug.error("FSAssertionConsumerService.doGet: ", se);
        FSUtils.forwardRequest(request, response, framedPageURL);
        return;
    } catch (FSMsgException se) {
        FSUtils.debug.error("FSAssertionConsumerService.doGet: ", se);
        FSUtils.forwardRequest(request, response, framedPageURL);
        return;
    }
    try {
        // handle sso
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionConsumerService.doGet: " + "Trying to get BrowserArtifactHandler");
        }
        FSServiceManager sm = FSServiceManager.getInstance();
        FSAssertionArtifactHandler handler = sm.getBrowserArtifactHandler(request, response, realm, firstSourceID, samlRequest, relayState);
        if (handler == null) {
            FSUtils.debug.error("FSAssertionConsumerService.doGet: " + FSUtils.bundle.getString("internalError"));
            FSUtils.forwardRequest(request, response, framedPageURL);
            return;
        }
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionConsumerService.doGet: " + "BrowserArtifactHandler created");
        }
        handler.setRealm(realm);
        handler.setHostEntityId(hostEntityId);
        handler.setMetaAlias(metaAlias);
        handler.setHostDescriptor(hostDesc);
        handler.setHostDescriptorConfig(hostConfig);
        handler.processSAMLRequest();
        return;
    } catch (Exception e) {
        FSUtils.debug.error("FSAssertionConsumerService.doGet: " + "Exception occurred :", e);
        FSUtils.forwardRequest(request, response, framedPageURL);
        return;
    }
}
Also used : FSMsgException(com.sun.identity.federation.message.common.FSMsgException) ArrayList(java.util.ArrayList) SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType) SAMLException(com.sun.identity.saml.common.SAMLException) ServletException(javax.servlet.ServletException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) FSServiceManager(com.sun.identity.federation.services.FSServiceManager) ArrayList(java.util.ArrayList) List(java.util.List) FSAssertionArtifact(com.sun.identity.federation.message.FSAssertionArtifact) FSRequest(com.sun.identity.federation.message.FSRequest)

Example 77 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class FSTerminationRequestServlet method doGetPost.

/**
     * Handles termination request.
     * @param request <code>HttpServletRequest</code> object that contains the
     *  request the client has made of the servlet.
     * @param response <code>HttpServletResponse</code> object that contains
     *  the response the servlet sends to the client.
     * @exception IOException if the request could not be handled
     */
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    // Alias processing
    String providerAlias = FSServiceUtils.getMetaAlias(request);
    if (providerAlias == null || providerAlias.length() < 1) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Unable to retrieve alias, Hosted " + "Provider. Cannot process request");
        }
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("aliasNotFound"));
        return;
    }
    if (metaManager == null) {
        FSUtils.debug.error("Cannot retrieve hosted descriptor. Cannot process request");
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
        return;
    }
    ProviderDescriptorType hostedProviderDesc = null;
    BaseConfigType hostedConfig = null;
    String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
    String hostedEntityId = null;
    String hostedProviderRole = null;
    try {
        hostedProviderRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
        hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
        if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.IDP)) {
            hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
            hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
        } else if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
            hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
            hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
        }
        if (hostedProviderDesc == null) {
            throw new IDFFMetaException((String) null);
        }
    } catch (IDFFMetaException eam) {
        FSUtils.debug.error("Unable to find Hosted Provider. not process request");
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
        return;
    }
    this.request = request;
    setTerminationURL(hostedConfig, providerAlias);
    FSFederationTerminationNotification fedTermObj = new FSFederationTerminationNotification();
    try {
        fedTermObj = FSFederationTerminationNotification.parseURLEncodedRequest(request);
    } catch (FSMsgException e) {
        FSServiceUtils.showErrorPage(response, commonErrorPage, IFSConstants.TERMINATION_REQUEST_IMPROPER, IFSConstants.TERMINATION_LOCAL_FAILED);
        return;
    } catch (SAMLException e) {
        FSServiceUtils.showErrorPage(response, commonErrorPage, IFSConstants.TERMINATION_REQUEST_IMPROPER, IFSConstants.TERMINATION_LOCAL_FAILED);
        return;
    }
    if (fedTermObj == null) {
        FSServiceUtils.showErrorPage(response, commonErrorPage, IFSConstants.TERMINATION_REQUEST_IMPROPER, IFSConstants.TERMINATION_LOCAL_FAILED);
    } else {
        doRequestProcessing(request, response, hostedProviderDesc, hostedConfig, hostedProviderRole, realm, hostedEntityId, providerAlias, fedTermObj);
    }
    return;
}
Also used : BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSFederationTerminationNotification(com.sun.identity.federation.message.FSFederationTerminationNotification) ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType) SAMLException(com.sun.identity.saml.common.SAMLException)

Example 78 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class SingleLogoutManager method sendLogoutResponse.

/**
     * Sends logout response, this is for the case of HTTP binding
     * There are two cases here:
     * 1. IDP initiated HTTP Logout, just redirect user browser to original
     *    relaystate.
     * 2. SP initiated HTTP logout, need to send LogoutResponse back to SP.
     */
void sendLogoutResponse(HttpServletRequest request, HttpServletResponse response, String relayState) throws IOException {
    if (debug.messageEnabled()) {
        debug.message("SingleLogoutManager.sendLogoutResponse: relaystate=" + relayState);
    }
    String logoutResponseXML = (String) sloResponseXMLMap.get(relayState);
    if (logoutResponseXML == null) {
        // first case, just redirect to original relayState
        String origRelayState = (String) relayStateMap.get(relayState);
        int logoutStatus = ((Integer) currentStatusMap.get(relayState)).intValue();
        String statusString = MultiProtocolUtils.getLogoutStatus(logoutStatus);
        if ((origRelayState == null) || (origRelayState.length() == 0)) {
            // TODO : get default single logout URL for each protocol
            response.getWriter().print("Logout DONE. Status = " + statusString);
        } else {
            // include logout status
            if (origRelayState.indexOf("?") == -1) {
                response.sendRedirect(origRelayState + "?" + SingleLogoutManager.STATUS_PARAM + "=" + statusString);
            } else {
                response.sendRedirect(origRelayState + "&" + SingleLogoutManager.STATUS_PARAM + "=" + statusString);
            }
        }
    } else {
        String protocol = (String) origProtocolMap.get(relayState);
        String spEntityID = (String) spEntityIDMap.get(relayState);
        String origRelayState = (String) relayStateMap.get(relayState);
        String realm = (String) realmMap.get(relayState);
        String idpEntityID = (String) idpEntityIDMap.get(relayState);
        int currentStatus = ((Integer) currentStatusMap.get(relayState)).intValue();
        if (protocol.equals(SingleLogoutManager.SAML2)) {
            try {
                LogoutResponse logResp = ProtocolFactory.getInstance().createLogoutResponse(logoutResponseXML);
                String location = logResp.getDestination();
                String statusVal = logResp.getStatus().getStatusCode().getValue();
                String newVal = getNewStatusCode(currentStatus, statusVal);
                if (!statusVal.equals(newVal)) {
                    logResp.getStatus().getStatusCode().setValue(statusVal);
                }
                if (debug.messageEnabled()) {
                    debug.message("SingleLogoutManager.sendLogoutRes:" + "(SAML2) location=" + location + " orig status=" + statusVal + ", new status=" + newVal + ", orig relay=" + origRelayState + ", realm=" + realm + ", idpEntityID=" + idpEntityID + ", spEntityID=" + spEntityID);
                }
                LogoutUtil.sendSLOResponse(response, logResp, location, origRelayState, realm, idpEntityID, SAML2Constants.IDP_ROLE, spEntityID);
            } catch (SAML2Exception ex) {
                debug.error("SingleLogoutManager.sendLogoutResponse:saml2", ex);
                throw new IOException(ex.getMessage());
            }
        } else if (protocol.equals(SingleLogoutManager.IDFF)) {
            boolean failed = false;
            String logoutDoneURL = null;
            try {
                debug.message("SingleLogoutManager.sendLogoutResp: IDFF");
                IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
                ProviderDescriptorType descriptor = metaManager.getSPDescriptor(realm, spEntityID);
                String retURL = descriptor.getSingleLogoutServiceReturnURL();
                Element elem = XMLUtils.toDOMDocument(logoutResponseXML, SingleLogoutManager.debug).getDocumentElement();
                FSLogoutResponse responseLogout = new FSLogoutResponse(elem);
                BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, idpEntityID);
                logoutDoneURL = FSServiceUtils.getLogoutDonePageURL(request, hostedConfig, null);
                Status status = responseLogout.getStatus();
                String statusVal = status.getStatusCode().getValue();
                String newVal = getNewStatusCode(currentStatus, statusVal);
                if (!statusVal.equals(newVal)) {
                    com.sun.identity.saml.protocol.StatusCode statCode = new com.sun.identity.saml.protocol.StatusCode(newVal);
                    com.sun.identity.saml.protocol.Status stat = new com.sun.identity.saml.protocol.Status(statCode);
                    responseLogout.setStatus(stat);
                }
                if (debug.messageEnabled()) {
                    debug.message("SingleLogoutManager.sendLogoutRes:" + "(IDFF) orig status=" + statusVal + ", new status=" + newVal + ", orig relay=" + origRelayState + ", logout done URL=" + logoutDoneURL + ", realm=" + realm + ", idpEntityID=" + idpEntityID + ", spEntityID=" + spEntityID);
                }
                String urlEncodedResponse = responseLogout.toURLEncodedQueryString();
                // Sign the request querystring
                if (FSServiceUtils.isSigningOn()) {
                    String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
                    if (certAlias == null || certAlias.length() == 0) {
                        if (debug.messageEnabled()) {
                            debug.message("SingleLogoutManager.sendLogoutRes:" + "signSAMLRequest couldn't obtain cert alias.");
                        }
                        throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
                    } else {
                        urlEncodedResponse = FSSignatureUtil.signAndReturnQueryString(urlEncodedResponse, certAlias);
                    }
                }
                StringBuffer redirectURL = new StringBuffer();
                redirectURL.append(retURL);
                if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
                    redirectURL.append(IFSConstants.QUESTION_MARK);
                } else {
                    redirectURL.append(IFSConstants.AMPERSAND);
                }
                redirectURL.append(urlEncodedResponse);
                if (debug.messageEnabled()) {
                    debug.message("SingleLogoutManager.sendResponse " + "for IDFF, url = " + redirectURL.toString());
                }
                response.sendRedirect(redirectURL.toString());
            } catch (FSMsgException ex) {
                debug.error("SingleLogoutManager.sendLogoutRes", ex);
                failed = true;
            } catch (SAMLException ex) {
                debug.error("SingleLogoutManager.sendLogoutRes", ex);
                failed = true;
                ;
            } catch (IDFFMetaException ex) {
                debug.error("SingleLogoutManager.sendLogoutRes", ex);
                failed = true;
            } catch (IOException ex) {
                debug.error("SingleLogoutManager.sendLogoutRes", ex);
                failed = true;
            }
            if (failed) {
                FSServiceUtils.returnLocallyAfterOperation(response, logoutDoneURL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
            }
        } else if (protocol.equals(SingleLogoutManager.WS_FED)) {
            debug.message("SingleLogoutManager.sendLogoutResponse: WSFED");
            if (origRelayState != null) {
                response.sendRedirect(origRelayState);
            } else {
                response.getWriter().print("Logout DONE.");
            }
        } else {
            // should never come here
            debug.error("SingleLogoutManager.sendLogoutResponse: invalid" + " protocol : " + protocol);
        }
    }
    cleanupParameters(relayState);
    return;
}
Also used : Element(org.w3c.dom.Element) SAMLException(com.sun.identity.saml.common.SAMLException) BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) Status(com.sun.identity.saml.protocol.Status) Status(com.sun.identity.saml.protocol.Status) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse) LogoutResponse(com.sun.identity.saml2.protocol.LogoutResponse) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType) IOException(java.io.IOException) FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)

Example 79 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class Message method parseSecurityElement.

/**
     * Sets security profile type by parsing a security element.
     *
     * @param se a security element
     * @throws SOAPBindingException if an error occurs while parsing
     *                              the security element
     */
private void parseSecurityElement(Element securityE) throws SOAPBindingException {
    if (securityE == null) {
        securityProfileType = ANONYMOUS;
        return;
    }
    String wsseNS = securityE.getNamespaceURI();
    if (wsseNS == null) {
        securityProfileType = ANONYMOUS;
        return;
    }
    String wsuNS = null;
    if (wsseNS.equals(WSSEConstants.NS_WSSE_WSF11)) {
        wsfVersion = SOAPBindingConstants.WSF_11_VERSION;
        wsuNS = WSSEConstants.NS_WSU_WSF11;
    } else if (wsseNS.equals(WSSEConstants.NS_WSSE)) {
        wsfVersion = SOAPBindingConstants.WSF_10_VERSION;
        wsuNS = WSSEConstants.NS_WSU;
    } else {
        securityProfileType = ANONYMOUS;
        return;
    }
    NodeList nl = securityE.getElementsByTagNameNS(wsseNS, SAMLConstants.TAG_SECURITYTOKENREFERENCE);
    Element securityTokenRefE = null;
    String uri = null;
    if (nl != null && nl.getLength() > 0) {
        securityTokenRefE = (Element) nl.item(0);
        List list = XMLUtils.getElementsByTagNameNS1(securityTokenRefE, wsseNS, SAMLConstants.TAG_REFERENCE);
        if (!list.isEmpty()) {
            Element referenceE = (Element) list.get(0);
            uri = XMLUtils.getNodeAttributeValue(referenceE, SAMLConstants.TAG_URI);
            if (uri != null && uri.length() > 1 && uri.startsWith("#")) {
                uri = uri.substring(1);
            } else {
                String msg = Utils.bundle.getString("invalidReferenceURI");
                Utils.debug.error("Message.parseSecurityElement: " + msg);
                throw new SOAPBindingException(msg);
            }
            if (Utils.debug.messageEnabled()) {
                Utils.debug.message("Message.parseSecurityElement: " + "SecurityTokenReference Reference URI = " + uri);
            }
        }
    }
    securityProfileType = ANONYMOUS;
    securityHeaders = new ArrayList();
    nl = securityE.getChildNodes();
    int length = nl.getLength();
    for (int i = 0; i < length; i++) {
        Node child = nl.item(i);
        if (child.getNodeType() == Node.ELEMENT_NODE) {
            String localName = child.getLocalName();
            String ns = child.getNamespaceURI();
            if (securityProfileType != ANONYMOUS) {
                securityHeaders.add(child);
                continue;
            }
            if (SAMLConstants.BINARYSECURITYTOKEN.equals(localName) && wsseNS.equals(ns)) {
                Element binarySecurityTokenE = (Element) child;
                String valuetype = XMLUtils.getNodeAttributeValue(binarySecurityTokenE, "ValueType");
                Utils.debug.message("ValueType: " + valuetype);
                if ((valuetype != null) && valuetype.endsWith("ServiceSessionContext")) {
                    securityHeaders.add(child);
                    continue;
                }
                if (uri != null) {
                    String id = XMLUtils.getNodeAttributeValueNS(binarySecurityTokenE, wsuNS, SAMLConstants.TAG_ID);
                    if (!uri.equals(id)) {
                        securityHeaders.add(child);
                        continue;
                    }
                }
                try {
                    binarySecurityToken = new BinarySecurityToken(binarySecurityTokenE);
                    messageCertificate = (X509Certificate) SecurityUtils.getCertificate(binarySecurityToken);
                } catch (Exception ex) {
                    String msg = Utils.bundle.getString("cannotProcessBinarySecurityToken");
                    Utils.debug.error("Message.parseSecurityElement: " + msg);
                    throw new SOAPBindingException(msg);
                }
                if (Utils.debug.messageEnabled()) {
                    Utils.debug.message("Message.parseSecurityElement:" + " found binary security token");
                }
                securityProfileType = X509_TOKEN;
            } else if (SAMLConstants.TAG_ASSERTION.equals(localName) && SAMLConstants.assertionSAMLNameSpaceURI.equals(ns)) {
                Element assertionE = (Element) child;
                if (uri != null) {
                    String assertionID = XMLUtils.getNodeAttributeValue(assertionE, SAMLConstants.TAG_ASSERTION_ID);
                    if (!uri.equals(assertionID)) {
                        securityHeaders.add(child);
                        continue;
                    }
                }
                try {
                    assertion = new SecurityAssertion(assertionE);
                } catch (SAMLException ex) {
                    String msg = Utils.bundle.getString("cannotProcessSAMLAssertion");
                    Utils.debug.error("Message.parseSecurityElement: " + msg);
                    throw new SOAPBindingException(msg);
                }
                if (Utils.debug.messageEnabled()) {
                    Utils.debug.message("Message.parseSecurityElement:" + " found security assertion, " + "isBearer = " + assertion.isBearer());
                }
                if (assertion.isBearer()) {
                    securityProfileType = BEARER_TOKEN;
                } else {
                    securityProfileType = SAML_TOKEN;
                    messageCertificate = (X509Certificate) SecurityUtils.getCertificate(assertion);
                }
            } else {
                securityHeaders.add(child);
            }
        }
    }
    if (securityHeaders.isEmpty()) {
        securityHeaders = null;
    }
}
Also used : BinarySecurityToken(com.sun.identity.liberty.ws.common.wsse.BinarySecurityToken) NodeList(org.w3c.dom.NodeList) Element(org.w3c.dom.Element) Node(org.w3c.dom.Node) ArrayList(java.util.ArrayList) SecurityAssertion(com.sun.identity.liberty.ws.security.SecurityAssertion) SAMLException(com.sun.identity.saml.common.SAMLException) SAMLException(com.sun.identity.saml.common.SAMLException) JAXBException(javax.xml.bind.JAXBException) X509Certificate(java.security.cert.X509Certificate) ArrayList(java.util.ArrayList) NodeList(org.w3c.dom.NodeList) List(java.util.List)

Example 80 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class SAMLSOAPReceiver method extractProcessRequest.

/**
     * Extracts the Request object from the SOAPMessage return corresponding
     * response.
     */
private Response extractProcessRequest(HttpServletRequest servletReq, org.w3c.dom.Element body, Set partnerSourceID) {
    Response retResponse = null;
    String respID = SAMLUtils.generateID();
    String inResponseTo = null;
    List contents = new ArrayList();
    String message = null;
    Status status;
    String remoteAddr = ClientUtils.getClientIPAddress(servletReq);
    String recipient = remoteAddr;
    String invalidRespPrefix = SAMLUtils.bundle.getString("invalidRequestLogMessage") + " " + remoteAddr + ": ";
    String respPrefix = SAMLUtils.bundle.getString("responseLogMessage") + " " + remoteAddr + ": ";
    NodeList nl = body.getElementsByTagNameNS(sc.PROTOCOL_NAMESPACE_URI, "Request");
    int length = nl.getLength();
    if (length == 0) {
        SAMLUtils.debug.error("SOAPReceiver: Body does not have a Request");
        message = SAMLUtils.bundle.getString("missingRequest");
        try {
            status = new Status(new StatusCode("samlp:Requester"), message, null);
            retResponse = new Response(respID, inResponseTo, status, recipient, contents);
        } catch (SAMLException se) {
            SAMLUtils.debug.error("SOAPReceiver:Fatal error, cannot " + "create status or response:" + se.getMessage());
        }
        String[] data = { invalidRespPrefix, retResponse.toString() };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
        return retResponse;
    }
    boolean foundRequest = false;
    Request req = null;
    for (int i = 0; i < length; i++) {
        Node child = (Node) nl.item(i);
        if (child.getNodeType() != Node.ELEMENT_NODE) {
            continue;
        }
        if (child.getLocalName().equals("Request")) {
            try {
                req = new Request((Element) child);
                SAMLUtils.debug.message("found request ");
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message(" Received Request:" + req.toString());
                }
                String[] data = { SAMLUtils.bundle.getString("requestLogMessage") + " " + remoteAddr, req.toString() };
                LogUtils.access(java.util.logging.Level.FINE, LogUtils.SOAP_REQUEST_MESSAGE, data);
                inResponseTo = req.getRequestID();
                foundRequest = true;
                break;
            } catch (SAMLRequesterException ss) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("SOAPReceiver:setting " + "status to samlp:Requester" + " " + ss.getMessage());
                }
                message = new String(ss.getMessage());
                try {
                    status = new Status(new StatusCode("samlp:Requester"), message, null);
                    retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                } catch (SAMLException se) {
                    SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
                }
                String[] data = { invalidRespPrefix, retResponse.toString() };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
                return retResponse;
            } catch (SAMLRequestVersionTooHighException sv) {
                String mesg = new String(sv.getMessage());
                StringTokenizer tok1 = new StringTokenizer(mesg, "|");
                inResponseTo = tok1.nextToken();
                message = tok1.nextToken();
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("SOAPReceiver:setting " + "status to samlp:VersionMismatch" + " " + message);
                }
                try {
                    status = new Status(new StatusCode("samlp:RequestVersionTooHigh"), message, null);
                    retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                } catch (SAMLException se) {
                    SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
                }
                String[] data = { invalidRespPrefix, retResponse.toString() };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
                return retResponse;
            } catch (SAMLRequestVersionTooLowException sv) {
                String mesg = new String(sv.getMessage());
                StringTokenizer tok1 = new StringTokenizer(mesg, "|");
                inResponseTo = tok1.nextToken();
                message = tok1.nextToken();
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("SOAPReceiver:setting " + "status to samlp:VersionMismatch" + " " + message);
                }
                try {
                    status = new Status(new StatusCode("samlp:RequestVersionTooLow"), message, null);
                    retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                } catch (SAMLException se) {
                    SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
                }
                String[] data = { invalidRespPrefix, retResponse.toString() };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
                return retResponse;
            } catch (Exception e) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("SOAPReceiver:setting " + "status to samlp:Responder" + " " + e.getMessage());
                }
                message = new String(e.getMessage());
                try {
                    status = new Status(new StatusCode("samlp:Responder"), message, null);
                    retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                } catch (SAMLException se) {
                    SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
                }
                String[] data = { invalidRespPrefix, retResponse.toString() };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
                return retResponse;
            }
        }
    }
    if (!(foundRequest)) {
        SAMLUtils.debug.error("SOAPReceiver: Body does not have a Request");
        message = SAMLUtils.bundle.getString("missingRequest");
        try {
            status = new Status(new StatusCode("samlp:Requester"), message, null);
            retResponse = new Response(respID, inResponseTo, status, recipient, contents);
        } catch (SAMLException se) {
            SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
        }
        String[] data = { invalidRespPrefix, retResponse.toString() };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
        return retResponse;
    } else {
        // found request now process it
        if (!req.isSignatureValid()) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("SOAPReceiver: couldn't verify " + "the signature on Request.");
            }
            message = SAMLUtils.bundle.getString("cannotVerifyRequest");
            try {
                status = new Status(new StatusCode("samlp:Requester"), message, null);
                retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
            } catch (SAMLException se) {
                SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
            }
            String[] data = { respPrefix, retResponse.toString() };
            LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
            return retResponse;
        }
        int reqType = req.getContentType();
        if (reqType == Request.NOT_SUPPORTED) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("SOAPReceiver:Found " + "element in the request which are not supported");
            }
            message = SAMLUtils.bundle.getString("unsupportedElement");
            try {
                status = new Status(new StatusCode("samlp:Responder"), message, null);
                retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
            } catch (SAMLException se) {
                SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
            }
            String[] data = { respPrefix, retResponse.toString() };
            LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
            return retResponse;
        }
        List respondWith = req.getRespondWith();
        if (!parseRespondWith(respondWith)) {
            SAMLUtils.debug.error("SOAPReceiver:Supported statements " + "are not present in the RespondWith element.");
            message = SAMLUtils.bundle.getString("unsupportedStatement");
            try {
                status = new Status(new StatusCode("samlp:Responder"), message, null);
                retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
            } catch (SAMLException se) {
                SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
            }
            String[] data = { respPrefix, retResponse.toString() };
            LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
            return retResponse;
        }
        AssertionManager am = null;
        try {
            am = AssertionManager.getInstance();
        } catch (SAMLException se) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("SOAPReceiver: Cannot" + " instantiate AssertionManager");
            }
            message = se.getMessage();
            try {
                status = new Status(new StatusCode("samlp:Responder"), message, null);
                retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
            } catch (SAMLException sse) {
                SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", sse);
                String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
            }
            String[] data = { respPrefix, retResponse.toString() };
            LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
            return retResponse;
        }
        List artifacts = null;
        List assertions = new ArrayList();
        if (reqType == Request.ASSERTION_ARTIFACT) {
            artifacts = req.getAssertionArtifact();
            length = artifacts.size();
            // ensure that all the artifacts have this site's sourceID
            for (int j = 0; j < length; j++) {
                AssertionArtifact art = (AssertionArtifact) artifacts.get(j);
                if (!isThisSiteID(art.getSourceID())) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("SOAPReceiver:Artifact" + " has invalid SourceID");
                    }
                    message = SAMLUtils.bundle.getString("mismatchSourceID");
                    try {
                        status = new Status(new StatusCode("samlp:Requester"), message, null);
                        retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                        retResponse.setMajorVersion(req.getMajorVersion());
                        retResponse.setMinorVersion(req.getMinorVersion());
                    } catch (SAMLException ex) {
                        SAMLUtils.debug.error("SOAPReceiver:" + "Fatal error, " + "cannot create status or response", ex);
                        String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                        LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
                    }
                    String[] data = { respPrefix, retResponse.toString() };
                    LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
                    return retResponse;
                }
            }
            // for loop to go through artifacts to check for sourceID
            for (int i = 0; i < length; i++) {
                AssertionArtifact artifact = (AssertionArtifact) artifacts.get(i);
                Assertion assertion = null;
                try {
                    assertion = am.getAssertion(artifact, partnerSourceID);
                } catch (SAMLException se) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("SOAPReceiver:" + " could not find matching assertion");
                    }
                    message = se.getMessage();
                    try {
                        status = new Status(new StatusCode("samlp:Success"), message, null);
                        retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                        retResponse.setMajorVersion(req.getMajorVersion());
                        retResponse.setMinorVersion(req.getMinorVersion());
                    } catch (SAMLException sse) {
                        SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", sse);
                        String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                        LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
                    }
                    String[] data = { respPrefix, retResponse.toString() };
                    LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
                    return retResponse;
                }
                if (assertion != null) {
                    assertions.add(i, assertion);
                }
            }
        } else if (reqType == Request.ASSERTION_ID_REFERENCE) {
            List assertionIdRefs = req.getAssertionIDReference();
            length = assertionIdRefs.size();
            for (int i = 0; i < length; i++) {
                AssertionIDReference aidRef = (AssertionIDReference) assertionIdRefs.get(i);
                Assertion assertion = null;
                try {
                    assertion = am.getAssertion(aidRef, partnerSourceID);
                } catch (SAMLException se) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("SOAPReceiver:" + " could not find matching assertion");
                    }
                    message = se.getMessage();
                    try {
                        status = new Status(new StatusCode("samlp:Success"), message, null);
                        retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                        retResponse.setMajorVersion(req.getMajorVersion());
                        retResponse.setMinorVersion(req.getMinorVersion());
                    } catch (SAMLException sse) {
                        SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", sse);
                        String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                        LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
                    }
                    String[] data = { respPrefix, retResponse.toString() };
                    LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
                    return retResponse;
                }
                if (assertion != null) {
                    assertions.add(i, assertion);
                }
            }
        } else if ((reqType == Request.AUTHENTICATION_QUERY) || (reqType == Request.AUTHORIZATION_DECISION_QUERY) || (reqType == Request.ATTRIBUTE_QUERY)) {
            Query query = req.getQuery();
            if (query != null) {
                Assertion assertion = null;
                try {
                    // if we come here, partnerSourceID is not empty
                    // always pass the first matching sourceID in
                    // need to find solution to handle multiple matches:TBD
                    assertion = am.getAssertion(query, (String) ((Iterator) partnerSourceID.iterator()).next());
                } catch (SAMLException se) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("SOAPReceiver:" + " could not find matching assertion");
                    }
                    message = se.getMessage();
                    try {
                        status = new Status(new StatusCode("samlp:Success"), message, null);
                        retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                        retResponse.setMajorVersion(req.getMajorVersion());
                        retResponse.setMinorVersion(req.getMinorVersion());
                    } catch (SAMLException sse) {
                        SAMLUtils.debug.error("SOAPReceiver:Fatal " + " error, cannot create status or " + " response", sse);
                        String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                        LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
                    }
                    String[] data = { respPrefix, retResponse.toString() };
                    LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
                    return retResponse;
                }
                if (assertion != null) {
                    assertions.add(assertion);
                }
            }
        } else {
            //
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("SOAPReceiver:Request " + "contents has element which is not supported at this" + " time");
            }
            message = SAMLUtils.bundle.getString("unsupportedElement");
            try {
                status = new Status(new StatusCode("samlp:Responder"), message, null);
                retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
            } catch (SAMLException se) {
                SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
            }
            String[] data = { respPrefix, retResponse.toString() };
            LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
            return retResponse;
        }
        int assertionSize = assertions.size();
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("found " + assertionSize + " assertions.");
        }
        // Request received. 
        for (int i = 0; i < assertionSize; i++) {
            Response resp = validateStatements((Assertion) assertions.get(i), respondWith, contents, i, respID, inResponseTo, recipient);
            if (resp != null) {
                String[] data = { respPrefix, retResponse.toString() };
                LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
                return resp;
            }
        // else there was no mismatch with respondWith element
        }
        if (reqType == Request.ASSERTION_ARTIFACT) {
            if (contents.size() == artifacts.size()) {
                message = null;
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("SOAPReceiver: Matching " + "Assertion found");
                }
                try {
                    status = new Status(new StatusCode("samlp:Success"), message, null);
                    retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                    retResponse.setMajorVersion(req.getMajorVersion());
                    retResponse.setMinorVersion(req.getMinorVersion());
                } catch (SAMLException se) {
                    SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                    String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                    LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
                }
                String[] data = { respPrefix, retResponse.toString() };
                LogUtils.access(java.util.logging.Level.FINE, LogUtils.SENDING_RESPONSE, data);
                return retResponse;
            } else {
                message = SAMLUtils.bundle.getString("unequalMatch");
                try {
                    status = new Status(new StatusCode("samlp:Success"), message, null);
                    //contents = null;
                    retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                    retResponse.setMajorVersion(req.getMajorVersion());
                    retResponse.setMinorVersion(req.getMinorVersion());
                } catch (SAMLException se) {
                    SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                    String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                    LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
                }
                String[] data = { respPrefix, retResponse.toString() };
                LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
                return retResponse;
            }
        } else {
            // build response for all the other type of request
            try {
                status = new Status(new StatusCode("samlp:Success"), message, null);
                retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
            } catch (SAMLException se) {
                SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
            }
        }
    }
    // end of else found request
    if (LogUtils.isAccessLoggable(java.util.logging.Level.FINER)) {
        String[] data = { respPrefix, retResponse.toString() };
        LogUtils.access(java.util.logging.Level.FINER, LogUtils.SENDING_RESPONSE, data);
    } else {
        String[] data = { respPrefix, retResponse.getResponseID() };
        LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
    }
    return retResponse;
}
Also used : Status(com.sun.identity.saml.protocol.Status) Query(com.sun.identity.saml.protocol.Query) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) SOAPElement(javax.xml.soap.SOAPElement) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) Request(com.sun.identity.saml.protocol.Request) HttpServletRequest(javax.servlet.http.HttpServletRequest) Assertion(com.sun.identity.saml.assertion.Assertion) SAMLRequesterException(com.sun.identity.saml.common.SAMLRequesterException) StatusCode(com.sun.identity.saml.protocol.StatusCode) SAMLException(com.sun.identity.saml.common.SAMLException) ServletException(javax.servlet.ServletException) SOAPException(javax.xml.soap.SOAPException) SAMLRequestVersionTooHighException(com.sun.identity.saml.common.SAMLRequestVersionTooHighException) SAMLRequesterException(com.sun.identity.saml.common.SAMLRequesterException) SAMLRequestVersionTooLowException(com.sun.identity.saml.common.SAMLRequestVersionTooLowException) SAMLException(com.sun.identity.saml.common.SAMLException) AssertionArtifact(com.sun.identity.saml.protocol.AssertionArtifact) Response(com.sun.identity.saml.protocol.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) StringTokenizer(java.util.StringTokenizer) AssertionManager(com.sun.identity.saml.AssertionManager) SAMLRequestVersionTooLowException(com.sun.identity.saml.common.SAMLRequestVersionTooLowException) SAMLRequestVersionTooHighException(com.sun.identity.saml.common.SAMLRequestVersionTooHighException) List(java.util.List) ArrayList(java.util.ArrayList) NodeList(org.w3c.dom.NodeList) AssertionIDReference(com.sun.identity.saml.assertion.AssertionIDReference)

Aggregations

SAMLException (com.sun.identity.saml.common.SAMLException)86 SessionException (com.sun.identity.plugin.session.SessionException)30 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)26 List (java.util.List)23 SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)19 ArrayList (java.util.ArrayList)19 FSException (com.sun.identity.federation.common.FSException)17 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)17 Iterator (java.util.Iterator)17 XMLSignatureManager (com.sun.identity.saml.xmlsig.XMLSignatureManager)16 SessionProvider (com.sun.identity.plugin.session.SessionProvider)15 Assertion (com.sun.identity.saml.assertion.Assertion)15 Set (java.util.Set)15 Attribute (com.sun.identity.saml.assertion.Attribute)13 Element (org.w3c.dom.Element)13 ParseException (java.text.ParseException)12 Map (java.util.Map)12 Status (com.sun.identity.saml.protocol.Status)11 Document (org.w3c.dom.Document)11 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)10