use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.
the class SAMLAwareServlet method IntersiteTransfer.
/**
* Creates a list of AssertionArtifact's id.
*
* @param request the <code>HttpServletRequest</code> object.
* @param response the <code>HttpServletResponse</code> object.
* @param target String representing the target host.
* @throws IOException if there is an error.
* @throws SAMLException if there is an error.
*/
private void IntersiteTransfer(HttpServletRequest request, HttpServletResponse response, String target) throws IOException, ServletException {
// put _Sites as HashSet, loop through _Sites.
// to check if the real target contains the siteid from the config
// and if the targte port number equals the port number in config
// (the port number is optional)
URL theTarget = new URL(target);
String theHost = theTarget.getHost();
int thePort = theTarget.getPort();
if (theHost == null) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.error("SAMLAwareServlet:IntersiteTransfer:" + "Failed to get host name of target URL.");
}
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "missingTargetHost", SAMLUtils.bundle.getString("missingTargetHost"));
return;
}
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("TargetUrl Host = " + theHost + " Port= " + thePort);
}
// target break on ":"
SAMLServiceManager.SiteEntry thisSite = null;
Set trustedserver = (Set) SAMLServiceManager.getAttribute(SAMLConstants.TRUSTED_SERVER_LIST);
if (trustedserver == null) {
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "nullTrustedSite", SAMLUtils.bundle.getString("nullTrustedSite"));
return;
}
Iterator iter = trustedserver.iterator();
while (iter.hasNext()) {
String key = null;
int portNum = 0;
SAMLServiceManager.SiteEntry se = (SAMLServiceManager.SiteEntry) iter.next();
key = se.getHostName();
portNum = se.getPort();
if (portNum != -1) {
if (theHost.indexOf(key) != -1) {
if (thePort != -1) {
if (thePort == portNum) {
thisSite = se;
break;
}
}
}
} else {
// there is no port number specified in the SiteEntry:Target
if (theHost.indexOf(key) != -1) {
thisSite = se;
}
}
}
if (thisSite != null) {
//create Session
Object ssoToken = null;
boolean loggedIn = false;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
if (ssoToken != null && sessionProvider.isValid(ssoToken)) {
loggedIn = true;
}
} catch (SessionException se) {
SAMLUtils.debug.message("Invalid SSO!");
}
if (!loggedIn) {
response.sendRedirect(SAMLUtils.getLoginRedirectURL(request));
return;
}
// create AssertionArtifact(s)
List artis = new ArrayList();
try {
artis = createArtifact(ssoToken, thisSite.getSourceID(), request, response, target, thisSite.getVersion());
} catch (SAMLException se) {
SAMLUtils.debug.error("IntersiteTransfer:Failed to create" + " AssertionArtifact(s)");
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "errorCreateArtifact", se.getMessage());
;
return;
}
//bounce the user off to the remote site, pointing them to the
//location of SamlAwareServlet at that site, and adding the
//assertion artifact
String targetName = (String) SAMLServiceManager.getAttribute(SAMLConstants.TARGET_SPECIFIER);
String artifactName = (String) SAMLServiceManager.getAttribute(SAMLConstants.ARTIFACT_NAME);
iter = artis.iterator();
StringBuffer sb = new StringBuffer(1000);
String samltmp = null;
while (iter.hasNext()) {
samltmp = URLEncDec.encode((String) iter.next());
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("Encoded SAML AssertionArtifact " + samltmp);
}
sb.append("&").append(artifactName).append("=").append(samltmp);
}
String redirecto = thisSite.getSAMLUrl() + "?" + targetName + "=" + URLEncDec.encode(target) + sb.toString();
response.setStatus(response.SC_MOVED_TEMPORARILY);
response.setHeader("Location", redirecto);
String[] data = { SAMLUtils.bundle.getString("redirectTo"), target, redirecto };
LogUtils.access(java.util.logging.Level.FINE, LogUtils.REDIRECT_TO_URL, data, ssoToken);
response.sendRedirect(redirecto);
} else {
String[] data = { SAMLUtils.bundle.getString("targetForbidden"), target };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.TARGET_FORBIDDEN, data);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_FORBIDDEN, "targetForbidden", SAMLUtils.bundle.getString("targetForbidden") + " " + target);
return;
}
}
use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.
the class SAMLAwareServlet method createArtifact.
/**
* Creates a list of AssertionArtifact's id.
*
* @param sso the user Session object
* @param target A String representing the target host
* @param targetUrl A URL String representing the target site
* @param version The relying party preferred Assertion version number
* @return a List representing a list of AssertionArtifact's id
* @throws SAMLException if there is an error.
*/
private List createArtifact(Object sso, String target, HttpServletRequest request, HttpServletResponse response, String targetUrl, String version) throws SAMLException {
if (sso == null || target == null || target.length() == 0 || version == null || version.length() == 0) {
throw new SAMLException(SAMLUtils.bundle.getString("createArtifactError"));
}
List artifactList = new ArrayList();
AssertionManager assertManager = AssertionManager.getInstance();
try {
SessionProvider sessionProvider = SessionManager.getProvider();
AssertionArtifact artifact = assertManager.createAssertionArtifact(sessionProvider.getSessionID(sso), target, request, response, targetUrl, version);
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("AssertionArtifact id = " + artifact.toString());
}
String artid = artifact.getAssertionArtifact();
artifactList.add(artid);
} catch (SessionException se) {
SAMLUtils.debug.error("Couldn't get SessionProvider.");
throw new SAMLException(SAMLUtils.bundle.getString("nullSessionProvider"));
}
return artifactList;
}
use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.
the class Request method signXML.
/**
* Method to sign the Request.
* @exception SAMLException if could not sign the Request.
*/
public void signXML() throws SAMLException {
if (signed) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("Request.signXML: the request is " + "already signed.");
}
throw new SAMLException(SAMLUtils.bundle.getString("alreadySigned"));
}
String certAlias = SystemConfigurationUtil.getProperty("com.sun.identity.saml.xmlsig.certalias");
if (certAlias == null) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("Request.signXML: couldn't obtain " + "this site's cert Alias.");
}
throw new SAMLResponderException(SAMLUtils.bundle.getString("cannotFindCertAlias"));
}
XMLSignatureManager manager = XMLSignatureManager.getInstance();
if ((majorVersion == 1) && (minorVersion == 0)) {
SAMLUtils.debug.message("Request.signXML: sign with version 1.0");
signatureString = manager.signXML(this.toString(true, true), certAlias);
// this block is used for later return of signature element by
// getSignature() method
signature = XMLUtils.toDOMDocument(signatureString, SAMLUtils.debug).getDocumentElement();
} else {
Document doc = XMLUtils.toDOMDocument(this.toString(true, true), SAMLUtils.debug);
// sign with SAML 1.1 spec & include cert in KeyInfo
signature = manager.signXML(doc, certAlias, null, REQUEST_ID_ATTRIBUTE, getRequestID(), true, null);
signatureString = XMLUtils.print(signature);
}
signed = true;
xmlString = this.toString(true, true);
}
use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.
the class Response method signXML.
/**
* Method that signs the Response.
*
* @exception SAMLException if could not sign the Response.
*/
public void signXML() throws SAMLException {
if (signed) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("Response.signXML: the response is " + "already signed.");
}
throw new SAMLException(SAMLUtils.bundle.getString("alreadySigned"));
}
String certAlias = SystemConfigurationUtil.getProperty("com.sun.identity.saml.xmlsig.certalias");
if (certAlias == null) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("Response.signXML: couldn't obtain " + "this site's cert alias.");
}
throw new SAMLResponderException(SAMLUtils.bundle.getString("cannotFindCertAlias"));
}
XMLSignatureManager manager = XMLSignatureManager.getInstance();
if ((majorVersion == 1) && (minorVersion == 0)) {
SAMLUtils.debug.message("Request.signXML: sign with version 1.0");
signatureString = manager.signXML(this.toString(true, true), certAlias);
// this block is used for later return of signature element by
// getSignature() method
signature = XMLUtils.toDOMDocument(signatureString, SAMLUtils.debug).getDocumentElement();
} else {
Document doc = XMLUtils.toDOMDocument(this.toString(true, true), SAMLUtils.debug);
// sign with SAML 1.1 spec & include cert in KeyInfo
signature = manager.signXML(doc, certAlias, null, RESPONSE_ID_ATTRIBUTE, getResponseID(), true, null);
signatureString = XMLUtils.print(signature);
}
signed = true;
xmlString = this.toString(true, true);
}
use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.
the class BulkFederation method idffFederateUser.
private void idffFederateUser(String localUserId, String remoteUserId, BufferedWriter out) throws CLIException {
SSOToken adminSSOToken = getAdminSSOToken();
try {
AMIdentity amid = IdUtils.getIdentity(adminSSOToken, localUserId);
String nameId = createNameIdentifier();
FSAccountFedInfoKey key = (isIDP) ? new FSAccountFedInfoKey(remoteEntityId, nameId) : new FSAccountFedInfoKey(localEntityId, nameId);
FSAccountFedInfo info = null;
if (isIDP) {
info = new FSAccountFedInfo(remoteEntityId, new NameIdentifier(nameId, remoteEntityId, IFSConstants.NI_FEDERATED_FORMAT_URI), IFSConstants.LOCAL_NAME_IDENTIFIER, true);
} else {
info = new FSAccountFedInfo(remoteEntityId, new NameIdentifier(nameId, localEntityId, IFSConstants.NI_FEDERATED_FORMAT_URI), IFSConstants.REMOTE_NAME_IDENTIFIER, true);
}
Map attributes = amid.getAttributes(idffUserAttributesFed);
Set setInfoKey = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_KEY_ATTR);
if ((setInfoKey == null) || setInfoKey.isEmpty()) {
setInfoKey = new HashSet(2);
attributes.put(FSAccountUtils.USER_FED_INFO_KEY_ATTR, setInfoKey);
}
setInfoKey.add(FSAccountUtils.objectToKeyString(key));
Set setInfo = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_ATTR);
if ((setInfo == null) || setInfo.isEmpty()) {
setInfo = new HashSet(2);
attributes.put(FSAccountUtils.USER_FED_INFO_ATTR, setInfo);
}
setInfo.add(FSAccountUtils.objectToInfoString(info));
amid.setAttributes(attributes);
amid.store();
out.write(remoteUserId + "|" + nameId);
out.newLine();
} catch (FSAccountMgmtException e) {
debugError("BulkFederation.idffFederateUser", e);
Object[] param = { localUserId };
throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (SAMLException e) {
debugError("BulkFederation.idffFederateUser", e);
Object[] param = { localUserId };
throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IOException e) {
debugError("BulkFederation.idffFederateUser", e);
Object[] param = { localUserId };
throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (IdRepoException e) {
debugError("BulkFederation.idffFederateUser", e);
IOutput outputWriter = getOutputWriter();
outputWriter.printlnError(e.getMessage());
} catch (SSOException e) {
debugError("BulkFederation.idffFederateUser", e);
IOutput outputWriter = getOutputWriter();
outputWriter.printlnError(e.getMessage());
}
}
Aggregations