Search in sources :

Example 81 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class SAMLAwareServlet method IntersiteTransfer.

/**
     * Creates a list of AssertionArtifact's id.
     *
     * @param request the <code>HttpServletRequest</code> object.
     * @param response the <code>HttpServletResponse</code> object.
     * @param target String representing the target host.
     * @throws IOException  if there is an error.
     * @throws SAMLException if there is an error. 
     */
private void IntersiteTransfer(HttpServletRequest request, HttpServletResponse response, String target) throws IOException, ServletException {
    // put _Sites as HashSet, loop through _Sites.
    // to check if the real target contains the siteid from the config
    // and if the targte port number equals the port number in config
    // (the port number is optional)
    URL theTarget = new URL(target);
    String theHost = theTarget.getHost();
    int thePort = theTarget.getPort();
    if (theHost == null) {
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.error("SAMLAwareServlet:IntersiteTransfer:" + "Failed to get host name of target URL.");
        }
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "missingTargetHost", SAMLUtils.bundle.getString("missingTargetHost"));
        return;
    }
    if (SAMLUtils.debug.messageEnabled()) {
        SAMLUtils.debug.message("TargetUrl Host = " + theHost + " Port= " + thePort);
    }
    // target break on ":"
    SAMLServiceManager.SiteEntry thisSite = null;
    Set trustedserver = (Set) SAMLServiceManager.getAttribute(SAMLConstants.TRUSTED_SERVER_LIST);
    if (trustedserver == null) {
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "nullTrustedSite", SAMLUtils.bundle.getString("nullTrustedSite"));
        return;
    }
    Iterator iter = trustedserver.iterator();
    while (iter.hasNext()) {
        String key = null;
        int portNum = 0;
        SAMLServiceManager.SiteEntry se = (SAMLServiceManager.SiteEntry) iter.next();
        key = se.getHostName();
        portNum = se.getPort();
        if (portNum != -1) {
            if (theHost.indexOf(key) != -1) {
                if (thePort != -1) {
                    if (thePort == portNum) {
                        thisSite = se;
                        break;
                    }
                }
            }
        } else {
            // there is no port number specified in the SiteEntry:Target
            if (theHost.indexOf(key) != -1) {
                thisSite = se;
            }
        }
    }
    if (thisSite != null) {
        //create Session
        Object ssoToken = null;
        boolean loggedIn = false;
        try {
            SessionProvider sessionProvider = SessionManager.getProvider();
            ssoToken = sessionProvider.getSession(request);
            if (ssoToken != null && sessionProvider.isValid(ssoToken)) {
                loggedIn = true;
            }
        } catch (SessionException se) {
            SAMLUtils.debug.message("Invalid SSO!");
        }
        if (!loggedIn) {
            response.sendRedirect(SAMLUtils.getLoginRedirectURL(request));
            return;
        }
        // create AssertionArtifact(s)
        List artis = new ArrayList();
        try {
            artis = createArtifact(ssoToken, thisSite.getSourceID(), request, response, target, thisSite.getVersion());
        } catch (SAMLException se) {
            SAMLUtils.debug.error("IntersiteTransfer:Failed to create" + " AssertionArtifact(s)");
            SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "errorCreateArtifact", se.getMessage());
            ;
            return;
        }
        //bounce the user off to the remote site, pointing them to the
        //location of SamlAwareServlet at that site, and adding the
        //assertion artifact
        String targetName = (String) SAMLServiceManager.getAttribute(SAMLConstants.TARGET_SPECIFIER);
        String artifactName = (String) SAMLServiceManager.getAttribute(SAMLConstants.ARTIFACT_NAME);
        iter = artis.iterator();
        StringBuffer sb = new StringBuffer(1000);
        String samltmp = null;
        while (iter.hasNext()) {
            samltmp = URLEncDec.encode((String) iter.next());
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("Encoded SAML AssertionArtifact " + samltmp);
            }
            sb.append("&").append(artifactName).append("=").append(samltmp);
        }
        String redirecto = thisSite.getSAMLUrl() + "?" + targetName + "=" + URLEncDec.encode(target) + sb.toString();
        response.setStatus(response.SC_MOVED_TEMPORARILY);
        response.setHeader("Location", redirecto);
        String[] data = { SAMLUtils.bundle.getString("redirectTo"), target, redirecto };
        LogUtils.access(java.util.logging.Level.FINE, LogUtils.REDIRECT_TO_URL, data, ssoToken);
        response.sendRedirect(redirecto);
    } else {
        String[] data = { SAMLUtils.bundle.getString("targetForbidden"), target };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.TARGET_FORBIDDEN, data);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_FORBIDDEN, "targetForbidden", SAMLUtils.bundle.getString("targetForbidden") + " " + target);
        return;
    }
}
Also used : Set(java.util.Set) ArrayList(java.util.ArrayList) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException) URL(java.net.URL) Iterator(java.util.Iterator) SAMLServiceManager(com.sun.identity.saml.common.SAMLServiceManager) ArrayList(java.util.ArrayList) List(java.util.List) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 82 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class SAMLAwareServlet method createArtifact.

/**
     * Creates a list of AssertionArtifact's id.
     *
     * @param sso the user Session object
     * @param target A String representing the target host
     * @param targetUrl A URL String representing the target site
     * @param version The relying party preferred Assertion version number
     * @return a List representing a list of AssertionArtifact's id
     * @throws SAMLException if there is an error.
     */
private List createArtifact(Object sso, String target, HttpServletRequest request, HttpServletResponse response, String targetUrl, String version) throws SAMLException {
    if (sso == null || target == null || target.length() == 0 || version == null || version.length() == 0) {
        throw new SAMLException(SAMLUtils.bundle.getString("createArtifactError"));
    }
    List artifactList = new ArrayList();
    AssertionManager assertManager = AssertionManager.getInstance();
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        AssertionArtifact artifact = assertManager.createAssertionArtifact(sessionProvider.getSessionID(sso), target, request, response, targetUrl, version);
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionArtifact id = " + artifact.toString());
        }
        String artid = artifact.getAssertionArtifact();
        artifactList.add(artid);
    } catch (SessionException se) {
        SAMLUtils.debug.error("Couldn't get SessionProvider.");
        throw new SAMLException(SAMLUtils.bundle.getString("nullSessionProvider"));
    }
    return artifactList;
}
Also used : AssertionManager(com.sun.identity.saml.AssertionManager) ArrayList(java.util.ArrayList) SessionException(com.sun.identity.plugin.session.SessionException) ArrayList(java.util.ArrayList) List(java.util.List) SAMLException(com.sun.identity.saml.common.SAMLException) AssertionArtifact(com.sun.identity.saml.protocol.AssertionArtifact) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 83 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class Request method signXML.

/**
     * Method to sign the Request.
     * @exception SAMLException if could not sign the Request.
     */
public void signXML() throws SAMLException {
    if (signed) {
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("Request.signXML: the request is " + "already signed.");
        }
        throw new SAMLException(SAMLUtils.bundle.getString("alreadySigned"));
    }
    String certAlias = SystemConfigurationUtil.getProperty("com.sun.identity.saml.xmlsig.certalias");
    if (certAlias == null) {
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("Request.signXML: couldn't obtain " + "this site's cert Alias.");
        }
        throw new SAMLResponderException(SAMLUtils.bundle.getString("cannotFindCertAlias"));
    }
    XMLSignatureManager manager = XMLSignatureManager.getInstance();
    if ((majorVersion == 1) && (minorVersion == 0)) {
        SAMLUtils.debug.message("Request.signXML: sign with version 1.0");
        signatureString = manager.signXML(this.toString(true, true), certAlias);
        // this block is used for later return of signature element by
        // getSignature() method
        signature = XMLUtils.toDOMDocument(signatureString, SAMLUtils.debug).getDocumentElement();
    } else {
        Document doc = XMLUtils.toDOMDocument(this.toString(true, true), SAMLUtils.debug);
        // sign with SAML 1.1 spec & include cert in KeyInfo
        signature = manager.signXML(doc, certAlias, null, REQUEST_ID_ATTRIBUTE, getRequestID(), true, null);
        signatureString = XMLUtils.print(signature);
    }
    signed = true;
    xmlString = this.toString(true, true);
}
Also used : XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager) Document(org.w3c.dom.Document) SAMLException(com.sun.identity.saml.common.SAMLException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)

Example 84 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class Response method signXML.

/**
     * Method that signs the Response.
     *
     * @exception SAMLException if could not sign the Response.
     */
public void signXML() throws SAMLException {
    if (signed) {
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("Response.signXML: the response is " + "already signed.");
        }
        throw new SAMLException(SAMLUtils.bundle.getString("alreadySigned"));
    }
    String certAlias = SystemConfigurationUtil.getProperty("com.sun.identity.saml.xmlsig.certalias");
    if (certAlias == null) {
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("Response.signXML: couldn't obtain " + "this site's cert alias.");
        }
        throw new SAMLResponderException(SAMLUtils.bundle.getString("cannotFindCertAlias"));
    }
    XMLSignatureManager manager = XMLSignatureManager.getInstance();
    if ((majorVersion == 1) && (minorVersion == 0)) {
        SAMLUtils.debug.message("Request.signXML: sign with version 1.0");
        signatureString = manager.signXML(this.toString(true, true), certAlias);
        // this block is used for later return of signature element by
        // getSignature() method
        signature = XMLUtils.toDOMDocument(signatureString, SAMLUtils.debug).getDocumentElement();
    } else {
        Document doc = XMLUtils.toDOMDocument(this.toString(true, true), SAMLUtils.debug);
        // sign with SAML 1.1 spec & include cert in KeyInfo
        signature = manager.signXML(doc, certAlias, null, RESPONSE_ID_ATTRIBUTE, getResponseID(), true, null);
        signatureString = XMLUtils.print(signature);
    }
    signed = true;
    xmlString = this.toString(true, true);
}
Also used : XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager) Document(org.w3c.dom.Document) SAMLException(com.sun.identity.saml.common.SAMLException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)

Example 85 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class BulkFederation method idffFederateUser.

private void idffFederateUser(String localUserId, String remoteUserId, BufferedWriter out) throws CLIException {
    SSOToken adminSSOToken = getAdminSSOToken();
    try {
        AMIdentity amid = IdUtils.getIdentity(adminSSOToken, localUserId);
        String nameId = createNameIdentifier();
        FSAccountFedInfoKey key = (isIDP) ? new FSAccountFedInfoKey(remoteEntityId, nameId) : new FSAccountFedInfoKey(localEntityId, nameId);
        FSAccountFedInfo info = null;
        if (isIDP) {
            info = new FSAccountFedInfo(remoteEntityId, new NameIdentifier(nameId, remoteEntityId, IFSConstants.NI_FEDERATED_FORMAT_URI), IFSConstants.LOCAL_NAME_IDENTIFIER, true);
        } else {
            info = new FSAccountFedInfo(remoteEntityId, new NameIdentifier(nameId, localEntityId, IFSConstants.NI_FEDERATED_FORMAT_URI), IFSConstants.REMOTE_NAME_IDENTIFIER, true);
        }
        Map attributes = amid.getAttributes(idffUserAttributesFed);
        Set setInfoKey = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_KEY_ATTR);
        if ((setInfoKey == null) || setInfoKey.isEmpty()) {
            setInfoKey = new HashSet(2);
            attributes.put(FSAccountUtils.USER_FED_INFO_KEY_ATTR, setInfoKey);
        }
        setInfoKey.add(FSAccountUtils.objectToKeyString(key));
        Set setInfo = (Set) attributes.get(FSAccountUtils.USER_FED_INFO_ATTR);
        if ((setInfo == null) || setInfo.isEmpty()) {
            setInfo = new HashSet(2);
            attributes.put(FSAccountUtils.USER_FED_INFO_ATTR, setInfo);
        }
        setInfo.add(FSAccountUtils.objectToInfoString(info));
        amid.setAttributes(attributes);
        amid.store();
        out.write(remoteUserId + "|" + nameId);
        out.newLine();
    } catch (FSAccountMgmtException e) {
        debugError("BulkFederation.idffFederateUser", e);
        Object[] param = { localUserId };
        throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (SAMLException e) {
        debugError("BulkFederation.idffFederateUser", e);
        Object[] param = { localUserId };
        throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (IOException e) {
        debugError("BulkFederation.idffFederateUser", e);
        Object[] param = { localUserId };
        throw new CLIException(MessageFormat.format(getResourceString("bulk-federation-cannot-federate"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
    } catch (IdRepoException e) {
        debugError("BulkFederation.idffFederateUser", e);
        IOutput outputWriter = getOutputWriter();
        outputWriter.printlnError(e.getMessage());
    } catch (SSOException e) {
        debugError("BulkFederation.idffFederateUser", e);
        IOutput outputWriter = getOutputWriter();
        outputWriter.printlnError(e.getMessage());
    }
}
Also used : SSOToken(com.iplanet.sso.SSOToken) FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo) HashSet(java.util.HashSet) Set(java.util.Set) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) IdRepoException(com.sun.identity.idm.IdRepoException) SSOException(com.iplanet.sso.SSOException) IOException(java.io.IOException) FSAccountFedInfoKey(com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey) SAMLException(com.sun.identity.saml.common.SAMLException) IOutput(com.sun.identity.cli.IOutput) AMIdentity(com.sun.identity.idm.AMIdentity) CLIException(com.sun.identity.cli.CLIException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) HashMap(java.util.HashMap) Map(java.util.Map) HashSet(java.util.HashSet)

Aggregations

SAMLException (com.sun.identity.saml.common.SAMLException)86 SessionException (com.sun.identity.plugin.session.SessionException)30 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)26 List (java.util.List)23 SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)19 ArrayList (java.util.ArrayList)19 FSException (com.sun.identity.federation.common.FSException)17 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)17 Iterator (java.util.Iterator)17 XMLSignatureManager (com.sun.identity.saml.xmlsig.XMLSignatureManager)16 SessionProvider (com.sun.identity.plugin.session.SessionProvider)15 Assertion (com.sun.identity.saml.assertion.Assertion)15 Set (java.util.Set)15 Attribute (com.sun.identity.saml.assertion.Attribute)13 Element (org.w3c.dom.Element)13 ParseException (java.text.ParseException)12 Map (java.util.Map)12 Status (com.sun.identity.saml.protocol.Status)11 Document (org.w3c.dom.Document)11 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)10