Search in sources :

Example 6 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class LibertyManager method getMappedNameIdentifier.

/**
     * Returns <code>NameIdentifier</code> between the IDP and
     * the other SP for the same principal. This method should
     * be used by the code on the hosted SP, where the user
     * has logged in, and has an account linking with the IDP.
     * Futhermore, the same principal has an account linking
     * between his/her other (remote) SP account and the IDP
     * account.
     *
     * @param hostedSPMetaAlias The <code>metaAlias</code> of
     * the local service provider.
     * @param ssoToken The session token of the logged-
     * in user on the local service provider.
     * @param remoteSPEntityID The entity ID of the remote
     * service provider. In other words, it is the targeted
     * name space for the returned name identifier.
     * @return <code>NameIdentifier</code> of the same principal
     * but original established between the remote SP and
     * the IDP
     */
public static NameIdentifier getMappedNameIdentifier(String hostedSPMetaAlias, Object ssoToken, String remoteSPEntityID) {
    String classMethod = "LibertyManager.getMappedNameIdentifier: ";
    String hostedEntityID = getEntityID(hostedSPMetaAlias);
    String realm = IDFFMetaUtils.getRealmByMetaAlias(hostedSPMetaAlias);
    if (debug.messageEnabled()) {
        debug.message("NameMappingRequester: hostedEntityID=" + hostedEntityID);
    }
    SPDescriptorType hostedDescriptor = null;
    BaseConfigType hostedConfig = null;
    try {
        hostedDescriptor = metaManager.getSPDescriptor(realm, hostedEntityID);
        hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityID);
    } catch (IDFFMetaException ie) {
        debug.error(classMethod + "couldn't obtain hosted meta:", ie);
        return null;
    }
    String userID = null;
    try {
        userID = SessionManager.getProvider().getPrincipalName(ssoToken);
    } catch (SessionException ssoe) {
        debug.error("SessionException caught when trying to " + "get user DN from session token:", ssoe);
        return null;
    }
    if (debug.messageEnabled()) {
        debug.message(classMethod + "userID=" + userID);
    }
    FSNameMappingHandler handler = new FSNameMappingHandler(hostedEntityID, hostedDescriptor, hostedConfig, hostedSPMetaAlias);
    NameIdentifier ni = null;
    if (debug.messageEnabled()) {
        debug.message(classMethod + "targetNamespace (remoteSPEntityID)=" + remoteSPEntityID);
    }
    FSSessionManager sMgr = FSSessionManager.getInstance(hostedSPMetaAlias);
    FSSession sess = null;
    if (sMgr != null) {
        sess = sMgr.getSession(ssoToken);
    }
    FSSessionPartner partner = null;
    if (sess != null) {
        partner = sess.getCurrentSessionPartner();
    } else {
        debug.error(classMethod + "session is null");
        return null;
    }
    String remoteIDPEntityID = null;
    if (partner != null) {
        remoteIDPEntityID = partner.getPartner();
    }
    if (debug.messageEnabled()) {
        debug.message(classMethod + "Remote IDP EntityID = " + remoteIDPEntityID);
    }
    try {
        ni = handler.getNameIdentifier(userID, remoteIDPEntityID, true);
    } catch (Exception e) {
        debug.error(classMethod + "Exception caught when trying to get Name " + "Identifier between local SP and remote IDP: ", e);
        return null;
    }
    if (debug.messageEnabled()) {
        debug.message(classMethod + "Name Identifier between local SP and " + " remote IDP: " + ni.toString());
    }
    FSNameIdentifierMappingRequest mappingRequest = null;
    try {
        mappingRequest = new FSNameIdentifierMappingRequest(hostedEntityID, ni, remoteSPEntityID);
    } catch (com.sun.identity.federation.message.common.FSMsgException fe) {
        debug.error(classMethod, fe);
        return null;
    }
    if (FSServiceUtils.isSigningOn()) {
        try {
            mappingRequest.signXML(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS));
        } catch (SAMLException se) {
            debug.error(classMethod, se);
            return null;
        }
    }
    IDPDescriptorType remoteProviderDesc = null;
    try {
        remoteProviderDesc = metaManager.getIDPDescriptor(realm, remoteIDPEntityID);
    } catch (IDFFMetaException fme1) {
        debug.error(classMethod, fme1);
        return null;
    }
    String remoteSOAPEndPoint = remoteProviderDesc.getSoapEndpoint();
    if (debug.messageEnabled()) {
        debug.message(classMethod + "IDP's soap end point=" + remoteSOAPEndPoint);
    }
    FSSOAPService soapService = FSSOAPService.getInstance();
    SOAPMessage returnMsg = null;
    try {
        SOAPMessage msg = soapService.bind(mappingRequest.toXMLString(true, true));
        returnMsg = soapService.sendMessage(msg, remoteSOAPEndPoint);
    } catch (FSMsgException mex) {
        debug.error(classMethod, mex);
        return null;
    } catch (java.io.IOException ioe) {
        debug.error(classMethod, ioe);
        return null;
    } catch (javax.xml.soap.SOAPException soape) {
        debug.error(classMethod, soape);
        return null;
    }
    Element elt = soapService.parseSOAPMessage(returnMsg);
    FSNameIdentifierMappingResponse mappingResponse = null;
    try {
        mappingResponse = new FSNameIdentifierMappingResponse(elt);
    } catch (FSMsgException fme2) {
        debug.error(classMethod, fme2);
        return null;
    }
    if (debug.messageEnabled()) {
        String resStr = null;
        try {
            resStr = mappingResponse.toXMLString();
        } catch (FSMsgException fme3) {
            debug.error(classMethod, fme3);
            return null;
        }
        debug.message(classMethod + "NameIdentifierMappingResponse: " + resStr);
    }
    if (FSServiceUtils.isSigningOn()) {
        if (FSNameMappingHandler.verifyNameIdMappingResponseSignature(elt, returnMsg, realm)) {
            if (debug.messageEnabled()) {
                debug.message(classMethod + "Success in verifying Name Identifier Mapping" + " Response Signature");
            }
        } else {
            debug.error(classMethod + "Failed verifying Name Identifier Mapping " + "Response");
            return null;
        }
    }
    return mappingResponse.getNameIdentifier();
}
Also used : NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) FSSOAPService(com.sun.identity.federation.services.FSSOAPService) SAMLException(com.sun.identity.saml.common.SAMLException) SOAPMessage(javax.xml.soap.SOAPMessage) BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSNameIdentifierMappingResponse(com.sun.identity.federation.message.FSNameIdentifierMappingResponse) SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType) COTException(com.sun.identity.cot.COTException) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSLoginHelperException(com.sun.identity.federation.services.FSLoginHelperException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType) FSNameMappingHandler(com.sun.identity.federation.services.namemapping.FSNameMappingHandler) FSNameIdentifierMappingRequest(com.sun.identity.federation.message.FSNameIdentifierMappingRequest) FSMsgException(com.sun.identity.federation.message.common.FSMsgException)

Example 7 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class FSProcessLogoutServlet method doRequestProcessing.

/**
     * Initiates logout request processing. It is called when a logout request
     * is received from a remote provider.
     * @param request <code>HTTPServletRequest</code> object received via a
     *  HTTP Redirect
     * @param response <code>HTTPServletResponse</code> object to be sent back
     *  to user agent
     * @param hostedDescriptor the provider for whom request is received
     * @param hostedConfig hosted provider's extended meta config
     * @param hostedRole hosted provider's role
     * @param realm the realm in which the entity resides
     * @param hostedEntityId hosted provider's entity id
     * @param metaAlias hosted provider's meta alias
     * @param reqLogout the single logout request
     * @param commonErrorPage where to go if an error occurred
     * @param userID user id
     * @param ssoToken user session object
     */
private void doRequestProcessing(HttpServletRequest request, HttpServletResponse response, ProviderDescriptorType hostedDescriptor, BaseConfigType hostedConfig, String hostedRole, String realm, String hostedEntityId, String metaAlias, FSLogoutNotification reqLogout, String commonErrorPage, String userID, Object ssoToken) {
    FSUtils.debug.message("Entered FSProcessLogoutServlet::doRequestProcessing");
    int minorVersion = reqLogout.getMinorVersion();
    String remoteEntityId = reqLogout.getProviderId();
    ProviderDescriptorType remoteDesc = null;
    boolean isIDP = false;
    try {
        if (hostedRole != null) {
            if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
                remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
            } else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
                remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
                isIDP = true;
            }
        }
        if (remoteDesc == null) {
            throw new IDFFMetaException((String) null);
        }
    } catch (IDFFMetaException e) {
        FSUtils.debug.error("Remote provider metadata not found.");
        String[] data = { remoteEntityId, realm };
        LogUtil.error(Level.INFO, LogUtil.INVALID_PROVIDER, data, ssoToken);
        FSLogoutUtil.returnToSource(response, remoteDesc, IFSConstants.SAML_RESPONDER, commonErrorPage, minorVersion, hostedConfig, hostedEntityId, userID);
        return;
    }
    boolean bVerify = true;
    if (FSServiceUtils.isSigningOn()) {
        try {
            FSUtils.debug.message("Calling verifyLogoutSignature");
            bVerify = verifyLogoutSignature(request, remoteDesc, remoteEntityId, isIDP);
        } catch (FSException e) {
            FSUtils.debug.error("FSProcessLogoutServlet::doRequestProcessing " + "Signature on Logout request is invalid" + "Cannot proceed federation Logout");
            String[] data = { userID };
            LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data, ssoToken);
            FSLogoutUtil.returnToSource(response, remoteDesc, IFSConstants.SAML_REQUESTER, commonErrorPage, minorVersion, hostedConfig, hostedEntityId, userID);
            return;
        } catch (SAMLException e) {
            FSUtils.debug.error("FSProcessLogoutServlet::doRequestProcessing(SAML) " + "Signature on Logout request is invalid" + "Cannot proceed federation Logout");
            String[] data = { userID };
            LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data, ssoToken);
            FSLogoutUtil.returnToSource(response, remoteDesc, IFSConstants.SAML_REQUESTER, commonErrorPage, minorVersion, hostedConfig, hostedEntityId, userID);
            return;
        }
    }
    String errorStatus = IFSConstants.SAML_RESPONDER;
    if (bVerify) {
        // Check if trusted provider
        if (metaManager.isTrustedProvider(realm, hostedEntityId, remoteEntityId)) {
            //Object ssoToken = getValidToken(request);
            if (ssoToken != null) {
                // session is valid, start single logout
                // Invoke Messaging APIs to get providerid from request
                FSServiceManager instSManager = FSServiceManager.getInstance();
                if (instSManager != null) {
                    FSUtils.debug.message("FSServiceManager Instance not null");
                    // Call SP Adapter preSingleLogoutProcess
                    // for IDP/HTTP case
                    callPreSingleLogoutProcess(request, response, hostedRole, hostedConfig, hostedEntityId, userID, reqLogout);
                    FSPreLogoutHandler handlerObj = instSManager.getPreLogoutHandler();
                    if (handlerObj != null) {
                        handlerObj.setLogoutRequest(reqLogout);
                        handlerObj.setHostedDescriptor(hostedDescriptor);
                        handlerObj.setHostedDescriptorConfig(hostedConfig);
                        handlerObj.setRealm(realm);
                        handlerObj.setHostedEntityId(hostedEntityId);
                        handlerObj.setHostedProviderRole(hostedRole);
                        handlerObj.setMetaAlias(metaAlias);
                        handlerObj.setRemoteEntityId(remoteEntityId);
                        handlerObj.setRemoteDescriptor(remoteDesc);
                        handlerObj.processHttpSingleLogoutRequest(request, response, ssoToken);
                        return;
                    }
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSServiceManager Instance null. Cannot" + " continue logout");
                    }
                    String[] data = { userID };
                    LogUtil.error(Level.INFO, LogUtil.LOGOUT_FAILED, data, ssoToken);
                    FSLogoutUtil.returnToSource(response, remoteDesc, IFSConstants.SAML_RESPONDER, commonErrorPage, minorVersion, hostedConfig, hostedEntityId, userID);
                    return;
                }
            } else {
                // ssoToken is null
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Invalid session in request processing. " + "Nothing to logout");
                }
                //Verify request,getUserDNcall destroyPrincipalSession
                userID = FSLogoutUtil.getUserFromRequest(reqLogout, realm, hostedEntityId, hostedRole, hostedConfig, metaAlias);
                if (userID != null) {
                    FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, reqLogout.getSessionIndex(), request, response);
                    // Here we need to send back to source
                    // provider's return URL
                    FSLogoutUtil.returnToSource(response, remoteDesc, IFSConstants.SAML_RESPONDER, commonErrorPage, minorVersion, hostedConfig, hostedEntityId, userID);
                    return;
                }
            }
        } else {
            FSUtils.debug.error("Remote provider not in trusted list");
        }
    } else {
        FSUtils.debug.error("FSProcessLogoutServlet::doRequestProcesing " + "Signature on Logout request is invalid" + "Cannot proceed federation Logout");
        String[] data = { userID };
        LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data, ssoToken);
        errorStatus = IFSConstants.SAML_REQUESTER;
    }
    FSLogoutUtil.returnToSource(response, remoteDesc, errorStatus, commonErrorPage, minorVersion, hostedConfig, hostedEntityId, userID);
    return;
}
Also used : FSServiceManager(com.sun.identity.federation.services.FSServiceManager) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType) FSException(com.sun.identity.federation.common.FSException) SAMLException(com.sun.identity.saml.common.SAMLException)

Example 8 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class FSReturnLogoutServlet method doGetPost.

/**
     * Processes logout response.
     * @param request an <code>HttpServletRequest</code> object that contains 
     *  the request the client has made of the servlet.
     * @param response an <code>HttpServletResponse</code> object that contains
     *  the response the servlet sends to the client.
     * @exception ServletException if an input or output error is detected when
     *                             the servlet handles the request
     * @exception IOException if the request could not be handled
     */
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    FSUtils.debug.message("FSReturnLogoutServlet doGetPost...");
    // Alias processing
    String providerAlias = request.getParameter(IFSConstants.META_ALIAS);
    if (providerAlias == null || providerAlias.length() < 1) {
        providerAlias = FSServiceUtils.getMetaAlias(request);
    }
    if (providerAlias == null || providerAlias.length() < 1) {
        FSUtils.debug.message("Unable to retrieve alias, Hosted" + " Provider. Cannot process request");
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("aliasNotFound"));
        return;
    }
    Object ssoToken = null;
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        ssoToken = sessionProvider.getSession(request);
        if ((ssoToken == null) || (!sessionProvider.isValid(ssoToken))) {
            FSUtils.debug.message("FSReturnLogoutRequest: Unable to get principal");
            response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullSSOToken"));
            return;
        }
        univId = sessionProvider.getPrincipalName(ssoToken);
    } catch (SessionException ssoExp) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSReturnLogoutRequest: Unable to get principal", ssoExp);
        }
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullSSOToken"));
        return;
    }
    if (metaManager == null) {
        FSUtils.debug.error("Failed to get meta manager");
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FEDERATION_FAILED_META_INSTANCE));
        return;
    }
    String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
    String hostedRole = null;
    String hostedEntityId = null;
    BaseConfigType hostedConfig = null;
    try {
        hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
        hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
        if (hostedRole != null) {
            if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
                hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
            } else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
                hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
            }
        }
        if (hostedConfig == null) {
            throw new IDFFMetaException((String) null);
        }
    } catch (IDFFMetaException e) {
        FSUtils.debug.error("Failed to get Hosted Provider");
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
        return;
    }
    setLogoutURL(request, hostedConfig, providerAlias);
    // Here we will need to
    //   1. verify response signature
    //   2. verify response status
    //   3. retrieve registration request Id from Map
    //   4. if status success then do locally else not do locally and
    //   5. show status page or LRURL if found in MAP (eg intersiteTransfer)
    FSLogoutResponse logoutResponse = null;
    try {
        logoutResponse = FSLogoutResponse.parseURLEncodedRequest(request);
    } catch (FSMsgException e) {
        FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
        return;
    } catch (SAMLException e) {
        FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
        return;
    }
    String remoteEntityId = logoutResponse.getProviderId();
    ProviderDescriptorType remoteDesc = null;
    boolean isRemoteIDP = false;
    try {
        if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
            remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
        } else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
            remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
            isRemoteIDP = true;
        }
    } catch (IDFFMetaException e) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSLogoutReturnServlet.doGetPost:", e);
        }
    }
    if (remoteDesc == null) {
        FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
        return;
    }
    boolean bVerify = true;
    if (FSServiceUtils.isSigningOn()) {
        try {
            bVerify = verifyResponseSignature(request, remoteDesc, remoteEntityId, isRemoteIDP);
        } catch (SAMLException e) {
            bVerify = false;
        } catch (FSException e) {
            bVerify = false;
        }
    }
    Status status = logoutResponse.getStatus();
    String logoutStatus = status.getStatusCode().getValue();
    // remove session partner in case of logout success or this is IDP
    if (logoutStatus.equalsIgnoreCase(IFSConstants.SAML_SUCCESS) || !isRemoteIDP) {
        FSLogoutUtil.removeCurrentSessionPartner(providerAlias, remoteEntityId, ssoToken, univId);
    }
    if (bVerify) {
        // in ReturnSessionManager only if it is failure
        if (!logoutStatus.equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
            FSReturnSessionManager localManager = FSReturnSessionManager.getInstance(providerAlias);
            if (localManager != null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("update status of logout to failure " + " in session manager");
                }
                localManager.setLogoutStatus(logoutStatus, univId);
            } else {
                FSUtils.debug.message("Cannot get FSReturnSessionManager");
            }
            FSUtils.debug.error("FSReturnLogoutServlet, failed logout response " + logoutStatus);
            String[] data = { univId };
            LogUtil.error(Level.INFO, LogUtil.LOGOUT_FAILED, data, ssoToken);
            FSLogoutUtil.sendErrorPage(request, response, providerAlias);
            return;
        }
    } else {
        FSUtils.debug.error("FSReturnLogoutServlet " + "Signature on logout response is invalid" + "Cannot proceed logout");
        String[] data = { univId };
        LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data, ssoToken);
        FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
        return;
    }
    StringBuffer processLogout = new StringBuffer();
    request.setAttribute("logoutSource", "remote");
    processLogout.append(IFSConstants.SLO_VALUE).append("/").append(IFSConstants.META_ALIAS).append(providerAlias);
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("About to get RequestDispatcher for " + processLogout.toString());
    }
    RequestDispatcher dispatcher = getServletConfig().getServletContext().getRequestDispatcher(processLogout.toString());
    if (dispatcher == null) {
        FSUtils.debug.message("RequestDispatcher is null");
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Unable to find " + processLogout + "\ncalling sendErrorPage ");
        }
        FSLogoutUtil.sendErrorPage(request, response, providerAlias);
        return;
    }
    dispatcher.forward(request, response);
    return;
}
Also used : Status(com.sun.identity.saml.protocol.Status) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType) SessionException(com.sun.identity.plugin.session.SessionException) FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse) SAMLException(com.sun.identity.saml.common.SAMLException) RequestDispatcher(javax.servlet.RequestDispatcher) BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) FSException(com.sun.identity.federation.common.FSException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 9 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class FSSSOAndFedHandler method createAuthnResponse.

protected FSAuthnResponse createAuthnResponse(Object ssoToken, String inResponseTo, NameIdentifier userHandle, NameIdentifier idpHandle) {
    FSUtils.debug.message("FSSSOAndFedHandler.createAuthnResponse:  Called");
    FSAuthnResponse authnResponse = null;
    try {
        String requestID = authnRequest.getRequestID();
        FSAssertionManager am = FSAssertionManager.getInstance(metaAlias);
        FSAssertion assertion = null;
        SessionProvider sessionProvider = SessionManager.getProvider();
        assertion = am.createFSAssertion(sessionProvider.getSessionID(ssoToken), null, realm, spEntityId, userHandle, idpHandle, inResponseTo, authnRequest.getMinorVersion());
        StatusCode statusCode = new StatusCode(IFSConstants.STATUS_CODE_SUCCESS);
        Status status = new Status(statusCode);
        List contents = new ArrayList();
        contents.add(assertion);
        authnResponse = new FSAuthnResponse(null, requestID, status, contents, relayState);
        authnResponse.setMinorVersion(authnRequest.getMinorVersion());
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedHandler.createAuthnResponse: " + "CHECK1: " + hostedEntityId);
        }
        authnResponse.setProviderId(hostedEntityId);
    } catch (FSException se) {
        FSUtils.debug.error("FSSSOAndFedHandler.createAuthnResponse: FSException: ", se);
        return null;
    } catch (SAMLException se) {
        FSUtils.debug.error("FSSSOAndFedHandler.createAuthnResponse: " + "SAMLException: ", se);
        return null;
    } catch (SessionException se) {
        FSUtils.debug.error("FSSSOAndFedHandler.createAuthnResponse: " + "SessionException: ", se);
        return null;
    }
    // sign AuthnResponse
    return authnResponse;
}
Also used : Status(com.sun.identity.saml.protocol.Status) FSAuthnResponse(com.sun.identity.federation.message.FSAuthnResponse) FSAssertionManager(com.sun.identity.federation.services.FSAssertionManager) FSAssertion(com.sun.identity.federation.message.FSAssertion) ArrayList(java.util.ArrayList) FSException(com.sun.identity.federation.common.FSException) SessionException(com.sun.identity.plugin.session.SessionException) List(java.util.List) ArrayList(java.util.ArrayList) StatusCode(com.sun.identity.saml.protocol.StatusCode) SAMLException(com.sun.identity.saml.common.SAMLException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 10 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class FSBrowserArtifactConsumerHandler method signSAMLRequest.

protected FSRequest signSAMLRequest(FSRequest samlRequest) throws SAMLException {
    FSUtils.debug.message("FSBrowserArtifactConsumerHandler.signSAMLRequest: Called");
    if (samlRequest.isSigned()) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "signSAMLRequest: the request is already signed.");
        }
        throw new SAMLException(FSUtils.bundle.getString("alreadySigned"));
    }
    String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.SIGNING_CERT_ALIAS);
    if (certAlias == null || certAlias.length() == 0) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "signSAMLRequest: couldn't obtain this site's cert alias.");
        }
        throw new SAMLResponderException(FSUtils.bundle.getString("cannotFindCertAlias"));
    }
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "signSAMLRequest: Provider's certAlias is found: " + certAlias);
    }
    XMLSignatureManager manager = XMLSignatureManager.getInstance();
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "signSAMLRequest: XMLString to be signed: " + samlRequest.toString(true, true));
    }
    String signatureString = manager.signXML(samlRequest.toString(true, true), certAlias);
    Element signature = XMLUtils.toDOMDocument(signatureString, FSUtils.debug).getDocumentElement();
    samlRequest.setSignature(signature);
    return samlRequest;
}
Also used : Element(org.w3c.dom.Element) XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager) SAMLException(com.sun.identity.saml.common.SAMLException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)

Aggregations

SAMLException (com.sun.identity.saml.common.SAMLException)86 SessionException (com.sun.identity.plugin.session.SessionException)30 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)26 List (java.util.List)23 SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)19 ArrayList (java.util.ArrayList)19 FSException (com.sun.identity.federation.common.FSException)17 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)17 Iterator (java.util.Iterator)17 XMLSignatureManager (com.sun.identity.saml.xmlsig.XMLSignatureManager)16 SessionProvider (com.sun.identity.plugin.session.SessionProvider)15 Assertion (com.sun.identity.saml.assertion.Assertion)15 Set (java.util.Set)15 Attribute (com.sun.identity.saml.assertion.Attribute)13 Element (org.w3c.dom.Element)13 ParseException (java.text.ParseException)12 Map (java.util.Map)12 Status (com.sun.identity.saml.protocol.Status)11 Document (org.w3c.dom.Document)11 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)10