use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.
the class FSAssertionArtifactHandler method checkForAttributeStatement.
/**
* Checks the attribute statement for boot strap statement or auto fed
* attribute statement.
* @param attrStatement AttributeStatement.
* @return true if the <code>AttributeStatement</code> is of type
* discovery boot strap or the auto federation statement.
*/
private boolean checkForAttributeStatement(AttributeStatement attrStatement) {
List attributes = attrStatement.getAttribute();
if (attributes == null || attributes.size() == 0) {
return false;
}
Iterator iter = attributes.iterator();
Attribute attribute = (Attribute) iter.next();
if (attribute.getAttributeName().equals(IFSConstants.DISCO_RESOURCE_OFFERING_NAME)) {
bootStrapStatement = attrStatement;
return true;
} else if (attribute.getAttributeName().equals(IFSConstants.AUTO_FED_ATTR)) {
_autoFedStatement = attrStatement;
List attrValue = null;
try {
attrValue = attribute.getAttributeValue();
} catch (SAMLException se) {
FSUtils.debug.error("FSAssertionArtifactHandler.checkFor" + "AttributeStatement: ", se);
}
String _autoFedValue = null;
if (attrValue != null && attrValue.size() != 0) {
Iterator iter2 = attrValue.iterator();
Element elem = (Element) iter2.next();
_autoFedValue = XMLUtils.getElementValue(elem);
}
String enabledStr = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.ENABLE_AUTO_FEDERATION);
if (enabledStr != null && enabledStr.equalsIgnoreCase("true") && _autoFedValue != null) {
autoFedSearchMap = new HashMap();
Set set = new HashSet();
set.add(_autoFedValue);
autoFedSearchMap.put(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.AUTO_FEDERATION_ATTRIBUTE), set);
}
return true;
}
return false;
}
use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.
the class FSAssertionConsumerService method doPost.
/**
* Handles post profile.
* @param request <code>HttpServletRequest</code> object
* @param response <code>HttpServletResponse</code> object
* @exception ServletException, IOException if error occurs.
*/
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
FSUtils.debug.message("FSAssertionConsumerService.doPost : called");
Document doc = null;
if ((request == null) || (response == null)) {
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
return;
}
String metaAlias = FSServiceUtils.getMetaAlias(request);
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
String baseURL = FSServiceUtils.getBaseURL(request);
String framedPageURL = FSServiceUtils.getCommonLoginPageURL(metaAlias, null, null, request, baseURL);
String hostEntityId = null;
SPDescriptorType hostDesc = null;
BaseConfigType hostConfig = null;
try {
hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
hostDesc = metaManager.getSPDescriptor(realm, hostEntityId);
hostConfig = metaManager.getSPDescriptorConfig(realm, hostEntityId);
} catch (Exception e) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Exception when obtain host meta data:", e);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
// obtain AuthnResponse message
String encodedAuthnResponse = request.getParameter(IFSConstants.POST_AUTHN_RESPONSE_PARAM);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "Base64 encoded AuthnResponse: " + encodedAuthnResponse);
}
if (encodedAuthnResponse == null) {
String[] data = { FSUtils.bundle.getString("missingAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.MISSING_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("missingAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
encodedAuthnResponse = encodedAuthnResponse.replace(' ', '\n');
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "Base64 encoded AuthnResponse2: " + encodedAuthnResponse);
}
FSAuthnResponse authnResponse = null;
try {
String decodedAuthnResponse = new String(Base64.decode(encodedAuthnResponse));
FSUtils.debug.message("Decoded authnResponse" + decodedAuthnResponse);
doc = XMLUtils.toDOMDocument(decodedAuthnResponse, FSUtils.debug);
if (doc == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost:Error " + "while parsing input xml string");
}
throw new FSMsgException("parseError", null);
}
authnResponse = new FSAuthnResponse(doc.getDocumentElement());
if (authnResponse == null) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. " + "Can't parse Base64 encoded AuthnResponse");
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
} catch (FSException e) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. FSException" + " occured while parsing Base64 encoded AuthnResponse: ", e);
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
} catch (SAMLException e) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. SAMLException" + " occurred while parsing Base64 encoded AuthnResponse: ", e);
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "AuthnResponse received is valid: " + authnResponse.toXMLString());
}
} catch (FSException e) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. FSException" + " occurred while calling AuthnResponse.toXMLString(): ", e);
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
FSAuthnRequest authnRequest = null;
String requestID = authnResponse.getInResponseTo();
if (requestID == null) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. AuthnResponse " + "received does not have inResponseTo attribute");
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "AuthnResponse received is against requestID: " + requestID);
}
authnRequest = getInResponseToRequest(requestID, metaAlias);
if (authnRequest == null) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. AuthnResponse" + " received does not have an associated AuthnRequest");
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
String framedLoginPageURL = FSServiceUtils.getCommonLoginPageURL(metaAlias, authnRequest.getRelayState(), null, request, baseURL);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "inResponseTo validation is successful");
}
try {
String idpEntityId = null;
IDPDescriptorType idpDescriptor = null;
if (!authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_LECP)) {
idpEntityId = getProvider(authnResponse.getInResponseTo(), metaAlias);
idpDescriptor = metaManager.getIDPDescriptor(realm, idpEntityId);
if (idpEntityId == null || idpDescriptor == null) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. Sender information " + "not found for the received AuthnResponse");
String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedLoginPageURL);
return;
}
if ((FSServiceUtils.isSigningOn() || (FSServiceUtils.isSigningOptional() && authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_BROWSER_POST))) && !verifyAuthnResponseSignature(doc, idpDescriptor, idpEntityId)) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: Signature " + "verification failed");
FSUtils.forwardRequest(request, response, framedLoginPageURL);
return;
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "LECP Profile identified. IDP info is unknown so far" + "Get providerId from the response");
}
idpEntityId = authnResponse.getProviderId();
idpDescriptor = metaManager.getIDPDescriptor(realm, idpEntityId);
}
// handle sso
FSServiceManager sm = FSServiceManager.getInstance();
FSAssertionArtifactHandler handler = sm.getAssertionArtifactHandler(request, response, authnRequest, authnResponse, idpDescriptor, idpEntityId);
if (handler == null) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "could not create AssertionArtifactHandler");
String[] data = { FSUtils.bundle.getString("requestProcessingFailed") };
LogUtil.error(Level.INFO, LogUtil.AUTHN_REQUEST_PROCESSING_FAILED, data);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("requestProcessingFailed") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedLoginPageURL);
return;
}
handler.setHostEntityId(hostEntityId);
handler.setHostDescriptor(hostDesc);
handler.setHostDescriptorConfig(hostConfig);
handler.setMetaAlias(metaAlias);
handler.setRealm(realm);
handler.processAuthnResponse(authnResponse);
return;
} catch (Exception se) {
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Exception: ", se);
FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("requestProcessingFailed") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
FSUtils.forwardRequest(request, response, framedLoginPageURL);
return;
}
}
use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.
the class CDCServlet method redirectWithAuthNResponse.
/**
* Constructs the Liberty AuthNResponse with Restricted SSOToken
* and redirects the user to the requested resouce
*/
private void redirectWithAuthNResponse(HttpServletRequest request, HttpServletResponse response, SSOToken token) throws ServletException, IOException {
String gotoURL = getRedirectURL(request, response);
if (debug.messageEnabled()) {
debug.message("CDCServlet.redirectWithAuthNResponse: gotoURL = " + gotoURL);
}
if (debug.messageEnabled()) {
debug.message("CDCServlet.redirectWithAuthNResponse: After encoding: gotoURL = " + gotoURL);
}
if (gotoURL != null) {
try {
String inResponseTo = request.getParameter(REQUEST_ID);
String spDescriptor = request.getParameter(PROVIDER_ID);
String resTokenID = null;
/**
* validateAndGetRestriction throws an exception if an agent
* profile with provider id and goto url is not present
*/
TokenRestriction tokenRes = spValidator.validateAndGetRestriction(FSAuthnRequest.parseURLEncodedRequest(request), gotoURL);
if (uniqueCookieEnabled) {
resTokenID = sessionService.getRestrictedTokenId(token.getTokenID().toString(), tokenRes);
} else {
resTokenID = token.getTokenID().toString();
}
FSAssertion assertion = createAssertion(spDescriptor, SELF_PROVIDER_ID, resTokenID, token.getAuthType(), token.getProperty("authInstant"), token.getPrincipal().getName(), inResponseTo);
String relayState = request.getParameter(RELAY_STATE);
Status status = new Status(new StatusCode(IFSConstants.STATUS_CODE_SUCCESS));
FSAuthnResponse authnResponse = createAuthnResponse(SELF_PROVIDER_ID, responseID, inResponseTo, status, assertion, relayState);
sendAuthnResponse(request, response, authnResponse, gotoURL);
} catch (SAMLException se) {
debug.error("CDCServlet.doGetPost", se);
showError(response);
} catch (FSMsgException fe) {
debug.error("CDCServlet.doGetPost", fe);
showError(response);
} catch (FSException fse) {
debug.error("CDCServlet.doGetPost", fse);
showError(response);
} catch (SessionException e) {
debug.error("CDCServlet.doGetPost", e);
} catch (SSOException ssoe) {
debug.error("CDCServlet.doGetPost", ssoe);
} catch (Exception e) {
debug.error("CDCServlet.doGetPost", e);
spValidator = new LdapSPValidator();
showError(response, FORBIDDEN_STR_MATCH);
}
}
}
use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.
the class DefaultAttributeMapper method getAttributes.
/**
* This method first mapps the Subject in the query to a local site
* account using the AccountMapper defined in the SAML Service.
* The source ID is used to find the appropriate AccountMapper.
* It then calls the User Management API to obtain the attribute value
* using the Session and the attribute name in the AttributeDesignator(s)
* of the query. If there is no AttributeDesignator in the query,
* attributes of services specified as userServiceNameList in
* amSAML.properties will be returned.
* <p>
*
* @param query the <code>AttributeQuery</code> object.
* @param sourceID the Source Identifier.
* @param token User Session
* @throws SAMLException if there is an error.
*/
public List getAttributes(AttributeQuery query, String sourceID, Object token) throws SAMLException {
if ((query == null) || (sourceID == null) || (token == null)) {
SAMLUtils.debug.message("DefaultAttributeMapper: null input.");
throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
}
Map entries = (Map) SAMLServiceManager.getAttribute(SAMLConstants.PARTNER_URLS);
SAMLServiceManager.SOAPEntry destSite = (SAMLServiceManager.SOAPEntry) entries.get(sourceID);
String name = null;
PartnerAccountMapper paMapper = destSite.getPartnerAccountMapper();
if (paMapper != null) {
Map map = paMapper.getUser(query, sourceID);
name = (String) map.get(PartnerAccountMapper.NAME);
}
if (name == null) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultAttributeMapper: couldn't " + "map the subject to a local user.");
}
throw new SAMLException(SAMLUtils.bundle.getString("cannotMapSubject"));
}
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("user=" + name);
}
// assume user in default root realm
DataStoreProvider provider = null;
try {
provider = DataStoreProviderManager.getInstance().getDataStoreProvider(SAMLConstants.SAML);
} catch (DataStoreProviderException de) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultAttributeMapper.getAttribute:", de);
}
throw new SAMLException(SAMLUtils.bundle.getString("cannotMapSubject"));
}
List attributes = new ArrayList();
Attribute attribute = null;
List attrValues = null;
String attrValueString = null;
String attrName = null;
Set valueSet = null;
Iterator valueIter = null;
List designators = query.getAttributeDesignator();
if ((designators == null) || (designators.isEmpty())) {
String userAttrName = SystemConfigurationUtil.getProperty("userAttributeNameList");
if ((userAttrName == null) || (userAttrName.length() == 0)) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultAttributeMapper: " + "userAttributeNameList is not defined " + "or empty.");
}
return attributes;
}
Set attrNames = new HashSet();
StringTokenizer stk = new StringTokenizer(userAttrName, ",");
while (stk.hasMoreTokens()) {
attrNames.add(stk.nextToken().trim());
}
Map valueMap = null;
try {
valueMap = provider.getAttributes(name, attrNames);
} catch (DataStoreProviderException ie) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultAttributeMapper: " + "DataStoreProviderException:", ie);
}
throw new SAMLException(ie.getMessage());
}
Set keySet = valueMap.keySet();
String keyName = null;
Iterator keyIter = keySet.iterator();
while (keyIter.hasNext()) {
keyName = (String) keyIter.next();
valueSet = (Set) valueMap.get(keyName);
valueIter = valueSet.iterator();
attrValues = new ArrayList();
while (valueIter.hasNext()) {
attrValueString = SAMLUtils.makeStartElementTagXML("AttributeValue", true, true) + ((String) valueIter.next()) + SAMLUtils.makeEndElementTagXML("AttributeValue", true);
attrValues.add(XMLUtils.toDOMDocument(attrValueString, SAMLUtils.debug).getDocumentElement());
}
if (!attrValues.isEmpty()) {
attribute = new Attribute(keyName, SAMLConstants.ATTR_NAME_SPACE, attrValues);
attributes.add(attribute);
}
}
} else {
Iterator iter = designators.iterator();
AttributeDesignator designator = null;
while (iter.hasNext()) {
designator = (AttributeDesignator) iter.next();
attrName = (String) designator.getAttributeName();
try {
valueSet = provider.getAttribute(name, attrName);
} catch (DataStoreProviderException ie) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultAttributeMapper: " + "DataStoreProviderException:", ie);
}
throw new SAMLException(ie.getMessage());
}
valueIter = valueSet.iterator();
attrValues = new ArrayList();
while (valueIter.hasNext()) {
attrValueString = SAMLUtils.makeStartElementTagXML("AttributeValue", true, true) + ((String) valueIter.next()) + SAMLUtils.makeEndElementTagXML("AttributeValue", true);
attrValues.add(XMLUtils.toDOMDocument(attrValueString, SAMLUtils.debug).getDocumentElement());
}
if (!attrValues.isEmpty()) {
attribute = new Attribute(attrName, designator.getAttributeNamespace(), attrValues);
attributes.add(attribute);
}
}
}
return attributes;
}
use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.
the class DefaultAttributeMapper method getSSOAssertion.
/**
* This method exams the SubjectConfirmationData of the Subject in the
* AttributeQuery. It returns the first Assertion that contains at least
* one AuthenticationStatement.
* <p>
* @see com.sun.identity.saml.plugins.AttributeMapper#getSSOAssertion
*/
public Assertion getSSOAssertion(AttributeQuery query) {
if (query == null) {
return null;
}
SubjectConfirmation sc = query.getSubject().getSubjectConfirmation();
if (sc == null) {
return null;
}
Element scData = sc.getSubjectConfirmationData();
if (scData == null) {
return null;
}
Assertion assertion = null;
try {
NodeList nl = scData.getChildNodes();
Node child = null;
for (int i = 0, length = nl.getLength(); i < length; i++) {
child = nl.item(i);
if (child.getNodeType() == Node.ELEMENT_NODE) {
try {
assertion = new Assertion((Element) child);
if (SAMLUtils.isAuthNAssertion(assertion)) {
return assertion;
}
} catch (SAMLException se) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("DefaultAttributeMapper: " + "SAMLException when trying to obtain Assertion:" + se);
}
}
}
}
} catch (Exception e) {
SAMLUtils.debug.error("DefaultAttributeMapper: Exception when " + "parsing the SubjectConfirmationData:", e);
}
return null;
}
Aggregations