Search in sources :

Example 11 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class FSAssertionArtifactHandler method checkForAttributeStatement.

/**
     * Checks the attribute statement for boot strap statement or auto fed
     * attribute  statement. 
     * @param attrStatement AttributeStatement.
     * @return true if the <code>AttributeStatement</code> is of type
     *          discovery boot strap or the auto federation statement.
     */
private boolean checkForAttributeStatement(AttributeStatement attrStatement) {
    List attributes = attrStatement.getAttribute();
    if (attributes == null || attributes.size() == 0) {
        return false;
    }
    Iterator iter = attributes.iterator();
    Attribute attribute = (Attribute) iter.next();
    if (attribute.getAttributeName().equals(IFSConstants.DISCO_RESOURCE_OFFERING_NAME)) {
        bootStrapStatement = attrStatement;
        return true;
    } else if (attribute.getAttributeName().equals(IFSConstants.AUTO_FED_ATTR)) {
        _autoFedStatement = attrStatement;
        List attrValue = null;
        try {
            attrValue = attribute.getAttributeValue();
        } catch (SAMLException se) {
            FSUtils.debug.error("FSAssertionArtifactHandler.checkFor" + "AttributeStatement: ", se);
        }
        String _autoFedValue = null;
        if (attrValue != null && attrValue.size() != 0) {
            Iterator iter2 = attrValue.iterator();
            Element elem = (Element) iter2.next();
            _autoFedValue = XMLUtils.getElementValue(elem);
        }
        String enabledStr = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.ENABLE_AUTO_FEDERATION);
        if (enabledStr != null && enabledStr.equalsIgnoreCase("true") && _autoFedValue != null) {
            autoFedSearchMap = new HashMap();
            Set set = new HashSet();
            set.add(_autoFedValue);
            autoFedSearchMap.put(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.AUTO_FEDERATION_ATTRIBUTE), set);
        }
        return true;
    }
    return false;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) Attribute(com.sun.identity.saml.assertion.Attribute) HashMap(java.util.HashMap) Element(org.w3c.dom.Element) Iterator(java.util.Iterator) List(java.util.List) ArrayList(java.util.ArrayList) SAMLException(com.sun.identity.saml.common.SAMLException) HashSet(java.util.HashSet)

Example 12 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class FSAssertionConsumerService method doPost.

/**
     * Handles post profile.
     * @param request <code>HttpServletRequest</code> object
     * @param response <code>HttpServletResponse</code> object
     * @exception ServletException, IOException if error occurs.
     */
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    FSUtils.debug.message("FSAssertionConsumerService.doPost : called");
    Document doc = null;
    if ((request == null) || (response == null)) {
        response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullInputParameter"));
        return;
    }
    String metaAlias = FSServiceUtils.getMetaAlias(request);
    String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
    String baseURL = FSServiceUtils.getBaseURL(request);
    String framedPageURL = FSServiceUtils.getCommonLoginPageURL(metaAlias, null, null, request, baseURL);
    String hostEntityId = null;
    SPDescriptorType hostDesc = null;
    BaseConfigType hostConfig = null;
    try {
        hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
        hostDesc = metaManager.getSPDescriptor(realm, hostEntityId);
        hostConfig = metaManager.getSPDescriptorConfig(realm, hostEntityId);
    } catch (Exception e) {
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Exception when obtain host meta data:", e);
        FSUtils.forwardRequest(request, response, framedPageURL);
        return;
    }
    // obtain AuthnResponse message
    String encodedAuthnResponse = request.getParameter(IFSConstants.POST_AUTHN_RESPONSE_PARAM);
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "Base64 encoded AuthnResponse: " + encodedAuthnResponse);
    }
    if (encodedAuthnResponse == null) {
        String[] data = { FSUtils.bundle.getString("missingAuthnResponse") };
        LogUtil.error(Level.INFO, LogUtil.MISSING_AUTHN_RESPONSE, data);
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("missingAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
        FSUtils.forwardRequest(request, response, framedPageURL);
        return;
    }
    encodedAuthnResponse = encodedAuthnResponse.replace(' ', '\n');
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "Base64 encoded AuthnResponse2: " + encodedAuthnResponse);
    }
    FSAuthnResponse authnResponse = null;
    try {
        String decodedAuthnResponse = new String(Base64.decode(encodedAuthnResponse));
        FSUtils.debug.message("Decoded authnResponse" + decodedAuthnResponse);
        doc = XMLUtils.toDOMDocument(decodedAuthnResponse, FSUtils.debug);
        if (doc == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionConsumerService.doPost:Error " + "while parsing input xml string");
            }
            throw new FSMsgException("parseError", null);
        }
        authnResponse = new FSAuthnResponse(doc.getDocumentElement());
        if (authnResponse == null) {
            FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. " + "Can't parse Base64 encoded AuthnResponse");
            String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
            LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
            FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
            FSUtils.forwardRequest(request, response, framedPageURL);
            return;
        }
    } catch (FSException e) {
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. FSException" + " occured while parsing Base64 encoded AuthnResponse: ", e);
        String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
        LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
        FSUtils.forwardRequest(request, response, framedPageURL);
        return;
    } catch (SAMLException e) {
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. SAMLException" + " occurred while parsing Base64 encoded AuthnResponse: ", e);
        String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
        LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
        FSUtils.forwardRequest(request, response, framedPageURL);
        return;
    }
    try {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "AuthnResponse received is valid: " + authnResponse.toXMLString());
        }
    } catch (FSException e) {
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. FSException" + " occurred while calling AuthnResponse.toXMLString(): ", e);
        String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
        LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
        FSUtils.forwardRequest(request, response, framedPageURL);
        return;
    }
    FSAuthnRequest authnRequest = null;
    String requestID = authnResponse.getInResponseTo();
    if (requestID == null) {
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. AuthnResponse " + "received does not have inResponseTo attribute");
        String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
        LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
        FSUtils.forwardRequest(request, response, framedPageURL);
        return;
    }
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "AuthnResponse received is against requestID: " + requestID);
    }
    authnRequest = getInResponseToRequest(requestID, metaAlias);
    if (authnRequest == null) {
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. AuthnResponse" + " received does not have an associated AuthnRequest");
        String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
        LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
        FSUtils.forwardRequest(request, response, framedPageURL);
        return;
    }
    String framedLoginPageURL = FSServiceUtils.getCommonLoginPageURL(metaAlias, authnRequest.getRelayState(), null, request, baseURL);
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "inResponseTo validation is successful");
    }
    try {
        String idpEntityId = null;
        IDPDescriptorType idpDescriptor = null;
        if (!authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_LECP)) {
            idpEntityId = getProvider(authnResponse.getInResponseTo(), metaAlias);
            idpDescriptor = metaManager.getIDPDescriptor(realm, idpEntityId);
            if (idpEntityId == null || idpDescriptor == null) {
                FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Invalid AuthnResponse. Sender information " + "not found for the received AuthnResponse");
                String[] data = { FSUtils.bundle.getString("invalidAuthnResponse") };
                LogUtil.error(Level.INFO, LogUtil.INVALID_AUTHN_RESPONSE, data);
                FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("invalidAuthnResponse") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
                FSUtils.forwardRequest(request, response, framedLoginPageURL);
                return;
            }
            if ((FSServiceUtils.isSigningOn() || (FSServiceUtils.isSigningOptional() && authnRequest.getProtocolProfile().equals(IFSConstants.SSO_PROF_BROWSER_POST))) && !verifyAuthnResponseSignature(doc, idpDescriptor, idpEntityId)) {
                FSUtils.debug.error("FSAssertionConsumerService.doPost: Signature " + "verification failed");
                FSUtils.forwardRequest(request, response, framedLoginPageURL);
                return;
            }
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSAssertionConsumerService.doPost: " + "LECP Profile identified. IDP info is unknown so far" + "Get providerId from the response");
            }
            idpEntityId = authnResponse.getProviderId();
            idpDescriptor = metaManager.getIDPDescriptor(realm, idpEntityId);
        }
        // handle sso
        FSServiceManager sm = FSServiceManager.getInstance();
        FSAssertionArtifactHandler handler = sm.getAssertionArtifactHandler(request, response, authnRequest, authnResponse, idpDescriptor, idpEntityId);
        if (handler == null) {
            FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "could not create AssertionArtifactHandler");
            String[] data = { FSUtils.bundle.getString("requestProcessingFailed") };
            LogUtil.error(Level.INFO, LogUtil.AUTHN_REQUEST_PROCESSING_FAILED, data);
            FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("requestProcessingFailed") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
            FSUtils.forwardRequest(request, response, framedLoginPageURL);
            return;
        }
        handler.setHostEntityId(hostEntityId);
        handler.setHostDescriptor(hostDesc);
        handler.setHostDescriptorConfig(hostConfig);
        handler.setMetaAlias(metaAlias);
        handler.setRealm(realm);
        handler.processAuthnResponse(authnResponse);
        return;
    } catch (Exception se) {
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + "Exception: ", se);
        FSUtils.debug.error("FSAssertionConsumerService.doPost: " + FSUtils.bundle.getString("requestProcessingFailed") + " AuthnRequest Processing Failed at the IDP" + " Redirecting to the Framed Login Page");
        FSUtils.forwardRequest(request, response, framedLoginPageURL);
        return;
    }
}
Also used : FSMsgException(com.sun.identity.federation.message.common.FSMsgException) FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest) Document(org.w3c.dom.Document) SPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType) SAMLException(com.sun.identity.saml.common.SAMLException) ServletException(javax.servlet.ServletException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType) FSServiceManager(com.sun.identity.federation.services.FSServiceManager) FSAuthnResponse(com.sun.identity.federation.message.FSAuthnResponse) FSException(com.sun.identity.federation.common.FSException)

Example 13 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class CDCServlet method redirectWithAuthNResponse.

/**
     * Constructs the Liberty AuthNResponse with Restricted SSOToken
     * and redirects the user to the requested resouce
     */
private void redirectWithAuthNResponse(HttpServletRequest request, HttpServletResponse response, SSOToken token) throws ServletException, IOException {
    String gotoURL = getRedirectURL(request, response);
    if (debug.messageEnabled()) {
        debug.message("CDCServlet.redirectWithAuthNResponse: gotoURL = " + gotoURL);
    }
    if (debug.messageEnabled()) {
        debug.message("CDCServlet.redirectWithAuthNResponse: After encoding: gotoURL = " + gotoURL);
    }
    if (gotoURL != null) {
        try {
            String inResponseTo = request.getParameter(REQUEST_ID);
            String spDescriptor = request.getParameter(PROVIDER_ID);
            String resTokenID = null;
            /**
                 * validateAndGetRestriction throws an exception if an agent
                 * profile with provider id and goto url is not present
                 */
            TokenRestriction tokenRes = spValidator.validateAndGetRestriction(FSAuthnRequest.parseURLEncodedRequest(request), gotoURL);
            if (uniqueCookieEnabled) {
                resTokenID = sessionService.getRestrictedTokenId(token.getTokenID().toString(), tokenRes);
            } else {
                resTokenID = token.getTokenID().toString();
            }
            FSAssertion assertion = createAssertion(spDescriptor, SELF_PROVIDER_ID, resTokenID, token.getAuthType(), token.getProperty("authInstant"), token.getPrincipal().getName(), inResponseTo);
            String relayState = request.getParameter(RELAY_STATE);
            Status status = new Status(new StatusCode(IFSConstants.STATUS_CODE_SUCCESS));
            FSAuthnResponse authnResponse = createAuthnResponse(SELF_PROVIDER_ID, responseID, inResponseTo, status, assertion, relayState);
            sendAuthnResponse(request, response, authnResponse, gotoURL);
        } catch (SAMLException se) {
            debug.error("CDCServlet.doGetPost", se);
            showError(response);
        } catch (FSMsgException fe) {
            debug.error("CDCServlet.doGetPost", fe);
            showError(response);
        } catch (FSException fse) {
            debug.error("CDCServlet.doGetPost", fse);
            showError(response);
        } catch (SessionException e) {
            debug.error("CDCServlet.doGetPost", e);
        } catch (SSOException ssoe) {
            debug.error("CDCServlet.doGetPost", ssoe);
        } catch (Exception e) {
            debug.error("CDCServlet.doGetPost", e);
            spValidator = new LdapSPValidator();
            showError(response, FORBIDDEN_STR_MATCH);
        }
    }
}
Also used : Status(com.sun.identity.saml.protocol.Status) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) TokenRestriction(com.iplanet.dpro.session.TokenRestriction) SessionException(com.iplanet.dpro.session.SessionException) SSOException(com.iplanet.sso.SSOException) StatusCode(com.sun.identity.saml.protocol.StatusCode) SAMLException(com.sun.identity.saml.common.SAMLException) ServletException(javax.servlet.ServletException) ParseException(java.text.ParseException) SSOException(com.iplanet.sso.SSOException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) UnknownHostException(java.net.UnknownHostException) SessionException(com.iplanet.dpro.session.SessionException) FSAuthnResponse(com.sun.identity.federation.message.FSAuthnResponse) FSAssertion(com.sun.identity.federation.message.FSAssertion) FSException(com.sun.identity.federation.common.FSException)

Example 14 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class DefaultAttributeMapper method getAttributes.

/**
     * This method first mapps the Subject in the query to a local site
     * account using the AccountMapper defined in the SAML Service.
     * The source ID is used to find the appropriate AccountMapper.
     * It then calls the User Management API to obtain the attribute value
     * using the Session and the attribute name in the AttributeDesignator(s)
     * of the query. If there is no AttributeDesignator in the query,
     * attributes of services specified as userServiceNameList in
     * amSAML.properties will be returned.
     * <p>
     *
     * @param query the <code>AttributeQuery</code> object.
     * @param sourceID the Source Identifier.
     * @param token  User Session
     * @throws SAMLException if there is an error.
     */
public List getAttributes(AttributeQuery query, String sourceID, Object token) throws SAMLException {
    if ((query == null) || (sourceID == null) || (token == null)) {
        SAMLUtils.debug.message("DefaultAttributeMapper: null input.");
        throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
    }
    Map entries = (Map) SAMLServiceManager.getAttribute(SAMLConstants.PARTNER_URLS);
    SAMLServiceManager.SOAPEntry destSite = (SAMLServiceManager.SOAPEntry) entries.get(sourceID);
    String name = null;
    PartnerAccountMapper paMapper = destSite.getPartnerAccountMapper();
    if (paMapper != null) {
        Map map = paMapper.getUser(query, sourceID);
        name = (String) map.get(PartnerAccountMapper.NAME);
    }
    if (name == null) {
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("DefaultAttributeMapper: couldn't " + "map the subject to a local user.");
        }
        throw new SAMLException(SAMLUtils.bundle.getString("cannotMapSubject"));
    }
    if (SAMLUtils.debug.messageEnabled()) {
        SAMLUtils.debug.message("user=" + name);
    }
    // assume user in default root realm
    DataStoreProvider provider = null;
    try {
        provider = DataStoreProviderManager.getInstance().getDataStoreProvider(SAMLConstants.SAML);
    } catch (DataStoreProviderException de) {
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("DefaultAttributeMapper.getAttribute:", de);
        }
        throw new SAMLException(SAMLUtils.bundle.getString("cannotMapSubject"));
    }
    List attributes = new ArrayList();
    Attribute attribute = null;
    List attrValues = null;
    String attrValueString = null;
    String attrName = null;
    Set valueSet = null;
    Iterator valueIter = null;
    List designators = query.getAttributeDesignator();
    if ((designators == null) || (designators.isEmpty())) {
        String userAttrName = SystemConfigurationUtil.getProperty("userAttributeNameList");
        if ((userAttrName == null) || (userAttrName.length() == 0)) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("DefaultAttributeMapper: " + "userAttributeNameList is not defined " + "or empty.");
            }
            return attributes;
        }
        Set attrNames = new HashSet();
        StringTokenizer stk = new StringTokenizer(userAttrName, ",");
        while (stk.hasMoreTokens()) {
            attrNames.add(stk.nextToken().trim());
        }
        Map valueMap = null;
        try {
            valueMap = provider.getAttributes(name, attrNames);
        } catch (DataStoreProviderException ie) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("DefaultAttributeMapper: " + "DataStoreProviderException:", ie);
            }
            throw new SAMLException(ie.getMessage());
        }
        Set keySet = valueMap.keySet();
        String keyName = null;
        Iterator keyIter = keySet.iterator();
        while (keyIter.hasNext()) {
            keyName = (String) keyIter.next();
            valueSet = (Set) valueMap.get(keyName);
            valueIter = valueSet.iterator();
            attrValues = new ArrayList();
            while (valueIter.hasNext()) {
                attrValueString = SAMLUtils.makeStartElementTagXML("AttributeValue", true, true) + ((String) valueIter.next()) + SAMLUtils.makeEndElementTagXML("AttributeValue", true);
                attrValues.add(XMLUtils.toDOMDocument(attrValueString, SAMLUtils.debug).getDocumentElement());
            }
            if (!attrValues.isEmpty()) {
                attribute = new Attribute(keyName, SAMLConstants.ATTR_NAME_SPACE, attrValues);
                attributes.add(attribute);
            }
        }
    } else {
        Iterator iter = designators.iterator();
        AttributeDesignator designator = null;
        while (iter.hasNext()) {
            designator = (AttributeDesignator) iter.next();
            attrName = (String) designator.getAttributeName();
            try {
                valueSet = provider.getAttribute(name, attrName);
            } catch (DataStoreProviderException ie) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("DefaultAttributeMapper: " + "DataStoreProviderException:", ie);
                }
                throw new SAMLException(ie.getMessage());
            }
            valueIter = valueSet.iterator();
            attrValues = new ArrayList();
            while (valueIter.hasNext()) {
                attrValueString = SAMLUtils.makeStartElementTagXML("AttributeValue", true, true) + ((String) valueIter.next()) + SAMLUtils.makeEndElementTagXML("AttributeValue", true);
                attrValues.add(XMLUtils.toDOMDocument(attrValueString, SAMLUtils.debug).getDocumentElement());
            }
            if (!attrValues.isEmpty()) {
                attribute = new Attribute(attrName, designator.getAttributeNamespace(), attrValues);
                attributes.add(attribute);
            }
        }
    }
    return attributes;
}
Also used : DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) HashSet(java.util.HashSet) Set(java.util.Set) Attribute(com.sun.identity.saml.assertion.Attribute) DataStoreProvider(com.sun.identity.plugin.datastore.DataStoreProvider) ArrayList(java.util.ArrayList) SAMLException(com.sun.identity.saml.common.SAMLException) StringTokenizer(java.util.StringTokenizer) AttributeDesignator(com.sun.identity.saml.assertion.AttributeDesignator) Iterator(java.util.Iterator) SAMLServiceManager(com.sun.identity.saml.common.SAMLServiceManager) ArrayList(java.util.ArrayList) NodeList(org.w3c.dom.NodeList) List(java.util.List) Map(java.util.Map) HashSet(java.util.HashSet)

Example 15 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class DefaultAttributeMapper method getSSOAssertion.

/**
     * This method exams the SubjectConfirmationData of the Subject in the
     * AttributeQuery. It returns the first Assertion that contains at least
     * one AuthenticationStatement.
     * <p>
     * @see com.sun.identity.saml.plugins.AttributeMapper#getSSOAssertion
     */
public Assertion getSSOAssertion(AttributeQuery query) {
    if (query == null) {
        return null;
    }
    SubjectConfirmation sc = query.getSubject().getSubjectConfirmation();
    if (sc == null) {
        return null;
    }
    Element scData = sc.getSubjectConfirmationData();
    if (scData == null) {
        return null;
    }
    Assertion assertion = null;
    try {
        NodeList nl = scData.getChildNodes();
        Node child = null;
        for (int i = 0, length = nl.getLength(); i < length; i++) {
            child = nl.item(i);
            if (child.getNodeType() == Node.ELEMENT_NODE) {
                try {
                    assertion = new Assertion((Element) child);
                    if (SAMLUtils.isAuthNAssertion(assertion)) {
                        return assertion;
                    }
                } catch (SAMLException se) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("DefaultAttributeMapper: " + "SAMLException when trying to obtain Assertion:" + se);
                    }
                }
            }
        }
    } catch (Exception e) {
        SAMLUtils.debug.error("DefaultAttributeMapper: Exception when " + "parsing the SubjectConfirmationData:", e);
    }
    return null;
}
Also used : SubjectConfirmation(com.sun.identity.saml.assertion.SubjectConfirmation) Element(org.w3c.dom.Element) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) Assertion(com.sun.identity.saml.assertion.Assertion) SAMLException(com.sun.identity.saml.common.SAMLException) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException) DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) MissingResourceException(java.util.MissingResourceException)

Aggregations

SAMLException (com.sun.identity.saml.common.SAMLException)86 SessionException (com.sun.identity.plugin.session.SessionException)30 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)26 List (java.util.List)23 SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)19 ArrayList (java.util.ArrayList)19 FSException (com.sun.identity.federation.common.FSException)17 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)17 Iterator (java.util.Iterator)17 XMLSignatureManager (com.sun.identity.saml.xmlsig.XMLSignatureManager)16 SessionProvider (com.sun.identity.plugin.session.SessionProvider)15 Assertion (com.sun.identity.saml.assertion.Assertion)15 Set (java.util.Set)15 Attribute (com.sun.identity.saml.assertion.Attribute)13 Element (org.w3c.dom.Element)13 ParseException (java.text.ParseException)12 Map (java.util.Map)12 Status (com.sun.identity.saml.protocol.Status)11 Document (org.w3c.dom.Document)11 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)10