Search in sources :

Example 16 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class DefaultNameIdentifierMapper method getNameIdentifier.

/**
     * Returns name identifier for assertion subject based on user account.
     *
     * @param session the session of the user performing the operation.
     * @param sourceID source ID for the site from which the assertion
     *        originated.
     * @param destID destination ID for the site for which the assertion will be
     *     created.
     * @return a <code>NameIdentifier</code> for assertion subject.
     * @exception SAMLException if an error occurs
     */
public NameIdentifier getNameIdentifier(Object session, String sourceID, String destID, String nameIDFormat) throws SAMLException {
    if (SAMLUtils.debug.messageEnabled()) {
        SAMLUtils.debug.message("DefaultNameIdentifierMapper." + "getNameIdentifier: sourceID = " + sourceID + ", destID = " + destID);
    }
    if (SAMLUtils.debug.messageEnabled()) {
        SAMLUtils.debug.message("DefaultNameIdentifierMapper." + "getNameIdentifier: nameIDFormat = " + nameIDFormat);
    }
    try {
        String nameQualifier = XMLUtils.escapeSpecialCharacters((SessionManager.getProvider().getProperty(session, "Organization")[0]));
        String userID = SessionManager.getProvider().getPrincipalName(session);
        String name = null;
        if (nameIDFormat != null) {
            Map nameIDFormatAttrMap = (Map) SAMLServiceManager.getAttribute(SAMLConstants.NAME_ID_FORMAT_MAP);
            if ((nameIDFormatAttrMap != null) && (!nameIDFormatAttrMap.isEmpty()) && (nameIDFormatAttrMap.keySet().contains(nameIDFormat))) {
                String attrName = (String) nameIDFormatAttrMap.get(nameIDFormat);
                try {
                    DataStoreProvider dsProvider = DataStoreProviderManager.getInstance().getDataStoreProvider(SAMLConstants.SAML);
                    Set attrValues = dsProvider.getAttribute(userID, attrName);
                    if ((attrValues != null) && (!attrValues.isEmpty())) {
                        name = (String) attrValues.iterator().next();
                    }
                } catch (DataStoreProviderException dspe) {
                    if (SAMLUtils.debug.warningEnabled()) {
                        SAMLUtils.debug.warning("DefaultNameIdentifierMapper." + "getNameIdentifier:", dspe);
                    }
                }
            }
        }
        if (name == null) {
            name = XMLUtils.escapeSpecialCharacters(userID);
        } else {
            name = XMLUtils.escapeSpecialCharacters(name);
        }
        return new NameIdentifier(name, nameQualifier, nameIDFormat);
    } catch (SessionException sx) {
        SAMLUtils.debug.error("DefaultNameIdentifierMapper." + "getNameIdentifier: Invalid Session ", sx);
        return null;
    } catch (Exception ex) {
        SAMLUtils.debug.error("DefaultNameIdentifierMapper." + "getNameIdentifier:", ex);
        return null;
    }
}
Also used : DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) Set(java.util.Set) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) DataStoreProvider(com.sun.identity.plugin.datastore.DataStoreProvider) SessionException(com.sun.identity.plugin.session.SessionException) Map(java.util.Map) DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException)

Example 17 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class AssertionManagerImpl method createAssertion.

public String createAssertion(String ssoToken) throws SAMLException {
    checkInitialization();
    Object token = null;
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        token = sessionProvider.getSession(ssoToken);
    } catch (SessionException ssoe) {
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionManagerImpl:createAssertion(SSO) " + ssoe);
        }
        throw (new SAMLException(ssoe.getMessage()));
    }
    Assertion a = assertionManager.createAssertion(token);
    // would be thrown
    return (a.toString(true, true));
}
Also used : Assertion(com.sun.identity.saml.assertion.Assertion) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 18 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class AssertionManagerImpl method getAssertionByIdRefToken.

public String getAssertionByIdRefToken(String idref, String ssoToken) throws SAMLException {
    checkInitialization();
    Object token = null;
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        token = sessionProvider.getSession(ssoToken);
    } catch (SessionException ssoe) {
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("AssertionManagerImpl:getAssertionByIdRefToken: " + ssoe);
        }
        throw (new SAMLException(ssoe.getMessage()));
    }
    Assertion a = assertionManager.getAssertion(new AssertionIDReference(idref), token);
    return (a.toString(true, true));
}
Also used : Assertion(com.sun.identity.saml.assertion.Assertion) SessionException(com.sun.identity.plugin.session.SessionException) AssertionIDReference(com.sun.identity.saml.assertion.AssertionIDReference) SAMLException(com.sun.identity.saml.common.SAMLException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 19 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class Request method toString.

/**
     * Returns a String representation of the
     * <code>&lt;samlp:Request&gt;</code> element.
     *
     * @param includeNS Determines whether or not the namespace qualifier
     *        is prepended to the Element when converted
     * @param declareNS Determines whether or not the namespace is declared
     *        within the Element.
     * @param includeHeader Determines whether the output include the XML
     *	      declaration header.
     * @return A string containing the valid XML for this element
     */
public String toString(boolean includeNS, boolean declareNS, boolean includeHeader) {
    if (signed && (xmlString != null)) {
        return xmlString;
    }
    StringBuffer xml = new StringBuffer(300);
    if (includeHeader) {
        xml.append("<?xml version=\"1.0\" encoding=\"").append(SAMLConstants.DEFAULT_ENCODING).append("\" ?>\n");
    }
    String prefix = "";
    String uri = "";
    if (includeNS) {
        prefix = SAMLConstants.PROTOCOL_PREFIX;
    }
    if (declareNS) {
        uri = SAMLConstants.PROTOCOL_NAMESPACE_STRING;
    }
    String instantString = DateUtils.toUTCDateFormat(issueInstant);
    xml.append("<").append(prefix).append("Request").append(uri).append(" RequestID=\"").append(requestID).append("\"").append(" MajorVersion=\"").append(majorVersion).append("\"").append(" MinorVersion=\"").append(minorVersion).append("\"").append(" IssueInstant=\"").append(instantString).append("\"").append(">\n");
    if ((respondWiths != null) && (respondWiths != Collections.EMPTY_LIST)) {
        Iterator i = respondWiths.iterator();
        String respondWith = null;
        while (i.hasNext()) {
            respondWith = (String) i.next();
            xml.append("<").append(prefix).append("RespondWith>");
            if (respondWith.startsWith(SAMLConstants.ASSERTION_PREFIX)) {
                xml.append(respondWith);
            } else {
                try {
                    xml.append(checkAndGetRespondWith(respondWith));
                } catch (SAMLException e) {
                    SAMLUtils.debug.error("Request.toString: ", e);
                    xml.append(respondWith);
                }
            }
            xml.append("</").append(prefix).append("RespondWith>\n");
        }
    }
    if (signed) {
        if (signatureString != null) {
            xml.append(signatureString);
        } else if (signature != null) {
            signatureString = XMLUtils.print(signature);
            xml.append(signatureString);
        }
    }
    Iterator j;
    switch(contentType) {
        case AUTHENTICATION_QUERY:
            xml.append(((AuthenticationQuery) query).toString(includeNS, false));
            break;
        case AUTHORIZATION_DECISION_QUERY:
            xml.append(((AuthorizationDecisionQuery) query).toString(includeNS, false));
            break;
        case ATTRIBUTE_QUERY:
            xml.append(((AttributeQuery) query).toString(includeNS, false));
            break;
        case ASSERTION_ID_REFERENCE:
            j = assertionIDRefs.iterator();
            while (j.hasNext()) {
                xml.append(((AssertionIDReference) j.next()).toString(true, true));
            }
            break;
        case ASSERTION_ARTIFACT:
            j = artifacts.iterator();
            while (j.hasNext()) {
                xml.append(((AssertionArtifact) j.next()).toString(includeNS, false));
            }
            break;
        default:
            break;
    }
    xml.append("</").append(prefix).append("Request>\n");
    return xml.toString();
}
Also used : Iterator(java.util.Iterator) SAMLException(com.sun.identity.saml.common.SAMLException)

Example 20 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class DefaultIDPAccountMapper method getNameID.

/**
     * Returns the user's <code>NameID</code>information that contains
     * account federation with the corresponding remote and local entities.
     *
     * @param session Session object.
     * @param realm Realm where user resides.
     * @param hostEntityID <code>EntityID</code> of the hosted provider.
     * @param remoteEntityID <code>EntityID</code> of the remote provider.
     * @return the <code>NameID</code> corresponding to the authenticated user.
     *         null if the authenticated user does not container account
     *              federation information.
     * @exception WSFederationException if any failure.
     */
public NameIdentifier getNameID(Object session, String realm, String hostEntityID, String remoteEntityID) throws WSFederationException {
    String userID = null;
    try {
        SessionProvider sessionProv = SessionManager.getProvider();
        userID = sessionProv.getPrincipalName(session);
    } catch (SessionException se) {
        throw new WSFederationException(WSFederationUtils.bundle.getString("invalidSSOToken"));
    }
    IDPSSOConfigElement idpConfig = WSFederationUtils.getMetaManager().getIDPSSOConfig(realm, hostEntityID);
    String name2 = null;
    String attrName = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.NAMEID_ATTRIBUTE);
    if (attrName == null || attrName.length() == 0) {
        attrName = WSFederationConstants.UID;
    }
    try {
        Set attrValues = dsProvider.getAttribute(userID, attrName);
        if ((attrValues != null) && (!attrValues.isEmpty())) {
            name2 = (String) attrValues.iterator().next();
        } else {
            String[] args = { attrName, userID };
            throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "missingNameAttribute", args);
        }
    } catch (DataStoreProviderException dspe) {
        throw new WSFederationException(dspe);
    }
    String nameIdFormat = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.NAMEID_FORMAT);
    if (nameIdFormat == null || nameIdFormat.length() == 0) {
        nameIdFormat = WSFederationConstants.NAMED_CLAIM_TYPES[WSFederationConstants.NAMED_CLAIM_UPN];
    }
    String strNameIncludesDomain = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.NAME_INCLUDES_DOMAIN);
    boolean nameIncludesDomain = Boolean.valueOf(strNameIncludesDomain);
    String name = null;
    if (nameIdFormat.equals(WSFederationConstants.NAMED_CLAIM_TYPES[WSFederationConstants.NAMED_CLAIM_UPN]) && !nameIncludesDomain) {
        // Need to get a domain from somewhere and append it to name2
        // Try user profile first
        String domainAttribute = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.DOMAIN_ATTRIBUTE);
        String upnDomain = null;
        if (domainAttribute != null && domainAttribute.length() > 0) {
            Set attrValues;
            try {
                attrValues = dsProvider.getAttribute(userID, domainAttribute);
            } catch (DataStoreProviderException dspe) {
                throw new WSFederationException(dspe);
            }
            if ((attrValues != null) && (!attrValues.isEmpty())) {
                upnDomain = (String) attrValues.iterator().next();
            }
        }
        if (upnDomain == null || upnDomain.length() == 0) {
            // Nothing on the user profile - get from config
            upnDomain = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.UPN_DOMAIN);
        }
        if (upnDomain == null || upnDomain.length() == 0) {
            // OK - now we have a problem
            throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "noDomainConfigured", null);
        }
        name = name2 + "@" + upnDomain;
    } else {
        name = name2;
    }
    try {
        return new NameIdentifier(name, null, nameIdFormat);
    } catch (SAMLException se) {
        throw new WSFederationException(se);
    }
}
Also used : DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException) Set(java.util.Set) WSFederationException(com.sun.identity.wsfederation.common.WSFederationException) NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier) SessionException(com.sun.identity.plugin.session.SessionException) IDPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement) SAMLException(com.sun.identity.saml.common.SAMLException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Aggregations

SAMLException (com.sun.identity.saml.common.SAMLException)86 SessionException (com.sun.identity.plugin.session.SessionException)30 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)26 List (java.util.List)23 SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)19 ArrayList (java.util.ArrayList)19 FSException (com.sun.identity.federation.common.FSException)17 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)17 Iterator (java.util.Iterator)17 XMLSignatureManager (com.sun.identity.saml.xmlsig.XMLSignatureManager)16 SessionProvider (com.sun.identity.plugin.session.SessionProvider)15 Assertion (com.sun.identity.saml.assertion.Assertion)15 Set (java.util.Set)15 Attribute (com.sun.identity.saml.assertion.Attribute)13 Element (org.w3c.dom.Element)13 ParseException (java.text.ParseException)12 Map (java.util.Map)12 Status (com.sun.identity.saml.protocol.Status)11 Document (org.w3c.dom.Document)11 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)10