Search in sources :

Example 41 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class FSDefaultRealmAttributeMapper method getAttributes.

/**
     * Returns the attribute map for the given list of 
     * <code>AttributeStatement</code>s. 
     * @param statements list of <code>AttributeStatements</code>s.
     * @param realm The realm under which the entity resides.
     * @param hostEntityId Hosted provider entity id.
     * @param remoteEntityId Remote provider entity id.
     * @param token Single sign-on session token.
     * @return map of attribute values. The  map will have the key as the
     *             attribute name and the map value is the attribute value
     *             that are passed via the single sign-on assertion.
     */
public Map getAttributes(List statements, String realm, String hostEntityId, String remoteEntityId, Object token) {
    Map map = new HashMap();
    if (statements == null || statements.size() == 0) {
        return map;
    }
    Map configMap = null;
    try {
        IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
        if (metaManager != null) {
            SPDescriptorConfigElement spConfig = metaManager.getSPDescriptorConfig(realm, hostEntityId);
            if (spConfig != null) {
                Map attributes = IDFFMetaUtils.getAttributes(spConfig);
                configMap = FSServiceUtils.parseAttributeConfig((List) attributes.get(IFSConstants.SP_ATTRIBUTE_MAP));
            }
        }
    } catch (IDFFMetaException fme) {
        FSUtils.debug.error("FSDefaultAttributeMapper.getAttributes:" + " Unable to read configuration map.", fme);
        return map;
    }
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSDefaultAttributeMapper.getAttributeMap: Configured map " + configMap);
    }
    for (Iterator iter = statements.iterator(); iter.hasNext(); ) {
        AttributeStatement statement = (AttributeStatement) iter.next();
        List attributes = statement.getAttribute();
        if (attributes == null || attributes.size() == 0) {
            continue;
        }
        Iterator iter1 = attributes.iterator();
        while (iter1.hasNext()) {
            Attribute attribute = (Attribute) iter1.next();
            List values = null;
            try {
                values = attribute.getAttributeValue();
            } catch (SAMLException ex) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSDefaultAttributeMapper.get" + "Attributes: Exception", ex);
                }
                continue;
            }
            if (values == null || values.size() == 0) {
                continue;
            }
            String attributeName = attribute.getAttributeName();
            if (configMap != null && !configMap.isEmpty()) {
                String realAttrName = (String) configMap.get(attributeName);
                if (realAttrName != null && realAttrName.length() > 0) {
                    attributeName = realAttrName;
                }
            }
            //Retrieve the first only one.
            String valueString = XMLUtils.getElementValue((Element) values.get(0));
            if (valueString != null && valueString.length() > 0) {
                map.put(attributeName, valueString);
            }
        }
    }
    return map;
}
Also used : HashMap(java.util.HashMap) Attribute(com.sun.identity.saml.assertion.Attribute) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) AttributeStatement(com.sun.identity.saml.assertion.AttributeStatement) SPDescriptorConfigElement(com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement) Iterator(java.util.Iterator) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map) SAMLException(com.sun.identity.saml.common.SAMLException)

Example 42 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class FSAssertionManager method createFSAssertionArtifact.

/**
     * Creates an assertion artifact.
     * @param id session ID
     * @param realm the realm in which the provider resides
     * @param spEntityID service provider's entity ID
     * @param spHandle service provider issued <code>NameIdentifier</code>
     * @param idpHandle identity provider issued <code>NameIdentifier</code>
     * @param inResponseTo value to InResponseTo attribute. It's the request ID.
     * @param minorVersion request minor version, used to determine assertion's
     *  minor version
     * @exception FSException,SAMLException if error occurrs
     */
public AssertionArtifact createFSAssertionArtifact(String id, String realm, String spEntityID, NameIdentifier spHandle, NameIdentifier idpHandle, String inResponseTo, int minorVersion) throws FSException, SAMLException {
    // check input
    if ((id == null) || (spEntityID == null)) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionManager: null input for" + " method createFSAssertionArtifact.");
        }
        throw new FSException("nullInput", null);
    }
    // create assertion id and artifact
    String handle = SAMLUtils.generateAssertionHandle();
    if (handle == null) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSAssertionManager.createFSAssertionArt" + "ifact: couldn't generate assertion handle.");
        }
        throw new FSException("errorCreateArtifact", null);
    }
    // TODO: should obtain it through meta
    String sourceSuccinctID = FSUtils.generateSourceID(hostEntityId);
    byte[] bytesSourceId = SAMLUtils.stringToByteArray(sourceSuccinctID);
    byte[] bytesHandle = null;
    try {
        bytesHandle = handle.getBytes(IFSConstants.SOURCEID_ENCODING);
    } catch (Exception e) {
        FSUtils.debug.error("FSAssertionManager.createFSAssertionArt: ", e);
        return null;
    }
    AssertionArtifact art = new FSAssertionArtifact(bytesSourceId, bytesHandle);
    int assertionMinorVersion = IFSConstants.FF_11_ASSERTION_MINOR_VERSION;
    if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
        assertionMinorVersion = IFSConstants.FF_12_ART_ASSERTION_MINOR_VERSION;
    }
    Assertion assertion = createFSAssertion(id, art, realm, spEntityID, spHandle, idpHandle, inResponseTo, assertionMinorVersion);
    return art;
}
Also used : FSException(com.sun.identity.federation.common.FSException) Assertion(com.sun.identity.saml.assertion.Assertion) FSAssertion(com.sun.identity.federation.message.FSAssertion) FSAssertionArtifact(com.sun.identity.federation.message.FSAssertionArtifact) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) ParseException(java.text.ParseException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) UnknownHostException(java.net.UnknownHostException) AssertionArtifact(com.sun.identity.saml.protocol.AssertionArtifact) FSAssertionArtifact(com.sun.identity.federation.message.FSAssertionArtifact)

Example 43 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class FSAssertionManagerClient method getErrorStatus.

protected Status getErrorStatus(AssertionArtifact artifact) throws FSException {
    String status = null;
    try {
        Object[] obj = { metaAlias, artifact.getAssertionArtifact() };
        status = (String) stub.send("getErrorStatus", obj, null, null);
        if (status == null && FSUtils.debug.messageEnabled()) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("AMC:getErrorStatus(" + artifact + "): Server returned NULL");
            }
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("AMC:getErrorStatus: status:" + status);
            }
        }
        if (null != status) {
            Document doc = XMLUtils.toDOMDocument(status, FSUtils.debug);
            if (null != doc) {
                return new Status(doc.getDocumentElement());
            }
        }
    } catch (RemoteException re) {
        if (FSUtils.debug.warningEnabled()) {
            FSUtils.debug.warning("AMC:getErrorStatus: " + artifact, re);
        }
        throw (new FSException(re.getMessage()));
    } catch (FSRemoteException re) {
        if (FSUtils.debug.warningEnabled()) {
            FSUtils.debug.warning("AMC:getErrorStatus: " + artifact, re);
        }
        throw (new FSException(re.getMessage()));
    } catch (SAMLException re) {
        if (FSUtils.debug.warningEnabled()) {
            FSUtils.debug.warning("AMC:getErrorStatus: " + artifact, re);
        }
        throw (new FSException(re.getMessage()));
    } catch (Exception re) {
        if (FSUtils.debug.warningEnabled()) {
            FSUtils.debug.warning("AMC:getErrorStatus: " + artifact, re);
        }
        throw (new FSException(re.getMessage()));
    }
    return null;
}
Also used : Status(com.sun.identity.saml.protocol.Status) FSException(com.sun.identity.federation.common.FSException) Document(org.w3c.dom.Document) FSRemoteException(com.sun.identity.federation.common.FSRemoteException) RemoteException(java.rmi.RemoteException) SAMLException(com.sun.identity.saml.common.SAMLException) FSRemoteException(com.sun.identity.federation.common.FSRemoteException) RemoteException(java.rmi.RemoteException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) FSRemoteException(com.sun.identity.federation.common.FSRemoteException)

Example 44 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class SAMLPOSTProfileServlet method doGet.

/**
     * Initiates <code>SAML</code> web browser POST profile.
     * This method takes in a TARGET in the request, creates a SAMLResponse,
     * then redirects user to the destination site.
     *
     * @param request <code>HttpServletRequest</code> instance
     * @param response <code>HttpServletResponse</code> instance
     * @throws ServletException if there is an error.
     * @throws IOException if there is an error.
     */
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    if ((request == null) || (response == null)) {
        String[] data = { SAMLUtils.bundle.getString("nullInputParameter") };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.NULL_PARAMETER, data);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "nullInputParameter", SAMLUtils.bundle.getString("nullInputParameter"));
        return;
    }
    SAMLUtils.checkHTTPContentLength(request);
    // get Session
    Object token = getSession(request);
    if (token == null) {
        response.sendRedirect(SAMLUtils.getLoginRedirectURL(request));
        return;
    }
    // obtain TARGET
    String target = request.getParameter(SAMLConstants.POST_TARGET_PARAM);
    if (target == null || target.length() == 0) {
        String[] data = { SAMLUtils.bundle.getString("missingTargetSite") };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.MISSING_TARGET, data, token);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_BAD_REQUEST, "missingTargetSite", SAMLUtils.bundle.getString("missingTargetSite"));
        return;
    }
    // Get the Destination site Entry
    // find the destSite POST URL, which is the Receipient
    SAMLServiceManager.SiteEntry destSite = getDestSite(target);
    String destSiteUrl = null;
    if ((destSite == null) || ((destSiteUrl = destSite.getPOSTUrl()) == null)) {
        String[] data = { SAMLUtils.bundle.getString("targetForbidden"), target };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.TARGET_FORBIDDEN, data, token);
        SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "targetForbidden", SAMLUtils.bundle.getString("targetForbidden") + " " + target);
        return;
    }
    Response samlResponse = null;
    try {
        String version = destSite.getVersion();
        int majorVersion = SAMLConstants.PROTOCOL_MAJOR_VERSION;
        int minorVersion = SAMLConstants.PROTOCOL_MINOR_VERSION;
        if (version != null) {
            StringTokenizer st = new StringTokenizer(version, ".");
            if (st.countTokens() == 2) {
                majorVersion = Integer.parseInt(st.nextToken().trim());
                minorVersion = Integer.parseInt(st.nextToken().trim());
            }
        }
        // create assertion
        AssertionManager am = AssertionManager.getInstance();
        SessionProvider sessionProvider = SessionManager.getProvider();
        Assertion assertion = am.createSSOAssertion(sessionProvider.getSessionID(token), null, request, response, destSite.getSourceID(), target, majorVersion + "." + minorVersion);
        // create SAMLResponse
        StatusCode statusCode = new StatusCode(SAMLConstants.STATUS_CODE_SUCCESS);
        Status status = new Status(statusCode);
        List contents = new ArrayList();
        contents.add(assertion);
        samlResponse = new Response(null, status, destSiteUrl, contents);
        samlResponse.setMajorVersion(majorVersion);
        samlResponse.setMinorVersion(minorVersion);
    } catch (SessionException sse) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "Couldn't get SessionProvider:", sse);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", sse.getMessage());
        return;
    } catch (NumberFormatException ne) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when creating Response: ", ne);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", ne.getMessage());
        return;
    } catch (SAMLException se) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when creating Response: ", se);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", se.getMessage());
        return;
    }
    // sign the samlResponse
    byte[] signedBytes = null;
    try {
        samlResponse.signXML();
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("SAMLPOSTProfileServlet.doGet: " + "signed samlResponse is" + samlResponse.toString(true, true, true));
        }
        signedBytes = SAMLUtils.getResponseBytes(samlResponse);
    } catch (Exception e) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when signing the response:", e);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "errorSigningResponse", SAMLUtils.bundle.getString("errorSigningResponse"));
        return;
    }
    // base64 encode the signed samlResponse
    String encodedResponse = null;
    try {
        encodedResponse = Base64.encode(signedBytes, true).trim();
    } catch (Exception e) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when encoding the response:", e);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "errorEncodeResponse", SAMLUtils.bundle.getString("errorEncodeResponse"));
        return;
    }
    if (LogUtils.isAccessLoggable(java.util.logging.Level.FINE)) {
        String[] data = { SAMLUtils.bundle.getString("redirectTo"), target, destSiteUrl, new String(signedBytes, "UTF-8") };
        LogUtils.access(java.util.logging.Level.FINE, LogUtils.REDIRECT_TO_URL, data, token);
    } else {
        String[] data = { SAMLUtils.bundle.getString("redirectTo"), target, destSiteUrl };
        LogUtils.access(java.util.logging.Level.INFO, LogUtils.REDIRECT_TO_URL, data, token);
    }
    response.setContentType("text/html; charset=UTF-8");
    PrintWriter out = response.getWriter();
    out.println("<HTML>");
    out.println("<BODY Onload=\"document.forms[0].submit()\">");
    out.println("<FORM METHOD=\"POST\" ACTION=\"" + destSiteUrl + "\">");
    out.println("<INPUT TYPE=\"HIDDEN\" NAME=\"" + SAMLConstants.POST_SAML_RESPONSE_PARAM + "\" ");
    out.println("VALUE=\"" + encodedResponse + "\">");
    out.println("<INPUT TYPE=\"HIDDEN\" NAME=\"" + SAMLConstants.POST_TARGET_PARAM + "\" VALUE=\"" + target + "\"> </FORM>");
    out.println("</BODY></HTML>");
    out.close();
}
Also used : Status(com.sun.identity.saml.protocol.Status) Assertion(com.sun.identity.saml.assertion.Assertion) ArrayList(java.util.ArrayList) SessionException(com.sun.identity.plugin.session.SessionException) StatusCode(com.sun.identity.saml.protocol.StatusCode) SAMLException(com.sun.identity.saml.common.SAMLException) ServletException(javax.servlet.ServletException) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException) IOException(java.io.IOException) HttpServletResponse(javax.servlet.http.HttpServletResponse) Response(com.sun.identity.saml.protocol.Response) StringTokenizer(java.util.StringTokenizer) AssertionManager(com.sun.identity.saml.AssertionManager) SAMLServiceManager(com.sun.identity.saml.common.SAMLServiceManager) ArrayList(java.util.ArrayList) List(java.util.List) SessionProvider(com.sun.identity.plugin.session.SessionProvider) PrintWriter(java.io.PrintWriter)

Example 45 with SAMLException

use of com.sun.identity.saml.common.SAMLException in project OpenAM by OpenRock.

the class SAMLSOAPReceiver method validateStatements.

/**
     * This method validates the assertion to see that the statements it 
     * contains are what is present in the RespondWith element of the
     * corresponsing Request.  If valid adds the passed assertion in the
     * passed contents, which is a List, at the specified index.
     */
private Response validateStatements(Assertion assertion, List respondWith, List contents, int index, String respID, String inResponseTo, String recipient) {
    String message = null;
    Set statements = assertion.getStatement();
    int length = statements.size();
    Response retResponse = null;
    Status status = null;
    if ((statements.isEmpty()) || (length == 0)) {
        SAMLUtils.debug.error("SOAPReceiver: Assertion found does not have" + " any statements in it");
        message = SAMLUtils.bundle.getString("missingStatement");
        try {
            status = new Status(new StatusCode("samlp:Responder"), message, null);
            retResponse = new Response(respID, inResponseTo, status, recipient, contents);
        } catch (SAMLException se) {
            SAMLUtils.debug.error("SOAPReceiver:Fatal error, cannot " + "create status or response", se);
            String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
            LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
        }
        return retResponse;
    } else {
        // statements not empty
        // would be true if there is any
        boolean mismatchError = false;
        // mismatch with RespondWith contents.
        if (respondWith.size() == 0) {
            contents.add(index, assertion);
        } else {
            mismatchError = !checkAgainstRespondWith(respondWith, statements);
            if (!mismatchError) {
                contents.add(index, assertion);
            }
        }
        // end of else respondWith size > 0
        if (mismatchError) {
            SAMLUtils.debug.error("SOAPReceiver: Assertion does not " + " meet respondWith criteria in the received Request");
            message = SAMLUtils.bundle.getString("mismatchRespondWith");
            try {
                //contents = null;
                status = new Status(new StatusCode("samlp:Success"), message, null);
                return new Response(respID, inResponseTo, status, recipient, contents);
            } catch (SAMLException se) {
                SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + " cannot create status or response", se);
                String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
            }
        }
    }
    // reached here, so there was no error in validation
    return null;
}
Also used : Response(com.sun.identity.saml.protocol.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) Status(com.sun.identity.saml.protocol.Status) Set(java.util.Set) HashSet(java.util.HashSet) StatusCode(com.sun.identity.saml.protocol.StatusCode) SAMLException(com.sun.identity.saml.common.SAMLException)

Aggregations

SAMLException (com.sun.identity.saml.common.SAMLException)86 SessionException (com.sun.identity.plugin.session.SessionException)30 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)26 List (java.util.List)23 SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)19 ArrayList (java.util.ArrayList)19 FSException (com.sun.identity.federation.common.FSException)17 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)17 Iterator (java.util.Iterator)17 XMLSignatureManager (com.sun.identity.saml.xmlsig.XMLSignatureManager)16 SessionProvider (com.sun.identity.plugin.session.SessionProvider)15 Assertion (com.sun.identity.saml.assertion.Assertion)15 Set (java.util.Set)15 Attribute (com.sun.identity.saml.assertion.Attribute)13 Element (org.w3c.dom.Element)13 ParseException (java.text.ParseException)12 Map (java.util.Map)12 Status (com.sun.identity.saml.protocol.Status)11 Document (org.w3c.dom.Document)11 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)10