Example 21 with SAMLResponderException
use of com.sun.identity.saml.common.SAMLResponderException in project OpenAM by OpenRock.
the class FSRegistrationReturnServlet method verifyResponseSignature.
/**
* Verifies the Registration request signature received from the remote end.
* @param request <code>HttpServletRequest</code> containing the signed
* registration request
* @param remoteDescriptor remote provider who signed the request
* @param remoteEntityId remote provider's entity ID
* @param isIDP whether the remote provider is an IDP or not
* @return <code>true</code> if the signature is valid; <code>false</code>
* otherwise.
* @exception SAMLException, FSException if an error occurred during the
* process
*/
private boolean verifyResponseSignature(HttpServletRequest request, ProviderDescriptorType remoteDescriptor, String remoteEntityId, boolean isIDP) throws SAMLException, FSException {
FSUtils.debug.message("Entered FSRegistrationRequestServlet::verifyRegistrationSignature");
// Verify the signature on the request
X509Certificate cert = KeyUtil.getVerificationCert(remoteDescriptor, remoteEntityId, isIDP);
if (cert == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSRegistrationRequestServlet.verifyRegistrationSignature: " + "couldn't obtain this site's cert.");
}
throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT));
}
boolean isValidSign = FSSignatureUtil.verifyRequestSignature(request, cert);
if (!isValidSign) {
FSUtils.debug.error("Registration response is not properly signed");
return false;
} else {
FSUtils.debug.message("Registration response is properly signed");
return true;
}
}
Also used :
X509Certificate(java.security.cert.X509Certificate)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Example 22 with SAMLResponderException
use of com.sun.identity.saml.common.SAMLResponderException in project OpenAM by OpenRock.
the class FSSingleLogoutHandler method verifyResponseSignature.
private boolean verifyResponseSignature(SOAPMessage msg) {
FSUtils.debug.message("Entered FSLogoutResponse::verifyResponseSignature");
try {
X509Certificate cert = KeyUtil.getVerificationCert(remoteDescriptor, remoteEntityId, !hostedRole.equalsIgnoreCase(IFSConstants.IDP));
if (cert == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Logout.verifyResponseSignature" + "couldn't obtain this site's cert.");
}
throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT));
}
XMLSignatureManager manager = XMLSignatureManager.getInstance();
Document doc = (Document) FSServiceUtils.createSOAPDOM(msg);
return manager.verifyXMLSignature(doc, cert);
} catch (SAMLException e) {
FSUtils.debug.error("Error in verifying response:", e);
return false;
}
}
Also used :
XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager)
Document(org.w3c.dom.Document)
SAMLException(com.sun.identity.saml.common.SAMLException)
X509Certificate(java.security.cert.X509Certificate)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Example 23 with SAMLResponderException
use of com.sun.identity.saml.common.SAMLResponderException in project OpenAM by OpenRock.
the class FSSingleLogoutHandler method returnAfterCompletion.
/**
* Invoked to either send back control to remote provider if logout message
* was received from one or
* to show the local logout status page to the user.
*/
protected void returnAfterCompletion() {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Entered FSSingleLogoutHandler::returnAC: " + "PROTOCOL=" + this.singleLogoutProtocol + ", relayState=" + this.relayState);
}
try {
String returnProviderId = "";
String relayState = "";
String logoutStatusString = "";
String inResponseTo = "";
FSReturnSessionManager mngInst = FSReturnSessionManager.getInstance(metaAlias);
HashMap providerMap = new HashMap();
if (mngInst != null) {
providerMap = mngInst.getUserProviderInfo(userID);
}
if (providerMap != null) {
returnProviderId = (String) providerMap.get(IFSConstants.PROVIDER);
relayState = (String) providerMap.get(IFSConstants.LOGOUT_RELAY_STATE);
logoutStatusString = (String) providerMap.get(IFSConstants.LOGOUT_STATUS);
if (logoutStatusString == null || logoutStatusString.length() == 0) {
logoutStatusString = IFSConstants.SAML_SUCCESS;
}
inResponseTo = (String) providerMap.get(IFSConstants.RESPONSE_TO);
mngInst.removeUserProviderInfo(userID);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Deleted " + returnProviderId + " from return list");
}
ProviderDescriptorType descriptor = null;
if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
descriptor = metaManager.getSPDescriptor(realm, returnProviderId);
} else {
descriptor = metaManager.getIDPDescriptor(realm, returnProviderId);
}
String retURL = descriptor.getSingleLogoutServiceReturnURL();
if (retURL != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Getting provider " + returnProviderId + " IDP Return URL = " + retURL);
}
FSLogoutResponse responseLogout = new FSLogoutResponse();
responseLogout.setResponseTo(inResponseTo);
responseLogout.setRelayState(relayState);
responseLogout.setProviderId(hostedEntityId);
responseLogout.setStatus(logoutStatusString);
responseLogout.setID(IFSConstants.LOGOUTID);
responseLogout.setMinorVersion(getMinorVersion(descriptor));
responseLogout.setResponseID(FSUtils.generateID());
// Call SP Adapter postSingleLogoutSuccess for SP/HTTP
callPostSingleLogoutSuccess(responseLogout, IFSConstants.LOGOUT_IDP_REDIRECT_PROFILE);
// call multi-federation protocol processing
if (MultiProtocolUtils.isMultipleProtocolSession(request, SingleLogoutManager.IDFF) && hostedRole.equalsIgnoreCase(IFSConstants.IDP) && !MultiProtocolUtils.isMultiProtocolRelayState(relayState)) {
int retStatus = handleMultiProtocolLogout(false, responseLogout.toXMLString(true, true), returnProviderId);
if (retStatus == SingleLogoutManager.LOGOUT_REDIRECTED_STATUS) {
return;
} else {
if ((retStatus == SingleLogoutManager.LOGOUT_FAILED_STATUS) || (retStatus == SingleLogoutManager.LOGOUT_PARTIAL_STATUS)) {
responseLogout.setStatus(IFSConstants.SAML_RESPONDER);
}
}
}
String urlEncodedResponse = responseLogout.toURLEncodedQueryString();
// Sign the request querystring
if (FSServiceUtils.isSigningOn()) {
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null || certAlias.length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler:: " + "signSAMLRequest:" + "couldn't obtain this site's cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
}
urlEncodedResponse = FSSignatureUtil.signAndReturnQueryString(urlEncodedResponse, certAlias);
}
StringBuffer redirectURL = new StringBuffer();
redirectURL.append(retURL);
if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
redirectURL.append(IFSConstants.QUESTION_MARK);
} else {
redirectURL.append(IFSConstants.AMPERSAND);
}
redirectURL.append(urlEncodedResponse);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Response to be sent : " + redirectURL.toString());
}
String[] data = { userID };
LogUtil.access(Level.INFO, LogUtil.LOGOUT_SUCCESS, data);
response.sendRedirect(redirectURL.toString());
return;
}
} else {
FSUtils.debug.message("no source provider. return to local status page");
// Multiple protocol single logout handler
if ((this.singleLogoutProtocol != null) && this.singleLogoutProtocol.equals(IFSConstants.LOGOUT_IDP_SOAP_PROFILE) && (this.relayState != null) && MultiProtocolUtils.isMultiProtocolRelayState(this.relayState)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler::returnAC:" + " this is multiProto for IDP initiated SOAP");
}
return;
}
// call multi-federation protocol processing
if (MultiProtocolUtils.isMultipleProtocolSession(request, SingleLogoutManager.IDFF) && hostedRole.equalsIgnoreCase(IFSConstants.IDP) && !MultiProtocolUtils.isMultiProtocolRelayState(relayState)) {
boolean isSOAPInitiated = false;
if ((singleLogoutProtocol.equals(IFSConstants.LOGOUT_IDP_SOAP_PROFILE)) || (singleLogoutProtocol.equals(IFSConstants.LOGOUT_SP_SOAP_PROFILE))) {
isSOAPInitiated = true;
}
int retStatus = handleMultiProtocolLogout(isSOAPInitiated, null, remoteEntityId);
if (retStatus == SingleLogoutManager.LOGOUT_REDIRECTED_STATUS) {
return;
} else {
if ((retStatus == SingleLogoutManager.LOGOUT_FAILED_STATUS) || (retStatus == SingleLogoutManager.LOGOUT_PARTIAL_STATUS)) {
logoutStatus = false;
}
}
}
if (logoutStatus) {
FSServiceUtils.returnLocallyAfterOperation(response, LOGOUT_DONE_URL, true, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
}
return;
}
} catch (IDFFMetaException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to get LRURL. " + "No location to redirect. processing completed");
}
String[] data = { FSUtils.bundle.getString(IFSConstants.LOGOUT_REDIRECT_FAILED) };
LogUtil.error(Level.INFO, LogUtil.LOGOUT_REDIRECT_FAILED, data, ssoToken);
} catch (Exception ex) {
String[] data = { FSUtils.bundle.getString(IFSConstants.LOGOUT_REDIRECT_FAILED) };
LogUtil.error(Level.INFO, LogUtil.LOGOUT_REDIRECT_FAILED, data, ssoToken);
}
}
Also used :
HashMap(java.util.HashMap)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
ServletException(javax.servlet.ServletException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
IOException(java.io.IOException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Example 24 with SAMLResponderException
use of com.sun.identity.saml.common.SAMLResponderException in project OpenAM by OpenRock.
the class FSNameRegistrationHandler method doRemoteRegistration.
/**
* Initiates federation registration at remote end.
* The registration request is constructed and based on the profile the
* request is sent over SOAP or as HTTP redirect. Profile is always based on
* the SPs profile.
* @return <code>true</code> if the process is successful;
* <code>false</code> otherwise.
*/
private boolean doRemoteRegistration() {
FSUtils.debug.message("Entered FSNameRegistrationHandler::doRemoteRegistration");
try {
try {
if (acctInfo == null) {
acctInfo = managerInst.readAccountFedInfo(userID, remoteEntityId);
}
} catch (FSAccountMgmtException e) {
returnLocallyAtSource(response, false);
return false;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::doRemoteRegistration create" + " request start");
}
FSNameRegistrationRequest regisRequest = createNameRegistrationRequest(acctInfo);
if (regisRequest == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::Registration request could " + "not be formed");
}
returnLocallyAtSource(response, false);
return false;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::Registration request formed" + "successfully");
}
// Find out which profile to use
boolean isSOAPProfile = true;
if (acctInfo.isRoleIDP()) {
List hostProfiles = hostedDescriptor.getRegisterNameIdentifierProtocolProfile();
if (hostProfiles == null || hostProfiles.isEmpty()) {
FSUtils.debug.error("FSNameRegistrationHandler::" + "doRemoteRegistration no registration profile" + " cannot process request");
returnLocallyAtSource(response, false);
return false;
}
String hostProfile = (String) hostProfiles.iterator().next();
if (hostProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_SP_SOAP_PROFILE) || hostProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_IDP_SOAP_PROFILE)) {
isSOAPProfile = true;
} else if (hostProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_SP_HTTP_PROFILE) || hostProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_IDP_HTTP_PROFILE)) {
isSOAPProfile = false;
} else {
FSUtils.debug.error("FSNameRegistrationHandler::" + "doRemoteRegistration Invalid registration profile" + " cannot process request");
returnLocallyAtSource(response, false);
return false;
}
} else {
List remoteProfiles = remoteDescriptor.getRegisterNameIdentifierProtocolProfile();
if (remoteProfiles == null || remoteProfiles.isEmpty()) {
FSUtils.debug.error("FSNameRegistrationHandler::" + "doRemoteRegistration no registration profile" + " cannot process request");
returnLocallyAtSource(response, false);
return false;
}
String remoteProfile = (String) remoteProfiles.iterator().next();
if (remoteProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_SP_SOAP_PROFILE) || remoteProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_IDP_SOAP_PROFILE)) {
isSOAPProfile = true;
} else if (remoteProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_SP_HTTP_PROFILE) || remoteProfile.equalsIgnoreCase(IFSConstants.REGISTRATION_IDP_HTTP_PROFILE)) {
isSOAPProfile = false;
} else {
FSUtils.debug.error("FSNameRegistrationHandler::" + "doRemoteRegistration Invalid registration profile" + " cannot process request");
returnLocallyAtSource(response, false);
return false;
}
}
if (isSOAPProfile) {
FSSOAPService instSOAP = FSSOAPService.getInstance();
if (instSOAP != null) {
FSUtils.debug.message("Signing suceeded. To call bindRegistrationRequest");
regisRequest.setID(IFSConstants.REGISTRATIONID);
SOAPMessage msgRegistration = instSOAP.bind(regisRequest.toXMLString(true, true));
if (msgRegistration != null) {
SOAPMessage retSOAPMessage = null;
try {
if (FSServiceUtils.isSigningOn()) {
int minorVersion = regisRequest.getMinorVersion();
if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
msgRegistration = signRegistrationRequest(msgRegistration, IFSConstants.ID, regisRequest.getID());
} else if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
msgRegistration = signRegistrationRequest(msgRegistration, IFSConstants.REQUEST_ID, regisRequest.getRequestID());
} else {
FSUtils.debug.message("invalid minor version.");
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("calling " + "sendRegistrationMessage");
}
retSOAPMessage = instSOAP.sendMessage(msgRegistration, remoteDescriptor.getSoapEndpoint());
} catch (SOAPException e) {
FSUtils.debug.error("Error in sending request ", e);
returnLocallyAtSource(response, false);
return false;
} catch (Exception ex) {
FSUtils.debug.error("Error in sending request:", ex);
returnLocallyAtSource(response, false);
return false;
}
if (retSOAPMessage == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("sendRegistrationMessage" + "return response is null");
}
returnLocallyAtSource(response, false);
return false;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("calling" + "parseSOAPMessage after return from IDP");
}
Element elt = instSOAP.parseSOAPMessage(retSOAPMessage);
if (FSServiceUtils.isSigningOn() && regisResponse != null) {
if (!verifyResponseSignature(retSOAPMessage, acctInfo.isRoleIDP())) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Response " + "signature verification failed");
FSUtils.debug.message("Name registration" + " failed in doRemoteRegistration");
}
returnLocallyAtSource(response, false);
return false;
}
}
FSUtils.debug.message("Response signature verification succeeded");
if (elt.getLocalName().equalsIgnoreCase(IFSConstants.NAME_REGISTRATION_RESPONSE)) {
FSNameRegistrationResponse regisResponse = null;
try {
regisResponse = new FSNameRegistrationResponse(elt);
} catch (SAMLException e) {
regisResponse = null;
}
if (regisResponse != null) {
String responseStatus = ((regisResponse.getStatus()).getStatusCode()).getValue();
if (responseStatus.equals(IFSConstants.SAML_SUCCESS)) {
FSUtils.debug.message("Name registration Successful");
// do local update
oldAcctKey = (FSAccountFedInfoKey) returnMap.get("OldAccountKey");
if (oldAcctKey != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Get OldAcctKet Name : " + oldAcctKey.getName() + "\nGet OldAcctKet Qualifier:" + oldAcctKey.getNameSpace());
}
} else {
FSUtils.debug.message("OldAccount Key is null");
}
newAcctKey = (FSAccountFedInfoKey) returnMap.get("AccountKey");
if (newAcctKey != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Get newAcctKey Name : " + newAcctKey.getName() + "\nGet newAcctKey Qualifier:" + newAcctKey.getNameSpace());
}
} else {
FSUtils.debug.message("newAcctKey Key is null");
}
newAcctInfo = (FSAccountFedInfo) returnMap.get("AccountInfo");
userID = (String) returnMap.get("userID");
regisSource = (String) returnMap.get("RegisSource");
returnURL = (String) returnMap.get(IFSConstants.LRURL);
boolean bStatus = doCommonRegistration();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("doCommonRegistration returns " + bStatus);
}
// Call SP Adapter
if (bStatus && hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
FSUtils.debug.message("doRemoteRegis");
callPostRegisterNameIdentifierSuccess(request, response, userID, regisRequest, regisResponse, IFSConstants.NAME_REGISTRATION_SP_SOAP_PROFILE);
}
returnLocallyAtSource(response, bStatus);
return bStatus;
} else if (responseStatus.equals(IFSConstants.FEDERATION_NOT_EXISTS_STATUS)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Name " + "registration Failed. " + "Federation does not exist");
}
returnLocallyAtSource(response, false);
return false;
} else if (responseStatus.equals(IFSConstants.REGISTRATION_FAILURE_STATUS)) {
FSUtils.debug.message("Name registration Failed.");
returnLocallyAtSource(response, false);
return false;
}
}
}
}
}
returnLocallyAtSource(response, false);
return false;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::doRemoteRegistration " + "In Redirect profile");
}
// addition of relay state
FSNameIdentifierHelper nameHelper = new FSNameIdentifierHelper(hostedConfig);
String newId = nameHelper.createNameIdentifier();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Registration Id : " + newId);
}
regisRequest.setRelayState(newId);
// add information to FSRegistrationMap
HashMap valMap = new HashMap();
valMap.put("SSODetails", regisMap);
valMap.put("ReturnEntry", returnMap);
if (returnURL != null) {
valMap.put(IFSConstants.LRURL, returnURL);
}
FSRegistrationManager registInst = FSRegistrationManager.getInstance(metaAlias);
registInst.setRegistrationMapInfo(newId, valMap);
// sat1 add null checks
Set ketSet = valMap.keySet();
Iterator iter = ketSet.iterator();
String key = null;
String value = null;
while (iter.hasNext()) {
key = (String) iter.next();
value = (String) regisMap.get(key);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Putting in Map Key : " + key + "\nPutting in Map Value : " + value);
}
}
String urlEncodedRequest = regisRequest.toURLEncodedQueryString();
// Sign the request querystring
if (FSServiceUtils.isSigningOn()) {
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null || certAlias.length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler:: " + "signSAMLRequest:" + "couldn't obtain this site's cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
}
urlEncodedRequest = FSSignatureUtil.signAndReturnQueryString(urlEncodedRequest, certAlias);
}
StringBuffer redirectURL = new StringBuffer();
String retURL = remoteDescriptor.getRegisterNameIdentifierServiceURL();
redirectURL.append(retURL);
if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
redirectURL.append(IFSConstants.QUESTION_MARK);
} else {
redirectURL.append(IFSConstants.AMPERSAND);
}
redirectURL.append(urlEncodedRequest);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Request to be sent : " + redirectURL.toString());
}
// end of addition
response.sendRedirect(redirectURL.toString());
return true;
}
} catch (IOException e) {
FSUtils.debug.error("FSNameRegistrationHandler" + FSUtils.bundle.getString(IFSConstants.FEDERATION_REDIRECT_FAILED));
} catch (FSMsgException e) {
FSUtils.debug.error("FSNameRegistrationHandler::doRemoteRegistration " + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
} catch (SAMLResponderException e) {
FSUtils.debug.error("FSNameRegistrationHandler::doRemoteRegistration " + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
}
returnLocallyAtSource(response, false);
return false;
}
Also used :
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
Set(java.util.Set)
HashMap(java.util.HashMap)
Element(org.w3c.dom.Element)
FSNameRegistrationRequest(com.sun.identity.federation.message.FSNameRegistrationRequest)
FSSOAPService(com.sun.identity.federation.services.FSSOAPService)
IOException(java.io.IOException)
SOAPMessage(javax.xml.soap.SOAPMessage)
SAMLException(com.sun.identity.saml.common.SAMLException)
SOAPException(javax.xml.soap.SOAPException)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SAMLException(com.sun.identity.saml.common.SAMLException)
IOException(java.io.IOException)
FSNameIdentifierHelper(com.sun.identity.federation.services.util.FSNameIdentifierHelper)
SOAPException(javax.xml.soap.SOAPException)
FSNameRegistrationResponse(com.sun.identity.federation.message.FSNameRegistrationResponse)
Iterator(java.util.Iterator)
List(java.util.List)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Example 25 with SAMLResponderException
use of com.sun.identity.saml.common.SAMLResponderException in project OpenAM by OpenRock.
the class FSLogoutUtil method buildSignedResponse.
/**
* Builds signed logout response.
* @param retURL logout return url
* @param bArgStatus logout status
* @param minorVersion minor version of the response should be set to
* @param hostedConfig hosted provider's extended meta
* @param hostedEntityId hosted provider's entity id
* @param userID user id
* @return signed logout response in string format
*/
private static String buildSignedResponse(String retURL, String bArgStatus, int minorVersion, BaseConfigType hostedConfig, String hostedEntityId, String userID) {
try {
String inResponseTo = "";
String logoutStatus = "";
String relayState = "";
// If userID exists read ReturnManager
// If manager has entry use that ResponseTo field else default
FSLogoutResponse responseLogout = new FSLogoutResponse();
responseLogout.setID(IFSConstants.LOGOUTID);
if (userID != null) {
FSReturnSessionManager mngInst = FSReturnSessionManager.getInstance(hostedConfig.getMetaAlias());
HashMap providerMap = new HashMap();
if (mngInst != null) {
providerMap = mngInst.getUserProviderInfo(userID);
}
if (providerMap != null) {
inResponseTo = (String) providerMap.get(IFSConstants.RESPONSE_TO);
relayState = (String) providerMap.get(IFSConstants.LOGOUT_RELAY_STATE);
logoutStatus = (String) providerMap.get(IFSConstants.LOGOUT_STATUS);
inResponseTo = (String) providerMap.get(IFSConstants.RESPONSE_TO);
mngInst.removeUserProviderInfo(userID);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Deleted " + userID + " from return list");
}
responseLogout.setResponseTo(inResponseTo);
responseLogout.setRelayState(relayState);
responseLogout.setProviderId(hostedEntityId);
responseLogout.setStatus(logoutStatus);
} else {
responseLogout.setStatus(bArgStatus);
responseLogout.setProviderId(hostedEntityId);
}
} else {
responseLogout.setStatus(bArgStatus);
responseLogout.setProviderId(hostedEntityId);
}
responseLogout.setMinorVersion(minorVersion);
String urlEncodedResponse = responseLogout.toURLEncodedQueryString();
// Sign the request querystring
if (FSServiceUtils.isSigningOn()) {
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null || certAlias.length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSLogoutUtil::buildSignedResponse:" + "couldn't obtain this site's cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
}
urlEncodedResponse = FSSignatureUtil.signAndReturnQueryString(urlEncodedResponse, certAlias);
}
StringBuffer redirectURL = new StringBuffer();
redirectURL.append(retURL);
if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
redirectURL.append(IFSConstants.QUESTION_MARK);
} else {
redirectURL.append(IFSConstants.AMPERSAND);
}
redirectURL.append(urlEncodedResponse);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSLogoutUtil : Response to be sent : " + redirectURL.toString());
}
return redirectURL.toString();
} catch (Exception e) {
return null;
}
}
Also used :
HashMap(java.util.HashMap)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
IOException(java.io.IOException)
FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Aggregations
SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)34
SAMLException (com.sun.identity.saml.common.SAMLException)22
XMLSignatureManager (com.sun.identity.saml.xmlsig.XMLSignatureManager)21
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)15
IOException (java.io.IOException)9
X509Certificate (java.security.cert.X509Certificate)9
ParseException (java.text.ParseException)9
Document (org.w3c.dom.Document)8
SessionException (com.sun.identity.plugin.session.SessionException)7
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)6
SAMLVersionMismatchException (com.sun.identity.saml.common.SAMLVersionMismatchException)5
Element (org.w3c.dom.Element)5
FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)4
FSLogoutResponse (com.sun.identity.federation.message.FSLogoutResponse)4
HashMap (java.util.HashMap)4
ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)3
FSException (com.sun.identity.federation.common.FSException)2
FSSOAPService (com.sun.identity.federation.services.FSSOAPService)2
SAMLRequesterException (com.sun.identity.saml.common.SAMLRequesterException)2
List (java.util.List)2
