use of com.sun.identity.saml.protocol.Status in project OpenAM by OpenRock.
the class FSNameRegistrationHandler method processRegistrationRequest.
/**
* Processes the registration request received from a
* remote provider. Invoded when Http redirect profile is used.
* @param request HTTP request
* @param response HTTP response
* @param regisRequest the name registration request received from
* remote provider
*/
public void processRegistrationRequest(HttpServletRequest request, HttpServletResponse response, FSNameRegistrationRequest regisRequest) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Entered FSNameRegistrationHandler::" + "processRegistrationRequest...");
}
this.request = request;
this.response = response;
this.regisRequest = regisRequest;
this.relayState = regisRequest.getRelayState();
setRegistrationURL();
if (managerInst == null) {
FSUtils.debug.error("FSNameRegistrationHandler " + FSUtils.bundle.getString(IFSConstants.FEDERATION_FAILED_ACCOUNT_INSTANCE));
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::handleNameRegistration" + "failed to get Account Manager instance");
}
sendRegistrationResponse();
return;
}
boolean bUserStatus = setUserDN(regisRequest);
if (!bUserStatus) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Failed to get UserDN. Invalid " + "Name registration request");
}
sendRegistrationResponse();
return;
}
boolean retStatus = doCommonRegistration();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("doCommonRegistration returns " + retStatus);
}
if (retStatus) {
StatusCode statusCode;
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::handleNameRegistration" + "registration in DS completed successfully");
}
try {
statusCode = new StatusCode(IFSConstants.SAML_SUCCESS);
regisResponse = new FSNameRegistrationResponse(null, regisRequest.getRequestID(), new Status(statusCode), hostedEntityId, relayState);
regisResponse.setMinorVersion(regisRequest.getMinorVersion());
// Call SP Adapter for SP/IDP initiated SOAP profile
if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
FSUtils.debug.message("processRegistration IDP/HTTP");
callPostRegisterNameIdentifierSuccess(request, response, userID, regisRequest, regisResponse, IFSConstants.NAME_REGISTRATION_IDP_HTTP_PROFILE);
}
} catch (FSMsgException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::" + "failed to create registration response", e);
}
} catch (SAMLException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::" + "failed to create registration response", e);
}
}
} else {
// retStatus is false
StatusCode statusCode;
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::handleNameRegistration" + "registration in DS failed");
}
try {
statusCode = new StatusCode(IFSConstants.REGISTRATION_FAILURE_STATUS);
regisResponse = new FSNameRegistrationResponse(null, regisRequest.getRequestID(), new Status(statusCode), hostedEntityId, relayState);
regisResponse.setMinorVersion(regisRequest.getMinorVersion());
} catch (FSMsgException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::" + "failed to create registration response", e);
}
} catch (SAMLException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::" + "failed to create registration response, e");
}
}
}
sendRegistrationResponse();
return;
}
use of com.sun.identity.saml.protocol.Status in project OpenAM by OpenRock.
the class FSNameRegistrationHandler method processSOAPRegistrationRequest.
/**
* Processes the name registration request received from a
* remote provider. Invoded when SOAP profile is used.
* @param regisRequest the name registration request received from
* remote provider
*/
public FSNameRegistrationResponse processSOAPRegistrationRequest(HttpServletRequest request, HttpServletResponse response, FSNameRegistrationRequest regisRequest) {
relayState = regisRequest.getRelayState();
try {
boolean regisSucceed = false;
FSNameRegistrationResponse regisResponse = null;
StatusCode statusCode;
FSUtils.debug.message("Entered FSNameRegistrationHandler::processRegistrationRequest");
if (managerInst == null) {
FSUtils.debug.error("FSNameRegistrationHandler Account Manager instance is null");
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::handleNameRegistration" + "failed to get Account Manager instance");
}
statusCode = new StatusCode(IFSConstants.REGISTRATION_FAILURE_STATUS);
try {
regisResponse = new FSNameRegistrationResponse(null, regisRequest.getRequestID(), new Status(statusCode), hostedEntityId, relayState);
} catch (FSMsgException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::" + "failed to create registration response");
}
return null;
}
regisResponse.setID(IFSConstants.REGISTRATIONID);
regisResponse.setMinorVersion(regisRequest.getMinorVersion());
return regisResponse;
}
FSUtils.debug.message("Begin processRegistrationRequest SOAP profile...");
if (regisRequest != null) {
boolean bUserStatus = setUserDN(regisRequest);
if (bUserStatus) {
boolean retStatus = doCommonRegistration();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("doCommonRegistration returns " + retStatus);
}
if (retStatus) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::handleNameRegistra" + "tion:registration in DS completed " + "successfully");
}
try {
statusCode = new StatusCode(IFSConstants.SAML_SUCCESS);
regisResponse = new FSNameRegistrationResponse(null, regisRequest.getRequestID(), new Status(statusCode), hostedEntityId, relayState);
regisSucceed = true;
} catch (FSMsgException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::" + "failed to create registration response");
}
return null;
} catch (SAMLException ex) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::" + "failed to create registration response");
}
return null;
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::handleNameRegis" + "tration: registration in DS failed");
}
try {
statusCode = new StatusCode(IFSConstants.REGISTRATION_FAILURE_STATUS);
regisResponse = new FSNameRegistrationResponse(null, regisRequest.getRequestID(), new Status(statusCode), hostedEntityId, relayState);
} catch (FSMsgException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::" + "failed to create registration response");
}
return null;
} catch (SAMLException ex) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::" + "failed to create registration response");
}
return null;
}
}
} else {
FSUtils.debug.message("Failed to get UserDN. Invalid registration request");
try {
statusCode = new StatusCode(IFSConstants.FEDERATION_NOT_EXISTS_STATUS);
regisResponse = new FSNameRegistrationResponse(null, regisRequest.getRequestID(), new Status(statusCode), hostedEntityId, relayState);
} catch (FSMsgException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::" + "failed to create registration response");
}
return null;
} catch (SAMLException ex) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::" + "failed to create registration response");
}
return null;
}
}
} else {
FSUtils.debug.error("FSNameRegistrationHandler::processRegistrationRequest " + "name registration request is improper");
return null;
}
regisResponse.setID(IFSConstants.REGISTRATIONID);
regisResponse.setMinorVersion(regisRequest.getMinorVersion());
if (regisSucceed && hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
callPostRegisterNameIdentifierSuccess(request, response, userID, regisRequest, regisResponse, IFSConstants.NAME_REGISTRATION_IDP_SOAP_PROFILE);
}
return regisResponse;
} catch (SAMLException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSNameRegistrationHandler::SAMLException", e);
}
return null;
}
}
use of com.sun.identity.saml.protocol.Status in project OpenAM by OpenRock.
the class FSDefaultSPAdapter method postSSOFederationFailure.
/**
* Invokes this method if the Single-Sign-On or Federation fails
* for some reason.
* @param request servlet request
* @param response servlet response
* @param authnRequest the original authentication request sent from SP
* @param authnResponse response from IDP if Browser POST or LECP profile
* is used for the request, value will be null if Browser Artifact
* profile is used.
* @param samlResponse response from IDP if Browser Artifact profile is used
* for the request, value will be null if Browser POST or LECP
* profile is used.
* @param failureCode an integer specifies the failure code.
* @return true if browser redirection happened, false otherwise.
*/
public boolean postSSOFederationFailure(String hostedEntityID, HttpServletRequest request, HttpServletResponse response, FSAuthnRequest authnRequest, FSAuthnResponse authnResponse, FSResponse samlResponse, int failureCode) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultSPAdapter.postFedFailure, " + "process " + hostedEntityID + "\nfailure code=" + failureCode);
}
String baseURL = FSServiceUtils.getBaseURL(request);
String relayState = null;
if (authnRequest != null) {
relayState = authnRequest.getRelayState();
}
String framedLoginPageURL = FSServiceUtils.getCommonLoginPageURL(FSServiceUtils.getMetaAlias(request), relayState, null, request, baseURL);
StringBuffer sb = new StringBuffer();
sb.append(framedLoginPageURL).append("&").append(IFSConstants.FAILURE_CODE).append("=").append(failureCode);
if (failureCode == INVALID_AUTHN_RESPONSE || failureCode == INVALID_RESPONSE) {
Status status = null;
if (failureCode == INVALID_AUTHN_RESPONSE) {
status = authnResponse.getStatus();
} else {
status = samlResponse.getStatus();
}
StatusCode firstLevelStatusCode = status.getStatusCode();
if (firstLevelStatusCode == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultSPAdapter.postSSO" + "FederationFailure: Status is null");
}
return false;
}
StatusCode secondLevelStatusCode = firstLevelStatusCode.getStatusCode();
if (secondLevelStatusCode == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultSPAdapter.postSSO" + "FederationFailure: Second level status is empty");
}
return false;
}
String statusValue = URLEncDec.encode(secondLevelStatusCode.getValue());
sb.append("&").append(IFSConstants.STATUS_CODE).append("=").append(statusValue);
}
String redirectURL = sb.toString();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultSPAdapter.postSSOFederation" + "Failure. URL to be redirected: " + redirectURL);
}
try {
response.setHeader("Location", redirectURL);
response.sendRedirect(redirectURL);
} catch (java.io.IOException io) {
FSUtils.debug.error("FSDefaultSPAdapter.postSSOFedFailure", io);
return false;
}
return true;
}
use of com.sun.identity.saml.protocol.Status in project OpenAM by OpenRock.
the class FSReturnLogoutServlet method doGetPost.
/**
* Processes logout response.
* @param request an <code>HttpServletRequest</code> object that contains
* the request the client has made of the servlet.
* @param response an <code>HttpServletResponse</code> object that contains
* the response the servlet sends to the client.
* @exception ServletException if an input or output error is detected when
* the servlet handles the request
* @exception IOException if the request could not be handled
*/
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
FSUtils.debug.message("FSReturnLogoutServlet doGetPost...");
// Alias processing
String providerAlias = request.getParameter(IFSConstants.META_ALIAS);
if (providerAlias == null || providerAlias.length() < 1) {
providerAlias = FSServiceUtils.getMetaAlias(request);
}
if (providerAlias == null || providerAlias.length() < 1) {
FSUtils.debug.message("Unable to retrieve alias, Hosted" + " Provider. Cannot process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("aliasNotFound"));
return;
}
Object ssoToken = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
if ((ssoToken == null) || (!sessionProvider.isValid(ssoToken))) {
FSUtils.debug.message("FSReturnLogoutRequest: Unable to get principal");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullSSOToken"));
return;
}
univId = sessionProvider.getPrincipalName(ssoToken);
} catch (SessionException ssoExp) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSReturnLogoutRequest: Unable to get principal", ssoExp);
}
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullSSOToken"));
return;
}
if (metaManager == null) {
FSUtils.debug.error("Failed to get meta manager");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FEDERATION_FAILED_META_INSTANCE));
return;
}
String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
String hostedRole = null;
String hostedEntityId = null;
BaseConfigType hostedConfig = null;
try {
hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedRole != null) {
if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
} else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
}
}
if (hostedConfig == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException e) {
FSUtils.debug.error("Failed to get Hosted Provider");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
return;
}
setLogoutURL(request, hostedConfig, providerAlias);
// Here we will need to
// 1. verify response signature
// 2. verify response status
// 3. retrieve registration request Id from Map
// 4. if status success then do locally else not do locally and
// 5. show status page or LRURL if found in MAP (eg intersiteTransfer)
FSLogoutResponse logoutResponse = null;
try {
logoutResponse = FSLogoutResponse.parseURLEncodedRequest(request);
} catch (FSMsgException e) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
} catch (SAMLException e) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
}
String remoteEntityId = logoutResponse.getProviderId();
ProviderDescriptorType remoteDesc = null;
boolean isRemoteIDP = false;
try {
if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
} else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
isRemoteIDP = true;
}
} catch (IDFFMetaException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSLogoutReturnServlet.doGetPost:", e);
}
}
if (remoteDesc == null) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
}
boolean bVerify = true;
if (FSServiceUtils.isSigningOn()) {
try {
bVerify = verifyResponseSignature(request, remoteDesc, remoteEntityId, isRemoteIDP);
} catch (SAMLException e) {
bVerify = false;
} catch (FSException e) {
bVerify = false;
}
}
Status status = logoutResponse.getStatus();
String logoutStatus = status.getStatusCode().getValue();
// remove session partner in case of logout success or this is IDP
if (logoutStatus.equalsIgnoreCase(IFSConstants.SAML_SUCCESS) || !isRemoteIDP) {
FSLogoutUtil.removeCurrentSessionPartner(providerAlias, remoteEntityId, ssoToken, univId);
}
if (bVerify) {
// in ReturnSessionManager only if it is failure
if (!logoutStatus.equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
FSReturnSessionManager localManager = FSReturnSessionManager.getInstance(providerAlias);
if (localManager != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("update status of logout to failure " + " in session manager");
}
localManager.setLogoutStatus(logoutStatus, univId);
} else {
FSUtils.debug.message("Cannot get FSReturnSessionManager");
}
FSUtils.debug.error("FSReturnLogoutServlet, failed logout response " + logoutStatus);
String[] data = { univId };
LogUtil.error(Level.INFO, LogUtil.LOGOUT_FAILED, data, ssoToken);
FSLogoutUtil.sendErrorPage(request, response, providerAlias);
return;
}
} else {
FSUtils.debug.error("FSReturnLogoutServlet " + "Signature on logout response is invalid" + "Cannot proceed logout");
String[] data = { univId };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data, ssoToken);
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
}
StringBuffer processLogout = new StringBuffer();
request.setAttribute("logoutSource", "remote");
processLogout.append(IFSConstants.SLO_VALUE).append("/").append(IFSConstants.META_ALIAS).append(providerAlias);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("About to get RequestDispatcher for " + processLogout.toString());
}
RequestDispatcher dispatcher = getServletConfig().getServletContext().getRequestDispatcher(processLogout.toString());
if (dispatcher == null) {
FSUtils.debug.message("RequestDispatcher is null");
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to find " + processLogout + "\ncalling sendErrorPage ");
}
FSLogoutUtil.sendErrorPage(request, response, providerAlias);
return;
}
dispatcher.forward(request, response);
return;
}
use of com.sun.identity.saml.protocol.Status in project OpenAM by OpenRock.
the class FSSSOAndFedHandler method doSingleSignOn.
protected boolean doSingleSignOn(Object ssoToken, String inResponseTo) {
FSUtils.debug.message("FSSSOAndFedHandler.doSingleSignOn(2): Called");
try {
String securityDomain = authnRequest.getProviderId();
String affiliationID = authnRequest.getAffiliationID();
if (affiliationID != null) {
securityDomain = affiliationID;
}
SessionProvider sessionProvider = SessionManager.getProvider();
String userID = sessionProvider.getPrincipalName(ssoToken);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.doSingleSignOn: " + "Initiating SSO for user with ID: " + userID);
}
FSAccountFedInfo accountInfo = accountManager.readAccountFedInfo(userID, securityDomain);
if (accountInfo == null) {
FSUtils.debug.error("FSSSOAndFedHandler.doSingleSignOn: Account Federation " + "Information not found for user with ID: " + userID);
noFedStatus = new Status(new StatusCode("samlp:Responder", new StatusCode("lib:FederationDoesNotExist", null)), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null);
String[] data = { userID };
LogUtil.error(Level.INFO, LogUtil.USER_ACCOUNT_FEDERATION_INFO_NOT_FOUND, data, ssoToken);
return false;
}
if (accountInfo != null && accountInfo.isFedStatusActive() && accountInfo.getLocalNameIdentifier() != null) {
// Check if this is 6.2
NameIdentifier localNI = accountInfo.getLocalNameIdentifier();
String qualifier = localNI.getNameQualifier();
if (qualifier != null && qualifier.equals(hostedEntityId)) {
localNI = new NameIdentifier(localNI.getName(), securityDomain);
NameIdentifier remoteNI = accountInfo.getRemoteNameIdentifier();
if (remoteNI != null) {
remoteNI = new NameIdentifier(remoteNI.getName(), securityDomain);
}
FSAccountFedInfoKey newFedKey = new FSAccountFedInfoKey(securityDomain, localNI.getName());
accountInfo = new FSAccountFedInfo(securityDomain, localNI, remoteNI, false);
accountManager.writeAccountFedInfo(userID, newFedKey, accountInfo);
FSAccountFedInfoKey oldFedKey = new FSAccountFedInfoKey(hostedEntityId, localNI.getName());
accountManager.removeAccountFedInfoKey(userID, oldFedKey);
}
}
NameIdentifier idpNI = accountInfo.getLocalNameIdentifier();
if (idpNI == null) {
idpNI = accountInfo.getRemoteNameIdentifier();
if (idpNI == null) {
FSUtils.debug.error("FSSSOAndFedHandler.doSingleSignOn: " + "NameIdentifier not found");
return false;
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.doSingleSignOn: " + "IDP generated opaque handle: " + idpNI.getName());
}
}
NameIdentifier spNI = accountInfo.getRemoteNameIdentifier();
if (spNI == null) {
spNI = idpNI;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.doSingleSignOn: " + "SP generated opaque handle: " + spNI.getName());
}
}
return doSingleSignOn(ssoToken, inResponseTo, spNI, idpNI);
} catch (Exception e) {
FSUtils.debug.error("FSSSOAndFedHandler.doSingleSignOn: " + "Exception during Single Sign-On:", e);
return false;
}
}
Aggregations