Examples with StatusCode com.sun.identity.saml.protocol.StatusCode used on opensource projects

Example 1 with StatusCode

use of com.sun.identity.saml.protocol.StatusCode in project OpenAM by OpenRock.

the class FSLogoutResponse method setStatus.

/**
     * Sets the Logout <code>Status</code>.
     *
     * @param status the Logout <code>Status</code code.
     * @see #getStatus
     */
public void setStatus(String status) {
    try {
        StatusCode statusCode = new StatusCode(status);
        this.status = new Status(statusCode);
    } catch (Exception e) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSLogoutResponse(Element): could not " + "set attribute:", e);
        }
    }
}

Example 2 with StatusCode

use of com.sun.identity.saml.protocol.StatusCode in project OpenAM by OpenRock.

the class SAMLPOSTProfileServlet method doGet.

/**
     * Initiates <code>SAML</code> web browser POST profile.
     * This method takes in a TARGET in the request, creates a SAMLResponse,
     * then redirects user to the destination site.
     *
     * @param request <code>HttpServletRequest</code> instance
     * @param response <code>HttpServletResponse</code> instance
     * @throws ServletException if there is an error.
     * @throws IOException if there is an error.
     */
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    if ((request == null) || (response == null)) {
        String[] data = { SAMLUtils.bundle.getString("nullInputParameter") };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.NULL_PARAMETER, data);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "nullInputParameter", SAMLUtils.bundle.getString("nullInputParameter"));
        return;
    }
    SAMLUtils.checkHTTPContentLength(request);
    // get Session
    Object token = getSession(request);
    if (token == null) {
        response.sendRedirect(SAMLUtils.getLoginRedirectURL(request));
        return;
    }
    // obtain TARGET
    String target = request.getParameter(SAMLConstants.POST_TARGET_PARAM);
    if (target == null || target.length() == 0) {
        String[] data = { SAMLUtils.bundle.getString("missingTargetSite") };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.MISSING_TARGET, data, token);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_BAD_REQUEST, "missingTargetSite", SAMLUtils.bundle.getString("missingTargetSite"));
        return;
    }
    // Get the Destination site Entry
    // find the destSite POST URL, which is the Receipient
    SAMLServiceManager.SiteEntry destSite = getDestSite(target);
    String destSiteUrl = null;
    if ((destSite == null) || ((destSiteUrl = destSite.getPOSTUrl()) == null)) {
        String[] data = { SAMLUtils.bundle.getString("targetForbidden"), target };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.TARGET_FORBIDDEN, data, token);
        SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "targetForbidden", SAMLUtils.bundle.getString("targetForbidden") + " " + target);
        return;
    }
    Response samlResponse = null;
    try {
        String version = destSite.getVersion();
        int majorVersion = SAMLConstants.PROTOCOL_MAJOR_VERSION;
        int minorVersion = SAMLConstants.PROTOCOL_MINOR_VERSION;
        if (version != null) {
            StringTokenizer st = new StringTokenizer(version, ".");
            if (st.countTokens() == 2) {
                majorVersion = Integer.parseInt(st.nextToken().trim());
                minorVersion = Integer.parseInt(st.nextToken().trim());
            }
        }
        // create assertion
        AssertionManager am = AssertionManager.getInstance();
        SessionProvider sessionProvider = SessionManager.getProvider();
        Assertion assertion = am.createSSOAssertion(sessionProvider.getSessionID(token), null, request, response, destSite.getSourceID(), target, majorVersion + "." + minorVersion);
        // create SAMLResponse
        StatusCode statusCode = new StatusCode(SAMLConstants.STATUS_CODE_SUCCESS);
        Status status = new Status(statusCode);
        List contents = new ArrayList();
        contents.add(assertion);
        samlResponse = new Response(null, status, destSiteUrl, contents);
        samlResponse.setMajorVersion(majorVersion);
        samlResponse.setMinorVersion(minorVersion);
    } catch (SessionException sse) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "Couldn't get SessionProvider:", sse);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", sse.getMessage());
        return;
    } catch (NumberFormatException ne) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when creating Response: ", ne);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", ne.getMessage());
        return;
    } catch (SAMLException se) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when creating Response: ", se);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", se.getMessage());
        return;
    }
    // sign the samlResponse
    byte[] signedBytes = null;
    try {
        samlResponse.signXML();
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("SAMLPOSTProfileServlet.doGet: " + "signed samlResponse is" + samlResponse.toString(true, true, true));
        }
        signedBytes = SAMLUtils.getResponseBytes(samlResponse);
    } catch (Exception e) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when signing the response:", e);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "errorSigningResponse", SAMLUtils.bundle.getString("errorSigningResponse"));
        return;
    }
    // base64 encode the signed samlResponse
    String encodedResponse = null;
    try {
        encodedResponse = Base64.encode(signedBytes, true).trim();
    } catch (Exception e) {
        SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when encoding the response:", e);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "errorEncodeResponse", SAMLUtils.bundle.getString("errorEncodeResponse"));
        return;
    }
    if (LogUtils.isAccessLoggable(java.util.logging.Level.FINE)) {
        String[] data = { SAMLUtils.bundle.getString("redirectTo"), target, destSiteUrl, new String(signedBytes, "UTF-8") };
        LogUtils.access(java.util.logging.Level.FINE, LogUtils.REDIRECT_TO_URL, data, token);
    } else {
        String[] data = { SAMLUtils.bundle.getString("redirectTo"), target, destSiteUrl };
        LogUtils.access(java.util.logging.Level.INFO, LogUtils.REDIRECT_TO_URL, data, token);
    }
    response.setContentType("text/html; charset=UTF-8");
    PrintWriter out = response.getWriter();
    out.println("<HTML>");
    out.println("<BODY Onload=\"document.forms[0].submit()\">");
    out.println("<FORM METHOD=\"POST\" ACTION=\"" + destSiteUrl + "\">");
    out.println("<INPUT TYPE=\"HIDDEN\" NAME=\"" + SAMLConstants.POST_SAML_RESPONSE_PARAM + "\" ");
    out.println("VALUE=\"" + encodedResponse + "\">");
    out.println("<INPUT TYPE=\"HIDDEN\" NAME=\"" + SAMLConstants.POST_TARGET_PARAM + "\" VALUE=\"" + target + "\"> </FORM>");
    out.println("</BODY></HTML>");
    out.close();
}

Example 3 with StatusCode

use of com.sun.identity.saml.protocol.StatusCode in project OpenAM by OpenRock.

the class SAMLSOAPReceiver method validateStatements.

/**
     * This method validates the assertion to see that the statements it 
     * contains are what is present in the RespondWith element of the
     * corresponsing Request.  If valid adds the passed assertion in the
     * passed contents, which is a List, at the specified index.
     */
private Response validateStatements(Assertion assertion, List respondWith, List contents, int index, String respID, String inResponseTo, String recipient) {
    String message = null;
    Set statements = assertion.getStatement();
    int length = statements.size();
    Response retResponse = null;
    Status status = null;
    if ((statements.isEmpty()) || (length == 0)) {
        SAMLUtils.debug.error("SOAPReceiver: Assertion found does not have" + " any statements in it");
        message = SAMLUtils.bundle.getString("missingStatement");
        try {
            status = new Status(new StatusCode("samlp:Responder"), message, null);
            retResponse = new Response(respID, inResponseTo, status, recipient, contents);
        } catch (SAMLException se) {
            SAMLUtils.debug.error("SOAPReceiver:Fatal error, cannot " + "create status or response", se);
            String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
            LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
        }
        return retResponse;
    } else {
        // statements not empty
        // would be true if there is any
        boolean mismatchError = false;
        // mismatch with RespondWith contents.
        if (respondWith.size() == 0) {
            contents.add(index, assertion);
        } else {
            mismatchError = !checkAgainstRespondWith(respondWith, statements);
            if (!mismatchError) {
                contents.add(index, assertion);
            }
        }
        // end of else respondWith size > 0
        if (mismatchError) {
            SAMLUtils.debug.error("SOAPReceiver: Assertion does not " + " meet respondWith criteria in the received Request");
            message = SAMLUtils.bundle.getString("mismatchRespondWith");
            try {
                //contents = null;
                status = new Status(new StatusCode("samlp:Success"), message, null);
                return new Response(respID, inResponseTo, status, recipient, contents);
            } catch (SAMLException se) {
                SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + " cannot create status or response", se);
                String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
            }
        }
    }
    // reached here, so there was no error in validation
    return null;
}

Example 4 with StatusCode

use of com.sun.identity.saml.protocol.StatusCode in project OpenAM by OpenRock.

the class CDCServlet method redirectWithAuthNResponse.

/**
     * Constructs the Liberty AuthNResponse with Restricted SSOToken
     * and redirects the user to the requested resouce
     */
private void redirectWithAuthNResponse(HttpServletRequest request, HttpServletResponse response, SSOToken token) throws ServletException, IOException {
    String gotoURL = getRedirectURL(request, response);
    if (debug.messageEnabled()) {
        debug.message("CDCServlet.redirectWithAuthNResponse: gotoURL = " + gotoURL);
    }
    if (debug.messageEnabled()) {
        debug.message("CDCServlet.redirectWithAuthNResponse: After encoding: gotoURL = " + gotoURL);
    }
    if (gotoURL != null) {
        try {
            String inResponseTo = request.getParameter(REQUEST_ID);
            String spDescriptor = request.getParameter(PROVIDER_ID);
            String resTokenID = null;
            /**
                 * validateAndGetRestriction throws an exception if an agent
                 * profile with provider id and goto url is not present
                 */
            TokenRestriction tokenRes = spValidator.validateAndGetRestriction(FSAuthnRequest.parseURLEncodedRequest(request), gotoURL);
            if (uniqueCookieEnabled) {
                resTokenID = sessionService.getRestrictedTokenId(token.getTokenID().toString(), tokenRes);
            } else {
                resTokenID = token.getTokenID().toString();
            }
            FSAssertion assertion = createAssertion(spDescriptor, SELF_PROVIDER_ID, resTokenID, token.getAuthType(), token.getProperty("authInstant"), token.getPrincipal().getName(), inResponseTo);
            String relayState = request.getParameter(RELAY_STATE);
            Status status = new Status(new StatusCode(IFSConstants.STATUS_CODE_SUCCESS));
            FSAuthnResponse authnResponse = createAuthnResponse(SELF_PROVIDER_ID, responseID, inResponseTo, status, assertion, relayState);
            sendAuthnResponse(request, response, authnResponse, gotoURL);
        } catch (SAMLException se) {
            debug.error("CDCServlet.doGetPost", se);
            showError(response);
        } catch (FSMsgException fe) {
            debug.error("CDCServlet.doGetPost", fe);
            showError(response);
        } catch (FSException fse) {
            debug.error("CDCServlet.doGetPost", fse);
            showError(response);
        } catch (SessionException e) {
            debug.error("CDCServlet.doGetPost", e);
        } catch (SSOException ssoe) {
            debug.error("CDCServlet.doGetPost", ssoe);
        } catch (Exception e) {
            debug.error("CDCServlet.doGetPost", e);
            spValidator = new LdapSPValidator();
            showError(response, FORBIDDEN_STR_MATCH);
        }
    }
}

Example 5 with StatusCode

use of com.sun.identity.saml.protocol.StatusCode in project OpenAM by OpenRock.

the class FSNameRegistrationHandler method processRegistrationRequest.

/**
     * Processes the registration request received from a
     * remote provider. Invoded when Http redirect profile is used.
     * @param request HTTP request
     * @param response HTTP response
     * @param regisRequest the name registration request received from 
     * remote provider
     */
public void processRegistrationRequest(HttpServletRequest request, HttpServletResponse response, FSNameRegistrationRequest regisRequest) {
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("Entered FSNameRegistrationHandler::" + "processRegistrationRequest...");
    }
    this.request = request;
    this.response = response;
    this.regisRequest = regisRequest;
    this.relayState = regisRequest.getRelayState();
    setRegistrationURL();
    if (managerInst == null) {
        FSUtils.debug.error("FSNameRegistrationHandler " + FSUtils.bundle.getString(IFSConstants.FEDERATION_FAILED_ACCOUNT_INSTANCE));
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSNameRegistrationHandler::handleNameRegistration" + "failed to get Account Manager instance");
        }
        sendRegistrationResponse();
        return;
    }
    boolean bUserStatus = setUserDN(regisRequest);
    if (!bUserStatus) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Failed to get UserDN. Invalid " + "Name registration request");
        }
        sendRegistrationResponse();
        return;
    }
    boolean retStatus = doCommonRegistration();
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("doCommonRegistration returns " + retStatus);
    }
    if (retStatus) {
        StatusCode statusCode;
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSNameRegistrationHandler::handleNameRegistration" + "registration in DS completed successfully");
        }
        try {
            statusCode = new StatusCode(IFSConstants.SAML_SUCCESS);
            regisResponse = new FSNameRegistrationResponse(null, regisRequest.getRequestID(), new Status(statusCode), hostedEntityId, relayState);
            regisResponse.setMinorVersion(regisRequest.getMinorVersion());
            // Call SP Adapter for SP/IDP initiated SOAP profile
            if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
                FSUtils.debug.message("processRegistration IDP/HTTP");
                callPostRegisterNameIdentifierSuccess(request, response, userID, regisRequest, regisResponse, IFSConstants.NAME_REGISTRATION_IDP_HTTP_PROFILE);
            }
        } catch (FSMsgException e) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSNameRegistrationHandler::" + "failed to create registration response", e);
            }
        } catch (SAMLException e) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSNameRegistrationHandler::" + "failed to create registration response", e);
            }
        }
    } else {
        // retStatus is false
        StatusCode statusCode;
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSNameRegistrationHandler::handleNameRegistration" + "registration in DS failed");
        }
        try {
            statusCode = new StatusCode(IFSConstants.REGISTRATION_FAILURE_STATUS);
            regisResponse = new FSNameRegistrationResponse(null, regisRequest.getRequestID(), new Status(statusCode), hostedEntityId, relayState);
            regisResponse.setMinorVersion(regisRequest.getMinorVersion());
        } catch (FSMsgException e) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSNameRegistrationHandler::" + "failed to create registration response", e);
            }
        } catch (SAMLException e) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSNameRegistrationHandler::" + "failed to create registration response, e");
            }
        }
    }
    sendRegistrationResponse();
    return;
}