use of com.sun.identity.saml.protocol.StatusCode in project OpenAM by OpenRock.
the class FSSSOAndFedHandler method createAuthnResponse.
protected FSAuthnResponse createAuthnResponse(Object ssoToken, String inResponseTo, NameIdentifier userHandle, NameIdentifier idpHandle) {
FSUtils.debug.message("FSSSOAndFedHandler.createAuthnResponse: Called");
FSAuthnResponse authnResponse = null;
try {
String requestID = authnRequest.getRequestID();
FSAssertionManager am = FSAssertionManager.getInstance(metaAlias);
FSAssertion assertion = null;
SessionProvider sessionProvider = SessionManager.getProvider();
assertion = am.createFSAssertion(sessionProvider.getSessionID(ssoToken), null, realm, spEntityId, userHandle, idpHandle, inResponseTo, authnRequest.getMinorVersion());
StatusCode statusCode = new StatusCode(IFSConstants.STATUS_CODE_SUCCESS);
Status status = new Status(statusCode);
List contents = new ArrayList();
contents.add(assertion);
authnResponse = new FSAuthnResponse(null, requestID, status, contents, relayState);
authnResponse.setMinorVersion(authnRequest.getMinorVersion());
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.createAuthnResponse: " + "CHECK1: " + hostedEntityId);
}
authnResponse.setProviderId(hostedEntityId);
} catch (FSException se) {
FSUtils.debug.error("FSSSOAndFedHandler.createAuthnResponse: FSException: ", se);
return null;
} catch (SAMLException se) {
FSUtils.debug.error("FSSSOAndFedHandler.createAuthnResponse: " + "SAMLException: ", se);
return null;
} catch (SessionException se) {
FSUtils.debug.error("FSSSOAndFedHandler.createAuthnResponse: " + "SessionException: ", se);
return null;
}
// sign AuthnResponse
return authnResponse;
}
use of com.sun.identity.saml.protocol.StatusCode in project OpenAM by OpenRock.
the class FSSSOBrowserArtifactProfileHandler method createSAMLResponse.
private FSResponse createSAMLResponse(FSSAMLRequest samlRequest) throws FSException {
FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Called");
FSResponse retResponse = null;
String respID = FSUtils.generateID();
String inResponseTo = samlRequest.getRequestID();
List contents = new ArrayList();
String message = null;
int length;
Status status;
String remoteAddr = ClientUtils.getClientIPAddress(request);
String respPrefix = FSUtils.bundle.getString("responseLogMessage") + " " + remoteAddr;
int reqType = samlRequest.getContentType();
if (reqType == Request.NOT_SUPPORTED) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "Found element in the request which are not supported");
}
message = FSUtils.bundle.getString("unsupportedElement");
try {
status = new Status(new StatusCode("samlp:Responder"), message, null);
retResponse = new FSResponse(respID, inResponseTo, status, contents);
retResponse.setMinorVersion(samlRequest.getMinorVersion());
} catch (SAMLException se) {
FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "Fatal error, cannot create status or response: ", se);
}
if (LogUtil.isAccessLoggable(Level.FINER)) {
String[] data = { respPrefix, retResponse.toString() };
LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
} else {
String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
}
return retResponse;
}
FSAssertionManager am = null;
try {
am = FSAssertionManager.getInstance(metaAlias);
} catch (FSException se) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Cannot instantiate " + "FSAssertionManager");
}
message = se.getMessage();
try {
status = new Status(new StatusCode("samlp:Responder"), message, null);
retResponse = new FSResponse(respID, inResponseTo, status, contents);
retResponse.setMinorVersion(samlRequest.getMinorVersion());
} catch (SAMLException sse) {
FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "Fatal error, cannot create status or response: ", sse);
}
if (LogUtil.isAccessLoggable(Level.FINER)) {
String[] data = { respPrefix, retResponse.toString() };
LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
} else {
String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
}
return retResponse;
}
List artifacts = null;
List assertions = new ArrayList();
if (reqType == Request.ASSERTION_ARTIFACT) {
artifacts = samlRequest.getAssertionArtifact();
length = artifacts.size();
// ensure that all the artifacts have the same sourceID
String sourceID = null;
String providerID = null;
AssertionArtifact art = null;
for (int j = 0; j < length; j++) {
art = (AssertionArtifact) artifacts.get(j);
if (sourceID != null) {
if (!sourceID.equals(art.getSourceID())) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Artifacts not from " + "the same source");
}
message = FSUtils.bundle.getString("mismatchSourceID");
try {
/**
* Need a second level status for the federation
* does not exist.
*/
status = new Status(new StatusCode("samlp:Requester", new StatusCode(IFSConstants.FEDERATION_NOT_EXISTS_STATUS, null)), message, null);
retResponse = new FSResponse(respID, inResponseTo, status, contents);
retResponse.setMinorVersion(samlRequest.getMinorVersion());
} catch (SAMLException ex) {
FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response: ", ex);
}
if (LogUtil.isAccessLoggable(Level.FINER)) {
String[] data = { respPrefix, retResponse.toString() };
LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
} else {
String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
}
return retResponse;
} else {
//sourceids are equal
continue;
}
} else {
// sourceID == null
sourceID = art.getSourceID();
}
}
// while loop to go through artifacts to check for sourceID
if (art != null) {
try {
providerID = am.getDestIdForArtifact(art);
} catch (FSException ex) {
FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: FSException Occured while " + "retrieving sp's providerID for the artifact: ", ex);
providerID = null;
}
if (providerID == null) {
FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "artifact received does not correspond to any SP");
message = FSUtils.bundle.getString("invalidSource");
try {
/**
* Need a second level status for the federation
* does not exist.
*/
/**
* First, let's check we haven't recorded a status
* beforehand (by another call) related to this
* artifact. If so, use it.
*/
Status sorig = am.getErrorStatus(art);
if (sorig != null) {
status = sorig;
} else {
status = new Status(new StatusCode("samlp:Requester", new StatusCode(IFSConstants.FEDERATION_NOT_EXISTS_STATUS, null)), message, null);
}
retResponse = new FSResponse(respID, inResponseTo, status, contents);
retResponse.setMinorVersion(samlRequest.getMinorVersion());
return retResponse;
} catch (SAMLException sse) {
FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse:Fatal error, " + "cannot create status or response: ", sse);
return null;
}
//return error response
} else {
try {
if (!metaManager.isTrustedProvider(realm, hostedEntityId, providerID)) {
FSUtils.debug.error("FSSSOAndFedHandler.processAuthnRequest: " + "RemoteProvider is not trusted");
message = FSUtils.bundle.getString("AuthnRequestProcessingFailed");
status = new Status(new StatusCode("samlp:Requester"), message, null);
retResponse = new FSResponse(respID, inResponseTo, status, contents);
retResponse.setMinorVersion(samlRequest.getMinorVersion());
return retResponse;
}
spDescriptor = metaManager.getSPDescriptor(realm, providerID);
spEntityId = providerID;
remoteAddr = providerID;
} catch (Exception ae) {
FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "FSAllianceManagementException " + "Occured while getting", ae);
message = ae.getMessage();
try {
status = new Status(new StatusCode("samlp:Requester"), message, null);
retResponse = new FSResponse(respID, inResponseTo, status, contents);
retResponse.setMinorVersion(samlRequest.getMinorVersion());
return retResponse;
} catch (SAMLException sse) {
FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse:Fatal error, " + "cannot create status or response: ", sse);
return null;
}
}
}
//Verify signature
if (FSServiceUtils.isSigningOn()) {
if (!verifySAMLRequestSignature(samlRequestElement, soapMsg)) {
FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "SAMLRequest signature verification failed");
message = FSUtils.bundle.getString("signatureVerificationFailed");
try {
status = new Status(new StatusCode("samlp:Requester"), message, null);
retResponse = new FSResponse(respID, inResponseTo, status, contents);
retResponse.setMinorVersion(samlRequest.getMinorVersion());
return retResponse;
} catch (SAMLException sse) {
FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse:Fatal error, " + "cannot create status or response: " + sse.getMessage());
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOBrowserArtProfileHandler.createSAMLResp:" + " SAMLRequest signature verified");
}
}
}
//end signature verification
} else {
FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: No artifact found in samlRequest");
message = FSUtils.bundle.getString("missingArtifact");
try {
status = new Status(new StatusCode("samlp:Requester"), message, null);
retResponse = new FSResponse(respID, inResponseTo, status, contents);
retResponse.setMinorVersion(samlRequest.getMinorVersion());
return retResponse;
} catch (SAMLException sse) {
FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse:Fatal error, " + "cannot create status or response: ", sse);
return null;
}
}
for (int i = 0; i < length; i++) {
AssertionArtifact artifact = (AssertionArtifact) artifacts.get(i);
Assertion assertion = null;
try {
assertion = am.getAssertion(artifact, spEntityId);
} catch (FSException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAML" + "Response:could not find matching assertion:", e);
}
message = e.getMessage();
try {
status = new Status(new StatusCode("samlp:Success"), message, null);
retResponse = new FSResponse(respID, inResponseTo, status, contents);
retResponse.setMinorVersion(samlRequest.getMinorVersion());
} catch (SAMLException sse) {
FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse:Fatal error, " + "cannot create status or response: ", sse);
}
if (LogUtil.isAccessLoggable(Level.FINER)) {
String[] data = { respPrefix, retResponse.toString() };
LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
} else {
String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
}
return retResponse;
}
if (assertion != null) {
assertions.add(i, assertion);
}
}
}
int assertionSize = assertions.size();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: found " + assertionSize + "assertions.");
}
// inside the assertion has the calling host's address in it.
for (int i = 0; i < assertionSize; i++) {
Assertion assn = (Assertion) assertions.get(i);
Conditions conds = assn.getConditions();
Set trcs = conds.getAudienceRestrictionCondition();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: checking to see if assertions" + " are for host:" + remoteAddr);
}
if (trcs != null && !trcs.isEmpty()) {
Iterator trcsIterator = trcs.iterator();
while (trcsIterator.hasNext()) {
if (!((AudienceRestrictionCondition) trcsIterator.next()).containsAudience(remoteAddr)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: removing TRC not" + "meant for this host");
}
assertions.remove(assn);
}
}
}
}
assertionSize = assertions.size();
if (assertionSize == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Matching Assertions(s) not " + "created for this host");
}
message = FSUtils.bundle.getString("mismatchDest");
try {
status = new Status(new StatusCode("samlp:Success"), message, null);
retResponse = new FSResponse(respID, inResponseTo, status, contents);
retResponse.setMinorVersion(samlRequest.getMinorVersion());
} catch (SAMLException se) {
FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response:", se);
}
if (LogUtil.isAccessLoggable(Level.FINER)) {
String[] data = { respPrefix, retResponse.toString() };
LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
} else {
String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
}
return retResponse;
}
if (reqType == Request.ASSERTION_ARTIFACT) {
if (assertions.size() == artifacts.size()) {
message = null;
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Matching Assertion found");
}
try {
status = new Status(new StatusCode("samlp:Success"), message, null);
retResponse = new FSResponse(respID, inResponseTo, status, assertions);
retResponse.setMinorVersion(samlRequest.getMinorVersion());
} catch (SAMLException se) {
FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response:", se);
return null;
} catch (Exception e) {
FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response:", e);
return null;
}
if (LogUtil.isAccessLoggable(Level.FINER)) {
String[] data = { respPrefix, retResponse.toString() };
LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
} else {
String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
}
return retResponse;
} else {
message = FSUtils.bundle.getString("unequalMatch");
try {
status = new Status(new StatusCode("samlp:Success"), message, null);
retResponse = new FSResponse(respID, inResponseTo, status, assertions);
retResponse.setMinorVersion(samlRequest.getMinorVersion());
} catch (SAMLException se) {
FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response:", se);
}
if (LogUtil.isAccessLoggable(Level.FINER)) {
String[] data = { respPrefix, retResponse.toString() };
LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
} else {
String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
}
return retResponse;
}
} else {
// build response for all the other type of request
try {
message = null;
status = new Status(new StatusCode("samlp:Success"), message, null);
retResponse = new FSResponse(respID, inResponseTo, status, assertions);
retResponse.setMinorVersion(samlRequest.getMinorVersion());
} catch (SAMLException se) {
FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response:", se);
}
}
if (LogUtil.isAccessLoggable(Level.FINER)) {
String[] data = { respPrefix, retResponse.toString() };
LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
} else {
String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
}
return retResponse;
}
use of com.sun.identity.saml.protocol.StatusCode in project OpenAM by OpenRock.
the class FSSSOAndFedHandler method processAuthnRequest.
/**
* Processes authentication request.
* @param authnRequest authentication request
* @param bPostAuthn <code>true</code> indicates it's post authentication;
* <code>false</code> indicates it's pre authentication.
*/
public void processAuthnRequest(FSAuthnRequest authnRequest, boolean bPostAuthn) {
FSUtils.debug.message("FSSSOAndFedHandler.processAuthnRequest: Called");
this.authnRequest = authnRequest;
String message = null;
String inResponseTo = authnRequest.getRequestID();
Status status = null;
FSAuthnResponse errResponse = null;
spEntityId = authnRequest.getProviderId();
try {
spDescriptor = metaManager.getSPDescriptor(realm, spEntityId);
spConfig = metaManager.getSPDescriptorConfig(realm, spEntityId);
if (!metaManager.isTrustedProvider(realm, hostedEntityId, spEntityId)) {
FSUtils.debug.error("FSSSOAndFedHandler.processAuthnRequest: " + "RemoteProvider is not trusted");
message = FSUtils.bundle.getString("AuthnRequestProcessingFailed");
status = new Status(new StatusCode("samlp:Responder"), message, null);
errResponse = new FSAuthnResponse(null, inResponseTo, status, null, relayState);
errResponse.setMinorVersion(authnRequest.getMinorVersion());
sendAuthnResponse(errResponse);
return;
}
if (bPostAuthn) {
if (processPostAuthnSSO(authnRequest)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler." + "processAuthnRequest: AuthnRequest Processing " + "successful");
}
return;
} else {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("FSSSOAndFedHandler.processAuthnRequest: " + "AuthnRequest Processing failed");
}
message = FSUtils.bundle.getString("AuthnRequestProcessingFailed");
if (noFedStatus != null) {
status = noFedStatus;
} else {
status = new Status(new StatusCode("samlp:Responder"), message, null);
}
errResponse = new FSAuthnResponse(null, inResponseTo, status, null, relayState);
errResponse.setMinorVersion(authnRequest.getMinorVersion());
sendAuthnResponse(errResponse);
return;
}
} else {
boolean authnRequestSigned = spDescriptor.isAuthnRequestsSigned();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processAuthnRequest: " + "ProviderID : " + spEntityId + " AuthnRequestSigned :this is for testing " + authnRequestSigned);
}
if (FSServiceUtils.isSigningOn()) {
if (authnRequestSigned) {
//verify request signature
if (!verifyRequestSignature(authnRequest)) {
FSUtils.debug.error("FSSSOAndFedHandler." + "processAuthnRequest: " + "AuthnRequest Signature Verification Failed");
message = FSUtils.bundle.getString("signatureVerificationFailed");
String[] data = { message };
LogUtil.error(Level.INFO, LogUtil.SIGNATURE_VERIFICATION_FAILED, data, ssoToken);
status = new Status(new StatusCode("samlp:Responder", new StatusCode("lib:UnsignedAuthnRequest", null)), message, null);
errResponse = new FSAuthnResponse(null, inResponseTo, status, null, relayState);
errResponse.setMinorVersion(authnRequest.getMinorVersion());
sendAuthnResponse(errResponse);
return;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler. processAuthnRequest" + ": AuthnRequest Signature Verified");
}
}
}
}
if (processPreAuthnSSO(authnRequest)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processAuthnRequest: " + "AuthnRequest Processing successful");
}
return;
} else {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("FSSSOAndFedHandler.processAuthnRequest: " + "AuthnRequest Processing failed");
}
String[] data = { FSUtils.bundle.getString("AuthnRequestProcessingFailed") };
LogUtil.error(Level.INFO, LogUtil.AUTHN_REQUEST_PROCESSING_FAILED, data, ssoToken);
message = FSUtils.bundle.getString("AuthnRequestProcessingFailed");
status = new Status(new StatusCode("samlp:Responder"), message, null);
if (noFedStatus != null) {
status = noFedStatus;
}
errResponse = new FSAuthnResponse(null, inResponseTo, status, null, relayState);
errResponse.setMinorVersion(authnRequest.getMinorVersion());
sendAuthnResponse(errResponse);
return;
}
}
} catch (Exception e) {
ByteArrayOutputStream out = new ByteArrayOutputStream();
e.printStackTrace(new PrintStream(out));
FSUtils.debug.error("FSSSOAndFedHandler.processAuthnRequest: " + "Exception Occured: " + e.getMessage() + "Stack trace is " + out.toString());
message = FSUtils.bundle.getString("AuthnRequestProcessingFailed");
try {
status = new Status(new StatusCode("samlp:Responder"), message, null);
errResponse = new FSAuthnResponse(null, inResponseTo, status, null, relayState);
errResponse.setMinorVersion(authnRequest.getMinorVersion());
sendAuthnResponse(errResponse);
} catch (Exception ex) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSSOAndFedHandler.processAuthnRequest: " + "Exception Occured: ", ex);
}
}
}
}
use of com.sun.identity.saml.protocol.StatusCode in project OpenAM by OpenRock.
the class SAMLSOAPReceiver method extractProcessRequest.
/**
* Extracts the Request object from the SOAPMessage return corresponding
* response.
*/
private Response extractProcessRequest(HttpServletRequest servletReq, org.w3c.dom.Element body, Set partnerSourceID) {
Response retResponse = null;
String respID = SAMLUtils.generateID();
String inResponseTo = null;
List contents = new ArrayList();
String message = null;
Status status;
String remoteAddr = ClientUtils.getClientIPAddress(servletReq);
String recipient = remoteAddr;
String invalidRespPrefix = SAMLUtils.bundle.getString("invalidRequestLogMessage") + " " + remoteAddr + ": ";
String respPrefix = SAMLUtils.bundle.getString("responseLogMessage") + " " + remoteAddr + ": ";
NodeList nl = body.getElementsByTagNameNS(sc.PROTOCOL_NAMESPACE_URI, "Request");
int length = nl.getLength();
if (length == 0) {
SAMLUtils.debug.error("SOAPReceiver: Body does not have a Request");
message = SAMLUtils.bundle.getString("missingRequest");
try {
status = new Status(new StatusCode("samlp:Requester"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, cannot " + "create status or response:" + se.getMessage());
}
String[] data = { invalidRespPrefix, retResponse.toString() };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
return retResponse;
}
boolean foundRequest = false;
Request req = null;
for (int i = 0; i < length; i++) {
Node child = (Node) nl.item(i);
if (child.getNodeType() != Node.ELEMENT_NODE) {
continue;
}
if (child.getLocalName().equals("Request")) {
try {
req = new Request((Element) child);
SAMLUtils.debug.message("found request ");
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message(" Received Request:" + req.toString());
}
String[] data = { SAMLUtils.bundle.getString("requestLogMessage") + " " + remoteAddr, req.toString() };
LogUtils.access(java.util.logging.Level.FINE, LogUtils.SOAP_REQUEST_MESSAGE, data);
inResponseTo = req.getRequestID();
foundRequest = true;
break;
} catch (SAMLRequesterException ss) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver:setting " + "status to samlp:Requester" + " " + ss.getMessage());
}
message = new String(ss.getMessage());
try {
status = new Status(new StatusCode("samlp:Requester"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
}
String[] data = { invalidRespPrefix, retResponse.toString() };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
return retResponse;
} catch (SAMLRequestVersionTooHighException sv) {
String mesg = new String(sv.getMessage());
StringTokenizer tok1 = new StringTokenizer(mesg, "|");
inResponseTo = tok1.nextToken();
message = tok1.nextToken();
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver:setting " + "status to samlp:VersionMismatch" + " " + message);
}
try {
status = new Status(new StatusCode("samlp:RequestVersionTooHigh"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
}
String[] data = { invalidRespPrefix, retResponse.toString() };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
return retResponse;
} catch (SAMLRequestVersionTooLowException sv) {
String mesg = new String(sv.getMessage());
StringTokenizer tok1 = new StringTokenizer(mesg, "|");
inResponseTo = tok1.nextToken();
message = tok1.nextToken();
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver:setting " + "status to samlp:VersionMismatch" + " " + message);
}
try {
status = new Status(new StatusCode("samlp:RequestVersionTooLow"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
}
String[] data = { invalidRespPrefix, retResponse.toString() };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
return retResponse;
} catch (Exception e) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver:setting " + "status to samlp:Responder" + " " + e.getMessage());
}
message = new String(e.getMessage());
try {
status = new Status(new StatusCode("samlp:Responder"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
}
String[] data = { invalidRespPrefix, retResponse.toString() };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
return retResponse;
}
}
}
if (!(foundRequest)) {
SAMLUtils.debug.error("SOAPReceiver: Body does not have a Request");
message = SAMLUtils.bundle.getString("missingRequest");
try {
status = new Status(new StatusCode("samlp:Requester"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
}
String[] data = { invalidRespPrefix, retResponse.toString() };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
return retResponse;
} else {
// found request now process it
if (!req.isSignatureValid()) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver: couldn't verify " + "the signature on Request.");
}
message = SAMLUtils.bundle.getString("cannotVerifyRequest");
try {
status = new Status(new StatusCode("samlp:Requester"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
return retResponse;
}
int reqType = req.getContentType();
if (reqType == Request.NOT_SUPPORTED) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver:Found " + "element in the request which are not supported");
}
message = SAMLUtils.bundle.getString("unsupportedElement");
try {
status = new Status(new StatusCode("samlp:Responder"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
return retResponse;
}
List respondWith = req.getRespondWith();
if (!parseRespondWith(respondWith)) {
SAMLUtils.debug.error("SOAPReceiver:Supported statements " + "are not present in the RespondWith element.");
message = SAMLUtils.bundle.getString("unsupportedStatement");
try {
status = new Status(new StatusCode("samlp:Responder"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
return retResponse;
}
AssertionManager am = null;
try {
am = AssertionManager.getInstance();
} catch (SAMLException se) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver: Cannot" + " instantiate AssertionManager");
}
message = se.getMessage();
try {
status = new Status(new StatusCode("samlp:Responder"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException sse) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", sse);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
return retResponse;
}
List artifacts = null;
List assertions = new ArrayList();
if (reqType == Request.ASSERTION_ARTIFACT) {
artifacts = req.getAssertionArtifact();
length = artifacts.size();
// ensure that all the artifacts have this site's sourceID
for (int j = 0; j < length; j++) {
AssertionArtifact art = (AssertionArtifact) artifacts.get(j);
if (!isThisSiteID(art.getSourceID())) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver:Artifact" + " has invalid SourceID");
}
message = SAMLUtils.bundle.getString("mismatchSourceID");
try {
status = new Status(new StatusCode("samlp:Requester"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException ex) {
SAMLUtils.debug.error("SOAPReceiver:" + "Fatal error, " + "cannot create status or response", ex);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
return retResponse;
}
}
// for loop to go through artifacts to check for sourceID
for (int i = 0; i < length; i++) {
AssertionArtifact artifact = (AssertionArtifact) artifacts.get(i);
Assertion assertion = null;
try {
assertion = am.getAssertion(artifact, partnerSourceID);
} catch (SAMLException se) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver:" + " could not find matching assertion");
}
message = se.getMessage();
try {
status = new Status(new StatusCode("samlp:Success"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException sse) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", sse);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
return retResponse;
}
if (assertion != null) {
assertions.add(i, assertion);
}
}
} else if (reqType == Request.ASSERTION_ID_REFERENCE) {
List assertionIdRefs = req.getAssertionIDReference();
length = assertionIdRefs.size();
for (int i = 0; i < length; i++) {
AssertionIDReference aidRef = (AssertionIDReference) assertionIdRefs.get(i);
Assertion assertion = null;
try {
assertion = am.getAssertion(aidRef, partnerSourceID);
} catch (SAMLException se) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver:" + " could not find matching assertion");
}
message = se.getMessage();
try {
status = new Status(new StatusCode("samlp:Success"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException sse) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", sse);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
return retResponse;
}
if (assertion != null) {
assertions.add(i, assertion);
}
}
} else if ((reqType == Request.AUTHENTICATION_QUERY) || (reqType == Request.AUTHORIZATION_DECISION_QUERY) || (reqType == Request.ATTRIBUTE_QUERY)) {
Query query = req.getQuery();
if (query != null) {
Assertion assertion = null;
try {
// if we come here, partnerSourceID is not empty
// always pass the first matching sourceID in
// need to find solution to handle multiple matches:TBD
assertion = am.getAssertion(query, (String) ((Iterator) partnerSourceID.iterator()).next());
} catch (SAMLException se) {
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver:" + " could not find matching assertion");
}
message = se.getMessage();
try {
status = new Status(new StatusCode("samlp:Success"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException sse) {
SAMLUtils.debug.error("SOAPReceiver:Fatal " + " error, cannot create status or " + " response", sse);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
return retResponse;
}
if (assertion != null) {
assertions.add(assertion);
}
}
} else {
//
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver:Request " + "contents has element which is not supported at this" + " time");
}
message = SAMLUtils.bundle.getString("unsupportedElement");
try {
status = new Status(new StatusCode("samlp:Responder"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
return retResponse;
}
int assertionSize = assertions.size();
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("found " + assertionSize + " assertions.");
}
// Request received.
for (int i = 0; i < assertionSize; i++) {
Response resp = validateStatements((Assertion) assertions.get(i), respondWith, contents, i, respID, inResponseTo, recipient);
if (resp != null) {
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
return resp;
}
// else there was no mismatch with respondWith element
}
if (reqType == Request.ASSERTION_ARTIFACT) {
if (contents.size() == artifacts.size()) {
message = null;
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SOAPReceiver: Matching " + "Assertion found");
}
try {
status = new Status(new StatusCode("samlp:Success"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.FINE, LogUtils.SENDING_RESPONSE, data);
return retResponse;
} else {
message = SAMLUtils.bundle.getString("unequalMatch");
try {
status = new Status(new StatusCode("samlp:Success"), message, null);
//contents = null;
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
return retResponse;
}
} else {
// build response for all the other type of request
try {
status = new Status(new StatusCode("samlp:Success"), message, null);
retResponse = new Response(respID, inResponseTo, status, recipient, contents);
retResponse.setMajorVersion(req.getMajorVersion());
retResponse.setMinorVersion(req.getMinorVersion());
} catch (SAMLException se) {
SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
}
}
}
// end of else found request
if (LogUtils.isAccessLoggable(java.util.logging.Level.FINER)) {
String[] data = { respPrefix, retResponse.toString() };
LogUtils.access(java.util.logging.Level.FINER, LogUtils.SENDING_RESPONSE, data);
} else {
String[] data = { respPrefix, retResponse.getResponseID() };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
}
return retResponse;
}
use of com.sun.identity.saml.protocol.StatusCode in project OpenAM by OpenRock.
the class FSNameRegistrationResponse method parseURLEncodedRequest.
/**
* Returns <code>FSNameRegistrationLogoutResponse</code> object. The
* object is creating by parsing the <code>HttpServletRequest</code>
* object.
*
* @param request the <code>HttpServletRequest</code> object.
* @throws FSMsgException if there is an error
* creating this object.
*/
public static FSNameRegistrationResponse parseURLEncodedRequest(HttpServletRequest request) throws FSMsgException, SAMLException {
FSNameRegistrationResponse retNameRegistrationResponse = new FSNameRegistrationResponse();
try {
FSUtils.debug.message("checking minor version");
retNameRegistrationResponse.majorVersion = Integer.parseInt(request.getParameter("MajorVersion"));
retNameRegistrationResponse.minorVersion = Integer.parseInt(request.getParameter("MinorVersion"));
} catch (NumberFormatException ex) {
FSUtils.debug.error("FSNameRegistrationResponse.parseURL" + "EncodedRequest: version parsing error:" + ex);
throw new FSMsgException("invalidNumber", null);
}
if (request.getParameter("ResponseID") != null) {
retNameRegistrationResponse.responseID = request.getParameter("ResponseID");
} else {
FSUtils.debug.error("FSNameRegistrationResponse.parseURL" + "EncodedRequest: Response ID is null");
String[] args = { IFSConstants.RESPONSE_ID };
throw new FSMsgException("missingAttribute", args);
}
String instantString = request.getParameter("IssueInstant");
if (instantString == null || instantString.length() == 0) {
FSUtils.debug.error("FSNameRegistrationResponse.parseURL" + "EncodedRequest: Issue Instant is null");
String[] args = { IFSConstants.ISSUE_INSTANT };
throw new FSMsgException("missingAttribute", args);
}
try {
retNameRegistrationResponse.issueInstant = DateUtils.stringToDate(instantString);
} catch (ParseException e) {
FSUtils.debug.error("FSNameRegistrationResponse.parseURL" + "EncodedRequest: Can not parse Issue Instant", e);
throw new FSMsgException("parseError", null);
}
if (request.getParameter("ProviderID") != null) {
retNameRegistrationResponse.providerId = request.getParameter("ProviderID");
} else {
FSUtils.debug.error("FSNameRegistrationResponse.parseURL" + "EncodedRequest: Provider ID is null ");
throw new FSMsgException("missingElement", null);
}
if (request.getParameter("RelayState") != null) {
retNameRegistrationResponse.relayState = request.getParameter("RelayState");
}
if (request.getParameter("InResponseTo") != null) {
retNameRegistrationResponse.inResponseTo = request.getParameter("InResponseTo");
}
if (request.getParameter("Value") != null) {
FSUtils.debug.message("Status : " + request.getParameter("Value"));
StatusCode statusCode = new StatusCode(request.getParameter("Value"));
retNameRegistrationResponse.status = new Status(statusCode);
} else {
FSUtils.debug.error("FSNameRegistrationResponse.parseURL" + "EncodedRequest: Status Value is null ");
throw new FSMsgException("missingElement", null);
}
FSUtils.debug.message("Returning registration response Object");
return retNameRegistrationResponse;
}
Aggregations