Search in sources :

Example 11 with StatusCode

use of com.sun.identity.saml.protocol.StatusCode in project OpenAM by OpenRock.

the class FSSSOAndFedHandler method createAuthnResponse.

protected FSAuthnResponse createAuthnResponse(Object ssoToken, String inResponseTo, NameIdentifier userHandle, NameIdentifier idpHandle) {
    FSUtils.debug.message("FSSSOAndFedHandler.createAuthnResponse:  Called");
    FSAuthnResponse authnResponse = null;
    try {
        String requestID = authnRequest.getRequestID();
        FSAssertionManager am = FSAssertionManager.getInstance(metaAlias);
        FSAssertion assertion = null;
        SessionProvider sessionProvider = SessionManager.getProvider();
        assertion = am.createFSAssertion(sessionProvider.getSessionID(ssoToken), null, realm, spEntityId, userHandle, idpHandle, inResponseTo, authnRequest.getMinorVersion());
        StatusCode statusCode = new StatusCode(IFSConstants.STATUS_CODE_SUCCESS);
        Status status = new Status(statusCode);
        List contents = new ArrayList();
        contents.add(assertion);
        authnResponse = new FSAuthnResponse(null, requestID, status, contents, relayState);
        authnResponse.setMinorVersion(authnRequest.getMinorVersion());
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedHandler.createAuthnResponse: " + "CHECK1: " + hostedEntityId);
        }
        authnResponse.setProviderId(hostedEntityId);
    } catch (FSException se) {
        FSUtils.debug.error("FSSSOAndFedHandler.createAuthnResponse: FSException: ", se);
        return null;
    } catch (SAMLException se) {
        FSUtils.debug.error("FSSSOAndFedHandler.createAuthnResponse: " + "SAMLException: ", se);
        return null;
    } catch (SessionException se) {
        FSUtils.debug.error("FSSSOAndFedHandler.createAuthnResponse: " + "SessionException: ", se);
        return null;
    }
    // sign AuthnResponse
    return authnResponse;
}
Also used : Status(com.sun.identity.saml.protocol.Status) FSAuthnResponse(com.sun.identity.federation.message.FSAuthnResponse) FSAssertionManager(com.sun.identity.federation.services.FSAssertionManager) FSAssertion(com.sun.identity.federation.message.FSAssertion) ArrayList(java.util.ArrayList) FSException(com.sun.identity.federation.common.FSException) SessionException(com.sun.identity.plugin.session.SessionException) List(java.util.List) ArrayList(java.util.ArrayList) StatusCode(com.sun.identity.saml.protocol.StatusCode) SAMLException(com.sun.identity.saml.common.SAMLException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 12 with StatusCode

use of com.sun.identity.saml.protocol.StatusCode in project OpenAM by OpenRock.

the class FSSSOBrowserArtifactProfileHandler method createSAMLResponse.

private FSResponse createSAMLResponse(FSSAMLRequest samlRequest) throws FSException {
    FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAMLResponse: Called");
    FSResponse retResponse = null;
    String respID = FSUtils.generateID();
    String inResponseTo = samlRequest.getRequestID();
    List contents = new ArrayList();
    String message = null;
    int length;
    Status status;
    String remoteAddr = ClientUtils.getClientIPAddress(request);
    String respPrefix = FSUtils.bundle.getString("responseLogMessage") + " " + remoteAddr;
    int reqType = samlRequest.getContentType();
    if (reqType == Request.NOT_SUPPORTED) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "Found element in the request which are not supported");
        }
        message = FSUtils.bundle.getString("unsupportedElement");
        try {
            status = new Status(new StatusCode("samlp:Responder"), message, null);
            retResponse = new FSResponse(respID, inResponseTo, status, contents);
            retResponse.setMinorVersion(samlRequest.getMinorVersion());
        } catch (SAMLException se) {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "Fatal error, cannot create status or response: ", se);
        }
        if (LogUtil.isAccessLoggable(Level.FINER)) {
            String[] data = { respPrefix, retResponse.toString() };
            LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
        } else {
            String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
            LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
        }
        return retResponse;
    }
    FSAssertionManager am = null;
    try {
        am = FSAssertionManager.getInstance(metaAlias);
    } catch (FSException se) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Cannot instantiate " + "FSAssertionManager");
        }
        message = se.getMessage();
        try {
            status = new Status(new StatusCode("samlp:Responder"), message, null);
            retResponse = new FSResponse(respID, inResponseTo, status, contents);
            retResponse.setMinorVersion(samlRequest.getMinorVersion());
        } catch (SAMLException sse) {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "Fatal error, cannot create status or response: ", sse);
        }
        if (LogUtil.isAccessLoggable(Level.FINER)) {
            String[] data = { respPrefix, retResponse.toString() };
            LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
        } else {
            String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
            LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
        }
        return retResponse;
    }
    List artifacts = null;
    List assertions = new ArrayList();
    if (reqType == Request.ASSERTION_ARTIFACT) {
        artifacts = samlRequest.getAssertionArtifact();
        length = artifacts.size();
        // ensure that all the artifacts have the same sourceID
        String sourceID = null;
        String providerID = null;
        AssertionArtifact art = null;
        for (int j = 0; j < length; j++) {
            art = (AssertionArtifact) artifacts.get(j);
            if (sourceID != null) {
                if (!sourceID.equals(art.getSourceID())) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Artifacts not from " + "the same source");
                    }
                    message = FSUtils.bundle.getString("mismatchSourceID");
                    try {
                        /**
                            * Need a second level status for the federation
                            * does not exist. 
                            */
                        status = new Status(new StatusCode("samlp:Requester", new StatusCode(IFSConstants.FEDERATION_NOT_EXISTS_STATUS, null)), message, null);
                        retResponse = new FSResponse(respID, inResponseTo, status, contents);
                        retResponse.setMinorVersion(samlRequest.getMinorVersion());
                    } catch (SAMLException ex) {
                        FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response: ", ex);
                    }
                    if (LogUtil.isAccessLoggable(Level.FINER)) {
                        String[] data = { respPrefix, retResponse.toString() };
                        LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
                    } else {
                        String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
                        LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
                    }
                    return retResponse;
                } else {
                    //sourceids are equal
                    continue;
                }
            } else {
                // sourceID == null
                sourceID = art.getSourceID();
            }
        }
        // while loop to go through artifacts to check for sourceID
        if (art != null) {
            try {
                providerID = am.getDestIdForArtifact(art);
            } catch (FSException ex) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: FSException Occured while " + "retrieving sp's providerID for the artifact: ", ex);
                providerID = null;
            }
            if (providerID == null) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "artifact received does not correspond to any SP");
                message = FSUtils.bundle.getString("invalidSource");
                try {
                    /**
                         * Need a second level status for the federation
                         * does not exist. 
                         */
                    /**
                         * First, let's check we haven't recorded a status
                         * beforehand (by another call) related to this
                         * artifact. If so, use it.
                         */
                    Status sorig = am.getErrorStatus(art);
                    if (sorig != null) {
                        status = sorig;
                    } else {
                        status = new Status(new StatusCode("samlp:Requester", new StatusCode(IFSConstants.FEDERATION_NOT_EXISTS_STATUS, null)), message, null);
                    }
                    retResponse = new FSResponse(respID, inResponseTo, status, contents);
                    retResponse.setMinorVersion(samlRequest.getMinorVersion());
                    return retResponse;
                } catch (SAMLException sse) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse:Fatal error, " + "cannot create status or response: ", sse);
                    return null;
                }
            //return error response
            } else {
                try {
                    if (!metaManager.isTrustedProvider(realm, hostedEntityId, providerID)) {
                        FSUtils.debug.error("FSSSOAndFedHandler.processAuthnRequest: " + "RemoteProvider is not trusted");
                        message = FSUtils.bundle.getString("AuthnRequestProcessingFailed");
                        status = new Status(new StatusCode("samlp:Requester"), message, null);
                        retResponse = new FSResponse(respID, inResponseTo, status, contents);
                        retResponse.setMinorVersion(samlRequest.getMinorVersion());
                        return retResponse;
                    }
                    spDescriptor = metaManager.getSPDescriptor(realm, providerID);
                    spEntityId = providerID;
                    remoteAddr = providerID;
                } catch (Exception ae) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "FSAllianceManagementException " + "Occured while getting", ae);
                    message = ae.getMessage();
                    try {
                        status = new Status(new StatusCode("samlp:Requester"), message, null);
                        retResponse = new FSResponse(respID, inResponseTo, status, contents);
                        retResponse.setMinorVersion(samlRequest.getMinorVersion());
                        return retResponse;
                    } catch (SAMLException sse) {
                        FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse:Fatal error, " + "cannot create status or response: ", sse);
                        return null;
                    }
                }
            }
            //Verify signature
            if (FSServiceUtils.isSigningOn()) {
                if (!verifySAMLRequestSignature(samlRequestElement, soapMsg)) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: " + "SAMLRequest signature verification failed");
                    message = FSUtils.bundle.getString("signatureVerificationFailed");
                    try {
                        status = new Status(new StatusCode("samlp:Requester"), message, null);
                        retResponse = new FSResponse(respID, inResponseTo, status, contents);
                        retResponse.setMinorVersion(samlRequest.getMinorVersion());
                        return retResponse;
                    } catch (SAMLException sse) {
                        FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse:Fatal error, " + "cannot create status or response: " + sse.getMessage());
                    }
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOBrowserArtProfileHandler.createSAMLResp:" + " SAMLRequest signature verified");
                    }
                }
            }
        //end signature verification
        } else {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: No artifact found in samlRequest");
            message = FSUtils.bundle.getString("missingArtifact");
            try {
                status = new Status(new StatusCode("samlp:Requester"), message, null);
                retResponse = new FSResponse(respID, inResponseTo, status, contents);
                retResponse.setMinorVersion(samlRequest.getMinorVersion());
                return retResponse;
            } catch (SAMLException sse) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse:Fatal error, " + "cannot create status or response: ", sse);
                return null;
            }
        }
        for (int i = 0; i < length; i++) {
            AssertionArtifact artifact = (AssertionArtifact) artifacts.get(i);
            Assertion assertion = null;
            try {
                assertion = am.getAssertion(artifact, spEntityId);
            } catch (FSException e) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler.createSAML" + "Response:could not find matching assertion:", e);
                }
                message = e.getMessage();
                try {
                    status = new Status(new StatusCode("samlp:Success"), message, null);
                    retResponse = new FSResponse(respID, inResponseTo, status, contents);
                    retResponse.setMinorVersion(samlRequest.getMinorVersion());
                } catch (SAMLException sse) {
                    FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse:Fatal error, " + "cannot create status or response: ", sse);
                }
                if (LogUtil.isAccessLoggable(Level.FINER)) {
                    String[] data = { respPrefix, retResponse.toString() };
                    LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
                } else {
                    String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
                    LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
                }
                return retResponse;
            }
            if (assertion != null) {
                assertions.add(i, assertion);
            }
        }
    }
    int assertionSize = assertions.size();
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: found " + assertionSize + "assertions.");
    }
    // inside the assertion has the calling host's address in it.
    for (int i = 0; i < assertionSize; i++) {
        Assertion assn = (Assertion) assertions.get(i);
        Conditions conds = assn.getConditions();
        Set trcs = conds.getAudienceRestrictionCondition();
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: checking to see if assertions" + " are for host:" + remoteAddr);
        }
        if (trcs != null && !trcs.isEmpty()) {
            Iterator trcsIterator = trcs.iterator();
            while (trcsIterator.hasNext()) {
                if (!((AudienceRestrictionCondition) trcsIterator.next()).containsAudience(remoteAddr)) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: removing TRC not" + "meant for this host");
                    }
                    assertions.remove(assn);
                }
            }
        }
    }
    assertionSize = assertions.size();
    if (assertionSize == 0) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Matching Assertions(s) not " + "created for this host");
        }
        message = FSUtils.bundle.getString("mismatchDest");
        try {
            status = new Status(new StatusCode("samlp:Success"), message, null);
            retResponse = new FSResponse(respID, inResponseTo, status, contents);
            retResponse.setMinorVersion(samlRequest.getMinorVersion());
        } catch (SAMLException se) {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response:", se);
        }
        if (LogUtil.isAccessLoggable(Level.FINER)) {
            String[] data = { respPrefix, retResponse.toString() };
            LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
        } else {
            String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
            LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
        }
        return retResponse;
    }
    if (reqType == Request.ASSERTION_ARTIFACT) {
        if (assertions.size() == artifacts.size()) {
            message = null;
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Matching Assertion found");
            }
            try {
                status = new Status(new StatusCode("samlp:Success"), message, null);
                retResponse = new FSResponse(respID, inResponseTo, status, assertions);
                retResponse.setMinorVersion(samlRequest.getMinorVersion());
            } catch (SAMLException se) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response:", se);
                return null;
            } catch (Exception e) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response:", e);
                return null;
            }
            if (LogUtil.isAccessLoggable(Level.FINER)) {
                String[] data = { respPrefix, retResponse.toString() };
                LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
            } else {
                String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
                LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
            }
            return retResponse;
        } else {
            message = FSUtils.bundle.getString("unequalMatch");
            try {
                status = new Status(new StatusCode("samlp:Success"), message, null);
                retResponse = new FSResponse(respID, inResponseTo, status, assertions);
                retResponse.setMinorVersion(samlRequest.getMinorVersion());
            } catch (SAMLException se) {
                FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response:", se);
            }
            if (LogUtil.isAccessLoggable(Level.FINER)) {
                String[] data = { respPrefix, retResponse.toString() };
                LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
            } else {
                String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
                LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
            }
            return retResponse;
        }
    } else {
        // build response for all the other type of request
        try {
            message = null;
            status = new Status(new StatusCode("samlp:Success"), message, null);
            retResponse = new FSResponse(respID, inResponseTo, status, assertions);
            retResponse.setMinorVersion(samlRequest.getMinorVersion());
        } catch (SAMLException se) {
            FSUtils.debug.error("FSSSOBrowserArtifactProfileHandler." + "createSAMLResponse: Fatal error, " + "cannot create status or response:", se);
        }
    }
    if (LogUtil.isAccessLoggable(Level.FINER)) {
        String[] data = { respPrefix, retResponse.toString() };
        LogUtil.access(Level.FINER, LogUtil.CREATE_SAML_RESPONSE, data);
    } else {
        String[] data = { respPrefix, FSUtils.bundle.getString("responseID") + "=" + retResponse.getResponseID() + "," + FSUtils.bundle.getString("inResponseTo") + "=" + retResponse.getInResponseTo() };
        LogUtil.access(Level.INFO, LogUtil.CREATE_SAML_RESPONSE, data);
    }
    return retResponse;
}
Also used : Status(com.sun.identity.saml.protocol.Status) Set(java.util.Set) ArrayList(java.util.ArrayList) Assertion(com.sun.identity.saml.assertion.Assertion) StatusCode(com.sun.identity.saml.protocol.StatusCode) SAMLException(com.sun.identity.saml.common.SAMLException) AssertionArtifact(com.sun.identity.saml.protocol.AssertionArtifact) FSAssertionArtifact(com.sun.identity.federation.message.FSAssertionArtifact) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) Conditions(com.sun.identity.saml.assertion.Conditions) FSAssertionManager(com.sun.identity.federation.services.FSAssertionManager) FSResponse(com.sun.identity.federation.message.FSResponse) FSException(com.sun.identity.federation.common.FSException) Iterator(java.util.Iterator) ArrayList(java.util.ArrayList) List(java.util.List)

Example 13 with StatusCode

use of com.sun.identity.saml.protocol.StatusCode in project OpenAM by OpenRock.

the class FSSSOAndFedHandler method processAuthnRequest.

/**
     * Processes authentication request.
     * @param authnRequest authentication request
     * @param bPostAuthn <code>true</code> indicates it's post authentication;
     *  <code>false</code> indicates it's pre authentication.
     */
public void processAuthnRequest(FSAuthnRequest authnRequest, boolean bPostAuthn) {
    FSUtils.debug.message("FSSSOAndFedHandler.processAuthnRequest: Called");
    this.authnRequest = authnRequest;
    String message = null;
    String inResponseTo = authnRequest.getRequestID();
    Status status = null;
    FSAuthnResponse errResponse = null;
    spEntityId = authnRequest.getProviderId();
    try {
        spDescriptor = metaManager.getSPDescriptor(realm, spEntityId);
        spConfig = metaManager.getSPDescriptorConfig(realm, spEntityId);
        if (!metaManager.isTrustedProvider(realm, hostedEntityId, spEntityId)) {
            FSUtils.debug.error("FSSSOAndFedHandler.processAuthnRequest: " + "RemoteProvider is not trusted");
            message = FSUtils.bundle.getString("AuthnRequestProcessingFailed");
            status = new Status(new StatusCode("samlp:Responder"), message, null);
            errResponse = new FSAuthnResponse(null, inResponseTo, status, null, relayState);
            errResponse.setMinorVersion(authnRequest.getMinorVersion());
            sendAuthnResponse(errResponse);
            return;
        }
        if (bPostAuthn) {
            if (processPostAuthnSSO(authnRequest)) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler." + "processAuthnRequest: AuthnRequest Processing " + "successful");
                }
                return;
            } else {
                if (FSUtils.debug.warningEnabled()) {
                    FSUtils.debug.warning("FSSSOAndFedHandler.processAuthnRequest: " + "AuthnRequest Processing failed");
                }
                message = FSUtils.bundle.getString("AuthnRequestProcessingFailed");
                if (noFedStatus != null) {
                    status = noFedStatus;
                } else {
                    status = new Status(new StatusCode("samlp:Responder"), message, null);
                }
                errResponse = new FSAuthnResponse(null, inResponseTo, status, null, relayState);
                errResponse.setMinorVersion(authnRequest.getMinorVersion());
                sendAuthnResponse(errResponse);
                return;
            }
        } else {
            boolean authnRequestSigned = spDescriptor.isAuthnRequestsSigned();
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.processAuthnRequest: " + "ProviderID : " + spEntityId + " AuthnRequestSigned :this is for testing " + authnRequestSigned);
            }
            if (FSServiceUtils.isSigningOn()) {
                if (authnRequestSigned) {
                    //verify request signature
                    if (!verifyRequestSignature(authnRequest)) {
                        FSUtils.debug.error("FSSSOAndFedHandler." + "processAuthnRequest: " + "AuthnRequest Signature Verification Failed");
                        message = FSUtils.bundle.getString("signatureVerificationFailed");
                        String[] data = { message };
                        LogUtil.error(Level.INFO, LogUtil.SIGNATURE_VERIFICATION_FAILED, data, ssoToken);
                        status = new Status(new StatusCode("samlp:Responder", new StatusCode("lib:UnsignedAuthnRequest", null)), message, null);
                        errResponse = new FSAuthnResponse(null, inResponseTo, status, null, relayState);
                        errResponse.setMinorVersion(authnRequest.getMinorVersion());
                        sendAuthnResponse(errResponse);
                        return;
                    } else {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler. processAuthnRequest" + ": AuthnRequest Signature Verified");
                        }
                    }
                }
            }
            if (processPreAuthnSSO(authnRequest)) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.processAuthnRequest: " + "AuthnRequest Processing successful");
                }
                return;
            } else {
                if (FSUtils.debug.warningEnabled()) {
                    FSUtils.debug.warning("FSSSOAndFedHandler.processAuthnRequest: " + "AuthnRequest Processing failed");
                }
                String[] data = { FSUtils.bundle.getString("AuthnRequestProcessingFailed") };
                LogUtil.error(Level.INFO, LogUtil.AUTHN_REQUEST_PROCESSING_FAILED, data, ssoToken);
                message = FSUtils.bundle.getString("AuthnRequestProcessingFailed");
                status = new Status(new StatusCode("samlp:Responder"), message, null);
                if (noFedStatus != null) {
                    status = noFedStatus;
                }
                errResponse = new FSAuthnResponse(null, inResponseTo, status, null, relayState);
                errResponse.setMinorVersion(authnRequest.getMinorVersion());
                sendAuthnResponse(errResponse);
                return;
            }
        }
    } catch (Exception e) {
        ByteArrayOutputStream out = new ByteArrayOutputStream();
        e.printStackTrace(new PrintStream(out));
        FSUtils.debug.error("FSSSOAndFedHandler.processAuthnRequest: " + "Exception Occured: " + e.getMessage() + "Stack trace is " + out.toString());
        message = FSUtils.bundle.getString("AuthnRequestProcessingFailed");
        try {
            status = new Status(new StatusCode("samlp:Responder"), message, null);
            errResponse = new FSAuthnResponse(null, inResponseTo, status, null, relayState);
            errResponse.setMinorVersion(authnRequest.getMinorVersion());
            sendAuthnResponse(errResponse);
        } catch (Exception ex) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.processAuthnRequest: " + "Exception Occured: ", ex);
            }
        }
    }
}
Also used : Status(com.sun.identity.saml.protocol.Status) PrintStream(java.io.PrintStream) FSAuthnResponse(com.sun.identity.federation.message.FSAuthnResponse) ByteArrayOutputStream(java.io.ByteArrayOutputStream) StatusCode(com.sun.identity.saml.protocol.StatusCode) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) FSRedirectException(com.sun.identity.federation.common.FSRedirectException)

Example 14 with StatusCode

use of com.sun.identity.saml.protocol.StatusCode in project OpenAM by OpenRock.

the class SAMLSOAPReceiver method extractProcessRequest.

/**
     * Extracts the Request object from the SOAPMessage return corresponding
     * response.
     */
private Response extractProcessRequest(HttpServletRequest servletReq, org.w3c.dom.Element body, Set partnerSourceID) {
    Response retResponse = null;
    String respID = SAMLUtils.generateID();
    String inResponseTo = null;
    List contents = new ArrayList();
    String message = null;
    Status status;
    String remoteAddr = ClientUtils.getClientIPAddress(servletReq);
    String recipient = remoteAddr;
    String invalidRespPrefix = SAMLUtils.bundle.getString("invalidRequestLogMessage") + " " + remoteAddr + ": ";
    String respPrefix = SAMLUtils.bundle.getString("responseLogMessage") + " " + remoteAddr + ": ";
    NodeList nl = body.getElementsByTagNameNS(sc.PROTOCOL_NAMESPACE_URI, "Request");
    int length = nl.getLength();
    if (length == 0) {
        SAMLUtils.debug.error("SOAPReceiver: Body does not have a Request");
        message = SAMLUtils.bundle.getString("missingRequest");
        try {
            status = new Status(new StatusCode("samlp:Requester"), message, null);
            retResponse = new Response(respID, inResponseTo, status, recipient, contents);
        } catch (SAMLException se) {
            SAMLUtils.debug.error("SOAPReceiver:Fatal error, cannot " + "create status or response:" + se.getMessage());
        }
        String[] data = { invalidRespPrefix, retResponse.toString() };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
        return retResponse;
    }
    boolean foundRequest = false;
    Request req = null;
    for (int i = 0; i < length; i++) {
        Node child = (Node) nl.item(i);
        if (child.getNodeType() != Node.ELEMENT_NODE) {
            continue;
        }
        if (child.getLocalName().equals("Request")) {
            try {
                req = new Request((Element) child);
                SAMLUtils.debug.message("found request ");
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message(" Received Request:" + req.toString());
                }
                String[] data = { SAMLUtils.bundle.getString("requestLogMessage") + " " + remoteAddr, req.toString() };
                LogUtils.access(java.util.logging.Level.FINE, LogUtils.SOAP_REQUEST_MESSAGE, data);
                inResponseTo = req.getRequestID();
                foundRequest = true;
                break;
            } catch (SAMLRequesterException ss) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("SOAPReceiver:setting " + "status to samlp:Requester" + " " + ss.getMessage());
                }
                message = new String(ss.getMessage());
                try {
                    status = new Status(new StatusCode("samlp:Requester"), message, null);
                    retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                } catch (SAMLException se) {
                    SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
                }
                String[] data = { invalidRespPrefix, retResponse.toString() };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
                return retResponse;
            } catch (SAMLRequestVersionTooHighException sv) {
                String mesg = new String(sv.getMessage());
                StringTokenizer tok1 = new StringTokenizer(mesg, "|");
                inResponseTo = tok1.nextToken();
                message = tok1.nextToken();
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("SOAPReceiver:setting " + "status to samlp:VersionMismatch" + " " + message);
                }
                try {
                    status = new Status(new StatusCode("samlp:RequestVersionTooHigh"), message, null);
                    retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                } catch (SAMLException se) {
                    SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
                }
                String[] data = { invalidRespPrefix, retResponse.toString() };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
                return retResponse;
            } catch (SAMLRequestVersionTooLowException sv) {
                String mesg = new String(sv.getMessage());
                StringTokenizer tok1 = new StringTokenizer(mesg, "|");
                inResponseTo = tok1.nextToken();
                message = tok1.nextToken();
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("SOAPReceiver:setting " + "status to samlp:VersionMismatch" + " " + message);
                }
                try {
                    status = new Status(new StatusCode("samlp:RequestVersionTooLow"), message, null);
                    retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                } catch (SAMLException se) {
                    SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
                }
                String[] data = { invalidRespPrefix, retResponse.toString() };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
                return retResponse;
            } catch (Exception e) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("SOAPReceiver:setting " + "status to samlp:Responder" + " " + e.getMessage());
                }
                message = new String(e.getMessage());
                try {
                    status = new Status(new StatusCode("samlp:Responder"), message, null);
                    retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                } catch (SAMLException se) {
                    SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
                }
                String[] data = { invalidRespPrefix, retResponse.toString() };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
                return retResponse;
            }
        }
    }
    if (!(foundRequest)) {
        SAMLUtils.debug.error("SOAPReceiver: Body does not have a Request");
        message = SAMLUtils.bundle.getString("missingRequest");
        try {
            status = new Status(new StatusCode("samlp:Requester"), message, null);
            retResponse = new Response(respID, inResponseTo, status, recipient, contents);
        } catch (SAMLException se) {
            SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response:" + se.getMessage());
        }
        String[] data = { invalidRespPrefix, retResponse.toString() };
        LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_REQUEST, data);
        return retResponse;
    } else {
        // found request now process it
        if (!req.isSignatureValid()) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("SOAPReceiver: couldn't verify " + "the signature on Request.");
            }
            message = SAMLUtils.bundle.getString("cannotVerifyRequest");
            try {
                status = new Status(new StatusCode("samlp:Requester"), message, null);
                retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
            } catch (SAMLException se) {
                SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
            }
            String[] data = { respPrefix, retResponse.toString() };
            LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
            return retResponse;
        }
        int reqType = req.getContentType();
        if (reqType == Request.NOT_SUPPORTED) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("SOAPReceiver:Found " + "element in the request which are not supported");
            }
            message = SAMLUtils.bundle.getString("unsupportedElement");
            try {
                status = new Status(new StatusCode("samlp:Responder"), message, null);
                retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
            } catch (SAMLException se) {
                SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
            }
            String[] data = { respPrefix, retResponse.toString() };
            LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
            return retResponse;
        }
        List respondWith = req.getRespondWith();
        if (!parseRespondWith(respondWith)) {
            SAMLUtils.debug.error("SOAPReceiver:Supported statements " + "are not present in the RespondWith element.");
            message = SAMLUtils.bundle.getString("unsupportedStatement");
            try {
                status = new Status(new StatusCode("samlp:Responder"), message, null);
                retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
            } catch (SAMLException se) {
                SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
            }
            String[] data = { respPrefix, retResponse.toString() };
            LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
            return retResponse;
        }
        AssertionManager am = null;
        try {
            am = AssertionManager.getInstance();
        } catch (SAMLException se) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("SOAPReceiver: Cannot" + " instantiate AssertionManager");
            }
            message = se.getMessage();
            try {
                status = new Status(new StatusCode("samlp:Responder"), message, null);
                retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
            } catch (SAMLException sse) {
                SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", sse);
                String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
            }
            String[] data = { respPrefix, retResponse.toString() };
            LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
            return retResponse;
        }
        List artifacts = null;
        List assertions = new ArrayList();
        if (reqType == Request.ASSERTION_ARTIFACT) {
            artifacts = req.getAssertionArtifact();
            length = artifacts.size();
            // ensure that all the artifacts have this site's sourceID
            for (int j = 0; j < length; j++) {
                AssertionArtifact art = (AssertionArtifact) artifacts.get(j);
                if (!isThisSiteID(art.getSourceID())) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("SOAPReceiver:Artifact" + " has invalid SourceID");
                    }
                    message = SAMLUtils.bundle.getString("mismatchSourceID");
                    try {
                        status = new Status(new StatusCode("samlp:Requester"), message, null);
                        retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                        retResponse.setMajorVersion(req.getMajorVersion());
                        retResponse.setMinorVersion(req.getMinorVersion());
                    } catch (SAMLException ex) {
                        SAMLUtils.debug.error("SOAPReceiver:" + "Fatal error, " + "cannot create status or response", ex);
                        String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                        LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
                    }
                    String[] data = { respPrefix, retResponse.toString() };
                    LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
                    return retResponse;
                }
            }
            // for loop to go through artifacts to check for sourceID
            for (int i = 0; i < length; i++) {
                AssertionArtifact artifact = (AssertionArtifact) artifacts.get(i);
                Assertion assertion = null;
                try {
                    assertion = am.getAssertion(artifact, partnerSourceID);
                } catch (SAMLException se) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("SOAPReceiver:" + " could not find matching assertion");
                    }
                    message = se.getMessage();
                    try {
                        status = new Status(new StatusCode("samlp:Success"), message, null);
                        retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                        retResponse.setMajorVersion(req.getMajorVersion());
                        retResponse.setMinorVersion(req.getMinorVersion());
                    } catch (SAMLException sse) {
                        SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", sse);
                        String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                        LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
                    }
                    String[] data = { respPrefix, retResponse.toString() };
                    LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
                    return retResponse;
                }
                if (assertion != null) {
                    assertions.add(i, assertion);
                }
            }
        } else if (reqType == Request.ASSERTION_ID_REFERENCE) {
            List assertionIdRefs = req.getAssertionIDReference();
            length = assertionIdRefs.size();
            for (int i = 0; i < length; i++) {
                AssertionIDReference aidRef = (AssertionIDReference) assertionIdRefs.get(i);
                Assertion assertion = null;
                try {
                    assertion = am.getAssertion(aidRef, partnerSourceID);
                } catch (SAMLException se) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("SOAPReceiver:" + " could not find matching assertion");
                    }
                    message = se.getMessage();
                    try {
                        status = new Status(new StatusCode("samlp:Success"), message, null);
                        retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                        retResponse.setMajorVersion(req.getMajorVersion());
                        retResponse.setMinorVersion(req.getMinorVersion());
                    } catch (SAMLException sse) {
                        SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", sse);
                        String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                        LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
                    }
                    String[] data = { respPrefix, retResponse.toString() };
                    LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
                    return retResponse;
                }
                if (assertion != null) {
                    assertions.add(i, assertion);
                }
            }
        } else if ((reqType == Request.AUTHENTICATION_QUERY) || (reqType == Request.AUTHORIZATION_DECISION_QUERY) || (reqType == Request.ATTRIBUTE_QUERY)) {
            Query query = req.getQuery();
            if (query != null) {
                Assertion assertion = null;
                try {
                    // if we come here, partnerSourceID is not empty
                    // always pass the first matching sourceID in
                    // need to find solution to handle multiple matches:TBD
                    assertion = am.getAssertion(query, (String) ((Iterator) partnerSourceID.iterator()).next());
                } catch (SAMLException se) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("SOAPReceiver:" + " could not find matching assertion");
                    }
                    message = se.getMessage();
                    try {
                        status = new Status(new StatusCode("samlp:Success"), message, null);
                        retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                        retResponse.setMajorVersion(req.getMajorVersion());
                        retResponse.setMinorVersion(req.getMinorVersion());
                    } catch (SAMLException sse) {
                        SAMLUtils.debug.error("SOAPReceiver:Fatal " + " error, cannot create status or " + " response", sse);
                        String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                        LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
                    }
                    String[] data = { respPrefix, retResponse.toString() };
                    LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
                    return retResponse;
                }
                if (assertion != null) {
                    assertions.add(assertion);
                }
            }
        } else {
            //
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("SOAPReceiver:Request " + "contents has element which is not supported at this" + " time");
            }
            message = SAMLUtils.bundle.getString("unsupportedElement");
            try {
                status = new Status(new StatusCode("samlp:Responder"), message, null);
                retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
            } catch (SAMLException se) {
                SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
            }
            String[] data = { respPrefix, retResponse.toString() };
            LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
            return retResponse;
        }
        int assertionSize = assertions.size();
        if (SAMLUtils.debug.messageEnabled()) {
            SAMLUtils.debug.message("found " + assertionSize + " assertions.");
        }
        // Request received. 
        for (int i = 0; i < assertionSize; i++) {
            Response resp = validateStatements((Assertion) assertions.get(i), respondWith, contents, i, respID, inResponseTo, recipient);
            if (resp != null) {
                String[] data = { respPrefix, retResponse.toString() };
                LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
                return resp;
            }
        // else there was no mismatch with respondWith element
        }
        if (reqType == Request.ASSERTION_ARTIFACT) {
            if (contents.size() == artifacts.size()) {
                message = null;
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("SOAPReceiver: Matching " + "Assertion found");
                }
                try {
                    status = new Status(new StatusCode("samlp:Success"), message, null);
                    retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                    retResponse.setMajorVersion(req.getMajorVersion());
                    retResponse.setMinorVersion(req.getMinorVersion());
                } catch (SAMLException se) {
                    SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                    String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                    LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
                }
                String[] data = { respPrefix, retResponse.toString() };
                LogUtils.access(java.util.logging.Level.FINE, LogUtils.SENDING_RESPONSE, data);
                return retResponse;
            } else {
                message = SAMLUtils.bundle.getString("unequalMatch");
                try {
                    status = new Status(new StatusCode("samlp:Success"), message, null);
                    //contents = null;
                    retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                    retResponse.setMajorVersion(req.getMajorVersion());
                    retResponse.setMinorVersion(req.getMinorVersion());
                } catch (SAMLException se) {
                    SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                    String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                    LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
                }
                String[] data = { respPrefix, retResponse.toString() };
                LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
                return retResponse;
            }
        } else {
            // build response for all the other type of request
            try {
                status = new Status(new StatusCode("samlp:Success"), message, null);
                retResponse = new Response(respID, inResponseTo, status, recipient, contents);
                retResponse.setMajorVersion(req.getMajorVersion());
                retResponse.setMinorVersion(req.getMinorVersion());
            } catch (SAMLException se) {
                SAMLUtils.debug.error("SOAPReceiver:Fatal error, " + "cannot create status or response", se);
                String[] data = { SAMLUtils.bundle.getString("cannotBuildResponse") };
                LogUtils.error(java.util.logging.Level.INFO, LogUtils.BUILD_RESPONSE_ERROR, data);
            }
        }
    }
    // end of else found request
    if (LogUtils.isAccessLoggable(java.util.logging.Level.FINER)) {
        String[] data = { respPrefix, retResponse.toString() };
        LogUtils.access(java.util.logging.Level.FINER, LogUtils.SENDING_RESPONSE, data);
    } else {
        String[] data = { respPrefix, retResponse.getResponseID() };
        LogUtils.access(java.util.logging.Level.INFO, LogUtils.SENDING_RESPONSE, data);
    }
    return retResponse;
}
Also used : Status(com.sun.identity.saml.protocol.Status) Query(com.sun.identity.saml.protocol.Query) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) SOAPElement(javax.xml.soap.SOAPElement) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) Request(com.sun.identity.saml.protocol.Request) HttpServletRequest(javax.servlet.http.HttpServletRequest) Assertion(com.sun.identity.saml.assertion.Assertion) SAMLRequesterException(com.sun.identity.saml.common.SAMLRequesterException) StatusCode(com.sun.identity.saml.protocol.StatusCode) SAMLException(com.sun.identity.saml.common.SAMLException) ServletException(javax.servlet.ServletException) SOAPException(javax.xml.soap.SOAPException) SAMLRequestVersionTooHighException(com.sun.identity.saml.common.SAMLRequestVersionTooHighException) SAMLRequesterException(com.sun.identity.saml.common.SAMLRequesterException) SAMLRequestVersionTooLowException(com.sun.identity.saml.common.SAMLRequestVersionTooLowException) SAMLException(com.sun.identity.saml.common.SAMLException) AssertionArtifact(com.sun.identity.saml.protocol.AssertionArtifact) Response(com.sun.identity.saml.protocol.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) StringTokenizer(java.util.StringTokenizer) AssertionManager(com.sun.identity.saml.AssertionManager) SAMLRequestVersionTooLowException(com.sun.identity.saml.common.SAMLRequestVersionTooLowException) SAMLRequestVersionTooHighException(com.sun.identity.saml.common.SAMLRequestVersionTooHighException) List(java.util.List) ArrayList(java.util.ArrayList) NodeList(org.w3c.dom.NodeList) AssertionIDReference(com.sun.identity.saml.assertion.AssertionIDReference)

Example 15 with StatusCode

use of com.sun.identity.saml.protocol.StatusCode in project OpenAM by OpenRock.

the class FSNameRegistrationResponse method parseURLEncodedRequest.

/**
     * Returns <code>FSNameRegistrationLogoutResponse</code> object. The
     * object is creating by parsing the <code>HttpServletRequest</code>
     * object.
     *
     * @param request the <code>HttpServletRequest</code> object.
     * @throws FSMsgException if there is an error
     *         creating this object.
     */
public static FSNameRegistrationResponse parseURLEncodedRequest(HttpServletRequest request) throws FSMsgException, SAMLException {
    FSNameRegistrationResponse retNameRegistrationResponse = new FSNameRegistrationResponse();
    try {
        FSUtils.debug.message("checking minor version");
        retNameRegistrationResponse.majorVersion = Integer.parseInt(request.getParameter("MajorVersion"));
        retNameRegistrationResponse.minorVersion = Integer.parseInt(request.getParameter("MinorVersion"));
    } catch (NumberFormatException ex) {
        FSUtils.debug.error("FSNameRegistrationResponse.parseURL" + "EncodedRequest: version parsing error:" + ex);
        throw new FSMsgException("invalidNumber", null);
    }
    if (request.getParameter("ResponseID") != null) {
        retNameRegistrationResponse.responseID = request.getParameter("ResponseID");
    } else {
        FSUtils.debug.error("FSNameRegistrationResponse.parseURL" + "EncodedRequest: Response ID is null");
        String[] args = { IFSConstants.RESPONSE_ID };
        throw new FSMsgException("missingAttribute", args);
    }
    String instantString = request.getParameter("IssueInstant");
    if (instantString == null || instantString.length() == 0) {
        FSUtils.debug.error("FSNameRegistrationResponse.parseURL" + "EncodedRequest: Issue Instant is null");
        String[] args = { IFSConstants.ISSUE_INSTANT };
        throw new FSMsgException("missingAttribute", args);
    }
    try {
        retNameRegistrationResponse.issueInstant = DateUtils.stringToDate(instantString);
    } catch (ParseException e) {
        FSUtils.debug.error("FSNameRegistrationResponse.parseURL" + "EncodedRequest: Can not parse Issue Instant", e);
        throw new FSMsgException("parseError", null);
    }
    if (request.getParameter("ProviderID") != null) {
        retNameRegistrationResponse.providerId = request.getParameter("ProviderID");
    } else {
        FSUtils.debug.error("FSNameRegistrationResponse.parseURL" + "EncodedRequest: Provider ID is null ");
        throw new FSMsgException("missingElement", null);
    }
    if (request.getParameter("RelayState") != null) {
        retNameRegistrationResponse.relayState = request.getParameter("RelayState");
    }
    if (request.getParameter("InResponseTo") != null) {
        retNameRegistrationResponse.inResponseTo = request.getParameter("InResponseTo");
    }
    if (request.getParameter("Value") != null) {
        FSUtils.debug.message("Status : " + request.getParameter("Value"));
        StatusCode statusCode = new StatusCode(request.getParameter("Value"));
        retNameRegistrationResponse.status = new Status(statusCode);
    } else {
        FSUtils.debug.error("FSNameRegistrationResponse.parseURL" + "EncodedRequest: Status Value is  null ");
        throw new FSMsgException("missingElement", null);
    }
    FSUtils.debug.message("Returning registration response Object");
    return retNameRegistrationResponse;
}
Also used : Status(com.sun.identity.saml.protocol.Status) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) ParseException(java.text.ParseException) StatusCode(com.sun.identity.saml.protocol.StatusCode)

Aggregations

Status (com.sun.identity.saml.protocol.Status)16 StatusCode (com.sun.identity.saml.protocol.StatusCode)16 SAMLException (com.sun.identity.saml.common.SAMLException)13 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)7 SessionException (com.sun.identity.plugin.session.SessionException)7 IOException (java.io.IOException)7 FSException (com.sun.identity.federation.common.FSException)6 ArrayList (java.util.ArrayList)5 List (java.util.List)5 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)4 SessionProvider (com.sun.identity.plugin.session.SessionProvider)4 ParseException (java.text.ParseException)4 ServletException (javax.servlet.ServletException)4 FSAccountMgmtException (com.sun.identity.federation.accountmgmt.FSAccountMgmtException)3 FSRedirectException (com.sun.identity.federation.common.FSRedirectException)3 FSAuthnResponse (com.sun.identity.federation.message.FSAuthnResponse)3 Assertion (com.sun.identity.saml.assertion.Assertion)3 SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)3 Response (com.sun.identity.saml.protocol.Response)3 HttpServletResponse (javax.servlet.http.HttpServletResponse)3