Search in sources :

Example 6 with Assertion

use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.

the class SAML2TokenGenerationImpl method setVersionAndId.

private void setVersionAndId(Assertion assertion) throws TokenCreationException {
    try {
        assertion.setVersion("2.0");
        assertion.setID(SAML2SDKUtils.generateID());
    } catch (SAML2Exception e) {
        throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught setting version and/or id in SAML2TokenGenerationImpl: " + e, e);
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) TokenCreationException(org.forgerock.openam.sts.TokenCreationException)

Example 7 with Assertion

use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.

the class SPACSUtils method getSAMLAttributes.

/**
     * Gets the attributes from an assert's AttributeStates.
     *
     * @param assertion The assertion from which to pull the AttributeStates.
     * @param needAttributeEncrypted Whether attributes must be encrypted (or else rejected).
     * @param privateKeys Private keys used to decrypt those encrypted attributes.
     * @return a list of attributes pulled from the provided assertion.
     */
public static List<Attribute> getSAMLAttributes(Assertion assertion, boolean needAttributeEncrypted, Set<PrivateKey> privateKeys) {
    List<Attribute> attrList = null;
    if (assertion != null) {
        List<AttributeStatement> statements = assertion.getAttributeStatements();
        if (CollectionUtils.isNotEmpty(statements)) {
            for (AttributeStatement statement : statements) {
                List<Attribute> attributes = statement.getAttribute();
                if (needAttributeEncrypted && attributes != null && !attributes.isEmpty()) {
                    SAML2Utils.debug.error("Attribute not encrypted.");
                    return null;
                }
                if (attributes != null) {
                    if (attrList == null) {
                        attrList = new ArrayList<>();
                    }
                    attrList.addAll(attributes);
                }
                List<EncryptedAttribute> encAttrs = statement.getEncryptedAttribute();
                if (encAttrs != null) {
                    for (EncryptedAttribute encAttr : encAttrs) {
                        if (attrList == null) {
                            attrList = new ArrayList<>();
                        }
                        try {
                            attrList.add((encAttr).decrypt(privateKeys));
                        } catch (SAML2Exception se) {
                            SAML2Utils.debug.error("Decryption error:", se);
                            return null;
                        }
                    }
                }
            }
        }
    }
    return attrList;
}
Also used : EncryptedAttribute(com.sun.identity.saml2.assertion.EncryptedAttribute) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Attribute(com.sun.identity.saml2.assertion.Attribute) EncryptedAttribute(com.sun.identity.saml2.assertion.EncryptedAttribute) AttributeStatement(com.sun.identity.saml2.assertion.AttributeStatement)

Example 8 with Assertion

use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.

the class SPACSUtils method setDiscoBootstrapCredsInSSOToken.

/** Sets Discovery bootstrap credentials in the SSOToken
     *
     *  @param sessionProvider session provider.
     *  @param assertion assertion.
     *  @param session the valid session object.
     */
private static void setDiscoBootstrapCredsInSSOToken(SessionProvider sessionProvider, Assertion assertion, Object session) throws SessionException {
    if (assertion == null) {
        return;
    }
    Set discoBootstrapCreds = null;
    Advice advice = assertion.getAdvice();
    if (advice != null) {
        List creds = advice.getAdditionalInfo();
        if ((creds != null) && !creds.isEmpty()) {
            if (discoBootstrapCreds == null) {
                discoBootstrapCreds = new HashSet();
            }
            discoBootstrapCreds.addAll(creds);
        }
    }
    if (discoBootstrapCreds != null) {
        sessionProvider.setProperty(session, SAML2Constants.DISCOVERY_BOOTSTRAP_CREDENTIALS, (String[]) discoBootstrapCreds.toArray(new String[discoBootstrapCreds.size()]));
    }
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) List(java.util.List) ArrayList(java.util.ArrayList) Advice(com.sun.identity.saml2.assertion.Advice) HashSet(java.util.HashSet)

Example 9 with Assertion

use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.

the class SPACSUtils method processResponseForFedlet.

/**
     * Processes response from Identity Provider to Fedlet (SP).
     * This will do all required protocol processing, include signature,
     * issuer and audience validation etc. A map containing processing
     * result will be returned. <br>
     * Here is a list of keys and values for the returned map: <br>
     * SAML2Constants.ATTRIBUTE_MAP -- Attribute map containing all attributes
     *                                 passed down from IDP inside the 
     *                                 Assertion. The value is a 
     *                                 <code>java.util.Map</code> whose keys 
     *                                 are attribute names and values are 
     *                                 <code>java.util.Set</code> of string 
     *                                 values for the attributes. <br>
     * SAML2Constants.RELAY_STATE -- Relay state, value is a string <br>
     * SAML2Constants.IDPENTITYID -- IDP entity ID, value is a string<br>
     * SAML2Constants.RESPONSE    -- Response object, value is an instance of 
     *                               com.sun.identity.saml2.protocol.Response
     * SAML2Constants.ASSERTION   -- Assertion object, value is an instance of 
     *                               com.sun.identity.saml2.assertion.Assertion
     * SAML2Constants.SUBJECT     -- Subject object, value is an instance of 
     *                               com.sun.identity.saml2.assertion.Subject
     * SAML2Constants.NAMEID      -- NameID object, value is an instance of 
     *                               com.sun.identity.saml2.assertion.NameID
     *
     * @param request HTTP Servlet request
     * @param response HTTP Servlet response.
     * @param out the print writer for writing out presentation
     *
     * @return <code>Map</code> which holds result of the processing.
     * @throws SAML2Exception if the processing failed due to server error.
     * @throws IOException if the processing failed due to IO error.
     * @throws SessionException if the processing failed due to session error.
     * @throws ServletException if the processing failed due to request error.
     *
     * @supported.api
     */
public static Map processResponseForFedlet(HttpServletRequest request, HttpServletResponse response, PrintWriter out) throws SAML2Exception, IOException, SessionException, ServletException {
    if ((request == null) || (response == null)) {
        throw new ServletException(SAML2SDKUtils.bundle.getString("nullInput"));
    }
    String requestURL = request.getRequestURL().toString();
    SAML2MetaManager metaManager = new SAML2MetaManager();
    if (metaManager == null) {
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("errorMetaManager"));
    }
    String metaAlias = SAML2MetaUtils.getMetaAliasByUri(requestURL);
    if ((metaAlias == null) || (metaAlias.length() == 0)) {
        // Check in case metaAlias has been supplied as a parameter
        metaAlias = request.getParameter(SAML2MetaManager.NAME_META_ALIAS_IN_URI);
        if (metaAlias == null || metaAlias.length() == 0) {
            // pick the first available one
            List spMetaAliases = metaManager.getAllHostedServiceProviderMetaAliases("/");
            if ((spMetaAliases != null) && !spMetaAliases.isEmpty()) {
                // get first one
                metaAlias = (String) spMetaAliases.get(0);
            }
            if ((metaAlias == null) || (metaAlias.length() == 0)) {
                throw new ServletException(SAML2SDKUtils.bundle.getString("nullSPEntityID"));
            }
        }
    }
    String hostEntityId = null;
    try {
        hostEntityId = metaManager.getEntityByMetaAlias(metaAlias);
    } catch (SAML2MetaException sme) {
        SAML2SDKUtils.debug.error("SPACSUtils.processResponseForFedlet", sme);
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("metaDataError"));
    }
    if (hostEntityId == null) {
        // logging?
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("metaDataError"));
    }
    // organization is always root org
    String orgName = "/";
    String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
    SessionProvider sessionProvider = null;
    ResponseInfo respInfo = null;
    try {
        sessionProvider = SessionManager.getProvider();
    } catch (SessionException se) {
        SAML2SDKUtils.debug.error("SPACSUtils.processResponseForFedlet", se);
        throw new SAML2Exception(se);
    }
    respInfo = SPACSUtils.getResponse(request, response, orgName, hostEntityId, metaManager);
    Object newSession = null;
    // Throws a SAML2Exception if the response cannot be validated
    // or contains a non-Success StatusCode, invoking the SPAdapter SPI
    // for taking action on the failed validation.
    // The resulting exception has its redirectionDone flag set if
    // the SPAdapter issued a HTTP redirect.
    newSession = SPACSUtils.processResponse(request, response, out, metaAlias, null, respInfo, orgName, hostEntityId, metaManager, null);
    SAML2SDKUtils.debug.message("SSO SUCCESS");
    String[] redirected = sessionProvider.getProperty(newSession, SAML2Constants.RESPONSE_REDIRECTED);
    if ((redirected != null) && (redirected.length != 0) && redirected[0].equals("true")) {
        SAML2SDKUtils.debug.message("Already redirected in SPAdapter.");
        // response redirected already in SPAdapter
        return createMapForFedlet(respInfo, null, hostEntityId);
    }
    // redirect to relay state
    String finalUrl = SPACSUtils.getRelayState(relayState, orgName, hostEntityId, metaManager);
    String realFinalUrl = finalUrl;
    if (finalUrl != null && finalUrl.length() != 0) {
        try {
            realFinalUrl = sessionProvider.rewriteURL(newSession, finalUrl);
        } catch (SessionException se) {
            SAML2SDKUtils.debug.message("SPACSUtils.processRespForFedlet", se);
            realFinalUrl = finalUrl;
        }
    }
    String redirectUrl = SPACSUtils.getIntermediateURL(orgName, hostEntityId, metaManager);
    String realRedirectUrl = null;
    if (redirectUrl != null && redirectUrl.length() != 0) {
        if (realFinalUrl != null && realFinalUrl.length() != 0) {
            if (redirectUrl.indexOf("?") != -1) {
                redirectUrl += "&goto=";
            } else {
                redirectUrl += "?goto=";
            }
            redirectUrl += URLEncDec.encode(realFinalUrl);
            try {
                realRedirectUrl = sessionProvider.rewriteURL(newSession, redirectUrl);
            } catch (SessionException se) {
                SAML2SDKUtils.debug.message("SPACSUtils.processRespForFedlet: rewriting failed.", se);
                realRedirectUrl = redirectUrl;
            }
        } else {
            realRedirectUrl = redirectUrl;
        }
    } else {
        realRedirectUrl = finalUrl;
    }
    return createMapForFedlet(respInfo, realRedirectUrl, hostEntityId);
}
Also used : ServletException(javax.servlet.ServletException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SessionException(com.sun.identity.plugin.session.SessionException) List(java.util.List) ArrayList(java.util.ArrayList) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 10 with Assertion

use of com.sun.identity.saml2.assertion.Assertion in project OpenAM by OpenRock.

the class SPACSUtils method createMapForFedlet.

private static Map createMapForFedlet(ResponseInfo respInfo, String relayUrl, String hostedEntityId) {
    Map map = new HashMap();
    if (relayUrl != null) {
        map.put(SAML2Constants.RELAY_STATE, relayUrl);
    }
    Response samlResp = respInfo.getResponse();
    map.put(SAML2Constants.RESPONSE, samlResp);
    Assertion assertion = respInfo.getAssertion();
    map.put(SAML2Constants.ASSERTION, assertion);
    map.put(SAML2Constants.SUBJECT, assertion.getSubject());
    map.put(SAML2Constants.IDPENTITYID, assertion.getIssuer().getValue());
    map.put(SAML2Constants.SPENTITYID, hostedEntityId);
    map.put(SAML2Constants.NAMEID, respInfo.getNameId());
    map.put(SAML2Constants.ATTRIBUTE_MAP, respInfo.getAttributeMap());
    map.put(SAML2Constants.SESSION_INDEX, respInfo.getSessionIndex());
    return map;
}
Also used : Response(com.sun.identity.saml2.protocol.Response) ArtifactResponse(com.sun.identity.saml2.protocol.ArtifactResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) HashMap(java.util.HashMap) Assertion(com.sun.identity.saml2.assertion.Assertion) Map(java.util.Map) HashMap(java.util.HashMap)

Aggregations

SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)53 ArrayList (java.util.ArrayList)42 List (java.util.List)42 Assertion (com.sun.identity.saml2.assertion.Assertion)30 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)24 Date (java.util.Date)24 EncryptedAssertion (com.sun.identity.saml2.assertion.EncryptedAssertion)20 Issuer (com.sun.identity.saml2.assertion.Issuer)16 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)16 Response (com.sun.identity.saml2.protocol.Response)16 Iterator (java.util.Iterator)15 HttpServletResponse (javax.servlet.http.HttpServletResponse)13 SessionException (com.sun.identity.plugin.session.SessionException)12 IOException (java.io.IOException)12 SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)11 NameID (com.sun.identity.saml2.assertion.NameID)10 PrivateKey (java.security.PrivateKey)10 AttributeStatement (com.sun.identity.saml2.assertion.AttributeStatement)8 Subject (com.sun.identity.saml2.assertion.Subject)8 SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)8