Examples with NameIDInfo com.sun.identity.saml2.common.NameIDInfo used on opensource projects

Example 16 with NameIDInfo

use of com.sun.identity.saml2.common.NameIDInfo in project OpenAM by OpenRock.

the class SAML2 method linkAccount.

/**
     * Links SAML2 accounts once all local auth steps have completed and we have a local principalId,
     * sets the local principal to a new SAML2Pricipal with that ID.
     */
private void linkAccount(final String principalId, final NameID nameId) throws SAML2MetaException, AuthenticationException {
    final String spEntityId = metaManager.getEntityByMetaAlias(metaAlias);
    try {
        NameIDInfo info = new NameIDInfo(spEntityId, entityName, nameId, SAML2Constants.SP_ROLE, false);
        DEBUG.message("SAML2 :: Local User {} Linked to Federation Account - {}", principalId, nameId.getValue());
        if (shouldPersistNameID(spEntityId)) {
            AccountUtils.setAccountFederation(info, principalId);
        }
        principal = new SAML2Principal(principalId);
    } catch (SAML2Exception e) {
        // exception logged later
        throw new AuthenticationException(BUNDLE_NAME, "localLinkError", new Object[0]);
    }
}

Example 17 with NameIDInfo

use of com.sun.identity.saml2.common.NameIDInfo in project OpenAM by OpenRock.

the class SAML2 method handleReturnFromRedirect.

/**
     * Once we're back from the ACS, we need to validate that we have not errored during the proxying process.
     * Then we detect if we need to perform a local linking authentication chain, or if the user is already
     * locally linked, we need to look up the already-linked username.
     */
private int handleReturnFromRedirect(final int state, final HttpServletRequest request, final String spName, final HttpServletResponse response) throws AuthLoginException {
    //first make sure to delete the cookie
    removeCookiesForRedirects(request, response);
    if (Boolean.parseBoolean(request.getParameter(SAML2Proxy.ERROR_PARAM_KEY))) {
        return handleRedirectError(request);
    }
    final String key;
    if (request.getParameter("jsonContent") != null) {
        key = JsonValueBuilder.toJsonValue(request.getParameter("jsonContent")).get("responsekey").asString();
    } else {
        key = request.getParameter(SAML2Proxy.RESPONSE_KEY);
    }
    final String username;
    SAML2ResponseData data = null;
    if (!StringUtils.isBlank(key)) {
        data = (SAML2ResponseData) SAML2Store.getTokenFromStore(key);
    }
    if (data == null && SAML2FailoverUtils.isSAML2FailoverEnabled() && !StringUtils.isBlank(key)) {
        try {
            data = (SAML2ResponseData) SAML2FailoverUtils.retrieveSAML2Token(key);
        } catch (SAML2TokenRepositoryException e) {
            return processError(bundle.getString("samlFailoverError"), "SAML2.handleReturnFromRedirect : Error reading from failover map.", e);
        }
    }
    if (data == null) {
        return processError(bundle.getString("localLinkError"), "SAML2 :: handleReturnFromRedirect() : " + "Unable to perform local linking - response data key not found");
    }
    storageKey = key;
    assertionSubject = data.getSubject();
    authnAssertion = data.getAssertion();
    sessionIndex = data.getSessionIndex();
    respInfo = data.getResponseInfo();
    try {
        //you're already linked or we auto looked up user
        username = SPACSUtils.getPrincipalWithoutLogin(assertionSubject, authnAssertion, realm, spName, metaManager, entityName, storageKey);
        if (SAML2PluginsUtils.isDynamicProfile(realm)) {
            String spEntityId = SPSSOFederate.getSPEntityId(metaAlias);
            if (shouldPersistNameID(spEntityId)) {
                NameIDInfo info = new NameIDInfo(spEntityId, entityName, getNameId(), SAML2Constants.SP_ROLE, false);
                setUserAttributes(AccountUtils.convertToAttributes(info, null));
            }
        }
        if (username != null) {
            principal = new SAML2Principal(username);
            return success(authnAssertion, getNameId(), username);
        }
    } catch (SAML2Exception e) {
        return processError(e, null, "SAML2.handleReturnFromRedirect : Unable to perform user lookup.");
    }
    if (StringUtils.isBlank(localChain)) {
        return processError(bundle.getString("localLinkError"), "SAML2 :: handleReturnFromRedirect() : " + "Unable to perform local linking - local auth chain not found.");
    }
    //generate a sub-login context, owned by this module, and start login sequence to it
    authenticationContext = new AuthContext(realm);
    authenticationContext.login(AuthContext.IndexType.SERVICE, localChain, null, null, null, null);
    return injectCallbacks(null, state);
}

Example 18 with NameIDInfo

use of com.sun.identity.saml2.common.NameIDInfo in project OpenAM by OpenRock.

the class SAML2PostAuthenticationPlugin method onLoginSuccess.

/**
     * If enabled, performs the first-stage of SLO - by recording the currently logged in user.
     * The information relating to a remote user is stored alongside their local information, and upon
     * active-logout is used to trigger a call to the IdP requesting their logout.
     *
     * @param requestParamsMap map containing <code>HttpServletRequest</code>
     *        parameters
     * @param request <code>HttpServletRequest</code> object.
     * @param response <code>HttpServletResponse</code> object.
     * @param ssoToken authenticated user's single sign token.
     */
@Override
public void onLoginSuccess(Map requestParamsMap, HttpServletRequest request, HttpServletResponse response, SSOToken ssoToken) {
    try {
        final String metaAlias = ssoToken.getProperty(SAML2Constants.METAALIAS);
        final String sessionIndex = ssoToken.getProperty(SAML2Constants.SESSION_INDEX);
        final String spEntityId = ssoToken.getProperty(SAML2Constants.SPENTITYID);
        final String idpEntityId = ssoToken.getProperty(SAML2Constants.IDPENTITYID);
        final String nameIdXML = ssoToken.getProperty(SAML2Constants.NAMEID);
        final NameID nameId = new NameIDImplWithoutSPNameQualifier(nameIdXML);
        final boolean isTransient = Boolean.parseBoolean(ssoToken.getProperty(Constants.IS_TRANSIENT));
        final String requestId = ssoToken.getProperty(Constants.REQUEST_ID);
        final SessionProvider sessionProvider = SessionManager.getProvider();
        final NameIDInfo info = new NameIDInfo(spEntityId, idpEntityId, nameId, SAML2Constants.SP_ROLE, false);
        final String ssOutEnabled = ssoToken.getProperty(SAML2Constants.SINGLE_LOGOUT);
        final String cacheKey = ssoToken.getProperty(Constants.CACHE_KEY);
        final String realm = DNMapper.orgNameToRealmName(ssoToken.getProperty(com.sun.identity.shared.Constants.ORGANIZATION));
        SAML2ResponseData data = (SAML2ResponseData) SAML2Store.getTokenFromStore(cacheKey);
        if (data == null && SAML2FailoverUtils.isSAML2FailoverEnabled()) {
            data = (SAML2ResponseData) SAML2FailoverUtils.retrieveSAML2Token(cacheKey);
        }
        if (data == null) {
            throw new SAML2Exception("Unable to retrieve response map from data cache.");
        }
        if (Boolean.parseBoolean(ssOutEnabled)) {
            setupSingleLogOut(ssoToken, metaAlias, sessionIndex, spEntityId, idpEntityId, nameId);
        }
        configureIdpInitSLO(sessionProvider, ssoToken, sessionIndex, metaAlias, info, isTransient, requestId);
        configurePostSSO(spEntityId, realm, request, response, ssoToken, sessionProvider, data.getResponseInfo(), cacheKey);
        clearSession(ssoToken);
    } catch (SAML2Exception | SessionException | SSOException | SAML2TokenRepositoryException e) {
        //debug warning and fall through
        DEBUG.warning("Error saving SAML assertion information in memory. SLO not configured for this session.", e);
    }
}