Examples with SAML2Exception com.sun.identity.saml2.common.SAML2Exception used on opensource projects

Example 91 with SAML2Exception

use of com.sun.identity.saml2.common.SAML2Exception in project OpenAM by OpenRock.

the class NameIDMappingRequestImpl method parseDOMChileElements.

/**
     * Parses child elements of the Docuemnt Element for this object.
     *
     * @param iter the child elements iterator.
     * @throws SAML2Exception if error parsing the Document Element.
     */
protected void parseDOMChileElements(ListIterator iter) throws SAML2Exception {
    super.parseDOMChileElements(iter);
    AssertionFactory assertionFactory = AssertionFactory.getInstance();
    if (iter.hasNext()) {
        Element childElement = (Element) iter.next();
        String localName = childElement.getLocalName();
        if (SAML2Constants.BASEID.equals(localName)) {
            baseID = assertionFactory.createBaseID(childElement);
        } else if (SAML2Constants.NAMEID.equals(localName)) {
            nameID = assertionFactory.createNameID(childElement);
        } else if (SAML2Constants.ENCRYPTEDID.equals(localName)) {
            encryptedID = assertionFactory.createEncryptedID(childElement);
        } else {
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nameIDMReqWrongID"));
        }
    } else {
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nameIDMReqWrongID"));
    }
    if (iter.hasNext()) {
        Element childElement = (Element) iter.next();
        String localName = childElement.getLocalName();
        if (SAML2Constants.NAMEID_POLICY.equals(localName)) {
            nameIDPolicy = ProtocolFactory.getInstance().createNameIDPolicy(childElement);
        } else {
            throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nameIDMReqMissingNameIDPolicy"));
        }
    } else {
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nameIDMReqMissingNameIDPolicy"));
    }
}

Example 92 with SAML2Exception

use of com.sun.identity.saml2.common.SAML2Exception in project OpenAM by OpenRock.

the class IDPListImpl method parseElement.

/* Parse the IDPList Element */
void parseElement(Element element) throws SAML2Exception {
    ProtocolFactory protoFactory = ProtocolFactory.getInstance();
    // Get the IDPEntry Element, can be 1 or more
    NodeList nList = element.getChildNodes();
    if ((nList == null) || (nList.getLength() == 0)) {
        throw new SAML2Exception(SAML2SDKUtils.bundle.getString("noIDPEntry"));
    }
    if (idpEntryList == null) {
        idpEntryList = new ArrayList();
    }
    for (int i = 0; i < nList.getLength(); i++) {
        Node childNode = nList.item(i);
        String cName = childNode.getLocalName();
        if (cName != null) {
            if (cName.equals(SAML2Constants.IDPENTRY)) {
                validateIDPEntry();
                idpEntryList.add(protoFactory.createIDPEntry(XMLUtils.print(childNode)));
            } else if (cName.equals(SAML2Constants.GETCOMPLETE)) {
                validateGetComplete();
                Element getCompleteElement = (Element) childNode;
                getComplete = protoFactory.createGetComplete(getCompleteElement);
            }
        }
    }
    validateIDPEntryList(idpEntryList);
    idpEntryList = Collections.unmodifiableList(idpEntryList);
}

Example 93 with SAML2Exception

use of com.sun.identity.saml2.common.SAML2Exception in project OpenAM by OpenRock.

the class SAML2PostAuthenticationPlugin method setupSingleLogOut.

private void setupSingleLogOut(SSOToken ssoToken, String metaAlias, String sessionIndex, String spEntityId, String idpEntityId, NameID nameId) throws SSOException, SAML2Exception, SessionException {
    final SAML2MetaManager sm = new SAML2MetaManager();
    final String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
    final String relayState = ssoToken.getProperty(SAML2Constants.RELAY_STATE);
    final String binding = SAML2Constants.HTTP_REDIRECT;
    final IDPSSODescriptorElement idpsso = sm.getIDPSSODescriptor(realm, idpEntityId);
    final List<EndpointType> slosList = idpsso.getSingleLogoutService();
    EndpointType logoutEndpoint = null;
    for (EndpointType endpoint : slosList) {
        if (binding.equals(endpoint.getBinding())) {
            logoutEndpoint = endpoint;
            break;
        }
    }
    if (logoutEndpoint == null) {
        DEBUG.warning("Unable to determine SLO endpoint. Aborting SLO attempt. Please note this PAP " + "only supports HTTP-Redirect as a valid binding.");
        return;
    }
    final LogoutRequest logoutReq = createLogoutRequest(metaAlias, realm, idpEntityId, logoutEndpoint, nameId, sessionIndex);
    //survival time is one hours
    //counted in seconds
    final long sessionExpireTime = System.currentTimeMillis() / 1000 + SPCache.interval;
    final String sloRequestXMLString = logoutReq.toXMLString(true, true);
    final String redirect = getRedirectURL(sloRequestXMLString, relayState, realm, idpEntityId, logoutEndpoint.getLocation(), spEntityId);
    if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
        try {
            SAML2FailoverUtils.saveSAML2TokenWithoutSecondaryKey(logoutReq.getID(), logoutReq, sessionExpireTime);
        } catch (SAML2TokenRepositoryException e) {
            DEBUG.warning("Unable to set SLO redirect location. Aborting SLO attempt.");
            return;
        }
    } else {
        SAML2Store.saveTokenWithKey(logoutReq.getID(), logoutReq);
    }
    ssoToken.setProperty(SLO_SESSION_LOCATION, logoutEndpoint.getLocation());
    ssoToken.setProperty(SLO_SESSION_REFERENCE, redirect);
}

Example 94 with SAML2Exception

use of com.sun.identity.saml2.common.SAML2Exception in project OpenAM by OpenRock.

the class SAML2Proxy method getUrl.

private static String getUrl(HttpServletRequest request, HttpServletResponse response) throws IOException {
    if (request == null || response == null) {
        DEBUG.error("SAML2Proxy: Null request or response");
        return getUrlWithError(request, BAD_REQUEST);
    }
    try {
        SAMLUtils.checkHTTPContentLength(request);
    } catch (ServletException se) {
        DEBUG.error("SAML2Proxy: content length too large");
        return getUrlWithError(request, BAD_REQUEST);
    }
    if (FSUtils.needSetLBCookieAndRedirect(request, response, false)) {
        return getUrlWithError(request, MISSING_COOKIE);
    }
    // get entity id and orgName
    String requestURL = request.getRequestURL().toString();
    String metaAlias = SAML2MetaUtils.getMetaAliasByUri(requestURL);
    SAML2MetaManager metaManager = SAML2Utils.getSAML2MetaManager();
    String hostEntityId;
    if (metaManager == null) {
        DEBUG.error("SAML2Proxy: Unable to obtain metaManager");
        return getUrlWithError(request, MISSING_META_MANAGER);
    }
    try {
        hostEntityId = metaManager.getEntityByMetaAlias(metaAlias);
        if (hostEntityId == null) {
            throw new SAML2MetaException("Caught Instantly");
        }
    } catch (SAML2MetaException sme) {
        DEBUG.warning("SAML2Proxy: unable to find hosted entity with metaAlias: {} Exception: {}", metaAlias, sme.toString());
        return getUrlWithError(request, META_DATA_ERROR);
    }
    String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
    if (StringUtils.isEmpty(realm)) {
        realm = "/";
    }
    ResponseInfo respInfo;
    try {
        respInfo = SPACSUtils.getResponse(request, response, realm, hostEntityId, metaManager);
    } catch (SAML2Exception se) {
        DEBUG.error("SAML2Proxy: Unable to obtain SAML response", se);
        return getUrlWithError(request, SAML_GET_RESPONSE_ERROR, se.getL10NMessage(request.getLocale()));
    }
    Map smap;
    try {
        // check Response/Assertion and get back a Map of relevant data
        smap = SAML2Utils.verifyResponse(request, response, respInfo.getResponse(), realm, hostEntityId, respInfo.getProfileBinding());
    } catch (SAML2Exception se) {
        DEBUG.error("SAML2Proxy: An error occurred while verifying the SAML response", se);
        return getUrlWithError(request, SAML_VERIFY_RESPONSE_ERROR, se.getL10NMessage(request.getLocale()));
    }
    String key = generateKey();
    //survival time is one hour
    SAML2ResponseData data = new SAML2ResponseData((String) smap.get(SAML2Constants.SESSION_INDEX), (Subject) smap.get(SAML2Constants.SUBJECT), (Assertion) smap.get(SAML2Constants.POST_ASSERTION), respInfo);
    if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
        try {
            //counted in seconds
            long sessionExpireTime = System.currentTimeMillis() / 1000 + SPCache.interval;
            SAML2FailoverUtils.saveSAML2TokenWithoutSecondaryKey(key, data, sessionExpireTime);
        } catch (SAML2TokenRepositoryException e) {
            DEBUG.error("An error occurred while persisting the SAML token", e);
            return getUrlWithError(request, SAML_FAILOVER_DISABLED_ERROR);
        }
    } else {
        SAML2Store.saveTokenWithKey(key, data);
    }
    return getUrlWithKey(request, key);
}

Example 95 with SAML2Exception

use of com.sun.identity.saml2.common.SAML2Exception in project OpenAM by OpenRock.

the class SAML2 method initiateSAMLLoginAtIDP.

/**
     * Performs similar to SPSSOFederate.initiateAuthnRequest by returning to the next auth stage
     * with a redirect (either GET or POST depending on the config) which triggers remote IdP authentication.
     */
private int initiateSAMLLoginAtIDP(final HttpServletResponse response, final HttpServletRequest request) throws SAML2Exception, AuthLoginException {
    if (reqBinding == null) {
        reqBinding = SAML2Constants.HTTP_REDIRECT;
    }
    final String spEntityID = SPSSOFederate.getSPEntityId(metaAlias);
    final IDPSSODescriptorElement idpsso = SPSSOFederate.getIDPSSOForAuthnReq(realm, entityName);
    final SPSSODescriptorElement spsso = SPSSOFederate.getSPSSOForAuthnReq(realm, spEntityID);
    if (idpsso == null || spsso == null) {
        return processError(bundle.getString("samlLocalConfigFailed"), "SAML2 :: initiateSAMLLoginAtIDP() : {}", bundle.getString("samlLocalConfigFailed"));
    }
    final String ssoURL = SPSSOFederate.getSSOURL(idpsso.getSingleSignOnService(), reqBinding);
    final List extensionsList = SPSSOFederate.getExtensionsList(spEntityID, realm);
    final Map<String, Collection<String>> spConfigAttrsMap = SPSSOFederate.getAttrsMapForAuthnReq(realm, spEntityID);
    authnRequest = SPSSOFederate.createAuthnRequest(realm, spEntityID, params, spConfigAttrsMap, extensionsList, spsso, idpsso, ssoURL, false);
    final AuthnRequestInfo reqInfo = new AuthnRequestInfo(request, response, realm, spEntityID, null, authnRequest, null, params);
    synchronized (SPCache.requestHash) {
        SPCache.requestHash.put(authnRequest.getID(), reqInfo);
    }
    saveAuthnRequest(authnRequest, reqInfo);
    final Callback[] nextCallbacks = getCallback(REDIRECT);
    final RedirectCallback redirectCallback = (RedirectCallback) nextCallbacks[0];
    setCookiesForRedirects(request, response);
    //we only handle Redirect and POST
    if (SAML2Constants.HTTP_POST.equals(reqBinding)) {
        final String postMsg = SPSSOFederate.getPostBindingMsg(idpsso, spsso, spConfigAttrsMap, authnRequest);
        configurePostRedirectCallback(postMsg, ssoURL, redirectCallback);
    } else {
        final String authReqXMLString = authnRequest.toXMLString(true, true);
        final String redirectUrl = SPSSOFederate.getRedirect(authReqXMLString, null, ssoURL, idpsso, spsso, spConfigAttrsMap);
        configureGetRedirectCallback(redirectUrl, redirectCallback);
    }
    return REDIRECT;
}