Example 11 with SAML2Exception
use of com.sun.identity.saml2.common.SAML2Exception in project OpenAM by OpenRock.
the class UtilProxySAMLAuthenticator method redirectToAuth.
private void redirectToAuth(SPSSODescriptorElement spSSODescriptor, String binding, IDPAuthnContextInfo idpAuthnContextInfo, IDPSSOFederateRequest data) throws IOException, ServerFaultException {
String classMethod = "IDPSSOFederate.redirectToAuth";
String preferredIDP;
// retrieved later when the user successfully authenticates
synchronized (IDPCache.authnRequestCache) {
IDPCache.authnRequestCache.put(data.getRequestID(), new CacheObject(data.getAuthnRequest()));
}
// retrieved later when the user successfully authenticates
synchronized (IDPCache.idpAuthnContextCache) {
IDPCache.idpAuthnContextCache.put(data.getRequestID(), new CacheObject(data.getMatchingAuthnContext()));
}
// retrieved later when the user successfully authenticates
if (StringUtils.isNotBlank(data.getRelayState())) {
IDPCache.relayStateCache.put(data.getRequestID(), data.getRelayState());
}
//IDP Proxy: Initiate proxying
try {
boolean isProxy = IDPProxyUtil.isIDPProxyEnabled(data.getAuthnRequest(), data.getRealm());
if (isProxy) {
preferredIDP = IDPProxyUtil.getPreferredIDP(data.getAuthnRequest(), data.getIdpEntityID(), data.getRealm(), request, response);
if (preferredIDP != null) {
if ((SPCache.reqParamHash != null) && (!(SPCache.reqParamHash.containsKey(preferredIDP)))) {
// IDP Proxy with configured proxy list
SAML2Utils.debug.message("{} IDP to be proxied {} ", classMethod, preferredIDP);
IDPProxyUtil.sendProxyAuthnRequest(data.getAuthnRequest(), preferredIDP, spSSODescriptor, data.getIdpEntityID(), request, response, data.getRealm(), data.getRelayState(), binding);
return;
} else {
// IDP proxy with introduction cookie
Map paramsMap = (Map) SPCache.reqParamHash.get(preferredIDP);
paramsMap.put("authnReq", data.getAuthnRequest());
paramsMap.put("spSSODescriptor", spSSODescriptor);
paramsMap.put("idpEntityID", data.getIdpEntityID());
paramsMap.put("realm", data.getRealm());
paramsMap.put("relayState", data.getRelayState());
paramsMap.put("binding", binding);
SPCache.reqParamHash.put(preferredIDP, paramsMap);
return;
}
}
}
//else continue for the local authentication.
} catch (SAML2Exception re) {
SAML2Utils.debug.message("{} Redirecting for the proxy handling error: {}", classMethod, re.getMessage());
throw new ServerFaultException(data.getIdpAdapter(), "UnableToRedirectToPreferredIDP", re.getMessage());
}
// preAuthentication adapter hook
if (preAuthenticationAdapter(request, response, data)) {
return;
}
// redirect to the authentication service
try {
if (!Boolean.TRUE.equals(data.getAuthnRequest().isPassive())) {
redirectAuthentication(request, response, idpAuthnContextInfo, data, false);
} else {
try {
IDPSSOUtil.sendNoPassiveResponse(request, response, out, data.getIdpMetaAlias(), data.getIdpEntityID(), data.getRealm(), data.getAuthnRequest(), data.getRelayState(), data.getSpEntityID());
} catch (SAML2Exception sme) {
SAML2Utils.debug.error(classMethod, sme);
throw new ServerFaultException(data.getIdpAdapter(), METADATA_ERROR);
}
}
} catch (IOException | SAML2Exception e) {
SAML2Utils.debug.error(classMethod + "Unable to redirect to authentication.", e);
throw new ServerFaultException(data.getIdpAdapter(), "UnableToRedirectToAuth", e.getMessage());
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
ServerFaultException(com.sun.identity.saml2.profile.ServerFaultException)
CacheObject(com.sun.identity.saml2.profile.CacheObject)
IOException(java.io.IOException)
Map(java.util.Map)
Example 12 with SAML2Exception
use of com.sun.identity.saml2.common.SAML2Exception in project OpenAM by OpenRock.
the class UtilProxySAMLAuthenticatorLookup method authNotAvailable.
private void authNotAvailable() throws ServerFaultException {
final String classMethod = "UtilProxySAMLAuthenticatorLookup.authNotavailable";
//handle the case when the authn request is no longer available in the local cache. This could
//happen for multiple reasons:
// - the SAML response has been already sent back for this request (e.g. browser back button)
// - the second visit reached a different OpenAM server, than the first and SAML SFO is disabled
// - the cache interval has passed
SAML2Utils.debug.error(classMethod + "Unable to get AuthnRequest from cache, sending error response");
try {
SAML2Utils.debug.message("Invoking IDP adapter preSendFailureResponse hook");
try {
data.getIdpAdapter().preSendFailureResponse(request, response, SAML2Constants.SERVER_FAULT, "UnableToGetAuthnReq");
} catch (SAML2Exception se2) {
SAML2Utils.debug.error("Error invoking the IDP Adapter", se2);
}
Response res = SAML2Utils.getErrorResponse(null, SAML2Constants.RESPONDER, null, null, data.getIdpEntityID());
res.setInResponseTo(data.getRequestID());
StringBuffer returnedBinding = new StringBuffer();
String spEntityID = request.getParameter(SP_ENTITY_ID);
String acsURL = request.getParameter(ACS_URL);
String binding = request.getParameter(BINDING);
Integer index;
try {
index = Integer.valueOf(request.getParameter(INDEX));
} catch (NumberFormatException nfe) {
index = null;
}
acsURL = IDPSSOUtil.getACSurl(spEntityID, data.getRealm(), acsURL, binding, index, request, returnedBinding);
String acsBinding = returnedBinding.toString();
IDPSSOUtil.sendResponse(request, response, out, acsBinding, spEntityID, data.getIdpEntityID(), data.getIdpMetaAlias(), data.getRealm(), data.getRelayState(), acsURL, res, data.getSession());
} catch (SAML2Exception sme) {
SAML2Utils.debug.error(classMethod + "an error occured while sending error response", sme);
throw new ServerFaultException(data.getIdpAdapter(), "UnableToGetAuthnReq");
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Response(com.sun.identity.saml2.protocol.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ServerFaultException(com.sun.identity.saml2.profile.ServerFaultException)
Example 13 with SAML2Exception
use of com.sun.identity.saml2.common.SAML2Exception in project OpenAM by OpenRock.
the class UtilProxySAMLAuthenticatorLookup method isSessionValid.
private boolean isSessionValid(SessionProvider sessionProvider) throws ServerFaultException, ClientFaultException, SessionException {
final String classMethod = "UtilProxySAMLAuthenticatorLookup.validteSesison";
// Let's verify if the session belongs to the proper realm
boolean isValidSessionInRealm = data.getSession() != null && IDPSSOUtil.isValidSessionInRealm(data.getRealm(), data.getSession());
// If there is a session then it must belong to the proper realm
if (!isValidSessionInRealm) {
if (data.getAuthnRequest() != null && Boolean.TRUE.equals(data.getAuthnRequest().isPassive())) {
// Send an appropriate response to the passive request
data.setSpEntityID(data.getAuthnRequest().getIssuer().getValue());
try {
IDPSSOUtil.sendNoPassiveResponse(request, response, out, data.getIdpMetaAlias(), data.getIdpEntityID(), data.getRealm(), data.getAuthnRequest(), data.getRelayState(), data.getSpEntityID());
return false;
} catch (SAML2Exception sme) {
SAML2Utils.debug.error(classMethod, sme);
throw new ServerFaultException(data.getIdpAdapter(), METADATA_ERROR);
}
} else {
// No attempt to authenticate now, since it is assumed that that has already been tried
String ipAddress = request.getRemoteAddr();
String authnReqString = "";
try {
authnReqString = data.getAuthnRequest() == null ? "" : data.getAuthnRequest().toXMLString();
} catch (SAML2Exception ex) {
SAML2Utils.debug.error(classMethod + "Could not obtain the AuthnReq to be logged");
}
if (data.getSession() == null) {
SAML2Utils.debug.error(classMethod + "The IdP has not been able to create a session");
logError(Level.INFO, LogUtil.SSO_NOT_FOUND, null, null, "null", data.getRealm(), data.getIdpEntityID(), ipAddress, authnReqString);
} else {
SAML2Utils.debug.error(classMethod + "The realm of the session does not correspond to that " + "of the IdP");
logError(Level.INFO, LogUtil.INVALID_REALM_FOR_SESSION, data.getSession(), null, sessionProvider.getProperty(data.getSession(), SAML2Constants.ORGANIZATION)[0], data.getRealm(), data.getIdpEntityID(), ipAddress, authnReqString);
}
throw new ClientFaultException(data.getIdpAdapter(), SSO_OR_FEDERATION_ERROR);
}
}
return true;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
ServerFaultException(com.sun.identity.saml2.profile.ServerFaultException)
ClientFaultException(com.sun.identity.saml2.profile.ClientFaultException)
Example 14 with SAML2Exception
use of com.sun.identity.saml2.common.SAML2Exception in project OpenAM by OpenRock.
the class DefaultAuthenticationStatementsProvider method get.
/**
* @see org.forgerock.openam.sts.tokengeneration.saml2.statements.AttributeStatementsProvider#get(com.iplanet.sso.SSOToken,
* org.forgerock.openam.sts.config.user.SAML2Config, AttributeMapper)
*/
public List<AuthnStatement> get(SAML2Config saml2Config, String authNContextClassRef) throws TokenCreationException {
try {
AuthnStatement authnStatement = AssertionFactory.getInstance().createAuthnStatement();
authnStatement.setAuthnInstant(new Date());
AuthnContext authnContext = AssertionFactory.getInstance().createAuthnContext();
authnContext.setAuthnContextClassRef(authNContextClassRef);
authnStatement.setAuthnContext(authnContext);
ArrayList<AuthnStatement> statements = new ArrayList<AuthnStatement>(1);
statements.add(authnStatement);
return statements;
} catch (SAML2Exception e) {
throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught generating AuthenticationStatement in DefaultAuthenticationStatementProvider: " + e, e);
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
AuthnStatement(com.sun.identity.saml2.assertion.AuthnStatement)
ArrayList(java.util.ArrayList)
TokenCreationException(org.forgerock.openam.sts.TokenCreationException)
Date(java.util.Date)
AuthnContext(com.sun.identity.saml2.assertion.AuthnContext)
Example 15 with SAML2Exception
use of com.sun.identity.saml2.common.SAML2Exception in project OpenAM by OpenRock.
the class SAML2TokenGenerationImpl method setIssuer.
private void setIssuer(Assertion assertion, SAML2Config config) throws TokenCreationException {
final Issuer issuer = AssertionFactory.getInstance().createIssuer();
try {
issuer.setValue(config.getIdpId());
assertion.setIssuer(issuer);
} catch (SAML2Exception e) {
throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught setting issuer in SAML2TokenGenerationImpl: " + e, e);
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Issuer(com.sun.identity.saml2.assertion.Issuer)
TokenCreationException(org.forgerock.openam.sts.TokenCreationException)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)275
ArrayList (java.util.ArrayList)92
List (java.util.List)86
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)72
Element (org.w3c.dom.Element)64
SessionException (com.sun.identity.plugin.session.SessionException)56
IOException (java.io.IOException)51
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)44
Map (java.util.Map)44
HashMap (java.util.HashMap)43
Iterator (java.util.Iterator)43
Issuer (com.sun.identity.saml2.assertion.Issuer)42
Date (java.util.Date)40
SOAPException (javax.xml.soap.SOAPException)39
SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)39
X509Certificate (java.security.cert.X509Certificate)36
NodeList (org.w3c.dom.NodeList)36
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)35
Node (org.w3c.dom.Node)34
Response (com.sun.identity.saml2.protocol.Response)30
