Search in sources :

Example 1 with ECPFactory

use of com.sun.identity.saml2.ecp.ECPFactory in project OpenAM by OpenRock.

the class SPSSOFederate method initiateECPRequest.

/**
     * Parses the request parameters and builds ECP Request to sent to the IDP.
     *
     * @param request the HttpServletRequest.
     * @param response the HttpServletResponse.
     *
     * @throws SAML2Exception if error creating AuthnRequest.
     * @throws IOException if error sending AuthnRequest to ECP.
     */
public static void initiateECPRequest(HttpServletRequest request, HttpServletResponse response) throws SAML2Exception, IOException {
    if (!isFromECP(request)) {
        SAML2Utils.debug.error("SPSSOFederate.initiateECPRequest: " + "invalid HTTP request from ECP.");
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_BAD_REQUEST, "invalidHttpRequestFromECP", SAML2Utils.bundle.getString("invalidHttpRequestFromECP"));
        return;
    }
    String metaAlias = request.getParameter("metaAlias");
    Map paramsMap = SAML2Utils.getParamsMap(request);
    // get the sp entity ID from the metaAlias
    String spEntityID = sm.getEntityByMetaAlias(metaAlias);
    String realm = getRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAlias));
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message("SPSSOFederate.initiateECPRequest: " + "spEntityID is " + spEntityID + ", realm is " + realm);
    }
    try {
        // Retreive MetaData 
        if (sm == null) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorMetaManager"));
        }
        SPSSOConfigElement spEntityCfg = sm.getSPSSOConfig(realm, spEntityID);
        Map spConfigAttrsMap = null;
        if (spEntityCfg != null) {
            spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg);
        }
        // get SPSSODescriptor
        SPSSODescriptorElement spsso = sm.getSPSSODescriptor(realm, spEntityID);
        if (spsso == null) {
            String[] data = { spEntityID };
            LogUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, data, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
        String[] data = { spEntityID, realm };
        LogUtil.access(Level.INFO, LogUtil.RECEIVED_HTTP_REQUEST_ECP, data, null);
        List extensionsList = getExtensionsList(spEntityID, realm);
        // create AuthnRequest 
        AuthnRequest authnRequest = createAuthnRequest(realm, spEntityID, paramsMap, spConfigAttrsMap, extensionsList, spsso, null, null, true);
        // invoke SP Adapter class if registered
        SAML2ServiceProviderAdapter spAdapter = SAML2Utils.getSPAdapterClass(spEntityID, realm);
        if (spAdapter != null) {
            spAdapter.preSingleSignOnRequest(spEntityID, realm, null, request, response, authnRequest);
        }
        String alias = SAML2Utils.getSigningCertAlias(realm, spEntityID, SAML2Constants.SP_ROLE);
        PrivateKey signingKey = KeyUtil.getKeyProviderInstance().getPrivateKey(alias);
        if (signingKey != null) {
            authnRequest.sign(signingKey, null);
        } else {
            SAML2Utils.debug.error("SPSSOFederate.initiateECPRequest: " + "Unable to find signing key.");
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
        ECPFactory ecpFactory = ECPFactory.getInstance();
        // Default URL if relayState not present? in providerConfig?
        // TODO get Default URL from metadata 
        String relayState = getParameter(paramsMap, SAML2Constants.RELAY_STATE);
        String ecpRelayStateXmlStr = "";
        if (relayState != null && relayState.length() > 0) {
            String relayStateID = getRelayStateID(relayState, authnRequest.getID());
            ECPRelayState ecpRelayState = ecpFactory.createECPRelayState();
            ecpRelayState.setValue(relayStateID);
            ecpRelayState.setMustUnderstand(Boolean.TRUE);
            ecpRelayState.setActor(SAML2Constants.SOAP_ACTOR_NEXT);
            ecpRelayStateXmlStr = ecpRelayState.toXMLString(true, true);
        }
        ECPRequest ecpRequest = ecpFactory.createECPRequest();
        ecpRequest.setIssuer(createIssuer(spEntityID));
        ecpRequest.setMustUnderstand(Boolean.TRUE);
        ecpRequest.setActor(SAML2Constants.SOAP_ACTOR_NEXT);
        ecpRequest.setIsPassive(authnRequest.isPassive());
        SAML2IDPFinder ecpIDPFinder = SAML2Utils.getECPIDPFinder(realm, spEntityID);
        if (ecpIDPFinder != null) {
            List idps = ecpIDPFinder.getPreferredIDP(authnRequest, spEntityID, realm, request, response);
            if ((idps != null) && (!idps.isEmpty())) {
                SAML2MetaManager saml2MetaManager = SAML2Utils.getSAML2MetaManager();
                List idpEntries = null;
                for (Iterator iter = idps.iterator(); iter.hasNext(); ) {
                    String idpEntityID = (String) iter.next();
                    IDPSSODescriptorElement idpDesc = saml2MetaManager.getIDPSSODescriptor(realm, idpEntityID);
                    if (idpDesc != null) {
                        IDPEntry idpEntry = ProtocolFactory.getInstance().createIDPEntry();
                        idpEntry.setProviderID(idpEntityID);
                        String description = SAML2Utils.getAttributeValueFromSSOConfig(realm, idpEntityID, SAML2Constants.IDP_ROLE, SAML2Constants.ENTITY_DESCRIPTION);
                        idpEntry.setName(description);
                        List ssoServiceList = idpDesc.getSingleSignOnService();
                        String ssoURL = getSSOURL(ssoServiceList, SAML2Constants.SOAP);
                        idpEntry.setLoc(ssoURL);
                        if (idpEntries == null) {
                            idpEntries = new ArrayList();
                        }
                        idpEntries.add(idpEntry);
                    }
                }
                if (idpEntries != null) {
                    IDPList idpList = ProtocolFactory.getInstance().createIDPList();
                    idpList.setIDPEntries(idpEntries);
                    ecpRequest.setIDPList(idpList);
                    Map attrs = SAML2MetaUtils.getAttributes(spEntityCfg);
                    List values = (List) attrs.get(SAML2Constants.ECP_REQUEST_IDP_LIST_GET_COMPLETE);
                    if ((values != null) && (!values.isEmpty())) {
                        GetComplete getComplete = ProtocolFactory.getInstance().createGetComplete();
                        getComplete.setValue((String) values.get(0));
                        idpList.setGetComplete(getComplete);
                    }
                }
            }
        }
        String paosRequestXmlStr = "";
        try {
            PAOSRequest paosRequest = new PAOSRequest(authnRequest.getAssertionConsumerServiceURL(), SAML2Constants.PAOS_ECP_SERVICE, null, Boolean.TRUE, SAML2Constants.SOAP_ACTOR_NEXT);
            paosRequestXmlStr = paosRequest.toXMLString(true, true);
        } catch (PAOSException paosex) {
            SAML2Utils.debug.error("SPSSOFederate.initiateECPRequest:", paosex);
            throw new SAML2Exception(paosex.getMessage());
        }
        String header = paosRequestXmlStr + ecpRequest.toXMLString(true, true) + ecpRelayStateXmlStr;
        String body = authnRequest.toXMLString(true, true);
        try {
            SOAPMessage reply = SOAPCommunicator.getInstance().createSOAPMessage(header, body, false);
            String[] data2 = { spEntityID, realm, "" };
            if (LogUtil.isAccessLoggable(Level.FINE)) {
                data2[2] = SOAPCommunicator.getInstance().soapMessageToString(reply);
            }
            LogUtil.access(Level.INFO, LogUtil.SEND_ECP_PAOS_REQUEST, data2, null);
            // are generated as part of the save.
            if (reply.saveRequired()) {
                reply.saveChanges();
            }
            response.setStatus(HttpServletResponse.SC_OK);
            SAML2Utils.putHeaders(reply.getMimeHeaders(), response);
            response.setContentType(PAOSConstants.PAOS_MIME_TYPE);
            // Write out the message on the response stream
            OutputStream os = response.getOutputStream();
            reply.writeTo(os);
            os.flush();
        } catch (SOAPException soapex) {
            SAML2Utils.debug.error("SPSSOFederate.initiateECPRequest", soapex);
            String[] data3 = { spEntityID, realm };
            LogUtil.error(Level.INFO, LogUtil.SEND_ECP_PAOS_REQUEST_FAILED, data3, null);
            SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "soapError", soapex.getMessage());
            return;
        }
        AuthnRequestInfo reqInfo = new AuthnRequestInfo(request, response, realm, spEntityID, null, authnRequest, relayState, paramsMap);
        synchronized (SPCache.requestHash) {
            SPCache.requestHash.put(authnRequest.getID(), reqInfo);
        }
        if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
            // sessionExpireTime is counted in seconds
            long sessionExpireTime = System.currentTimeMillis() / 1000 + SPCache.interval;
            String key = authnRequest.getID();
            try {
                SAML2FailoverUtils.saveSAML2TokenWithoutSecondaryKey(key, new AuthnRequestInfoCopy(reqInfo), sessionExpireTime);
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("SPSSOFederate.initiateECPRequest:" + " SAVE AuthnRequestInfoCopy for requestID " + key);
                }
            } catch (SAML2TokenRepositoryException e) {
                SAML2Utils.debug.error("SPSSOFederate.initiateECPRequest: There was a problem saving the " + "AuthnRequestInfoCopy in the SAML2 Token Repository for requestID " + key, e);
            }
        }
    } catch (SAML2MetaException sme) {
        SAML2Utils.debug.error("SPSSOFederate:Error retrieving metadata", sme);
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    }
}
Also used : PrivateKey(java.security.PrivateKey) SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) GetComplete(com.sun.identity.saml2.protocol.GetComplete) OutputStream(java.io.OutputStream) ArrayList(java.util.ArrayList) PAOSException(com.sun.identity.liberty.ws.paos.PAOSException) SOAPMessage(javax.xml.soap.SOAPMessage) ECPFactory(com.sun.identity.saml2.ecp.ECPFactory) SOAPException(javax.xml.soap.SOAPException) ECPRelayState(com.sun.identity.saml2.ecp.ECPRelayState) Iterator(java.util.Iterator) List(java.util.List) IDPList(com.sun.identity.saml2.protocol.IDPList) ArrayList(java.util.ArrayList) SAML2ServiceProviderAdapter(com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter) SAML2IDPFinder(com.sun.identity.saml2.plugins.SAML2IDPFinder) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) ECPRequest(com.sun.identity.saml2.ecp.ECPRequest) SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) IDPList(com.sun.identity.saml2.protocol.IDPList) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) AuthnRequest(com.sun.identity.saml2.protocol.AuthnRequest) SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException) IDPEntry(com.sun.identity.saml2.protocol.IDPEntry) Map(java.util.Map) PAOSRequest(com.sun.identity.liberty.ws.paos.PAOSRequest) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)

Example 2 with ECPFactory

use of com.sun.identity.saml2.ecp.ECPFactory in project OpenAM by OpenRock.

the class IDPSSOUtil method sendResponseECP.

/**
     * This method sends SAML Response back to ECP.
     *
     * @param request The servlet request.
     * @param response The servlet response.
     * @param out The print writer for writing out presentation.
     * @param idpEntityID the entity id of the identity provider
     * @param realm       the realm name of the identity provider
     * @param acsURL      the assertion consumer service <code>URL</code>
     * @param res         the <code>SAML Response</code> object
     * @throws SAML2Exception if the operation is not successful
     */
public static void sendResponseECP(HttpServletRequest request, HttpServletResponse response, PrintWriter out, String idpEntityID, String realm, String acsURL, Response res) throws SAML2Exception {
    ECPFactory ecpFactory = ECPFactory.getInstance();
    ECPResponse ecpResponse = ecpFactory.createECPResponse();
    ecpResponse.setMustUnderstand(Boolean.TRUE);
    ecpResponse.setActor(SAML2Constants.SOAP_ACTOR_NEXT);
    ecpResponse.setAssertionConsumerServiceURL(acsURL);
    String header = ecpResponse.toXMLString(true, true);
    String body = res.toXMLString(true, true);
    try {
        SOAPMessage reply = SOAPCommunicator.getInstance().createSOAPMessage(header, body, false);
        String[] logdata = { idpEntityID, realm, acsURL, "" };
        if (LogUtil.isAccessLoggable(Level.FINE)) {
            logdata[3] = SOAPCommunicator.getInstance().soapMessageToString(reply);
        }
        LogUtil.access(Level.INFO, LogUtil.SEND_ECP_RESPONSE, logdata, null);
        // are generated as part of the save.
        if (reply.saveRequired()) {
            reply.saveChanges();
        }
        response.setStatus(HttpServletResponse.SC_OK);
        SAML2Utils.putHeaders(reply.getMimeHeaders(), response);
        // Write out the message on the response stream
        ByteArrayOutputStream stream = new ByteArrayOutputStream();
        reply.writeTo(stream);
        out.println(stream.toString());
        out.flush();
    } catch (Exception ex) {
        SAML2Utils.debug.error("IDPSSOUtil.sendResponseECP", ex);
        String[] data = { idpEntityID, realm, acsURL };
        LogUtil.error(Level.INFO, LogUtil.SEND_ECP_RESPONSE_FAILED, data, null);
        SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "failedToSendECPResponse", ex.getMessage());
        return;
    }
}
Also used : ECPResponse(com.sun.identity.saml2.ecp.ECPResponse) ByteArrayOutputStream(java.io.ByteArrayOutputStream) SOAPMessage(javax.xml.soap.SOAPMessage) ECPFactory(com.sun.identity.saml2.ecp.ECPFactory) SAML2InvalidNameIDPolicyException(com.sun.identity.saml2.common.SAML2InvalidNameIDPolicyException) SessionException(com.sun.identity.plugin.session.SessionException) COTException(com.sun.identity.cot.COTException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException) IOException(java.io.IOException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)

Aggregations

SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)2 ECPFactory (com.sun.identity.saml2.ecp.ECPFactory)2 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)2 SOAPMessage (javax.xml.soap.SOAPMessage)2 SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)2 COTException (com.sun.identity.cot.COTException)1 PAOSException (com.sun.identity.liberty.ws.paos.PAOSException)1 PAOSRequest (com.sun.identity.liberty.ws.paos.PAOSRequest)1 SessionException (com.sun.identity.plugin.session.SessionException)1 SAML2InvalidNameIDPolicyException (com.sun.identity.saml2.common.SAML2InvalidNameIDPolicyException)1 ECPRelayState (com.sun.identity.saml2.ecp.ECPRelayState)1 ECPRequest (com.sun.identity.saml2.ecp.ECPRequest)1 ECPResponse (com.sun.identity.saml2.ecp.ECPResponse)1 SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)1 IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)1 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)1 SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)1 SAML2IDPFinder (com.sun.identity.saml2.plugins.SAML2IDPFinder)1 SAML2ServiceProviderAdapter (com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter)1 AuthnRequest (com.sun.identity.saml2.protocol.AuthnRequest)1