Search in sources :

Example 6 with SAML2ServiceProviderAdapter

use of com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter in project OpenAM by OpenRock.

the class SPSSOFederate method initiateAuthnRequest.

/**
     * Parses the request parameters and builds the Authentication
     * Request to sent to the IDP.
     *
     * @param request the HttpServletRequest.
     * @param response the HttpServletResponse.
     * @param spEntityID entityID of Service Provider.
     * @param idpEntityID entityID of Identity Provider.
     * @param paramsMap Map of all other parameters.The key in the
     *              map are the parameter names of the type String. 
     *              The values in the paramsMap are of the type List.
     *              Some of the possible keys are:RelayState,NameIDFormat,
     *              reqBinding, binding, AssertionConsumerServiceIndex,
     *              AttributeConsumingServiceIndex (currently not supported),
     *              isPassive, ForceAuthN, AllowCreate, Destination,
     *              AuthnContextDeclRef, AuthnContextClassRef,
     *              AuthComparison, Consent (currently not supported),
     *              AuthLevel, and sunamcompositeadvice.
     * @param auditor the auditor for logging SAML2 Events - may be null
     * @throws SAML2Exception if error initiating request to IDP.
     */
private static void initiateAuthnRequest(final HttpServletRequest request, final HttpServletResponse response, final String spEntityID, final String idpEntityID, final String realmName, final Map paramsMap, final SAML2EventLogger auditor) throws SAML2Exception {
    if (FSUtils.needSetLBCookieAndRedirect(request, response, false)) {
        return;
    }
    if (spEntityID == null) {
        SAML2Utils.debug.error("SPSSOFederate:Service Provider ID  is missing.");
        String[] data = { spEntityID };
        LogUtil.error(Level.INFO, LogUtil.INVALID_SP, data, null);
        throw new SAML2Exception(SAML2Utils.bundle.getString("nullSPEntityID"));
    }
    if (idpEntityID == null) {
        SAML2Utils.debug.error("SPSSOFederate: Identity Provider ID is missing .");
        String[] data = { idpEntityID };
        LogUtil.error(Level.INFO, LogUtil.INVALID_IDP, data, null);
        throw new SAML2Exception(SAML2Utils.bundle.getString("nullIDPEntityID"));
    }
    String binding = getParameter(paramsMap, SAML2Constants.REQ_BINDING);
    if (binding == null) {
        binding = SAML2Constants.HTTP_REDIRECT;
    }
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message("SPSSOFederate: in initiateSSOFed");
        SAML2Utils.debug.message("SPSSOFederate: spEntityID is : " + spEntityID);
        SAML2Utils.debug.message("SPSSOFederate: idpEntityID : " + idpEntityID);
    }
    String realm = getRealm(realmName);
    try {
        // Retreive MetaData 
        if (sm == null) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorMetaManager"));
        }
        Map spConfigAttrsMap = getAttrsMapForAuthnReq(realm, spEntityID);
        // get SPSSODescriptor
        SPSSODescriptorElement spsso = getSPSSOForAuthnReq(realm, spEntityID);
        if (spsso == null) {
            String[] data = { spEntityID };
            LogUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, data, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
        List extensionsList = getExtensionsList(spEntityID, realm);
        // get IDP Descriptor
        IDPSSODescriptorElement idpsso = getIDPSSOForAuthnReq(realm, idpEntityID);
        if (idpsso == null) {
            String[] data = { idpEntityID };
            LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, data, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
        }
        List ssoServiceList = idpsso.getSingleSignOnService();
        String ssoURL = getSSOURL(ssoServiceList, binding);
        if (ssoURL == null || ssoURL.length() == 0) {
            String[] data = { idpEntityID };
            LogUtil.error(Level.INFO, LogUtil.SSO_NOT_FOUND, data, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("ssoServiceNotfound"));
        }
        // create AuthnRequest 
        AuthnRequest authnRequest = createAuthnRequest(realm, spEntityID, paramsMap, spConfigAttrsMap, extensionsList, spsso, idpsso, ssoURL, false);
        if (null != auditor && null != authnRequest) {
            auditor.setRequestId(authnRequest.getID());
        }
        // invoke SP Adapter class if registered
        SAML2ServiceProviderAdapter spAdapter = SAML2Utils.getSPAdapterClass(spEntityID, realmName);
        if (spAdapter != null) {
            spAdapter.preSingleSignOnRequest(spEntityID, idpEntityID, realmName, request, response, authnRequest);
        }
        String authReqXMLString = authnRequest.toXMLString(true, true);
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPSSOFederate: AuthnRequest:" + authReqXMLString);
        }
        // Default URL if relayState not present? in providerConfig?
        // TODO get Default URL from metadata 
        String relayState = getParameter(paramsMap, SAML2Constants.RELAY_STATE);
        // Validate the RelayState URL.
        SAML2Utils.validateRelayStateURL(realm, spEntityID, relayState, SAML2Constants.SP_ROLE);
        // check if relayState is present and get the unique
        // id which will be appended to the SSO URL before
        // redirecting.
        String relayStateID = null;
        if (relayState != null && relayState.length() > 0) {
            relayStateID = getRelayStateID(relayState, authnRequest.getID());
        }
        if (binding.equals(SAML2Constants.HTTP_POST)) {
            String encodedReqMsg = getPostBindingMsg(idpsso, spsso, spConfigAttrsMap, authnRequest);
            SAML2Utils.postToTarget(request, response, "SAMLRequest", encodedReqMsg, "RelayState", relayStateID, ssoURL);
        } else {
            String redirect = getRedirect(authReqXMLString, relayStateID, ssoURL, idpsso, spsso, spConfigAttrsMap);
            response.sendRedirect(redirect);
        }
        String[] data = { ssoURL };
        LogUtil.access(Level.INFO, LogUtil.REDIRECT_TO_IDP, data, null);
        AuthnRequestInfo reqInfo = new AuthnRequestInfo(request, response, realm, spEntityID, idpEntityID, authnRequest, relayState, paramsMap);
        synchronized (SPCache.requestHash) {
            SPCache.requestHash.put(authnRequest.getID(), reqInfo);
        }
        if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
            // sessionExpireTime is counted in seconds
            long sessionExpireTime = System.currentTimeMillis() / 1000 + SPCache.interval;
            String key = authnRequest.getID();
            try {
                SAML2FailoverUtils.saveSAML2TokenWithoutSecondaryKey(key, new AuthnRequestInfoCopy(reqInfo), sessionExpireTime);
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("SPSSOFederate.initiateAuthnRequest:" + " SAVE AuthnRequestInfoCopy for requestID " + key);
                }
            } catch (SAML2TokenRepositoryException e) {
                SAML2Utils.debug.error("SPSSOFederate.initiateAuthnRequest: There was a problem saving the " + "AuthnRequestInfoCopy in the SAML2 Token Repository for requestID " + key, e);
                throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
            }
        }
    } catch (IOException ioe) {
        SAML2Utils.debug.error("SPSSOFederate: Exception :", ioe);
        throw new SAML2Exception(SAML2Utils.bundle.getString("errorCreatingAuthnRequest"));
    } catch (SAML2MetaException sme) {
        SAML2Utils.debug.error("SPSSOFederate:Error retrieving metadata", sme);
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    }
}
Also used : SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) IOException(java.io.IOException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) AuthnRequest(com.sun.identity.saml2.protocol.AuthnRequest) List(java.util.List) IDPList(com.sun.identity.saml2.protocol.IDPList) ArrayList(java.util.ArrayList) SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException) SAML2ServiceProviderAdapter(com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter) Map(java.util.Map) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)

Example 7 with SAML2ServiceProviderAdapter

use of com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter in project OpenAM by OpenRock.

the class SPACSUtils method invokeSPAdapterForSSOFailure.

private static void invokeSPAdapterForSSOFailure(String hostEntityId, String realm, HttpServletRequest request, HttpServletResponse response, Map smap, ResponseInfo respInfo, int errorCode, SAML2Exception se) {
    SAML2ServiceProviderAdapter spAdapter = null;
    try {
        spAdapter = SAML2Utils.getSPAdapterClass(hostEntityId, realm);
    } catch (SAML2Exception e) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPACSUtils.invokeSPAdapterForSSOFailure", e);
        }
    }
    if (spAdapter != null) {
        AuthnRequest authnRequest = null;
        if (smap != null) {
            authnRequest = (AuthnRequest) smap.get(SAML2Constants.AUTHN_REQUEST);
        }
        boolean redirected = spAdapter.postSingleSignOnFailure(hostEntityId, realm, request, response, authnRequest, respInfo.getResponse(), respInfo.getProfileBinding(), errorCode);
        se.setRedirectionDone(redirected);
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) AuthnRequest(com.sun.identity.saml2.protocol.AuthnRequest) SAML2ServiceProviderAdapter(com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter)

Example 8 with SAML2ServiceProviderAdapter

use of com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter in project OpenAM by OpenRock.

the class SAML2PostAuthenticationPlugin method configurePostSSO.

private void configurePostSSO(String spEntityId, String realm, HttpServletRequest request, HttpServletResponse response, SSOToken session, SessionProvider sessionProvider, ResponseInfo respInfo, String cacheKey) throws SAML2Exception {
    AuthnRequest authnReq = (AuthnRequest) SPCache.authnRequestHash.get(cacheKey);
    boolean writeFedInfo = Boolean.parseBoolean((String) SPCache.fedAccountHash.get(cacheKey));
    final SAML2ServiceProviderAdapter spAdapter = SAML2Utils.getSPAdapterClass(spEntityId, realm);
    if (spAdapter != null) {
        final boolean redirected = spAdapter.postSingleSignOnSuccess(spEntityId, realm, request, response, null, session, authnReq, respInfo.getResponse(), respInfo.getProfileBinding(), writeFedInfo);
        final String[] value = new String[] { String.valueOf(redirected) };
        try {
            sessionProvider.setProperty(session, SAML2Constants.RESPONSE_REDIRECTED, value);
        } catch (SessionException | UnsupportedOperationException ex) {
            DEBUG.warning("SAML2PostAuthenticationPlugin.configurePostSSO :: failed to set properties in session.", ex);
        }
    }
    SPCache.authnRequestHash.remove(cacheKey);
    SPCache.fedAccountHash.remove(cacheKey);
}
Also used : AuthnRequest(com.sun.identity.saml2.protocol.AuthnRequest) SessionException(com.sun.identity.plugin.session.SessionException) SAML2ServiceProviderAdapter(com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter)

Aggregations

SAML2ServiceProviderAdapter (com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter)8 AuthnRequest (com.sun.identity.saml2.protocol.AuthnRequest)7 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)5 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)5 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)5 ArrayList (java.util.ArrayList)5 List (java.util.List)5 Map (java.util.Map)5 SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)5 SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)4 IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)4 PrivateKey (java.security.PrivateKey)3 HashMap (java.util.HashMap)3 SessionException (com.sun.identity.plugin.session.SessionException)2 Assertion (com.sun.identity.saml2.assertion.Assertion)2 Subject (com.sun.identity.saml2.assertion.Subject)2 IDPList (com.sun.identity.saml2.protocol.IDPList)2 Iterator (java.util.Iterator)2 PAOSException (com.sun.identity.liberty.ws.paos.PAOSException)1 PAOSRequest (com.sun.identity.liberty.ws.paos.PAOSRequest)1