Example 6 with AuthnRequestInfo
use of com.sun.identity.saml2.profile.AuthnRequestInfo in project OpenAM by OpenRock.
the class SAML2Utils method fillMap.
private static Map fillMap(final List authnStmts, final Subject subject, final Assertion assertion, final List assertions, final AuthnRequestInfo reqInfo, final String inRespToResp, final String orgName, final String hostEntityId, final String idpEntityId, final SPSSOConfigElement spConfig, final Date notOnOrAfterTime) throws SAML2Exception {
// use the first AuthnStmt
AuthnStatement authnStmt = (AuthnStatement) authnStmts.get(0);
int authLevel = -1;
String mapperClass = getAttributeValueFromSPSSOConfig(spConfig, SAML2Constants.SP_AUTHCONTEXT_MAPPER);
SPAuthnContextMapper mapper = getSPAuthnContextMapper(orgName, hostEntityId, mapperClass);
RequestedAuthnContext reqContext = null;
AuthnRequest authnRequest = null;
if (reqInfo != null) {
reqContext = (reqInfo.getAuthnRequest()).getRequestedAuthnContext();
authnRequest = reqInfo.getAuthnRequest();
}
authLevel = mapper.getAuthLevel(reqContext, authnStmt.getAuthnContext(), orgName, hostEntityId, idpEntityId);
String sessionIndex = authnStmt.getSessionIndex();
Date sessionNotOnOrAfter = authnStmt.getSessionNotOnOrAfter();
Map smap = new HashMap();
smap.put(SAML2Constants.SUBJECT, subject);
smap.put(SAML2Constants.POST_ASSERTION, assertion);
smap.put(SAML2Constants.ASSERTIONS, assertions);
if (authnRequest != null) {
smap.put(SAML2Constants.AUTHN_REQUEST, authnRequest);
}
String[] data = { assertion.getID(), "", "" };
if (LogUtil.isAccessLoggable(Level.FINE)) {
data[1] = subject.toXMLString();
}
if (sessionIndex != null && sessionIndex.length() != 0) {
data[2] = sessionIndex;
smap.put(SAML2Constants.SESSION_INDEX, sessionIndex);
}
if (authLevel >= 0) {
smap.put(SAML2Constants.AUTH_LEVEL, new Integer(authLevel));
}
// SessionNotOnOrAfter
if (sessionNotOnOrAfter != null) {
long maxSessionTime = (sessionNotOnOrAfter.getTime() - System.currentTimeMillis()) / 60000;
if (maxSessionTime > 0) {
smap.put(SAML2Constants.MAX_SESSION_TIME, new Long(maxSessionTime));
}
}
if (inRespToResp != null && inRespToResp.length() != 0) {
smap.put(SAML2Constants.IN_RESPONSE_TO, inRespToResp);
}
if (debug.messageEnabled()) {
debug.message("SAML2Utils.fillMap: Found valid authentication " + "assertion.");
}
if (notOnOrAfterTime != null) {
smap.put(SAML2Constants.NOTONORAFTER, new Long(notOnOrAfterTime.getTime()));
}
LogUtil.access(Level.INFO, LogUtil.FOUND_AUTHN_ASSERTION, data, null);
return smap;
}
Also used :
HashMap(java.util.HashMap)
Date(java.util.Date)
RequestedAuthnContext(com.sun.identity.saml2.protocol.RequestedAuthnContext)
AuthnRequest(com.sun.identity.saml2.protocol.AuthnRequest)
AuthnStatement(com.sun.identity.saml2.assertion.AuthnStatement)
SPAuthnContextMapper(com.sun.identity.saml2.plugins.SPAuthnContextMapper)
DefaultSPAuthnContextMapper(com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 7 with AuthnRequestInfo
use of com.sun.identity.saml2.profile.AuthnRequestInfo in project OpenAM by OpenRock.
the class SPSSOFederate method initiateAuthnRequest.
/**
* Parses the request parameters and builds the Authentication
* Request to sent to the IDP.
*
* @param request the HttpServletRequest.
* @param response the HttpServletResponse.
* @param spEntityID entityID of Service Provider.
* @param idpEntityID entityID of Identity Provider.
* @param paramsMap Map of all other parameters.The key in the
* map are the parameter names of the type String.
* The values in the paramsMap are of the type List.
* Some of the possible keys are:RelayState,NameIDFormat,
* reqBinding, binding, AssertionConsumerServiceIndex,
* AttributeConsumingServiceIndex (currently not supported),
* isPassive, ForceAuthN, AllowCreate, Destination,
* AuthnContextDeclRef, AuthnContextClassRef,
* AuthComparison, Consent (currently not supported),
* AuthLevel, and sunamcompositeadvice.
* @param auditor the auditor for logging SAML2 Events - may be null
* @throws SAML2Exception if error initiating request to IDP.
*/
private static void initiateAuthnRequest(final HttpServletRequest request, final HttpServletResponse response, final String spEntityID, final String idpEntityID, final String realmName, final Map paramsMap, final SAML2EventLogger auditor) throws SAML2Exception {
if (FSUtils.needSetLBCookieAndRedirect(request, response, false)) {
return;
}
if (spEntityID == null) {
SAML2Utils.debug.error("SPSSOFederate:Service Provider ID is missing.");
String[] data = { spEntityID };
LogUtil.error(Level.INFO, LogUtil.INVALID_SP, data, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("nullSPEntityID"));
}
if (idpEntityID == null) {
SAML2Utils.debug.error("SPSSOFederate: Identity Provider ID is missing .");
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.INVALID_IDP, data, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("nullIDPEntityID"));
}
String binding = getParameter(paramsMap, SAML2Constants.REQ_BINDING);
if (binding == null) {
binding = SAML2Constants.HTTP_REDIRECT;
}
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("SPSSOFederate: in initiateSSOFed");
SAML2Utils.debug.message("SPSSOFederate: spEntityID is : " + spEntityID);
SAML2Utils.debug.message("SPSSOFederate: idpEntityID : " + idpEntityID);
}
String realm = getRealm(realmName);
try {
// Retreive MetaData
if (sm == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("errorMetaManager"));
}
Map spConfigAttrsMap = getAttrsMapForAuthnReq(realm, spEntityID);
// get SPSSODescriptor
SPSSODescriptorElement spsso = getSPSSOForAuthnReq(realm, spEntityID);
if (spsso == null) {
String[] data = { spEntityID };
LogUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, data, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
List extensionsList = getExtensionsList(spEntityID, realm);
// get IDP Descriptor
IDPSSODescriptorElement idpsso = getIDPSSOForAuthnReq(realm, idpEntityID);
if (idpsso == null) {
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, data, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
List ssoServiceList = idpsso.getSingleSignOnService();
String ssoURL = getSSOURL(ssoServiceList, binding);
if (ssoURL == null || ssoURL.length() == 0) {
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.SSO_NOT_FOUND, data, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("ssoServiceNotfound"));
}
// create AuthnRequest
AuthnRequest authnRequest = createAuthnRequest(realm, spEntityID, paramsMap, spConfigAttrsMap, extensionsList, spsso, idpsso, ssoURL, false);
if (null != auditor && null != authnRequest) {
auditor.setRequestId(authnRequest.getID());
}
// invoke SP Adapter class if registered
SAML2ServiceProviderAdapter spAdapter = SAML2Utils.getSPAdapterClass(spEntityID, realmName);
if (spAdapter != null) {
spAdapter.preSingleSignOnRequest(spEntityID, idpEntityID, realmName, request, response, authnRequest);
}
String authReqXMLString = authnRequest.toXMLString(true, true);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("SPSSOFederate: AuthnRequest:" + authReqXMLString);
}
// Default URL if relayState not present? in providerConfig?
// TODO get Default URL from metadata
String relayState = getParameter(paramsMap, SAML2Constants.RELAY_STATE);
// Validate the RelayState URL.
SAML2Utils.validateRelayStateURL(realm, spEntityID, relayState, SAML2Constants.SP_ROLE);
// check if relayState is present and get the unique
// id which will be appended to the SSO URL before
// redirecting.
String relayStateID = null;
if (relayState != null && relayState.length() > 0) {
relayStateID = getRelayStateID(relayState, authnRequest.getID());
}
if (binding.equals(SAML2Constants.HTTP_POST)) {
String encodedReqMsg = getPostBindingMsg(idpsso, spsso, spConfigAttrsMap, authnRequest);
SAML2Utils.postToTarget(request, response, "SAMLRequest", encodedReqMsg, "RelayState", relayStateID, ssoURL);
} else {
String redirect = getRedirect(authReqXMLString, relayStateID, ssoURL, idpsso, spsso, spConfigAttrsMap);
response.sendRedirect(redirect);
}
String[] data = { ssoURL };
LogUtil.access(Level.INFO, LogUtil.REDIRECT_TO_IDP, data, null);
AuthnRequestInfo reqInfo = new AuthnRequestInfo(request, response, realm, spEntityID, idpEntityID, authnRequest, relayState, paramsMap);
synchronized (SPCache.requestHash) {
SPCache.requestHash.put(authnRequest.getID(), reqInfo);
}
if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
// sessionExpireTime is counted in seconds
long sessionExpireTime = System.currentTimeMillis() / 1000 + SPCache.interval;
String key = authnRequest.getID();
try {
SAML2FailoverUtils.saveSAML2TokenWithoutSecondaryKey(key, new AuthnRequestInfoCopy(reqInfo), sessionExpireTime);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("SPSSOFederate.initiateAuthnRequest:" + " SAVE AuthnRequestInfoCopy for requestID " + key);
}
} catch (SAML2TokenRepositoryException e) {
SAML2Utils.debug.error("SPSSOFederate.initiateAuthnRequest: There was a problem saving the " + "AuthnRequestInfoCopy in the SAML2 Token Repository for requestID " + key, e);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
}
} catch (IOException ioe) {
SAML2Utils.debug.error("SPSSOFederate: Exception :", ioe);
throw new SAML2Exception(SAML2Utils.bundle.getString("errorCreatingAuthnRequest"));
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error("SPSSOFederate:Error retrieving metadata", sme);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
}
Also used :
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
IOException(java.io.IOException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
AuthnRequest(com.sun.identity.saml2.protocol.AuthnRequest)
List(java.util.List)
IDPList(com.sun.identity.saml2.protocol.IDPList)
ArrayList(java.util.ArrayList)
SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)
SAML2ServiceProviderAdapter(com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter)
Map(java.util.Map)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Aggregations
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)5
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)5
AuthnRequest (com.sun.identity.saml2.protocol.AuthnRequest)5
SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)5
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)4
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)4
SAML2ServiceProviderAdapter (com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter)4
List (java.util.List)4
Map (java.util.Map)4
SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)3
ArrayList (java.util.ArrayList)3
AuthnRequestInfo (com.sun.identity.saml2.profile.AuthnRequestInfo)2
AuthnRequestInfoCopy (com.sun.identity.saml2.profile.AuthnRequestInfoCopy)2
IDPList (com.sun.identity.saml2.protocol.IDPList)2
PrivateKey (java.security.PrivateKey)2
Date (java.util.Date)2
HashMap (java.util.HashMap)2
PagePropertiesCallback (com.sun.identity.authentication.spi.PagePropertiesCallback)1
RedirectCallback (com.sun.identity.authentication.spi.RedirectCallback)1
PAOSException (com.sun.identity.liberty.ws.paos.PAOSException)1
