Example 6 with ServerFaultException
use of com.sun.identity.saml2.profile.ServerFaultException in project OpenAM by OpenRock.
the class IDPSSOFederate method idpProxyCase.
/**
* Having read the requestID, look up the preferred IDP for this request.
* If matched, send a proxy authentication request.
* Performs no action if the requestID is null.
*
* @param requestID Nullable identifier for the request. May be null.
* @throws ServerFaultException If we couldn't send the authentication request.
*/
private boolean idpProxyCase(String requestID, HttpServletRequest request, HttpServletResponse response) throws ServerFaultException {
final String classMethod = "IDPSSOFederate.idpProxyCase:";
final Map paramsMap = (Map) SPCache.reqParamHash.get(requestID);
if (requestID != null) {
String preferredIDP = SAML2Utils.getPreferredIDP(request);
if (preferredIDP != null) {
SAML2Utils.debug.message("{} IDP to be proxied {}", classMethod, preferredIDP);
try {
IDPProxyUtil.sendProxyAuthnRequest((AuthnRequest) paramsMap.get("authnReq"), preferredIDP, (SPSSODescriptorElement) paramsMap.get("spSSODescriptor"), (String) paramsMap.get("idpEntityID"), request, response, (String) paramsMap.get("realm"), (String) paramsMap.get("relayState"), (String) paramsMap.get("binding"));
SPCache.reqParamHash.remove(requestID);
return true;
} catch (SAML2Exception | IOException e) {
SAML2Utils.debug.message(classMethod + "{} Redirecting for the proxy handling error: {}", classMethod, e.getMessage());
throw new ServerFaultException("UnableToRedirectToPreferredIDP", e.getMessage());
}
}
}
return false;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
IOException(java.io.IOException)
Map(java.util.Map)
Example 7 with ServerFaultException
use of com.sun.identity.saml2.profile.ServerFaultException in project OpenAM by OpenRock.
the class UtilProxySAMLAuthenticatorLookup method retrieveAuthenticationFromCache.
@Override
public void retrieveAuthenticationFromCache() throws SessionException, ServerFaultException, ClientFaultException {
final String classMethod = "UtilProxySAMLAuthenticatorLookup.retrieveAuthenticationFromCache: ";
// the second visit, the user has already authenticated
// retrieve the cache authn request and relay state
// We need the session to pass it to the IDP Adapter preSendResponse
SessionProvider sessionProvider = SessionManager.getProvider();
try {
data.setSession(sessionProvider.getSession(request));
data.getEventAuditor().setSSOTokenId(data.getSession());
} catch (SessionException se) {
SAML2Utils.debug.error("An error occurred while retrieving the session: " + se.getMessage());
data.setSession(null);
}
// Get the cached Authentication Request and Relay State before
// invoking the IDP Adapter
CacheObject cacheObj;
synchronized (IDPCache.authnRequestCache) {
cacheObj = (CacheObject) IDPCache.authnRequestCache.get(data.getRequestID());
}
if (cacheObj != null) {
data.setAuthnRequest((AuthnRequest) cacheObj.getObject());
}
data.setRelayState((String) IDPCache.relayStateCache.get(data.getRequestID()));
if (!isSessionValid(sessionProvider)) {
return;
}
// Invoke the IDP Adapter after the user has been authenticated
if (preSendResponse(request, response, data)) {
return;
}
synchronized (IDPCache.authnRequestCache) {
cacheObj = (CacheObject) IDPCache.authnRequestCache.remove(data.getRequestID());
}
if (cacheObj != null) {
data.setAuthnRequest((AuthnRequest) cacheObj.getObject());
}
synchronized (IDPCache.idpAuthnContextCache) {
cacheObj = (CacheObject) IDPCache.idpAuthnContextCache.remove(data.getRequestID());
}
if (cacheObj != null) {
data.setMatchingAuthnContext((AuthnContext) cacheObj.getObject());
}
data.setRelayState((String) IDPCache.relayStateCache.remove(data.getRequestID()));
if (data.getAuthnRequest() == null) {
authNotAvailable();
return;
}
SAML2Utils.debug.message("{} RequestID= {}", classMethod, data.getRequestID());
boolean isSessionUpgrade = false;
if (CollectionUtils.isNotEmpty(IDPCache.isSessionUpgradeCache)) {
isSessionUpgrade = IDPCache.isSessionUpgradeCache.contains(data.getRequestID());
}
if (isSessionUpgrade) {
IDPSession oldSess = (IDPSession) IDPCache.oldIDPSessionCache.remove(data.getRequestID());
String sessionIndex = IDPSSOUtil.getSessionIndex(data.getSession());
if (StringUtils.isNotEmpty(sessionIndex)) {
IDPCache.idpSessionsByIndices.put(sessionIndex, oldSess);
final FedMonAgent agent = MonitorManager.getAgent();
if (agent != null && agent.isRunning()) {
final FedMonSAML2Svc saml2Svc = MonitorManager.getSAML2Svc();
if (saml2Svc != null) {
saml2Svc.setIdpSessionCount(IDPCache.idpSessionsByIndices.size());
}
}
}
}
if (data.getSession() != null) {
// call multi-federation protocol to set the protocol
MultiProtocolUtils.addFederationProtocol(data.getSession(), SingleLogoutManager.SAML2);
}
// generate assertion response
data.setSpEntityID(data.getAuthnRequest().getIssuer().getValue());
NameIDPolicy policy = data.getAuthnRequest().getNameIDPolicy();
String nameIDFormat = (policy == null) ? null : policy.getFormat();
try {
IDPSSOUtil.sendResponseToACS(request, response, out, data.getSession(), data.getAuthnRequest(), data.getSpEntityID(), data.getIdpEntityID(), data.getIdpMetaAlias(), data.getRealm(), nameIDFormat, data.getRelayState(), data.getMatchingAuthnContext());
} catch (SAML2Exception se) {
SAML2Utils.debug.error(classMethod + "Unable to do sso or federation.", se);
throw new ServerFaultException(data.getIdpAdapter(), SSO_OR_FEDERATION_ERROR, se.getMessage());
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
IDPSession(com.sun.identity.saml2.profile.IDPSession)
FedMonSAML2Svc(com.sun.identity.plugin.monitoring.FedMonSAML2Svc)
NameIDPolicy(com.sun.identity.saml2.protocol.NameIDPolicy)
ServerFaultException(com.sun.identity.saml2.profile.ServerFaultException)
SessionException(com.sun.identity.plugin.session.SessionException)
CacheObject(com.sun.identity.saml2.profile.CacheObject)
FedMonAgent(com.sun.identity.plugin.monitoring.FedMonAgent)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 8 with ServerFaultException
use of com.sun.identity.saml2.profile.ServerFaultException in project OpenAM by OpenRock.
the class UtilProxySAMLAuthenticator method generateAssertionResponse.
private void generateAssertionResponse(IDPSSOFederateRequest data) throws ServerFaultException {
final String classMethod = "IDPSSOFederate.generateAssertionResponse";
// retrieved later when the user successfully authenticates
synchronized (IDPCache.authnRequestCache) {
IDPCache.authnRequestCache.put(data.getRequestID(), new CacheObject(data.getAuthnRequest()));
}
// retrieved later when the user successfully authenticates
synchronized (IDPCache.idpAuthnContextCache) {
IDPCache.idpAuthnContextCache.put(data.getRequestID(), new CacheObject(data.getMatchingAuthnContext()));
}
// retrieved later when the user successfully authenticates
if (StringUtils.isNotBlank(data.getRelayState())) {
IDPCache.relayStateCache.put(data.getRequestID(), data.getRelayState());
}
if (preSendResponse(request, response, data)) {
return;
}
// preSendResponse IDP adapter invocation ended
// call multi-federation protocol to set the protocol
MultiProtocolUtils.addFederationProtocol(data.getSession(), SingleLogoutManager.SAML2);
NameIDPolicy policy = data.getAuthnRequest().getNameIDPolicy();
String nameIDFormat = (policy == null) ? null : policy.getFormat();
try {
IDPSSOUtil.sendResponseToACS(request, response, out, data.getSession(), data.getAuthnRequest(), data.getSpEntityID(), data.getIdpEntityID(), data.getIdpMetaAlias(), data.getRealm(), nameIDFormat, data.getRelayState(), data.getMatchingAuthnContext());
} catch (SAML2Exception se) {
SAML2Utils.debug.error(classMethod + "Unable to do sso or federation.", se);
throw new ServerFaultException(data.getIdpAdapter(), SSO_OR_FEDERATION_ERROR, se.getMessage());
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
NameIDPolicy(com.sun.identity.saml2.protocol.NameIDPolicy)
ServerFaultException(com.sun.identity.saml2.profile.ServerFaultException)
CacheObject(com.sun.identity.saml2.profile.CacheObject)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)7
ServerFaultException (com.sun.identity.saml2.profile.ServerFaultException)7
CacheObject (com.sun.identity.saml2.profile.CacheObject)4
ClientFaultException (com.sun.identity.saml2.profile.ClientFaultException)3
IOException (java.io.IOException)3
Map (java.util.Map)3
SessionException (com.sun.identity.plugin.session.SessionException)2
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)2
IDPSession (com.sun.identity.saml2.profile.IDPSession)2
NameIDPolicy (com.sun.identity.saml2.protocol.NameIDPolicy)2
Response (com.sun.identity.saml2.protocol.Response)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
FedMonAgent (com.sun.identity.plugin.monitoring.FedMonAgent)1
FedMonSAML2Svc (com.sun.identity.plugin.monitoring.FedMonSAML2Svc)1
SessionProvider (com.sun.identity.plugin.session.SessionProvider)1
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)1
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)1
IDPAuthnContextInfo (com.sun.identity.saml2.plugins.IDPAuthnContextInfo)1
IDPAuthnContextMapper (com.sun.identity.saml2.plugins.IDPAuthnContextMapper)1
IDPECPSessionMapper (com.sun.identity.saml2.plugins.IDPECPSessionMapper)1
