Search in sources :

Example 6 with ServerFaultException

use of com.sun.identity.saml2.profile.ServerFaultException in project OpenAM by OpenRock.

the class IDPSSOFederate method idpProxyCase.

/**
     * Having read the requestID, look up the preferred IDP for this request.
     * If matched, send a proxy authentication request.
     * Performs no action if the requestID is null.
     *
     * @param requestID Nullable identifier for the request. May be null.
     * @throws ServerFaultException If we couldn't send the authentication request.
     */
private boolean idpProxyCase(String requestID, HttpServletRequest request, HttpServletResponse response) throws ServerFaultException {
    final String classMethod = "IDPSSOFederate.idpProxyCase:";
    final Map paramsMap = (Map) SPCache.reqParamHash.get(requestID);
    if (requestID != null) {
        String preferredIDP = SAML2Utils.getPreferredIDP(request);
        if (preferredIDP != null) {
            SAML2Utils.debug.message("{} IDP to be proxied {}", classMethod, preferredIDP);
            try {
                IDPProxyUtil.sendProxyAuthnRequest((AuthnRequest) paramsMap.get("authnReq"), preferredIDP, (SPSSODescriptorElement) paramsMap.get("spSSODescriptor"), (String) paramsMap.get("idpEntityID"), request, response, (String) paramsMap.get("realm"), (String) paramsMap.get("relayState"), (String) paramsMap.get("binding"));
                SPCache.reqParamHash.remove(requestID);
                return true;
            } catch (SAML2Exception | IOException e) {
                SAML2Utils.debug.message(classMethod + "{} Redirecting for the proxy handling error: {}", classMethod, e.getMessage());
                throw new ServerFaultException("UnableToRedirectToPreferredIDP", e.getMessage());
            }
        }
    }
    return false;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) IOException(java.io.IOException) Map(java.util.Map)

Example 7 with ServerFaultException

use of com.sun.identity.saml2.profile.ServerFaultException in project OpenAM by OpenRock.

the class UtilProxySAMLAuthenticatorLookup method retrieveAuthenticationFromCache.

@Override
public void retrieveAuthenticationFromCache() throws SessionException, ServerFaultException, ClientFaultException {
    final String classMethod = "UtilProxySAMLAuthenticatorLookup.retrieveAuthenticationFromCache: ";
    // the second visit, the user has already authenticated
    // retrieve the cache authn request and relay state
    // We need the session to pass it to the IDP Adapter preSendResponse
    SessionProvider sessionProvider = SessionManager.getProvider();
    try {
        data.setSession(sessionProvider.getSession(request));
        data.getEventAuditor().setSSOTokenId(data.getSession());
    } catch (SessionException se) {
        SAML2Utils.debug.error("An error occurred while retrieving the session: " + se.getMessage());
        data.setSession(null);
    }
    // Get the cached Authentication Request and Relay State before
    // invoking the IDP Adapter
    CacheObject cacheObj;
    synchronized (IDPCache.authnRequestCache) {
        cacheObj = (CacheObject) IDPCache.authnRequestCache.get(data.getRequestID());
    }
    if (cacheObj != null) {
        data.setAuthnRequest((AuthnRequest) cacheObj.getObject());
    }
    data.setRelayState((String) IDPCache.relayStateCache.get(data.getRequestID()));
    if (!isSessionValid(sessionProvider)) {
        return;
    }
    // Invoke the IDP Adapter after the user has been authenticated
    if (preSendResponse(request, response, data)) {
        return;
    }
    synchronized (IDPCache.authnRequestCache) {
        cacheObj = (CacheObject) IDPCache.authnRequestCache.remove(data.getRequestID());
    }
    if (cacheObj != null) {
        data.setAuthnRequest((AuthnRequest) cacheObj.getObject());
    }
    synchronized (IDPCache.idpAuthnContextCache) {
        cacheObj = (CacheObject) IDPCache.idpAuthnContextCache.remove(data.getRequestID());
    }
    if (cacheObj != null) {
        data.setMatchingAuthnContext((AuthnContext) cacheObj.getObject());
    }
    data.setRelayState((String) IDPCache.relayStateCache.remove(data.getRequestID()));
    if (data.getAuthnRequest() == null) {
        authNotAvailable();
        return;
    }
    SAML2Utils.debug.message("{} RequestID= {}", classMethod, data.getRequestID());
    boolean isSessionUpgrade = false;
    if (CollectionUtils.isNotEmpty(IDPCache.isSessionUpgradeCache)) {
        isSessionUpgrade = IDPCache.isSessionUpgradeCache.contains(data.getRequestID());
    }
    if (isSessionUpgrade) {
        IDPSession oldSess = (IDPSession) IDPCache.oldIDPSessionCache.remove(data.getRequestID());
        String sessionIndex = IDPSSOUtil.getSessionIndex(data.getSession());
        if (StringUtils.isNotEmpty(sessionIndex)) {
            IDPCache.idpSessionsByIndices.put(sessionIndex, oldSess);
            final FedMonAgent agent = MonitorManager.getAgent();
            if (agent != null && agent.isRunning()) {
                final FedMonSAML2Svc saml2Svc = MonitorManager.getSAML2Svc();
                if (saml2Svc != null) {
                    saml2Svc.setIdpSessionCount(IDPCache.idpSessionsByIndices.size());
                }
            }
        }
    }
    if (data.getSession() != null) {
        // call multi-federation protocol to set the protocol
        MultiProtocolUtils.addFederationProtocol(data.getSession(), SingleLogoutManager.SAML2);
    }
    // generate assertion response
    data.setSpEntityID(data.getAuthnRequest().getIssuer().getValue());
    NameIDPolicy policy = data.getAuthnRequest().getNameIDPolicy();
    String nameIDFormat = (policy == null) ? null : policy.getFormat();
    try {
        IDPSSOUtil.sendResponseToACS(request, response, out, data.getSession(), data.getAuthnRequest(), data.getSpEntityID(), data.getIdpEntityID(), data.getIdpMetaAlias(), data.getRealm(), nameIDFormat, data.getRelayState(), data.getMatchingAuthnContext());
    } catch (SAML2Exception se) {
        SAML2Utils.debug.error(classMethod + "Unable to do sso or federation.", se);
        throw new ServerFaultException(data.getIdpAdapter(), SSO_OR_FEDERATION_ERROR, se.getMessage());
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) IDPSession(com.sun.identity.saml2.profile.IDPSession) FedMonSAML2Svc(com.sun.identity.plugin.monitoring.FedMonSAML2Svc) NameIDPolicy(com.sun.identity.saml2.protocol.NameIDPolicy) ServerFaultException(com.sun.identity.saml2.profile.ServerFaultException) SessionException(com.sun.identity.plugin.session.SessionException) CacheObject(com.sun.identity.saml2.profile.CacheObject) FedMonAgent(com.sun.identity.plugin.monitoring.FedMonAgent) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 8 with ServerFaultException

use of com.sun.identity.saml2.profile.ServerFaultException in project OpenAM by OpenRock.

the class UtilProxySAMLAuthenticator method generateAssertionResponse.

private void generateAssertionResponse(IDPSSOFederateRequest data) throws ServerFaultException {
    final String classMethod = "IDPSSOFederate.generateAssertionResponse";
    // retrieved later when the user successfully authenticates
    synchronized (IDPCache.authnRequestCache) {
        IDPCache.authnRequestCache.put(data.getRequestID(), new CacheObject(data.getAuthnRequest()));
    }
    // retrieved later when the user successfully authenticates
    synchronized (IDPCache.idpAuthnContextCache) {
        IDPCache.idpAuthnContextCache.put(data.getRequestID(), new CacheObject(data.getMatchingAuthnContext()));
    }
    // retrieved later when the user successfully authenticates
    if (StringUtils.isNotBlank(data.getRelayState())) {
        IDPCache.relayStateCache.put(data.getRequestID(), data.getRelayState());
    }
    if (preSendResponse(request, response, data)) {
        return;
    }
    // preSendResponse IDP adapter invocation ended
    // call multi-federation protocol to set the protocol
    MultiProtocolUtils.addFederationProtocol(data.getSession(), SingleLogoutManager.SAML2);
    NameIDPolicy policy = data.getAuthnRequest().getNameIDPolicy();
    String nameIDFormat = (policy == null) ? null : policy.getFormat();
    try {
        IDPSSOUtil.sendResponseToACS(request, response, out, data.getSession(), data.getAuthnRequest(), data.getSpEntityID(), data.getIdpEntityID(), data.getIdpMetaAlias(), data.getRealm(), nameIDFormat, data.getRelayState(), data.getMatchingAuthnContext());
    } catch (SAML2Exception se) {
        SAML2Utils.debug.error(classMethod + "Unable to do sso or federation.", se);
        throw new ServerFaultException(data.getIdpAdapter(), SSO_OR_FEDERATION_ERROR, se.getMessage());
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) NameIDPolicy(com.sun.identity.saml2.protocol.NameIDPolicy) ServerFaultException(com.sun.identity.saml2.profile.ServerFaultException) CacheObject(com.sun.identity.saml2.profile.CacheObject)

Aggregations

SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)7 ServerFaultException (com.sun.identity.saml2.profile.ServerFaultException)7 CacheObject (com.sun.identity.saml2.profile.CacheObject)4 ClientFaultException (com.sun.identity.saml2.profile.ClientFaultException)3 IOException (java.io.IOException)3 Map (java.util.Map)3 SessionException (com.sun.identity.plugin.session.SessionException)2 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)2 IDPSession (com.sun.identity.saml2.profile.IDPSession)2 NameIDPolicy (com.sun.identity.saml2.protocol.NameIDPolicy)2 Response (com.sun.identity.saml2.protocol.Response)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2 FedMonAgent (com.sun.identity.plugin.monitoring.FedMonAgent)1 FedMonSAML2Svc (com.sun.identity.plugin.monitoring.FedMonSAML2Svc)1 SessionProvider (com.sun.identity.plugin.session.SessionProvider)1 IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)1 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)1 IDPAuthnContextInfo (com.sun.identity.saml2.plugins.IDPAuthnContextInfo)1 IDPAuthnContextMapper (com.sun.identity.saml2.plugins.IDPAuthnContextMapper)1 IDPECPSessionMapper (com.sun.identity.saml2.plugins.IDPECPSessionMapper)1