use of com.sun.identity.saml2.profile.ServerFaultException in project OpenAM by OpenRock.
the class IDPSSOFederate method idpProxyCase.
/**
* Having read the requestID, look up the preferred IDP for this request.
* If matched, send a proxy authentication request.
* Performs no action if the requestID is null.
*
* @param requestID Nullable identifier for the request. May be null.
* @throws ServerFaultException If we couldn't send the authentication request.
*/
private boolean idpProxyCase(String requestID, HttpServletRequest request, HttpServletResponse response) throws ServerFaultException {
final String classMethod = "IDPSSOFederate.idpProxyCase:";
final Map paramsMap = (Map) SPCache.reqParamHash.get(requestID);
if (requestID != null) {
String preferredIDP = SAML2Utils.getPreferredIDP(request);
if (preferredIDP != null) {
SAML2Utils.debug.message("{} IDP to be proxied {}", classMethod, preferredIDP);
try {
IDPProxyUtil.sendProxyAuthnRequest((AuthnRequest) paramsMap.get("authnReq"), preferredIDP, (SPSSODescriptorElement) paramsMap.get("spSSODescriptor"), (String) paramsMap.get("idpEntityID"), request, response, (String) paramsMap.get("realm"), (String) paramsMap.get("relayState"), (String) paramsMap.get("binding"));
SPCache.reqParamHash.remove(requestID);
return true;
} catch (SAML2Exception | IOException e) {
SAML2Utils.debug.message(classMethod + "{} Redirecting for the proxy handling error: {}", classMethod, e.getMessage());
throw new ServerFaultException("UnableToRedirectToPreferredIDP", e.getMessage());
}
}
}
return false;
}
use of com.sun.identity.saml2.profile.ServerFaultException in project OpenAM by OpenRock.
the class UtilProxySAMLAuthenticatorLookup method retrieveAuthenticationFromCache.
@Override
public void retrieveAuthenticationFromCache() throws SessionException, ServerFaultException, ClientFaultException {
final String classMethod = "UtilProxySAMLAuthenticatorLookup.retrieveAuthenticationFromCache: ";
// the second visit, the user has already authenticated
// retrieve the cache authn request and relay state
// We need the session to pass it to the IDP Adapter preSendResponse
SessionProvider sessionProvider = SessionManager.getProvider();
try {
data.setSession(sessionProvider.getSession(request));
data.getEventAuditor().setSSOTokenId(data.getSession());
} catch (SessionException se) {
SAML2Utils.debug.error("An error occurred while retrieving the session: " + se.getMessage());
data.setSession(null);
}
// Get the cached Authentication Request and Relay State before
// invoking the IDP Adapter
CacheObject cacheObj;
synchronized (IDPCache.authnRequestCache) {
cacheObj = (CacheObject) IDPCache.authnRequestCache.get(data.getRequestID());
}
if (cacheObj != null) {
data.setAuthnRequest((AuthnRequest) cacheObj.getObject());
}
data.setRelayState((String) IDPCache.relayStateCache.get(data.getRequestID()));
if (!isSessionValid(sessionProvider)) {
return;
}
// Invoke the IDP Adapter after the user has been authenticated
if (preSendResponse(request, response, data)) {
return;
}
synchronized (IDPCache.authnRequestCache) {
cacheObj = (CacheObject) IDPCache.authnRequestCache.remove(data.getRequestID());
}
if (cacheObj != null) {
data.setAuthnRequest((AuthnRequest) cacheObj.getObject());
}
synchronized (IDPCache.idpAuthnContextCache) {
cacheObj = (CacheObject) IDPCache.idpAuthnContextCache.remove(data.getRequestID());
}
if (cacheObj != null) {
data.setMatchingAuthnContext((AuthnContext) cacheObj.getObject());
}
data.setRelayState((String) IDPCache.relayStateCache.remove(data.getRequestID()));
if (data.getAuthnRequest() == null) {
authNotAvailable();
return;
}
SAML2Utils.debug.message("{} RequestID= {}", classMethod, data.getRequestID());
boolean isSessionUpgrade = false;
if (CollectionUtils.isNotEmpty(IDPCache.isSessionUpgradeCache)) {
isSessionUpgrade = IDPCache.isSessionUpgradeCache.contains(data.getRequestID());
}
if (isSessionUpgrade) {
IDPSession oldSess = (IDPSession) IDPCache.oldIDPSessionCache.remove(data.getRequestID());
String sessionIndex = IDPSSOUtil.getSessionIndex(data.getSession());
if (StringUtils.isNotEmpty(sessionIndex)) {
IDPCache.idpSessionsByIndices.put(sessionIndex, oldSess);
final FedMonAgent agent = MonitorManager.getAgent();
if (agent != null && agent.isRunning()) {
final FedMonSAML2Svc saml2Svc = MonitorManager.getSAML2Svc();
if (saml2Svc != null) {
saml2Svc.setIdpSessionCount(IDPCache.idpSessionsByIndices.size());
}
}
}
}
if (data.getSession() != null) {
// call multi-federation protocol to set the protocol
MultiProtocolUtils.addFederationProtocol(data.getSession(), SingleLogoutManager.SAML2);
}
// generate assertion response
data.setSpEntityID(data.getAuthnRequest().getIssuer().getValue());
NameIDPolicy policy = data.getAuthnRequest().getNameIDPolicy();
String nameIDFormat = (policy == null) ? null : policy.getFormat();
try {
IDPSSOUtil.sendResponseToACS(request, response, out, data.getSession(), data.getAuthnRequest(), data.getSpEntityID(), data.getIdpEntityID(), data.getIdpMetaAlias(), data.getRealm(), nameIDFormat, data.getRelayState(), data.getMatchingAuthnContext());
} catch (SAML2Exception se) {
SAML2Utils.debug.error(classMethod + "Unable to do sso or federation.", se);
throw new ServerFaultException(data.getIdpAdapter(), SSO_OR_FEDERATION_ERROR, se.getMessage());
}
}
use of com.sun.identity.saml2.profile.ServerFaultException in project OpenAM by OpenRock.
the class UtilProxySAMLAuthenticator method generateAssertionResponse.
private void generateAssertionResponse(IDPSSOFederateRequest data) throws ServerFaultException {
final String classMethod = "IDPSSOFederate.generateAssertionResponse";
// retrieved later when the user successfully authenticates
synchronized (IDPCache.authnRequestCache) {
IDPCache.authnRequestCache.put(data.getRequestID(), new CacheObject(data.getAuthnRequest()));
}
// retrieved later when the user successfully authenticates
synchronized (IDPCache.idpAuthnContextCache) {
IDPCache.idpAuthnContextCache.put(data.getRequestID(), new CacheObject(data.getMatchingAuthnContext()));
}
// retrieved later when the user successfully authenticates
if (StringUtils.isNotBlank(data.getRelayState())) {
IDPCache.relayStateCache.put(data.getRequestID(), data.getRelayState());
}
if (preSendResponse(request, response, data)) {
return;
}
// preSendResponse IDP adapter invocation ended
// call multi-federation protocol to set the protocol
MultiProtocolUtils.addFederationProtocol(data.getSession(), SingleLogoutManager.SAML2);
NameIDPolicy policy = data.getAuthnRequest().getNameIDPolicy();
String nameIDFormat = (policy == null) ? null : policy.getFormat();
try {
IDPSSOUtil.sendResponseToACS(request, response, out, data.getSession(), data.getAuthnRequest(), data.getSpEntityID(), data.getIdpEntityID(), data.getIdpMetaAlias(), data.getRealm(), nameIDFormat, data.getRelayState(), data.getMatchingAuthnContext());
} catch (SAML2Exception se) {
SAML2Utils.debug.error(classMethod + "Unable to do sso or federation.", se);
throw new ServerFaultException(data.getIdpAdapter(), SSO_OR_FEDERATION_ERROR, se.getMessage());
}
}
Aggregations