Example 6 with Artifact
use of com.sun.identity.saml2.protocol.Artifact in project OpenAM by OpenRock.
the class SPACSUtils method getResponseFromArtifact.
// Retrieves response using artifact profile.
private static Response getResponseFromArtifact(String samlArt, String hostEntityId, HttpServletRequest request, HttpServletResponse response, String orgName, SAML2MetaManager sm) throws SAML2Exception, IOException {
// decide which IDP and which artifact resolution service
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("SPACSUtils.getResponseFromArtifact: " + "samlArt = " + samlArt);
}
Artifact art = null;
try {
art = ProtocolFactory.getInstance().createArtifact(samlArt.trim());
String[] data = { samlArt.trim() };
LogUtil.access(Level.INFO, LogUtil.RECEIVED_ARTIFACT, data, null);
} catch (SAML2Exception se) {
SAML2Utils.debug.error("SPACSUtils.getResponseFromArtifact: " + "Unable to decode and parse artifact string:" + samlArt);
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "errorObtainArtifact", SAML2Utils.bundle.getString("errorObtainArtifact"));
throw se;
}
String idpEntityID = getIDPEntityID(art, request, response, orgName, sm);
IDPSSODescriptorElement idp = null;
try {
idp = sm.getIDPSSODescriptor(orgName, idpEntityID);
} catch (SAML2MetaException se) {
String[] data = { orgName, idpEntityID };
LogUtil.error(Level.INFO, LogUtil.IDP_META_NOT_FOUND, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "failedToGetIDPSSODescriptor", se.getMessage());
throw se;
}
String location = getIDPArtifactResolutionServiceUrl(art.getEndpointIndex(), idpEntityID, idp, request, response);
// create ArtifactResolve message
ArtifactResolve resolve = null;
SOAPMessage resMsg = null;
try {
resolve = ProtocolFactory.getInstance().createArtifactResolve();
resolve.setID(SAML2Utils.generateID());
resolve.setVersion(SAML2Constants.VERSION_2_0);
resolve.setIssueInstant(new Date());
resolve.setArtifact(art);
resolve.setDestination(XMLUtils.escapeSpecialCharacters(location));
Issuer issuer = AssertionFactory.getInstance().createIssuer();
issuer.setValue(hostEntityId);
resolve.setIssuer(issuer);
String needArtiResolveSigned = SAML2Utils.getAttributeValueFromSSOConfig(orgName, idpEntityID, SAML2Constants.IDP_ROLE, SAML2Constants.WANT_ARTIFACT_RESOLVE_SIGNED);
if (needArtiResolveSigned != null && needArtiResolveSigned.equals("true")) {
// or save it somewhere?
String signAlias = getAttributeValueFromSPSSOConfig(orgName, hostEntityId, sm, SAML2Constants.SIGNING_CERT_ALIAS);
if (signAlias == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
}
KeyProvider kp = KeyUtil.getKeyProviderInstance();
if (kp == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("nullKeyProvider"));
}
resolve.sign(kp.getPrivateKey(signAlias), kp.getX509Certificate(signAlias));
}
String resolveString = resolve.toXMLString(true, true);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("SPACSUtils.getResponseFromArtifact: " + "ArtifactResolve=" + resolveString);
}
SOAPConnection con = SOAPCommunicator.getInstance().openSOAPConnection();
SOAPMessage msg = SOAPCommunicator.getInstance().createSOAPMessage(resolveString, true);
IDPSSOConfigElement config = null;
config = sm.getIDPSSOConfig(orgName, idpEntityID);
location = SAML2Utils.fillInBasicAuthInfo(config, location);
resMsg = con.call(msg, location);
} catch (SAML2Exception s2e) {
SAML2Utils.debug.error("SPACSUtils.getResponseFromArtifact: " + "couldn't create ArtifactResolve:", s2e);
String[] data = { hostEntityId, art.getArtifactValue() };
LogUtil.error(Level.INFO, LogUtil.CANNOT_CREATE_ARTIFACT_RESOLVE, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "errorCreateArtifactResolve", SAML2Utils.bundle.getString("errorCreateArtifactResolve"));
throw s2e;
} catch (SOAPException se) {
SAML2Utils.debug.error("SPACSUtils.getResponseFromGet: " + "couldn't get ArtifactResponse. SOAP error:", se);
String[] data = { hostEntityId, location };
LogUtil.error(Level.INFO, LogUtil.CANNOT_GET_SOAP_RESPONSE, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "errorInSOAPCommunication", SAML2Utils.bundle.getString("errorInSOAPCommunication"));
throw new SAML2Exception(se.getMessage());
}
Response result = getResponseFromSOAP(resMsg, resolve, request, response, idpEntityID, idp, orgName, hostEntityId, sm);
String[] data = { hostEntityId, idpEntityID, art.getArtifactValue(), "" };
if (LogUtil.isAccessLoggable(Level.FINE)) {
data[3] = result.toXMLString();
}
LogUtil.access(Level.INFO, LogUtil.GOT_RESPONSE_FROM_ARTIFACT, data, null);
return result;
}
Also used :
KeyProvider(com.sun.identity.saml.xmlsig.KeyProvider)
Issuer(com.sun.identity.saml2.assertion.Issuer)
SOAPConnection(javax.xml.soap.SOAPConnection)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
SOAPMessage(javax.xml.soap.SOAPMessage)
Artifact(com.sun.identity.saml2.protocol.Artifact)
Date(java.util.Date)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Response(com.sun.identity.saml2.protocol.Response)
ArtifactResponse(com.sun.identity.saml2.protocol.ArtifactResponse)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ArtifactResolve(com.sun.identity.saml2.protocol.ArtifactResolve)
SOAPException(javax.xml.soap.SOAPException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Example 7 with Artifact
use of com.sun.identity.saml2.protocol.Artifact in project OpenAM by OpenRock.
the class SPACSUtils method getResponse.
/**
* Retrieves <code>SAML</code> <code>Response</code> from http request.
* It handles three cases:
* <pre>
* 1. using http method get using request parameter "resID".
* This is the case after local login is done.
* 2. using http method get using request parameter "SAMLart".
* This is the case for artifact profile.
* 3. using http method post. This is the case for post profile.
* </pre>
*
* @param request http servlet request
* @param response http servlet response
* @param orgName realm or organization name the service provider resides in
* @param hostEntityId Entity ID of the hosted service provider
* @param metaManager <code>SAML2MetaManager</code> instance.
* @return <code>ResponseInfo</code> instance.
* @throws SAML2Exception,IOException if it fails in the process.
*/
public static ResponseInfo getResponse(HttpServletRequest request, HttpServletResponse response, String orgName, String hostEntityId, SAML2MetaManager metaManager) throws SAML2Exception, IOException {
ResponseInfo respInfo = null;
String method = request.getMethod();
if (method.equals("GET")) {
if (!SAML2Utils.isSPProfileBindingSupported(orgName, hostEntityId, SAML2Constants.ACS_SERVICE, SAML2Constants.HTTP_ARTIFACT)) {
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "unsupportedBinding", SAML2Utils.bundle.getString("unsupportedBinding"));
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
respInfo = getResponseFromGet(request, response, orgName, hostEntityId, metaManager);
} else if (method.equals("POST")) {
String pathInfo = request.getPathInfo();
if ((pathInfo != null) && (pathInfo.startsWith("/ECP"))) {
if (!SAML2Utils.isSPProfileBindingSupported(orgName, hostEntityId, SAML2Constants.ACS_SERVICE, SAML2Constants.PAOS)) {
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "unsupportedBinding", SAML2Utils.bundle.getString("unsupportedBinding"));
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
respInfo = getResponseFromPostECP(request, response, orgName, hostEntityId, metaManager);
} else {
if (!SAML2Utils.isSPProfileBindingSupported(orgName, hostEntityId, SAML2Constants.ACS_SERVICE, SAML2Constants.HTTP_POST)) {
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "unsupportedBinding", SAML2Utils.bundle.getString("unsupportedBinding"));
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
respInfo = getResponseFromPost(request, response, orgName, hostEntityId, metaManager);
}
} else {
// not supported
SAMLUtils.sendError(request, response, response.SC_METHOD_NOT_ALLOWED, "notSupportedHTTPMethod", SAML2Utils.bundle.getString("notSupportedHTTPMethod"));
throw new SAML2Exception(SAML2Utils.bundle.getString("notSupportedHTTPMethod"));
}
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("SPACSUtils.getResponse: got response=" + respInfo.getResponse().toXMLString(true, true));
}
return respInfo;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Example 8 with Artifact
use of com.sun.identity.saml2.protocol.Artifact in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method setIDPStdAttributeValues.
/**
* Saves the standard attribute values for the Identiy Provider.
*
* @param realm to which the entity belongs.
* @param entityName is the entity id.
* @param idpStdValues Map which contains the standard attribute values.
* @throws AMConsoleException if saving of attribute value fails.
*/
public void setIDPStdAttributeValues(String realm, String entityName, Map idpStdValues) throws AMConsoleException {
String[] params = { realm, entityName, "SAMLv2", "IDP-Standard" };
logEvent("ATTEMPT_MODIFY_ENTITY_DESCRIPTOR", params);
IDPSSODescriptorElement idpssoDescriptor = null;
com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact = new com.sun.identity.saml2.jaxb.metadata.ObjectFactory();
try {
SAML2MetaManager samlManager = getSAML2MetaManager();
EntityDescriptorElement entityDescriptor = samlManager.getEntityDescriptor(realm, entityName);
idpssoDescriptor = samlManager.getIDPSSODescriptor(realm, entityName);
if (idpssoDescriptor != null) {
// save for WantAuthnRequestsSigned
if (idpStdValues.keySet().contains(WANT_AUTHN_REQ_SIGNED)) {
boolean value = setToBoolean(idpStdValues, WANT_AUTHN_REQ_SIGNED);
idpssoDescriptor.setWantAuthnRequestsSigned(value);
}
// save for Artifact Resolution Service
if (idpStdValues.keySet().contains(ART_RES_LOCATION)) {
String artLocation = getResult(idpStdValues, ART_RES_LOCATION);
String indexValue = getResult(idpStdValues, ART_RES_INDEX);
if (StringUtils.isEmpty(indexValue)) {
indexValue = "0";
}
boolean isDefault = setToBoolean(idpStdValues, ART_RES_ISDEFAULT);
ArtifactResolutionServiceElement elem = null;
List artList = idpssoDescriptor.getArtifactResolutionService();
if (artList.isEmpty()) {
elem = objFact.createArtifactResolutionServiceElement();
elem.setBinding(soapBinding);
elem.setLocation("");
elem.setIndex(0);
elem.setIsDefault(false);
idpssoDescriptor.getArtifactResolutionService().add(elem);
artList = idpssoDescriptor.getArtifactResolutionService();
}
elem = (ArtifactResolutionServiceElement) artList.get(0);
elem.setLocation(artLocation);
elem.setIndex(Integer.parseInt(indexValue));
elem.setIsDefault(isDefault);
idpssoDescriptor.getArtifactResolutionService().clear();
idpssoDescriptor.getArtifactResolutionService().add(elem);
}
// save for Single Logout Service - Http-Redirect
if (idpStdValues.keySet().contains(SINGLE_LOGOUT_HTTP_LOCATION)) {
String lohttpLocation = getResult(idpStdValues, SINGLE_LOGOUT_HTTP_LOCATION);
String lohttpRespLocation = getResult(idpStdValues, SINGLE_LOGOUT_HTTP_RESP_LOCATION);
String postLocation = getResult(idpStdValues, SLO_POST_LOC);
String postRespLocation = getResult(idpStdValues, SLO_POST_RESPLOC);
String losoapLocation = getResult(idpStdValues, SINGLE_LOGOUT_SOAP_LOCATION);
String priority = getResult(idpStdValues, SINGLE_LOGOUT_DEFAULT);
if (priority.contains("none")) {
if (lohttpLocation != null) {
priority = httpRedirectBinding;
} else if (postLocation != null) {
priority = httpPostBinding;
} else if (losoapLocation != null) {
priority = soapBinding;
}
}
List logList = idpssoDescriptor.getSingleLogoutService();
if (!logList.isEmpty()) {
logList.clear();
}
if (priority != null && priority.contains("HTTP-Redirect")) {
savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
savepostLogout(postLocation, postRespLocation, logList, objFact);
savesoapLogout(losoapLocation, logList, objFact);
} else if (priority != null && priority.contains("HTTP-POST")) {
savepostLogout(postLocation, postRespLocation, logList, objFact);
savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
savesoapLogout(losoapLocation, logList, objFact);
} else if (priority != null && priority.contains("SOAP")) {
savesoapLogout(losoapLocation, logList, objFact);
savehttpRedLogout(lohttpLocation, lohttpRespLocation, logList, objFact);
savepostLogout(postLocation, postRespLocation, logList, objFact);
}
}
// save for Manage Name ID Service
if (idpStdValues.keySet().contains(MANAGE_NAMEID_HTTP_LOCATION)) {
String mnihttpLocation = getResult(idpStdValues, MANAGE_NAMEID_HTTP_LOCATION);
String mnihttpRespLocation = getResult(idpStdValues, MANAGE_NAMEID_HTTP_RESP_LOCATION);
String mnipostLocation = getResult(idpStdValues, MNI_POST_LOC);
String mnipostRespLocation = getResult(idpStdValues, MNI_POST_RESPLOC);
String mnisoapLocation = getResult(idpStdValues, MANAGE_NAMEID_SOAP_LOCATION);
String priority = getResult(idpStdValues, SINGLE_MANAGE_NAMEID_DEFAULT);
if (priority.contains("none")) {
if (mnihttpLocation != null) {
priority = httpRedirectBinding;
} else if (mnipostLocation != null) {
priority = httpPostBinding;
} else if (mnisoapLocation != null) {
priority = soapBinding;
}
}
List manageNameIdList = idpssoDescriptor.getManageNameIDService();
if (!manageNameIdList.isEmpty()) {
manageNameIdList.clear();
}
if (priority != null && priority.contains("HTTP-Redirect")) {
savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
savesoapMni(mnisoapLocation, manageNameIdList, objFact);
} else if (priority != null && priority.contains("HTTP-POST")) {
savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
savesoapMni(mnisoapLocation, manageNameIdList, objFact);
} else if (priority != null && priority.contains("SOAP")) {
savesoapMni(mnisoapLocation, manageNameIdList, objFact);
savehttpRedMni(mnihttpLocation, mnihttpRespLocation, manageNameIdList, objFact);
savepostMni(mnipostLocation, mnipostRespLocation, manageNameIdList, objFact);
}
}
//save nameid mapping
if (idpStdValues.keySet().contains(NAME_ID_MAPPPING)) {
String nameIDmappingloc = getResult(idpStdValues, NAME_ID_MAPPPING);
NameIDMappingServiceElement namidElem1 = null;
List nameIDmappingList = idpssoDescriptor.getNameIDMappingService();
if (nameIDmappingList.isEmpty()) {
namidElem1 = objFact.createNameIDMappingServiceElement();
namidElem1.setBinding(soapBinding);
idpssoDescriptor.getNameIDMappingService().add(namidElem1);
nameIDmappingList = idpssoDescriptor.getNameIDMappingService();
}
namidElem1 = (NameIDMappingServiceElement) nameIDmappingList.get(0);
namidElem1.setLocation(nameIDmappingloc);
idpssoDescriptor.getNameIDMappingService().clear();
idpssoDescriptor.getNameIDMappingService().add(namidElem1);
}
//save nameid format
if (idpStdValues.keySet().contains(NAMEID_FORMAT)) {
saveNameIdFormat(idpssoDescriptor, idpStdValues);
}
//save for SingleSignOnService
if (idpStdValues.keySet().contains(SINGLE_SIGNON_HTTP_LOCATION)) {
String ssohttpLocation = getResult(idpStdValues, SINGLE_SIGNON_HTTP_LOCATION);
String ssopostLocation = getResult(idpStdValues, SINGLE_SIGNON_SOAP_LOCATION);
String ssoSoapLocation = getResult(idpStdValues, SSO_SOAPS_LOC);
List signonList = idpssoDescriptor.getSingleSignOnService();
if (!signonList.isEmpty()) {
signonList.clear();
}
if (ssohttpLocation != null && ssohttpLocation.length() > 0) {
SingleSignOnServiceElement slsElemRed = objFact.createSingleSignOnServiceElement();
slsElemRed.setBinding(httpRedirectBinding);
slsElemRed.setLocation(ssohttpLocation);
signonList.add(slsElemRed);
}
if (ssopostLocation != null && ssopostLocation.length() > 0) {
SingleSignOnServiceElement slsElemPost = objFact.createSingleSignOnServiceElement();
slsElemPost.setBinding(httpPostBinding);
slsElemPost.setLocation(ssopostLocation);
signonList.add(slsElemPost);
}
if (ssoSoapLocation != null && ssoSoapLocation.length() > 0) {
SingleSignOnServiceElement slsElemSoap = objFact.createSingleSignOnServiceElement();
slsElemSoap.setBinding(soapBinding);
slsElemSoap.setLocation(ssoSoapLocation);
signonList.add(slsElemSoap);
}
}
samlManager.setEntityDescriptor(realm, entityDescriptor);
}
logEvent("SUCCEED_MODIFY_ENTITY_DESCRIPTOR", params);
} catch (SAML2MetaException e) {
debug.warning("SAMLv2ModelImpl.setIDPStdAttributeValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "IDP-Standard", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
throw new AMConsoleException(strError);
} catch (JAXBException e) {
debug.warning("SAMLv2ModelImpl.setIDPStdAttributeValues:", e);
String strError = getErrorString(e);
String[] paramsEx = { realm, entityName, "SAMLv2", "IDP-Standard", strError };
logEvent("FEDERATION_EXCEPTION_MODIFY_ENTITY_DESCRIPTOR", paramsEx);
}
}
Also used :
JAXBException(javax.xml.bind.JAXBException)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
EntityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)
SingleSignOnServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleSignOnServiceElement)
ArtifactResolutionServiceElement(com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement)
NameIDMappingServiceElement(com.sun.identity.saml2.jaxb.metadata.NameIDMappingServiceElement)
ObjectFactory(com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)
List(java.util.List)
ArrayList(java.util.ArrayList)
AMConsoleException(com.sun.identity.console.base.model.AMConsoleException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Example 9 with Artifact
use of com.sun.identity.saml2.protocol.Artifact in project OpenAM by OpenRock.
the class SPACSUtils method getResponseFromSOAP.
/**
* Obtains <code>SAML Response</code> from <code>SOAPBody</code>.
* Used by Artifact profile.
*/
private static Response getResponseFromSOAP(SOAPMessage resMsg, ArtifactResolve resolve, HttpServletRequest request, HttpServletResponse response, String idpEntityID, IDPSSODescriptorElement idp, String orgName, String hostEntityId, SAML2MetaManager sm) throws SAML2Exception, IOException {
String method = "SPACSUtils.getResponseFromSOAP:";
Element resElem = null;
try {
resElem = SOAPCommunicator.getInstance().getSamlpElement(resMsg, "ArtifactResponse");
} catch (SAML2Exception se) {
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.SOAP_ERROR, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "soapError", se.getMessage());
throw se;
}
ArtifactResponse artiResp = null;
try {
artiResp = ProtocolFactory.getInstance().createArtifactResponse(resElem);
} catch (SAML2Exception se) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(method + "Couldn't create " + "ArtifactResponse:", se);
}
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.CANNOT_INSTANTIATE_ARTIFACT_RESPONSE, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "failedToCreateArtifactResponse", se.getMessage());
throw se;
}
if (artiResp == null) {
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.MISSING_ARTIFACT_RESPONSE, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "missingArtifactResponse", SAML2Utils.bundle.getString("missingArtifactResponse"));
throw new SAML2Exception(SAML2Utils.bundle.getString("missingArtifactResponse"));
} else {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(method + "Received ArtifactResponse:" + artiResp.toXMLString(true, true));
}
}
// verify ArtifactResponse
String wantArtiRespSigned = getAttributeValueFromSPSSOConfig(orgName, hostEntityId, sm, SAML2Constants.WANT_ARTIFACT_RESPONSE_SIGNED);
if (wantArtiRespSigned != null && wantArtiRespSigned.equals("true")) {
Set<X509Certificate> verificationCerts = KeyUtil.getVerificationCerts(idp, idpEntityID, SAML2Constants.IDP_ROLE);
if (!artiResp.isSigned() || !artiResp.isSignatureValid(verificationCerts)) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(method + "ArtifactResponse's signature is invalid.");
}
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.ARTIFACT_RESPONSE_INVALID_SIGNATURE, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "invalidSignature", SAML2Utils.bundle.getString("invalidSignature"));
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignature"));
}
}
String inResponseTo = artiResp.getInResponseTo();
if (inResponseTo == null || !inResponseTo.equals(resolve.getID())) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(method + "ArtifactResponse's InResponseTo is invalid.");
}
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.ARTIFACT_RESPONSE_INVALID_INRESPONSETO, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "invalidInResponseTo", SAML2Utils.bundle.getString("invalidInResponseTo"));
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidInResponseTo"));
}
Issuer idpIssuer = artiResp.getIssuer();
if (idpIssuer == null || !idpIssuer.getValue().equals(idpEntityID)) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(method + "ArtifactResponse's Issuer is invalid.");
}
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.ARTIFACT_RESPONSE_INVALID_ISSUER, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "invalidIssuer", SAML2Utils.bundle.getString("invalidIssuer"));
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidIssuer"));
}
// check time?
Status status = artiResp.getStatus();
if (status == null || !status.getStatusCode().getValue().equals(SAML2Constants.SUCCESS)) {
String statusCode = (status == null) ? "" : status.getStatusCode().getValue();
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(method + "ArtifactResponse's status code is not success." + statusCode);
}
String[] data = { idpEntityID, "" };
if (LogUtil.isErrorLoggable(Level.FINE)) {
data[1] = statusCode;
}
LogUtil.error(Level.INFO, LogUtil.ARTIFACT_RESPONSE_INVALID_STATUS_CODE, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "invalidStatusCode", SAML2Utils.bundle.getString("invalidStatusCode"));
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidStatusCode"));
}
try {
return ProtocolFactory.getInstance().createResponse(artiResp.getAny());
} catch (SAML2Exception se) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(method + "couldn't instantiate Response:", se);
}
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.CANNOT_INSTANTIATE_RESPONSE_ARTIFACT, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "failedToCreateResponse", se.getMessage());
throw se;
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Status(com.sun.identity.saml2.protocol.Status)
Issuer(com.sun.identity.saml2.assertion.Issuer)
ArtifactResponse(com.sun.identity.saml2.protocol.ArtifactResponse)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
ArtifactResolutionServiceElement(com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement)
Element(org.w3c.dom.Element)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
X509Certificate(java.security.cert.X509Certificate)
Example 10 with Artifact
use of com.sun.identity.saml2.protocol.Artifact in project OpenAM by OpenRock.
the class ArtifactImpl method parseArtifactValue.
private void parseArtifactValue(String value) throws SAML2Exception {
String method = "ArtifactImpl.parseArtifactValue: ";
if (value == null || value.length() == 0) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message(method + "empty input.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
}
// decode the artifact
byte[] raw = null;
try {
raw = Base64.decode(value);
} catch (Exception e) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ArtifactImpl.parseElement: exception " + "occured while decoding artifact:", e);
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("wrongInput"));
}
// check if the length is 44bytes
if (raw.length != ARTIFACT_4_LENGTH) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ArtifactImpl.parseElement: the length" + " is not 44:" + raw.length);
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("wrongInput"));
}
// check if the typecode is correct
if ((raw[0] != ARTIFACT_4_TYPE_CODE_BYTE1) || (raw[1] != ARTIFACT_4_TYPE_CODE_BYTE2)) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ArtifactImpl.parseElement: wrong " + "typecode.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("wrongInput"));
}
typeCode = ARTIFACT_4_TYPE_CODE;
artifact = value;
byte[] endpointIndexB = new byte[2];
// get the sourceID and messageHandle
byte[] sBytes = new byte[SAML2Constants.ID_LENGTH];
byte[] mBytes = new byte[SAML2Constants.ID_LENGTH];
System.arraycopy(raw, 2, endpointIndexB, 0, 2);
System.arraycopy(raw, 4, sBytes, 0, SAML2Constants.ID_LENGTH);
System.arraycopy(raw, 24, mBytes, 0, SAML2Constants.ID_LENGTH);
try {
sourceID = SAML2SDKUtils.byteArrayToString(sBytes);
messageHandle = SAML2SDKUtils.byteArrayToString(mBytes);
} catch (Exception e) {
SAML2SDKUtils.debug.error("ArtifactImpl.parseElement: encoding " + "exception: ", e);
sourceID = new String(sBytes);
messageHandle = new String(mBytes);
}
endpointIndex = SAML2SDKUtils.twoBytesToInt(endpointIndexB);
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)11
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)6
ArtifactResolutionServiceElement (com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement)4
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)4
Issuer (com.sun.identity.saml2.assertion.Issuer)3
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)3
Artifact (com.sun.identity.saml2.protocol.Artifact)3
ArtifactResponse (com.sun.identity.saml2.protocol.ArtifactResponse)3
IOException (java.io.IOException)3
ArrayList (java.util.ArrayList)3
List (java.util.List)3
SOAPException (javax.xml.soap.SOAPException)3
SOAPMessage (javax.xml.soap.SOAPMessage)3
Element (org.w3c.dom.Element)3
AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)2
KeyProvider (com.sun.identity.saml.xmlsig.KeyProvider)2
IDPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)2
ObjectFactory (com.sun.identity.saml2.jaxb.entityconfig.ObjectFactory)2
EntityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.EntityDescriptorElement)2
SAML2MetaManager (com.sun.identity.saml2.meta.SAML2MetaManager)2
