Example 1 with AssertionIDRequest
use of com.sun.identity.saml2.protocol.AssertionIDRequest in project OpenAM by OpenRock.
the class AssertionIDRequestUtil method sendAssertionIDRequestBySOAP.
private static Response sendAssertionIDRequestBySOAP(AssertionIDRequest assertionIDRequest, String location, String realm, String samlAuthorityEntityID, String role, RoleDescriptorType roled) throws SAML2Exception {
String aIDReqStr = assertionIDRequest.toXMLString(true, true);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AssertionIDRequestUtil.sendAssertionIDRequestBySOAP: " + "assertionIDRequest = " + aIDReqStr);
SAML2Utils.debug.message("AssertionIDRequestUtil.sendAssertionIDRequestBySOAP: " + "location = " + location);
}
location = fillInBasicAuthInfo(location, realm, samlAuthorityEntityID, role);
SOAPMessage resMsg = null;
try {
resMsg = SOAPCommunicator.getInstance().sendSOAPMessage(aIDReqStr, location, true);
} catch (SOAPException se) {
SAML2Utils.debug.error("AssertionIDRequestUtil.sendAssertionIDRequestBySOAP:", se);
throw new SAML2Exception(SAML2Utils.bundle.getString("errorSendingAssertionIDRequest"));
}
Element respElem = SOAPCommunicator.getInstance().getSamlpElement(resMsg, "Response");
Response response = ProtocolFactory.getInstance().createResponse(respElem);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AssertionIDRequestUtil.sendAssertionIDRequestBySOAP: " + "response = " + response.toXMLString(true, true));
}
verifyResponse(response, assertionIDRequest, samlAuthorityEntityID, role, roled);
return response;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Response(com.sun.identity.saml2.protocol.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
SOAPException(javax.xml.soap.SOAPException)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
AuthnAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement)
AttributeAuthorityDescriptorElement(com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)
Element(org.w3c.dom.Element)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
AssertionIDRequestServiceElement(com.sun.identity.saml2.jaxb.metadata.AssertionIDRequestServiceElement)
SOAPMessage(javax.xml.soap.SOAPMessage)
Example 2 with AssertionIDRequest
use of com.sun.identity.saml2.protocol.AssertionIDRequest in project OpenAM by OpenRock.
the class AssertionIDRequestServiceSOAP method doGetPost.
private void doGetPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// handle DOS attack
SAMLUtils.checkHTTPContentLength(req);
String pathInfo = req.getPathInfo();
if (pathInfo == null) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AssertionIDRequestServiceSOAP.doGetPost: " + "pathInfo is null.");
}
SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "nullPathInfo", SAML2Utils.bundle.getString("nullPathInfo"));
return;
}
String role = null;
int index = pathInfo.indexOf(SAML2MetaManager.NAME_META_ALIAS_IN_URI);
if (index > 2) {
role = pathInfo.substring(1, index - 1);
}
String samlAuthorityMetaAlias = SAML2MetaUtils.getMetaAliasByUri(req.getRequestURI());
String samlAuthorityEntityID = null;
String realm = null;
try {
samlAuthorityEntityID = SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(samlAuthorityMetaAlias);
realm = SAML2MetaUtils.getRealmByMetaAlias(samlAuthorityMetaAlias);
} catch (SAML2Exception sme) {
SAML2Utils.debug.error("AssertionIDRequestServiceSOAP.doGetPost", sme);
SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "invalidMetaAlias", sme.getMessage());
return;
}
if (!SAML2Utils.isIDPProfileBindingSupported(realm, samlAuthorityEntityID, SAML2Constants.ASSERTION_ID_REQUEST_SERVICE, SAML2Constants.SOAP)) {
SAML2Utils.debug.error("AssertionIDRequestServiceSOAP.doGetPost:Assertion ID request" + " service SOAP binding is not supported for " + samlAuthorityEntityID);
SAMLUtils.sendError(req, resp, HttpServletResponse.SC_BAD_REQUEST, "unsupportedBinding", SAML2Utils.bundle.getString("unsupportedBinding"));
return;
}
AssertionIDRequest assertionIDRequest = null;
try {
SOAPMessage msg = SOAPCommunicator.getInstance().getSOAPMessage(req);
Element elem = SOAPCommunicator.getInstance().getSamlpElement(msg, SAML2Constants.ASSERTION_ID_REQUEST);
assertionIDRequest = ProtocolFactory.getInstance().createAssertionIDRequest(elem);
} catch (Exception ex) {
SAML2Utils.debug.error("AssertionIDRequestServiceSOAP.doGetPost:", ex);
SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "failedToCreateAssertionIDRequest", ex.getMessage());
return;
}
SOAPMessage replymsg = null;
try {
Response samlResp = AssertionIDRequestUtil.processAssertionIDRequest(assertionIDRequest, req, resp, samlAuthorityEntityID, role, realm);
replymsg = SOAPCommunicator.getInstance().createSOAPMessage(samlResp.toXMLString(true, true), false);
} catch (Throwable t) {
SAML2Utils.debug.error("AssertionIDRequestServiceSOAP.doGetPost: " + "Unable to create SOAP message:", t);
replymsg = SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "unableToCreateSOAPMessage", null);
}
try {
if (replymsg.saveRequired()) {
replymsg.saveChanges();
}
resp.setStatus(HttpServletResponse.SC_OK);
SAML2Utils.putHeaders(replymsg.getMimeHeaders(), resp);
OutputStream os = resp.getOutputStream();
replymsg.writeTo(os);
os.flush();
} catch (SOAPException soap) {
SAML2Utils.debug.error("AssertionIDRequestServiceSOAP.doGetPost", soap);
SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "soapError", soap.getMessage());
return;
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Response(com.sun.identity.saml2.protocol.Response)
AssertionIDRequest(com.sun.identity.saml2.protocol.AssertionIDRequest)
Element(org.w3c.dom.Element)
OutputStream(java.io.OutputStream)
SOAPException(javax.xml.soap.SOAPException)
SOAPMessage(javax.xml.soap.SOAPMessage)
ServletException(javax.servlet.ServletException)
SOAPException(javax.xml.soap.SOAPException)
IOException(java.io.IOException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Example 3 with AssertionIDRequest
use of com.sun.identity.saml2.protocol.AssertionIDRequest in project OpenAM by OpenRock.
the class AssertionIDRequestUtil method verifyAssertionIDRequest.
private static void verifyAssertionIDRequest(AssertionIDRequest assertionIDRequest, String samlAuthorityEntityID, String role, String realm) throws SAML2Exception {
Issuer issuer = assertionIDRequest.getIssuer();
String requestedEntityID = issuer.getValue();
if (!SAML2Utils.isSourceSiteValid(issuer, realm, samlAuthorityEntityID)) {
throw new SAML2Exception(SAML2Utils.bundle.getString("assertionIDRequestIssuerInvalid"));
}
SPSSODescriptorElement spSSODesc = metaManager.getSPSSODescriptor(realm, requestedEntityID);
if (spSSODesc == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("assertionIDRequestIssuerNotFound"));
}
Set<X509Certificate> verificationCerts = KeyUtil.getVerificationCerts(spSSODesc, requestedEntityID, SAML2Constants.SP_ROLE);
if (!verificationCerts.isEmpty()) {
boolean valid = assertionIDRequest.isSignatureValid(verificationCerts);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AssertionIDRequestUtil.verifyAssertionIDRequest: " + "Signature validity is : " + valid);
}
if (!valid) {
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignatureAssertionIDRequest"));
}
} else {
throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Issuer(com.sun.identity.saml2.assertion.Issuer)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
X509Certificate(java.security.cert.X509Certificate)
Example 4 with AssertionIDRequest
use of com.sun.identity.saml2.protocol.AssertionIDRequest in project OpenAM by OpenRock.
the class AssertionIDRequestUtil method sendAssertionIDRequest.
/**
* Sends the <code>AssertionIDRequest</code> to specifiied Assertion ID
* Request Service and returns <code>Response</code> coming from the
* Assertion ID Request Service.
*
* @param assertionIDRequest the <code>AssertionIDRequest</code> object
* @param samlAuthorityEntityID entity ID of SAML authority
* @param role SAML authority role, for example,
* <code>SAML2Constants.ATTR_AUTH_ROLE</code>,
* <code>SAML2Constants.AUTHN_AUTH_ROLE</code> or
* <code>SAML2Constants.IDP_ROLE</code>
* @param realm the realm of hosted entity
* @param binding the binding
*
* @return the <code>Response</code> object
* @exception SAML2Exception if the operation is not successful
*
* @supported.api
*/
public static Response sendAssertionIDRequest(AssertionIDRequest assertionIDRequest, String samlAuthorityEntityID, String role, String realm, String binding) throws SAML2Exception {
StringBuffer location = new StringBuffer();
RoleDescriptorType roled = getRoleDescriptorAndLocation(samlAuthorityEntityID, role, realm, binding, location);
if (binding.equalsIgnoreCase(SAML2Constants.SOAP)) {
signAssertionIDRequest(assertionIDRequest, realm, false);
return sendAssertionIDRequestBySOAP(assertionIDRequest, location.toString(), realm, samlAuthorityEntityID, role, roled);
} else {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
RoleDescriptorType(com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType)
Example 5 with AssertionIDRequest
use of com.sun.identity.saml2.protocol.AssertionIDRequest in project OpenAM by OpenRock.
the class AssertionIDRequestUtil method processAssertionIDRequest.
/**
* This method processes the <code>AssertionIDRequest</code> coming
* from a requester.
*
* @param assertionIDRequest the <code>AssertionIDRequest</code> object
* @param request the <code>HttpServletRequest</code> object
* @param response the <code>HttpServletResponse</code> object
* @param samlAuthorityEntityID entity ID of SAML authority
* @param role the role of SAML authority
* @param realm the realm of SAML authority
* @return the <code>Response</code> object
* @exception SAML2Exception if the operation is not successful
*/
public static Response processAssertionIDRequest(AssertionIDRequest assertionIDRequest, HttpServletRequest request, HttpServletResponse response, String samlAuthorityEntityID, String role, String realm) throws SAML2Exception {
try {
verifyAssertionIDRequest(assertionIDRequest, samlAuthorityEntityID, role, realm);
} catch (SAML2Exception se) {
SAML2Utils.debug.error("AssertionIDRequestUtil." + "processAssertionIDRequest:", se);
return SAML2Utils.getErrorResponse(assertionIDRequest, SAML2Constants.REQUESTER, null, se.getMessage(), samlAuthorityEntityID);
}
Issuer issuer = assertionIDRequest.getIssuer();
String spEntityID = issuer.getValue();
RoleDescriptorType roled = null;
try {
if (SAML2Constants.IDP_ROLE.equals(role)) {
roled = metaManager.getIDPSSODescriptor(realm, samlAuthorityEntityID);
} else if (SAML2Constants.AUTHN_AUTH_ROLE.equals(role)) {
roled = metaManager.getAuthnAuthorityDescriptor(realm, samlAuthorityEntityID);
} else if (SAML2Constants.ATTR_AUTH_ROLE.equals(role)) {
roled = metaManager.getAttributeAuthorityDescriptor(realm, samlAuthorityEntityID);
}
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error("AssertionIDRequestUtil." + "processAssertionIDRequest:", sme);
return SAML2Utils.getErrorResponse(assertionIDRequest, SAML2Constants.RESPONDER, null, sme.getMessage(), samlAuthorityEntityID);
}
if (roled == null) {
return SAML2Utils.getErrorResponse(assertionIDRequest, SAML2Constants.REQUESTER, null, SAML2Utils.bundle.getString("samlAuthorityNotFound"), samlAuthorityEntityID);
}
List returnAssertions = null;
List assertionIDRefs = assertionIDRequest.getAssertionIDRefs();
for (Iterator iter = assertionIDRefs.iterator(); iter.hasNext(); ) {
AssertionIDRef assertionIDRef = (AssertionIDRef) iter.next();
String assertionID = assertionIDRef.getValue();
Assertion assertion = (Assertion) IDPCache.assertionByIDCache.get(assertionID);
if ((assertion == null) && (SAML2FailoverUtils.isSAML2FailoverEnabled())) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AssertionIDRequestUtil.processAssertionIDRequest: " + "reading assertion from the SAML2 Token Repository using assertionID:" + assertionID);
}
String assertionStr = null;
try {
assertionStr = (String) SAML2FailoverUtils.retrieveSAML2Token(assertionID);
} catch (SAML2TokenRepositoryException se) {
SAML2Utils.debug.error("AssertionIDRequestUtil.processAssertionIDRequest: " + "There was a problem reading assertion from the SAML2 Token Repository using assertionID:" + assertionID, se);
}
if (assertionStr != null) {
assertion = AssertionFactory.getInstance().createAssertion(assertionStr);
}
}
if ((assertion != null) && (assertion.isTimeValid())) {
if (returnAssertions == null) {
returnAssertions = new ArrayList();
}
returnAssertions.add(assertion);
}
}
ProtocolFactory protocolFactory = ProtocolFactory.getInstance();
Response samlResp = protocolFactory.createResponse();
samlResp.setAssertion(returnAssertions);
samlResp.setID(SAML2Utils.generateID());
samlResp.setInResponseTo(assertionIDRequest.getID());
samlResp.setVersion(SAML2Constants.VERSION_2_0);
samlResp.setIssueInstant(new Date());
Status status = protocolFactory.createStatus();
StatusCode statusCode = protocolFactory.createStatusCode();
statusCode.setValue(SAML2Constants.SUCCESS);
status.setStatusCode(statusCode);
samlResp.setStatus(status);
Issuer respIssuer = AssertionFactory.getInstance().createIssuer();
respIssuer.setValue(samlAuthorityEntityID);
samlResp.setIssuer(respIssuer);
signResponse(samlResp, samlAuthorityEntityID, role, realm, false);
return samlResp;
}
Also used :
Status(com.sun.identity.saml2.protocol.Status)
Issuer(com.sun.identity.saml2.assertion.Issuer)
AssertionIDRef(com.sun.identity.saml2.assertion.AssertionIDRef)
Assertion(com.sun.identity.saml2.assertion.Assertion)
ArrayList(java.util.ArrayList)
StatusCode(com.sun.identity.saml2.protocol.StatusCode)
Date(java.util.Date)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory)
Response(com.sun.identity.saml2.protocol.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
RoleDescriptorType(com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType)
Iterator(java.util.Iterator)
List(java.util.List)
ArrayList(java.util.ArrayList)
SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)6
Issuer (com.sun.identity.saml2.assertion.Issuer)3
Response (com.sun.identity.saml2.protocol.Response)3
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
RoleDescriptorType (com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType)2
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)2
X509Certificate (java.security.cert.X509Certificate)2
SOAPException (javax.xml.soap.SOAPException)2
SOAPMessage (javax.xml.soap.SOAPMessage)2
Element (org.w3c.dom.Element)2
Assertion (com.sun.identity.saml2.assertion.Assertion)1
AssertionIDRef (com.sun.identity.saml2.assertion.AssertionIDRef)1
AssertionIDRequestServiceElement (com.sun.identity.saml2.jaxb.metadata.AssertionIDRequestServiceElement)1
AttributeAuthorityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.AttributeAuthorityDescriptorElement)1
AuthnAuthorityDescriptorElement (com.sun.identity.saml2.jaxb.metadata.AuthnAuthorityDescriptorElement)1
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)1
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)1
AssertionIDRequest (com.sun.identity.saml2.protocol.AssertionIDRequest)1
ProtocolFactory (com.sun.identity.saml2.protocol.ProtocolFactory)1
Status (com.sun.identity.saml2.protocol.Status)1
