Search in sources :

Example 11 with AuthnRequest

use of com.sun.identity.saml2.protocol.AuthnRequest in project OpenAM by OpenRock.

the class SAML2Utils method fillMap.

private static Map fillMap(final List authnStmts, final Subject subject, final Assertion assertion, final List assertions, final AuthnRequestInfo reqInfo, final String inRespToResp, final String orgName, final String hostEntityId, final String idpEntityId, final SPSSOConfigElement spConfig, final Date notOnOrAfterTime) throws SAML2Exception {
    // use the first AuthnStmt
    AuthnStatement authnStmt = (AuthnStatement) authnStmts.get(0);
    int authLevel = -1;
    String mapperClass = getAttributeValueFromSPSSOConfig(spConfig, SAML2Constants.SP_AUTHCONTEXT_MAPPER);
    SPAuthnContextMapper mapper = getSPAuthnContextMapper(orgName, hostEntityId, mapperClass);
    RequestedAuthnContext reqContext = null;
    AuthnRequest authnRequest = null;
    if (reqInfo != null) {
        reqContext = (reqInfo.getAuthnRequest()).getRequestedAuthnContext();
        authnRequest = reqInfo.getAuthnRequest();
    }
    authLevel = mapper.getAuthLevel(reqContext, authnStmt.getAuthnContext(), orgName, hostEntityId, idpEntityId);
    String sessionIndex = authnStmt.getSessionIndex();
    Date sessionNotOnOrAfter = authnStmt.getSessionNotOnOrAfter();
    Map smap = new HashMap();
    smap.put(SAML2Constants.SUBJECT, subject);
    smap.put(SAML2Constants.POST_ASSERTION, assertion);
    smap.put(SAML2Constants.ASSERTIONS, assertions);
    if (authnRequest != null) {
        smap.put(SAML2Constants.AUTHN_REQUEST, authnRequest);
    }
    String[] data = { assertion.getID(), "", "" };
    if (LogUtil.isAccessLoggable(Level.FINE)) {
        data[1] = subject.toXMLString();
    }
    if (sessionIndex != null && sessionIndex.length() != 0) {
        data[2] = sessionIndex;
        smap.put(SAML2Constants.SESSION_INDEX, sessionIndex);
    }
    if (authLevel >= 0) {
        smap.put(SAML2Constants.AUTH_LEVEL, new Integer(authLevel));
    }
    // SessionNotOnOrAfter
    if (sessionNotOnOrAfter != null) {
        long maxSessionTime = (sessionNotOnOrAfter.getTime() - System.currentTimeMillis()) / 60000;
        if (maxSessionTime > 0) {
            smap.put(SAML2Constants.MAX_SESSION_TIME, new Long(maxSessionTime));
        }
    }
    if (inRespToResp != null && inRespToResp.length() != 0) {
        smap.put(SAML2Constants.IN_RESPONSE_TO, inRespToResp);
    }
    if (debug.messageEnabled()) {
        debug.message("SAML2Utils.fillMap: Found valid authentication " + "assertion.");
    }
    if (notOnOrAfterTime != null) {
        smap.put(SAML2Constants.NOTONORAFTER, new Long(notOnOrAfterTime.getTime()));
    }
    LogUtil.access(Level.INFO, LogUtil.FOUND_AUTHN_ASSERTION, data, null);
    return smap;
}
Also used : HashMap(java.util.HashMap) Date(java.util.Date) RequestedAuthnContext(com.sun.identity.saml2.protocol.RequestedAuthnContext) AuthnRequest(com.sun.identity.saml2.protocol.AuthnRequest) AuthnStatement(com.sun.identity.saml2.assertion.AuthnStatement) SPAuthnContextMapper(com.sun.identity.saml2.plugins.SPAuthnContextMapper) DefaultSPAuthnContextMapper(com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper) Map(java.util.Map) HashMap(java.util.HashMap)

Example 12 with AuthnRequest

use of com.sun.identity.saml2.protocol.AuthnRequest in project OpenAM by OpenRock.

the class SAML2IDPProxyFRImpl method storeSessionParamsAndCache.

private void storeSessionParamsAndCache(HttpServletRequest request, String idpListSt, AuthnRequest authnRequest, String hostProviderID, String realm, String requestID) {
    String methodName = "storeSessionParamsAndCache";
    HttpSession hts = request.getSession();
    hts.setAttribute(SESSION_ATTR_NAME_IDP_LIST, idpListSt);
    debugMessage(methodName, " Setting " + SESSION_ATTR_NAME_IDP_LIST + " = " + idpListSt);
    hts.setAttribute(SESSION_ATTR_NAME_RELAYSTATE, buildReturnURL(requestID, request));
    debugMessage(methodName, " Setting " + SESSION_ATTR_NAME_RELAYSTATE);
    hts.setAttribute(SESSION_ATTR_NAME_SPREQUESTER, authnRequest.getIssuer().getValue().toString());
    debugMessage(methodName, " Setting " + SESSION_ATTR_NAME_SPREQUESTER);
    RequestedAuthnContext requestedAuthnContext = authnRequest.getRequestedAuthnContext();
    hts.setAttribute(SESSION_ATTR_NAME_REQAUTHNCONTEXT, requestedAuthnContext == null ? null : requestedAuthnContext.getAuthnContextClassRef());
    debugMessage(methodName, " Setting " + SESSION_ATTR_NAME_REQAUTHNCONTEXT);
    // Save the important param in the reqParamHash so we can
    // locate them when we return to the IDPSSOFederate.
    Map paramsMap = new HashMap();
    paramsMap.put("authnReq", authnRequest);
    paramsMap.put("spSSODescriptor", spSSODescriptor);
    paramsMap.put("idpEntityID", hostProviderID);
    paramsMap.put("realm", realm);
    paramsMap.put("relayState", relayState);
    paramsMap.put("binding", binding);
    SPCache.reqParamHash.put(requestID, paramsMap);
}
Also used : RequestedAuthnContext(com.sun.identity.saml2.protocol.RequestedAuthnContext) HashMap(java.util.HashMap) HttpSession(javax.servlet.http.HttpSession) HashMap(java.util.HashMap) Map(java.util.Map)

Example 13 with AuthnRequest

use of com.sun.identity.saml2.protocol.AuthnRequest in project OpenAM by OpenRock.

the class SAML2IDPProxyImpl method getPreferredIDP.

/**
     * Returns a list of preferred IDP providerIDs.
     * @param authnRequest original authnrequest
     * @param hostProviderID ProxyIDP providerID.
     * @param realm Realm
     * @param request HttpServletRequest
     * @param response HttpServletResponse
     * @return a list of providerID's of the authenticating providers to be
     *     proxied or <code>null</code> to disable the proxying and continue
     *     for the localauthenticating provider.
     * @exception SAML2Exception if error occurs.
     */
public List getPreferredIDP(AuthnRequest authnRequest, String hostProviderID, String realm, HttpServletRequest request, HttpServletResponse response) throws SAML2Exception {
    String classMethod = "SAML2IDPProxyImpl.getPreferredIDP:";
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message(classMethod + "Init.");
    }
    try {
        SAML2MetaManager sm = new SAML2MetaManager();
        // Retreive MetaData
        if (sm == null) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorMetaManager"));
        }
        SPSSOConfigElement spEntityCfg = sm.getSPSSOConfig(realm, authnRequest.getIssuer().getValue());
        Map spConfigAttrsMap = null;
        if (spEntityCfg != null) {
            spConfigAttrsMap = SAML2MetaUtils.getAttributes(spEntityCfg);
        }
        String useIntroductionForProxying = SPSSOFederate.getParameter(spConfigAttrsMap, SAML2Constants.USE_INTRODUCTION_FOR_IDP_PROXY);
        List providerIDs = new ArrayList();
        if (useIntroductionForProxying == null || !useIntroductionForProxying.equals("true")) {
            List proxyIDPs = null;
            if ((spConfigAttrsMap != null) && (!spConfigAttrsMap.isEmpty())) {
                proxyIDPs = (List) spConfigAttrsMap.get(SAML2Constants.IDP_PROXY_LIST);
            }
            if (proxyIDPs == null || proxyIDPs.isEmpty()) {
                SAML2Utils.debug.error("SAML2IDPProxyImpl.getPrefferedIDP:" + "Preferred IDPs are null.");
                return null;
            }
            providerIDs.add(proxyIDPs.iterator().next());
            return providerIDs;
        } else {
            /* IDP Proxy with introduction cookie case*/
            String idpEntityID = null;
            List cotList = (List) spConfigAttrsMap.get("cotlist");
            String cotListStr = (String) cotList.iterator().next();
            CircleOfTrustManager cotManager = new CircleOfTrustManager();
            CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(realm, cotListStr);
            String readerURL = cotDesc.getSAML2ReaderServiceURL();
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(classMethod + "SAMLv2 idp" + "discovery reader URL = " + readerURL);
            }
            if (readerURL != null && (!readerURL.equals(""))) {
                String rID = SAML2Utils.generateID();
                String redirectURL = SAML2Utils.getRedirectURL(readerURL, rID, request);
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.error(classMethod + "Redirect url = " + redirectURL);
                }
                if (redirectURL != null) {
                    response.sendRedirect(redirectURL);
                    Map aMap = new HashMap();
                    SPCache.reqParamHash.put(rID, aMap);
                    providerIDs.add(rID);
                    return providerIDs;
                }
            }
        }
        return null;
    } catch (SAML2MetaException ex) {
        SAML2Utils.debug.error(classMethod + "meta Exception in retrieving the preferred IDP", ex);
        return null;
    } catch (COTException sme) {
        SAML2Utils.debug.error(classMethod + "Error retreiving COT ", sme);
        return null;
    } catch (Exception e) {
        SAML2Utils.debug.error(classMethod + "Exception in retrieving the preferred IDP", e);
        return null;
    }
}
Also used : CircleOfTrustManager(com.sun.identity.cot.CircleOfTrustManager) HashMap(java.util.HashMap) SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) ArrayList(java.util.ArrayList) CircleOfTrustDescriptor(com.sun.identity.cot.CircleOfTrustDescriptor) SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager) COTException(com.sun.identity.cot.COTException) COTException(com.sun.identity.cot.COTException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) ArrayList(java.util.ArrayList) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 14 with AuthnRequest

use of com.sun.identity.saml2.protocol.AuthnRequest in project OpenAM by OpenRock.

the class ECPIDPFinder method getPreferredIDP.

/**
     * Returns a list of preferred IDP providerID's.
     * @param authnRequest original authnrequest
     * @param hostProviderID hosted providerID.
     * @param realm Realm
     * @param request HttpServletRequest
     * @param response HttpServletResponse
     * @return a list of IDP providerID's or null if not found.
     * @exception SAML2Exception if error occurs. 
     */
public List getPreferredIDP(AuthnRequest authnRequest, String hostProviderID, String realm, HttpServletRequest request, HttpServletResponse response) throws SAML2Exception {
    SPSSOConfigElement spssoconfig = SAML2Utils.getSAML2MetaManager().getSPSSOConfig(realm, hostProviderID);
    Map attributes = SAML2MetaUtils.getAttributes(spssoconfig);
    List idps = (List) attributes.get(SAML2Constants.ECP_REQUEST_IDP_LIST);
    if ((idps == null) || (idps.isEmpty())) {
        return null;
    }
    return idps;
}
Also used : SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) List(java.util.List) Map(java.util.Map)

Example 15 with AuthnRequest

use of com.sun.identity.saml2.protocol.AuthnRequest in project OpenAM by OpenRock.

the class SMAdapter method postSingleSignOnSuccess.

/**
     * Invokes after Single-Sign-On processing succeeded.
     * @param hostedEntityID Entity ID for the hosted SP
     * @param realm Realm of the hosted SP.
     * @param request servlet request
     * @param response servlet response
     * @param session user's session
     * @param authnRequest the original authentication request sent from SP, 
     *       null if this is IDP initiated SSO.
     * @param ssoResponse response from IDP 
     * @param profile protocol profile used, one of the following values: 
     *     <code>SAML2Constants.HTTP_POST</code>, 
     *     <code>SAML2Constants.HTTP_ARTIFACT</code>,
     *     <code>SAML2Constants.PAOS</code>
     * @param isFederation true if this is federation case, false otherwise.
     * @return true if browser redirection happened after processing, 
     *     false otherwise. Default to false. 
     * @exception SAML2Exception if user want to fail the process.
     */
public boolean postSingleSignOnSuccess(String hostedEntityID, String realm, HttpServletRequest request, HttpServletResponse response, Object session, AuthnRequest authnRequest, Response ssoResponse, String profile, boolean isFederation) throws SAML2Exception {
    try {
        SSOToken ssoToken = (SSOToken) session;
        String famSession = ssoToken.getTokenID().toString();
        /*
            Cookie[] cookies = request.getCookies();
            for (int i=0; i < cookies.length; i++) {
                 Cookie cookie = cookies[i];
                 if(cookie.getName().equals(famCookieName)) {
                    famSession = cookie.getValue();
                 }
            }
*/
        if (famSession == null) {
            throw new SAML2Exception("No OpenSSO Session found");
        }
        UserCredentials uc = new UserCredentials("FMTOKEN", "FMTOKEN" + famSession);
        SessionDef sd = new SessionDef();
        ResourceContextDef rcd = new ResourceContextDef(agentID, agentHostName, resource, "GET");
        RealmDef rd = new RealmDef();
        int retCode = agentAPI.isProtected(agentIP, rcd, rd);
        if (retCode != AgentAPI.YES) {
            System.out.println("Agent is not protected.");
            throw new SAML2Exception("Agent is not protected");
        }
        AttributeList al = new AttributeList();
        int status = agentAPI.login(agentIP, rcd, rd, uc, sd, al);
        if (status != AgentAPI.YES) {
            throw new SAML2Exception("Agent authentication failed");
        }
        Cookie smCookie = new Cookie(smCookieName, sd.spec);
        smCookie.setDomain(cookieDomain);
        response.addCookie(smCookie);
        return false;
    } catch (Exception ex) {
        ex.printStackTrace();
        throw new SAML2Exception(ex.getMessage());
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Cookie(javax.servlet.http.Cookie) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)

Aggregations

SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)27 List (java.util.List)18 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)15 ArrayList (java.util.ArrayList)15 AuthnRequest (com.sun.identity.saml2.protocol.AuthnRequest)14 Map (java.util.Map)13 SessionException (com.sun.identity.plugin.session.SessionException)12 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)10 IOException (java.io.IOException)10 SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)10 SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)9 Date (java.util.Date)8 HashMap (java.util.HashMap)8 IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)7 SAML2ServiceProviderAdapter (com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter)7 Iterator (java.util.Iterator)7 Issuer (com.sun.identity.saml2.assertion.Issuer)6 Assertion (com.sun.identity.saml2.assertion.Assertion)5 IDPList (com.sun.identity.saml2.protocol.IDPList)5 Response (com.sun.identity.saml2.protocol.Response)5