use of com.sun.identity.saml2.protocol.AuthnRequest in project OpenAM by OpenRock.
the class IDPProxyUtil method sendNoPassiveProxyResponse.
/**
* Sends back a NoPassive response for the original AuthnRequest.
*
* @param request The request.
* @param response The response.
* @param out The print writer for writing out presentation.
* @param requestID The requestID of the proxied AuthnRequest.
* @param idpMetaAlias The IdP's metaAlias.
* @param hostEntityID The IdP's entity ID.
* @param realm The realm where the IdP belongs to.
* @throws SAML2Exception If there was an error while sending the NoPassive response.
*/
public static void sendNoPassiveProxyResponse(HttpServletRequest request, HttpServletResponse response, PrintWriter out, String requestID, String idpMetaAlias, String hostEntityID, String realm) throws SAML2Exception {
AuthnRequest origRequest = (AuthnRequest) IDPCache.proxySPAuthnReqCache.remove(requestID);
String relayState = (String) IDPCache.relayStateCache.remove(origRequest.getID());
IDPSSOUtil.sendNoPassiveResponse(request, response, out, idpMetaAlias, hostEntityID, realm, origRequest, relayState, origRequest.getIssuer().getValue());
}
use of com.sun.identity.saml2.protocol.AuthnRequest in project OpenAM by OpenRock.
the class IDPProxyUtil method getPreferredIDP.
/**
* Gets the preferred IDP Id to be proxied. This method makes use of an
* SPI to determine the preferred IDP.
* @param authnRequest original Authn Request.
* @param hostedEntityId hosted provider ID
* @param realm Realm
* @param request HttpServletRequest
* @param response HttpServletResponse
* @exception SAML2Exception for any SAML2 failure.
* @return String Provider id of the preferred IDP to be proxied.
*/
public static String getPreferredIDP(AuthnRequest authnRequest, String hostedEntityId, String realm, HttpServletRequest request, HttpServletResponse response) throws SAML2Exception {
SAML2IDPFinder proxyFinder = getIDPProxyFinder(realm, hostedEntityId);
List idpProviderIDs = proxyFinder.getPreferredIDP(authnRequest, hostedEntityId, realm, request, response);
if ((idpProviderIDs == null) || idpProviderIDs.isEmpty()) {
return null;
}
return (String) idpProviderIDs.get(0);
}
use of com.sun.identity.saml2.protocol.AuthnRequest in project OpenAM by OpenRock.
the class IDPProxyUtil method getNewAuthnRequest.
/**
* Constructs new authentication request by using the original request
* that is sent by the service provider to the proxying IDP.
* @param hostedEntityId hosted provider ID
* @param destination The destination where the new AuthnRequest will be sent to.
* @param realm Realm
* @param origRequest Original Authn Request
* @return AuthnRequest new authn request.
* @exception SAML2Exception for failure in creating new authn request.
* @return AuthnRequest object
*/
private static AuthnRequest getNewAuthnRequest(String hostedEntityId, String destination, String realm, AuthnRequest origRequest) throws SAML2Exception {
String classMethod = "IDPProxyUtil.getNewAuthnRequest: ";
// New Authentication request should only be a single sign-on request.
try {
AuthnRequest newRequest = ProtocolFactory.getInstance().createAuthnRequest();
String requestID = SAML2Utils.generateID();
if (requestID == null || requestID.isEmpty()) {
throw new SAML2Exception(SAML2Utils.bundle.getString("cannotGenerateID"));
}
newRequest.setID(requestID);
SPSSODescriptorElement localDescriptor = IDPSSOUtil.metaManager.getSPSSODescriptor(realm, hostedEntityId);
newRequest.setDestination(XMLUtils.escapeSpecialCharacters(destination));
newRequest.setConsent(origRequest.getConsent());
newRequest.setIsPassive(origRequest.isPassive());
newRequest.setForceAuthn(origRequest.isForceAuthn());
newRequest.setAttributeConsumingServiceIndex(origRequest.getAttributeConsumingServiceIndex());
newRequest.setAssertionConsumerServiceIndex(origRequest.getAssertionConsumerServiceIndex());
String protocolBinding = origRequest.getProtocolBinding();
newRequest.setProtocolBinding(protocolBinding);
OrderedSet acsSet = SPSSOFederate.getACSUrl(localDescriptor, protocolBinding);
String acsURL = (String) acsSet.get(0);
newRequest.setAssertionConsumerServiceURL(acsURL);
Issuer issuer = AssertionFactory.getInstance().createIssuer();
issuer.setValue(hostedEntityId);
newRequest.setIssuer(issuer);
NameIDPolicy origNameIDPolicy = origRequest.getNameIDPolicy();
if (origNameIDPolicy != null) {
NameIDPolicy newNameIDPolicy = ProtocolFactory.getInstance().createNameIDPolicy();
newNameIDPolicy.setFormat(origNameIDPolicy.getFormat());
newNameIDPolicy.setSPNameQualifier(hostedEntityId);
newNameIDPolicy.setAllowCreate(origNameIDPolicy.isAllowCreate());
newRequest.setNameIDPolicy(newNameIDPolicy);
}
newRequest.setRequestedAuthnContext(origRequest.getRequestedAuthnContext());
newRequest.setExtensions(origRequest.getExtensions());
newRequest.setIssueInstant(new Date());
newRequest.setVersion(SAML2Constants.VERSION_2_0);
Scoping scoping = origRequest.getScoping();
if (scoping != null) {
Scoping newScoping = ProtocolFactory.getInstance().createScoping();
Integer proxyCountInt = scoping.getProxyCount();
int proxyCount = 1;
if (proxyCountInt != null) {
proxyCount = scoping.getProxyCount().intValue();
newScoping.setProxyCount(new Integer(proxyCount - 1));
}
newScoping.setIDPList(scoping.getIDPList());
newRequest.setScoping(newScoping);
} else {
//handling the alwaysIdpProxy case -> the incoming request
//did not contained a Scoping field
SPSSOConfigElement spConfig = getSPSSOConfigByAuthnRequest(realm, origRequest);
Map<String, List<String>> spConfigAttrMap = SAML2MetaUtils.getAttributes(spConfig);
scoping = ProtocolFactory.getInstance().createScoping();
String proxyCountParam = SPSSOFederate.getParameter(spConfigAttrMap, SAML2Constants.IDP_PROXY_COUNT);
if (proxyCountParam != null && (!proxyCountParam.equals(""))) {
int proxyCount = Integer.valueOf(proxyCountParam);
if (proxyCount <= 0) {
scoping.setProxyCount(0);
} else {
//since this is a remote SP configuration, we should
//decrement the proxycount by one
scoping.setProxyCount(proxyCount - 1);
}
}
List<String> proxyIdPs = spConfigAttrMap.get(SAML2Constants.IDP_PROXY_LIST);
if (proxyIdPs != null && !proxyIdPs.isEmpty()) {
List<IDPEntry> list = new ArrayList<IDPEntry>();
for (String proxyIdP : proxyIdPs) {
IDPEntry entry = ProtocolFactory.getInstance().createIDPEntry();
entry.setProviderID(proxyIdP);
list.add(entry);
}
IDPList idpList = ProtocolFactory.getInstance().createIDPList();
idpList.setIDPEntries(list);
scoping.setIDPList(idpList);
newRequest.setScoping(scoping);
}
}
return newRequest;
} catch (Exception ex) {
SAML2Utils.debug.error(classMethod + "Error in creating new authn request.", ex);
throw new SAML2Exception(ex);
}
}
use of com.sun.identity.saml2.protocol.AuthnRequest in project OpenAM by OpenRock.
the class IDPProxyUtil method isIDPProxyEnabled.
/**
* Checks if the identity provider is configured for proxying the
* authentication requests for a requesting service provider.
* @param authnRequest Authentication Request.
* @param realm Realm
* @return <code>true</code> if the IDP is configured for proxying.
* @exception SAML2Exception for any failure.
*/
public static boolean isIDPProxyEnabled(AuthnRequest authnRequest, String realm) throws SAML2Exception {
SPSSOConfigElement spConfig;
Map spConfigAttrsMap = null;
Scoping scoping = authnRequest.getScoping();
if (scoping == null) {
//let's check if always IdP proxy and IdP Proxy itself is enabled
spConfig = getSPSSOConfigByAuthnRequest(realm, authnRequest);
if (spConfig != null) {
spConfigAttrsMap = SAML2MetaUtils.getAttributes(spConfig);
Boolean alwaysEnabled = SPSSOFederate.getAttrValueFromMap(spConfigAttrsMap, SAML2Constants.ALWAYS_IDP_PROXY);
Boolean proxyEnabled = SPSSOFederate.getAttrValueFromMap(spConfigAttrsMap, SAML2Constants.ENABLE_IDP_PROXY);
if (alwaysEnabled != null && alwaysEnabled && proxyEnabled != null && proxyEnabled) {
return true;
}
}
return false;
}
Integer proxyCountInt = scoping.getProxyCount();
int proxyCount = 0;
if (proxyCountInt == null) {
//Proxy count missing, IDP Proxy allowed
proxyCount = 1;
} else {
proxyCount = proxyCountInt.intValue();
}
if (proxyCount <= 0) {
return false;
}
spConfig = IDPSSOUtil.metaManager.getSPSSOConfig(realm, authnRequest.getIssuer().getValue());
if (spConfig != null) {
spConfigAttrsMap = SAML2MetaUtils.getAttributes(spConfig);
}
Boolean enabledString = SPSSOFederate.getAttrValueFromMap(spConfigAttrsMap, SAML2Constants.ENABLE_IDP_PROXY);
if (enabledString == null) {
return false;
}
return (enabledString.booleanValue());
}
use of com.sun.identity.saml2.protocol.AuthnRequest in project OpenAM by OpenRock.
the class IDPProxyUtil method sendProxyResponse.
/**
* Sends the proxy authentication response to the proxying service
* provider which has originally requested for the authentication.
* @param request HttpServletRequest
* @param response HttpServletResponse
* @param out the print writer for writing out presentation
* @param requestID request ID
* @param idpMetaAlias meta Alias
* @param newSession Session object
* @throws SAML2Exception for any SAML2 failure.
*/
private static void sendProxyResponse(HttpServletRequest request, HttpServletResponse response, PrintWriter out, String requestID, String idpMetaAlias, Object newSession, String nameIDFormat) throws SAML2Exception {
String classMethod = "IDPProxyUtil.sendProxyResponse: ";
AuthnRequest origRequest = null;
origRequest = (AuthnRequest) IDPCache.proxySPAuthnReqCache.get(requestID);
if (SAML2Utils.debug.messageEnabled()) {
try {
SAML2Utils.debug.message(classMethod + origRequest.toXMLString());
} catch (Exception ex) {
SAML2Utils.debug.error(classMethod + "toString(): Failed.", ex);
}
}
IDPCache.proxySPAuthnReqCache.remove(requestID);
String proxySPEntityId = origRequest.getIssuer().getValue();
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + ":Original requesting service provider id:" + proxySPEntityId);
}
// Save the SP provider id based on the token id
IDPCache.spSessionPartnerBySessionID.put(sessionProvider.getSessionID(newSession), proxySPEntityId);
//TODO: set AuthnContext
/*AuthnContext authnContextStm;
if (authnContextStmt != null) {
String authnContext = authnContextStmt.getAuthnContextClassRef();
session.setAuthnContext(authnContext);
}*/
String relayState = (String) IDPCache.relayStateCache.get(origRequest.getID());
IDPSSOUtil.doSSOFederate(request, response, out, origRequest, origRequest.getIssuer().getValue(), idpMetaAlias, nameIDFormat, relayState, newSession, null);
}
Aggregations