Example 41 with AuthnRequest
use of com.sun.identity.saml2.protocol.AuthnRequest in project OpenAM by OpenRock.
the class UtilProxySAMLAuthenticatorLookup method retrieveAuthenticationFromCache.
@Override
public void retrieveAuthenticationFromCache() throws SessionException, ServerFaultException, ClientFaultException {
final String classMethod = "UtilProxySAMLAuthenticatorLookup.retrieveAuthenticationFromCache: ";
// the second visit, the user has already authenticated
// retrieve the cache authn request and relay state
// We need the session to pass it to the IDP Adapter preSendResponse
SessionProvider sessionProvider = SessionManager.getProvider();
try {
data.setSession(sessionProvider.getSession(request));
data.getEventAuditor().setSSOTokenId(data.getSession());
} catch (SessionException se) {
SAML2Utils.debug.error("An error occurred while retrieving the session: " + se.getMessage());
data.setSession(null);
}
// Get the cached Authentication Request and Relay State before
// invoking the IDP Adapter
CacheObject cacheObj;
synchronized (IDPCache.authnRequestCache) {
cacheObj = (CacheObject) IDPCache.authnRequestCache.get(data.getRequestID());
}
if (cacheObj != null) {
data.setAuthnRequest((AuthnRequest) cacheObj.getObject());
}
data.setRelayState((String) IDPCache.relayStateCache.get(data.getRequestID()));
if (!isSessionValid(sessionProvider)) {
return;
}
// Invoke the IDP Adapter after the user has been authenticated
if (preSendResponse(request, response, data)) {
return;
}
synchronized (IDPCache.authnRequestCache) {
cacheObj = (CacheObject) IDPCache.authnRequestCache.remove(data.getRequestID());
}
if (cacheObj != null) {
data.setAuthnRequest((AuthnRequest) cacheObj.getObject());
}
synchronized (IDPCache.idpAuthnContextCache) {
cacheObj = (CacheObject) IDPCache.idpAuthnContextCache.remove(data.getRequestID());
}
if (cacheObj != null) {
data.setMatchingAuthnContext((AuthnContext) cacheObj.getObject());
}
data.setRelayState((String) IDPCache.relayStateCache.remove(data.getRequestID()));
if (data.getAuthnRequest() == null) {
authNotAvailable();
return;
}
SAML2Utils.debug.message("{} RequestID= {}", classMethod, data.getRequestID());
boolean isSessionUpgrade = false;
if (CollectionUtils.isNotEmpty(IDPCache.isSessionUpgradeCache)) {
isSessionUpgrade = IDPCache.isSessionUpgradeCache.contains(data.getRequestID());
}
if (isSessionUpgrade) {
IDPSession oldSess = (IDPSession) IDPCache.oldIDPSessionCache.remove(data.getRequestID());
String sessionIndex = IDPSSOUtil.getSessionIndex(data.getSession());
if (StringUtils.isNotEmpty(sessionIndex)) {
IDPCache.idpSessionsByIndices.put(sessionIndex, oldSess);
final FedMonAgent agent = MonitorManager.getAgent();
if (agent != null && agent.isRunning()) {
final FedMonSAML2Svc saml2Svc = MonitorManager.getSAML2Svc();
if (saml2Svc != null) {
saml2Svc.setIdpSessionCount(IDPCache.idpSessionsByIndices.size());
}
}
}
}
if (data.getSession() != null) {
// call multi-federation protocol to set the protocol
MultiProtocolUtils.addFederationProtocol(data.getSession(), SingleLogoutManager.SAML2);
}
// generate assertion response
data.setSpEntityID(data.getAuthnRequest().getIssuer().getValue());
NameIDPolicy policy = data.getAuthnRequest().getNameIDPolicy();
String nameIDFormat = (policy == null) ? null : policy.getFormat();
try {
IDPSSOUtil.sendResponseToACS(request, response, out, data.getSession(), data.getAuthnRequest(), data.getSpEntityID(), data.getIdpEntityID(), data.getIdpMetaAlias(), data.getRealm(), nameIDFormat, data.getRelayState(), data.getMatchingAuthnContext());
} catch (SAML2Exception se) {
SAML2Utils.debug.error(classMethod + "Unable to do sso or federation.", se);
throw new ServerFaultException(data.getIdpAdapter(), SSO_OR_FEDERATION_ERROR, se.getMessage());
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
IDPSession(com.sun.identity.saml2.profile.IDPSession)
FedMonSAML2Svc(com.sun.identity.plugin.monitoring.FedMonSAML2Svc)
NameIDPolicy(com.sun.identity.saml2.protocol.NameIDPolicy)
ServerFaultException(com.sun.identity.saml2.profile.ServerFaultException)
SessionException(com.sun.identity.plugin.session.SessionException)
CacheObject(com.sun.identity.saml2.profile.CacheObject)
FedMonAgent(com.sun.identity.plugin.monitoring.FedMonAgent)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 42 with AuthnRequest
use of com.sun.identity.saml2.protocol.AuthnRequest in project OpenAM by OpenRock.
the class OAuth2Saml2GrantSPAdapter method postSingleSignOnSuccess.
/**
* @{inheritDoc}
*/
public boolean postSingleSignOnSuccess(String hostedEntityID, String realm, HttpServletRequest request, HttpServletResponse response, PrintWriter out, Object session, AuthnRequest authnRequest, Response ssoResponse, String profile, boolean isFederation) throws SAML2Exception {
AssertionImpl assertion = (AssertionImpl) ssoResponse.getAssertion().get(0);
StringBuilder sb = new StringBuilder();
try {
//post assertion to the OAuth 2 token endpoint using the saml2 grant.
sb.append("<form name=\"postForm\" action=\"");
sb.append(hostedEntityID);
if (hostedEntityID.endsWith("/")) {
sb.append("oauth2/access_token");
} else {
sb.append("/oauth2/access_token");
}
sb.append("?realm=" + (StringUtils.isEmpty(realm) ? "/" : realm));
sb.append("\" method=\"post\">");
sb.append("<input type=\"hidden\" name=\"grant_type\" value=\"");
sb.append(OAuth2Constants.SAML20.GRANT_TYPE_URI);
sb.append("\">");
sb.append("<input type=\"hidden\" name=\"assertion\" value=\"");
sb.append(Base64.encode(assertion.toXMLString(false, false).getBytes("UTF-8")));
sb.append("\">");
sb.append("<input type=\"hidden\" name=\"client_id\" value=\"");
sb.append(hostedEntityID);
sb.append("\">");
sb.append("</form>");
sb.append("<script language=\"Javascript\">");
sb.append("document.postForm.submit();");
sb.append("</script>");
out.print(sb.toString());
} catch (UnsupportedEncodingException e) {
SAML2Utils.debug.error("OAuth2Saml2GrantSPAdapter.postSingleSignOnSuccess: Unsuppored Encoding Exception: " + e.getMessage());
} catch (IOException e) {
SAML2Utils.debug.error("OAuth2Saml2GrantSPAdapter.postSingleSignOnSuccess: IOException: " + e.getMessage());
}
return true;
}
Also used :
AssertionImpl(com.sun.identity.saml2.assertion.impl.AssertionImpl)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
IOException(java.io.IOException)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)27
List (java.util.List)18
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)15
ArrayList (java.util.ArrayList)15
AuthnRequest (com.sun.identity.saml2.protocol.AuthnRequest)14
Map (java.util.Map)13
SessionException (com.sun.identity.plugin.session.SessionException)12
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)10
IOException (java.io.IOException)10
SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)10
SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)9
Date (java.util.Date)8
HashMap (java.util.HashMap)8
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)7
SAML2ServiceProviderAdapter (com.sun.identity.saml2.plugins.SAML2ServiceProviderAdapter)7
Iterator (java.util.Iterator)7
Issuer (com.sun.identity.saml2.assertion.Issuer)6
Assertion (com.sun.identity.saml2.assertion.Assertion)5
IDPList (com.sun.identity.saml2.protocol.IDPList)5
Response (com.sun.identity.saml2.protocol.Response)5
