Example 11 with Extensions
use of com.sun.identity.saml2.protocol.Extensions in project OpenAM by OpenRock.
the class AuthnRequestImpl method parseDOMElement.
/**
* Parses the Docuemnt Element for this object.
*
* @param element the Document Element of this object.
* @throws SAML2Exception if error parsing the Document Element.
*/
protected void parseDOMElement(Element element) throws SAML2Exception {
AssertionFactory assertionFactory = AssertionFactory.getInstance();
ProtocolFactory protoFactory = ProtocolFactory.getInstance();
requestId = element.getAttribute(SAML2Constants.ID);
validateID(requestId);
version = element.getAttribute(SAML2Constants.VERSION);
validateVersion(version);
String issueInstantStr = element.getAttribute(SAML2Constants.ISSUE_INSTANT);
validateIssueInstant(issueInstantStr);
destinationURI = element.getAttribute(SAML2Constants.DESTINATION);
consent = element.getAttribute(SAML2Constants.CONSENT);
NodeList nList = element.getChildNodes();
if ((nList != null) && (nList.getLength() > 0)) {
for (int i = 0; i < nList.getLength(); i++) {
Node childNode = nList.item(i);
String cName = childNode.getLocalName();
if (cName != null) {
if (cName.equals(SAML2Constants.ISSUER)) {
validateIssuer();
nameID = assertionFactory.createIssuer((Element) childNode);
} else if (cName.equals(SAML2Constants.SIGNATURE)) {
validateSignature();
signatureString = XMLUtils.print((Element) childNode);
isSigned = true;
} else if (cName.equals(SAML2Constants.EXTENSIONS)) {
validateExtensions();
extensions = protoFactory.createExtensions((Element) childNode);
} else if (cName.equals(SAML2Constants.SUBJECT)) {
validateSubject();
subject = assertionFactory.createSubject((Element) childNode);
} else if (cName.equals(SAML2Constants.NAMEIDPOLICY)) {
validateNameIDPolicy();
nameIDPolicy = protoFactory.createNameIDPolicy((Element) childNode);
} else if (cName.equals(SAML2Constants.CONDITIONS)) {
validateConditions();
conditions = assertionFactory.createConditions((Element) childNode);
} else if (cName.equals(SAML2Constants.REQ_AUTHN_CONTEXT)) {
validateReqAuthnContext();
reqAuthnContext = protoFactory.createRequestedAuthnContext((Element) childNode);
} else if (cName.equals(SAML2Constants.SCOPING)) {
validateScoping();
scoping = protoFactory.createScoping((Element) childNode);
}
}
}
}
// Get ForceAuthn Attribute
String forceAuthnAttr = element.getAttribute(SAML2Constants.FORCEAUTHN);
if ((forceAuthnAttr != null) && (forceAuthnAttr.length() > 0)) {
forceAuthn = SAML2SDKUtils.booleanValueOf(forceAuthnAttr);
}
String isPassiveAttr = element.getAttribute(SAML2Constants.ISPASSIVE);
if ((isPassiveAttr != null) && (isPassiveAttr.length() > 0)) {
isPassive = SAML2SDKUtils.booleanValueOf(isPassiveAttr);
}
protocolBinding = element.getAttribute(SAML2Constants.PROTOBINDING);
String index = element.getAttribute(SAML2Constants.ASSERTION_CONSUMER_SVC_INDEX);
if ((index != null) && (index.length() > 0)) {
assertionConsumerSvcIndex = new Integer(index);
validateAssertionConsumerServiceIndex(assertionConsumerSvcIndex);
}
assertionConsumerServiceURL = XMLUtils.unescapeSpecialCharacters(element.getAttribute(SAML2Constants.ASSERTION_CONSUMER_SVC_URL));
index = element.getAttribute(SAML2Constants.ATTR_CONSUMING_SVC_INDEX);
if ((index != null) && (index.length() > 0)) {
attrConsumingSvcIndex = new Integer(index);
validateAttributeConsumingServiceIndex(attrConsumingSvcIndex);
}
providerName = element.getAttribute(SAML2Constants.PROVIDER_NAME);
}
Also used :
ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory)
AssertionFactory(com.sun.identity.saml2.assertion.AssertionFactory)
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
Element(org.w3c.dom.Element)
Example 12 with Extensions
use of com.sun.identity.saml2.protocol.Extensions in project OpenAM by OpenRock.
the class LogoutRequestImpl method toXMLString.
/**
* Returns the <code>LogoutRequest</code> in an XML document String format
* based on the <code>LogoutRequest</code> schema described above.
*
* @param includeNSPrefix Determines whether or not the namespace qualifier
* is prepended to the Element when converted
* @param declareNS Determines whether or not the namespace is declared
* within the Element.
* @return A XML String representing the <code>LogoutRequest</code>.
* @throws SAML2Exception if some error occurs during conversion to
* <code>String</code>.
*/
public String toXMLString(boolean includeNSPrefix, boolean declareNS) throws SAML2Exception {
if (isSigned && signedXMLString != null) {
return signedXMLString;
}
validateData();
StringBuffer xmlString = new StringBuffer(1000);
xmlString.append(SAML2Constants.START_TAG);
if (includeNSPrefix) {
xmlString.append(SAML2Constants.PROTOCOL_PREFIX);
}
xmlString.append(SAML2Constants.LOGOUT_REQUEST).append(SAML2Constants.SPACE);
if (declareNS) {
xmlString.append(SAML2Constants.PROTOCOL_DECLARE_STR).append(SAML2Constants.SPACE);
}
xmlString.append(SAML2Constants.ID).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(requestId).append(SAML2Constants.QUOTE).append(SAML2Constants.SPACE).append(SAML2Constants.VERSION).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(version).append(SAML2Constants.QUOTE).append(SAML2Constants.SPACE).append(SAML2Constants.ISSUE_INSTANT).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(DateUtils.toUTCDateFormat(issueInstant)).append(SAML2Constants.QUOTE);
if ((destinationURI != null) && (destinationURI.length() > 0)) {
xmlString.append(SAML2Constants.SPACE).append(SAML2Constants.DESTINATION).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(destinationURI).append(SAML2Constants.QUOTE);
}
if ((consent != null) && (consent.length() > 0)) {
xmlString.append(SAML2Constants.SPACE).append(SAML2Constants.CONSENT).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(consent).append(SAML2Constants.QUOTE);
}
if (notOnOrAfter != null) {
xmlString.append(SAML2Constants.SPACE).append(SAML2Constants.NOTONORAFTER).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(DateUtils.toUTCDateFormat(notOnOrAfter)).append(SAML2Constants.QUOTE);
}
if ((reason != null) && (reason.length() > 0)) {
xmlString.append(SAML2Constants.SPACE).append(SAML2Constants.REASON).append(SAML2Constants.EQUAL).append(SAML2Constants.QUOTE).append(reason).append(SAML2Constants.QUOTE);
}
xmlString.append(SAML2Constants.END_TAG);
if (nameID != null) {
String issuerString = nameID.toXMLString(includeNSPrefix, declareNS);
xmlString.append(issuerString);
}
if ((signatureString != null) && (signatureString.length() > 0)) {
xmlString.append(signatureString);
}
if (extensions != null) {
xmlString.append(extensions.toXMLString(includeNSPrefix, declareNS));
}
if (baseId != null) {
xmlString.append(baseId.toXMLString(includeNSPrefix, declareNS));
}
if (nameId != null) {
xmlString.append(nameId.toXMLString(includeNSPrefix, declareNS));
}
if (encryptedId != null) {
xmlString.append(encryptedId.toXMLString(includeNSPrefix, declareNS));
}
if (sessionIndexList != null && !sessionIndexList.isEmpty()) {
Iterator sessionIterator = sessionIndexList.iterator();
while (sessionIterator.hasNext()) {
ProtocolFactory protoFactory = ProtocolFactory.getInstance();
String sessionString = (String) sessionIterator.next();
SessionIndex sIndex = protoFactory.createSessionIndex(sessionString);
xmlString.append(sIndex.toXMLString(includeNSPrefix, declareNS));
}
}
xmlString.append(SAML2Constants.SAML2_END_TAG).append(SAML2Constants.LOGOUT_REQUEST).append(SAML2Constants.END_TAG);
return xmlString.toString();
}
Also used :
ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory)
SessionIndex(com.sun.identity.saml2.protocol.SessionIndex)
Iterator(java.util.Iterator)
Example 13 with Extensions
use of com.sun.identity.saml2.protocol.Extensions in project OpenAM by OpenRock.
the class LogoutRequestImpl method parseElement.
/**
* Parses the Docuemnt Element for this object.
*
* @param element the Document Element of this object.
* @throws SAML2Exception if error parsing the Document Element.
*/
private void parseElement(Element element) throws SAML2Exception {
AssertionFactory assertionFactory = AssertionFactory.getInstance();
ProtocolFactory protoFactory = ProtocolFactory.getInstance();
requestId = element.getAttribute(SAML2Constants.ID);
validateID(requestId);
version = element.getAttribute(SAML2Constants.VERSION);
validateVersion(version);
String issueInstantStr = element.getAttribute(SAML2Constants.ISSUE_INSTANT);
validateIssueInstant(issueInstantStr);
destinationURI = element.getAttribute(SAML2Constants.DESTINATION);
consent = element.getAttribute(SAML2Constants.CONSENT);
String notOnOrAfterStr = element.getAttribute(SAML2Constants.NOTONORAFTER);
validateNotOnOrAfterStr(notOnOrAfterStr);
reason = element.getAttribute(SAML2Constants.REASON);
String sessionIndexStr = null;
NodeList nList = element.getChildNodes();
if ((nList != null) && (nList.getLength() > 0)) {
for (int i = 0; i < nList.getLength(); i++) {
Node childNode = nList.item(i);
String cName = childNode.getLocalName();
if (cName != null) {
if (cName.equals(SAML2Constants.ISSUER)) {
nameID = assertionFactory.createIssuer((Element) childNode);
} else if (cName.equals(SAML2Constants.SIGNATURE)) {
signatureString = XMLUtils.print((Element) childNode);
isSigned = true;
} else if (cName.equals(SAML2Constants.EXTENSIONS)) {
extensions = protoFactory.createExtensions((Element) childNode);
} else if (cName.equals(SAML2Constants.BASEID)) {
baseId = assertionFactory.createBaseID((Element) childNode);
} else if (cName.equals(SAML2Constants.NAMEID)) {
nameId = assertionFactory.createNameID((Element) childNode);
} else if (cName.equals(SAML2Constants.ENCRYPTEDID)) {
encryptedId = assertionFactory.createEncryptedID((Element) childNode);
} else if (cName.equals(SAML2Constants.SESSION_INDEX)) {
if ((sessionIndexList == null) || (sessionIndexList.isEmpty())) {
sessionIndexList = new ArrayList();
}
sessionIndexStr = XMLUtils.getElementString((Element) childNode);
sessionIndexList.add(sessionIndexStr);
}
}
}
validateBaseIDorNameIDorEncryptedID();
if ((sessionIndexList != null) && (!sessionIndexList.isEmpty())) {
sessionIndexList = Collections.unmodifiableList(sessionIndexList);
}
}
}
Also used :
ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory)
AssertionFactory(com.sun.identity.saml2.assertion.AssertionFactory)
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
Example 14 with Extensions
use of com.sun.identity.saml2.protocol.Extensions in project OpenAM by OpenRock.
the class ManageNameIDRequestImpl method parseElement.
private void parseElement(Element element) throws SAML2Exception {
AssertionFactory assertionFactory = AssertionFactory.getInstance();
ProtocolFactory protocolFactory = ProtocolFactory.getInstance();
// make sure that the input xml block is not null
if (element == null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ManageNameIDRequestImpl.parseElement: " + "Input is null.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
}
// Make sure this is an EncryptedAssertion.
String tag = null;
tag = element.getLocalName();
if ((tag == null) || (!tag.equals(elementName))) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ManageNameIDRequestImpl.parseElement:" + "not ManageNameIDRequest.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("wrongInput"));
}
requestId = element.getAttribute("ID");
validateID(requestId);
version = element.getAttribute(SAML2Constants.VERSION);
validateVersion(version);
String issueInstantStr = element.getAttribute("IssueInstant");
validateIssueInstant(issueInstantStr);
destinationURI = element.getAttribute("Destination");
consent = element.getAttribute("Consent");
NodeList nList = element.getChildNodes();
if ((nList != null) && (nList.getLength() > 0)) {
for (int i = 0; i < nList.getLength(); i++) {
Node childNode = nList.item(i);
String cName = childNode.getLocalName();
if (cName != null) {
if (cName.equals("Issuer")) {
nameID = assertionFactory.createIssuer((Element) childNode);
} else if (cName.equals("Signature")) {
signatureString = XMLUtils.getElementString((Element) childNode);
isSigned = true;
} else if (cName.equals("Extensions")) {
extensions = protocolFactory.createExtensions((Element) childNode);
} else if (cName.equals("NameID")) {
nameid = assertionFactory.createNameID((Element) childNode);
} else if (cName.equals("EncryptedID")) {
encryptedID = assertionFactory.createEncryptedID((Element) childNode);
} else if (cName.equals("NewID")) {
newID = protocolFactory.createNewID((Element) childNode);
} else if (cName.equals("NewEncryptedID")) {
newEncryptedID = protocolFactory.createNewEncryptedID((Element) childNode);
} else if (cName.equals("Terminate")) {
terminate = true;
}
}
}
}
}
Also used :
ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
AssertionFactory(com.sun.identity.saml2.assertion.AssertionFactory)
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
Element(org.w3c.dom.Element)
Example 15 with Extensions
use of com.sun.identity.saml2.protocol.Extensions in project OpenAM by OpenRock.
the class SPSingleLogout method initiateLogoutRequest.
/**
* Parses the request parameters and initiates the Logout
* Request to be sent to the IDP.
*
* @param request the HttpServletRequest.
* @param response the HttpServletResponse.
* @param out The print writer for writing out presentation.
* @param binding binding used for this request.
* @param paramsMap Map of all other parameters.
* Following parameters names with their respective
* String values are allowed in this paramsMap.
* "RelayState" - the target URL on successful Single Logout
* "Destination" - A URI Reference indicating the address to
* which the request has been sent.
* "Consent" - Specifies a URI a SAML defined identifier
* known as Consent Identifiers.
* "Extension" - Specifies a list of Extensions as list of
* String objects.
* @param origLogoutRequest original LogoutRequest
* @param msg SOAPMessage
* @param newSession Session object for IDP Proxy
* @param audit the auditor for logging SAML2 Events - may be null
* @throws SAML2Exception if error initiating request to IDP.
*/
public static void initiateLogoutRequest(HttpServletRequest request, HttpServletResponse response, PrintWriter out, String binding, Map paramsMap, LogoutRequest origLogoutRequest, SOAPMessage msg, Object newSession, SAML2EventLogger audit) throws SAML2Exception {
if (debug.messageEnabled()) {
debug.message("SPSingleLogout:initiateLogoutRequest");
debug.message("binding : " + binding);
debug.message("paramsMap : " + paramsMap);
}
String metaAlias = (String) paramsMap.get(SAML2Constants.SP_METAALIAS);
try {
Object session = null;
if (newSession != null) {
session = newSession;
} else {
session = sessionProvider.getSession(request);
}
if (null != audit) {
audit.setSSOTokenId(session);
}
if (!SPCache.isFedlet) {
if (session == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("nullSSOToken"));
}
}
if (metaAlias == null) {
if (!SPCache.isFedlet) {
String[] values = sessionProvider.getProperty(session, SAML2Constants.SP_METAALIAS);
if (values != null && values.length > 0) {
metaAlias = values[0];
}
} else {
List spMetaAliases = sm.getAllHostedServiceProviderMetaAliases("/");
if ((spMetaAliases != null) && !spMetaAliases.isEmpty()) {
// get first one
metaAlias = (String) spMetaAliases.get(0);
}
}
}
if (metaAlias == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("nullSPMetaAlias"));
}
paramsMap.put(SAML2Constants.METAALIAS, metaAlias);
String realm = SAML2Utils.getRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAlias));
debug.message("realm : " + realm);
String spEntityID = sm.getEntityByMetaAlias(metaAlias);
if (spEntityID == null) {
debug.error("Service Provider ID is missing");
String[] data = { spEntityID };
LogUtil.error(Level.INFO, LogUtil.INVALID_SP, data, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("nullSPEntityID"));
}
debug.message("spEntityID : " + spEntityID);
// clean up session index
String tokenID = sessionProvider.getSessionID(session);
String infoKeyString = null;
if (SPCache.isFedlet) {
infoKeyString = SAML2Utils.getParameter(paramsMap, SAML2Constants.INFO_KEY);
} else {
try {
String[] values = sessionProvider.getProperty(session, AccountUtils.getNameIDInfoKeyAttribute());
if (values != null && values.length > 0) {
infoKeyString = values[0];
}
} catch (SessionException se) {
debug.error("Unable to get infoKeyString from " + "session.", se);
throw new SAML2Exception(SAML2Utils.bundle.getString("errorInfoKeyString"));
}
}
if (debug.messageEnabled()) {
debug.message("tokenID : " + tokenID);
debug.message("infoKeyString : " + infoKeyString);
}
// get SPSSODescriptor
SPSSODescriptorElement spsso = sm.getSPSSODescriptor(realm, spEntityID);
if (spsso == null) {
String[] data = { spEntityID };
LogUtil.error(Level.INFO, LogUtil.SP_METADATA_ERROR, data, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
List extensionsList = LogoutUtil.getExtensionsList(paramsMap);
String relayState = SAML2Utils.getParameter(paramsMap, SAML2Constants.RELAY_STATE);
if (relayState == null || relayState.equals("")) {
relayState = SAML2Utils.getAttributeValueFromSSOConfig(realm, spEntityID, SAML2Constants.SP_ROLE, SAML2Constants.DEFAULT_RELAY_STATE);
}
// Validate the RelayState URL.
SAML2Utils.validateRelayStateURL(realm, spEntityID, relayState, SAML2Constants.SP_ROLE);
if (infoKeyString == null) {
// termination case, do local logout only and send to
// relay state if any
debug.warning("SPSingleLogout.initiateLogoutRequest : Unable to get infoKeyString from session.");
sessionProvider.invalidateSession(session, request, response);
if ((relayState != null) && !relayState.equals("")) {
try {
response.sendRedirect(relayState);
} catch (IOException e) {
debug.error("SPSingleLogout.initiateLogoutRequest: " + "Error in send redirect to " + relayState, e);
}
} else {
RequestDispatcher dispatcher = request.getRequestDispatcher("saml2/jsp/default.jsp?message=spSloSuccess");
try {
dispatcher.forward(request, response);
} catch (IOException e) {
debug.error("SPSingleLogout.initiateLogoutRequest: " + "Error in forwarding to default.jsp", e);
} catch (ServletException e) {
debug.error("SPSingleLogout.initiateLogoutRequest: " + "Error in forwarding to default.jsp", e);
}
}
return;
}
StringTokenizer st = new StringTokenizer(infoKeyString, SAML2Constants.SECOND_DELIM);
String requestID = null;
while (st.hasMoreTokens()) {
String tmpInfoKeyString = st.nextToken();
NameIDInfoKey nameIdInfoKey = NameIDInfoKey.parse(tmpInfoKeyString);
//logout request to the other SP instance, invalidating the session for both SPs.
if (nameIdInfoKey.getHostEntityID().equals(spEntityID)) {
requestID = prepareForLogout(realm, tokenID, metaAlias, extensionsList, binding, relayState, request, response, paramsMap, tmpInfoKeyString, origLogoutRequest, msg);
}
}
// IDP Proxy
SOAPMessage soapMsg = (SOAPMessage) IDPCache.SOAPMessageByLogoutRequestID.get(requestID);
if (soapMsg != null) {
IDPProxyUtil.sendProxyLogoutResponseBySOAP(soapMsg, response, out);
}
// when SAML Response reached the SP side.
if (binding.equals(SAML2Constants.SOAP) || (requestID == null)) {
sessionProvider.invalidateSession(session, request, response);
}
} catch (SAML2MetaException sme) {
debug.error("Error retreiving metadata", sme);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
} catch (SessionException ssoe) {
debug.error("Session exception: ", ssoe);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
}
Also used :
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
SessionException(com.sun.identity.plugin.session.SessionException)
IOException(java.io.IOException)
SOAPMessage(javax.xml.soap.SOAPMessage)
RequestDispatcher(javax.servlet.RequestDispatcher)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
ServletException(javax.servlet.ServletException)
StringTokenizer(java.util.StringTokenizer)
List(java.util.List)
ArrayList(java.util.ArrayList)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
NameIDInfoKey(com.sun.identity.saml2.common.NameIDInfoKey)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)11
Element (org.w3c.dom.Element)10
Node (org.w3c.dom.Node)9
NodeList (org.w3c.dom.NodeList)9
ProtocolFactory (com.sun.identity.saml2.protocol.ProtocolFactory)8
AssertionFactory (com.sun.identity.saml2.assertion.AssertionFactory)7
ArrayList (java.util.ArrayList)6
List (java.util.List)5
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)4
Extensions (com.sun.identity.saml2.protocol.Extensions)4
Iterator (java.util.Iterator)4
SessionException (com.sun.identity.plugin.session.SessionException)3
IOException (java.io.IOException)3
ParseException (java.text.ParseException)3
Attr (org.w3c.dom.Attr)3
NamedNodeMap (org.w3c.dom.NamedNodeMap)3
Issuer (com.sun.identity.saml2.assertion.Issuer)2
Date (java.util.Date)2
HashSet (java.util.HashSet)2
Set (java.util.Set)2
