Examples with ManageNameIDRequest com.sun.identity.saml2.protocol.ManageNameIDRequest used on opensource projects

Search in sources :

Example 6 with ManageNameIDRequest

use of com.sun.identity.saml2.protocol.ManageNameIDRequest in project OpenAM by OpenRock.

the class DoManageNameID method processHttpRequest.

/**
     * Parses the request parameters and process the ManageNameID
     * Request from the remote entity.
     *
     * @param request the HttpServletRequest.
     * @param response the HttpServletResponse.
     * @param paramsMap Map of all other parameters.
     * @throws SAML2Exception if error occurred while processing the request.
     * @throws SessionException if error processing the request from remote entity.
     * @throws ServletException if request length is invalid.
     */
public static void processHttpRequest(HttpServletRequest request, HttpServletResponse response, Map paramsMap) throws SAML2Exception, SessionException, ServletException {
    String method = "processHttpRequest: ";
    String metaAlias = null;
    String remoteEntityID = null;
    String queryString = null;
    // handle DOS attack
    SAMLUtils.checkHTTPContentLength(request);
    String requestURL = request.getRequestURI();
    metaAlias = SAML2MetaUtils.getMetaAliasByUri(requestURL);
    if (metaAlias == null) {
        logError("MetaAliasNotFound", LogUtil.MISSING_META_ALIAS, metaAlias);
        throw new SAML2Exception(SAML2Utils.bundle.getString("MetaAliasNotFound"));
    }
    String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
    String hostEntity = metaManager.getEntityByMetaAlias(metaAlias);
    String hostRole = SAML2Utils.getHostEntityRole(paramsMap);
    boolean isSupported = false;
    if (SAML2Constants.IDP_ROLE.equals(hostRole)) {
        isSupported = SAML2Utils.isIDPProfileBindingSupported(realm, hostEntity, SAML2Constants.MNI_SERVICE, SAML2Constants.HTTP_REDIRECT);
    } else {
        isSupported = SAML2Utils.isSPProfileBindingSupported(realm, hostEntity, SAML2Constants.MNI_SERVICE, SAML2Constants.HTTP_REDIRECT);
    }
    if (!isSupported) {
        debug.error(method + "MNI binding: Redirect is not supported for " + hostEntity);
        String[] data = { hostEntity, SAML2Constants.HTTP_REDIRECT };
        LogUtil.error(Level.INFO, LogUtil.BINDING_NOT_SUPPORTED, data, null);
        throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
    }
    // Retrieve ManageNameIDRequest 
    ManageNameIDRequest mniRequest = getMNIRequest(request);
    remoteEntityID = mniRequest.getIssuer().getValue();
    if (remoteEntityID == null) {
        logError("nullRemoteEntityID", LogUtil.MISSING_ENTITY, remoteEntityID);
        throw new SAML2Exception(SAML2Utils.bundle.getString("nullRemoteEntityID"));
    }
    boolean needToVerify = SAML2Utils.getWantMNIRequestSigned(realm, hostEntity, hostRole);
    if (needToVerify) {
        queryString = request.getQueryString();
        boolean valid = SAML2Utils.verifyQueryString(queryString, realm, hostRole, remoteEntityID);
        if (!valid) {
            logError("invalidSignInRequest", LogUtil.MNI_REQUEST_INVALID_SIGNATURE, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInRequest"));
        }
    }
    String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
    if (debug.messageEnabled()) {
        debug.message(method + "Meta Alias is : " + metaAlias);
        debug.message(method + "Remote EntityID is : " + remoteEntityID);
        debug.message(method + "Host Entity role is : " + hostRole);
        debug.message(method + "Relay state is : " + relayState);
    }
    try {
        ManageNameIDServiceElement mniService = getMNIServiceElement(realm, remoteEntityID, hostRole, SAML2Constants.HTTP_REDIRECT);
        String mniURL = mniService.getResponseLocation();
        if (mniURL == null) {
            mniURL = mniService.getLocation();
        }
        ManageNameIDResponse mniResponse = processManageNameIDRequest(mniRequest, metaAlias, remoteEntityID, paramsMap, mniURL, SAML2Constants.HTTP_REDIRECT, request, response);
        sendMNIResponse(response, mniResponse, mniURL, relayState, realm, hostEntity, hostRole, remoteEntityID);
    } catch (SAML2MetaException e) {
        logError("metaDataError", LogUtil.METADATA_ERROR, null);
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) ManageNameIDServiceElement(com.sun.identity.saml2.jaxb.metadata.ManageNameIDServiceElement) ManageNameIDRequest(com.sun.identity.saml2.protocol.ManageNameIDRequest) ManageNameIDResponse(com.sun.identity.saml2.protocol.ManageNameIDResponse) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)

Example 7 with ManageNameIDRequest

use of com.sun.identity.saml2.protocol.ManageNameIDRequest in project OpenAM by OpenRock.

the class DoManageNameID method processSOAPRequest.

/**
     * Parses the request parameters and process the ManageNameID
     * Request from the remote entity.
     *
     * @param request the HttpServletRequest.
     * @param response the HttpServletResponse.
     * @param paramsMap Map of all other parameters.
     * @throws SAML2Exception if error occurred while processing the request.
     * @throws IOException if error generation DOM from input stream.
     * @throws SOAPException if error generating soap message.
     * @throws ServletException if request length is invalid.
     */
public static void processSOAPRequest(HttpServletRequest request, HttpServletResponse response, Map paramsMap) throws SAML2Exception, IOException, SOAPException, ServletException {
    String method = "processSOAPRequest: ";
    String metaAlias = null;
    String remoteEntityID = null;
    String requestURL = request.getRequestURI();
    String hostEntityRole = SAML2Utils.getHostEntityRole(paramsMap);
    // handle DOS attack
    SAMLUtils.checkHTTPContentLength(request);
    metaAlias = SAML2MetaUtils.getMetaAliasByUri(requestURL);
    if (metaAlias == null) {
        logError("MetaAliasNotFound", LogUtil.MISSING_META_ALIAS, metaAlias);
        throw new SAML2Exception(SAML2Utils.bundle.getString("MetaAliasNotFound"));
    }
    String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
    String hostEntity = metaManager.getEntityByMetaAlias(metaAlias);
    boolean isSupported = false;
    if (SAML2Constants.IDP_ROLE.equals(hostEntityRole)) {
        isSupported = SAML2Utils.isIDPProfileBindingSupported(realm, hostEntity, SAML2Constants.MNI_SERVICE, SAML2Constants.SOAP);
    } else {
        isSupported = SAML2Utils.isSPProfileBindingSupported(realm, hostEntity, SAML2Constants.MNI_SERVICE, SAML2Constants.SOAP);
    }
    if (!isSupported) {
        debug.error(method + "MNI binding: SOAP is not supported for " + hostEntity);
        String[] data = { hostEntity, SAML2Constants.SOAP };
        LogUtil.error(Level.INFO, LogUtil.BINDING_NOT_SUPPORTED, data, null);
        throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
    }
    // Retrieve a SOAPMessage
    SOAPMessage message = SOAPCommunicator.getInstance().getSOAPMessage(request);
    ManageNameIDRequest mniRequest = getMNIRequest(message);
    remoteEntityID = mniRequest.getIssuer().getValue();
    if (remoteEntityID == null) {
        logError("nullRemoteEntityID", LogUtil.MISSING_ENTITY, metaAlias);
        throw new SAML2Exception(SAML2Utils.bundle.getString("nullRemoteEntityID"));
    }
    if (debug.messageEnabled()) {
        debug.message(method + "Meta Alias is : " + metaAlias);
        debug.message(method + "Host EntityID is : " + hostEntity);
        debug.message(method + "Remote EntityID is : " + remoteEntityID);
    }
    String dest = mniRequest.getDestination();
    boolean valid = verifyMNIRequest(mniRequest, realm, remoteEntityID, hostEntity, hostEntityRole, dest);
    if (!valid) {
        logError("invalidSignInRequest", LogUtil.MNI_REQUEST_INVALID_SIGNATURE, metaAlias);
        throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInRequest"));
    }
    ManageNameIDResponse mniResponse = processManageNameIDRequest(mniRequest, metaAlias, remoteEntityID, paramsMap, null, SAML2Constants.SOAP, request, response);
    signMNIResponse(mniResponse, realm, hostEntity, hostEntityRole, remoteEntityID);
    SOAPMessage reply = SOAPCommunicator.getInstance().createSOAPMessage(mniResponse.toXMLString(true, true), false);
    if (reply != null) {
        /*  Need to call saveChanges because we're
             * going to use the MimeHeaders to set HTTP
             * response information. These MimeHeaders
             * are generated as part of the save. */
        if (reply.saveRequired()) {
            reply.saveChanges();
        }
        response.setStatus(HttpServletResponse.SC_OK);
        SAML2Utils.putHeaders(reply.getMimeHeaders(), response);
        // Write out the message on the response stream
        OutputStream os = response.getOutputStream();
        reply.writeTo(os);
        os.flush();
    } else {
        logError("errorObtainResponse", LogUtil.CANNOT_INSTANTIATE_MNI_RESPONSE, null);
        throw new SAML2Exception(SAML2Utils.bundle.getString("errorObtainResponse"));
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) ManageNameIDRequest(com.sun.identity.saml2.protocol.ManageNameIDRequest) OutputStream(java.io.OutputStream) SOAPMessage(javax.xml.soap.SOAPMessage) ManageNameIDResponse(com.sun.identity.saml2.protocol.ManageNameIDResponse)

Example 8 with ManageNameIDRequest

use of com.sun.identity.saml2.protocol.ManageNameIDRequest in project OpenAM by OpenRock.

the class DoManageNameID method getMNIRequest.

// This is the application code for handling the message.
private static ManageNameIDRequest getMNIRequest(SOAPMessage message) throws SAML2Exception {
    Element reqElem = SOAPCommunicator.getInstance().getSamlpElement(message, "ManageNameIDRequest");
    ManageNameIDRequest manageRequest = pf.createManageNameIDRequest(reqElem);
    return manageRequest;
}
Also used : ManageNameIDRequest(com.sun.identity.saml2.protocol.ManageNameIDRequest) SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) ManageNameIDServiceElement(com.sun.identity.saml2.jaxb.metadata.ManageNameIDServiceElement) Element(org.w3c.dom.Element) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)

Example 9 with ManageNameIDRequest

use of com.sun.identity.saml2.protocol.ManageNameIDRequest in project OpenAM by OpenRock.

the class DoManageNameID method getMNIRequestFromPost.

static ManageNameIDRequest getMNIRequestFromPost(String samlRequest) throws SAML2Exception {
    debug.message("DoManageNameID.getMNIRequestFromPost: samlRequest = " + samlRequest);
    ManageNameIDRequest mniReq = null;
    ByteArrayInputStream bis = null;
    try {
        byte[] raw = Base64.decode(samlRequest);
        if (raw != null) {
            bis = new ByteArrayInputStream(raw);
            Document doc = XMLUtils.toDOMDocument(bis, SAML2Utils.debug);
            if (doc != null) {
                mniReq = ProtocolFactory.getInstance().createManageNameIDRequest(doc.getDocumentElement());
            }
        }
    } catch (SAML2Exception se) {
        debug.error("DoManageNameID.getMNIRequestFromPost:", se);
        throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlResponse"));
    } catch (Exception e) {
        debug.error("DoManageNameID.getMNIRequestFromPost:", e);
        throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlResponse"));
    } finally {
        if (bis != null) {
            try {
                bis.close();
            } catch (Exception ie) {
                if (debug.messageEnabled()) {
                    debug.message("DoManageNameID.getMNIRequestFromPost:", ie);
                }
            }
        }
    }
    return mniReq;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) ManageNameIDRequest(com.sun.identity.saml2.protocol.ManageNameIDRequest) ByteArrayInputStream(java.io.ByteArrayInputStream) Document(org.w3c.dom.Document) ServletException(javax.servlet.ServletException) SOAPException(javax.xml.soap.SOAPException) SessionException(com.sun.identity.plugin.session.SessionException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) IOException(java.io.IOException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)

Example 10 with ManageNameIDRequest

use of com.sun.identity.saml2.protocol.ManageNameIDRequest in project OpenAM by OpenRock.

the class DoManageNameID method getNewIDFromMNIRequest.

private static NewID getNewIDFromMNIRequest(ManageNameIDRequest request, String realm, String hostEntityID, String hostEntityRole) throws SAML2Exception {
    boolean needDecryptIt = SAML2Utils.getWantNameIDEncrypted(realm, hostEntityID, hostEntityRole);
    if (!needDecryptIt) {
        if (debug.messageEnabled()) {
            debug.message("DoManageNameID.getNewIDFromMNIRequest: " + "NamID doesn't need to be decrypted.");
            debug.message("DoManageNameID.getNewIDFromMNIRequest: " + "request is " + request);
        }
        NewID newID = null;
        if (request != null) {
            newID = request.getNewID();
            debug.message("DoManageNameID.getNewIDFromMNIRequest: " + "newid is " + newID.getValue());
        }
        return newID;
    }
    NewEncryptedID encryptedID = request.getNewEncryptedID();
    return encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, hostEntityID, hostEntityRole));
}
Also used : NewID(com.sun.identity.saml2.protocol.NewID) NewEncryptedID(com.sun.identity.saml2.protocol.NewEncryptedID)

Aggregations

SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)15 ManageNameIDRequest (com.sun.identity.saml2.protocol.ManageNameIDRequest)9 SessionException (com.sun.identity.plugin.session.SessionException)8 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)7 NameID (com.sun.identity.saml2.assertion.NameID)5 ManageNameIDServiceElement (com.sun.identity.saml2.jaxb.metadata.ManageNameIDServiceElement)5 ManageNameIDResponse (com.sun.identity.saml2.protocol.ManageNameIDResponse)5 IOException (java.io.IOException)5 SOAPException (javax.xml.soap.SOAPException)5 EncryptedID (com.sun.identity.saml2.assertion.EncryptedID)4 IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)4 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)4 NewEncryptedID (com.sun.identity.saml2.protocol.NewEncryptedID)4 ServletException (javax.servlet.ServletException)4 NewID (com.sun.identity.saml2.protocol.NewID)3 Element (org.w3c.dom.Element)3 NameIDInfo (com.sun.identity.saml2.common.NameIDInfo)2 ByteArrayInputStream (java.io.ByteArrayInputStream)2 PrivateKey (java.security.PrivateKey)2 X509Certificate (java.security.cert.X509Certificate)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial