Examples with ManageNameIDResponse com.sun.identity.saml2.protocol.ManageNameIDResponse used on opensource projects

Search in sources :

Example 6 with ManageNameIDResponse

use of com.sun.identity.saml2.protocol.ManageNameIDResponse in project OpenAM by OpenRock.

the class DoManageNameID method getMNIResponseFromPost.

static String getMNIResponseFromPost(String samlResponse, HttpServletResponse response) throws SAML2Exception {
    if (samlResponse == null) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("missingSAMLResponse"));
    }
    ManageNameIDResponse resp = null;
    ByteArrayInputStream bis = null;
    try {
        byte[] raw = Base64.decode(samlResponse);
        if (raw != null) {
            bis = new ByteArrayInputStream(raw);
            Document doc = XMLUtils.toDOMDocument(bis, debug);
            if (doc != null) {
                resp = ProtocolFactory.getInstance().createManageNameIDResponse(doc.getDocumentElement());
            }
        }
    } catch (SAML2Exception se) {
        debug.error("DoManageNameID.getMNIResponseFromPost:", se);
        throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlResponse"));
    } catch (Exception e) {
        debug.error("DoManageNameID.getMNIResponseFromPost:", e);
        throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlResponse"));
    } finally {
        if (bis != null) {
            try {
                bis.close();
            } catch (Exception ie) {
                if (debug.messageEnabled()) {
                    debug.message("DoManageNameID.getMNIResponseFromPost:", ie);
                }
            }
        }
    }
    String respStr = null;
    if (resp != null) {
        respStr = resp.toXMLString();
    }
    if (debug.messageEnabled()) {
        debug.message("DoManageNameID.getMNIResponseFromPost: " + respStr);
    }
    return respStr;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) ByteArrayInputStream(java.io.ByteArrayInputStream) Document(org.w3c.dom.Document) ManageNameIDResponse(com.sun.identity.saml2.protocol.ManageNameIDResponse) ServletException(javax.servlet.ServletException) SOAPException(javax.xml.soap.SOAPException) SessionException(com.sun.identity.plugin.session.SessionException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) IOException(java.io.IOException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)

Example 7 with ManageNameIDResponse

use of com.sun.identity.saml2.protocol.ManageNameIDResponse in project OpenAM by OpenRock.

the class DoManageNameID method doMNIBySOAP.

private static boolean doMNIBySOAP(ManageNameIDRequest mniRequest, String mniURL, String metaAlias, String hostRole, HttpServletRequest request, HttpServletResponse response) throws SAML2Exception {
    String method = "doMNIBySOAP: ";
    boolean success = false;
    String mniRequestXMLString = mniRequest.toXMLString(true, true);
    if (debug.messageEnabled()) {
        debug.message(method + "MNIRequestXMLString : " + mniRequestXMLString);
        debug.message(method + "MNIRedirectURL : " + mniURL);
    }
    SOAPMessage resMsg = null;
    try {
        resMsg = SOAPCommunicator.getInstance().sendSOAPMessage(mniRequestXMLString, mniURL, true);
    } catch (SOAPException se) {
        debug.error(SAML2Utils.bundle.getString("invalidSOAPMessge"), se);
        return false;
    }
    Element mniRespElem = SOAPCommunicator.getInstance().getSamlpElement(resMsg, "ManageNameIDResponse");
    ManageNameIDResponse mniResponse = mniResponse = pf.createManageNameIDResponse(mniRespElem);
    if (debug.messageEnabled()) {
        if (mniResponse != null) {
            debug.message(method + "ManageNameIDResponse without " + "SOAP envelope:\n" + mniResponse.toXMLString());
        } else {
            debug.message(method + "ManageNameIDResponse is null ");
        }
    }
    if (mniResponse != null) {
        try {
            String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
            String hostEntityID = metaManager.getEntityByMetaAlias(metaAlias);
            String remoteEntityID = mniResponse.getIssuer().getValue();
            Issuer resIssuer = mniResponse.getIssuer();
            String requestId = mniResponse.getInResponseTo();
            SAML2Utils.verifyResponseIssuer(realm, hostEntityID, resIssuer, requestId);
            boolean validSign = verifyMNIResponse(mniResponse, realm, remoteEntityID, hostEntityID, hostRole, mniResponse.getDestination());
            if (!validSign) {
                logError("invalidSignInResponse", LogUtil.CANNOT_INSTANTIATE_MNI_RESPONSE, null);
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInResponse"));
            }
            StringBuffer mniUserId = new StringBuffer();
            success = checkMNIResponse(mniResponse, realm, hostEntityID, hostRole, mniUserId);
            if (success && hostRole.equals(SAML2Constants.SP_ROLE)) {
                // invoke SPAdapter for termination success, SP initied SOAP
                postTerminationSuccess(hostEntityID, realm, request, response, mniUserId.toString(), mniRequest, mniResponse, SAML2Constants.SOAP);
            }
        } catch (SessionException e) {
            debug.error(SAML2Utils.bundle.getString("invalidSSOToken"), e);
            throw new SAML2Exception(e.toString());
        }
    }
    if (debug.messageEnabled()) {
        debug.message(method + "Request success : " + success);
    }
    return success;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Issuer(com.sun.identity.saml2.assertion.Issuer) SOAPException(javax.xml.soap.SOAPException) SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) ManageNameIDServiceElement(com.sun.identity.saml2.jaxb.metadata.ManageNameIDServiceElement) Element(org.w3c.dom.Element) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement) SessionException(com.sun.identity.plugin.session.SessionException) SOAPMessage(javax.xml.soap.SOAPMessage) ManageNameIDResponse(com.sun.identity.saml2.protocol.ManageNameIDResponse)

Example 8 with ManageNameIDResponse

use of com.sun.identity.saml2.protocol.ManageNameIDResponse in project OpenAM by OpenRock.

the class DoManageNameID method checkMNIResponse.

private static boolean checkMNIResponse(ManageNameIDResponse mniResponse, String realm, String hostEntityID, String hostRole, StringBuffer mniUserId) throws SAML2Exception, SessionException {
    boolean success = false;
    String remoteEntityID = mniResponse.getIssuer().getValue();
    String requestID = mniResponse.getInResponseTo();
    ManageNameIDRequestInfo reqInfo = getMNIRequestInfo(requestID, hostRole);
    if (reqInfo == null) {
        logError("invalidInResponseToInResponse", LogUtil.INVALID_MNI_RESPONSE, null);
        throw new SAML2Exception(SAML2Utils.bundle.getString("invalidInResponseToInResponse"));
    }
    String retCode = mniResponse.getStatus().getStatusCode().getValue();
    if (retCode.equalsIgnoreCase(SAML2Constants.SUCCESS)) {
        Object session = reqInfo.getSession();
        if (session == null) {
            logError("nullSSOToken", LogUtil.INVALID_SSOTOKEN, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullSSOToken"));
        }
        String userID = sessionProvider.getPrincipalName(session);
        mniUserId.append(userID);
        ManageNameIDRequest origMniReq = reqInfo.getManageNameIDRequest();
        NameID oldNameID = origMniReq.getNameID();
        List spFedSessions = null;
        NameIDInfo oldNameIDInfo = getNameIDInfo(userID, hostEntityID, remoteEntityID, hostRole, realm, oldNameID.getSPNameQualifier(), true);
        if (oldNameIDInfo == null) {
            debug.error("DoManageNameID.checkMNIResponse: NameIDInfo " + "not found.");
            return false;
        }
        // Terminate
        if (hostRole.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
            String infoKeyStr = oldNameIDInfo.getNameIDInfoKey().toValueString();
            spFedSessions = (List) SPCache.fedSessionListsByNameIDInfoKey.remove(infoKeyStr);
            removeInfoKeyFromSession(session, infoKeyStr);
            if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
                saml2Svc.setFedSessionCount((long) SPCache.fedSessionListsByNameIDInfoKey.size());
            }
        } else {
            removeIDPFedSession(remoteEntityID, oldNameID.getValue());
        }
        if (!AccountUtils.removeAccountFederation(oldNameIDInfo, userID)) {
            // log termination failure
            logError("unableToTerminate", LogUtil.UNABLE_TO_TERMINATE, userID);
            return false;
        }
        if (origMniReq.getTerminate()) {
            // log termination success
            logAccess("requestSuccess", LogUtil.SUCCESS_FED_TERMINATION, userID);
            return true;
        }
        // newID case
        String newIDValue = origMniReq.getNewID().getValue();
        boolean isAffiliation = oldNameIDInfo.isAffiliation();
        String spNameQualifier = oldNameID.getSPNameQualifier();
        if (hostRole.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
            NameID newNameID = AssertionFactory.getInstance().createNameID();
            newNameID.setValue(oldNameID.getValue());
            newNameID.setFormat(oldNameID.getFormat());
            newNameID.setSPProvidedID(newIDValue);
            newNameID.setSPNameQualifier(spNameQualifier);
            newNameID.setNameQualifier(oldNameID.getNameQualifier());
            NameIDInfo newNameIDInfo = new NameIDInfo((isAffiliation ? spNameQualifier : hostEntityID), remoteEntityID, newNameID, hostRole, isAffiliation);
            String newInfoKeyStr = newNameIDInfo.getNameIDInfoKey().toValueString();
            if (spFedSessions != null) {
                SPCache.fedSessionListsByNameIDInfoKey.put(newInfoKeyStr, spFedSessions);
                if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
                    saml2Svc.setFedSessionCount((long) SPCache.fedSessionListsByNameIDInfoKey.size());
                }
            }
            AccountUtils.setAccountFederation(newNameIDInfo, userID);
            try {
                String infoKeyAttribute = AccountUtils.getNameIDInfoKeyAttribute();
                String[] fromToken = sessionProvider.getProperty(session, infoKeyAttribute);
                if ((fromToken == null) || (fromToken.length == 0) || (fromToken[0] == null) || (fromToken[0].length() == 0)) {
                    String[] values = { newInfoKeyStr };
                    sessionProvider.setProperty(session, infoKeyAttribute, values);
                } else {
                    if (fromToken[0].indexOf(newInfoKeyStr) == -1) {
                        String[] values = { fromToken[0] + SAML2Constants.SECOND_DELIM + newInfoKeyStr };
                        sessionProvider.setProperty(session, infoKeyAttribute, values);
                    }
                }
            } catch (Exception e) {
                debug.message("DoManageNameID.checkMNIResponse:", e);
            }
        } else if (hostRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
            NameID newNameID = AssertionFactory.getInstance().createNameID();
            newNameID.setValue(newIDValue);
            newNameID.setFormat(oldNameID.getFormat());
            newNameID.setSPProvidedID(oldNameID.getSPProvidedID());
            newNameID.setSPNameQualifier(spNameQualifier);
            newNameID.setNameQualifier(hostEntityID);
            NameIDInfo newNameIDInfo = new NameIDInfo(hostEntityID, (isAffiliation ? spNameQualifier : remoteEntityID), newNameID, SAML2Constants.IDP_ROLE, isAffiliation);
            AccountUtils.setAccountFederation(newNameIDInfo, userID);
            NameIDandSPpair pair = new NameIDandSPpair(newNameID, remoteEntityID);
            IDPSession idpSession = (IDPSession) IDPCache.idpSessionsBySessionID.get(sessionProvider.getSessionID(session));
            if (idpSession != null) {
                synchronized (IDPCache.idpSessionsByIndices) {
                    List list = (List) idpSession.getNameIDandSPpairs();
                    list.add(pair);
                }
            }
        }
        // log manage name id success
        logAccess("newNameIDSuccess", LogUtil.SUCCESS_NEW_NAMEID, userID);
        success = true;
    } else {
        logError("mniFailed", LogUtil.INVALID_MNI_RESPONSE, null);
        throw new SAML2Exception(SAML2Utils.bundle.getString("mniFailed"));
    }
    return success;
}
Also used : NameIDInfo(com.sun.identity.saml2.common.NameIDInfo) ManageNameIDRequest(com.sun.identity.saml2.protocol.ManageNameIDRequest) NameID(com.sun.identity.saml2.assertion.NameID) ServletException(javax.servlet.ServletException) SOAPException(javax.xml.soap.SOAPException) SessionException(com.sun.identity.plugin.session.SessionException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) IOException(java.io.IOException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) List(java.util.List)

Example 9 with ManageNameIDResponse

use of com.sun.identity.saml2.protocol.ManageNameIDResponse in project OpenAM by OpenRock.

the class DoManageNameID method processMNIResponsePOST.

public static boolean processMNIResponsePOST(HttpServletRequest request, HttpServletResponse response, Map paramsMap) throws SAML2Exception {
    String method = "processMNIResponsePOST: ";
    boolean success = false;
    String requestURL = request.getRequestURI();
    String metaAlias = SAML2MetaUtils.getMetaAliasByUri(requestURL);
    if (metaAlias == null) {
        logError("MetaAliasNotFound", LogUtil.MISSING_META_ALIAS, null);
        throw new SAML2Exception(SAML2Utils.bundle.getString("MetaAliasNotFound"));
    }
    String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
    String hostEntityID = metaManager.getEntityByMetaAlias(metaAlias);
    String hostRole = SAML2Utils.getHostEntityRole(paramsMap);
    boolean isSupported = false;
    if (SAML2Constants.IDP_ROLE.equals(hostRole)) {
        isSupported = SAML2Utils.isIDPProfileBindingSupported(realm, hostEntityID, SAML2Constants.MNI_SERVICE, SAML2Constants.HTTP_POST);
    } else {
        isSupported = SAML2Utils.isSPProfileBindingSupported(realm, hostEntityID, SAML2Constants.MNI_SERVICE, SAML2Constants.HTTP_POST);
    }
    if (!isSupported) {
        debug.error(method + "MNI binding: POST is not supported for " + hostEntityID);
        String[] data = { hostEntityID, SAML2Constants.HTTP_POST };
        LogUtil.error(Level.INFO, LogUtil.BINDING_NOT_SUPPORTED, data, null);
        throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
    }
    String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
    String mniRes = request.getParameter(SAML2Constants.SAML_RESPONSE);
    String mniResStr = getMNIResponseFromPost(mniRes, response);
    if (mniResStr == null) {
        logError("nullDecodedStrFromSamlResponse", LogUtil.CANNOT_DECODE_RESPONSE, null);
        throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlResponse"));
    }
    if (debug.messageEnabled()) {
        debug.message("DoManageNameID.processMNIResponsePOST: " + "Meta Alias is : " + metaAlias);
        debug.message("DoManageNameID.processMNIResponsePOST: " + "Host role is : " + hostRole);
        debug.message("DoManageNameID.processMNIResponsePOST: " + "Relay state is : " + relayState);
        debug.message("DoManageNameID.processMNIResponsePOST: " + "MNI Response : " + mniResStr);
    }
    // Validate the RelayState URL.
    SAML2Utils.validateRelayStateURL(realm, hostEntityID, relayState, hostRole);
    ManageNameIDResponse mniResponse = null;
    try {
        mniResponse = pf.createManageNameIDResponse(mniResStr);
        String remoteEntityID = mniResponse.getIssuer().getValue();
        Issuer resIssuer = mniResponse.getIssuer();
        String requestId = mniResponse.getInResponseTo();
        SAML2Utils.verifyResponseIssuer(realm, hostEntityID, resIssuer, requestId);
        boolean needToVerify = SAML2Utils.getWantMNIResponseSigned(realm, hostEntityID, hostRole);
        if (needToVerify) {
            boolean valid = verifyMNIResponse(mniResponse, realm, remoteEntityID, hostEntityID, hostRole, mniResponse.getDestination());
            if (!valid) {
                logError("invalidSignInResponse", LogUtil.MNI_RESPONSE_INVALID_SIGNATURE, null);
                throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInResponse"));
            }
        }
        success = checkMNIResponse(mniResponse, realm, hostEntityID, hostRole, new StringBuffer());
    } catch (SessionException e) {
        logError("invalidSSOToken", LogUtil.INVALID_SSOTOKEN, null);
        throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSSOToken"));
    }
    if (debug.messageEnabled()) {
        debug.message("DoManageNameID.processMNIResponsePOST: " + "Request success : " + success);
    }
    return success;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Issuer(com.sun.identity.saml2.assertion.Issuer) SessionException(com.sun.identity.plugin.session.SessionException) ManageNameIDResponse(com.sun.identity.saml2.protocol.ManageNameIDResponse)

Example 10 with ManageNameIDResponse

use of com.sun.identity.saml2.protocol.ManageNameIDResponse in project OpenAM by OpenRock.

the class DoManageNameID method processManageNameIDRequest.

private static ManageNameIDResponse processManageNameIDRequest(ManageNameIDRequest mniRequest, String metaAlias, String remoteEntityID, Map paramsMap, String destination, String binding, HttpServletRequest request, HttpServletResponse response) {
    String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
    String hostEntityID = null;
    String hostRole = null;
    Status status = null;
    String userID = null;
    try {
        hostEntityID = metaManager.getEntityByMetaAlias(metaAlias);
        hostRole = SAML2Utils.getHostEntityRole(paramsMap);
        SAML2Utils.verifyRequestIssuer(realm, hostEntityID, mniRequest.getIssuer(), mniRequest.getID());
        if (hostRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
            IDPAccountMapper idpAcctMapper = SAML2Utils.getIDPAccountMapper(realm, hostEntityID);
            userID = idpAcctMapper.getIdentity(mniRequest, hostEntityID, realm);
        } else if (hostRole.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
            SPAccountMapper spAcctMapper = SAML2Utils.getSPAccountMapper(realm, hostEntityID);
            userID = spAcctMapper.getIdentity(mniRequest, hostEntityID, realm);
        }
        if (userID == null) {
            status = SAML2Utils.generateStatus(SAML2Constants.REQUESTER, SAML2Constants.UNKNOWN_PRINCIPAL, null);
        } else {
            status = processManageNameIDRequest(mniRequest, realm, hostEntityID, remoteEntityID, hostRole, userID);
        }
    } catch (Exception e) {
        if (debug.messageEnabled()) {
            debug.message("DoManageNameID.processManageNameIDRequest:", e);
        }
        status = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, e.toString());
    }
    ManageNameIDResponse mniResponse = null;
    try {
        String responseID = SAML2Utils.generateID();
        if (responseID == null) {
            debug.error(SAML2Utils.bundle.getString("failedToGenResponseID"));
        }
        mniResponse = pf.createManageNameIDResponse();
        mniResponse.setStatus(status);
        mniResponse.setID(responseID);
        mniResponse.setInResponseTo(mniRequest.getID());
        mniResponse.setVersion(SAML2Constants.VERSION_2_0);
        mniResponse.setIssueInstant(new Date());
        mniResponse.setIssuer(SAML2Utils.createIssuer(hostEntityID));
        if (destination != null && (destination.length() != 0)) {
            mniResponse.setDestination(XMLUtils.escapeSpecialCharacters(destination));
        }
    } catch (SAML2Exception e) {
        debug.error("Error : ", e);
    }
    if (hostRole.equalsIgnoreCase(SAML2Constants.SP_ROLE) && mniResponse.getStatus().getStatusCode().getValue().equals(SAML2Constants.SUCCESS)) {
        // invoke SPAdapter for post temination success
        postTerminationSuccess(hostEntityID, realm, request, response, userID, mniRequest, mniResponse, binding);
    }
    return mniResponse;
}
Also used : Status(com.sun.identity.saml2.protocol.Status) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) IDPAccountMapper(com.sun.identity.saml2.plugins.IDPAccountMapper) ManageNameIDResponse(com.sun.identity.saml2.protocol.ManageNameIDResponse) ServletException(javax.servlet.ServletException) SOAPException(javax.xml.soap.SOAPException) SessionException(com.sun.identity.plugin.session.SessionException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) IOException(java.io.IOException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Date(java.util.Date) SPAccountMapper(com.sun.identity.saml2.plugins.SPAccountMapper)

Aggregations

SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)13 ManageNameIDResponse (com.sun.identity.saml2.protocol.ManageNameIDResponse)8 SessionException (com.sun.identity.plugin.session.SessionException)7 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)5 SOAPException (javax.xml.soap.SOAPException)5 ManageNameIDRequest (com.sun.identity.saml2.protocol.ManageNameIDRequest)4 IOException (java.io.IOException)4 ServletException (javax.servlet.ServletException)4 Issuer (com.sun.identity.saml2.assertion.Issuer)3 ManageNameIDServiceElement (com.sun.identity.saml2.jaxb.metadata.ManageNameIDServiceElement)3 Element (org.w3c.dom.Element)3 AssertionFactory (com.sun.identity.saml2.assertion.AssertionFactory)2 IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)2 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)2 ProtocolFactory (com.sun.identity.saml2.protocol.ProtocolFactory)2 ByteArrayInputStream (java.io.ByteArrayInputStream)2 X509Certificate (java.security.cert.X509Certificate)2 SOAPMessage (javax.xml.soap.SOAPMessage)2 Document (org.w3c.dom.Document)2 Node (org.w3c.dom.Node)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial