Examples with Response com.sun.identity.saml2.protocol.Response used on opensource projects

Example 76 with Response

use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.

the class SPSingleLogoutServiceSOAP method doPost.

public void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    try {
        // handle DOS attack
        SAMLUtils.checkHTTPContentLength(req);
        // Get SP entity ID
        String spMetaAlias = SAML2MetaUtils.getMetaAliasByUri(req.getRequestURI());
        if (SPCache.isFedlet) {
            if ((spMetaAlias == null) || (spMetaAlias.length() == 0)) {
                // pick the first available one
                List spMetaAliases = SAML2Utils.getSAML2MetaManager().getAllHostedServiceProviderMetaAliases("/");
                if ((spMetaAliases != null) && !spMetaAliases.isEmpty()) {
                    // get first one
                    spMetaAlias = (String) spMetaAliases.get(0);
                }
            }
        }
        String spEntityID = SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(spMetaAlias);
        String realm = SAML2MetaUtils.getRealmByMetaAlias(spMetaAlias);
        if (!SAML2Utils.isSPProfileBindingSupported(realm, spEntityID, SAML2Constants.SLO_SERVICE, SAML2Constants.SOAP)) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("SPSLOSOAP.doPost : uri =" + req.getRequestURI() + ", spMetaAlias=" + spMetaAlias + ", spEntityID=" + spEntityID);
        }
        SOAPMessage msg = SOAPCommunicator.getInstance().getSOAPMessage(req);
        SOAPMessage reply = null;
        reply = onMessage(msg, req, resp, realm, spEntityID);
        if (reply != null) {
            // are generated as part of the save.
            if (reply.saveRequired()) {
                reply.saveChanges();
            }
            resp.setStatus(HttpServletResponse.SC_OK);
            SAML2Utils.putHeaders(reply.getMimeHeaders(), resp);
            // Write out the message on the response stream
            OutputStream os = resp.getOutputStream();
            reply.writeTo(os);
            os.flush();
        } else {
            // Form SOAP fault
            resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
        }
    } catch (SAML2Exception ex) {
        SAML2Utils.debug.error("SPSingleLogoutServiceSOAP", ex);
        SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "singleLogoutFailed", ex.getMessage());
        return;
    } catch (SOAPException soap) {
        SAML2Utils.debug.error("SPSingleLogoutServiceSOAP", soap);
        SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "singleLogoutFailed", soap.getMessage());
        return;
    }
}

Example 77 with Response

use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.

the class WSFederationUtils method processMultiProtocolLogout.

/**
     * Processes Single Logout cross multiple federation protocols
     * @param request HttpServletRequest object.
     * @param response HttpServletResponse object
     */
public static void processMultiProtocolLogout(HttpServletRequest request, HttpServletResponse response, Object userSession) {
    debug.message("WSFederationUtils.processMPSingleLogout");
    try {
        String wreply = (String) request.getAttribute(WSFederationConstants.LOGOUT_WREPLY);
        String realm = (String) request.getAttribute(WSFederationConstants.REALM_PARAM);
        String idpEntityId = (String) request.getAttribute(WSFederationConstants.ENTITYID_PARAM);
        Set sessSet = new HashSet();
        sessSet.add(userSession);
        String sessUser = SessionManager.getProvider().getPrincipalName(userSession);
        // assume WS-Federation logout always succeed as there is not
        // logout status from the specification
        SingleLogoutManager manager = SingleLogoutManager.getInstance();
        // TODO : find out spEntityID/logout request if any
        int status = manager.doIDPSingleLogout(sessSet, sessUser, request, response, false, true, SingleLogoutManager.WS_FED, realm, idpEntityId, null, wreply, null, null, SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS);
        if (status != SingleLogoutManager.LOGOUT_REDIRECTED_STATUS) {
            response.sendRedirect(wreply);
        }
    } catch (SessionException ex) {
        // ignore;
        debug.message("WSFederationUtils.processMultiProtocolLogout", ex);
    } catch (IOException ex) {
        // ignore;
        debug.message("WSFederationUtils.processMultiProtocolLogout", ex);
    } catch (Exception ex) {
        // ignore;
        debug.message("WSFederationUtils.processMultiProtocolLogout", ex);
    }
}

Example 78 with Response

use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.

the class QueryHandlerServlet method processXACMLResponse.

/**
     * Returns the received Response to the Requester.
     * Validates the message signature if signed and invokes the
     * Request Handler to pass the request for futher processing.
     *
     * @param realm realm of the entity.
     * @param pdpEntityID entity identifier of Policy Decision Point (PDP).
     * @param samlRequest the <code>RequestAbstract</code> object.
     * @param request the <code>HttpServletRequest</code> object.
     * @param soapMsg the <code>SOAPMessage</code> object.
     * @exception <code>SAML2Exception</code> if there is an error processing
     *            the request and returning a  response.
     */
Response processXACMLResponse(String realm, String pdpEntityID, RequestAbstract samlRequest, HttpServletRequest request, SOAPMessage soapMsg) throws SAML2Exception {
    String classMethod = "QueryHandlerServlet:processXACMLResponse";
    Response samlResponse = null;
    String path = request.getPathInfo();
    String key = path.substring(path.indexOf(METAALIAS_KEY) + 10);
    String pepEntityID = samlRequest.getIssuer().getValue();
    if (debug.messageEnabled()) {
        debug.message(classMethod + "SOAPMessage KEY . :" + key);
        debug.message(classMethod + "pepEntityID is :" + pepEntityID);
    }
    //Retreive metadata
    boolean pdpWantAuthzQuerySigned = SAML2Utils.getWantXACMLAuthzDecisionQuerySigned(realm, pdpEntityID, SAML2Constants.PDP_ROLE);
    if (debug.messageEnabled()) {
        debug.message(classMethod + "PDP wantAuthzQuerySigned:" + pdpWantAuthzQuerySigned);
    }
    if (pdpWantAuthzQuerySigned) {
        if (samlRequest.isSigned()) {
            XACMLAuthzDecisionQueryDescriptorElement pep = SAML2Utils.getSAML2MetaManager().getPolicyEnforcementPointDescriptor(realm, pepEntityID);
            Set<X509Certificate> verificationCerts = KeyUtil.getPEPVerificationCerts(pep, pepEntityID);
            if (verificationCerts.isEmpty() || !samlRequest.isSignatureValid(verificationCerts)) {
                // error
                debug.error(classMethod + "Invalid signature in message");
                throw new SAML2Exception("invalidQuerySignature");
            } else {
                debug.message(classMethod + "Valid signature found");
            }
        } else {
            debug.error("Request not signed");
            throw new SAML2Exception("nullSig");
        }
    }
    //getRequestHandlerClass
    RequestHandler handler = (RequestHandler) SOAPBindingService.handlers.get(key);
    if (handler != null) {
        if (debug.messageEnabled()) {
            debug.message(classMethod + "Found handler");
        }
        samlResponse = handler.handleQuery(pdpEntityID, pepEntityID, samlRequest, soapMsg);
        // set response attributes
        samlResponse.setID(SAML2Utils.generateID());
        samlResponse.setVersion(SAML2Constants.VERSION_2_0);
        samlResponse.setIssueInstant(new Date());
        Issuer issuer = AssertionFactory.getInstance().createIssuer();
        issuer.setValue(pdpEntityID);
        samlResponse.setIssuer(issuer);
        // end set Response Attributes
        //set Assertion attributes
        List assertionList = samlResponse.getAssertion();
        Assertion assertion = (Assertion) assertionList.get(0);
        assertion.setID(SAML2Utils.generateID());
        assertion.setVersion(SAML2Constants.VERSION_2_0);
        assertion.setIssueInstant(new Date());
        assertion.setIssuer(issuer);
        // end assertion set attributes
        // check if assertion needs to be encrypted,signed.
        String wantAssertionEncrypted = SAML2Utils.getAttributeValueFromXACMLConfig(realm, SAML2Constants.PEP_ROLE, pepEntityID, SAML2Constants.WANT_ASSERTION_ENCRYPTED);
        XACMLAuthzDecisionQueryDescriptorElement pepDescriptor = SAML2Utils.getSAML2MetaManager().getPolicyEnforcementPointDescriptor(realm, pepEntityID);
        EncInfo encInfo = null;
        boolean wantAssertionSigned = pepDescriptor.isWantAssertionsSigned();
        if (debug.messageEnabled()) {
            debug.message(classMethod + " wantAssertionSigned :" + wantAssertionSigned);
        }
        if (wantAssertionSigned) {
            signAssertion(realm, pdpEntityID, assertion);
        }
        if (wantAssertionEncrypted != null && wantAssertionEncrypted.equalsIgnoreCase(SAML2Constants.TRUE)) {
            encInfo = KeyUtil.getPEPEncInfo(pepDescriptor, pepEntityID);
            // encrypt the Assertion
            EncryptedAssertion encryptedAssertion = assertion.encrypt(encInfo.getWrappingKey(), encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength(), pepEntityID);
            if (encryptedAssertion == null) {
                debug.error(classMethod + "Assertion encryption failed.");
                throw new SAML2Exception("FailedToEncryptAssertion");
            }
            assertionList = new ArrayList();
            assertionList.add(encryptedAssertion);
            samlResponse.setEncryptedAssertion(assertionList);
            //reset Assertion list
            samlResponse.setAssertion(new ArrayList());
            if (debug.messageEnabled()) {
                debug.message(classMethod + "Assertion encrypted.");
            }
        } else {
            List assertionsList = new ArrayList();
            assertionsList.add(assertion);
            samlResponse.setAssertion(assertionsList);
        }
        signResponse(samlResponse, realm, pepEntityID, pdpEntityID);
    } else {
        // error -  missing request handler.
        debug.error(classMethod + "RequestHandler not found");
        throw new SAML2Exception("missingRequestHandler");
    }
    return samlResponse;
}

Example 79 with Response

use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method savehttpRedMni.

/**
     * Saves the Http-Redirect ManageNameID Service.
     *
     * @param mnihttpLocation is the location url.
     * @param mnihttpRespLocation is the response location url.
     * @param manageNameIdList the live list to be updated.
     * @param objFact the Object Factory class.
     * @throws JAXBException if save fails.
     */
private void savehttpRedMni(String mnihttpLocation, String mnihttpRespLocation, List manageNameIdList, com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact) throws JAXBException {
    if (mnihttpLocation != null && mnihttpLocation.length() > 0) {
        ManageNameIDServiceElement slsElemRed = objFact.createManageNameIDServiceElement();
        slsElemRed.setBinding(httpRedirectBinding);
        slsElemRed.setLocation(mnihttpLocation);
        slsElemRed.setResponseLocation(mnihttpRespLocation);
        manageNameIdList.add(slsElemRed);
    }
}

Example 80 with Response

use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.

the class SAMLv2ModelImpl method savehttpRedLogout.

/**
     * Saves the Http-Redirect Single Logout Service.
     *
     * @param lohttpLocation is the location url.
     * @param lohttpRespLocation is the response location url.
     * @param logList the live list to be updated.
     * @param objFact the Object Factory class.
     * @throws JAXBException if save fails.
     */
private void savehttpRedLogout(String lohttpLocation, String lohttpRespLocation, List logList, com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact) throws JAXBException {
    if (lohttpLocation != null && lohttpLocation.length() > 0) {
        SingleLogoutServiceElement slsElemRed = objFact.createSingleLogoutServiceElement();
        slsElemRed.setBinding(httpRedirectBinding);
        slsElemRed.setLocation(lohttpLocation);
        slsElemRed.setResponseLocation(lohttpRespLocation);
        logList.add(slsElemRed);
    }
}