use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.
the class SPSingleLogoutServiceSOAP method doPost.
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
try {
// handle DOS attack
SAMLUtils.checkHTTPContentLength(req);
// Get SP entity ID
String spMetaAlias = SAML2MetaUtils.getMetaAliasByUri(req.getRequestURI());
if (SPCache.isFedlet) {
if ((spMetaAlias == null) || (spMetaAlias.length() == 0)) {
// pick the first available one
List spMetaAliases = SAML2Utils.getSAML2MetaManager().getAllHostedServiceProviderMetaAliases("/");
if ((spMetaAliases != null) && !spMetaAliases.isEmpty()) {
// get first one
spMetaAlias = (String) spMetaAliases.get(0);
}
}
}
String spEntityID = SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(spMetaAlias);
String realm = SAML2MetaUtils.getRealmByMetaAlias(spMetaAlias);
if (!SAML2Utils.isSPProfileBindingSupported(realm, spEntityID, SAML2Constants.SLO_SERVICE, SAML2Constants.SOAP)) {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("SPSLOSOAP.doPost : uri =" + req.getRequestURI() + ", spMetaAlias=" + spMetaAlias + ", spEntityID=" + spEntityID);
}
SOAPMessage msg = SOAPCommunicator.getInstance().getSOAPMessage(req);
SOAPMessage reply = null;
reply = onMessage(msg, req, resp, realm, spEntityID);
if (reply != null) {
// are generated as part of the save.
if (reply.saveRequired()) {
reply.saveChanges();
}
resp.setStatus(HttpServletResponse.SC_OK);
SAML2Utils.putHeaders(reply.getMimeHeaders(), resp);
// Write out the message on the response stream
OutputStream os = resp.getOutputStream();
reply.writeTo(os);
os.flush();
} else {
// Form SOAP fault
resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
}
} catch (SAML2Exception ex) {
SAML2Utils.debug.error("SPSingleLogoutServiceSOAP", ex);
SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "singleLogoutFailed", ex.getMessage());
return;
} catch (SOAPException soap) {
SAML2Utils.debug.error("SPSingleLogoutServiceSOAP", soap);
SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "singleLogoutFailed", soap.getMessage());
return;
}
}
use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.
the class WSFederationUtils method processMultiProtocolLogout.
/**
* Processes Single Logout cross multiple federation protocols
* @param request HttpServletRequest object.
* @param response HttpServletResponse object
*/
public static void processMultiProtocolLogout(HttpServletRequest request, HttpServletResponse response, Object userSession) {
debug.message("WSFederationUtils.processMPSingleLogout");
try {
String wreply = (String) request.getAttribute(WSFederationConstants.LOGOUT_WREPLY);
String realm = (String) request.getAttribute(WSFederationConstants.REALM_PARAM);
String idpEntityId = (String) request.getAttribute(WSFederationConstants.ENTITYID_PARAM);
Set sessSet = new HashSet();
sessSet.add(userSession);
String sessUser = SessionManager.getProvider().getPrincipalName(userSession);
// assume WS-Federation logout always succeed as there is not
// logout status from the specification
SingleLogoutManager manager = SingleLogoutManager.getInstance();
// TODO : find out spEntityID/logout request if any
int status = manager.doIDPSingleLogout(sessSet, sessUser, request, response, false, true, SingleLogoutManager.WS_FED, realm, idpEntityId, null, wreply, null, null, SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS);
if (status != SingleLogoutManager.LOGOUT_REDIRECTED_STATUS) {
response.sendRedirect(wreply);
}
} catch (SessionException ex) {
// ignore;
debug.message("WSFederationUtils.processMultiProtocolLogout", ex);
} catch (IOException ex) {
// ignore;
debug.message("WSFederationUtils.processMultiProtocolLogout", ex);
} catch (Exception ex) {
// ignore;
debug.message("WSFederationUtils.processMultiProtocolLogout", ex);
}
}
use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.
the class QueryHandlerServlet method processXACMLResponse.
/**
* Returns the received Response to the Requester.
* Validates the message signature if signed and invokes the
* Request Handler to pass the request for futher processing.
*
* @param realm realm of the entity.
* @param pdpEntityID entity identifier of Policy Decision Point (PDP).
* @param samlRequest the <code>RequestAbstract</code> object.
* @param request the <code>HttpServletRequest</code> object.
* @param soapMsg the <code>SOAPMessage</code> object.
* @exception <code>SAML2Exception</code> if there is an error processing
* the request and returning a response.
*/
Response processXACMLResponse(String realm, String pdpEntityID, RequestAbstract samlRequest, HttpServletRequest request, SOAPMessage soapMsg) throws SAML2Exception {
String classMethod = "QueryHandlerServlet:processXACMLResponse";
Response samlResponse = null;
String path = request.getPathInfo();
String key = path.substring(path.indexOf(METAALIAS_KEY) + 10);
String pepEntityID = samlRequest.getIssuer().getValue();
if (debug.messageEnabled()) {
debug.message(classMethod + "SOAPMessage KEY . :" + key);
debug.message(classMethod + "pepEntityID is :" + pepEntityID);
}
//Retreive metadata
boolean pdpWantAuthzQuerySigned = SAML2Utils.getWantXACMLAuthzDecisionQuerySigned(realm, pdpEntityID, SAML2Constants.PDP_ROLE);
if (debug.messageEnabled()) {
debug.message(classMethod + "PDP wantAuthzQuerySigned:" + pdpWantAuthzQuerySigned);
}
if (pdpWantAuthzQuerySigned) {
if (samlRequest.isSigned()) {
XACMLAuthzDecisionQueryDescriptorElement pep = SAML2Utils.getSAML2MetaManager().getPolicyEnforcementPointDescriptor(realm, pepEntityID);
Set<X509Certificate> verificationCerts = KeyUtil.getPEPVerificationCerts(pep, pepEntityID);
if (verificationCerts.isEmpty() || !samlRequest.isSignatureValid(verificationCerts)) {
// error
debug.error(classMethod + "Invalid signature in message");
throw new SAML2Exception("invalidQuerySignature");
} else {
debug.message(classMethod + "Valid signature found");
}
} else {
debug.error("Request not signed");
throw new SAML2Exception("nullSig");
}
}
//getRequestHandlerClass
RequestHandler handler = (RequestHandler) SOAPBindingService.handlers.get(key);
if (handler != null) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Found handler");
}
samlResponse = handler.handleQuery(pdpEntityID, pepEntityID, samlRequest, soapMsg);
// set response attributes
samlResponse.setID(SAML2Utils.generateID());
samlResponse.setVersion(SAML2Constants.VERSION_2_0);
samlResponse.setIssueInstant(new Date());
Issuer issuer = AssertionFactory.getInstance().createIssuer();
issuer.setValue(pdpEntityID);
samlResponse.setIssuer(issuer);
// end set Response Attributes
//set Assertion attributes
List assertionList = samlResponse.getAssertion();
Assertion assertion = (Assertion) assertionList.get(0);
assertion.setID(SAML2Utils.generateID());
assertion.setVersion(SAML2Constants.VERSION_2_0);
assertion.setIssueInstant(new Date());
assertion.setIssuer(issuer);
// end assertion set attributes
// check if assertion needs to be encrypted,signed.
String wantAssertionEncrypted = SAML2Utils.getAttributeValueFromXACMLConfig(realm, SAML2Constants.PEP_ROLE, pepEntityID, SAML2Constants.WANT_ASSERTION_ENCRYPTED);
XACMLAuthzDecisionQueryDescriptorElement pepDescriptor = SAML2Utils.getSAML2MetaManager().getPolicyEnforcementPointDescriptor(realm, pepEntityID);
EncInfo encInfo = null;
boolean wantAssertionSigned = pepDescriptor.isWantAssertionsSigned();
if (debug.messageEnabled()) {
debug.message(classMethod + " wantAssertionSigned :" + wantAssertionSigned);
}
if (wantAssertionSigned) {
signAssertion(realm, pdpEntityID, assertion);
}
if (wantAssertionEncrypted != null && wantAssertionEncrypted.equalsIgnoreCase(SAML2Constants.TRUE)) {
encInfo = KeyUtil.getPEPEncInfo(pepDescriptor, pepEntityID);
// encrypt the Assertion
EncryptedAssertion encryptedAssertion = assertion.encrypt(encInfo.getWrappingKey(), encInfo.getDataEncAlgorithm(), encInfo.getDataEncStrength(), pepEntityID);
if (encryptedAssertion == null) {
debug.error(classMethod + "Assertion encryption failed.");
throw new SAML2Exception("FailedToEncryptAssertion");
}
assertionList = new ArrayList();
assertionList.add(encryptedAssertion);
samlResponse.setEncryptedAssertion(assertionList);
//reset Assertion list
samlResponse.setAssertion(new ArrayList());
if (debug.messageEnabled()) {
debug.message(classMethod + "Assertion encrypted.");
}
} else {
List assertionsList = new ArrayList();
assertionsList.add(assertion);
samlResponse.setAssertion(assertionsList);
}
signResponse(samlResponse, realm, pepEntityID, pdpEntityID);
} else {
// error - missing request handler.
debug.error(classMethod + "RequestHandler not found");
throw new SAML2Exception("missingRequestHandler");
}
return samlResponse;
}
use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method savehttpRedMni.
/**
* Saves the Http-Redirect ManageNameID Service.
*
* @param mnihttpLocation is the location url.
* @param mnihttpRespLocation is the response location url.
* @param manageNameIdList the live list to be updated.
* @param objFact the Object Factory class.
* @throws JAXBException if save fails.
*/
private void savehttpRedMni(String mnihttpLocation, String mnihttpRespLocation, List manageNameIdList, com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact) throws JAXBException {
if (mnihttpLocation != null && mnihttpLocation.length() > 0) {
ManageNameIDServiceElement slsElemRed = objFact.createManageNameIDServiceElement();
slsElemRed.setBinding(httpRedirectBinding);
slsElemRed.setLocation(mnihttpLocation);
slsElemRed.setResponseLocation(mnihttpRespLocation);
manageNameIdList.add(slsElemRed);
}
}
use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method savehttpRedLogout.
/**
* Saves the Http-Redirect Single Logout Service.
*
* @param lohttpLocation is the location url.
* @param lohttpRespLocation is the response location url.
* @param logList the live list to be updated.
* @param objFact the Object Factory class.
* @throws JAXBException if save fails.
*/
private void savehttpRedLogout(String lohttpLocation, String lohttpRespLocation, List logList, com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact) throws JAXBException {
if (lohttpLocation != null && lohttpLocation.length() > 0) {
SingleLogoutServiceElement slsElemRed = objFact.createSingleLogoutServiceElement();
slsElemRed.setBinding(httpRedirectBinding);
slsElemRed.setLocation(lohttpLocation);
slsElemRed.setResponseLocation(lohttpRespLocation);
logList.add(slsElemRed);
}
}
Aggregations