Example 81 with Response
use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.
the class SAMLv2ModelImpl method savepostLogout.
/**
* Saves the Post Single Logout Service.
*
* @param postLocation is the location url.
* @param postRespLocation is the response location url.
* @param logList the live list to be updated.
* @param objFact the Object Factory class.
* @throws JAXBException if save fails.
*/
private void savepostLogout(String postLocation, String postRespLocation, List logList, com.sun.identity.saml2.jaxb.metadata.ObjectFactory objFact) throws JAXBException {
if (postLocation != null && postLocation.length() > 0) {
SingleLogoutServiceElement slsElemPost = objFact.createSingleLogoutServiceElement();
slsElemPost.setBinding(httpPostBinding);
slsElemPost.setLocation(postLocation);
slsElemPost.setResponseLocation(postRespLocation);
logList.add(slsElemPost);
}
}
Also used :
SingleLogoutServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement)
Example 82 with Response
use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.
the class XACMLAuthzDecisionQueryHandler method createSamlpResponse.
private com.sun.identity.saml2.protocol.Response createSamlpResponse(XACMLAuthzDecisionStatement statement, String statusCodeValue) throws XACMLException, SAML2Exception {
com.sun.identity.saml2.protocol.Response samlpResponse = ProtocolFactory.getInstance().createResponse();
samlpResponse.setID("response-id:1");
samlpResponse.setVersion("2.0");
samlpResponse.setIssueInstant(new Date());
com.sun.identity.saml2.protocol.StatusCode samlStatusCode = ProtocolFactory.getInstance().createStatusCode();
samlStatusCode.setValue(statusCodeValue);
com.sun.identity.saml2.protocol.Status samlStatus = ProtocolFactory.getInstance().createStatus();
samlStatus.setStatusCode(samlStatusCode);
samlpResponse.setStatus(samlStatus);
Assertion assertion = AssertionFactory.getInstance().createAssertion();
assertion.setVersion("2.0");
assertion.setID("response-id:1");
assertion.setIssueInstant(new Date());
Issuer issuer = AssertionFactory.getInstance().createIssuer();
issuer.setValue("issuer-1");
assertion.setIssuer(issuer);
List statements = new ArrayList();
statements.add(//add decisionstatement
statement.toXMLString(true, true));
assertion.setStatements(statements);
List assertions = new ArrayList();
assertions.add(assertion);
samlpResponse.setAssertion(assertions);
return samlpResponse;
}Example 83 with Response
use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.
the class SAML2Utils method getErrorResponse.
/**
* Returns a <code>SAML Response</code> object containing error status
*
* @param request the <code>RequestAbstract</code> object
* @param code the error code
* @param subCode teh second-level error code
* @param statusMsg the error message
* @param issuerEntityID the entity id of the issuer
* @return the <code>SAML Response</code> object containing error status
* @throws SAML2Exception if the operation is not successful
*/
public static Response getErrorResponse(RequestAbstract request, String code, String subCode, String statusMsg, String issuerEntityID) throws SAML2Exception {
String classMethod = "IDPSSOUtil.getErrorResponse: ";
Response errResp = ProtocolFactory.getInstance().createResponse();
errResp.setStatus(generateStatus(code, subCode, statusMsg));
String responseID = SAML2Utils.generateID();
if (responseID == null) {
debug.error("Unable to generate response ID.");
return null;
}
errResp.setID(responseID);
if (request != null) {
// sp initiated case, need to set InResponseTo attribute
errResp.setInResponseTo(request.getID());
}
errResp.setVersion(SAML2Constants.VERSION_2_0);
errResp.setIssueInstant(new Date());
// set the idp entity id as the response issuer
if (issuerEntityID != null) {
Issuer issuer = AssertionFactory.getInstance().createIssuer();
issuer.setValue(issuerEntityID);
errResp.setIssuer(issuer);
}
if (debug.messageEnabled()) {
debug.message(classMethod + "Error Response is : " + errResp.toXMLString());
}
return errResp;
}
Also used :
Response(com.sun.identity.saml2.protocol.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Issuer(com.sun.identity.saml2.assertion.Issuer)
Date(java.util.Date)
Example 84 with Response
use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.
the class SAML2Utils method isBearerSubjectConfirmation.
private static Map isBearerSubjectConfirmation(final List subjectConfirms, final String inRespToResponse, final SPSSODescriptorElement spDesc, final SPSSOConfigElement spConfig, final String assertionID) throws SAML2Exception {
String method = "SAML2Utils.isBearerSubjectConfirmation:";
Map retMap = new HashMap();
boolean hasBearer = false;
for (Iterator it = subjectConfirms.iterator(); it.hasNext(); ) {
SubjectConfirmation subjectConfirm = (SubjectConfirmation) it.next();
if (subjectConfirm == null || subjectConfirm.getMethod() == null || !subjectConfirm.getMethod().equals(SAML2Constants.SUBJECT_CONFIRMATION_METHOD_BEARER)) {
continue;
}
// since this is bearer SC, all below must be true
SubjectConfirmationData subjectConfData = subjectConfirm.getSubjectConfirmationData();
if (subjectConfData == null) {
if (debug.messageEnabled()) {
debug.message(method + "missing SubjectConfirmationData.");
}
String[] data = { assertionID };
LogUtil.error(Level.INFO, LogUtil.MISSING_SUBJECT_COMFIRMATION_DATA, data, null);
throw new SAML2Exception(bundle.getString("missingSubjectConfirmationData"));
}
String recipient = subjectConfData.getRecipient();
if (recipient == null || recipient.length() == 0) {
if (debug.messageEnabled()) {
debug.message(method + "missing Recipient in Assertion.");
}
String[] data = { assertionID };
LogUtil.error(Level.INFO, LogUtil.MISSING_RECIPIENT, data, null);
throw new SAML2Exception(bundle.getString("missingRecipient"));
}
boolean foundMatch = false;
Iterator acsIter = spDesc.getAssertionConsumerService().iterator();
while (acsIter.hasNext()) {
AssertionConsumerServiceElement acs = (AssertionConsumerServiceElement) acsIter.next();
if (recipient.equals(acs.getLocation())) {
foundMatch = true;
break;
}
}
if (!foundMatch) {
if (debug.messageEnabled()) {
debug.message(method + "this sp is not the intended " + "recipient.");
}
String[] data = { assertionID, recipient };
LogUtil.error(Level.INFO, LogUtil.WRONG_RECIPIENT, data, null);
throw new SAML2Exception(bundle.getString("wrongRecipient"));
}
// in seconds
int timeskew = SAML2Constants.ASSERTION_TIME_SKEW_DEFAULT;
String timeskewStr = getAttributeValueFromSPSSOConfig(spConfig, SAML2Constants.ASSERTION_TIME_SKEW);
if (timeskewStr != null && timeskewStr.trim().length() > 0) {
timeskew = Integer.parseInt(timeskewStr);
if (timeskew < 0) {
timeskew = SAML2Constants.ASSERTION_TIME_SKEW_DEFAULT;
}
}
if (debug.messageEnabled()) {
debug.message(method + "timeskew = " + timeskew);
}
Date notOnOrAfter = subjectConfData.getNotOnOrAfter();
if (notOnOrAfter == null || ((notOnOrAfter.getTime() + timeskew * 1000) < System.currentTimeMillis())) {
if (debug.messageEnabled()) {
debug.message(method + "Time in SubjectConfirmationData of " + "Assertion:" + assertionID + " is invalid.");
}
String[] data = { assertionID };
LogUtil.error(Level.INFO, LogUtil.INVALID_TIME_SUBJECT_CONFIRMATION_DATA, data, null);
throw new SAML2Exception(bundle.getString("invalidTimeOnSubjectConfirmationData"));
}
retMap.put(SAML2Constants.NOTONORAFTER, notOnOrAfter);
Date notBefore = subjectConfData.getNotBefore();
if (notBefore != null) {
if ((notBefore.getTime() + timeskew * 1000) > System.currentTimeMillis()) {
if (debug.messageEnabled()) {
debug.message(method + "SubjectConfirmationData included " + "NotBefore.");
}
String[] data = { assertionID };
LogUtil.error(Level.INFO, LogUtil.CONTAINED_NOT_BEFORE, data, null);
throw new SAML2Exception(bundle.getString("containedNotBefore"));
}
}
retMap.put(SAML2Constants.NOTBEFORE, notBefore);
String inRespTo = subjectConfData.getInResponseTo();
if (inRespTo != null && inRespTo.length() != 0) {
if (!inRespTo.equals(inRespToResponse)) {
if (debug.messageEnabled()) {
debug.message(method + "InResponseTo in Assertion is " + "different from the one in Response.");
}
String[] data = { assertionID };
LogUtil.error(Level.INFO, LogUtil.WRONG_INRESPONSETO_ASSERTION, data, null);
throw new SAML2Exception(bundle.getString("wrongInResponseToInAssertion"));
}
} else {
if (inRespToResponse != null && inRespToResponse.length() != 0) {
if (debug.messageEnabled()) {
debug.message(method + "Assertion doesn't contain " + "InResponseTo, but Response does.");
}
String[] data = { assertionID };
LogUtil.error(Level.INFO, LogUtil.WRONG_INRESPONSETO_ASSERTION, data, null);
throw new SAML2Exception(bundle.getString("wrongInResponseToInAssertion"));
}
}
hasBearer = true;
break;
}
retMap.put(SAML2Constants.IS_BEARER, Boolean.valueOf(hasBearer));
return retMap;
}
Also used :
SubjectConfirmation(com.sun.identity.saml2.assertion.SubjectConfirmation)
HashMap(java.util.HashMap)
Iterator(java.util.Iterator)
AssertionConsumerServiceElement(com.sun.identity.saml2.jaxb.metadata.AssertionConsumerServiceElement)
SubjectConfirmationData(com.sun.identity.saml2.assertion.SubjectConfirmationData)
Map(java.util.Map)
HashMap(java.util.HashMap)
Date(java.util.Date)
Example 85 with Response
use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.
the class DoManageNameID method doMNIBySOAP.
private static boolean doMNIBySOAP(ManageNameIDRequest mniRequest, String mniURL, String metaAlias, String hostRole, HttpServletRequest request, HttpServletResponse response) throws SAML2Exception {
String method = "doMNIBySOAP: ";
boolean success = false;
String mniRequestXMLString = mniRequest.toXMLString(true, true);
if (debug.messageEnabled()) {
debug.message(method + "MNIRequestXMLString : " + mniRequestXMLString);
debug.message(method + "MNIRedirectURL : " + mniURL);
}
SOAPMessage resMsg = null;
try {
resMsg = SOAPCommunicator.getInstance().sendSOAPMessage(mniRequestXMLString, mniURL, true);
} catch (SOAPException se) {
debug.error(SAML2Utils.bundle.getString("invalidSOAPMessge"), se);
return false;
}
Element mniRespElem = SOAPCommunicator.getInstance().getSamlpElement(resMsg, "ManageNameIDResponse");
ManageNameIDResponse mniResponse = mniResponse = pf.createManageNameIDResponse(mniRespElem);
if (debug.messageEnabled()) {
if (mniResponse != null) {
debug.message(method + "ManageNameIDResponse without " + "SOAP envelope:\n" + mniResponse.toXMLString());
} else {
debug.message(method + "ManageNameIDResponse is null ");
}
}
if (mniResponse != null) {
try {
String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
String hostEntityID = metaManager.getEntityByMetaAlias(metaAlias);
String remoteEntityID = mniResponse.getIssuer().getValue();
Issuer resIssuer = mniResponse.getIssuer();
String requestId = mniResponse.getInResponseTo();
SAML2Utils.verifyResponseIssuer(realm, hostEntityID, resIssuer, requestId);
boolean validSign = verifyMNIResponse(mniResponse, realm, remoteEntityID, hostEntityID, hostRole, mniResponse.getDestination());
if (!validSign) {
logError("invalidSignInResponse", LogUtil.CANNOT_INSTANTIATE_MNI_RESPONSE, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInResponse"));
}
StringBuffer mniUserId = new StringBuffer();
success = checkMNIResponse(mniResponse, realm, hostEntityID, hostRole, mniUserId);
if (success && hostRole.equals(SAML2Constants.SP_ROLE)) {
// invoke SPAdapter for termination success, SP initied SOAP
postTerminationSuccess(hostEntityID, realm, request, response, mniUserId.toString(), mniRequest, mniResponse, SAML2Constants.SOAP);
}
} catch (SessionException e) {
debug.error(SAML2Utils.bundle.getString("invalidSSOToken"), e);
throw new SAML2Exception(e.toString());
}
}
if (debug.messageEnabled()) {
debug.message(method + "Request success : " + success);
}
return success;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Issuer(com.sun.identity.saml2.assertion.Issuer)
SOAPException(javax.xml.soap.SOAPException)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
ManageNameIDServiceElement(com.sun.identity.saml2.jaxb.metadata.ManageNameIDServiceElement)
Element(org.w3c.dom.Element)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
SessionException(com.sun.identity.plugin.session.SessionException)
SOAPMessage(javax.xml.soap.SOAPMessage)
ManageNameIDResponse(com.sun.identity.saml2.protocol.ManageNameIDResponse)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)119
List (java.util.List)53
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)45
ArrayList (java.util.ArrayList)41
IOException (java.io.IOException)40
SessionException (com.sun.identity.plugin.session.SessionException)35
Response (com.sun.identity.saml2.protocol.Response)31
SOAPException (javax.xml.soap.SOAPException)31
Issuer (com.sun.identity.saml2.assertion.Issuer)28
HttpServletResponse (javax.servlet.http.HttpServletResponse)28
SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)25
Map (java.util.Map)24
Assertion (com.sun.identity.saml2.assertion.Assertion)23
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)23
SOAPMessage (javax.xml.soap.SOAPMessage)22
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)20
Date (java.util.Date)20
HashMap (java.util.HashMap)20
Element (org.w3c.dom.Element)20
X509Certificate (java.security.cert.X509Certificate)16
