Examples with Response com.sun.identity.saml2.protocol.Response used on opensource projects

Example 91 with Response

use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.

the class IDPSSOUtil method getAuthnStatement.

/**
     * Returns a <code>SAML AuthnStatement</code> object.
     *
     * @param request The HTTP request.
     * @param session The user's session.
     * @param isNewSessionIndex A returned flag from which the caller knows if the session index in the returned
     *                          <code>AuthnStatement</code> is a new session index.
     * @param authnReq The <code>AuthnRequest</code> object.
     * @param idpEntityID The entity ID of the identity provider.
     * @param realm The realm name.
     * @param matchingAuthnContext The <code>AuthnContext</code> used to find authentication type and scheme.
     * @return The <code>SAML AuthnStatement</code> object.
     * @throws SAML2Exception If the operation is not successful.
     */
private static AuthnStatement getAuthnStatement(HttpServletRequest request, Object session, NewBoolean isNewSessionIndex, AuthnRequest authnReq, String idpEntityID, String realm, AuthnContext matchingAuthnContext) throws SAML2Exception {
    String classMethod = "IDPSSOUtil.getAuthnStatement: ";
    AuthnStatement authnStatement = AssertionFactory.getInstance().createAuthnStatement();
    Date authInstant = null;
    // will be used when we add SubjectLocality to the statement
    try {
        String[] values = sessionProvider.getProperty(session, SessionProvider.AUTH_INSTANT);
        if (values != null && values.length != 0 && values[0] != null && values[0].length() != 0) {
            authInstant = DateUtils.stringToDate(values[0]);
        }
    } catch (Exception e) {
        SAML2Utils.debug.error(classMethod + "exception retrieving info from the session: ", e);
        throw new SAML2Exception(SAML2Utils.bundle.getString("errorGettingAuthnStatement"));
    }
    if (authInstant == null) {
        authInstant = new Date();
    }
    authnStatement.setAuthnInstant(authInstant);
    AuthnContext authnContext = matchingAuthnContext;
    if (authnContext == null) {
        String authLevel = null;
        try {
            String[] values = sessionProvider.getProperty(session, SessionProvider.AUTH_LEVEL);
            if (values != null && values.length != 0 && values[0] != null && values[0].length() != 0) {
                authLevel = values[0];
            }
        } catch (Exception e) {
            SAML2Utils.debug.error(classMethod + "exception retrieving auth level info from the session: ", e);
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorGettingAuthnStatement"));
        }
        IDPAuthnContextMapper idpAuthnContextMapper = getIDPAuthnContextMapper(realm, idpEntityID);
        authnContext = idpAuthnContextMapper.getAuthnContextFromAuthLevel(authLevel, realm, idpEntityID);
    }
    final Response idpResponse = (Response) request.getAttribute(SAML2Constants.SAML_PROXY_IDP_RESPONSE_KEY);
    if (idpResponse != null) {
        // IdP proxy case: we already received an assertion from the remote IdP and now the IdP proxy is generating
        // a new SAML response for the SP.
        Set<String> authenticatingAuthorities = new LinkedHashSet<String>();
        final List<Assertion> assertions = idpResponse.getAssertion();
        for (Assertion assertion : assertions) {
            authenticatingAuthorities.addAll(extractAuthenticatingAuthorities(assertion));
        }
        // According to SAML profile 4.1.4.2 each assertion within the SAML Response MUST have the same issuer, so
        // this should suffice. We should have at least one assertion, since the IdP proxy's SP already accepted it.
        authenticatingAuthorities.add(assertions.iterator().next().getIssuer().getValue());
        authnContext.setAuthenticatingAuthority(new ArrayList<String>(authenticatingAuthorities));
    }
    authnStatement.setAuthnContext(authnContext);
    String sessionIndex = getSessionIndex(session);
    if (sessionIndex == null) {
        // new sessionIndex
        sessionIndex = SAML2Utils.generateIDWithServerID();
        try {
            String[] values = { sessionIndex };
            sessionProvider.setProperty(session, SAML2Constants.IDP_SESSION_INDEX, values);
        } catch (SessionException e) {
            SAML2Utils.debug.error(classMethod + "error setting session index into the session: ", e);
            throw new SAML2Exception(SAML2Utils.bundle.getString("errorGettingAuthnStatement"));
        }
        isNewSessionIndex.setValue(true);
    } else {
        isNewSessionIndex.setValue(false);
    }
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message(classMethod + "SessionIndex (in AuthnStatement) =" + sessionIndex);
    }
    if (sessionIndex != null) {
        Set authContextSet = (HashSet) IDPCache.authnContextCache.get(sessionIndex);
        if (authContextSet == null || authContextSet.isEmpty()) {
            authContextSet = new HashSet();
        }
        authContextSet.add(authnContext);
        // cache the AuthContext to use in the case of session upgrade.
        IDPCache.authnContextCache.put(sessionIndex, authContextSet);
        authnStatement.setSessionIndex(sessionIndex);
    }
    return authnStatement;
}

Example 92 with Response

use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.

the class IDPSSOUtil method sendResponse.

/**
     * Sends a response to service provider
     *
     * @param request The servlet request.
     * @param response The servlet response.
     * @param out The print writer for writing out presentation.
     * @param cachedResID the key used to retrieve response information
     *                    from the response information cache
     * @throws SAML2Exception if the operation is not successful
     */
public static void sendResponse(HttpServletRequest request, HttpServletResponse response, PrintWriter out, String cachedResID) throws SAML2Exception {
    String classMethod = "IDPSSOUtil.sendResponse: ";
    ArrayList cacheList = (ArrayList) IDPCache.responseCache.remove(cachedResID);
    if ((cacheList != null) && (cacheList.size() == 9)) {
        String acsBinding = (String) cacheList.get(0);
        String spEntityID = (String) cacheList.get(1);
        String idpEntityID = (String) cacheList.get(2);
        String idpMetaAlias = (String) cacheList.get(3);
        String realm = (String) cacheList.get(4);
        String relayState = (String) cacheList.get(5);
        String acsURL = (String) cacheList.get(6);
        Response res = (Response) cacheList.get(7);
        Object session = cacheList.get(8);
        sendResponse(request, response, out, acsBinding, spEntityID, idpEntityID, idpMetaAlias, realm, relayState, acsURL, res, session);
    } else {
        SAML2Utils.debug.error(classMethod + "unable to get response information from cache.");
        throw new SAML2Exception(SAML2Utils.bundle.getString("UnableToGetResponseInfoFromCache"));
    }
}

Example 93 with Response

use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.

the class IDPProxyUtil method sendNoPassiveProxyResponse.

/**
     * Sends back a NoPassive response for the original AuthnRequest.
     *
     * @param request The request.
     * @param response The response.
     * @param out The print writer for writing out presentation.
     * @param requestID The requestID of the proxied AuthnRequest.
     * @param idpMetaAlias The IdP's metaAlias.
     * @param hostEntityID The IdP's entity ID.
     * @param realm The realm where the IdP belongs to.
     * @throws SAML2Exception If there was an error while sending the NoPassive response.
     */
public static void sendNoPassiveProxyResponse(HttpServletRequest request, HttpServletResponse response, PrintWriter out, String requestID, String idpMetaAlias, String hostEntityID, String realm) throws SAML2Exception {
    AuthnRequest origRequest = (AuthnRequest) IDPCache.proxySPAuthnReqCache.remove(requestID);
    String relayState = (String) IDPCache.relayStateCache.remove(origRequest.getID());
    IDPSSOUtil.sendNoPassiveResponse(request, response, out, idpMetaAlias, hostEntityID, realm, origRequest, relayState, origRequest.getIssuer().getValue());
}

Example 94 with Response

use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.

the class IDPProxyUtil method initiateSPLogoutRequest.

/**
     * Initiates the Single logout request by the IDP Proxy to the 
     * authenticating identity provider. 
     * @param request HttpServletRequest 
     * @param response HttpServletResponse
     * @param out The print writer for writing out presentation.
     * @param partner Authenticating identity provider 
     * @param spMetaAlias IDP proxy's meta alias acting as SP
     * @param realm Realm
     */
public static void initiateSPLogoutRequest(HttpServletRequest request, HttpServletResponse response, PrintWriter out, String partner, String spMetaAlias, String realm, LogoutRequest logoutReq, SOAPMessage msg, IDPSession idpSession, String binding, String relayState) {
    Object ssoToken = idpSession.getSession();
    try {
        if (ssoToken == null) {
            SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "nullSSOToken", SAML2Utils.bundle.getString("nullSSOToken"));
            return;
        }
        String[] values = SessionManager.getProvider().getProperty(ssoToken, SAML2Constants.SP_METAALIAS);
        String metaAlias = null;
        if (values != null && values.length > 0) {
            metaAlias = values[0];
        }
        if (metaAlias == null) {
            metaAlias = spMetaAlias;
        }
        HashMap paramsMap = new HashMap();
        paramsMap.put("spMetaAlias", metaAlias);
        paramsMap.put("idpEntityID", partner);
        paramsMap.put(SAML2Constants.ROLE, SAML2Constants.SP_ROLE);
        paramsMap.put(SAML2Constants.BINDING, binding);
        String dest = getLocation(realm, partner, binding);
        if (dest != null && !dest.equals("")) {
            paramsMap.put("Destination", dest);
        } else {
            throw new SAML2Exception(SAML2Utils.bundle.getString("sloResponseServiceLocationNotfound"));
        }
        paramsMap.put("Consent", request.getParameter("Consent"));
        paramsMap.put("Extension", request.getParameter("Extension"));
        if (relayState != null) {
            paramsMap.put(SAML2Constants.RELAY_STATE, relayState);
        }
        idpSession.removeSessionPartner(partner);
        SPSingleLogout.initiateLogoutRequest(request, response, out, binding, paramsMap, logoutReq, msg, ssoToken, null);
    } catch (SAML2Exception sse) {
        SAML2Utils.debug.error("Error sending Logout Request ", sse);
        try {
            SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "LogoutRequestCreationError", SAML2Utils.bundle.getString("LogoutRequestCreationError"));
        } catch (Exception se) {
            SAML2Utils.debug.error("IDPProxyUtil." + "initiateSPLogoutRequest: ", se);
        }
        return;
    } catch (Exception e) {
        SAML2Utils.debug.error("Error initializing Request ", e);
        try {
            SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "LogoutRequestCreationError", SAML2Utils.bundle.getString("LogoutRequestCreationError"));
        } catch (Exception mme) {
            SAML2Utils.debug.error("IDPProxyUtil." + "initiateSPLogoutRequest: ", mme);
        }
        return;
    }
}

Example 95 with Response

use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.

the class IDPProxyUtil method getPreferredIDP.

/**
     * Gets the preferred IDP Id to be proxied. This method makes use of an
     * SPI to determine the preferred IDP.
     * @param authnRequest original Authn Request.
     * @param hostedEntityId hosted provider ID 
     * @param realm Realm 
     * @param request HttpServletRequest
     * @param response HttpServletResponse 
     * @exception SAML2Exception for any SAML2 failure.
     * @return String Provider id of the preferred IDP to be proxied.
     */
public static String getPreferredIDP(AuthnRequest authnRequest, String hostedEntityId, String realm, HttpServletRequest request, HttpServletResponse response) throws SAML2Exception {
    SAML2IDPFinder proxyFinder = getIDPProxyFinder(realm, hostedEntityId);
    List idpProviderIDs = proxyFinder.getPreferredIDP(authnRequest, hostedEntityId, realm, request, response);
    if ((idpProviderIDs == null) || idpProviderIDs.isEmpty()) {
        return null;
    }
    return (String) idpProviderIDs.get(0);
}