Example 26 with Response
use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.
the class IDPProxyUtil method getNameIDFormat.
private static String getNameIDFormat(Response res) {
if (res == null) {
return null;
}
List assertions = res.getAssertion();
if ((assertions == null) || (assertions.size() == 0)) {
return null;
}
Assertion assertion = (Assertion) assertions.get(0);
Subject subject = assertion.getSubject();
if (subject == null) {
return null;
}
NameID nameID = subject.getNameID();
if (nameID == null) {
return null;
}
String format = nameID.getFormat();
return format;
}Example 27 with Response
use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.
the class DoManageNameID method signMNIResponse.
private static void signMNIResponse(ManageNameIDResponse mniResponse, String realm, String hostEntity, String hostEntityRole, String remoteEntity, boolean includeCert) throws SAML2Exception {
String method = "signMNIResponse : ";
boolean needResponseSign = false;
if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
needResponseSign = SAML2Utils.getWantMNIResponseSigned(realm, remoteEntity, SAML2Constants.SP_ROLE);
} else {
needResponseSign = SAML2Utils.getWantMNIResponseSigned(realm, remoteEntity, SAML2Constants.IDP_ROLE);
}
if (!needResponseSign) {
if (debug.messageEnabled()) {
debug.message(method + "MNIResponse doesn't need to be signed.");
}
return;
}
String alias = SAML2Utils.getSigningCertAlias(realm, hostEntity, hostEntityRole);
if (debug.messageEnabled()) {
debug.message(method + "realm is : " + realm);
debug.message(method + "hostEntity is : " + hostEntity);
debug.message(method + "Host Entity role is : " + hostEntityRole);
debug.message(method + "Cert Alias is : " + alias);
debug.message(method + "MNI Response before sign : " + mniResponse.toXMLString(true, true));
}
PrivateKey signingKey = keyProvider.getPrivateKey(alias);
X509Certificate signingCert = null;
if (includeCert) {
signingCert = keyProvider.getX509Certificate(alias);
}
if (signingKey != null) {
mniResponse.sign(signingKey, signingCert);
} else {
logError("missingSigningCertAlias", LogUtil.METADATA_ERROR, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("missingSigningCertAlias"));
}
if (debug.messageEnabled()) {
debug.message(method + "MNI Response after sign : " + mniResponse.toXMLString(true, true));
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
PrivateKey(java.security.PrivateKey)
X509Certificate(java.security.cert.X509Certificate)
Example 28 with Response
use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.
the class DoManageNameID method getMNIResponseFromPost.
static String getMNIResponseFromPost(String samlResponse, HttpServletResponse response) throws SAML2Exception {
if (samlResponse == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("missingSAMLResponse"));
}
ManageNameIDResponse resp = null;
ByteArrayInputStream bis = null;
try {
byte[] raw = Base64.decode(samlResponse);
if (raw != null) {
bis = new ByteArrayInputStream(raw);
Document doc = XMLUtils.toDOMDocument(bis, debug);
if (doc != null) {
resp = ProtocolFactory.getInstance().createManageNameIDResponse(doc.getDocumentElement());
}
}
} catch (SAML2Exception se) {
debug.error("DoManageNameID.getMNIResponseFromPost:", se);
throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlResponse"));
} catch (Exception e) {
debug.error("DoManageNameID.getMNIResponseFromPost:", e);
throw new SAML2Exception(SAML2Utils.bundle.getString("nullDecodedStrFromSamlResponse"));
} finally {
if (bis != null) {
try {
bis.close();
} catch (Exception ie) {
if (debug.messageEnabled()) {
debug.message("DoManageNameID.getMNIResponseFromPost:", ie);
}
}
}
}
String respStr = null;
if (resp != null) {
respStr = resp.toXMLString();
}
if (debug.messageEnabled()) {
debug.message("DoManageNameID.getMNIResponseFromPost: " + respStr);
}
return respStr;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Document(org.w3c.dom.Document)
ManageNameIDResponse(com.sun.identity.saml2.protocol.ManageNameIDResponse)
ServletException(javax.servlet.ServletException)
SOAPException(javax.xml.soap.SOAPException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
IOException(java.io.IOException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Example 29 with Response
use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.
the class DoManageNameID method initiateManageNameIDRequest.
/**
* Parses the request parameters and builds the ManageNameID
* Request to sent to remote Entity.
*
* @param request the HttpServletRequest.
* @param response the HttpServletResponse.
* @param metaAlias entityID of hosted entity.
* @param remoteEntityID entityID of remote entity.
* @param paramsMap Map of all other parameters.
* @throws SAML2Exception if error initiating request to remote entity.
*/
public static void initiateManageNameIDRequest(HttpServletRequest request, HttpServletResponse response, String metaAlias, String remoteEntityID, Map paramsMap) throws SAML2Exception {
String method = "DoManageNameID.initiateManageNameIDRequest: ";
if (metaManager == null) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("errorMetaManager"));
}
if (metaAlias == null) {
logError("MetaAliasNotFound", LogUtil.MISSING_META_ALIAS, metaAlias);
throw new SAML2Exception(SAML2Utils.bundle.getString("nullEntityID"));
}
if (remoteEntityID == null) {
logError("nullRemoteEntityID", LogUtil.MISSING_ENTITY, remoteEntityID);
throw new SAML2Exception(SAML2Utils.bundle.getString("nullRemoteEntityID"));
}
Object session = null;
try {
session = SessionManager.getProvider().getSession(request);
} catch (SessionException se) {
if (debug.messageEnabled()) {
debug.message(method, se);
}
}
String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
String hostEntityID = metaManager.getEntityByMetaAlias(metaAlias);
String hostEntityRole = SAML2Utils.getHostEntityRole(paramsMap);
if (session == null) {
if (debug.messageEnabled()) {
debug.message(method + "Session is missing." + "redirect to the authentication service");
}
// redirect to the authentication service
try {
SAML2Utils.redirectAuthentication(request, response, realm, hostEntityID, hostEntityRole);
} catch (IOException ioe) {
logError("UnableToRedirectToAuth", LogUtil.REDIRECT_TO_AUTH, null);
throw new SAML2Exception(ioe.toString());
}
return;
}
if (debug.messageEnabled()) {
debug.message(method + "Meta Alias is : " + metaAlias);
debug.message(method + "Remote EntityID is : " + remoteEntityID);
debug.message(method + "Host EntityID is : " + hostEntityID);
}
try {
String binding = SAML2Utils.getParameter(paramsMap, SAML2Constants.BINDING);
ManageNameIDServiceElement mniService = getMNIServiceElement(realm, remoteEntityID, hostEntityRole, binding);
if (binding == null) {
binding = mniService.getBinding();
}
if (binding == null) {
logError("UnableTofindBinding", LogUtil.METADATA_ERROR, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("UnableTofindBinding"));
}
String mniURL = null;
if (mniService != null) {
mniURL = mniService.getLocation();
}
if (mniURL == null) {
logError("mniServiceNotFound", LogUtil.METADATA_ERROR, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("mniServiceNotFound"));
}
String requestType = (String) paramsMap.get("requestType");
boolean changeID = "NewID".equals(requestType);
String affiliationID = SAML2Utils.getParameter(paramsMap, SAML2Constants.AFFILIATION_ID);
ManageNameIDRequest mniRequest = createManageNameIDRequest(session, realm, hostEntityID, hostEntityRole, remoteEntityID, mniURL, changeID, affiliationID);
String relayState = SAML2Utils.getParameter(paramsMap, SAML2Constants.RELAY_STATE);
if ((relayState == null) || (relayState.equals(""))) {
relayState = SAML2Utils.getAttributeValueFromSSOConfig(realm, hostEntityID, hostEntityRole, SAML2Constants.DEFAULT_RELAY_STATE);
}
// Validate the RelayState URL.
SAML2Utils.validateRelayStateURL(realm, hostEntityID, relayState, hostEntityRole);
mniRequest.setDestination(XMLUtils.escapeSpecialCharacters(mniURL));
saveMNIRequestInfo(request, response, paramsMap, mniRequest, relayState, hostEntityRole, session);
String mniRequestXMLString = null;
if (binding.equalsIgnoreCase(SAML2Constants.HTTP_REDIRECT)) {
mniRequestXMLString = mniRequest.toXMLString(true, true);
doMNIByHttpRedirect(mniRequestXMLString, mniURL, relayState, realm, hostEntityID, hostEntityRole, remoteEntityID, response);
} else if (binding.equalsIgnoreCase(SAML2Constants.SOAP)) {
signMNIRequest(mniRequest, realm, hostEntityID, hostEntityRole, remoteEntityID);
BaseConfigType config = null;
if (hostEntityRole.equalsIgnoreCase(SAML2Constants.SP_ROLE)) {
config = metaManager.getIDPSSOConfig(realm, remoteEntityID);
} else {
config = metaManager.getSPSSOConfig(realm, remoteEntityID);
}
mniURL = SAML2Utils.fillInBasicAuthInfo(config, mniURL);
if (!doMNIBySOAP(mniRequest, mniURL, metaAlias, hostEntityRole, request, response)) {
throw new SAML2Exception(SAML2Utils.bundle.getString("mniFailed"));
}
} else if (binding.equalsIgnoreCase(SAML2Constants.HTTP_POST)) {
signMNIRequest(mniRequest, realm, hostEntityID, hostEntityRole, remoteEntityID);
mniRequestXMLString = mniRequest.toXMLString(true, true);
doMNIByPOST(mniRequestXMLString, mniURL, relayState, realm, hostEntityID, hostEntityRole, remoteEntityID, response, request);
}
} catch (IOException ioe) {
logError("errorCreatingMNIRequest", LogUtil.CANNOT_INSTANTIATE_MNI_REQUEST, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("errorCreatingMNIRequest"));
} catch (SAML2MetaException sme) {
logError("metaDataError", LogUtil.METADATA_ERROR, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
} catch (SessionException ssoe) {
logError("invalidSSOToken", LogUtil.INVALID_SSOTOKEN, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSSOToken"));
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
ManageNameIDServiceElement(com.sun.identity.saml2.jaxb.metadata.ManageNameIDServiceElement)
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
ManageNameIDRequest(com.sun.identity.saml2.protocol.ManageNameIDRequest)
SessionException(com.sun.identity.plugin.session.SessionException)
IOException(java.io.IOException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Example 30 with Response
use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.
the class FSUtils method forwardRequest.
/**
* Forwards or redirects to a new URL. This method will do forwarding
* if the target url is in the same web deployment URI as current web
* apps. Otherwise will do redirecting.
* @param request HttpServletRequest
* @param response HttpServletResponse
* @param url the target URL to be forwarded to redirected.
*/
public static void forwardRequest(HttpServletRequest request, HttpServletResponse response, String url) {
FSUtils.debug.message("FSUtils.forwardRequest: called");
String newUrl = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
Object token = sessionProvider.getSession(request);
if ((token != null) && (sessionProvider.isValid(token))) {
newUrl = sessionProvider.rewriteURL(token, url);
}
} catch (Exception se) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSUtils.forwardReqeust: couldn't rewrite url: " + se.getMessage());
}
newUrl = null;
}
if (newUrl == null) {
newUrl = url;
}
try {
//get source host and port
String sourceHost = request.getServerName();
int sourcePort = request.getServerPort();
FSUtils.debug.message("FSUtils.forwardRequest: " + "SourceHost=" + sourceHost + " SourcePort=" + sourcePort);
//get target host and port
URL target = new URL(newUrl);
String targetHost = target.getHost();
int targetPort = target.getPort();
FSUtils.debug.message("FSUtils.forwardRequest: targetHost=" + targetHost + " targetPort=" + targetPort);
/**
* IBM websphere is not able to handle forwards with long urls.
*/
boolean isWebSphere = false;
String container = SystemConfigurationUtil.getProperty(Constants.IDENTITY_WEB_CONTAINER);
if (container != null && (container.indexOf("IBM") != -1)) {
isWebSphere = true;
}
int index = newUrl.indexOf(deploymentURI + "/");
if (!(sourceHost.equals(targetHost)) || !(sourcePort == targetPort) || !(index > 0) || isWebSphere) {
FSUtils.debug.message("FSUtils.forwardRequest: Source and " + "Target are not on the same container." + "Redirecting to target");
response.sendRedirect(newUrl);
return;
} else {
String resource = newUrl.substring(index + deploymentURI.length());
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSUtils.forwardRequest: Forwarding to :" + resource);
}
RequestDispatcher dispatcher = request.getRequestDispatcher(resource);
try {
dispatcher.forward(request, response);
} catch (Exception e) {
FSUtils.debug.error("FSUtils.forwardRequest: Exception " + "occured while trying to forward to resource:" + resource, e);
}
}
} catch (Exception ex) {
FSUtils.debug.error("FSUtils.forwardRequest: Exception occured", ex);
}
}
Also used :
ServletException(javax.servlet.ServletException)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
MissingResourceException(java.util.MissingResourceException)
IOException(java.io.IOException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
URL(java.net.URL)
RequestDispatcher(javax.servlet.RequestDispatcher)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)119
List (java.util.List)53
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)45
ArrayList (java.util.ArrayList)41
IOException (java.io.IOException)40
SessionException (com.sun.identity.plugin.session.SessionException)35
Response (com.sun.identity.saml2.protocol.Response)31
SOAPException (javax.xml.soap.SOAPException)31
Issuer (com.sun.identity.saml2.assertion.Issuer)28
HttpServletResponse (javax.servlet.http.HttpServletResponse)28
SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)25
Map (java.util.Map)24
Assertion (com.sun.identity.saml2.assertion.Assertion)23
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)23
SOAPMessage (javax.xml.soap.SOAPMessage)22
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)20
Date (java.util.Date)20
HashMap (java.util.HashMap)20
Element (org.w3c.dom.Element)20
X509Certificate (java.security.cert.X509Certificate)16
