Example 41 with Response
use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.
the class ResponseImpl method parseElement.
private void parseElement(Element element) throws SAML2Exception {
// make sure that the input xml block is not null
if (element == null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ResponseImpl.parseElement: " + "element input is null.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
}
// Make sure this is an Response.
String tag = null;
tag = element.getLocalName();
if ((tag == null) || (!tag.equals("Response"))) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ResponseImpl.parseElement: " + "not Response.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("wrongInput"));
}
// handle the attributes of <Response> element
NamedNodeMap atts = ((Node) element).getAttributes();
if (atts != null) {
int length = atts.getLength();
for (int i = 0; i < length; i++) {
Attr attr = (Attr) atts.item(i);
String attrName = attr.getName();
String attrValue = attr.getValue().trim();
if (attrName.equals("ID")) {
responseId = attrValue;
} else if (attrName.equals("InResponseTo")) {
inResponseTo = attrValue;
} else if (attrName.equals("Version")) {
version = attrValue;
} else if (attrName.equals("IssueInstant")) {
try {
issueInstant = DateUtils.stringToDate(attrValue);
} catch (ParseException pe) {
throw new SAML2Exception(pe.getMessage());
}
} else if (attrName.equals("Destination")) {
destination = attrValue;
} else if (attrName.equals("Consent")) {
consent = attrValue;
}
}
}
// handle child elements
NodeList nl = element.getChildNodes();
Node child;
String childName;
int length = nl.getLength();
for (int i = 0; i < length; i++) {
child = nl.item(i);
if ((childName = child.getLocalName()) != null) {
if (childName.equals("Issuer")) {
if (issuer != null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ResponseImpl.parse" + "Element: included more than one Issuer.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("moreElement"));
}
if (signatureString != null || extensions != null || status != null || assertions != null || encAssertions != null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ResponseImpl.parse" + "Element:wrong sequence.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("schemaViolation"));
}
issuer = AssertionFactory.getInstance().createIssuer((Element) child);
} else if (childName.equals("Signature")) {
if (signatureString != null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ResponseImpl.parse" + "Element:included more than one Signature.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("moreElement"));
}
if (extensions != null || status != null || assertions != null || encAssertions != null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ResponseImpl.parse" + "Element:wrong sequence.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("schemaViolation"));
}
signatureString = XMLUtils.print((Element) child, "UTF-8");
isSigned = true;
} else if (childName.equals("Extensions")) {
if (extensions != null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ResponseImpl.parse" + "Element:included more than one Extensions.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("moreElement"));
}
if (status != null || assertions != null || encAssertions != null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ResponseImpl.parse" + "Element:wrong sequence.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("schemaViolation"));
}
extensions = ProtocolFactory.getInstance().createExtensions((Element) child);
} else if (childName.equals("Status")) {
if (status != null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ResponseImpl.parse" + "Element: included more than one Status.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("moreElement"));
}
if (assertions != null || encAssertions != null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ResponseImpl.parse" + "Element:wrong sequence.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("schemaViolation"));
}
status = ProtocolFactory.getInstance().createStatus((Element) child);
} else if (childName.equals("Assertion")) {
if (assertions == null) {
assertions = new ArrayList();
}
Element canoEle = SAMLUtils.getCanonicalElement(child);
if (canoEle == null) {
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("errorCanonical"));
}
assertions.add(AssertionFactory.getInstance().createAssertion(canoEle));
} else if (childName.equals("EncryptedAssertion")) {
if (encAssertions == null) {
encAssertions = new ArrayList();
}
encAssertions.add(AssertionFactory.getInstance().createEncryptedAssertion((Element) child));
} else {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ResponseImpl.parse" + "Element: Invalid element:" + childName);
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("invalidElement"));
}
}
}
super.validateData();
if (assertions != null) {
Iterator iter = assertions.iterator();
while (iter.hasNext()) {
((Assertion) iter.next()).makeImmutable();
}
assertions = Collections.unmodifiableList(assertions);
}
if (encAssertions != null) {
encAssertions = Collections.unmodifiableList(encAssertions);
}
isMutable = false;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
NamedNodeMap(org.w3c.dom.NamedNodeMap)
Node(org.w3c.dom.Node)
NodeList(org.w3c.dom.NodeList)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
Iterator(java.util.Iterator)
EncryptedAssertion(com.sun.identity.saml2.assertion.EncryptedAssertion)
Assertion(com.sun.identity.saml2.assertion.Assertion)
ParseException(java.text.ParseException)
Attr(org.w3c.dom.Attr)
Example 42 with Response
use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.
the class IDPSingleLogoutServiceSOAP method onMessage.
/**
* Process the incoming SOAP message containing the LogoutRequest and
* generates outgoing SOAP message containing the LogoutResponse on IDP
* side.
* @param message incoming SOAP message.
* @param request HTTP servlet request.
* @param response HTTP servlet response.
* @param idpEntityID Entity ID of the hosted IDP.
* @param realm realm of this hosted IDP.
* @return SOAP message containing the outgoing LogoutResponse.
*/
public SOAPMessage onMessage(SOAPMessage message, HttpServletRequest request, HttpServletResponse response, String idpEntityID, String realm) {
SAML2Utils.debug.message("IDPSingleLogoutServiceSOAP.onMessage: init");
// get LogoutRequest element from SOAP message
LogoutRequest logoutReq = null;
try {
Element reqElem = SOAPCommunicator.getInstance().getSamlpElement(message, "LogoutRequest");
logoutReq = ProtocolFactory.getInstance().createLogoutRequest(reqElem);
// delay the signature until this server finds the session
} catch (SAML2Exception se) {
SAML2Utils.debug.error("IDPSingleLogoutServiceSOAP.onMessage: " + "unable to get LogoutRequest from message", se);
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "errorLogoutRequest", se.getMessage());
}
if (logoutReq == null) {
SAML2Utils.debug.error("IDPSingleLogoutServiceSOAP.onMessage: " + "LogoutRequest is null");
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "nullLogoutRequest", null);
}
LogoutResponse loRes = null;
try {
// process LogoutRequestElement
loRes = IDPSingleLogout.processLogoutRequest(logoutReq, request, response, SAML2Constants.SOAP, null, idpEntityID, realm, false);
LogoutUtil.signSLOResponse(loRes, realm, idpEntityID, SAML2Constants.IDP_ROLE, logoutReq.getIssuer().getValue());
} catch (SAML2Exception e) {
SAML2Utils.debug.error("IDPSingleLogoutServiceSOAP.onMessage;", e);
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "errorLogoutResponse", e.getMessage());
}
if (loRes == null) {
SAML2Utils.debug.error("IDPSingleLogoutServiceSOAP.onMessage: " + "LogoutResponse is null");
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "errorLogoutResponse", null);
}
SOAPMessage msg = null;
try {
msg = SOAPCommunicator.getInstance().createSOAPMessage(loRes.toXMLString(true, true), false);
} catch (SAML2Exception se) {
SAML2Utils.debug.error("IDPSingleLogoutServiceSOAP.onMessage: " + "Unable to create SOAP message:", se);
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "errorLogoutResponseSOAP", se.getMessage());
} catch (SOAPException ex) {
SAML2Utils.debug.error("IDPSingleLogoutServiceSOAP.onMessage: " + "Unable to create SOAP message:", ex);
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "errorLogoutResponseSOAP", ex.getMessage());
}
return msg;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
LogoutResponse(com.sun.identity.saml2.protocol.LogoutResponse)
Element(org.w3c.dom.Element)
SOAPException(javax.xml.soap.SOAPException)
LogoutRequest(com.sun.identity.saml2.protocol.LogoutRequest)
SOAPMessage(javax.xml.soap.SOAPMessage)
Example 43 with Response
use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.
the class IDPSingleLogoutServiceSOAP method doPost.
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
try {
// handle DOS attack
SAMLUtils.checkHTTPContentLength(req);
// Get IDP entity ID
String idpMetaAlias = SAML2MetaUtils.getMetaAliasByUri(req.getRequestURI());
String idpEntityID = SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(idpMetaAlias);
String realm = SAML2MetaUtils.getRealmByMetaAlias(idpMetaAlias);
if (!SAML2Utils.isIDPProfileBindingSupported(realm, idpEntityID, SAML2Constants.SLO_SERVICE, SAML2Constants.SOAP)) {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("IDPSLOSOAP.doPost : uri =" + req.getRequestURI() + ", idpMetaAlias=" + idpMetaAlias + ", idpEntityID=" + idpEntityID);
}
SOAPMessage msg = SOAPCommunicator.getInstance().getSOAPMessage(req);
Map aMap = IDPProxyUtil.getSessionPartners(msg);
List partners = (List) aMap.get(SAML2Constants.PARTNERS);
SOAPMessage reply = null;
reply = onMessage(msg, req, resp, idpEntityID, realm);
if (reply != null) {
// IDP Proxy case
if (partners != null && (!partners.isEmpty())) {
Element reqElem = SOAPCommunicator.getInstance().getSamlpElement(msg, "LogoutRequest");
LogoutRequest logoutReq = ProtocolFactory.getInstance().createLogoutRequest(reqElem);
IDPCache.SOAPMessageByLogoutRequestID.put(logoutReq.getID(), reply);
IDPProxyUtil.sendProxyLogoutRequestSOAP(req, resp, resp.getWriter(), reply, partners, (IDPSession) aMap.get(SAML2Constants.IDP_SESSION));
} else {
if (reply.saveRequired()) {
reply.saveChanges();
}
resp.setStatus(HttpServletResponse.SC_OK);
SAML2Utils.putHeaders(reply.getMimeHeaders(), resp);
// Write out the message on the response stream
OutputStream os = resp.getOutputStream();
reply.writeTo(os);
os.flush();
}
} else {
resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
}
} catch (SAML2Exception ex) {
SAML2Utils.debug.error("IDPSingleLogoutServiceSOAP", ex);
SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "singleLogoutFailed", ex.getMessage());
return;
} catch (SOAPException soap) {
SAML2Utils.debug.error("IDPSingleLogoutServiceSOAP", soap);
SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "singleLogoutFailed", soap.getMessage());
return;
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Element(org.w3c.dom.Element)
OutputStream(java.io.OutputStream)
SOAPException(javax.xml.soap.SOAPException)
List(java.util.List)
LogoutRequest(com.sun.identity.saml2.protocol.LogoutRequest)
SOAPMessage(javax.xml.soap.SOAPMessage)
Map(java.util.Map)
Example 44 with Response
use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.
the class AssertionIDRequestServiceSOAP method doGetPost.
private void doGetPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// handle DOS attack
SAMLUtils.checkHTTPContentLength(req);
String pathInfo = req.getPathInfo();
if (pathInfo == null) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AssertionIDRequestServiceSOAP.doGetPost: " + "pathInfo is null.");
}
SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "nullPathInfo", SAML2Utils.bundle.getString("nullPathInfo"));
return;
}
String role = null;
int index = pathInfo.indexOf(SAML2MetaManager.NAME_META_ALIAS_IN_URI);
if (index > 2) {
role = pathInfo.substring(1, index - 1);
}
String samlAuthorityMetaAlias = SAML2MetaUtils.getMetaAliasByUri(req.getRequestURI());
String samlAuthorityEntityID = null;
String realm = null;
try {
samlAuthorityEntityID = SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(samlAuthorityMetaAlias);
realm = SAML2MetaUtils.getRealmByMetaAlias(samlAuthorityMetaAlias);
} catch (SAML2Exception sme) {
SAML2Utils.debug.error("AssertionIDRequestServiceSOAP.doGetPost", sme);
SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "invalidMetaAlias", sme.getMessage());
return;
}
if (!SAML2Utils.isIDPProfileBindingSupported(realm, samlAuthorityEntityID, SAML2Constants.ASSERTION_ID_REQUEST_SERVICE, SAML2Constants.SOAP)) {
SAML2Utils.debug.error("AssertionIDRequestServiceSOAP.doGetPost:Assertion ID request" + " service SOAP binding is not supported for " + samlAuthorityEntityID);
SAMLUtils.sendError(req, resp, HttpServletResponse.SC_BAD_REQUEST, "unsupportedBinding", SAML2Utils.bundle.getString("unsupportedBinding"));
return;
}
AssertionIDRequest assertionIDRequest = null;
try {
SOAPMessage msg = SOAPCommunicator.getInstance().getSOAPMessage(req);
Element elem = SOAPCommunicator.getInstance().getSamlpElement(msg, SAML2Constants.ASSERTION_ID_REQUEST);
assertionIDRequest = ProtocolFactory.getInstance().createAssertionIDRequest(elem);
} catch (Exception ex) {
SAML2Utils.debug.error("AssertionIDRequestServiceSOAP.doGetPost:", ex);
SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "failedToCreateAssertionIDRequest", ex.getMessage());
return;
}
SOAPMessage replymsg = null;
try {
Response samlResp = AssertionIDRequestUtil.processAssertionIDRequest(assertionIDRequest, req, resp, samlAuthorityEntityID, role, realm);
replymsg = SOAPCommunicator.getInstance().createSOAPMessage(samlResp.toXMLString(true, true), false);
} catch (Throwable t) {
SAML2Utils.debug.error("AssertionIDRequestServiceSOAP.doGetPost: " + "Unable to create SOAP message:", t);
replymsg = SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "unableToCreateSOAPMessage", null);
}
try {
if (replymsg.saveRequired()) {
replymsg.saveChanges();
}
resp.setStatus(HttpServletResponse.SC_OK);
SAML2Utils.putHeaders(replymsg.getMimeHeaders(), resp);
OutputStream os = resp.getOutputStream();
replymsg.writeTo(os);
os.flush();
} catch (SOAPException soap) {
SAML2Utils.debug.error("AssertionIDRequestServiceSOAP.doGetPost", soap);
SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "soapError", soap.getMessage());
return;
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Response(com.sun.identity.saml2.protocol.Response)
AssertionIDRequest(com.sun.identity.saml2.protocol.AssertionIDRequest)
Element(org.w3c.dom.Element)
OutputStream(java.io.OutputStream)
SOAPException(javax.xml.soap.SOAPException)
SOAPMessage(javax.xml.soap.SOAPMessage)
ServletException(javax.servlet.ServletException)
SOAPException(javax.xml.soap.SOAPException)
IOException(java.io.IOException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Example 45 with Response
use of com.sun.identity.saml2.protocol.Response in project OpenAM by OpenRock.
the class AttributeServiceSOAP method doGetPost.
private void doGetPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
// handle DOS attack
SAMLUtils.checkHTTPContentLength(req);
AttributeQuery attrQuery = null;
try {
SOAPMessage msg = SOAPCommunicator.getInstance().getSOAPMessage(req);
Element elem = SOAPCommunicator.getInstance().getSamlpElement(msg, SAML2Constants.ATTRIBUTE_QUERY);
attrQuery = ProtocolFactory.getInstance().createAttributeQuery(elem);
} catch (Exception ex) {
SAML2Utils.debug.error("AttributeServiceSOAP.doGetPost:", ex);
SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "failedToCreateAttributeQuery", ex.getMessage());
return;
}
String pathInfo = req.getPathInfo();
if (pathInfo == null) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeServiceSOAP.doGetPost: " + "pathInfo is null.");
}
SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "nullPathInfo", SAML2Utils.bundle.getString("nullPathInfo"));
return;
}
String attrQueryProfileAlias = null;
int index = pathInfo.indexOf(SAML2MetaManager.NAME_META_ALIAS_IN_URI);
if (index > 2) {
attrQueryProfileAlias = pathInfo.substring(1, index - 1);
}
String attrAuthorityMetaAlias = SAML2MetaUtils.getMetaAliasByUri(req.getRequestURI());
String attrAuthorityEntityID = null;
String realm = null;
try {
attrAuthorityEntityID = SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(attrAuthorityMetaAlias);
realm = SAML2MetaUtils.getRealmByMetaAlias(attrAuthorityMetaAlias);
} catch (SAML2Exception sme) {
SAML2Utils.debug.error("AttributeServiceSOAP.doGetPost", sme);
SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "invalidMetaAlias", sme.getMessage());
return;
}
SOAPMessage replymsg = null;
try {
Response samlResp = AttributeQueryUtil.processAttributeQuery(attrQuery, req, resp, attrAuthorityEntityID, realm, attrQueryProfileAlias);
replymsg = SOAPCommunicator.getInstance().createSOAPMessage(samlResp.toXMLString(true, true), false);
} catch (Throwable t) {
SAML2Utils.debug.error("AttributeServiceSOAP.doGetPost: " + "Unable to create SOAP message:", t);
replymsg = SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "unableToCreateSOAPMessage", null);
}
try {
if (replymsg.saveRequired()) {
replymsg.saveChanges();
}
resp.setStatus(HttpServletResponse.SC_OK);
SAML2Utils.putHeaders(replymsg.getMimeHeaders(), resp);
OutputStream os = resp.getOutputStream();
replymsg.writeTo(os);
os.flush();
} catch (SOAPException soap) {
SAML2Utils.debug.error("AttributeServiceSOAP.doGetPost", soap);
SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "soapError", soap.getMessage());
return;
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Response(com.sun.identity.saml2.protocol.Response)
AttributeQuery(com.sun.identity.saml2.protocol.AttributeQuery)
Element(org.w3c.dom.Element)
OutputStream(java.io.OutputStream)
SOAPException(javax.xml.soap.SOAPException)
SOAPMessage(javax.xml.soap.SOAPMessage)
ServletException(javax.servlet.ServletException)
SOAPException(javax.xml.soap.SOAPException)
IOException(java.io.IOException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)119
List (java.util.List)53
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)45
ArrayList (java.util.ArrayList)41
IOException (java.io.IOException)40
SessionException (com.sun.identity.plugin.session.SessionException)35
Response (com.sun.identity.saml2.protocol.Response)31
SOAPException (javax.xml.soap.SOAPException)31
Issuer (com.sun.identity.saml2.assertion.Issuer)28
HttpServletResponse (javax.servlet.http.HttpServletResponse)28
SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)25
Map (java.util.Map)24
Assertion (com.sun.identity.saml2.assertion.Assertion)23
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)23
SOAPMessage (javax.xml.soap.SOAPMessage)22
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)20
Date (java.util.Date)20
HashMap (java.util.HashMap)20
Element (org.w3c.dom.Element)20
X509Certificate (java.security.cert.X509Certificate)16
