Search in sources :

Example 1 with Status

use of com.sun.identity.saml2.protocol.Status in project OpenAM by OpenRock.

the class SAML2 method stepLogin.

/**
     * In conjuncture with injectCallbacks, steps through an internal auth chain (stored in authenticationContext) until
     * it's completed by repeatedly injecting the callbacks from the internal chain's modules and submitting
     * them until the status has confirmed failed or succeeded.
     */
private int stepLogin(final Callback[] realCallbacks, final int state) throws AuthLoginException {
    if (authenticationContext == null || authenticationContext.getStatus().equals(AuthContext.Status.FAILED)) {
        return processError(bundle.getString("samlLocalAuthFailed"), "SAML2 :: process() : failed to perform local authentication - {} ", bundle.getString("samlLocalAuthFailed"));
    } else if (authenticationContext.getStatus().equals(AuthContext.Status.IN_PROGRESS)) {
        return injectCallbacks(realCallbacks, state);
    } else if (authenticationContext.getStatus().equals(AuthContext.Status.SUCCESS)) {
        try {
            final NameID nameId = getNameId();
            final String userName = authenticationContext.getSSOToken().getProperty(UNIVERSAL_IDENTIFIER);
            linkAccount(userName, nameId);
            return success(authnAssertion, nameId, userName);
        } catch (L10NMessageImpl l10NMessage) {
            return processError(l10NMessage, null, "SAML2 :: process() : failed to perform local authentication - {} ", l10NMessage.getL10NMessage(getLoginLocale()));
        } finally {
            authenticationContext.logout();
        }
    }
    return processError(bundle.getString("invalidLoginState"), "SAML2 :: stepLogin() : unexpected login state");
}
Also used : NameID(com.sun.identity.saml2.assertion.NameID) L10NMessageImpl(com.sun.identity.shared.locale.L10NMessageImpl)

Example 2 with Status

use of com.sun.identity.saml2.protocol.Status in project OpenAM by OpenRock.

the class IDPSingleLogout method processLogoutRequest.

/**
     * Gets and processes the Single <code>LogoutRequest</code> from SP
     * and return <code>LogoutResponse</code>.
     *
     * @param logoutReq <code>LogoutRequest</code> from SP
     * @param request the HttpServletRequest.
     * @param response the HttpServletResponse.
     * @param binding name of binding will be used for request processing.
     * @param relayState the relay state.
     * @param idpEntityID name of host entity ID.
     * @param realm name of host entity.
     * @param isVerified true if the request is verified already.
     * @return LogoutResponse the target URL on successful
     * <code>LogoutRequest</code>.
     * @throws SAML2Exception if error processing
     *          <code>LogoutRequest</code>.
     */
public static LogoutResponse processLogoutRequest(LogoutRequest logoutReq, HttpServletRequest request, HttpServletResponse response, String binding, String relayState, String idpEntityID, String realm, boolean isVerified) throws SAML2Exception {
    Status status = null;
    String spEntity = logoutReq.getIssuer().getValue();
    Object session = null;
    String tmpStr = request.getParameter("isLBReq");
    boolean isLBReq = (tmpStr == null || !tmpStr.equals("false"));
    try {
        do {
            String requestId = logoutReq.getID();
            SAML2Utils.verifyRequestIssuer(realm, idpEntityID, logoutReq.getIssuer(), requestId);
            List siList = logoutReq.getSessionIndex();
            if (siList == null) {
                debug.error("IDPSingleLogout.processLogoutRequest: " + "session index are null in logout request");
                status = SAML2Utils.generateStatus(SAML2Constants.REQUESTER, "");
                break;
            }
            int numSI = siList.size();
            // TODO : handle list of session index
            Iterator siIter = siList.iterator();
            String sessionIndex = null;
            if (siIter.hasNext()) {
                sessionIndex = (String) siIter.next();
            }
            if (debug.messageEnabled()) {
                debug.message("IDPLogoutUtil.processLogoutRequest: " + "idpEntityID=" + idpEntityID + ", sessionIndex=" + sessionIndex);
            }
            if (sessionIndex == null) {
                // this case won't happen
                // according to the spec: SP has to send at least
                // one sessionIndex, could be multiple (TODO: need
                // to handle that above; but when IDP sends out
                // logout request, it could omit sessionIndex list,
                // which means all sessions on SP side, so SP side
                // needs to care about this case
                debug.error("IDPLogoutUtil.processLogoutRequest: " + "No session index in logout request");
                status = SAML2Utils.generateStatus(SAML2Constants.REQUESTER, "");
                break;
            }
            String remoteServiceURL = null;
            if (isLBReq) {
                // server id is the last two digit of the session index
                String serverId = sessionIndex.substring(sessionIndex.length() - 2);
                if (debug.messageEnabled()) {
                    debug.message("IDPSingleLogout.processLogoutRequest: " + "sessionIndex=" + sessionIndex + ", id=" + serverId);
                }
                // find out remote serice URL based on server id
                remoteServiceURL = SAML2Utils.getRemoteServiceURL(serverId);
            }
            IDPSession idpSession = IDPCache.idpSessionsByIndices.get(sessionIndex);
            if (idpSession == null && SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                // Read from SAML2 Token Repository
                IDPSessionCopy idpSessionCopy = null;
                try {
                    idpSessionCopy = (IDPSessionCopy) SAML2FailoverUtils.retrieveSAML2Token(sessionIndex);
                } catch (SAML2TokenRepositoryException se) {
                    debug.error("IDPSingleLogout.processLogoutRequest: Error while deleting token from " + "SAML2 Token Repository for sessionIndex:" + sessionIndex, se);
                }
                // Copy back to IDPSession
                if (idpSessionCopy != null) {
                    idpSession = new IDPSession(idpSessionCopy);
                } else {
                    SAML2Utils.debug.error("IDPSessionCopy is NULL!!!");
                }
            }
            if (idpSession == null) {
                // peer then we have to route the request.
                if (remoteServiceURL != null) {
                    boolean peerError = false;
                    String remoteLogoutURL = remoteServiceURL + SAML2Utils.removeDeployUri(request.getRequestURI());
                    String queryString = request.getQueryString();
                    if (queryString == null) {
                        remoteLogoutURL = remoteLogoutURL + "?isLBReq=false";
                    } else {
                        remoteLogoutURL = remoteLogoutURL + "?" + queryString + "&isLBReq=false";
                    }
                    LogoutResponse logoutRes = LogoutUtil.forwardToRemoteServer(logoutReq, remoteLogoutURL);
                    if ((logoutRes != null) && !isNameNotFound(logoutRes)) {
                        if ((isSuccess(logoutRes)) && (numSI > 0)) {
                            siList = LogoutUtil.getSessionIndex(logoutRes);
                            if (siList == null || siList.isEmpty()) {
                                peerError = false;
                                break;
                            }
                        }
                    } else {
                        peerError = true;
                    }
                    if (peerError || (siList != null && siList.size() > 0)) {
                        status = PARTIAL_LOGOUT_STATUS;
                        break;
                    } else {
                        status = SUCCESS_STATUS;
                        break;
                    }
                } else {
                    debug.error("IDPLogoutUtil.processLogoutRequest: " + "IDP no longer has this session index " + sessionIndex);
                    status = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, SAML2Utils.bundle.getString("invalidSessionIndex"));
                    break;
                }
            } else {
                // signature.
                if (!isVerified && !LogoutUtil.verifySLORequest(logoutReq, realm, logoutReq.getIssuer().getValue(), idpEntityID, SAML2Constants.IDP_ROLE)) {
                    throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInRequest"));
                }
            }
            session = idpSession.getSession();
            // handle external application logout if configured
            BaseConfigType idpConfig = SAML2Utils.getSAML2MetaManager().getIDPSSOConfig(realm, idpEntityID);
            List appLogoutURL = (List) SAML2MetaUtils.getAttributes(idpConfig).get(SAML2Constants.APP_LOGOUT_URL);
            if (debug.messageEnabled()) {
                debug.message("IDPLogoutUtil.processLogoutRequest: " + "external app logout URL= " + appLogoutURL);
            }
            if ((appLogoutURL != null) && (appLogoutURL.size() != 0)) {
                SAML2Utils.postToAppLogout(request, (String) appLogoutURL.get(0), session);
            }
            List<NameIDandSPpair> list = idpSession.getNameIDandSPpairs();
            int n = list.size();
            if (debug.messageEnabled()) {
                debug.message("IDPLogoutUtil.processLogoutRequest: " + "NameIDandSPpair for " + sessionIndex + " is " + list + ", size=" + n);
            }
            NameIDandSPpair pair = null;
            // remove sending SP from the list
            String spIssuer = logoutReq.getIssuer().getValue();
            for (int i = 0; i < n; i++) {
                pair = list.get(i);
                if (pair.getSPEntityID().equals(spIssuer)) {
                    list.remove(i);
                    removeTransientNameIDFromCache(pair.getNameID());
                    break;
                }
            }
            List partners = idpSession.getSessionPartners();
            boolean cleanUp = true;
            if (partners != null && !partners.isEmpty()) {
                cleanUp = false;
            }
            n = list.size();
            if (n == 0) {
                // this is the case where there is no other
                // session participant
                status = destroyTokenAndGenerateStatus(sessionIndex, idpSession.getSession(), request, response, cleanUp);
                if (cleanUp) {
                    IDPCache.idpSessionsByIndices.remove(sessionIndex);
                    if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
                        saml2Svc.setIdpSessionCount((long) IDPCache.idpSessionsByIndices.size());
                    }
                    if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                        try {
                            SAML2FailoverUtils.deleteSAML2Token(sessionIndex);
                        } catch (SAML2TokenRepositoryException se) {
                            debug.error("IDPSingleLogout.processLogoutRequest: Error while deleting token from " + "SAML2 Token Repository for sessionIndex:" + sessionIndex, se);
                        }
                    }
                    IDPCache.authnContextCache.remove(sessionIndex);
                }
                break;
            }
            //We should save the originally used request binding to make sure the response is sent back using the
            //correct binding.
            idpSession.setOriginatingLogoutRequestBinding(binding);
            // there are other SPs to be logged out
            if (binding.equals(SAML2Constants.HTTP_REDIRECT) || binding.equals(SAML2Constants.HTTP_POST)) {
                idpSession.setOriginatingLogoutRequestID(logoutReq.getID());
                idpSession.setOriginatingLogoutSPEntityID(logoutReq.getIssuer().getValue());
            }
            int soapFailCount = 0;
            for (int i = 0; i < n; i++) {
                pair = list.remove(0);
                removeTransientNameIDFromCache(pair.getNameID());
                String spEntityID = pair.getSPEntityID();
                if (debug.messageEnabled()) {
                    debug.message("IDPSingleLogout.processLogoutRequest: SP for " + sessionIndex + " is " + spEntityID);
                }
                List<SingleLogoutServiceElement> slosList = getSPSLOServiceEndpoints(realm, spEntityID);
                // get IDP entity config in case of SOAP,for basic auth info
                SPSSOConfigElement spConfig = null;
                spConfig = SAML2Utils.getSAML2MetaManager().getSPSSOConfig(realm, spEntityID);
                String uri = request.getRequestURI();
                String metaAlias = SAML2MetaUtils.getMetaAliasByUri(uri);
                HashMap paramsMap = new HashMap();
                paramsMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE);
                StringBuffer requestID = null;
                SingleLogoutServiceElement logoutEndpoint = LogoutUtil.getMostAppropriateSLOServiceLocation(slosList, idpSession.getOriginatingLogoutRequestBinding());
                if (logoutEndpoint == null) {
                    continue;
                }
                try {
                    requestID = LogoutUtil.doLogout(metaAlias, spEntityID, null, logoutEndpoint, relayState, sessionIndex, pair.getNameID(), request, response, paramsMap, spConfig);
                } catch (SAML2Exception ex) {
                    if (logoutEndpoint.getBinding().equals(SAML2Constants.SOAP)) {
                        debug.error("IDPSingleLogout.initiateLogoutRequest:", ex);
                        soapFailCount++;
                        continue;
                    } else {
                        throw ex;
                    }
                }
                String bindingUsed = logoutEndpoint.getBinding();
                if (bindingUsed.equals(SAML2Constants.HTTP_REDIRECT) || bindingUsed.equals(SAML2Constants.HTTP_POST)) {
                    String requestIDStr = requestID.toString();
                    if (requestIDStr != null && requestIDStr.length() != 0) {
                        idpSession.setPendingLogoutRequestID(requestIDStr);
                    }
                    return null;
                }
            }
            if (soapFailCount == n) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("sloFailed"));
            } else if (soapFailCount > 0) {
                throw new SAML2Exception(SAML2Utils.bundle.getString("partialLogout"));
            }
            spEntity = idpSession.getOriginatingLogoutSPEntityID();
            if (binding.equals(SAML2Constants.HTTP_REDIRECT) || binding.equals(SAML2Constants.HTTP_POST)) {
                sendLastResponse(idpSession, null, request, response, sessionIndex, session, realm, idpEntityID, relayState);
                return null;
            } else {
                // binding is SOAP, generate logout response
                // and send to initiating SP
                status = destroyTokenAndGenerateStatus(sessionIndex, idpSession.getSession(), request, response, true);
                if (cleanUp) {
                    IDPCache.idpSessionsByIndices.remove(sessionIndex);
                    if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
                        saml2Svc.setIdpSessionCount((long) IDPCache.idpSessionsByIndices.size());
                    }
                    if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                        try {
                            SAML2FailoverUtils.deleteSAML2Token(sessionIndex);
                        } catch (SAML2TokenRepositoryException se) {
                            debug.error("IDPSingleLogout.processLogoutRequest: Error while deleting token from " + "SAML2 Token Repository for sessionIndex:" + sessionIndex, se);
                        }
                    }
                    IDPCache.authnContextCache.remove(sessionIndex);
                }
            }
        } while (false);
    } catch (SessionException ssoe) {
        debug.error("IDPSingleLogout.processLogoutRequest: unable to get meta for ", ssoe);
        status = SAML2Utils.generateStatus(idpEntityID, ssoe.toString());
    } catch (SAML2Exception e) {
        // show throw exception
        e.printStackTrace();
        SAML2Utils.debug.error("DB ERROR!!!");
    }
    // process multi-federation protocol
    boolean isMultiProtocol = false;
    try {
        SessionProvider provider = SessionManager.getProvider();
        if ((session != null) && (provider.isValid(session)) && MultiProtocolUtils.isMultipleProtocolSession(session, SingleLogoutManager.SAML2)) {
            isMultiProtocol = true;
        }
    } catch (SessionException ex) {
    //ignore
    }
    //here we are providing null for remote entity, because it's an unused variable in the method...
    LogoutResponse logRes = LogoutUtil.generateResponse(status, logoutReq.getID(), SAML2Utils.createIssuer(idpEntityID), realm, SAML2Constants.IDP_ROLE, null);
    if (!isMultiProtocol) {
        return logRes;
    } else {
        try {
            Set set = new HashSet();
            set.add(session);
            String sessUser = SessionManager.getProvider().getPrincipalName(session);
            boolean isSOAPInitiated = binding.equals(SAML2Constants.SOAP);
            SingleLogoutServiceElement endpoint = getLogoutResponseEndpoint(realm, spEntity, binding);
            String location = getResponseLocation(endpoint);
            logRes.setDestination(XMLUtils.escapeSpecialCharacters(location));
            debug.message("IDPSingleLogout.processLogReq : call MP");
            int retStat = SingleLogoutManager.getInstance().doIDPSingleLogout(set, sessUser, request, response, isSOAPInitiated, false, SingleLogoutManager.SAML2, realm, idpEntityID, spEntity, relayState, logoutReq.toXMLString(true, true), logRes.toXMLString(true, true), SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS);
            if (retStat != SingleLogoutManager.LOGOUT_REDIRECTED_STATUS) {
                logRes = updateLogoutResponse(logRes, retStat);
                return logRes;
            } else {
                return null;
            }
        } catch (SessionException ex) {
            debug.error("IDPSingleLogout.ProcessLogoutRequest: SP " + "initiated SOAP logout", ex);
            throw new SAML2Exception(ex.getMessage());
        } catch (Exception ex) {
            debug.error("IDPSingleLogout.ProcessLogoutRequest: SP " + "initiated SOAP logout (MP)", ex);
            throw new SAML2Exception(ex.getMessage());
        }
    }
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) SessionException(com.sun.identity.plugin.session.SessionException) BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType) SingleLogoutServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement) Iterator(java.util.Iterator) List(java.util.List) SessionProvider(com.sun.identity.plugin.session.SessionProvider) HashSet(java.util.HashSet) Status(com.sun.identity.saml2.protocol.Status) LogoutResponse(com.sun.identity.saml2.protocol.LogoutResponse) SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) SessionException(com.sun.identity.plugin.session.SessionException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException) IOException(java.io.IOException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)

Example 3 with Status

use of com.sun.identity.saml2.protocol.Status in project OpenAM by OpenRock.

the class IDPSingleLogout method initiateLogoutRequest.

/**
     * Parses the request parameters and initiates the Logout
     * Request to be sent to the SP.
     *
     * @param request the HttpServletRequest.
     * @param response the HttpServletResponse.
     * @param out the print writer for writing out presentation
     * @param binding binding used for this request.
     * @param paramsMap Map of all other parameters.
     *       Following parameters names with their respective
     *       String values are allowed in this paramsMap.
     *       "RelayState" - the target URL on successful Single Logout
     *       "Destination" - A URI Reference indicating the address to
     *                       which the request has been sent.
     *       "Consent" - Specifies a URI a SAML defined identifier
     *                   known as Consent Identifiers.
     *       "Extension" - Specifies a list of Extensions as list of
     *                   String objects.
     * @throws SAML2Exception if error initiating request to SP.
     */
public static void initiateLogoutRequest(HttpServletRequest request, HttpServletResponse response, PrintWriter out, String binding, Map paramsMap) throws SAML2Exception {
    if (debug.messageEnabled()) {
        debug.message("in initiateLogoutRequest");
        debug.message("binding : " + binding);
        debug.message("logoutAll : " + (String) paramsMap.get(SAML2Constants.LOGOUT_ALL));
        debug.message("paramsMap : " + paramsMap);
    }
    boolean logoutall = false;
    String logoutAllValue = (String) paramsMap.get(SAML2Constants.LOGOUT_ALL);
    if ((logoutAllValue != null) && logoutAllValue.equalsIgnoreCase("true")) {
        logoutall = true;
    }
    String metaAlias = (String) paramsMap.get(SAML2Constants.IDP_META_ALIAS);
    try {
        Object session = sessionProvider.getSession(request);
        String sessUser = sessionProvider.getPrincipalName(session);
        if (session == null) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullSSOToken"));
        }
        if (metaAlias == null) {
            String[] values = sessionProvider.getProperty(session, SAML2Constants.IDP_META_ALIAS);
            if (values != null && values.length != 0) {
                metaAlias = values[0];
            }
        }
        if (metaAlias == null) {
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullIDPMetaAlias"));
        }
        paramsMap.put(SAML2Constants.METAALIAS, metaAlias);
        String realm = SAML2Utils.getRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAlias));
        String idpEntityID = sm.getEntityByMetaAlias(metaAlias);
        if (idpEntityID == null) {
            debug.error("Identity Provider ID is missing");
            String[] data = { idpEntityID };
            LogUtil.error(Level.INFO, LogUtil.INVALID_IDP, data, null);
            throw new SAML2Exception(SAML2Utils.bundle.getString("nullIDPEntityID"));
        }
        // clean up session index
        String idpSessionIndex = IDPSSOUtil.getSessionIndex(session);
        if (idpSessionIndex == null) {
            if (debug.messageEnabled()) {
                debug.message("No SP session participant(s)");
            }
            MultiProtocolUtils.invalidateSession(session, request, response, SingleLogoutManager.SAML2);
            return;
        }
        // then send the request to the original server
        if (!SAML2FailoverUtils.isSAML2FailoverEnabled() && isMisroutedRequest(request, response, out, session)) {
            return;
        } else {
            if (debug.messageEnabled()) {
                debug.message("IDPSingleLogout.initiateLogoutRequest: " + "SAML2 Failover will be attempted. Be sure SFO is " + "properly configured or the attempt will fail");
            }
        }
        IDPSession idpSession = IDPCache.idpSessionsByIndices.get(idpSessionIndex);
        if (idpSession == null) {
            if (debug.messageEnabled()) {
                debug.message("IDPSLO.initiateLogoutRequest: " + "IDP Session with session index " + idpSessionIndex + " already removed.");
            }
            try {
                if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                    SAML2FailoverUtils.deleteSAML2Token(idpSessionIndex);
                }
            } catch (SAML2TokenRepositoryException se) {
                debug.error("IDPSingleLogout.initiateLogoutReq: Error while deleting token from " + "SAML2 Token Repository for idpSessionIndex:" + idpSessionIndex, se);
            }
            IDPCache.authnContextCache.remove(idpSessionIndex);
            MultiProtocolUtils.invalidateSession(session, request, response, SingleLogoutManager.SAML2);
            return;
        }
        if (debug.messageEnabled()) {
            debug.message("idpSessionIndex=" + idpSessionIndex);
        }
        List<NameIDandSPpair> list = idpSession.getNameIDandSPpairs();
        int n = list.size();
        if (debug.messageEnabled()) {
            debug.message("IDPSingleLogout.initiateLogoutReq:" + " NameIDandSPpairs=" + list + ", size=" + n);
        }
        if (n == 0) {
            if (debug.messageEnabled()) {
                debug.message("No SP session participant(s)");
            }
            IDPCache.idpSessionsByIndices.remove(idpSessionIndex);
            if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
                saml2Svc.setIdpSessionCount((long) IDPCache.idpSessionsByIndices.size());
            }
            try {
                if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
                    SAML2FailoverUtils.deleteSAML2Token(idpSessionIndex);
                }
            } catch (SAML2TokenRepositoryException se) {
                debug.error("IDPSingleLogout.initiateLogoutReq: Error while deleting token from " + "SAML2 Token Repository for idpSessionIndex:" + idpSessionIndex, se);
            }
            IDPCache.authnContextCache.remove(idpSessionIndex);
            MultiProtocolUtils.invalidateSession(session, request, response, SingleLogoutManager.SAML2);
            return;
        }
        String relayState = (String) paramsMap.get(SAML2Constants.RELAY_STATE);
        // Validate the RelayState URL.
        SAML2Utils.validateRelayStateURL(realm, idpEntityID, relayState, SAML2Constants.IDP_ROLE);
        int soapFailCount = 0;
        idpSession.setOriginatingLogoutRequestBinding(binding);
        for (int i = 0; i < n; i++) {
            NameIDandSPpair pair = list.remove(0);
            removeTransientNameIDFromCache(pair.getNameID());
            String spEntityID = pair.getSPEntityID();
            if (debug.messageEnabled()) {
                debug.message("IDPSingleLogout.initLogoutReq: processing spEntityID " + spEntityID);
            }
            List extensionsList = LogoutUtil.getExtensionsList(paramsMap);
            List<SingleLogoutServiceElement> slosList = getSPSLOServiceEndpoints(realm, spEntityID);
            // get IDP entity config in case of SOAP, for basic auth info
            SPSSOConfigElement spConfig = sm.getSPSSOConfig(realm, spEntityID);
            if (logoutall == true) {
                idpSessionIndex = null;
            }
            SingleLogoutServiceElement logoutEndpoint = LogoutUtil.getMostAppropriateSLOServiceLocation(slosList, idpSession.getOriginatingLogoutRequestBinding());
            if (logoutEndpoint == null) {
                continue;
            }
            StringBuffer requestID = null;
            try {
                requestID = LogoutUtil.doLogout(metaAlias, spEntityID, extensionsList, logoutEndpoint, relayState, idpSessionIndex, pair.getNameID(), request, response, paramsMap, spConfig);
            } catch (SAML2Exception ex) {
                if (logoutEndpoint.getBinding().equals(SAML2Constants.SOAP)) {
                    debug.error("IDPSingleLogout.initiateLogoutRequest:", ex);
                    soapFailCount++;
                    continue;
                } else {
                    throw ex;
                }
            }
            String requestIDStr = requestID.toString();
            String bindingUsed = logoutEndpoint.getBinding();
            if (debug.messageEnabled()) {
                debug.message("\nIDPSLO.requestIDStr = " + requestIDStr + "\nbinding = " + bindingUsed);
            }
            if (!requestIDStr.isEmpty() && (bindingUsed.equals(SAML2Constants.HTTP_REDIRECT) || bindingUsed.equals(SAML2Constants.HTTP_POST))) {
                idpSession.setPendingLogoutRequestID(requestIDStr);
                idpSession.setLogoutAll(logoutall);
                Map logoutMap = (Map) paramsMap.get("LogoutMap");
                if (logoutMap != null && !logoutMap.isEmpty()) {
                    IDPCache.logoutResponseCache.put(requestIDStr, (Map) paramsMap.get("LogoutMap"));
                }
                return;
            }
        }
        //requested binding, or SOAP was used for the logout (or the mixture of this two).
        if (logoutall == true) {
            String userID = sessionProvider.getPrincipalName(idpSession.getSession());
            destroyAllTokenForUser(userID, request, response);
        } else {
            MultiProtocolUtils.invalidateSession(idpSession.getSession(), request, response, SingleLogoutManager.SAML2);
            IDPCache.idpSessionsByIndices.remove(idpSessionIndex);
            if (agent != null && agent.isRunning() && saml2Svc != null) {
                saml2Svc.setIdpSessionCount((long) IDPCache.idpSessionsByIndices.size());
            }
            IDPCache.authnContextCache.remove(idpSessionIndex);
        }
        //handling the case when the auth was initiated with HTTP-Redirect, but only SOAP or no SLO endpoint was
        //available, and also the case when the whole logout process was using SOAP binding from the beginning
        int logoutStatus = SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS;
        boolean isMultiProtocol = MultiProtocolUtils.isMultipleProtocolSession(request, SingleLogoutManager.SAML2);
        //TODO: would be nice to actually return the correct message in idpSingleLogoutInit.jsp
        if (soapFailCount == n) {
            if (isMultiProtocol) {
                logoutStatus = SingleLogoutManager.LOGOUT_FAILED_STATUS;
            }
        } else if (soapFailCount > 0) {
            if (isMultiProtocol) {
                logoutStatus = SingleLogoutManager.LOGOUT_PARTIAL_STATUS;
            }
        }
        // processing multi-federation protocol session
        if (isMultiProtocol) {
            Set set = new HashSet();
            set.add(session);
            boolean isSOAPInitiated = binding.equals(SAML2Constants.SOAP) ? true : false;
            int retStat = SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS;
            try {
                debug.message("IDPSingleLogout.initLogReq: MP");
                retStat = SingleLogoutManager.getInstance().doIDPSingleLogout(set, sessUser, request, response, isSOAPInitiated, true, SingleLogoutManager.SAML2, realm, idpEntityID, null, relayState, null, null, logoutStatus);
            } catch (Exception ex) {
                debug.warning("IDPSingleLogout.initiateLoogutReq: MP", ex);
                throw new SAML2Exception(ex.getMessage());
            }
            if (debug.messageEnabled()) {
                debug.message("IDPSingleLogout.initLogoutRequest: " + "SLOManager return status = " + retStat);
            }
            switch(retStat) {
                case SingleLogoutManager.LOGOUT_FAILED_STATUS:
                    throw new SAML2Exception(SAML2Utils.bundle.getString("sloFailed"));
                case SingleLogoutManager.LOGOUT_PARTIAL_STATUS:
                    throw new SAML2Exception(SAML2Utils.bundle.getString("partialLogout"));
                default:
                    break;
            }
        }
    } catch (SAML2MetaException sme) {
        debug.error("Error retreiving metadata", sme);
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    } catch (SessionException ssoe) {
        debug.error("SessionException: ", ssoe);
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    }
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement) SessionException(com.sun.identity.plugin.session.SessionException) SessionException(com.sun.identity.plugin.session.SessionException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException) IOException(java.io.IOException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SingleLogoutServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement) SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) HashSet(java.util.HashSet)

Example 4 with Status

use of com.sun.identity.saml2.protocol.Status in project OpenAM by OpenRock.

the class IDPArtifactResolution method onMessage.

/**
     * This method generates a <code>SOAPMessage</code> containing the
     * <code>ArtifactResponse</code> that is corresponding to the
     * <code>ArtifactResolve</code> contained in the 
     * <code>SOAPMessage</code> passed in.
     *
     * @param message <code>SOAPMessage</code> contains a
     *             <code>ArtifactResolve</code> 
     * @param request the <code>HttpServletRequest</code> object
     * @param realm the realm to where the identity provider belongs
     * @param idpEntityID the entity id of the identity provider 
     * 
     * @return <code>SOAPMessage</code> contains the 
     *             <code>ArtifactResponse</code>
     * @exception SAML2Exception if the operation is not successful
     */
public static SOAPMessage onMessage(SOAPMessage message, HttpServletRequest request, HttpServletResponse response, String realm, String idpEntityID) throws SAML2Exception {
    String classMethod = "IDPArtifactResolution.onMessage: ";
    if (SAML2Utils.debug.messageEnabled()) {
        SAML2Utils.debug.message(classMethod + "Entering onMessage().");
    }
    Element reqElem = SOAPCommunicator.getInstance().getSamlpElement(message, "ArtifactResolve");
    ArtifactResolve artResolve = ProtocolFactory.getInstance().createArtifactResolve(reqElem);
    if (artResolve == null) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(classMethod + "no valid ArtifactResolve node found in SOAP body.");
        }
        return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "noArtifactResolve", null);
    }
    String spEntityID = artResolve.getIssuer().getValue();
    if (!SAML2Utils.isSourceSiteValid(artResolve.getIssuer(), realm, idpEntityID)) {
        SAML2Utils.debug.error(classMethod + spEntityID + " is not trusted issuer.");
        String[] data = { idpEntityID, realm, artResolve.getID() };
        LogUtil.error(Level.INFO, LogUtil.INVALID_ISSUER_REQUEST, data, null);
        return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "invalidIssuerInRequest", null);
    }
    SPSSODescriptorElement spSSODescriptor = null;
    try {
        spSSODescriptor = IDPSSOUtil.metaManager.getSPSSODescriptor(realm, spEntityID);
    } catch (SAML2MetaException sme) {
        SAML2Utils.debug.error(classMethod, sme);
        spSSODescriptor = null;
    }
    if (spSSODescriptor == null) {
        SAML2Utils.debug.error(classMethod + "Unable to get SP SSO Descriptor from meta.");
        return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "metaDataError", null);
    }
    OrderedSet acsSet = SPSSOFederate.getACSUrl(spSSODescriptor, SAML2Constants.HTTP_ARTIFACT);
    String acsURL = (String) acsSet.get(0);
    //String protocolBinding = (String) acsSet.get(1);
    String isArtifactResolveSigned = SAML2Utils.getAttributeValueFromSSOConfig(realm, idpEntityID, SAML2Constants.IDP_ROLE, SAML2Constants.WANT_ARTIFACT_RESOLVE_SIGNED);
    if ((isArtifactResolveSigned != null) && (isArtifactResolveSigned.equals(SAML2Constants.TRUE))) {
        if (!artResolve.isSigned()) {
            SAML2Utils.debug.error(classMethod + "The artifact resolve is not signed " + "when it is expected to be signed.");
            return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "ArtifactResolveNotSigned", null);
        }
        Set<X509Certificate> verificationCerts = KeyUtil.getVerificationCerts(spSSODescriptor, spEntityID, SAML2Constants.SP_ROLE);
        if (!artResolve.isSignatureValid(verificationCerts)) {
            SAML2Utils.debug.error(classMethod + "artifact resolve verification failed.");
            return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "invalidArtifact", null);
        }
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(classMethod + "artifact resolve signature verification is successful.");
        }
    }
    Artifact art = artResolve.getArtifact();
    if (art == null) {
        SAML2Utils.debug.error(classMethod + "Unable to get an artifact from ArtifactResolve.");
        return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "invalidArtifactSignature", null);
    }
    String artStr = art.getArtifactValue();
    Response res = (Response) IDPCache.responsesByArtifacts.remove(artStr);
    String remoteArtURL = null;
    boolean saml2FailoverEnabled = SAML2FailoverUtils.isSAML2FailoverEnabled();
    if (res == null) {
        // in LB case, artifact may reside on the other server.
        String targetServerID = SAML2Utils.extractServerId(art.getMessageHandle());
        if (targetServerID == null) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message(classMethod + "target serverID is null");
            }
            return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "InvalidArtifactId", null);
        }
        String localServerID = SAML2Utils.getLocalServerID();
        boolean localTarget = localServerID.equals(targetServerID);
        if (!localTarget) {
            if (!SystemConfigurationUtil.isValidServerId(targetServerID)) {
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message(classMethod + "target serverID is not valid: " + targetServerID);
                }
                return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "InvalidArtifactId", null);
            }
            try {
                String remoteServiceURL = SystemConfigurationUtil.getServerFromID(targetServerID);
                remoteArtURL = remoteServiceURL + SAML2Utils.removeDeployUri(request.getRequestURI());
                SOAPConnection con = SOAPCommunicator.getInstance().openSOAPConnection();
                SOAPMessage resMsg = con.call(message, remoteArtURL);
                return resMsg;
            } catch (Exception ex) {
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message(classMethod + "unable to forward request to remote server. " + "remote url = " + remoteArtURL, ex);
                }
                if (!saml2FailoverEnabled) {
                    return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "RemoteArtifactResolutionFailed", null);
                }
            // when the target server is running but the remote call was
            // failed to this server (due to a network error)
            // and the saml2failover is enabled, we can still find the
            // artifact in the SAML2 repository.
            // However the cached entry in the target server will not be
            // deleted this way.
            }
        }
        if (saml2FailoverEnabled) {
            // Check the SAML2 Token Repository
            try {
                if (SAML2Utils.debug.messageEnabled()) {
                    SAML2Utils.debug.message("Artifact=" + artStr);
                }
                String tmp = (String) SAML2FailoverUtils.retrieveSAML2Token(artStr);
                res = ProtocolFactory.getInstance().createResponse(tmp);
            } catch (SAML2Exception e) {
                SAML2Utils.debug.error(classMethod + " SAML2 ERROR!!!", e);
                return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "UnableToFindResponseInRepo", null);
            } catch (SAML2TokenRepositoryException se) {
                SAML2Utils.debug.error(classMethod + " There was a problem reading the response " + "from the SAML2 Token Repository using artStr:" + artStr, se);
                return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "UnableToFindResponseInRepo", null);
            }
        }
    }
    if (res == null) {
        return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, saml2FailoverEnabled ? "UnableToFindResponseInRepo" : "UnableToFindResponse", null);
    }
    // Remove Response from SAML2 Token Repository
    try {
        if (saml2FailoverEnabled) {
            SAML2FailoverUtils.deleteSAML2Token(artStr);
        }
    } catch (SAML2TokenRepositoryException e) {
        SAML2Utils.debug.error(classMethod + " Error deleting the response from the SAML2 Token Repository using artStr:" + artStr, e);
    }
    Map props = new HashMap();
    String nameIDString = SAML2Utils.getNameIDStringFromResponse(res);
    if (nameIDString != null) {
        props.put(LogUtil.NAME_ID, nameIDString);
    }
    // check if need to sign the assertion
    boolean signAssertion = spSSODescriptor.isWantAssertionsSigned();
    if (signAssertion) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(classMethod + "signing the assertion.");
        }
    }
    // encrypt the assertion or its NameID and/or Attribute based
    // on SP config setting and sign the assertion.
    IDPSSOUtil.signAndEncryptResponseComponents(realm, spEntityID, idpEntityID, res, signAssertion);
    ArtifactResponse artResponse = ProtocolFactory.getInstance().createArtifactResponse();
    Status status = ProtocolFactory.getInstance().createStatus();
    StatusCode statusCode = ProtocolFactory.getInstance().createStatusCode();
    statusCode.setValue(SAML2Constants.SUCCESS);
    status.setStatusCode(statusCode);
    // set the idp entity id as the response issuer
    Issuer issuer = AssertionFactory.getInstance().createIssuer();
    issuer.setValue(idpEntityID);
    artResponse.setStatus(status);
    artResponse.setID(SAML2Utils.generateID());
    artResponse.setInResponseTo(artResolve.getID());
    artResponse.setVersion(SAML2Constants.VERSION_2_0);
    artResponse.setIssueInstant(new Date());
    artResponse.setAny(res.toXMLString(true, true));
    artResponse.setIssuer(issuer);
    artResponse.setDestination(XMLUtils.escapeSpecialCharacters(acsURL));
    String wantArtifactResponseSigned = SAML2Utils.getAttributeValueFromSSOConfig(realm, spEntityID, SAML2Constants.SP_ROLE, SAML2Constants.WANT_ARTIFACT_RESPONSE_SIGNED);
    if ((wantArtifactResponseSigned != null) && (wantArtifactResponseSigned.equals(SAML2Constants.TRUE))) {
        KeyProvider kp = KeyUtil.getKeyProviderInstance();
        if (kp == null) {
            SAML2Utils.debug.error(classMethod + "Unable to get a key provider instance.");
            return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "nullKeyProvider", null);
        }
        String idpSignCertAlias = SAML2Utils.getSigningCertAlias(realm, idpEntityID, SAML2Constants.IDP_ROLE);
        if (idpSignCertAlias == null) {
            SAML2Utils.debug.error(classMethod + "Unable to get the hosted IDP signing certificate alias.");
            return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "missingSigningCertAlias", null);
        }
        String encryptedKeyPass = SAML2Utils.getSigningCertEncryptedKeyPass(realm, idpEntityID, SAML2Constants.IDP_ROLE);
        PrivateKey key;
        if (encryptedKeyPass == null || encryptedKeyPass.isEmpty()) {
            key = kp.getPrivateKey(idpSignCertAlias);
        } else {
            key = kp.getPrivateKey(idpSignCertAlias, encryptedKeyPass);
        }
        artResponse.sign(key, kp.getX509Certificate(idpSignCertAlias));
    }
    String str = artResponse.toXMLString(true, true);
    String[] logdata = { idpEntityID, artStr, str };
    LogUtil.access(Level.INFO, LogUtil.ARTIFACT_RESPONSE, logdata, null, props);
    if (str != null) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(classMethod + "ArtifactResponse message:\n" + str);
        }
    } else {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(classMethod + "Unable to print ArtifactResponse message.");
        }
    }
    SOAPMessage msg = null;
    try {
        msg = SOAPCommunicator.getInstance().createSOAPMessage(str, false);
    } catch (SOAPException se) {
        SAML2Utils.debug.error(classMethod + "Unable to create a SOAPMessage and add a document ", se);
        return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "unableToCreateSOAPMessage", null);
    }
    return msg;
}
Also used : KeyProvider(com.sun.identity.saml.xmlsig.KeyProvider) PrivateKey(java.security.PrivateKey) HashMap(java.util.HashMap) Issuer(com.sun.identity.saml2.assertion.Issuer) SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) Element(org.w3c.dom.Element) SOAPConnection(javax.xml.soap.SOAPConnection) SOAPMessage(javax.xml.soap.SOAPMessage) StatusCode(com.sun.identity.saml2.protocol.StatusCode) ArtifactResolve(com.sun.identity.saml2.protocol.ArtifactResolve) SOAPException(javax.xml.soap.SOAPException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) Status(com.sun.identity.saml2.protocol.Status) OrderedSet(com.sun.identity.shared.datastruct.OrderedSet) X509Certificate(java.security.cert.X509Certificate) Artifact(com.sun.identity.saml2.protocol.Artifact) SOAPException(javax.xml.soap.SOAPException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException) IOException(java.io.IOException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Date(java.util.Date) Response(com.sun.identity.saml2.protocol.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) ArtifactResponse(com.sun.identity.saml2.protocol.ArtifactResponse) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) ArtifactResponse(com.sun.identity.saml2.protocol.ArtifactResponse) SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException) HashMap(java.util.HashMap) Map(java.util.Map)

Example 5 with Status

use of com.sun.identity.saml2.protocol.Status in project OpenAM by OpenRock.

the class IDPSSOUtil method getResponse.

/**
     * Returns a <code>SAML Response</code> object.
     *
     * @param request The HTTP request.
     * @param session The user's session object.
     * @param authnReq The <code>AuthnRequest</code> object.
     * @param recipientEntityID The entity ID of the response recipient.
     * @param idpEntityID The entity ID of the identity provider.
     * @param realm The realm name.
     * @param nameIDFormat The <code>NameIDFormat</code>.
     * @param acsURL The <code>ACS</code> service <code>url</code>.
     * @param affiliationID AffiliationID for IDP initiated SSO.
     * @param matchingAuthnContext the <code>AuthnContext</code> used to find authentication type and scheme.
     * @return the <code>SAML Response</code> object.
     * @throws SAML2Exception if the operation is not successful.
     */
public static Response getResponse(HttpServletRequest request, Object session, AuthnRequest authnReq, String recipientEntityID, String idpEntityID, String idpMetaAlias, String realm, String nameIDFormat, String acsURL, String affiliationID, AuthnContext matchingAuthnContext) throws SAML2Exception {
    String classMethod = "IDPSSOUtil.getResponse: ";
    Response res = ProtocolFactory.getInstance().createResponse();
    Status status = ProtocolFactory.getInstance().createStatus();
    if (status == null) {
        return null;
    }
    StatusCode statusCode = ProtocolFactory.getInstance().createStatusCode();
    if (statusCode == null) {
        return null;
    }
    try {
        List assertionList = new ArrayList();
        Assertion assertion = getAssertion(request, session, authnReq, recipientEntityID, idpEntityID, idpMetaAlias, realm, nameIDFormat, acsURL, affiliationID, matchingAuthnContext);
        if (assertion == null) {
            SAML2Utils.debug.error(classMethod + "Unable to get Assertion.");
            return null;
        }
        assertionList.add(assertion);
        res.setAssertion(assertionList);
        statusCode.setValue(SAML2Constants.SUCCESS);
    } catch (SAML2InvalidNameIDPolicyException se) {
        statusCode.setValue(SAML2Constants.REQUESTER);
        StatusCode subStatusCode = ProtocolFactory.getInstance().createStatusCode();
        subStatusCode.setValue(SAML2Constants.INVALID_NAME_ID_POLICY);
        statusCode.setStatusCode(subStatusCode);
        status.setStatusMessage(se.getMessage());
    }
    status.setStatusCode(statusCode);
    res.setStatus(status);
    if (authnReq != null) {
        // sp initiated case, need to set InResponseTo attribute
        res.setInResponseTo(authnReq.getID());
    }
    res.setVersion(SAML2Constants.VERSION_2_0);
    res.setIssueInstant(new Date());
    res.setID(SAML2Utils.generateID());
    // set the idp entity id as the response issuer
    Issuer issuer = AssertionFactory.getInstance().createIssuer();
    issuer.setValue(idpEntityID);
    res.setIssuer(issuer);
    res.setDestination(XMLUtils.escapeSpecialCharacters(acsURL));
    return res;
}
Also used : ECPResponse(com.sun.identity.saml2.ecp.ECPResponse) Response(com.sun.identity.saml2.protocol.Response) HttpServletResponse(javax.servlet.http.HttpServletResponse) Status(com.sun.identity.saml2.protocol.Status) Issuer(com.sun.identity.saml2.assertion.Issuer) ArrayList(java.util.ArrayList) EncryptedAssertion(com.sun.identity.saml2.assertion.EncryptedAssertion) Assertion(com.sun.identity.saml2.assertion.Assertion) List(java.util.List) ArrayList(java.util.ArrayList) SAML2InvalidNameIDPolicyException(com.sun.identity.saml2.common.SAML2InvalidNameIDPolicyException) StatusCode(com.sun.identity.saml2.protocol.StatusCode) Date(java.util.Date)

Aggregations

SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)27 Status (com.sun.identity.saml2.protocol.Status)16 List (java.util.List)16 ArrayList (java.util.ArrayList)11 Date (java.util.Date)11 Element (org.w3c.dom.Element)11 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)10 Issuer (com.sun.identity.saml2.assertion.Issuer)9 IOException (java.io.IOException)9 SessionException (com.sun.identity.plugin.session.SessionException)8 ProtocolFactory (com.sun.identity.saml2.protocol.ProtocolFactory)8 Iterator (java.util.Iterator)8 SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)8 Response (com.sun.identity.saml2.protocol.Response)7 StatusCode (com.sun.identity.saml2.protocol.StatusCode)7 HttpServletResponse (javax.servlet.http.HttpServletResponse)7 Assertion (com.sun.identity.saml2.assertion.Assertion)6 LogoutResponse (com.sun.identity.saml2.protocol.LogoutResponse)6 Node (org.w3c.dom.Node)6 NodeList (org.w3c.dom.NodeList)6