use of com.sun.identity.saml2.protocol.Status in project OpenAM by OpenRock.
the class DoManageNameID method processManageNameIDRequest.
private static Status processManageNameIDRequest(ManageNameIDRequest mniRequest, String realm, String hostEntityID, String remoteEntityID, String hostRole, String userID) throws Exception {
String method = "processManageNameIDRequest: ";
if (debug.messageEnabled()) {
debug.message(method + "Host EntityID is : " + hostEntityID);
debug.message(method + "Host role is : " + hostRole);
debug.message(method + "Realm is : " + realm);
}
NameID nameID = getNameIDFromMNIRequest(mniRequest, realm, hostEntityID, hostRole);
NameIDInfo oldNameIDInfo = getNameIDInfo(userID, hostEntityID, remoteEntityID, hostRole, realm, nameID.getSPNameQualifier(), true);
NameID oldNameID = null;
if (oldNameIDInfo != null) {
oldNameID = oldNameIDInfo.getNameID();
}
if (oldNameID == null) {
// log manage name id failure
logError("unknownPrinciapl", LogUtil.UNKNOWN_PRINCIPAL, mniRequest.toXMLString(true, true));
return SAML2Utils.generateStatus(SAML2Constants.REQUESTER, SAML2Constants.UNKNOWN_PRINCIPAL, null);
}
List spFedSessions = null;
IDPSession idpSession = null;
// Terminate
if (hostRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
idpSession = removeIDPFedSession(remoteEntityID, oldNameID.getValue());
} else {
spFedSessions = (List) SPCache.fedSessionListsByNameIDInfoKey.remove(oldNameIDInfo.getNameIDInfoKey().toValueString());
if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
saml2Svc.setFedSessionCount((long) SPCache.fedSessionListsByNameIDInfoKey.size());
}
}
if (!AccountUtils.removeAccountFederation(oldNameIDInfo, userID)) {
// log termination failure
logError("unableToTerminate", LogUtil.UNABLE_TO_TERMINATE, userID);
return SAML2Utils.generateStatus(SAML2Constants.RESPONDER, SAML2Utils.bundle.getString("unableToTerminate"));
}
if (mniRequest.getTerminate()) {
// log termination success
logAccess("requestSuccess", LogUtil.SUCCESS_FED_TERMINATION, userID);
return SAML2Utils.generateStatus(SAML2Constants.SUCCESS, SAML2Utils.bundle.getString("requestSuccess"));
}
// newID case
NewID newID = getNewIDFromMNIRequest(mniRequest, realm, hostEntityID, hostRole);
boolean isAffiliation = oldNameIDInfo.isAffiliation();
String spNameQualifier = oldNameID.getSPNameQualifier();
if (hostRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
NameID newNameID = AssertionFactory.getInstance().createNameID();
newNameID.setValue(oldNameID.getValue());
newNameID.setNameQualifier(oldNameID.getNameQualifier());
newNameID.setSPNameQualifier(spNameQualifier);
newNameID.setFormat(oldNameID.getFormat());
newNameID.setSPProvidedID(newID.getValue());
NameIDInfo newNameIDinfo = new NameIDInfo(hostEntityID, (isAffiliation ? spNameQualifier : remoteEntityID), newNameID, SAML2Constants.IDP_ROLE, isAffiliation);
AccountUtils.setAccountFederation(newNameIDinfo, userID);
if (idpSession != null) {
// there are active session using this Name id
NameIDandSPpair pair = new NameIDandSPpair(newNameID, remoteEntityID);
synchronized (IDPCache.idpSessionsByIndices) {
List list = (List) idpSession.getNameIDandSPpairs();
list.add(pair);
}
}
// log new name id success
logAccess("requestSuccess", LogUtil.SUCCESS_NEW_NAMEID, userID);
return SAML2Utils.generateStatus(SAML2Constants.SUCCESS, SAML2Utils.bundle.getString("requestSuccess"));
}
// SP ROLE
NameID newNameID = AssertionFactory.getInstance().createNameID();
newNameID.setValue(newID.getValue());
newNameID.setNameQualifier(oldNameID.getNameQualifier());
newNameID.setSPProvidedID(oldNameID.getSPProvidedID());
newNameID.setSPNameQualifier(spNameQualifier);
newNameID.setFormat(oldNameID.getFormat());
NameIDInfo newNameIDInfo = new NameIDInfo((isAffiliation ? spNameQualifier : hostEntityID), remoteEntityID, newNameID, hostRole, isAffiliation);
AccountUtils.setAccountFederation(newNameIDInfo, userID);
if (spFedSessions != null) {
String newInfoKeyStr = newNameIDInfo.getNameIDInfoKey().toValueString();
String infoKeyAttribute = AccountUtils.getNameIDInfoKeyAttribute();
synchronized (spFedSessions) {
for (Iterator iter = spFedSessions.iterator(); iter.hasNext(); ) {
SPFedSession spFedSession = (SPFedSession) iter.next();
spFedSession.info = newNameIDInfo;
String tokenID = spFedSession.spTokenID;
try {
Object session = sessionProvider.getSession(tokenID);
String[] fromToken = sessionProvider.getProperty(session, infoKeyAttribute);
if ((fromToken == null) || (fromToken.length == 0) || (fromToken[0] == null) || (fromToken[0].length() == 0)) {
String[] values = { newInfoKeyStr };
sessionProvider.setProperty(session, infoKeyAttribute, values);
} else {
if (fromToken[0].indexOf(newInfoKeyStr) == -1) {
String[] values = { fromToken[0] + SAML2Constants.SECOND_DELIM + newInfoKeyStr };
sessionProvider.setProperty(session, infoKeyAttribute, values);
}
}
} catch (SessionException ex) {
debug.error("DoManageNameID." + "processManageNameIDRequest:", ex);
}
}
}
SPCache.fedSessionListsByNameIDInfoKey.put(newInfoKeyStr, spFedSessions);
if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
saml2Svc.setFedSessionCount((long) SPCache.fedSessionListsByNameIDInfoKey.size());
}
}
// log new name id success
logAccess("requestSuccess", LogUtil.SUCCESS_NEW_NAMEID, userID);
return SAML2Utils.generateStatus(SAML2Constants.SUCCESS, SAML2Utils.bundle.getString("requestSuccess"));
}
use of com.sun.identity.saml2.protocol.Status in project OpenAM by OpenRock.
the class SAML2Utils method verifyResponse.
/**
* Verifies single sign on <code>Response</code> and returns information
* to SAML2 auth module for further processing. This method is used by
* SAML2 auth module only.
*
* @param httpRequest HttpServletRequest
* @param httpResponse HttpServletResponse
* @param response Single Sign On <code>Response</code>.
* @param orgName name of the realm or organization the provider is in.
* @param hostEntityId Entity ID of the hosted provider.
* @param profileBinding Profile binding used.
* @return A Map of information extracted from the Response. The keys of
* map are:
* <code>SAML2Constants.SUBJECT</code>,
* <code>SAML2Constants.POST_ASSERTION</code>,
* <code>SAML2Constants.ASSERTIONS</code>,
* <code>SAML2Constants.SESSION_INDEX</code>,
* <code>SAML2Constants.AUTH_LEVEL</code>,
* <code>SAML2Constants.MAX_SESSION_TIME</code>.
* @throws SAML2Exception if the Response is not valid according to the
* processing rules.
*/
public static Map verifyResponse(final HttpServletRequest httpRequest, final HttpServletResponse httpResponse, final Response response, final String orgName, final String hostEntityId, final String profileBinding) throws SAML2Exception {
final String method = "SAML2Utils.verifyResponse:";
if (response == null || orgName == null || orgName.length() == 0) {
if (debug.messageEnabled()) {
debug.message(method + "response or orgName is null.");
}
throw new SAML2Exception(bundle.getString("nullInput"));
}
String respID = response.getID();
AuthnRequestInfo reqInfo = null;
String inRespToResp = response.getInResponseTo();
if (inRespToResp != null && inRespToResp.length() != 0) {
reqInfo = (AuthnRequestInfo) SPCache.requestHash.get(inRespToResp);
if (reqInfo == null) {
if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
// Attempt to read AuthnRequestInfoCopy from SAML2 repository
AuthnRequestInfoCopy reqInfoCopy = null;
try {
reqInfoCopy = (AuthnRequestInfoCopy) SAML2FailoverUtils.retrieveSAML2Token(inRespToResp);
} catch (SAML2TokenRepositoryException se) {
debug.error(method + "AuthnRequestInfoCopy" + " unable to retrieve from SAML2 repository for inResponseTo: " + inRespToResp);
}
if (reqInfoCopy != null) {
// Get back the AuthnRequestInfo
reqInfo = reqInfoCopy.getAuthnRequestInfo(httpRequest, httpResponse);
if (debug.messageEnabled()) {
debug.message(method + "AuthnRequestInfoCopy" + " retrieved from SAML2 repository for inResponseTo: " + inRespToResp);
}
} else {
debug.error(method + "InResponseTo attribute in Response" + " is invalid: " + inRespToResp + ", SAML2 failover is enabled");
String[] data = { respID };
LogUtil.error(Level.INFO, LogUtil.INVALID_INRESPONSETO_RESPONSE, data, null);
throw new SAML2Exception(bundle.getString("invalidInResponseToInResponse"));
}
} else {
AuthnRequestInfoCopy reqInfoCopy = (AuthnRequestInfoCopy) SAML2Store.getTokenFromStore(inRespToResp);
if (reqInfoCopy != null) {
// Get back the AuthnRequestInfo
reqInfo = reqInfoCopy.getAuthnRequestInfo(httpRequest, httpResponse);
if (debug.messageEnabled()) {
debug.message(method + "AuthnRequestInfoCopy" + " retrieved from SAML2 repository for inResponseTo: " + inRespToResp);
}
} else {
debug.error(method + "InResponseTo attribute in Response" + " is invalid: " + inRespToResp + ", SAML2 failover is enabled");
String[] data = { respID };
LogUtil.error(Level.INFO, LogUtil.INVALID_INRESPONSETO_RESPONSE, data, null);
throw new SAML2Exception(bundle.getString("invalidInResponseToInResponse"));
}
}
}
}
// reqInfo can remain null and will do for IDP initiated SSO requests
// invoke SP Adapter
SAML2ServiceProviderAdapter spAdapter = SAML2Utils.getSPAdapterClass(hostEntityId, orgName);
if (spAdapter != null) {
AuthnRequest authnRequest = null;
if (reqInfo != null) {
authnRequest = reqInfo.getAuthnRequest();
}
spAdapter.preSingleSignOnProcess(hostEntityId, orgName, httpRequest, httpResponse, authnRequest, response, profileBinding);
}
String idpEntityId = null;
Issuer respIssuer = response.getIssuer();
if (respIssuer != null) {
// optional
if (!isSourceSiteValid(respIssuer, orgName, hostEntityId)) {
if (debug.messageEnabled()) {
debug.message(method + "Issuer in Response is not valid.");
}
String[] data = { hostEntityId, orgName, respID };
LogUtil.error(Level.INFO, LogUtil.INVALID_ISSUER_RESPONSE, data, null);
throw new SAML2Exception(bundle.getString("invalidIssuerInResponse"));
} else {
idpEntityId = respIssuer.getValue();
}
}
Status status = response.getStatus();
if (status == null || !status.getStatusCode().getValue().equals(SAML2Constants.SUCCESS)) {
String statusCode = (status == null) ? "" : status.getStatusCode().getValue();
if (debug.messageEnabled()) {
debug.message(method + "Response's status code is not success: " + statusCode);
}
String[] data = { respID, "" };
if (LogUtil.isErrorLoggable(Level.FINE)) {
data[1] = statusCode;
}
LogUtil.error(Level.INFO, LogUtil.WRONG_STATUS_CODE, data, null);
if (SAML2Constants.RESPONDER.equals(statusCode)) {
//In case of passive authentication the NoPassive response will be sent using two StatusCode nodes:
//the outer StatusCode will be Responder and the inner StatusCode will contain the NoPassive URN
StatusCode secondLevelStatusCode = status.getStatusCode().getStatusCode();
if (secondLevelStatusCode != null && SAML2Constants.NOPASSIVE.equals(secondLevelStatusCode.getValue())) {
throw new SAML2Exception(SAML2Utils.BUNDLE_NAME, "noPassiveResponse", null);
}
} else if (SAML2Constants.REQUESTER.equals(statusCode)) {
// when is AllowCreate=false mode the auth module gets here with a
// statusCode of urn:oasis:names:tc:SAML:2.0:status:Requester
StatusCode secondLevelStatusCode = status.getStatusCode().getStatusCode();
if (secondLevelStatusCode != null && SAML2Constants.INVALID_NAME_ID_POLICY.equals(secondLevelStatusCode.getValue())) {
throw new SAML2Exception(SAML2Utils.BUNDLE_NAME, "nameIDMReqInvalidNameIDPolicy", null);
}
}
throw new SAML2Exception(bundle.getString("invalidStatusCodeInResponse"));
}
if (saml2MetaManager == null) {
throw new SAML2Exception(bundle.getString("nullMetaManager"));
}
SPSSOConfigElement spConfig = null;
SPSSODescriptorElement spDesc = null;
spConfig = saml2MetaManager.getSPSSOConfig(orgName, hostEntityId);
spDesc = saml2MetaManager.getSPSSODescriptor(orgName, hostEntityId);
if (debug.messageEnabled()) {
debug.message(method + "binding is :" + profileBinding);
}
// SAML spec processing
// 4.1.4.3 Verify any signatures present on the assertion(s) or the response
boolean responseIsSigned = false;
if (response.isSigned()) {
IDPSSODescriptorElement idpSSODescriptor = null;
try {
idpSSODescriptor = saml2MetaManager.getIDPSSODescriptor(orgName, idpEntityId);
} catch (SAML2MetaException sme) {
String[] data = { orgName, idpEntityId };
LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, data, null);
throw new SAML2Exception(sme);
}
if (idpSSODescriptor != null) {
Set<X509Certificate> verificationCerts = KeyUtil.getVerificationCerts(idpSSODescriptor, idpEntityId, SAML2Constants.IDP_ROLE);
if (CollectionUtils.isEmpty(verificationCerts) || !response.isSignatureValid(verificationCerts)) {
debug.error(method + "Response is not signed or signature is not valid.");
String[] data = { orgName, hostEntityId, idpEntityId };
LogUtil.error(Level.INFO, LogUtil.POST_RESPONSE_INVALID_SIGNATURE, data, null);
throw new SAML2Exception(bundle.getString("invalidSignInResponse"));
}
} else {
String[] data = { idpEntityId };
LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, data, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
responseIsSigned = true;
}
if (debug.messageEnabled()) {
debug.message(method + "responseIsSigned is :" + responseIsSigned);
}
// assertion encryption check
boolean needAssertionEncrypted = false;
String assertionEncryptedAttr = getAttributeValueFromSPSSOConfig(spConfig, SAML2Constants.WANT_ASSERTION_ENCRYPTED);
needAssertionEncrypted = Boolean.parseBoolean(assertionEncryptedAttr);
if (debug.messageEnabled()) {
debug.message(method + "NeedAssertionEncrypted is :" + needAssertionEncrypted);
}
List<Assertion> assertions = response.getAssertion();
if (needAssertionEncrypted && !CollectionUtils.isEmpty(assertions)) {
String[] data = { respID };
LogUtil.error(Level.INFO, LogUtil.ASSERTION_NOT_ENCRYPTED, data, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("assertionNotEncrypted"));
}
Set<PrivateKey> decryptionKeys;
List<EncryptedAssertion> encAssertions = response.getEncryptedAssertion();
if (encAssertions != null) {
decryptionKeys = KeyUtil.getDecryptionKeys(spConfig);
for (EncryptedAssertion encAssertion : encAssertions) {
Assertion assertion = encAssertion.decrypt(decryptionKeys);
if (assertions == null) {
assertions = new ArrayList<>();
}
assertions.add(assertion);
}
}
if (CollectionUtils.isEmpty(assertions)) {
if (debug.messageEnabled()) {
debug.message(method + "no assertion in the Response.");
}
String[] data = { respID };
LogUtil.error(Level.INFO, LogUtil.MISSING_ASSERTION, data, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("missingAssertion"));
}
boolean wantAssertionsSigned = spDesc.isWantAssertionsSigned();
if (debug.messageEnabled()) {
debug.message(method + "wantAssertionsSigned is :" + wantAssertionsSigned);
}
// validate the assertions
Map smap = null;
Map bearerMap = null;
IDPSSODescriptorElement idp = null;
Set<X509Certificate> verificationCerts = null;
boolean allAssertionsSigned = true;
for (Assertion assertion : assertions) {
String assertionID = assertion.getID();
Issuer issuer = assertion.getIssuer();
if (!isSourceSiteValid(issuer, orgName, hostEntityId)) {
debug.error("assertion's source site is not valid.");
String[] data = { assertionID };
LogUtil.error(Level.INFO, LogUtil.INVALID_ISSUER_ASSERTION, data, null);
throw new SAML2Exception(bundle.getString("invalidIssuerInAssertion"));
}
if (idpEntityId == null) {
idpEntityId = issuer.getValue();
} else {
if (!idpEntityId.equals(issuer.getValue())) {
if (debug.messageEnabled()) {
debug.message(method + "Issuer in Assertion doesn't " + "match the Issuer in Response or other " + "Assertions in the Response.");
}
String[] data = { assertionID };
LogUtil.error(Level.INFO, LogUtil.MISMATCH_ISSUER_ASSERTION, data, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("mismatchIssuer"));
}
}
if (assertion.isSigned()) {
if (verificationCerts == null) {
idp = saml2MetaManager.getIDPSSODescriptor(orgName, idpEntityId);
verificationCerts = KeyUtil.getVerificationCerts(idp, idpEntityId, SAML2Constants.IDP_ROLE);
}
if (CollectionUtils.isEmpty(verificationCerts) || !assertion.isSignatureValid(verificationCerts)) {
debug.error(method + "Assertion is not signed or signature is not valid.");
String[] data = { assertionID };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE_ASSERTION, data, null);
throw new SAML2Exception(bundle.getString("invalidSignatureOnAssertion"));
}
} else {
allAssertionsSigned = false;
}
List authnStmts = assertion.getAuthnStatements();
if (authnStmts != null && !authnStmts.isEmpty()) {
Subject subject = assertion.getSubject();
if (subject == null) {
continue;
}
List subjectConfirms = subject.getSubjectConfirmation();
if (subjectConfirms == null || subjectConfirms.isEmpty()) {
continue;
}
bearerMap = isBearerSubjectConfirmation(subjectConfirms, inRespToResp, spDesc, spConfig, assertionID);
if (!((Boolean) bearerMap.get(SAML2Constants.IS_BEARER))) {
continue;
}
boolean foundAssertion = false;
if ((SPCache.assertionByIDCache != null) && (SPCache.assertionByIDCache.containsKey(assertionID))) {
foundAssertion = true;
}
if ((!foundAssertion) && SAML2FailoverUtils.isSAML2FailoverEnabled()) {
try {
if (SAML2FailoverUtils.retrieveSAML2Token(assertionID) != null) {
foundAssertion = true;
}
} catch (SAML2TokenRepositoryException e) {
if (debug.messageEnabled()) {
debug.message("Session not found in AMTokenSAML2Repository.", e);
}
}
}
if (foundAssertion) {
debug.error("Bearer Assertion is one time use only!");
throw new SAML2Exception(bundle.getString("usedBearAssertion"));
}
checkAudience(assertion.getConditions(), hostEntityId, assertionID);
if (smap == null) {
smap = fillMap(authnStmts, subject, assertion, assertions, reqInfo, inRespToResp, orgName, hostEntityId, idpEntityId, spConfig, (Date) bearerMap.get(SAML2Constants.NOTONORAFTER));
}
}
// end of having authnStmt
}
if (smap == null) {
debug.error("No Authentication Assertion in Response.");
throw new SAML2Exception(bundle.getString("missingAuthnAssertion"));
}
// the enclosing element
if (wantAssertionsSigned && !(responseIsSigned || allAssertionsSigned)) {
debug.error(method + "WantAssertionsSigned is true and response or all assertions are not signed");
String[] data = { orgName, hostEntityId, idpEntityId };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE_ASSERTION, data, null);
throw new SAML2Exception(bundle.getString("assertionNotSigned"));
}
// signing each individual <Assertion> element or by signing the <Response> element.
if (profileBinding.equals(SAML2Constants.HTTP_POST)) {
boolean wantPostResponseSigned = SAML2Utils.wantPOSTResponseSigned(orgName, hostEntityId, SAML2Constants.SP_ROLE);
if (debug.messageEnabled()) {
debug.message(method + "wantPostResponseSigned is :" + wantPostResponseSigned);
}
if (wantPostResponseSigned && !responseIsSigned) {
debug.error(method + "wantPostResponseSigned is true but response is not signed");
String[] data = { orgName, hostEntityId, idpEntityId };
LogUtil.error(Level.INFO, LogUtil.POST_RESPONSE_INVALID_SIGNATURE, data, null);
throw new SAML2Exception(bundle.getString("responseNotSigned"));
}
if (!responseIsSigned && !allAssertionsSigned) {
debug.error(method + "WantAssertionsSigned is true but some or all assertions are not signed");
String[] data = { orgName, hostEntityId, idpEntityId };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE_ASSERTION, data, null);
throw new SAML2Exception(bundle.getString("assertionNotSigned"));
}
}
return smap;
}
use of com.sun.identity.saml2.protocol.Status in project OpenAM by OpenRock.
the class SAML2Utils method generateStatus.
/**
* Generates SAMLv2 Status object
*
* @param code Status code value.
* @param subCode second-level status code
* @param message Status message.
* @return Status object.
*/
public static Status generateStatus(String code, String subCode, String message) {
Status status = null;
try {
status = ProtocolFactory.getInstance().createStatus();
StatusCode statusCode = ProtocolFactory.getInstance().createStatusCode();
statusCode.setValue(code);
status.setStatusCode(statusCode);
if ((message != null) && (message.length() != 0)) {
status.setStatusMessage(message);
}
if (subCode != null) {
StatusCode subStatusCode = ProtocolFactory.getInstance().createStatusCode();
subStatusCode.setValue(subCode);
statusCode.setStatusCode(subStatusCode);
}
} catch (SAML2Exception e) {
debug.error("SAML2Utils.generateStatus:", e);
}
return status;
}
use of com.sun.identity.saml2.protocol.Status in project OpenAM by OpenRock.
the class WSFederationUtils method processMultiProtocolLogout.
/**
* Processes Single Logout cross multiple federation protocols
* @param request HttpServletRequest object.
* @param response HttpServletResponse object
*/
public static void processMultiProtocolLogout(HttpServletRequest request, HttpServletResponse response, Object userSession) {
debug.message("WSFederationUtils.processMPSingleLogout");
try {
String wreply = (String) request.getAttribute(WSFederationConstants.LOGOUT_WREPLY);
String realm = (String) request.getAttribute(WSFederationConstants.REALM_PARAM);
String idpEntityId = (String) request.getAttribute(WSFederationConstants.ENTITYID_PARAM);
Set sessSet = new HashSet();
sessSet.add(userSession);
String sessUser = SessionManager.getProvider().getPrincipalName(userSession);
// assume WS-Federation logout always succeed as there is not
// logout status from the specification
SingleLogoutManager manager = SingleLogoutManager.getInstance();
// TODO : find out spEntityID/logout request if any
int status = manager.doIDPSingleLogout(sessSet, sessUser, request, response, false, true, SingleLogoutManager.WS_FED, realm, idpEntityId, null, wreply, null, null, SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS);
if (status != SingleLogoutManager.LOGOUT_REDIRECTED_STATUS) {
response.sendRedirect(wreply);
}
} catch (SessionException ex) {
// ignore;
debug.message("WSFederationUtils.processMultiProtocolLogout", ex);
} catch (IOException ex) {
// ignore;
debug.message("WSFederationUtils.processMultiProtocolLogout", ex);
} catch (Exception ex) {
// ignore;
debug.message("WSFederationUtils.processMultiProtocolLogout", ex);
}
}
use of com.sun.identity.saml2.protocol.Status in project OpenAM by OpenRock.
the class AttributeQueryUtil method sendAttributeQuerySOAP.
private static Response sendAttributeQuerySOAP(AttributeQuery attrQuery, String attributeServiceURL, String attrAuthorityEntityID, AttributeAuthorityDescriptorElement aad) throws SAML2Exception {
String attrQueryXMLString = attrQuery.toXMLString(true, true);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.sendAttributeQuerySOAP: " + "attrQueryXMLString = " + attrQueryXMLString);
SAML2Utils.debug.message("AttributeQueryUtil.sendAttributeQuerySOAP: " + "attributeServiceURL = " + attributeServiceURL);
}
SOAPMessage resMsg = null;
try {
resMsg = SOAPCommunicator.getInstance().sendSOAPMessage(attrQueryXMLString, attributeServiceURL, true);
} catch (SOAPException se) {
SAML2Utils.debug.error("AttributeQueryUtil.sendAttributeQuerySOAP: ", se);
throw new SAML2Exception(SAML2Utils.bundle.getString("errorSendingAttributeQuery"));
}
Element respElem = SOAPCommunicator.getInstance().getSamlpElement(resMsg, "Response");
Response response = ProtocolFactory.getInstance().createResponse(respElem);
Status status = response.getStatus();
if (!SAML2Constants.SUCCESS.equals(status.getStatusCode().getValue())) {
String message = status.getStatusMessage() == null ? "" : status.getStatusMessage();
String detail = status.getStatusDetail() == null ? "" : status.getStatusDetail().toXMLString();
SAML2Utils.debug.error("AttributeQueryUtil.sendAttributeQuerySOAP: " + "Non-Success status " + status.getStatusCode().getValue() + ", message: " + message + ", detail: " + detail);
Object[] args = { status.getStatusCode().getValue(), message, detail };
throw new SAML2Exception(SAML2Utils.BUNDLE_NAME, "failureStatusAttributeQuery", args);
}
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("AttributeQueryUtil.sendAttributeQuerySOAP: " + "response = " + response.toXMLString(true, true));
}
verifyResponse(response, attrQuery, attrAuthorityEntityID, aad);
return response;
}
Aggregations