Example 21 with Status
use of com.sun.identity.saml2.protocol.Status in project OpenAM by OpenRock.
the class LogoutResponseImpl method parseElement.
/**
* Parses the Docuemnt Element for this object.
*
* @param element the Document Element of this object.
* @throws SAML2Exception if error parsing the Document Element.
*/
private void parseElement(Element element) throws SAML2Exception {
AssertionFactory assertionFactory = AssertionFactory.getInstance();
ProtocolFactory protoFactory = ProtocolFactory.getInstance();
responseId = element.getAttribute(SAML2Constants.ID);
validateID(responseId);
version = element.getAttribute(SAML2Constants.VERSION);
validateVersion(version);
String issueInstantStr = element.getAttribute(SAML2Constants.ISSUE_INSTANT);
validateIssueInstant(issueInstantStr);
destination = element.getAttribute(SAML2Constants.DESTINATION);
consent = element.getAttribute(SAML2Constants.CONSENT);
inResponseTo = element.getAttribute(SAML2Constants.INRESPONSETO);
NodeList nList = element.getChildNodes();
if ((nList != null) && (nList.getLength() > 0)) {
for (int i = 0; i < nList.getLength(); i++) {
Node childNode = nList.item(i);
String cName = childNode.getLocalName();
if (cName != null) {
if (cName.equals(SAML2Constants.ISSUER)) {
issuer = assertionFactory.createIssuer((Element) childNode);
} else if (cName.equals(SAML2Constants.SIGNATURE)) {
signatureString = XMLUtils.getElementString((Element) childNode);
isSigned = true;
} else if (cName.equals(SAML2Constants.EXTENSIONS)) {
extensions = protoFactory.createExtensions((Element) childNode);
} else if (cName.equals(SAML2Constants.STATUS)) {
status = protoFactory.createStatus((Element) childNode);
validateStatus();
}
}
}
}
}
Also used :
ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory)
AssertionFactory(com.sun.identity.saml2.assertion.AssertionFactory)
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
Element(org.w3c.dom.Element)
Example 22 with Status
use of com.sun.identity.saml2.protocol.Status in project OpenAM by OpenRock.
the class ManageNameIDResponseImpl method parseElement.
private void parseElement(Element element) throws SAML2Exception {
AssertionFactory af = AssertionFactory.getInstance();
ProtocolFactory pf = ProtocolFactory.getInstance();
// make sure that the input xml block is not null
if (element == null) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ManageNameIDResponseImpl.parseElement: Input is null.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("nullInput"));
}
// Make sure this is an EncryptedAssertion.
String tag = null;
tag = element.getLocalName();
if ((tag == null) || (!tag.equals(elementName))) {
if (SAML2SDKUtils.debug.messageEnabled()) {
SAML2SDKUtils.debug.message("ManageNameIDResponseImpl.parseElement:" + "not ManageNameIDResponse.");
}
throw new SAML2Exception(SAML2SDKUtils.bundle.getString("wrongInput"));
}
responseId = element.getAttribute("ID");
validateID(responseId);
version = element.getAttribute("Version");
validateVersion(version);
String issueInstantStr = element.getAttribute("IssueInstant");
validateIssueInstant(issueInstantStr);
destination = element.getAttribute("Destination");
consent = element.getAttribute("Consent");
inResponseTo = element.getAttribute("InResponseTo");
NodeList nList = element.getChildNodes();
if ((nList != null) && (nList.getLength() > 0)) {
for (int i = 0; i < nList.getLength(); i++) {
Node childNode = nList.item(i);
String cName = childNode.getLocalName();
if (cName != null) {
if (cName.equals("Issuer")) {
issuer = af.createIssuer((Element) childNode);
} else if (cName.equals("Signature")) {
signatureString = XMLUtils.getElementString((Element) childNode);
isSigned = true;
} else if (cName.equals("Extensions")) {
extensions = pf.createExtensions((Element) childNode);
} else if (cName.equals("Status")) {
status = pf.createStatus((Element) childNode);
}
}
}
}
}
Also used :
ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
AssertionFactory(com.sun.identity.saml2.assertion.AssertionFactory)
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
Element(org.w3c.dom.Element)
Example 23 with Status
use of com.sun.identity.saml2.protocol.Status in project OpenAM by OpenRock.
the class AssertionGen method getResponse.
/**
*Generate SAML response and return the xml string
*
*/
public String getResponse(String[] attrName, String[] attrValue) {
try {
Response res = ProtocolFactory.getInstance().createResponse();
List assertionList = new ArrayList();
Status status = ProtocolFactory.getInstance().createStatus();
StatusCode scode = ProtocolFactory.getInstance().createStatusCode();
MetaDataParser lparser = new MetaDataParser();
String IDPEntityID = lparser.getIDPEntityID();
String SPEntityID = lparser.getSPEntityID();
Assertion assertion = getAssertion(attrName, attrValue);
assertionList.add(assertion);
res.setAssertion(assertionList);
res.setID(SAML2Utils.generateID());
res.setVersion(SAML2Constants.VERSION_2_0);
res.setIssueInstant(new Date());
scode.setValue(SAML2Constants.SUCCESS);
status.setStatusCode(scode);
res.setStatus(status);
Issuer issuer = AssertionFactory.getInstance().createIssuer();
issuer.setValue(IDPEntityID);
res.setIssuer(issuer);
res.setDestination(SPEntityID);
return res.toXMLString(true, true);
} catch (SAML2Exception ex) {
Logger.getLogger(AssertionGen.class.getName()).log(Level.SEVERE, null, ex);
}
return null;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
ArrayList(java.util.ArrayList)
List(java.util.List)
ArrayList(java.util.ArrayList)
Date(java.util.Date)
Example 24 with Status
use of com.sun.identity.saml2.protocol.Status in project OpenAM by OpenRock.
the class SAML2SingleLogoutHandler method handleSOAPInitiatedSingleLogout.
private int handleSOAPInitiatedSingleLogout(Set userSession, String userID, HttpServletRequest request, HttpServletResponse response, String realm, String idpMetaAlias, String idpEntityId, String relayState, SAML2MetaManager saml2Manager) throws SAML2Exception, SessionException {
debug.message("SAML2SingleLogoutHanlder: handleSOAPInitiatedSLO");
// TODO : verify this works under LB
Object session = null;
SessionProvider provider = SessionManager.getProvider();
if ((userSession != null) && !userSession.isEmpty()) {
// TODO : handle multiple SSO token case
session = (Object) userSession.iterator().next();
if (!provider.isValid(session)) {
return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
}
} else {
return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
}
if (debug.messageEnabled()) {
debug.message("SAML2SLOHandler.handleSOAPSLO: " + "handler session " + session + " for user " + userID);
}
// get IDP session index from session
String[] sessIndex = provider.getProperty(session, SAML2Constants.IDP_SESSION_INDEX);
if (debug.messageEnabled()) {
debug.message("SAML2SLOHandler.handleSOAPSLO: " + "session index = " + sessIndex);
}
if ((sessIndex == null) || (sessIndex.length == 0)) {
if (debug.warningEnabled()) {
debug.warning("SAML2SLOHandler.handleSOAPSLO: " + "Null session index for " + session);
}
return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
}
IDPSession idpSession = (IDPSession) IDPCache.idpSessionsByIndices.get(sessIndex[0]);
if (idpSession == null) {
debug.error("SAML2SLOHanlder.handleSOAPSLO: " + "IDP no longer has this session index " + sessIndex[0]);
return SingleLogoutManager.LOGOUT_FAILED_STATUS;
}
List list = (List) idpSession.getNameIDandSPpairs();
int n = list.size();
if (debug.messageEnabled()) {
debug.message("SAML2SLOHanlder.handleSOAPSLO: " + "NameIDandSPpair for " + sessIndex[0] + " is " + list + ", size=" + n);
}
NameIDandSPpair pair = null;
int soapFailCount = 0;
for (int i = 0; i < n; i++) {
pair = (NameIDandSPpair) list.get(i);
String spEntityID = pair.getSPEntityID();
if (debug.messageEnabled()) {
debug.message("SAML2SLOHanlder.handleSOAPSLO: " + "SP for " + sessIndex[0] + " is " + spEntityID);
}
SPSSODescriptorElement sp = null;
sp = SAML2Utils.getSAML2MetaManager().getSPSSODescriptor(realm, spEntityID);
List slosList = sp.getSingleLogoutService();
// get IDP entity config for basic auth info
SPSSOConfigElement spConfig = SAML2Utils.getSAML2MetaManager().getSPSSOConfig(realm, spEntityID);
HashMap paramsMap = new HashMap();
paramsMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE);
try {
LogoutUtil.doLogout(idpMetaAlias, spEntityID, slosList, null, SAML2Constants.SOAP, relayState, sessIndex[0], pair.getNameID(), request, response, paramsMap, spConfig);
} catch (SAML2Exception ex) {
debug.error("SAML2SLOHandler:handleSOAPSLO.doLogout", ex);
soapFailCount++;
continue;
}
}
int retStatus = SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS;
if (soapFailCount == n) {
retStatus = SingleLogoutManager.LOGOUT_FAILED_STATUS;
} else if (soapFailCount > 0) {
retStatus = SingleLogoutManager.LOGOUT_PARTIAL_STATUS;
}
// invaidate session
MultiProtocolUtils.invalidateSession(session, request, response, SingleLogoutManager.SAML2);
IDPCache.idpSessionsByIndices.remove(sessIndex[0]);
IDPCache.authnContextCache.remove(sessIndex[0]);
if (debug.messageEnabled()) {
debug.message("SAML2SLOHandler.doSOAPSLO: return status for " + session + " is " + retStatus);
}
return retStatus;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
NameIDandSPpair(com.sun.identity.saml2.profile.NameIDandSPpair)
IDPSession(com.sun.identity.saml2.profile.IDPSession)
HashMap(java.util.HashMap)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
List(java.util.List)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 25 with Status
use of com.sun.identity.saml2.protocol.Status in project OpenAM by OpenRock.
the class SingleLogoutManager method sendLogoutResponse.
/**
* Sends logout response, this is for the case of HTTP binding
* There are two cases here:
* 1. IDP initiated HTTP Logout, just redirect user browser to original
* relaystate.
* 2. SP initiated HTTP logout, need to send LogoutResponse back to SP.
*/
void sendLogoutResponse(HttpServletRequest request, HttpServletResponse response, String relayState) throws IOException {
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutResponse: relaystate=" + relayState);
}
String logoutResponseXML = (String) sloResponseXMLMap.get(relayState);
if (logoutResponseXML == null) {
// first case, just redirect to original relayState
String origRelayState = (String) relayStateMap.get(relayState);
int logoutStatus = ((Integer) currentStatusMap.get(relayState)).intValue();
String statusString = MultiProtocolUtils.getLogoutStatus(logoutStatus);
if ((origRelayState == null) || (origRelayState.length() == 0)) {
// TODO : get default single logout URL for each protocol
response.getWriter().print("Logout DONE. Status = " + statusString);
} else {
// include logout status
if (origRelayState.indexOf("?") == -1) {
response.sendRedirect(origRelayState + "?" + SingleLogoutManager.STATUS_PARAM + "=" + statusString);
} else {
response.sendRedirect(origRelayState + "&" + SingleLogoutManager.STATUS_PARAM + "=" + statusString);
}
}
} else {
String protocol = (String) origProtocolMap.get(relayState);
String spEntityID = (String) spEntityIDMap.get(relayState);
String origRelayState = (String) relayStateMap.get(relayState);
String realm = (String) realmMap.get(relayState);
String idpEntityID = (String) idpEntityIDMap.get(relayState);
int currentStatus = ((Integer) currentStatusMap.get(relayState)).intValue();
if (protocol.equals(SingleLogoutManager.SAML2)) {
try {
LogoutResponse logResp = ProtocolFactory.getInstance().createLogoutResponse(logoutResponseXML);
String location = logResp.getDestination();
String statusVal = logResp.getStatus().getStatusCode().getValue();
String newVal = getNewStatusCode(currentStatus, statusVal);
if (!statusVal.equals(newVal)) {
logResp.getStatus().getStatusCode().setValue(statusVal);
}
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "(SAML2) location=" + location + " orig status=" + statusVal + ", new status=" + newVal + ", orig relay=" + origRelayState + ", realm=" + realm + ", idpEntityID=" + idpEntityID + ", spEntityID=" + spEntityID);
}
LogoutUtil.sendSLOResponse(response, logResp, location, origRelayState, realm, idpEntityID, SAML2Constants.IDP_ROLE, spEntityID);
} catch (SAML2Exception ex) {
debug.error("SingleLogoutManager.sendLogoutResponse:saml2", ex);
throw new IOException(ex.getMessage());
}
} else if (protocol.equals(SingleLogoutManager.IDFF)) {
boolean failed = false;
String logoutDoneURL = null;
try {
debug.message("SingleLogoutManager.sendLogoutResp: IDFF");
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
ProviderDescriptorType descriptor = metaManager.getSPDescriptor(realm, spEntityID);
String retURL = descriptor.getSingleLogoutServiceReturnURL();
Element elem = XMLUtils.toDOMDocument(logoutResponseXML, SingleLogoutManager.debug).getDocumentElement();
FSLogoutResponse responseLogout = new FSLogoutResponse(elem);
BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, idpEntityID);
logoutDoneURL = FSServiceUtils.getLogoutDonePageURL(request, hostedConfig, null);
Status status = responseLogout.getStatus();
String statusVal = status.getStatusCode().getValue();
String newVal = getNewStatusCode(currentStatus, statusVal);
if (!statusVal.equals(newVal)) {
com.sun.identity.saml.protocol.StatusCode statCode = new com.sun.identity.saml.protocol.StatusCode(newVal);
com.sun.identity.saml.protocol.Status stat = new com.sun.identity.saml.protocol.Status(statCode);
responseLogout.setStatus(stat);
}
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "(IDFF) orig status=" + statusVal + ", new status=" + newVal + ", orig relay=" + origRelayState + ", logout done URL=" + logoutDoneURL + ", realm=" + realm + ", idpEntityID=" + idpEntityID + ", spEntityID=" + spEntityID);
}
String urlEncodedResponse = responseLogout.toURLEncodedQueryString();
// Sign the request querystring
if (FSServiceUtils.isSigningOn()) {
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null || certAlias.length() == 0) {
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "signSAMLRequest couldn't obtain cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
} else {
urlEncodedResponse = FSSignatureUtil.signAndReturnQueryString(urlEncodedResponse, certAlias);
}
}
StringBuffer redirectURL = new StringBuffer();
redirectURL.append(retURL);
if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
redirectURL.append(IFSConstants.QUESTION_MARK);
} else {
redirectURL.append(IFSConstants.AMPERSAND);
}
redirectURL.append(urlEncodedResponse);
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendResponse " + "for IDFF, url = " + redirectURL.toString());
}
response.sendRedirect(redirectURL.toString());
} catch (FSMsgException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
} catch (SAMLException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
;
} catch (IDFFMetaException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
} catch (IOException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
}
if (failed) {
FSServiceUtils.returnLocallyAfterOperation(response, logoutDoneURL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
}
} else if (protocol.equals(SingleLogoutManager.WS_FED)) {
debug.message("SingleLogoutManager.sendLogoutResponse: WSFED");
if (origRelayState != null) {
response.sendRedirect(origRelayState);
} else {
response.getWriter().print("Logout DONE.");
}
} else {
// should never come here
debug.error("SingleLogoutManager.sendLogoutResponse: invalid" + " protocol : " + protocol);
}
}
cleanupParameters(relayState);
return;
}
Also used :
Element(org.w3c.dom.Element)
SAMLException(com.sun.identity.saml.common.SAMLException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
Status(com.sun.identity.saml.protocol.Status)
Status(com.sun.identity.saml.protocol.Status)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
LogoutResponse(com.sun.identity.saml2.protocol.LogoutResponse)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
IOException(java.io.IOException)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)27
Status (com.sun.identity.saml2.protocol.Status)16
List (java.util.List)16
ArrayList (java.util.ArrayList)11
Date (java.util.Date)11
Element (org.w3c.dom.Element)11
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)10
Issuer (com.sun.identity.saml2.assertion.Issuer)9
IOException (java.io.IOException)9
SessionException (com.sun.identity.plugin.session.SessionException)8
ProtocolFactory (com.sun.identity.saml2.protocol.ProtocolFactory)8
Iterator (java.util.Iterator)8
SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)8
Response (com.sun.identity.saml2.protocol.Response)7
StatusCode (com.sun.identity.saml2.protocol.StatusCode)7
HttpServletResponse (javax.servlet.http.HttpServletResponse)7
Assertion (com.sun.identity.saml2.assertion.Assertion)6
LogoutResponse (com.sun.identity.saml2.protocol.LogoutResponse)6
Node (org.w3c.dom.Node)6
NodeList (org.w3c.dom.NodeList)6
