Example 11 with StatusCode
use of com.sun.identity.saml2.protocol.StatusCode in project OpenAM by OpenRock.
the class SPACSUtils method getResponseFromSOAP.
/**
* Obtains <code>SAML Response</code> from <code>SOAPBody</code>.
* Used by Artifact profile.
*/
private static Response getResponseFromSOAP(SOAPMessage resMsg, ArtifactResolve resolve, HttpServletRequest request, HttpServletResponse response, String idpEntityID, IDPSSODescriptorElement idp, String orgName, String hostEntityId, SAML2MetaManager sm) throws SAML2Exception, IOException {
String method = "SPACSUtils.getResponseFromSOAP:";
Element resElem = null;
try {
resElem = SOAPCommunicator.getInstance().getSamlpElement(resMsg, "ArtifactResponse");
} catch (SAML2Exception se) {
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.SOAP_ERROR, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "soapError", se.getMessage());
throw se;
}
ArtifactResponse artiResp = null;
try {
artiResp = ProtocolFactory.getInstance().createArtifactResponse(resElem);
} catch (SAML2Exception se) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(method + "Couldn't create " + "ArtifactResponse:", se);
}
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.CANNOT_INSTANTIATE_ARTIFACT_RESPONSE, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "failedToCreateArtifactResponse", se.getMessage());
throw se;
}
if (artiResp == null) {
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.MISSING_ARTIFACT_RESPONSE, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "missingArtifactResponse", SAML2Utils.bundle.getString("missingArtifactResponse"));
throw new SAML2Exception(SAML2Utils.bundle.getString("missingArtifactResponse"));
} else {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(method + "Received ArtifactResponse:" + artiResp.toXMLString(true, true));
}
}
// verify ArtifactResponse
String wantArtiRespSigned = getAttributeValueFromSPSSOConfig(orgName, hostEntityId, sm, SAML2Constants.WANT_ARTIFACT_RESPONSE_SIGNED);
if (wantArtiRespSigned != null && wantArtiRespSigned.equals("true")) {
Set<X509Certificate> verificationCerts = KeyUtil.getVerificationCerts(idp, idpEntityID, SAML2Constants.IDP_ROLE);
if (!artiResp.isSigned() || !artiResp.isSignatureValid(verificationCerts)) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(method + "ArtifactResponse's signature is invalid.");
}
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.ARTIFACT_RESPONSE_INVALID_SIGNATURE, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "invalidSignature", SAML2Utils.bundle.getString("invalidSignature"));
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignature"));
}
}
String inResponseTo = artiResp.getInResponseTo();
if (inResponseTo == null || !inResponseTo.equals(resolve.getID())) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(method + "ArtifactResponse's InResponseTo is invalid.");
}
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.ARTIFACT_RESPONSE_INVALID_INRESPONSETO, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "invalidInResponseTo", SAML2Utils.bundle.getString("invalidInResponseTo"));
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidInResponseTo"));
}
Issuer idpIssuer = artiResp.getIssuer();
if (idpIssuer == null || !idpIssuer.getValue().equals(idpEntityID)) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(method + "ArtifactResponse's Issuer is invalid.");
}
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.ARTIFACT_RESPONSE_INVALID_ISSUER, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "invalidIssuer", SAML2Utils.bundle.getString("invalidIssuer"));
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidIssuer"));
}
// check time?
Status status = artiResp.getStatus();
if (status == null || !status.getStatusCode().getValue().equals(SAML2Constants.SUCCESS)) {
String statusCode = (status == null) ? "" : status.getStatusCode().getValue();
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(method + "ArtifactResponse's status code is not success." + statusCode);
}
String[] data = { idpEntityID, "" };
if (LogUtil.isErrorLoggable(Level.FINE)) {
data[1] = statusCode;
}
LogUtil.error(Level.INFO, LogUtil.ARTIFACT_RESPONSE_INVALID_STATUS_CODE, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "invalidStatusCode", SAML2Utils.bundle.getString("invalidStatusCode"));
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidStatusCode"));
}
try {
return ProtocolFactory.getInstance().createResponse(artiResp.getAny());
} catch (SAML2Exception se) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(method + "couldn't instantiate Response:", se);
}
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.CANNOT_INSTANTIATE_RESPONSE_ARTIFACT, data, null);
SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "failedToCreateResponse", se.getMessage());
throw se;
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Status(com.sun.identity.saml2.protocol.Status)
Issuer(com.sun.identity.saml2.assertion.Issuer)
ArtifactResponse(com.sun.identity.saml2.protocol.ArtifactResponse)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
ArtifactResolutionServiceElement(com.sun.identity.saml2.jaxb.metadata.ArtifactResolutionServiceElement)
Element(org.w3c.dom.Element)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
X509Certificate(java.security.cert.X509Certificate)
Example 12 with StatusCode
use of com.sun.identity.saml2.protocol.StatusCode in project OpenAM by OpenRock.
the class IDPSingleLogout method getLogoutStatus.
private static int getLogoutStatus(LogoutResponse logoutRes) {
StatusCode statusCode = logoutRes.getStatus().getStatusCode();
String code = statusCode.getValue();
if (code.equals(SAML2Constants.SUCCESS)) {
return SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS;
} else {
return SingleLogoutManager.LOGOUT_FAILED_STATUS;
}
}
Also used :
StatusCode(com.sun.identity.saml2.protocol.StatusCode)
Example 13 with StatusCode
use of com.sun.identity.saml2.protocol.StatusCode in project OpenAM by OpenRock.
the class StatusCodeImpl method parseElement.
/* Parses the <code>StatusCode</code> Element. */
private void parseElement(Element element) throws SAML2Exception {
ProtocolFactory protoFactory = ProtocolFactory.getInstance();
statusCodeValue = element.getAttribute(SAML2Constants.VALUE);
validateStatusCodeValue(statusCodeValue);
NodeList nList = element.getChildNodes();
if ((nList != null) && (nList.getLength() > 0)) {
for (int i = 0; i < nList.getLength(); i++) {
Node childNode = nList.item(i);
String cName = childNode.getLocalName();
if (cName != null) {
if (cName.equals(SAML2Constants.STATUS_CODE)) {
statusCode = protoFactory.createStatusCode((Element) childNode);
}
}
}
}
}
Also used :
ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory)
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
Element(org.w3c.dom.Element)
Example 14 with StatusCode
use of com.sun.identity.saml2.protocol.StatusCode in project OpenAM by OpenRock.
the class StatusImpl method parseElement.
/* Parses the <code>Status</code> Element. */
private void parseElement(Element element) throws SAML2Exception {
ProtocolFactory protoFactory = ProtocolFactory.getInstance();
NodeList nList = element.getChildNodes();
if ((nList != null) && (nList.getLength() > 0)) {
for (int i = 0; i < nList.getLength(); i++) {
Node childNode = nList.item(i);
String cName = childNode.getLocalName();
if (cName != null) {
if (cName.equals(SAML2Constants.STATUS_CODE)) {
statusCode = protoFactory.createStatusCode((Element) childNode);
validateStatusCode(statusCode);
} else if (cName.equals(SAML2Constants.STATUS_MESSAGE)) {
statusMessage = XMLUtils.getElementString((Element) childNode);
} else if (cName.equals(SAML2Constants.STATUS_DETAIL)) {
statusDetail = protoFactory.createStatusDetail((Element) childNode);
}
}
}
}
}
Also used :
ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory)
NodeList(org.w3c.dom.NodeList)
Node(org.w3c.dom.Node)
Element(org.w3c.dom.Element)
Example 15 with StatusCode
use of com.sun.identity.saml2.protocol.StatusCode in project OpenAM by OpenRock.
the class StatusImpl method toXMLString.
/**
* Returns the <code>Status</code> in an XML document String format
* based on the <code>Status</code> schema described above.
*
* @param includeNSPrefix Determines whether or not the namespace qualifier
* is prepended to the Element when converted
* @param declareNS Determines whether or not the namespace is declared
* within the Element.
* @return A XML String representing the <code>Status</code>.
* @throws SAML2Exception if some error occurs during conversion to
* <code>String</code>.
*/
public String toXMLString(boolean includeNSPrefix, boolean declareNS) throws SAML2Exception {
String xmlStr = null;
if (statusCode != null) {
StringBuffer xmlString = new StringBuffer(500);
xmlString.append(SAML2Constants.START_TAG);
if (includeNSPrefix) {
xmlString.append(SAML2Constants.PROTOCOL_PREFIX);
}
xmlString.append(SAML2Constants.STATUS);
if (declareNS) {
xmlString.append(SAML2Constants.PROTOCOL_DECLARE_STR);
}
xmlString.append(SAML2Constants.END_TAG);
xmlString.append(SAML2Constants.NEWLINE).append(statusCode.toXMLString(includeNSPrefix, declareNS));
if ((statusMessage != null) && (statusMessage.length() != 0)) {
ProtocolFactory protoFactory = ProtocolFactory.getInstance();
StatusMessage sMessage = protoFactory.createStatusMessage(statusMessage);
xmlString.append(SAML2Constants.NEWLINE).append(sMessage.toXMLString(includeNSPrefix, declareNS));
}
if (statusDetail != null) {
xmlString.append(SAML2Constants.NEWLINE).append(statusDetail.toXMLString(includeNSPrefix, declareNS));
}
xmlString.append(SAML2Constants.NEWLINE).append(SAML2Constants.SAML2_END_TAG).append(SAML2Constants.STATUS).append(SAML2Constants.END_TAG);
xmlStr = xmlString.toString();
}
return xmlStr;
}
Also used :
ProtocolFactory(com.sun.identity.saml2.protocol.ProtocolFactory)
StatusMessage(com.sun.identity.saml2.protocol.StatusMessage)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)8
Status (com.sun.identity.saml2.protocol.Status)8
StatusCode (com.sun.identity.saml2.protocol.StatusCode)8
ArrayList (java.util.ArrayList)8
List (java.util.List)8
Issuer (com.sun.identity.saml2.assertion.Issuer)7
Date (java.util.Date)7
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)6
ProtocolFactory (com.sun.identity.saml2.protocol.ProtocolFactory)6
Assertion (com.sun.identity.saml2.assertion.Assertion)5
Response (com.sun.identity.saml2.protocol.Response)5
HttpServletResponse (javax.servlet.http.HttpServletResponse)5
Element (org.w3c.dom.Element)5
EncryptedAssertion (com.sun.identity.saml2.assertion.EncryptedAssertion)4
SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)4
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)3
X509Certificate (java.security.cert.X509Certificate)3
Map (java.util.Map)3
SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)2
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)2
