Example 6 with WSFederationException
use of com.sun.identity.wsfederation.common.WSFederationException in project OpenAM by OpenRock.
the class DefaultIDPAccountMapper method getNameID.
/**
* Returns the user's <code>NameID</code>information that contains
* account federation with the corresponding remote and local entities.
*
* @param session Session object.
* @param realm Realm where user resides.
* @param hostEntityID <code>EntityID</code> of the hosted provider.
* @param remoteEntityID <code>EntityID</code> of the remote provider.
* @return the <code>NameID</code> corresponding to the authenticated user.
* null if the authenticated user does not container account
* federation information.
* @exception WSFederationException if any failure.
*/
public NameIdentifier getNameID(Object session, String realm, String hostEntityID, String remoteEntityID) throws WSFederationException {
String userID = null;
try {
SessionProvider sessionProv = SessionManager.getProvider();
userID = sessionProv.getPrincipalName(session);
} catch (SessionException se) {
throw new WSFederationException(WSFederationUtils.bundle.getString("invalidSSOToken"));
}
IDPSSOConfigElement idpConfig = WSFederationUtils.getMetaManager().getIDPSSOConfig(realm, hostEntityID);
String name2 = null;
String attrName = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.NAMEID_ATTRIBUTE);
if (attrName == null || attrName.length() == 0) {
attrName = WSFederationConstants.UID;
}
try {
Set attrValues = dsProvider.getAttribute(userID, attrName);
if ((attrValues != null) && (!attrValues.isEmpty())) {
name2 = (String) attrValues.iterator().next();
} else {
String[] args = { attrName, userID };
throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "missingNameAttribute", args);
}
} catch (DataStoreProviderException dspe) {
throw new WSFederationException(dspe);
}
String nameIdFormat = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.NAMEID_FORMAT);
if (nameIdFormat == null || nameIdFormat.length() == 0) {
nameIdFormat = WSFederationConstants.NAMED_CLAIM_TYPES[WSFederationConstants.NAMED_CLAIM_UPN];
}
String strNameIncludesDomain = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.NAME_INCLUDES_DOMAIN);
boolean nameIncludesDomain = Boolean.valueOf(strNameIncludesDomain);
String name = null;
if (nameIdFormat.equals(WSFederationConstants.NAMED_CLAIM_TYPES[WSFederationConstants.NAMED_CLAIM_UPN]) && !nameIncludesDomain) {
// Need to get a domain from somewhere and append it to name2
// Try user profile first
String domainAttribute = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.DOMAIN_ATTRIBUTE);
String upnDomain = null;
if (domainAttribute != null && domainAttribute.length() > 0) {
Set attrValues;
try {
attrValues = dsProvider.getAttribute(userID, domainAttribute);
} catch (DataStoreProviderException dspe) {
throw new WSFederationException(dspe);
}
if ((attrValues != null) && (!attrValues.isEmpty())) {
upnDomain = (String) attrValues.iterator().next();
}
}
if (upnDomain == null || upnDomain.length() == 0) {
// Nothing on the user profile - get from config
upnDomain = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.UPN_DOMAIN);
}
if (upnDomain == null || upnDomain.length() == 0) {
// OK - now we have a problem
throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "noDomainConfigured", null);
}
name = name2 + "@" + upnDomain;
} else {
name = name2;
}
try {
return new NameIdentifier(name, null, nameIdFormat);
} catch (SAMLException se) {
throw new WSFederationException(se);
}
}
Also used :
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
Set(java.util.Set)
WSFederationException(com.sun.identity.wsfederation.common.WSFederationException)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
SessionException(com.sun.identity.plugin.session.SessionException)
IDPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)
SAMLException(com.sun.identity.saml.common.SAMLException)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 7 with WSFederationException
use of com.sun.identity.wsfederation.common.WSFederationException in project OpenAM by OpenRock.
the class DefaultIDPAttributeMapper method getAttributes.
/**
* Returns list of SAML <code>Attribute</code> objects for the
* IDP framework to insert into the generated <code>Assertion</code>.
* @param session Single sign-on session.
* @param hostEntityID <code>EntityID</code> of the hosted entity.
* @param remoteEntityID <code>EntityID</code> of the remote entity.
* @param realm name of the realm.
* @exception WSFederationException if any failure.
*/
public List getAttributes(Object session, String hostEntityID, String remoteEntityID, String realm) throws WSFederationException {
if (hostEntityID == null) {
throw new WSFederationException(bundle.getString("nullHostEntityID"));
}
if (realm == null) {
throw new WSFederationException(bundle.getString("nullRealm"));
}
if (session == null) {
throw new WSFederationException(bundle.getString("nullSSOToken"));
}
try {
if (!SessionManager.getProvider().isValid(session)) {
if (debug.warningEnabled()) {
debug.warning("DefaultIDPAttributeMapper.getAttributes: " + "Invalid session");
}
return null;
}
Map configMap = getConfigAttributeMap(realm, hostEntityID);
if (configMap == null || configMap.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("DefaultIDPAttributeMapper.getAttributes:" + "Configuration map is not defined.");
}
return null;
}
List attributes = new ArrayList();
Set localAttributes = new HashSet();
localAttributes.addAll(configMap.values());
Map valueMap = null;
try {
valueMap = dsProvider.getAttributes(SessionManager.getProvider().getPrincipalName(session), localAttributes);
} catch (DataStoreProviderException dse) {
if (debug.warningEnabled()) {
debug.warning("DefaultIDPAttributeMapper.getAttributes: " + "Datastore exception", dse);
}
//continue to check in ssotoken.
}
Iterator iter = configMap.keySet().iterator();
while (iter.hasNext()) {
String samlAttribute = (String) iter.next();
String localAttribute = (String) configMap.get(samlAttribute);
String[] localAttributeValues = null;
if (valueMap != null && !valueMap.isEmpty()) {
Set values = (Set) valueMap.get(localAttribute);
if (values == null || values.isEmpty()) {
if (debug.messageEnabled()) {
debug.message("DefaultIDPAttributeMapper.getAttribute:" + " user profile does not have value for " + localAttribute + " but is going to check ssotoken:");
}
localAttributeValues = SessionManager.getProvider().getProperty(session, localAttribute);
if (localAttributeValues != null && localAttributeValues.length == 0) {
localAttributeValues = null;
}
} else {
localAttributeValues = (String[]) values.toArray(new String[values.size()]);
}
}
if (localAttributeValues == null) {
if (debug.messageEnabled()) {
debug.message("DefaultIDPAttributeMapper.getAttribute:" + " user does not have " + localAttribute);
}
continue;
}
attributes.add(getSAMLAttribute(samlAttribute, localAttributeValues));
}
return attributes;
} catch (WSFederationException sme) {
debug.error("DefaultIDPAttribute.getAttributes: " + "SAML Exception", sme);
throw new WSFederationException(sme);
} catch (SessionException se) {
debug.error("DefaultIDPAttribute.getAttributes: " + "SessionException", se);
throw new WSFederationException(se);
}
}
Also used :
DataStoreProviderException(com.sun.identity.plugin.datastore.DataStoreProviderException)
Set(java.util.Set)
HashSet(java.util.HashSet)
WSFederationException(com.sun.identity.wsfederation.common.WSFederationException)
ArrayList(java.util.ArrayList)
Iterator(java.util.Iterator)
SessionException(com.sun.identity.plugin.session.SessionException)
ArrayList(java.util.ArrayList)
List(java.util.List)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 8 with WSFederationException
use of com.sun.identity.wsfederation.common.WSFederationException in project OpenAM by OpenRock.
the class DefaultIDPAuthenticationMethodMapper method getIDPAuthnContextInfo.
/**
*
* Returns an <code>IDPAuthenticationTypeInfo</code> object.
*
* @param authenticationType the <code>AuthenticationType</code> from the
* Service Provider
* @param idpEntityID the Entity ID of the Identity Provider
* @param realm the realm to which the Identity Provider belongs
* @return an <code>IDPAuthenticationTypeInfo</code> object
* @throws WSFederationException if an error occurs.
*/
public IDPAuthenticationTypeInfo getIDPAuthnContextInfo(String authenticationType, String idpEntityID, String realm) throws WSFederationException {
String classMethod = "DefaultIDPAuthnContextMapper.getIDPAuthnContextInfo: ";
Map attrs = null;
Set authTypeAndValues = null;
IDPAuthenticationTypeInfo info = null;
List requestedClassRefs = null;
String requestedClassRef = null;
List classRefs = null;
String classRef = null;
try {
IDPSSOConfigElement config = WSFederationUtils.getMetaManager().getIDPSSOConfig(realm, idpEntityID);
attrs = WSFederationMetaUtils.getAttributes(config);
} catch (WSFederationMetaException sme) {
debug.error(classMethod + "get IDPSSOConfig failed:", sme);
throw new WSFederationException(sme);
}
List values = (List) attrs.get(SAML2Constants.IDP_AUTHNCONTEXT_CLASSREF_MAPPING);
if ((values != null) && (values.size() != 0)) {
if (authenticationType != null) {
for (int i = 0; i < values.size(); i++) {
String value = ((String) values.get(i)).trim();
if (debug.messageEnabled()) {
debug.message(classMethod + "configured mapping=" + value);
}
StringTokenizer st = new StringTokenizer(value, "|");
if (st.hasMoreTokens()) {
// the first element is an AuthnContextClassRef
classRef = ((String) st.nextToken()).trim();
if (classRef.equals(authenticationType)) {
authTypeAndValues = new HashSet();
while (st.hasMoreTokens()) {
String authTypeAndValue = ((String) st.nextToken()).trim();
if (authTypeAndValue.length() != 0) {
authTypeAndValues.add(authTypeAndValue);
}
}
break;
}
}
}
}
if (authTypeAndValues == null) {
// no matching authnContextClassRef found in config, or
// no valid requested authn class ref, use the first
// one in the config
String value = ((String) values.get(0)).trim();
StringTokenizer st = new StringTokenizer(value, "|");
if (st.hasMoreTokens()) {
// the first element is an AuthnContextClassRef
classRef = ((String) st.nextToken()).trim();
authTypeAndValues = new HashSet();
while (st.hasMoreTokens()) {
String authTypeAndValue = ((String) st.nextToken()).trim();
if (authTypeAndValue.length() != 0) {
authTypeAndValues.add(authTypeAndValue);
}
}
}
}
info = new IDPAuthenticationTypeInfo(authenticationType, authTypeAndValues);
if (debug.messageEnabled()) {
debug.message(classMethod + "requested AuthnContextClassRef=" + requestedClassRef + "\nreturned AuthnContextClassRef=" + classRef + "\nauthTypeAndValues=" + authTypeAndValues);
}
}
return info;
}
Also used :
StringTokenizer(java.util.StringTokenizer)
HashSet(java.util.HashSet)
Set(java.util.Set)
WSFederationException(com.sun.identity.wsfederation.common.WSFederationException)
List(java.util.List)
IDPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)
WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 9 with WSFederationException
use of com.sun.identity.wsfederation.common.WSFederationException in project OpenAM by OpenRock.
the class DefaultADFSPartnerAccountMapper method getSearchParameters.
/**
* This method simply extracts the NameIDValue and constructs a search map
* according to the configuration.
* @param nameID NameIdentifier for the subject
* @param hostEntityID entity ID of the identity provider
* @param remoteEntityID entity ID of the service provider
*/
protected Map getSearchParameters(NameIdentifier nameID, String realm, String hostEntityID, String remoteEntityID) throws WSFederationException {
String classMethod = "DefaultADFSPartnerAccountMapper.getSearchParameters: ";
// Get configuration for this IdP
IDPSSOConfigElement idpConfig = null;
try {
idpConfig = WSFederationUtils.getMetaManager().getIDPSSOConfig(realm, remoteEntityID);
} catch (WSFederationMetaException wsfme) {
throw new WSFederationException(wsfme);
}
String nameIdAttribute = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.NAMEID_ATTRIBUTE);
// Search on uid by default
if (nameIdAttribute == null || nameIdAttribute.length() == 0) {
nameIdAttribute = WSFederationConstants.UID;
}
String domainAttribute = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.DOMAIN_ATTRIBUTE);
String strNameIncludesDomain = WSFederationMetaUtils.getAttribute(idpConfig, WSFederationConstants.NAME_INCLUDES_DOMAIN);
boolean nameIncludesDomain = Boolean.valueOf(strNameIncludesDomain);
String nameValue = nameID.getName();
if (nameValue == null || nameValue.length() == 0) {
throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "nullNameID", null);
}
// Now construct the key map
Map keyMap = new HashMap();
String name = null;
if (nameID.getFormat().equals(WSFederationConstants.NAMED_CLAIM_TYPES[WSFederationConstants.NAMED_CLAIM_UPN]) && !nameIncludesDomain) {
int atSign = nameValue.indexOf('@');
if (atSign == -1) {
String[] args = { nameValue };
throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "missingAtInUpn", args);
}
name = nameValue.substring(0, atSign);
String upnDomain = nameValue.substring(atSign + 1);
if (domainAttribute != null && domainAttribute.length() > 0) {
HashSet set = new HashSet();
set.add(upnDomain);
keyMap.put(domainAttribute, set);
}
if (debug.messageEnabled()) {
debug.message(classMethod + "domain is " + upnDomain);
}
} else {
name = nameValue;
}
if (debug.messageEnabled()) {
debug.message(classMethod + "name is " + name);
}
HashSet set = new HashSet();
set.add(name);
keyMap.put(nameIdAttribute, set);
return keyMap;
}
Also used :
WSFederationException(com.sun.identity.wsfederation.common.WSFederationException)
HashMap(java.util.HashMap)
IDPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)
WSFederationMetaException(com.sun.identity.wsfederation.meta.WSFederationMetaException)
HashMap(java.util.HashMap)
Map(java.util.Map)
HashSet(java.util.HashSet)
Example 10 with WSFederationException
use of com.sun.identity.wsfederation.common.WSFederationException in project OpenAM by OpenRock.
the class IPSigninRequest method process.
/**
* Processes the sign-in request, returning a response via the
* HttpServletResponse passed to the constructor.
*/
public void process() throws IOException, WSFederationException {
String classMethod = "IPSigninRequest.process: ";
Object session = null;
String idpMetaAlias = WSFederationMetaUtils.getMetaAliasByUri(request.getRequestURI());
if ((idpMetaAlias == null) || (idpMetaAlias.trim().length() == 0)) {
debug.error(classMethod + "unable to get IDP meta alias from request.");
throw new WSFederationException(WSFederationUtils.bundle.getString("IDPMetaAliasNotFound"));
}
WSFederationMetaManager metaManager = WSFederationUtils.getMetaManager();
// retrieve IDP entity id from meta alias
String idpEntityID = metaManager.getEntityByMetaAlias(idpMetaAlias);
if ((idpEntityID == null) || (idpEntityID.trim().length() == 0)) {
debug.error(classMethod + "Unable to get IDP Entity ID from metaAlias");
throw new WSFederationException(WSFederationUtils.bundle.getString("nullIDPEntityID"));
}
String realm = WSFederationMetaUtils.getRealmByMetaAlias(idpMetaAlias);
String spEntityID = metaManager.getEntityByTokenIssuerName(realm, wtrealm);
if ((spEntityID == null) || (spEntityID.trim().length() == 0)) {
debug.error(classMethod + "Unable to get SP Entity ID from wtrealm");
throw new WSFederationException(WSFederationUtils.bundle.getString("nullIDPEntityID"));
}
// check if the remote provider is valid
if (!metaManager.isTrustedProvider(realm, idpEntityID, spEntityID)) {
debug.error(classMethod + "The remote provider is not valid.");
throw new WSFederationException(WSFederationUtils.bundle.getString("invalidReceiver"));
}
// get the user sso session from the request
try {
session = WSFederationUtils.sessionProvider.getSession(request);
} catch (SessionException se) {
if (debug.messageEnabled()) {
debug.message(classMethod + "Unable to retrieve user session.");
}
session = null;
}
if (session == null) {
// the user has not logged in yet, redirect to auth
redirectAuthentication(idpEntityID, realm);
return;
}
String sessionRealm = getSessionRealm(session);
// If we are in the same realm as the users existing session then we can continue processing
if (realm.equalsIgnoreCase(sessionRealm)) {
// set session property for multi-federation protocol hub
MultiProtocolUtils.addFederationProtocol(session, SingleLogoutManager.WS_FED);
sendResponse(session, idpEntityID, spEntityID, idpMetaAlias, realm);
} else {
// Trigger a re-auth to the new realm if the session realm value is different
if (debug.messageEnabled()) {
debug.message(classMethod + "The users realm: " + sessionRealm + " was different to the IDP's realm: " + realm + ", will re-authenticate to IDP: " + idpEntityID);
}
redirectAuthentication(idpEntityID, realm);
}
}
Also used :
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
WSFederationException(com.sun.identity.wsfederation.common.WSFederationException)
SessionException(com.sun.identity.plugin.session.SessionException)
Aggregations
WSFederationException (com.sun.identity.wsfederation.common.WSFederationException)21
List (java.util.List)14
WSFederationMetaManager (com.sun.identity.wsfederation.meta.WSFederationMetaManager)7
ArrayList (java.util.ArrayList)7
Map (java.util.Map)7
SessionException (com.sun.identity.plugin.session.SessionException)6
HashMap (java.util.HashMap)6
HashSet (java.util.HashSet)5
Iterator (java.util.Iterator)5
IDPSSOConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.IDPSSOConfigElement)4
SPSSOConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement)4
Set (java.util.Set)4
DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)3
NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)3
SAMLException (com.sun.identity.saml.common.SAMLException)3
FederationElement (com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement)3
WSFederationMetaException (com.sun.identity.wsfederation.meta.WSFederationMetaException)3
Date (java.util.Date)3
SessionProvider (com.sun.identity.plugin.session.SessionProvider)2
Attribute (com.sun.identity.saml.assertion.Attribute)2
