Example 1 with SPAttributeMapper
use of com.sun.identity.wsfederation.plugins.SPAttributeMapper in project OpenAM by OpenRock.
the class RPSigninResponse method process.
/**
* Processes the sign-in response, redirecting the browser wreply URL
* supplied in the sign-in request via the HttpServletResponse passed to
* the constructor.
*/
public void process() throws WSFederationException, IOException {
String classMethod = "RPSigninResponse.process: ";
if ((wresult == null) || (wresult.length() == 0)) {
String[] data = { request.getQueryString() };
LogUtil.error(Level.INFO, LogUtil.MISSING_WRESULT, data, null);
throw new WSFederationException(WSFederationUtils.bundle.getString("nullWresult"));
}
RequestSecurityTokenResponse rstr = null;
try {
rstr = RequestSecurityTokenResponse.parseXML(wresult);
} catch (WSFederationException wsfe) {
String[] data = { wresult };
LogUtil.error(Level.INFO, LogUtil.INVALID_WRESULT, data, null);
throw new WSFederationException(WSFederationUtils.bundle.getString("invalidWresult"));
}
if (debug.messageEnabled()) {
debug.message(classMethod + "Received RSTR: " + rstr.toString());
}
String realm = null;
String requestURL = request.getRequestURL().toString();
// get entity id and orgName
String metaAlias = WSFederationMetaUtils.getMetaAliasByUri(requestURL);
realm = WSFederationMetaUtils.getRealmByMetaAlias(metaAlias);
WSFederationMetaManager metaManager = WSFederationUtils.getMetaManager();
String spEntityId = null;
try {
spEntityId = metaManager.getEntityByMetaAlias(metaAlias);
} catch (WSFederationException wsfe) {
String[] data = { wsfe.getLocalizedMessage(), metaAlias, realm };
LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_GET_ENTITY_CONFIG, data, null);
String[] args = { metaAlias, realm };
throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "invalidMetaAlias", args);
}
if (realm == null || realm.length() == 0) {
realm = "/";
}
SPSSOConfigElement spssoconfig = metaManager.getSPSSOConfig(realm, spEntityId);
int timeskew = SAML2Constants.ASSERTION_TIME_SKEW_DEFAULT;
String timeskewStr = WSFederationMetaUtils.getAttribute(spssoconfig, SAML2Constants.ASSERTION_TIME_SKEW);
if (timeskewStr != null && timeskewStr.trim().length() > 0) {
timeskew = Integer.parseInt(timeskewStr);
if (timeskew < 0) {
timeskew = SAML2Constants.ASSERTION_TIME_SKEW_DEFAULT;
}
}
if (debug.messageEnabled()) {
debug.message(classMethod + "timeskew = " + timeskew);
}
// Subject, SOAPEntry for the partner and the List of Assertions.
if (debug.messageEnabled()) {
debug.message(classMethod + " - verifying assertion");
}
// verifyToken will throw an exception, rather than return null, so we
// need not test the return value
Map<String, Object> smap = rstr.getRequestedSecurityToken().verifyToken(realm, spEntityId, timeskew);
assert smap != null;
Map attributes = WSFederationMetaUtils.getAttributes(spssoconfig);
SPAccountMapper acctMapper = getSPAccountMapper(attributes);
SPAttributeMapper attrMapper = getSPAttributeMapper(attributes);
String userName = acctMapper.getIdentity(rstr, spEntityId, realm);
if (userName == null) {
throw new WSFederationException(WSFederationUtils.bundle.getString("nullUserID"));
}
String idpEntityId = metaManager.getEntityByTokenIssuerName(realm, rstr.getRequestedSecurityToken().getIssuer());
List attrs = rstr.getRequestedSecurityToken().getAttributes();
Map attrMap = null;
if (attrs != null) {
attrMap = attrMapper.getAttributes(attrs, userName, spEntityId, idpEntityId, realm);
}
String authLevel = smap.get(SAML2Constants.AUTH_LEVEL).toString();
// Set up Attributes for session creation
Map sessionInfoMap = new HashMap();
sessionInfoMap.put(SessionProvider.REALM, realm);
sessionInfoMap.put(SessionProvider.PRINCIPAL_NAME, userName);
sessionInfoMap.put(SessionProvider.AUTH_LEVEL, authLevel);
Object session = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
session = sessionProvider.createSession(sessionInfoMap, request, response, null);
SPACSUtils.setAttrMapInSession(sessionProvider, attrMap, session);
String[] idpArray = { idpEntityId };
sessionProvider.setProperty(session, WSFederationConstants.SESSION_IDP, idpArray);
RequestedSecurityToken rst = rstr.getRequestedSecurityToken();
if (isAssertionCacheEnabled(spssoconfig)) {
String tokenID = rst.getTokenId();
String[] assertionID = { tokenID };
sessionProvider.setProperty(session, "AssertionID", assertionID);
SPCache.assertionByIDCache.put(tokenID, rst.toString());
}
} catch (SessionException se) {
String[] data = { se.getLocalizedMessage(), realm, userName, authLevel };
LogUtil.error(Level.INFO, LogUtil.CANT_CREATE_SESSION, data, null);
throw new WSFederationException(se);
}
String target = null;
if (wctx != null) {
target = WSFederationUtils.removeReplyURL(wctx);
} else {
target = WSFederationMetaUtils.getAttribute(spssoconfig, SAML2Constants.DEFAULT_RELAY_STATE);
}
String[] data = { wctx, LogUtil.isErrorLoggable(Level.FINER) ? wresult : rstr.getRequestedSecurityToken().getTokenId(), realm, userName, authLevel, target };
LogUtil.access(Level.INFO, LogUtil.SSO_SUCCESSFUL, data, session);
if (target == null) {
// What to do? There was no wreply URL specified, and there is no
// default target configured
PrintWriter pw = response.getWriter();
pw.println("Logged in");
return;
}
response.sendRedirect(target);
}
Also used :
WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager)
WSFederationException(com.sun.identity.wsfederation.common.WSFederationException)
RequestedSecurityToken(com.sun.identity.wsfederation.profile.RequestedSecurityToken)
HashMap(java.util.HashMap)
SPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement)
SessionException(com.sun.identity.plugin.session.SessionException)
SPAccountMapper(com.sun.identity.wsfederation.plugins.SPAccountMapper)
SPAttributeMapper(com.sun.identity.wsfederation.plugins.SPAttributeMapper)
List(java.util.List)
RequestSecurityTokenResponse(com.sun.identity.wsfederation.profile.RequestSecurityTokenResponse)
HashMap(java.util.HashMap)
Map(java.util.Map)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
PrintWriter(java.io.PrintWriter)
Example 2 with SPAttributeMapper
use of com.sun.identity.wsfederation.plugins.SPAttributeMapper in project OpenAM by OpenRock.
the class RPSigninResponse method getSPAttributeMapper.
private SPAttributeMapper getSPAttributeMapper(Map attributes) throws WSFederationException {
SPAttributeMapper attrMapper = null;
List attrMapperList = (List) attributes.get(SAML2Constants.SP_ATTRIBUTE_MAPPER);
if (attrMapperList != null) {
try {
attrMapper = (SPAttributeMapper) (Class.forName((String) attrMapperList.get(0)).newInstance());
} catch (ClassNotFoundException cfe) {
throw new WSFederationException(cfe);
} catch (InstantiationException ie) {
throw new WSFederationException(ie);
} catch (IllegalAccessException iae) {
throw new WSFederationException(iae);
}
}
if (attrMapper == null) {
throw new WSFederationException(WSFederationUtils.bundle.getString("failedAttrMapper"));
}
return attrMapper;
}
Also used :
WSFederationException(com.sun.identity.wsfederation.common.WSFederationException)
SPAttributeMapper(com.sun.identity.wsfederation.plugins.SPAttributeMapper)
List(java.util.List)
Aggregations
WSFederationException (com.sun.identity.wsfederation.common.WSFederationException)2
SPAttributeMapper (com.sun.identity.wsfederation.plugins.SPAttributeMapper)2
List (java.util.List)2
SessionException (com.sun.identity.plugin.session.SessionException)1
SessionProvider (com.sun.identity.plugin.session.SessionProvider)1
SPSSOConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement)1
WSFederationMetaManager (com.sun.identity.wsfederation.meta.WSFederationMetaManager)1
SPAccountMapper (com.sun.identity.wsfederation.plugins.SPAccountMapper)1
RequestSecurityTokenResponse (com.sun.identity.wsfederation.profile.RequestSecurityTokenResponse)1
RequestedSecurityToken (com.sun.identity.wsfederation.profile.RequestedSecurityToken)1
PrintWriter (java.io.PrintWriter)1
HashMap (java.util.HashMap)1
Map (java.util.Map)1
