Search in sources :

Example 1 with SPAttributeMapper

use of com.sun.identity.wsfederation.plugins.SPAttributeMapper in project OpenAM by OpenRock.

the class RPSigninResponse method process.

/**
     * Processes the sign-in response, redirecting the browser wreply URL 
     * supplied in the sign-in request via the HttpServletResponse passed to 
     * the constructor.
     */
public void process() throws WSFederationException, IOException {
    String classMethod = "RPSigninResponse.process: ";
    if ((wresult == null) || (wresult.length() == 0)) {
        String[] data = { request.getQueryString() };
        LogUtil.error(Level.INFO, LogUtil.MISSING_WRESULT, data, null);
        throw new WSFederationException(WSFederationUtils.bundle.getString("nullWresult"));
    }
    RequestSecurityTokenResponse rstr = null;
    try {
        rstr = RequestSecurityTokenResponse.parseXML(wresult);
    } catch (WSFederationException wsfe) {
        String[] data = { wresult };
        LogUtil.error(Level.INFO, LogUtil.INVALID_WRESULT, data, null);
        throw new WSFederationException(WSFederationUtils.bundle.getString("invalidWresult"));
    }
    if (debug.messageEnabled()) {
        debug.message(classMethod + "Received RSTR: " + rstr.toString());
    }
    String realm = null;
    String requestURL = request.getRequestURL().toString();
    // get entity id and orgName
    String metaAlias = WSFederationMetaUtils.getMetaAliasByUri(requestURL);
    realm = WSFederationMetaUtils.getRealmByMetaAlias(metaAlias);
    WSFederationMetaManager metaManager = WSFederationUtils.getMetaManager();
    String spEntityId = null;
    try {
        spEntityId = metaManager.getEntityByMetaAlias(metaAlias);
    } catch (WSFederationException wsfe) {
        String[] data = { wsfe.getLocalizedMessage(), metaAlias, realm };
        LogUtil.error(Level.INFO, LogUtil.CONFIG_ERROR_GET_ENTITY_CONFIG, data, null);
        String[] args = { metaAlias, realm };
        throw new WSFederationException(WSFederationConstants.BUNDLE_NAME, "invalidMetaAlias", args);
    }
    if (realm == null || realm.length() == 0) {
        realm = "/";
    }
    SPSSOConfigElement spssoconfig = metaManager.getSPSSOConfig(realm, spEntityId);
    int timeskew = SAML2Constants.ASSERTION_TIME_SKEW_DEFAULT;
    String timeskewStr = WSFederationMetaUtils.getAttribute(spssoconfig, SAML2Constants.ASSERTION_TIME_SKEW);
    if (timeskewStr != null && timeskewStr.trim().length() > 0) {
        timeskew = Integer.parseInt(timeskewStr);
        if (timeskew < 0) {
            timeskew = SAML2Constants.ASSERTION_TIME_SKEW_DEFAULT;
        }
    }
    if (debug.messageEnabled()) {
        debug.message(classMethod + "timeskew = " + timeskew);
    }
    // Subject, SOAPEntry for the partner and the List of Assertions.
    if (debug.messageEnabled()) {
        debug.message(classMethod + " - verifying assertion");
    }
    // verifyToken will throw an exception, rather than return null, so we
    // need not test the return value
    Map<String, Object> smap = rstr.getRequestedSecurityToken().verifyToken(realm, spEntityId, timeskew);
    assert smap != null;
    Map attributes = WSFederationMetaUtils.getAttributes(spssoconfig);
    SPAccountMapper acctMapper = getSPAccountMapper(attributes);
    SPAttributeMapper attrMapper = getSPAttributeMapper(attributes);
    String userName = acctMapper.getIdentity(rstr, spEntityId, realm);
    if (userName == null) {
        throw new WSFederationException(WSFederationUtils.bundle.getString("nullUserID"));
    }
    String idpEntityId = metaManager.getEntityByTokenIssuerName(realm, rstr.getRequestedSecurityToken().getIssuer());
    List attrs = rstr.getRequestedSecurityToken().getAttributes();
    Map attrMap = null;
    if (attrs != null) {
        attrMap = attrMapper.getAttributes(attrs, userName, spEntityId, idpEntityId, realm);
    }
    String authLevel = smap.get(SAML2Constants.AUTH_LEVEL).toString();
    // Set up Attributes for session creation
    Map sessionInfoMap = new HashMap();
    sessionInfoMap.put(SessionProvider.REALM, realm);
    sessionInfoMap.put(SessionProvider.PRINCIPAL_NAME, userName);
    sessionInfoMap.put(SessionProvider.AUTH_LEVEL, authLevel);
    Object session = null;
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        session = sessionProvider.createSession(sessionInfoMap, request, response, null);
        SPACSUtils.setAttrMapInSession(sessionProvider, attrMap, session);
        String[] idpArray = { idpEntityId };
        sessionProvider.setProperty(session, WSFederationConstants.SESSION_IDP, idpArray);
        RequestedSecurityToken rst = rstr.getRequestedSecurityToken();
        if (isAssertionCacheEnabled(spssoconfig)) {
            String tokenID = rst.getTokenId();
            String[] assertionID = { tokenID };
            sessionProvider.setProperty(session, "AssertionID", assertionID);
            SPCache.assertionByIDCache.put(tokenID, rst.toString());
        }
    } catch (SessionException se) {
        String[] data = { se.getLocalizedMessage(), realm, userName, authLevel };
        LogUtil.error(Level.INFO, LogUtil.CANT_CREATE_SESSION, data, null);
        throw new WSFederationException(se);
    }
    String target = null;
    if (wctx != null) {
        target = WSFederationUtils.removeReplyURL(wctx);
    } else {
        target = WSFederationMetaUtils.getAttribute(spssoconfig, SAML2Constants.DEFAULT_RELAY_STATE);
    }
    String[] data = { wctx, LogUtil.isErrorLoggable(Level.FINER) ? wresult : rstr.getRequestedSecurityToken().getTokenId(), realm, userName, authLevel, target };
    LogUtil.access(Level.INFO, LogUtil.SSO_SUCCESSFUL, data, session);
    if (target == null) {
        // What to do? There was no wreply URL specified, and there is no
        // default target configured
        PrintWriter pw = response.getWriter();
        pw.println("Logged in");
        return;
    }
    response.sendRedirect(target);
}
Also used : WSFederationMetaManager(com.sun.identity.wsfederation.meta.WSFederationMetaManager) WSFederationException(com.sun.identity.wsfederation.common.WSFederationException) RequestedSecurityToken(com.sun.identity.wsfederation.profile.RequestedSecurityToken) HashMap(java.util.HashMap) SPSSOConfigElement(com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement) SessionException(com.sun.identity.plugin.session.SessionException) SPAccountMapper(com.sun.identity.wsfederation.plugins.SPAccountMapper) SPAttributeMapper(com.sun.identity.wsfederation.plugins.SPAttributeMapper) List(java.util.List) RequestSecurityTokenResponse(com.sun.identity.wsfederation.profile.RequestSecurityTokenResponse) HashMap(java.util.HashMap) Map(java.util.Map) SessionProvider(com.sun.identity.plugin.session.SessionProvider) PrintWriter(java.io.PrintWriter)

Example 2 with SPAttributeMapper

use of com.sun.identity.wsfederation.plugins.SPAttributeMapper in project OpenAM by OpenRock.

the class RPSigninResponse method getSPAttributeMapper.

private SPAttributeMapper getSPAttributeMapper(Map attributes) throws WSFederationException {
    SPAttributeMapper attrMapper = null;
    List attrMapperList = (List) attributes.get(SAML2Constants.SP_ATTRIBUTE_MAPPER);
    if (attrMapperList != null) {
        try {
            attrMapper = (SPAttributeMapper) (Class.forName((String) attrMapperList.get(0)).newInstance());
        } catch (ClassNotFoundException cfe) {
            throw new WSFederationException(cfe);
        } catch (InstantiationException ie) {
            throw new WSFederationException(ie);
        } catch (IllegalAccessException iae) {
            throw new WSFederationException(iae);
        }
    }
    if (attrMapper == null) {
        throw new WSFederationException(WSFederationUtils.bundle.getString("failedAttrMapper"));
    }
    return attrMapper;
}
Also used : WSFederationException(com.sun.identity.wsfederation.common.WSFederationException) SPAttributeMapper(com.sun.identity.wsfederation.plugins.SPAttributeMapper) List(java.util.List)

Aggregations

WSFederationException (com.sun.identity.wsfederation.common.WSFederationException)2 SPAttributeMapper (com.sun.identity.wsfederation.plugins.SPAttributeMapper)2 List (java.util.List)2 SessionException (com.sun.identity.plugin.session.SessionException)1 SessionProvider (com.sun.identity.plugin.session.SessionProvider)1 SPSSOConfigElement (com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement)1 WSFederationMetaManager (com.sun.identity.wsfederation.meta.WSFederationMetaManager)1 SPAccountMapper (com.sun.identity.wsfederation.plugins.SPAccountMapper)1 RequestSecurityTokenResponse (com.sun.identity.wsfederation.profile.RequestSecurityTokenResponse)1 RequestedSecurityToken (com.sun.identity.wsfederation.profile.RequestedSecurityToken)1 PrintWriter (java.io.PrintWriter)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1