Example 16 with SOAPMessage
use of javax.xml.soap.SOAPMessage in project OpenAM by OpenRock.
the class LogoutUtil method doSLOBySOAP.
/**
* Performs SOAP logout, this method will send LogoutResuest to IDP using
* SOAP binding, and process LogoutResponse.
* @param requestID Request id.
* @param sloRequest a string representation of LogoutRequest.
* @param sloURL SOAP logout URL on IDP side.
* @param realm a string representation of LogoutRequest.
* @param hostEntity host entity is sending the request.
* @param hostRole SOAP logout URL on IDP side.
* @throws SAML2Exception if logout failed.
* @throws SessionException if logout failed.
*/
private static void doSLOBySOAP(String requestID, LogoutRequest sloRequest, String sloURL, String realm, String hostEntity, String hostRole, HttpServletRequest request, HttpServletResponse response) throws SAML2Exception, SessionException {
String sloRequestXMLString = sloRequest.toXMLString(true, true);
if (debug.messageEnabled()) {
debug.message("LogoutUtil.doSLOBySOAP : SLORequestXML: " + sloRequestXMLString + "\nSOAPURL : " + sloURL);
}
SOAPMessage resMsg = null;
try {
resMsg = SOAPCommunicator.getInstance().sendSOAPMessage(sloRequestXMLString, sloURL, true);
} catch (SOAPException se) {
debug.error("Unable to send SOAPMessage to IDP ", se);
throw new SAML2Exception(se.getMessage());
}
// get the LogoutResponse element from SOAP message
Element respElem = SOAPCommunicator.getInstance().getSamlpElement(resMsg, "LogoutResponse");
LogoutResponse sloResponse = ProtocolFactory.getInstance().createLogoutResponse(respElem);
String userId = null;
// invoke SPAdapter for preSingleLogoutProcess : SP initiated SOAP
if ((hostRole != null) && hostRole.equals(SAML2Constants.SP_ROLE)) {
userId = SPSingleLogout.preSingleLogoutProcess(hostEntity, realm, request, response, null, sloRequest, sloResponse, SAML2Constants.SOAP);
}
if (sloResponse == null) {
debug.error("LogoutUtil.doSLOBySoap : null response");
throw new SAML2Exception(SAML2Utils.bundle.getString("nullLogoutResponse"));
}
if (debug.messageEnabled()) {
debug.message("LogoutUtil.doSLOBySOAP : " + "LogoutResponse without SOAP envelope:\n" + sloResponse.toXMLString());
}
Issuer resIssuer = sloResponse.getIssuer();
String requestId = sloResponse.getInResponseTo();
SAML2Utils.verifyResponseIssuer(realm, hostEntity, resIssuer, requestId);
String remoteEntityID = sloResponse.getIssuer().getValue();
verifySLOResponse(sloResponse, realm, remoteEntityID, hostEntity, hostRole);
boolean success = checkSLOResponse(sloResponse, requestID);
if (debug.messageEnabled()) {
debug.message("Request success : " + success);
}
if (success == false) {
if (SPCache.isFedlet) {
FedletAdapter fedletAdapter = SAML2Utils.getFedletAdapterClass(hostEntity, realm);
if (fedletAdapter != null) {
fedletAdapter.onFedletSLOFailure(request, response, sloRequest, sloResponse, hostEntity, remoteEntityID, SAML2Constants.SOAP);
}
}
throw new SAML2Exception(SAML2Utils.bundle.getString("sloFailed"));
} else {
// invoke SPAdapter for postSLOSuccess : SP inited SOAP
if ((hostRole != null) && hostRole.equals(SAML2Constants.SP_ROLE)) {
if (SPCache.isFedlet) {
FedletAdapter fedletAdapter = SAML2Utils.getFedletAdapterClass(hostEntity, realm);
if (fedletAdapter != null) {
fedletAdapter.onFedletSLOSuccess(request, response, sloRequest, sloResponse, hostEntity, remoteEntityID, SAML2Constants.SOAP);
}
} else {
SPSingleLogout.postSingleLogoutSuccess(hostEntity, realm, request, response, userId, sloRequest, sloResponse, SAML2Constants.SOAP);
}
}
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
FedletAdapter(com.sun.identity.saml2.plugins.FedletAdapter)
LogoutResponse(com.sun.identity.saml2.protocol.LogoutResponse)
Issuer(com.sun.identity.saml2.assertion.Issuer)
SOAPException(javax.xml.soap.SOAPException)
SingleLogoutServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
Element(org.w3c.dom.Element)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
SOAPMessage(javax.xml.soap.SOAPMessage)
Example 17 with SOAPMessage
use of javax.xml.soap.SOAPMessage in project OpenAM by OpenRock.
the class FSSOAPReceiver method onMessage.
/**
* Process the request.
* @param request http request object
* @param response http response object
* @param message received soap message
*/
public void onMessage(HttpServletRequest request, HttpServletResponse response, SOAPMessage message) {
FSUtils.debug.message("FSSOAPReceiver.onMessage: Called");
try {
Element elt = soapService.parseSOAPMessage(message);
if (elt == null) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing saml:Request. Invalid SOAPMessage");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
String eltTagName = (elt.getTagName().trim());
String ns = elt.getNamespaceURI().trim();
String nodeName = elt.getLocalName().trim();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver.onMessage: " + "tagName: " + eltTagName + " namespaceUri: " + ns + " localName: " + nodeName);
}
//check for saml:Request
if (nodeName.equalsIgnoreCase("Request") && ns.equalsIgnoreCase(IFSConstants.PROTOCOL_NAMESPACE_URI)) {
SOAPMessage retMessage = null;
try {
FSSAMLRequest samlRequest = new FSSAMLRequest(elt);
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager == null) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "could not create meta instance");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
String metaAlias = FSServiceUtils.getMetaAlias(request);
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
String hostedEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
IDPDescriptorType hostedDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
FSServiceManager sm = FSServiceManager.getInstance();
FSSSOBrowserArtifactProfileHandler handler = (FSSSOBrowserArtifactProfileHandler) sm.getBrowserArtifactSSOAndFedHandler(request, response, samlRequest);
handler.setSOAPMessage(message);
handler.setSAMLRequestElement(elt);
handler.setHostedEntityId(hostedEntityId);
handler.setHostedDescriptor(hostedDesc);
handler.setHostedDescriptorConfig(hostedConfig);
handler.setMetaAlias(metaAlias);
handler.setRealm(realm);
FSResponse samlResponse = handler.processSAMLRequest(samlRequest);
if (samlResponse != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver.onMessage: " + "SAML Response created: " + samlResponse.toXMLString());
}
} else {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "SAML Response is null");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
// introduce id attribute for Assertion bind in
// SOAPEnvelope and sign
retMessage = soapService.bind(((FSResponse) samlResponse).toXMLString(true, true));
if (FSServiceUtils.isSigningOn()) {
List assList = samlResponse.getAssertion();
Iterator iter = assList.iterator();
while (iter.hasNext()) {
FSAssertion assertion = (FSAssertion) iter.next();
String id = assertion.getID();
Document doc = (Document) FSServiceUtils.createSOAPDOM(retMessage);
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("SOAPReceiver.onMessage: couldn't " + "obtain this site's cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString("cannotFindCertAlias"));
}
XMLSignatureManager manager = XMLSignatureManager.getInstance();
int minorVersion = assertion.getMinorVersion();
if (minorVersion == IFSConstants.FF_11_ASSERTION_MINOR_VERSION) {
manager.signXML(doc, certAlias, SystemConfigurationUtil.getProperty(SAMLConstants.XMLSIG_ALGORITHM), IFSConstants.ID, id, false);
} else if (minorVersion == IFSConstants.FF_12_POST_ASSERTION_MINOR_VERSION || minorVersion == IFSConstants.FF_12_ART_ASSERTION_MINOR_VERSION) {
manager.signXML(doc, certAlias, SystemConfigurationUtil.getProperty(SAMLConstants.XMLSIG_ALGORITHM), IFSConstants.ASSERTION_ID, assertion.getAssertionID(), false);
} else {
FSUtils.debug.error("invalid minor version.");
}
retMessage = FSServiceUtils.convertDOMToSOAP(doc);
}
}
if (retMessage == null) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing saml:Request");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
} catch (SAMLException se) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing saml:Request:", se);
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
} catch (IDFFMetaException me) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing saml:Request:", me);
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
returnSOAPMessage(retMessage, response);
return;
}
if (nodeName.equalsIgnoreCase("AuthnRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
SOAPMessage retMessage = null;
try {
FSAuthnRequest authnRequest = new FSAuthnRequest(elt);
handleLECPRequest(request, response, authnRequest);
retMessage = null;
} catch (FSException e) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing lecp AuthnRequest:", e);
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
returnSOAPMessage(retMessage, response);
return;
} else if (nodeName.equalsIgnoreCase("RegisterNameIdentifierRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
SOAPMessage retMessage = null;
boolean isError = false;
String providerAlias = null;
ProviderDescriptorType hostedProviderDesc = null;
BaseConfigType hostedConfig = null;
String realm = null;
String hostedEntityId = null;
String hostedRole = null;
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver.onMessage: " + "Handling NameRegistrationRequest");
}
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager == null) {
FSUtils.debug.message("Unable to get meta manager");
isError = true;
} else {
providerAlias = FSServiceUtils.getMetaAlias(request);
if (providerAlias == null || providerAlias.length() < 1) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to retrieve alias" + "Hosted Provider. Cannot process request");
}
isError = true;
}
realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
try {
hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedRole != null && hostedRole.equals(IFSConstants.IDP)) {
hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
} else if (hostedRole != null && hostedRole.equals(IFSConstants.SP)) {
hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
}
if (hostedProviderDesc == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException eam) {
FSUtils.debug.error("Unable to find Hosted Provider. " + "Cannot process request");
isError = true;
}
}
if (isError || hostedProviderDesc == null) {
returnSOAPMessage(retMessage, response);
return;
} else {
FSNameRegistrationResponse regisResponse = handleRegistrationRequest(elt, message, hostedProviderDesc, hostedConfig, hostedRole, realm, hostedEntityId, providerAlias, request, response);
if (regisResponse == null) {
FSUtils.debug.error("Error in creating NameRegistration Response");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
retMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver.onMessage: " + "Completed creating response");
}
retMessage = soapService.bind(regisResponse.toXMLString(true, true));
FSUtils.debug.message("Completed bind message");
if (retMessage == null) {
FSUtils.debug.error("Error in processing NameRegistration " + "Response");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
retMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
} else {
if (FSServiceUtils.isSigningOn()) {
try {
int minorVersion = regisResponse.getMinorVersion();
if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
retMessage = signResponse(retMessage, IFSConstants.ID, regisResponse.getID(), hostedConfig);
} else if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
retMessage = signResponse(retMessage, IFSConstants.RESPONSE_ID, regisResponse.getResponseID(), hostedConfig);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("invalid minor version.");
}
}
} catch (SAMLException e) {
FSUtils.debug.error("FSNameRegistrationHandler:" + "sign soap Response failed", e);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
} catch (FSMsgException e) {
FSUtils.debug.error("FSNameRegistrationHandler::" + "signRegistrationResponse failed", e);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
}
}
}
}
if (FSUtils.debug.messageEnabled()) {
ByteArrayOutputStream bop = null;
String xmlString = null;
bop = new ByteArrayOutputStream();
retMessage.writeTo(bop);
xmlString = bop.toString(IFSConstants.DEFAULT_ENCODING);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("return SOAP message:" + xmlString);
}
}
returnSOAPMessage(retMessage, response);
return;
} catch (Exception se) {
FSUtils.debug.error("Error in processing Name Registration request" + se.getMessage());
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
retMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
returnSOAPMessage(retMessage, response);
}
} else if (nodeName.equalsIgnoreCase("NameIdentifierMappingRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
FSUtils.debug.message("FSSOAPReceiver:handling Name Identifier Mapping Request");
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
String metaAlias = FSServiceUtils.getMetaAlias(request);
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
String hostedEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
ProviderDescriptorType hostedDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
FSNameIdentifierMappingRequest mappingRequest = new FSNameIdentifierMappingRequest(elt);
if (FSServiceUtils.isSigningOn()) {
String remoteEntityId = mappingRequest.getProviderID();
ProviderDescriptorType remoteDesc = getRemoteProviderDescriptor(// it has to be idp
IFSConstants.IDP, remoteEntityId, realm);
if (remoteDesc == null) {
return;
}
if (verifyRequestSignature(elt, message, KeyUtil.getVerificationCert(remoteDesc, remoteEntityId, true))) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver: Success in verifying " + "Name Identifier Mapping Request");
}
} else {
FSUtils.debug.error("Failed verifying Name Identifier Mapping Request");
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
}
String targetNamespace = mappingRequest.getTargetNamespace();
String inResponseTo = mappingRequest.getRequestID();
Status status = new Status(new StatusCode("samlp:Success"));
FSNameMappingHandler idpHandler = new FSNameMappingHandler(hostedEntityId, hostedDesc, hostedConfig, metaAlias);
NameIdentifier nameIdentifier = idpHandler.getNameIdentifier(mappingRequest, targetNamespace, false);
String enableEncryption = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.ENABLE_NAMEID_ENCRYPTION);
if (enableEncryption != null && enableEncryption.equalsIgnoreCase("true")) {
nameIdentifier = EncryptedNameIdentifier.getEncryptedNameIdentifier(nameIdentifier, realm, targetNamespace);
}
FSNameIdentifierMappingResponse mappingResponse = new FSNameIdentifierMappingResponse(hostedEntityId, inResponseTo, status, nameIdentifier);
if (FSServiceUtils.isSigningOn()) {
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
mappingResponse.signXML(certAlias);
}
SOAPMessage retMessage = soapService.bind(mappingResponse.toXMLString(true, true));
returnSOAPMessage(retMessage, response);
return;
} else if (nodeName.equalsIgnoreCase("FederationTerminationNotification") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
try {
FSUtils.debug.message("calling FSSOAPReceiver::handleTerminationRequest");
boolean bHandleStatus = handleTerminationRequest(elt, message, request, response);
if (bHandleStatus) {
FSUtils.debug.message("Completed processing terminationRequest");
returnTerminationStatus(response);
return;
} else {
FSUtils.debug.message("Failed processing terminationRequest");
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
} catch (Exception se) {
FSUtils.debug.error("Error in processing Federation Termination Request", se);
String[] data = { IFSConstants.TERMINATION_REQUEST_PROCESSING_FAILED };
LogUtil.error(Level.INFO, LogUtil.TERMINATION_REQUEST_PROCESSING_FAILED, data);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
} else if (nodeName.equalsIgnoreCase("LogoutRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
try {
FSUtils.debug.message("calling FSSOAPReceiver::handleLogoutRequest");
ProviderDescriptorType hostedProviderDesc = null;
BaseConfigType hostedConfig = null;
String providerAlias = null;
String realm = null;
String hostedEntityId = null;
String hostedRole = null;
try {
providerAlias = FSServiceUtils.getMetaAlias(request);
realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedRole != null) {
if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
} else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
}
}
} catch (Exception e) {
FSUtils.debug.error("FSSOAPReceiver, provider", e);
}
FSLogoutNotification logoutRequest = new FSLogoutNotification(elt);
Map map = handleLogoutRequest(elt, logoutRequest, message, request, response, hostedProviderDesc, hostedConfig, providerAlias, realm, hostedEntityId, hostedRole);
String responseID = SAMLUtils.generateID();
String inResponseTo = logoutRequest.getRequestID();
String relayState = logoutRequest.getRelayState();
FSLogoutResponse resp = null;
boolean statusSuccess = false;
SOAPMessage retSoapMessage = null;
if (map == null) {
StatusCode statusCode = new StatusCode(IFSConstants.SAML_RESPONDER);
Status status = new Status(statusCode);
resp = new FSLogoutResponse(responseID, inResponseTo, status, hostedEntityId, relayState);
} else {
retSoapMessage = (SOAPMessage) map.get(MESSAGE);
SOAPPart sp = retSoapMessage.getSOAPPart();
SOAPEnvelope se = sp.getEnvelope();
SOAPBody sb = se.getBody();
if (sb.hasFault()) {
StatusCode secondLevelstatusCode = new StatusCode(IFSConstants.SAML_UNSUPPORTED);
StatusCode statusCode = new StatusCode(IFSConstants.SAML_RESPONDER, secondLevelstatusCode);
Status status = new Status(statusCode);
resp = new FSLogoutResponse(responseID, inResponseTo, status, hostedEntityId, relayState);
} else {
StatusCode statusCode = new StatusCode(IFSConstants.SAML_SUCCESS);
Status status = new Status(statusCode);
resp = new FSLogoutResponse(responseID, inResponseTo, status, hostedEntityId, relayState);
statusSuccess = true;
}
}
resp.setID(IFSConstants.LOGOUTID);
resp.setMinorVersion(logoutRequest.getMinorVersion());
retSoapMessage = soapService.bind(resp.toXMLString(true, true));
// Call SP Adapter postSingleLogoutSuccess for IDP/SOAP
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP) && statusSuccess) {
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver, " + "call postSingleLogoutSuccess, IDP/SOAP");
}
try {
spAdapter.postSingleLogoutSuccess(hostedEntityId, request, response, (String) map.get(USERID), logoutRequest, resp, IFSConstants.LOGOUT_IDP_SOAP_PROFILE);
} catch (Exception e) {
// ignore adapter exception
FSUtils.debug.error("postSingleLogoutSuccess." + "IDP/SOAP", e);
}
}
}
if (FSServiceUtils.isSigningOn()) {
try {
int minorVersion = resp.getMinorVersion();
if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
retSoapMessage = signResponse(retSoapMessage, IFSConstants.ID, resp.getID(), hostedConfig);
} else if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
retSoapMessage = signResponse(retSoapMessage, IFSConstants.RESPONSE_ID, resp.getResponseID(), hostedConfig);
} else {
FSUtils.debug.error("invalid minor version.");
}
} catch (SAMLException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LogoutResponse failed", e);
}
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
} catch (FSMsgException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LogoutResponse failed", e);
}
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Logout exception:", e);
}
}
}
returnSOAPMessage(retSoapMessage, response);
return;
} catch (Exception se) {
FSUtils.debug.error("Error in processing logout Request", se);
String[] data = { FSUtils.bundle.getString(IFSConstants.LOGOUT_REQUEST_PROCESSING_FAILED) };
LogUtil.error(Level.INFO, LogUtil.LOGOUT_REQUEST_PROCESSING_FAILED, data);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
}
//check for other Liberty msgs should go here
} catch (Exception e) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing Request: Exception occured: ", e);
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
java.io.ByteArrayOutputStream strm = new java.io.ByteArrayOutputStream();
e.printStackTrace(new java.io.PrintStream(strm));
FSUtils.debug.error(strm.toString());
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
Also used :
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
EncryptedNameIdentifier(com.sun.identity.federation.message.common.EncryptedNameIdentifier)
Element(org.w3c.dom.Element)
FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest)
FSLogoutNotification(com.sun.identity.federation.message.FSLogoutNotification)
SOAPEnvelope(javax.xml.soap.SOAPEnvelope)
Document(org.w3c.dom.Document)
SOAPMessage(javax.xml.soap.SOAPMessage)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSAssertion(com.sun.identity.federation.message.FSAssertion)
Iterator(java.util.Iterator)
FSException(com.sun.identity.federation.common.FSException)
SOAPPart(javax.xml.soap.SOAPPart)
List(java.util.List)
FSSAMLRequest(com.sun.identity.federation.message.FSSAMLRequest)
FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)
FSLogoutStatus(com.sun.identity.federation.services.logout.FSLogoutStatus)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
FSNameIdentifierMappingResponse(com.sun.identity.federation.message.FSNameIdentifierMappingResponse)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
SOAPException(javax.xml.soap.SOAPException)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSException(com.sun.identity.federation.common.FSException)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
SOAPBody(javax.xml.soap.SOAPBody)
FSSSOBrowserArtifactProfileHandler(com.sun.identity.federation.services.fednsso.FSSSOBrowserArtifactProfileHandler)
FSNameMappingHandler(com.sun.identity.federation.services.namemapping.FSNameMappingHandler)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
FSResponse(com.sun.identity.federation.message.FSResponse)
FSNameRegistrationResponse(com.sun.identity.federation.message.FSNameRegistrationResponse)
FSNameIdentifierMappingRequest(com.sun.identity.federation.message.FSNameIdentifierMappingRequest)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 18 with SOAPMessage
use of javax.xml.soap.SOAPMessage in project OpenAM by OpenRock.
the class FSBrowserArtifactConsumerHandler method processSAMLRequest.
/**
* Builds <code>SAML</code> request (with artifact),
* sends <code>SAML</code> request to <code>IDP</code> through
* <code>SOAP</code>, receives <code>SAML</code> response, then
* processes the response.
*/
public void processSAMLRequest() {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler.processSAMLRequest: Called");
String baseURL = FSServiceUtils.getBaseURL(request);
String framedPageURL = FSServiceUtils.getCommonLoginPageURL(hostMetaAlias, relayState, null, request, baseURL);
try {
FSSOAPService soapHelper = FSSOAPService.getInstance();
samlRequest.setID(samlRequest.getRequestID());
SOAPMessage msg = soapHelper.bind(samlRequest.toXMLString(true, true));
//sign here
if (FSServiceUtils.isSigningOn()) {
Document doc = (Document) FSServiceUtils.createSOAPDOM(msg);
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager == null) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: could not create meta " + "instance");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: couldn't obtain this site's cert" + " alias.");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: certAlias: " + certAlias);
}
XMLSignatureManager manager = XMLSignatureManager.getInstance();
int minorVersion = samlRequest.getMinorVersion();
if (minorVersion == IFSConstants.FF_11_SAML_PROTOCOL_MINOR_VERSION) {
manager.signXML(doc, certAlias, SystemConfigurationUtil.getProperty(SAMLConstants.XMLSIG_ALGORITHM), IFSConstants.ID, samlRequest.getID(), false);
} else if (minorVersion == IFSConstants.FF_12_SAML_PROTOCOL_MINOR_VERSION) {
manager.signXML(doc, certAlias, SystemConfigurationUtil.getProperty(SAMLConstants.XMLSIG_ALGORITHM), IFSConstants.REQUEST_ID, samlRequest.getRequestID(), false, IFSConstants.ARTIFACT_XPATH);
} else {
FSUtils.debug.message("invalid minor version.");
}
msg = FSServiceUtils.convertDOMToSOAP(doc);
}
//call with saml request
SOAPMessage retMsg = soapHelper.doSyncCall(response, msg, idpDescriptor, false);
if (retMsg == null) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: " + FSUtils.bundle.getString("invalidSOAPResponse") + " Response SOAPMessage is null");
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
//getback response
samlResponseElt = soapHelper.parseSOAPMessage(retMsg);
if ((samlResponseElt != null) && (samlResponseElt.getLocalName().trim()).equals("Fault")) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: " + FSUtils.bundle.getString("invalidSOAPResponse") + " SOAPFault occured");
String[] data = { FSUtils.bundle.getString("invalidSOAPResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_SOAP_RESPONSE, data);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
} else if ((samlResponseElt != null) && (samlResponseElt.getLocalName().trim()).equals("Response")) {
samlResponse = new FSResponse(samlResponseElt);
if (samlResponse == null) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: " + FSUtils.bundle.getString("invalidSOAPResponse") + " Could not create SAML Response");
String[] data = { FSUtils.bundle.getString("invalidSOAPResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_SOAP_RESPONSE, data);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
} else {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: " + FSUtils.bundle.getString("invalidSOAPResponse") + " SOAP response does not contain samlp:Response");
String[] data = { FSUtils.bundle.getString("invalidSOAPResponse") };
LogUtil.error(Level.INFO, LogUtil.INVALID_SOAP_RESPONSE, data);
FSUtils.forwardRequest(request, response, framedPageURL);
return;
}
//process saml response
processSAMLResponse((FSResponse) samlResponse);
return;
} catch (Exception e) {
StringWriter baos = new StringWriter();
e.printStackTrace(new PrintWriter(baos));
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: Exception occured: " + e.getMessage() + "\n" + baos.getBuffer().toString());
try {
FSUtils.forwardRequest(request, response, framedPageURL);
} catch (Exception ex) {
FSUtils.debug.error("FSBrowserArtifactConsumerHandler." + "processSAMLRequest: IOException occured: ", e);
}
return;
}
}
Also used :
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
FSResponse(com.sun.identity.federation.message.FSResponse)
XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager)
FSSOAPService(com.sun.identity.federation.services.FSSOAPService)
Document(org.w3c.dom.Document)
SOAPMessage(javax.xml.soap.SOAPMessage)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SAMLException(com.sun.identity.saml.common.SAMLException)
FSException(com.sun.identity.federation.common.FSException)
Example 19 with SOAPMessage
use of javax.xml.soap.SOAPMessage in project OpenAM by OpenRock.
the class FSSOAPService method sendMessage.
/*
* Sends the passed SOAPMessage to the SOAPEndpoint URL
* that is passed.
* @param msg the <code>SOAPMessage</code> to be sent
* @param soapEndPoint the SOAPEndpoint URL of remote provider
* @return SOAPMessage response message from remote provider
* @exception IOException, SOAPException if error occurrs
*/
public SOAPMessage sendMessage(SOAPMessage msg, String soapEndPoint) throws IOException, SOAPException {
try {
FSUtils.debug.message("just started in func sendMessage");
if (soapEndPoint == null) {
FSUtils.debug.error("createSOAPReceiverURL Error!");
String[] data = { soapEndPoint };
LogUtil.error(Level.INFO, LogUtil.FAILED_SOAP_URL_END_POINT_CREATION, data);
return null;
}
// Send the message to the provider using the connection.
ByteArrayOutputStream output = new ByteArrayOutputStream();
msg.writeTo(output);
String xmlString = output.toString(IFSConstants.DEFAULT_ENCODING);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("SENDING message: \n " + xmlString + "\nURLEndpoint :" + soapEndPoint + "\nSOAP CALL");
}
SOAPConnection con = scf.createConnection();
SOAPMessage reply = con.call(msg, soapEndPoint);
FSUtils.debug.message("SOAP CALL COMPLETED");
if (reply == null) {
return null;
}
// check the SOAP message for any SOAP related errors
// before passing control to SAML processor
output = new ByteArrayOutputStream();
reply.writeTo(output);
xmlString = output.toString(IFSConstants.DEFAULT_ENCODING);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("REPLIED message: \n " + xmlString);
}
return reply;
} catch (Exception e) {
FSUtils.debug.error("In catch of sendMessage", e);
return null;
}
}
Also used :
SOAPConnection(javax.xml.soap.SOAPConnection)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
SOAPMessage(javax.xml.soap.SOAPMessage)
SOAPException(javax.xml.soap.SOAPException)
FSException(com.sun.identity.federation.common.FSException)
IOException(java.io.IOException)
Example 20 with SOAPMessage
use of javax.xml.soap.SOAPMessage in project OpenAM by OpenRock.
the class FSSOAPService method doSyncCall.
/*
* Sends a synchronous SOAPMessage to remote provider.
* @param response the http response object
* @param msg the <code>SOAPMessage</code> to be sent
* @param partnerDecriptor the remote provider meta descriptor
* @param needAuthn determines forced authn
* @return <code>SOAPMessage</code> corresponding to liberty
* request/response message
* @exception IOException, SOAPException if error occurrs
*/
public SOAPMessage doSyncCall(HttpServletResponse response, SOAPMessage msg, ProviderDescriptorType partnerDecriptor, boolean needAuthn) throws IOException, SOAPException {
FSUtils.debug.message("FSSOAPService.doSyncCall: Called");
String soapURL = createSOAPReceiverUrl(response, partnerDecriptor, false);
if (soapURL == null) {
FSUtils.debug.error("FSSOAPService.doSyncCall: " + "createSOAPReceiverURL Error!");
String[] data = { FSUtils.bundle.getString("failCreateURLEndpoint") };
LogUtil.error(Level.INFO, LogUtil.FAILED_SOAP_URL_END_POINT_CREATION, data);
return null;
}
// Send the message to the provider using the connection.
ByteArrayOutputStream output = new ByteArrayOutputStream();
msg.writeTo(output);
String xmlString = output.toString(IFSConstants.DEFAULT_ENCODING);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPService.doSyncCall: SENDING message\n" + xmlString);
}
SOAPConnection con = scf.createConnection();
SOAPMessage reply = con.call(msg, soapURL);
if (reply == null) {
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("noReplyfromSOAPReceiver"));
return null;
}
// check the SOAP message for any SOAP related errors
// before passing control to SAML processor
output = new ByteArrayOutputStream();
reply.writeTo(output);
xmlString = output.toString(IFSConstants.DEFAULT_ENCODING);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPService.doSyncCall: REPLIED message:\n" + xmlString);
}
return reply;
}
Also used :
SOAPConnection(javax.xml.soap.SOAPConnection)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
SOAPMessage(javax.xml.soap.SOAPMessage)
Aggregations
SOAPMessage (javax.xml.soap.SOAPMessage)219
SOAPException (javax.xml.soap.SOAPException)87
SOAPBody (javax.xml.soap.SOAPBody)47
Test (org.junit.Test)46
InputStream (java.io.InputStream)45
QName (javax.xml.namespace.QName)45
Element (org.w3c.dom.Element)44
IOException (java.io.IOException)40
MessageFactory (javax.xml.soap.MessageFactory)40
SoapMessage (org.apache.cxf.binding.soap.SoapMessage)30
SOAPElement (javax.xml.soap.SOAPElement)28
ByteArrayInputStream (java.io.ByteArrayInputStream)26
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)25
XMLStreamReader (javax.xml.stream.XMLStreamReader)25
Node (org.w3c.dom.Node)24
Document (org.w3c.dom.Document)22
URL (java.net.URL)21
SOAPPart (javax.xml.soap.SOAPPart)21
Exchange (org.apache.cxf.message.Exchange)19
MessageImpl (org.apache.cxf.message.MessageImpl)19
