Example 36 with SOAPMessage
use of javax.xml.soap.SOAPMessage in project OpenAM by OpenRock.
the class IDPArtifactResolution method doArtifactResolution.
/**
* This method processes the artifact resolution request coming
* from a service provider. It processes the artifact
* resolution request sent by the service provider and
* sends back a proper SOAPMessage that contains an Assertion.
*
* @param request the <code>HttpServletRequest</code> object
* @param response the <code>HttpServletResponse</code> object
*/
public static void doArtifactResolution(HttpServletRequest request, HttpServletResponse response) {
String classMethod = "IDPArtifactResolution.doArtifactResolution: ";
try {
String idpMetaAlias = request.getParameter(SAML2MetaManager.NAME_META_ALIAS_IN_URI);
if ((idpMetaAlias == null) || (idpMetaAlias.trim().length() == 0)) {
idpMetaAlias = SAML2MetaUtils.getMetaAliasByUri(request.getRequestURI());
}
if ((idpMetaAlias == null) || (idpMetaAlias.trim().length() == 0)) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "unable to get IDP meta alias from request.");
}
String[] data = { idpMetaAlias };
LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, data, null);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "nullIDPMetaAlias", SAML2Utils.bundle.getString("nullIDPMetaAlias"));
return;
}
// retrieve IDP entity id from meta alias
String idpEntityID = null;
String realm = null;
try {
idpEntityID = IDPSSOUtil.metaManager.getEntityByMetaAlias(idpMetaAlias);
if ((idpEntityID == null) || (idpEntityID.trim().length() == 0)) {
SAMLUtils.debug.error(classMethod + "Unable to get IDP Entity ID from meta.");
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.INVALID_IDP, data, null);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "nullIDPEntityID", SAML2Utils.bundle.getString("nullIDPEntityID"));
return;
}
realm = SAML2MetaUtils.getRealmByMetaAlias(idpMetaAlias);
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error(classMethod + "Unable to get IDP Entity ID from meta.");
String[] data = { idpMetaAlias };
LogUtil.error(Level.INFO, LogUtil.IDP_METADATA_ERROR, data, null);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "metaDataError", SAML2Utils.bundle.getString("metaDataError"));
return;
}
if (!SAML2Utils.isIDPProfileBindingSupported(realm, idpEntityID, SAML2Constants.ARTIFACT_RESOLUTION_SERVICE, SAML2Constants.SOAP)) {
SAML2Utils.debug.error(classMethod + "Artifact Resolution Service binding: Redirect is not " + "supported for " + idpEntityID);
String[] data = { idpEntityID, SAML2Constants.SOAP };
LogUtil.error(Level.INFO, LogUtil.BINDING_NOT_SUPPORTED, data, null);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_BAD_REQUEST, "unsupportedBinding", SAML2Utils.bundle.getString("unsupportedBinding"));
return;
}
try {
// Get all the headers from the HTTP request
MimeHeaders headers = getHeaders(request);
// Get the body of the HTTP request
InputStream is = request.getInputStream();
SOAPMessage msg = messageFactory.createMessage(headers, is);
SOAPMessage reply = null;
reply = onMessage(msg, request, response, realm, idpEntityID);
if (reply != null) {
/* Need to call saveChanges because we're
* going to use the MimeHeaders to set HTTP
* response information. These MimeHeaders
* are generated as part of the save. */
if (reply.saveRequired()) {
reply.saveChanges();
}
response.setStatus(HttpServletResponse.SC_OK);
putHeaders(reply.getMimeHeaders(), response);
// Write out the message on the response stream
OutputStream outputStream = response.getOutputStream();
reply.writeTo(outputStream);
outputStream.flush();
} else {
response.setStatus(HttpServletResponse.SC_NO_CONTENT);
}
} catch (SOAPException ex) {
SAML2Utils.debug.error(classMethod + "SOAP error", ex);
String[] data = { idpEntityID };
LogUtil.error(Level.INFO, LogUtil.INVALID_SOAP_MESSAGE, data, null);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "invalidSOAPMessage", SAML2Utils.bundle.getString("invalidSOAPMessage") + " " + ex.getMessage());
return;
} catch (SAML2Exception se) {
SAML2Utils.debug.error(classMethod + "SAML2 error", se);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "unableToCreateArtifactResponse", SAML2Utils.bundle.getString("unableToCreateArtifactResponse") + " " + se.getMessage());
return;
}
} catch (IOException ioe) {
SAML2Utils.debug.error(classMethod + "I/O rrror", ioe);
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
MimeHeaders(javax.xml.soap.MimeHeaders)
InputStream(java.io.InputStream)
OutputStream(java.io.OutputStream)
SOAPException(javax.xml.soap.SOAPException)
IOException(java.io.IOException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
SOAPMessage(javax.xml.soap.SOAPMessage)
Example 37 with SOAPMessage
use of javax.xml.soap.SOAPMessage in project OpenAM by OpenRock.
the class IDPArtifactResolution method onMessage.
/**
* This method generates a <code>SOAPMessage</code> containing the
* <code>ArtifactResponse</code> that is corresponding to the
* <code>ArtifactResolve</code> contained in the
* <code>SOAPMessage</code> passed in.
*
* @param message <code>SOAPMessage</code> contains a
* <code>ArtifactResolve</code>
* @param request the <code>HttpServletRequest</code> object
* @param realm the realm to where the identity provider belongs
* @param idpEntityID the entity id of the identity provider
*
* @return <code>SOAPMessage</code> contains the
* <code>ArtifactResponse</code>
* @exception SAML2Exception if the operation is not successful
*/
public static SOAPMessage onMessage(SOAPMessage message, HttpServletRequest request, HttpServletResponse response, String realm, String idpEntityID) throws SAML2Exception {
String classMethod = "IDPArtifactResolution.onMessage: ";
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "Entering onMessage().");
}
Element reqElem = SOAPCommunicator.getInstance().getSamlpElement(message, "ArtifactResolve");
ArtifactResolve artResolve = ProtocolFactory.getInstance().createArtifactResolve(reqElem);
if (artResolve == null) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "no valid ArtifactResolve node found in SOAP body.");
}
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "noArtifactResolve", null);
}
String spEntityID = artResolve.getIssuer().getValue();
if (!SAML2Utils.isSourceSiteValid(artResolve.getIssuer(), realm, idpEntityID)) {
SAML2Utils.debug.error(classMethod + spEntityID + " is not trusted issuer.");
String[] data = { idpEntityID, realm, artResolve.getID() };
LogUtil.error(Level.INFO, LogUtil.INVALID_ISSUER_REQUEST, data, null);
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "invalidIssuerInRequest", null);
}
SPSSODescriptorElement spSSODescriptor = null;
try {
spSSODescriptor = IDPSSOUtil.metaManager.getSPSSODescriptor(realm, spEntityID);
} catch (SAML2MetaException sme) {
SAML2Utils.debug.error(classMethod, sme);
spSSODescriptor = null;
}
if (spSSODescriptor == null) {
SAML2Utils.debug.error(classMethod + "Unable to get SP SSO Descriptor from meta.");
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "metaDataError", null);
}
OrderedSet acsSet = SPSSOFederate.getACSUrl(spSSODescriptor, SAML2Constants.HTTP_ARTIFACT);
String acsURL = (String) acsSet.get(0);
//String protocolBinding = (String) acsSet.get(1);
String isArtifactResolveSigned = SAML2Utils.getAttributeValueFromSSOConfig(realm, idpEntityID, SAML2Constants.IDP_ROLE, SAML2Constants.WANT_ARTIFACT_RESOLVE_SIGNED);
if ((isArtifactResolveSigned != null) && (isArtifactResolveSigned.equals(SAML2Constants.TRUE))) {
if (!artResolve.isSigned()) {
SAML2Utils.debug.error(classMethod + "The artifact resolve is not signed " + "when it is expected to be signed.");
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "ArtifactResolveNotSigned", null);
}
Set<X509Certificate> verificationCerts = KeyUtil.getVerificationCerts(spSSODescriptor, spEntityID, SAML2Constants.SP_ROLE);
if (!artResolve.isSignatureValid(verificationCerts)) {
SAML2Utils.debug.error(classMethod + "artifact resolve verification failed.");
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "invalidArtifact", null);
}
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "artifact resolve signature verification is successful.");
}
}
Artifact art = artResolve.getArtifact();
if (art == null) {
SAML2Utils.debug.error(classMethod + "Unable to get an artifact from ArtifactResolve.");
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "invalidArtifactSignature", null);
}
String artStr = art.getArtifactValue();
Response res = (Response) IDPCache.responsesByArtifacts.remove(artStr);
String remoteArtURL = null;
boolean saml2FailoverEnabled = SAML2FailoverUtils.isSAML2FailoverEnabled();
if (res == null) {
// in LB case, artifact may reside on the other server.
String targetServerID = SAML2Utils.extractServerId(art.getMessageHandle());
if (targetServerID == null) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "target serverID is null");
}
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "InvalidArtifactId", null);
}
String localServerID = SAML2Utils.getLocalServerID();
boolean localTarget = localServerID.equals(targetServerID);
if (!localTarget) {
if (!SystemConfigurationUtil.isValidServerId(targetServerID)) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "target serverID is not valid: " + targetServerID);
}
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "InvalidArtifactId", null);
}
try {
String remoteServiceURL = SystemConfigurationUtil.getServerFromID(targetServerID);
remoteArtURL = remoteServiceURL + SAML2Utils.removeDeployUri(request.getRequestURI());
SOAPConnection con = SOAPCommunicator.getInstance().openSOAPConnection();
SOAPMessage resMsg = con.call(message, remoteArtURL);
return resMsg;
} catch (Exception ex) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "unable to forward request to remote server. " + "remote url = " + remoteArtURL, ex);
}
if (!saml2FailoverEnabled) {
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "RemoteArtifactResolutionFailed", null);
}
// when the target server is running but the remote call was
// failed to this server (due to a network error)
// and the saml2failover is enabled, we can still find the
// artifact in the SAML2 repository.
// However the cached entry in the target server will not be
// deleted this way.
}
}
if (saml2FailoverEnabled) {
// Check the SAML2 Token Repository
try {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("Artifact=" + artStr);
}
String tmp = (String) SAML2FailoverUtils.retrieveSAML2Token(artStr);
res = ProtocolFactory.getInstance().createResponse(tmp);
} catch (SAML2Exception e) {
SAML2Utils.debug.error(classMethod + " SAML2 ERROR!!!", e);
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "UnableToFindResponseInRepo", null);
} catch (SAML2TokenRepositoryException se) {
SAML2Utils.debug.error(classMethod + " There was a problem reading the response " + "from the SAML2 Token Repository using artStr:" + artStr, se);
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "UnableToFindResponseInRepo", null);
}
}
}
if (res == null) {
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, saml2FailoverEnabled ? "UnableToFindResponseInRepo" : "UnableToFindResponse", null);
}
// Remove Response from SAML2 Token Repository
try {
if (saml2FailoverEnabled) {
SAML2FailoverUtils.deleteSAML2Token(artStr);
}
} catch (SAML2TokenRepositoryException e) {
SAML2Utils.debug.error(classMethod + " Error deleting the response from the SAML2 Token Repository using artStr:" + artStr, e);
}
Map props = new HashMap();
String nameIDString = SAML2Utils.getNameIDStringFromResponse(res);
if (nameIDString != null) {
props.put(LogUtil.NAME_ID, nameIDString);
}
// check if need to sign the assertion
boolean signAssertion = spSSODescriptor.isWantAssertionsSigned();
if (signAssertion) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "signing the assertion.");
}
}
// encrypt the assertion or its NameID and/or Attribute based
// on SP config setting and sign the assertion.
IDPSSOUtil.signAndEncryptResponseComponents(realm, spEntityID, idpEntityID, res, signAssertion);
ArtifactResponse artResponse = ProtocolFactory.getInstance().createArtifactResponse();
Status status = ProtocolFactory.getInstance().createStatus();
StatusCode statusCode = ProtocolFactory.getInstance().createStatusCode();
statusCode.setValue(SAML2Constants.SUCCESS);
status.setStatusCode(statusCode);
// set the idp entity id as the response issuer
Issuer issuer = AssertionFactory.getInstance().createIssuer();
issuer.setValue(idpEntityID);
artResponse.setStatus(status);
artResponse.setID(SAML2Utils.generateID());
artResponse.setInResponseTo(artResolve.getID());
artResponse.setVersion(SAML2Constants.VERSION_2_0);
artResponse.setIssueInstant(new Date());
artResponse.setAny(res.toXMLString(true, true));
artResponse.setIssuer(issuer);
artResponse.setDestination(XMLUtils.escapeSpecialCharacters(acsURL));
String wantArtifactResponseSigned = SAML2Utils.getAttributeValueFromSSOConfig(realm, spEntityID, SAML2Constants.SP_ROLE, SAML2Constants.WANT_ARTIFACT_RESPONSE_SIGNED);
if ((wantArtifactResponseSigned != null) && (wantArtifactResponseSigned.equals(SAML2Constants.TRUE))) {
KeyProvider kp = KeyUtil.getKeyProviderInstance();
if (kp == null) {
SAML2Utils.debug.error(classMethod + "Unable to get a key provider instance.");
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "nullKeyProvider", null);
}
String idpSignCertAlias = SAML2Utils.getSigningCertAlias(realm, idpEntityID, SAML2Constants.IDP_ROLE);
if (idpSignCertAlias == null) {
SAML2Utils.debug.error(classMethod + "Unable to get the hosted IDP signing certificate alias.");
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "missingSigningCertAlias", null);
}
String encryptedKeyPass = SAML2Utils.getSigningCertEncryptedKeyPass(realm, idpEntityID, SAML2Constants.IDP_ROLE);
PrivateKey key;
if (encryptedKeyPass == null || encryptedKeyPass.isEmpty()) {
key = kp.getPrivateKey(idpSignCertAlias);
} else {
key = kp.getPrivateKey(idpSignCertAlias, encryptedKeyPass);
}
artResponse.sign(key, kp.getX509Certificate(idpSignCertAlias));
}
String str = artResponse.toXMLString(true, true);
String[] logdata = { idpEntityID, artStr, str };
LogUtil.access(Level.INFO, LogUtil.ARTIFACT_RESPONSE, logdata, null, props);
if (str != null) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "ArtifactResponse message:\n" + str);
}
} else {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(classMethod + "Unable to print ArtifactResponse message.");
}
}
SOAPMessage msg = null;
try {
msg = SOAPCommunicator.getInstance().createSOAPMessage(str, false);
} catch (SOAPException se) {
SAML2Utils.debug.error(classMethod + "Unable to create a SOAPMessage and add a document ", se);
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "unableToCreateSOAPMessage", null);
}
return msg;
}
Also used :
KeyProvider(com.sun.identity.saml.xmlsig.KeyProvider)
PrivateKey(java.security.PrivateKey)
HashMap(java.util.HashMap)
Issuer(com.sun.identity.saml2.assertion.Issuer)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
Element(org.w3c.dom.Element)
SOAPConnection(javax.xml.soap.SOAPConnection)
SOAPMessage(javax.xml.soap.SOAPMessage)
StatusCode(com.sun.identity.saml2.protocol.StatusCode)
ArtifactResolve(com.sun.identity.saml2.protocol.ArtifactResolve)
SOAPException(javax.xml.soap.SOAPException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
Status(com.sun.identity.saml2.protocol.Status)
OrderedSet(com.sun.identity.shared.datastruct.OrderedSet)
X509Certificate(java.security.cert.X509Certificate)
Artifact(com.sun.identity.saml2.protocol.Artifact)
SOAPException(javax.xml.soap.SOAPException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)
IOException(java.io.IOException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Date(java.util.Date)
Response(com.sun.identity.saml2.protocol.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ArtifactResponse(com.sun.identity.saml2.protocol.ArtifactResponse)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
ArtifactResponse(com.sun.identity.saml2.protocol.ArtifactResponse)
SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 38 with SOAPMessage
use of javax.xml.soap.SOAPMessage in project OpenAM by OpenRock.
the class IDPSSOUtil method sendResponseECP.
/**
* This method sends SAML Response back to ECP.
*
* @param request The servlet request.
* @param response The servlet response.
* @param out The print writer for writing out presentation.
* @param idpEntityID the entity id of the identity provider
* @param realm the realm name of the identity provider
* @param acsURL the assertion consumer service <code>URL</code>
* @param res the <code>SAML Response</code> object
* @throws SAML2Exception if the operation is not successful
*/
public static void sendResponseECP(HttpServletRequest request, HttpServletResponse response, PrintWriter out, String idpEntityID, String realm, String acsURL, Response res) throws SAML2Exception {
ECPFactory ecpFactory = ECPFactory.getInstance();
ECPResponse ecpResponse = ecpFactory.createECPResponse();
ecpResponse.setMustUnderstand(Boolean.TRUE);
ecpResponse.setActor(SAML2Constants.SOAP_ACTOR_NEXT);
ecpResponse.setAssertionConsumerServiceURL(acsURL);
String header = ecpResponse.toXMLString(true, true);
String body = res.toXMLString(true, true);
try {
SOAPMessage reply = SOAPCommunicator.getInstance().createSOAPMessage(header, body, false);
String[] logdata = { idpEntityID, realm, acsURL, "" };
if (LogUtil.isAccessLoggable(Level.FINE)) {
logdata[3] = SOAPCommunicator.getInstance().soapMessageToString(reply);
}
LogUtil.access(Level.INFO, LogUtil.SEND_ECP_RESPONSE, logdata, null);
// are generated as part of the save.
if (reply.saveRequired()) {
reply.saveChanges();
}
response.setStatus(HttpServletResponse.SC_OK);
SAML2Utils.putHeaders(reply.getMimeHeaders(), response);
// Write out the message on the response stream
ByteArrayOutputStream stream = new ByteArrayOutputStream();
reply.writeTo(stream);
out.println(stream.toString());
out.flush();
} catch (Exception ex) {
SAML2Utils.debug.error("IDPSSOUtil.sendResponseECP", ex);
String[] data = { idpEntityID, realm, acsURL };
LogUtil.error(Level.INFO, LogUtil.SEND_ECP_RESPONSE_FAILED, data, null);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "failedToSendECPResponse", ex.getMessage());
return;
}
}
Also used :
ECPResponse(com.sun.identity.saml2.ecp.ECPResponse)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
SOAPMessage(javax.xml.soap.SOAPMessage)
ECPFactory(com.sun.identity.saml2.ecp.ECPFactory)
SAML2InvalidNameIDPolicyException(com.sun.identity.saml2.common.SAML2InvalidNameIDPolicyException)
SessionException(com.sun.identity.plugin.session.SessionException)
COTException(com.sun.identity.cot.COTException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)
IOException(java.io.IOException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Example 39 with SOAPMessage
use of javax.xml.soap.SOAPMessage in project OpenAM by OpenRock.
the class DoManageNameID method processSOAPRequest.
/**
* Parses the request parameters and process the ManageNameID
* Request from the remote entity.
*
* @param request the HttpServletRequest.
* @param response the HttpServletResponse.
* @param paramsMap Map of all other parameters.
* @throws SAML2Exception if error occurred while processing the request.
* @throws IOException if error generation DOM from input stream.
* @throws SOAPException if error generating soap message.
* @throws ServletException if request length is invalid.
*/
public static void processSOAPRequest(HttpServletRequest request, HttpServletResponse response, Map paramsMap) throws SAML2Exception, IOException, SOAPException, ServletException {
String method = "processSOAPRequest: ";
String metaAlias = null;
String remoteEntityID = null;
String requestURL = request.getRequestURI();
String hostEntityRole = SAML2Utils.getHostEntityRole(paramsMap);
// handle DOS attack
SAMLUtils.checkHTTPContentLength(request);
metaAlias = SAML2MetaUtils.getMetaAliasByUri(requestURL);
if (metaAlias == null) {
logError("MetaAliasNotFound", LogUtil.MISSING_META_ALIAS, metaAlias);
throw new SAML2Exception(SAML2Utils.bundle.getString("MetaAliasNotFound"));
}
String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
String hostEntity = metaManager.getEntityByMetaAlias(metaAlias);
boolean isSupported = false;
if (SAML2Constants.IDP_ROLE.equals(hostEntityRole)) {
isSupported = SAML2Utils.isIDPProfileBindingSupported(realm, hostEntity, SAML2Constants.MNI_SERVICE, SAML2Constants.SOAP);
} else {
isSupported = SAML2Utils.isSPProfileBindingSupported(realm, hostEntity, SAML2Constants.MNI_SERVICE, SAML2Constants.SOAP);
}
if (!isSupported) {
debug.error(method + "MNI binding: SOAP is not supported for " + hostEntity);
String[] data = { hostEntity, SAML2Constants.SOAP };
LogUtil.error(Level.INFO, LogUtil.BINDING_NOT_SUPPORTED, data, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
// Retrieve a SOAPMessage
SOAPMessage message = SOAPCommunicator.getInstance().getSOAPMessage(request);
ManageNameIDRequest mniRequest = getMNIRequest(message);
remoteEntityID = mniRequest.getIssuer().getValue();
if (remoteEntityID == null) {
logError("nullRemoteEntityID", LogUtil.MISSING_ENTITY, metaAlias);
throw new SAML2Exception(SAML2Utils.bundle.getString("nullRemoteEntityID"));
}
if (debug.messageEnabled()) {
debug.message(method + "Meta Alias is : " + metaAlias);
debug.message(method + "Host EntityID is : " + hostEntity);
debug.message(method + "Remote EntityID is : " + remoteEntityID);
}
String dest = mniRequest.getDestination();
boolean valid = verifyMNIRequest(mniRequest, realm, remoteEntityID, hostEntity, hostEntityRole, dest);
if (!valid) {
logError("invalidSignInRequest", LogUtil.MNI_REQUEST_INVALID_SIGNATURE, metaAlias);
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInRequest"));
}
ManageNameIDResponse mniResponse = processManageNameIDRequest(mniRequest, metaAlias, remoteEntityID, paramsMap, null, SAML2Constants.SOAP, request, response);
signMNIResponse(mniResponse, realm, hostEntity, hostEntityRole, remoteEntityID);
SOAPMessage reply = SOAPCommunicator.getInstance().createSOAPMessage(mniResponse.toXMLString(true, true), false);
if (reply != null) {
/* Need to call saveChanges because we're
* going to use the MimeHeaders to set HTTP
* response information. These MimeHeaders
* are generated as part of the save. */
if (reply.saveRequired()) {
reply.saveChanges();
}
response.setStatus(HttpServletResponse.SC_OK);
SAML2Utils.putHeaders(reply.getMimeHeaders(), response);
// Write out the message on the response stream
OutputStream os = response.getOutputStream();
reply.writeTo(os);
os.flush();
} else {
logError("errorObtainResponse", LogUtil.CANNOT_INSTANTIATE_MNI_RESPONSE, null);
throw new SAML2Exception(SAML2Utils.bundle.getString("errorObtainResponse"));
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
ManageNameIDRequest(com.sun.identity.saml2.protocol.ManageNameIDRequest)
OutputStream(java.io.OutputStream)
SOAPMessage(javax.xml.soap.SOAPMessage)
ManageNameIDResponse(com.sun.identity.saml2.protocol.ManageNameIDResponse)
Example 40 with SOAPMessage
use of javax.xml.soap.SOAPMessage in project OpenAM by OpenRock.
the class SOAPCommunicator method sendSOAPMessage.
/**
* Send SOAP Message to specified url and returns message from peer.
*
* @param xmlMessage <code>String</code> will be sent.
* @param soapUrl URL the mesaage send to.
* @param isClientMessage true if the message is sent from SOAP client to
* server.
* @return SOAPMessage if the peer send back any reply.
* @throws SOAPException if error in creating soap message.
* @throws SAML2Exception if error in creating soap message.
*/
public SOAPMessage sendSOAPMessage(final String xmlMessage, final String soapUrl, final boolean isClientMessage) throws SOAPException, SAML2Exception {
SOAPConnection con = soapConnectionFactory.createConnection();
SOAPMessage msg = createSOAPMessage(xmlMessage, isClientMessage);
return con.call(msg, soapUrl);
}
Also used :
SOAPConnection(javax.xml.soap.SOAPConnection)
SOAPMessage(javax.xml.soap.SOAPMessage)
Aggregations
SOAPMessage (javax.xml.soap.SOAPMessage)219
SOAPException (javax.xml.soap.SOAPException)87
SOAPBody (javax.xml.soap.SOAPBody)47
Test (org.junit.Test)46
InputStream (java.io.InputStream)45
QName (javax.xml.namespace.QName)45
Element (org.w3c.dom.Element)44
IOException (java.io.IOException)40
MessageFactory (javax.xml.soap.MessageFactory)40
SoapMessage (org.apache.cxf.binding.soap.SoapMessage)30
SOAPElement (javax.xml.soap.SOAPElement)28
ByteArrayInputStream (java.io.ByteArrayInputStream)26
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)25
XMLStreamReader (javax.xml.stream.XMLStreamReader)25
Node (org.w3c.dom.Node)24
Document (org.w3c.dom.Document)22
URL (java.net.URL)21
SOAPPart (javax.xml.soap.SOAPPart)21
Exchange (org.apache.cxf.message.Exchange)19
MessageImpl (org.apache.cxf.message.MessageImpl)19
