Examples with TokenCreationException org.forgerock.openam.sts.TokenCreationException used on opensource projects

Search in sources :

Example 6 with TokenCreationException

use of org.forgerock.openam.sts.TokenCreationException in project OpenAM by OpenRock.

the class SoapSamlTokenProvider method createToken.

/**
     * @see org.apache.cxf.sts.token.provider.TokenProvider
     */
@Override
public TokenProviderResponse createToken(TokenProviderParameters tokenProviderParameters) {
    try {
        final TokenProviderResponse tokenProviderResponse = new TokenProviderResponse();
        final SAML2SubjectConfirmation subjectConfirmation = determineSubjectConfirmation(tokenProviderParameters);
        final SoapTokenProviderBase.AuthenticationContextMapperState mapperState = getAuthenticationContextMapperState(tokenProviderParameters);
        String authNContextClassRef;
        if (mapperState.isDelegatedContext()) {
            authNContextClassRef = authnContextMapper.getAuthnContextForDelegatedToken(mapperState.getSecurityPolicyBindingTraversalYield(), mapperState.getDelegatedToken());
        } else {
            authNContextClassRef = authnContextMapper.getAuthnContext(mapperState.getSecurityPolicyBindingTraversalYield());
        }
        ProofTokenState proofTokenState = null;
        if (SAML2SubjectConfirmation.HOLDER_OF_KEY.equals(subjectConfirmation)) {
            proofTokenState = getProofTokenState(tokenProviderParameters);
        }
        String assertion;
        try {
            assertion = getAssertion(authNContextClassRef, subjectConfirmation, proofTokenState);
        } catch (TokenCreationException e) {
            throw new AMSTSRuntimeException(e.getCode(), e.getMessage(), e);
        }
        Document assertionDocument = xmlUtilities.stringToDocumentConversion(assertion);
        if (assertionDocument == null) {
            logger.error("Could not turn assertion string returned from TokenGenerationService into DOM Document. " + "The assertion string: " + assertion);
            throw new AMSTSRuntimeException(ResourceException.INTERNAL_ERROR, "Could not turn assertion string returned from TokenGenerationService into DOM Document.");
        }
        final Element assertionElement = assertionDocument.getDocumentElement();
        tokenProviderResponse.setToken(assertionElement);
        final String tokenId = assertionElement.getAttributeNS(null, "ID");
        /*
            The tokenId cannot be null or empty because a reference to the issued token is created using this id in the wss
            security header in the RequestSecurityTokenResponse. A null or empty id will generate a cryptic error in the cxf
            runtime. And if we are dealing with an encrypted assertion, there is no ID attribute, so in this case,
            a random uuid should be generated, as I believe the id serves only to refer to the token within the
            security header, and does not have to be connected to the token itself. An encrypted SAML2 assertion only
            contains some information on the encryption method, the symmetric key used for encryption, itself encrypted
            with the recipient's public key, and the encrypted assertion. So if no ID attribute is present, we are dealing
            with an encrypted assertion, and will generate a random UUID to serve as the key id.
            */
        if (StringUtils.isEmpty(tokenId)) {
            tokenProviderResponse.setTokenId(UUID.randomUUID().toString());
        } else {
            tokenProviderResponse.setTokenId(tokenId);
        }
        return tokenProviderResponse;
    } finally {
        try {
            amSessionInvalidator.invalidateAMSessions(threadLocalAMTokenCache.getToBeInvalidatedAMSessionIds());
        } catch (Exception e) {
            String message = "Exception caught invalidating interim AMSession in SoapSamlTokenProvider: " + e;
            logger.warn(message, e);
        /*
                The fact that the interim OpenAM session was not invalidated should not prevent a token from being issued, so
                I will not throw a AMSTSRuntimeException
                */
        }
    }
}
Also used : SAML2SubjectConfirmation(org.forgerock.openam.sts.token.SAML2SubjectConfirmation) Element(org.w3c.dom.Element) AMSTSRuntimeException(org.forgerock.openam.sts.AMSTSRuntimeException) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) SoapTokenProviderBase(org.forgerock.openam.sts.soap.token.provider.SoapTokenProviderBase) ProofTokenState(org.forgerock.openam.sts.user.invocation.ProofTokenState) Document(org.w3c.dom.Document) TokenCreationException(org.forgerock.openam.sts.TokenCreationException) AMSTSRuntimeException(org.forgerock.openam.sts.AMSTSRuntimeException) TokenMarshalException(org.forgerock.openam.sts.TokenMarshalException) ResourceException(org.forgerock.json.resource.ResourceException) TokenCreationException(org.forgerock.openam.sts.TokenCreationException)

Example 7 with TokenCreationException

use of org.forgerock.openam.sts.TokenCreationException in project OpenAM by OpenRock.

the class TokenGenerationService method createInstance.

@Override
public Promise<ResourceResponse, ResourceException> createInstance(Context context, CreateRequest request) {
    TokenGenerationServiceInvocationState invocationState;
    try {
        invocationState = TokenGenerationServiceInvocationState.fromJson(request.getContent());
    } catch (Exception e) {
        logger.error("Exception caught marshalling json into TokenGenerationServiceInvocationState instance: " + e);
        return new BadRequestException(e.getMessage(), e).asPromise();
    }
    SSOToken subjectToken;
    try {
        subjectToken = validateAssertionSubjectSession(invocationState);
    } catch (ForbiddenException e) {
        return e.asPromise();
    }
    STSInstanceState stsInstanceState;
    try {
        stsInstanceState = getSTSInstanceState(invocationState);
    } catch (ResourceException e) {
        return e.asPromise();
    }
    if (TokenType.SAML2.equals(invocationState.getTokenType())) {
        try {
            final String assertion = saml2TokenGeneration.generate(subjectToken, stsInstanceState, invocationState);
            return newResultPromise(issuedTokenResource(assertion));
        } catch (TokenCreationException e) {
            logger.error("Exception caught generating saml2 token: " + e, e);
            return e.asPromise();
        } catch (Exception e) {
            logger.error("Exception caught generating saml2 token: " + e, e);
            return new InternalServerErrorException(e.toString(), e).asPromise();
        }
    } else if (TokenType.OPENIDCONNECT.equals(invocationState.getTokenType())) {
        try {
            final String assertion = openIdConnectTokenGeneration.generate(subjectToken, stsInstanceState, invocationState);
            return newResultPromise(issuedTokenResource(assertion));
        } catch (TokenCreationException e) {
            logger.error("Exception caught generating OpenIdConnect token: " + e, e);
            return e.asPromise();
        } catch (Exception e) {
            logger.error("Exception caught generating OpenIdConnect token: " + e, e);
            return new InternalServerErrorException(e.toString(), e).asPromise();
        }
    } else {
        String message = "Bad request: unexpected token type:" + invocationState.getTokenType();
        logger.error(message);
        return new BadRequestException(message).asPromise();
    }
}
Also used : TokenGenerationServiceInvocationState(org.forgerock.openam.sts.service.invocation.TokenGenerationServiceInvocationState) ForbiddenException(org.forgerock.json.resource.ForbiddenException) SSOToken(com.iplanet.sso.SSOToken) BadRequestException(org.forgerock.json.resource.BadRequestException) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) ResourceException(org.forgerock.json.resource.ResourceException) RestSTSInstanceState(org.forgerock.openam.sts.tokengeneration.state.RestSTSInstanceState) SoapSTSInstanceState(org.forgerock.openam.sts.tokengeneration.state.SoapSTSInstanceState) STSInstanceState(org.forgerock.openam.sts.tokengeneration.state.STSInstanceState) TokenCreationException(org.forgerock.openam.sts.TokenCreationException) CTSTokenPersistenceException(org.forgerock.openam.sts.CTSTokenPersistenceException) InternalServerErrorException(org.forgerock.json.resource.InternalServerErrorException) ForbiddenException(org.forgerock.json.resource.ForbiddenException) SSOException(com.iplanet.sso.SSOException) NotFoundException(org.forgerock.json.resource.NotFoundException) BadRequestException(org.forgerock.json.resource.BadRequestException) IdRepoException(com.sun.identity.idm.IdRepoException) TokenCreationException(org.forgerock.openam.sts.TokenCreationException) ResourceException(org.forgerock.json.resource.ResourceException) STSPublishException(org.forgerock.openam.sts.STSPublishException)

Example 8 with TokenCreationException

use of org.forgerock.openam.sts.TokenCreationException in project OpenAM by OpenRock.

the class DefaultAuthenticationStatementsProvider method get.

/**
     * @see org.forgerock.openam.sts.tokengeneration.saml2.statements.AttributeStatementsProvider#get(com.iplanet.sso.SSOToken,
     * org.forgerock.openam.sts.config.user.SAML2Config, AttributeMapper)
     */
public List<AuthnStatement> get(SAML2Config saml2Config, String authNContextClassRef) throws TokenCreationException {
    try {
        AuthnStatement authnStatement = AssertionFactory.getInstance().createAuthnStatement();
        authnStatement.setAuthnInstant(new Date());
        AuthnContext authnContext = AssertionFactory.getInstance().createAuthnContext();
        authnContext.setAuthnContextClassRef(authNContextClassRef);
        authnStatement.setAuthnContext(authnContext);
        ArrayList<AuthnStatement> statements = new ArrayList<AuthnStatement>(1);
        statements.add(authnStatement);
        return statements;
    } catch (SAML2Exception e) {
        throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught generating AuthenticationStatement in DefaultAuthenticationStatementProvider: " + e, e);
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) AuthnStatement(com.sun.identity.saml2.assertion.AuthnStatement) ArrayList(java.util.ArrayList) TokenCreationException(org.forgerock.openam.sts.TokenCreationException) Date(java.util.Date) AuthnContext(com.sun.identity.saml2.assertion.AuthnContext)

Example 9 with TokenCreationException

use of org.forgerock.openam.sts.TokenCreationException in project OpenAM by OpenRock.

the class SAML2TokenGenerationImpl method setIssuer.

private void setIssuer(Assertion assertion, SAML2Config config) throws TokenCreationException {
    final Issuer issuer = AssertionFactory.getInstance().createIssuer();
    try {
        issuer.setValue(config.getIdpId());
        assertion.setIssuer(issuer);
    } catch (SAML2Exception e) {
        throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught setting issuer in SAML2TokenGenerationImpl: " + e, e);
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) Issuer(com.sun.identity.saml2.assertion.Issuer) TokenCreationException(org.forgerock.openam.sts.TokenCreationException)

Example 10 with TokenCreationException

use of org.forgerock.openam.sts.TokenCreationException in project OpenAM by OpenRock.

the class SAML2TokenGenerationImpl method generate.

public String generate(SSOToken subjectToken, STSInstanceState stsInstanceState, TokenGenerationServiceInvocationState invocationState) throws TokenCreationException {
    final SAML2Config saml2Config = stsInstanceState.getConfig().getSaml2Config();
    if (saml2Config == null) {
        throw new TokenCreationException(ResourceException.BAD_REQUEST, "Invocation targets a SAML2 token, but no SAML2Config was specified in the published sts!");
    }
    final String subjectId = ssoTokenIdentity.validateAndGetTokenPrincipal(subjectToken);
    final Assertion assertion = AssertionFactory.getInstance().createAssertion();
    setVersionAndId(assertion);
    setIssuer(assertion, saml2Config);
    final Date issueInstant = new Date();
    setIssueInstant(assertion, issueInstant);
    final SAML2TokenGenerationState tokenGenerationState = invocationState.getSaml2TokenGenerationState();
    setConditions(assertion, saml2Config, issueInstant, tokenGenerationState.getSaml2SubjectConfirmation());
    setSubject(assertion, subjectId, saml2Config.getSpAcsUrl(), saml2Config, invocationState.getSaml2TokenGenerationState().getSaml2SubjectConfirmation(), issueInstant, tokenGenerationState.getProofTokenState());
    setAuthenticationStatements(assertion, saml2Config, tokenGenerationState.getAuthnContextClassRef());
    setAttributeStatements(assertion, subjectToken, saml2Config);
    setAuthzDecisionStatements(assertion, subjectToken, saml2Config);
    /*
        entering this branch handles both encryption and signing, as the encryption of the entire assertion must be
        proceeded by signing.
         */
    String assertionString;
    if (saml2Config.encryptAssertion()) {
        EncryptedAssertion encryptedAssertion = handleSingingAndEncryptionOfEntireAssertion(assertion, saml2Config, stsInstanceState);
        try {
            assertionString = encryptedAssertion.toXMLString(ASSERTION_TO_STRING_INCLUDE_NAMESPACE_PREFIX, ASSERTION_TO_STRING_DECLARE_NAMESPACE_PREFIX);
        } catch (SAML2Exception e) {
            throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught calling Assertion.toXMLString: " + e, e);
        }
    } else {
        if (saml2Config.encryptAttributes()) {
            encryptAttributeStatement(assertion, saml2Config, stsInstanceState);
        }
        if (saml2Config.encryptNameID()) {
            encryptNameID(assertion, saml2Config, stsInstanceState);
        }
        if (saml2Config.signAssertion()) {
            signAssertion(assertion, stsInstanceState);
        }
        try {
            assertionString = assertion.toXMLString(ASSERTION_TO_STRING_INCLUDE_NAMESPACE_PREFIX, ASSERTION_TO_STRING_DECLARE_NAMESPACE_PREFIX);
        } catch (SAML2Exception e) {
            throw new TokenCreationException(ResourceException.INTERNAL_ERROR, "Exception caught calling Assertion.toXMLString: " + e, e);
        }
    }
    if (stsInstanceState.getConfig().persistIssuedTokensInCTS()) {
        try {
            ctsTokenPersistence.persistToken(invocationState.getStsInstanceId(), TokenType.SAML2, assertionString, subjectId, issueInstant.getTime(), saml2Config.getTokenLifetimeInSeconds());
        } catch (CTSTokenPersistenceException e) {
            throw new TokenCreationException(e.getCode(), e.getMessage(), e);
        }
    }
    return assertionString;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SAML2Config(org.forgerock.openam.sts.config.user.SAML2Config) EncryptedAssertion(com.sun.identity.saml2.assertion.EncryptedAssertion) EncryptedAssertion(com.sun.identity.saml2.assertion.EncryptedAssertion) Assertion(com.sun.identity.saml2.assertion.Assertion) TokenCreationException(org.forgerock.openam.sts.TokenCreationException) CTSTokenPersistenceException(org.forgerock.openam.sts.CTSTokenPersistenceException) Date(java.util.Date) SAML2TokenGenerationState(org.forgerock.openam.sts.service.invocation.SAML2TokenGenerationState)

Aggregations

TokenCreationException (org.forgerock.openam.sts.TokenCreationException)23 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)12 ArrayList (java.util.ArrayList)6 Date (java.util.Date)4 IOException (java.io.IOException)3 ResourceException (org.forgerock.json.resource.ResourceException)3 CTSTokenPersistenceException (org.forgerock.openam.sts.CTSTokenPersistenceException)3 Element (org.w3c.dom.Element)3 SSOException (com.iplanet.sso.SSOException)2 IdRepoException (com.sun.identity.idm.IdRepoException)2 Attribute (com.sun.identity.saml2.assertion.Attribute)2 AttributeStatement (com.sun.identity.saml2.assertion.AttributeStatement)2 NameID (com.sun.identity.saml2.assertion.NameID)2 Subject (com.sun.identity.saml2.assertion.Subject)2 SubjectConfirmationData (com.sun.identity.saml2.assertion.SubjectConfirmationData)2 HashMap (java.util.HashMap)2 TokenProviderResponse (org.apache.cxf.sts.token.provider.TokenProviderResponse)2 JwsHeaderBuilder (org.forgerock.json.jose.builders.JwsHeaderBuilder)2 SigningManager (org.forgerock.json.jose.jws.SigningManager)2 SigningHandler (org.forgerock.json.jose.jws.handlers.SigningHandler)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial