use of org.forgerock.openam.sts.TokenValidationException in project OpenAM by OpenRock.
the class SoapCertificateTokenValidator method validate.
@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
try {
final String sessionId = authenticationHandler.authenticate(credential.getCertificates(), TokenType.X509);
threadLocalAMTokenCache.cacheSessionIdForContext(validationInvocationContext, sessionId, invalidateAMSession);
return credential;
} catch (TokenValidationException e) {
logger.error("Exception caught authenticating X509Certificate with OpenAM: " + e, e);
throw new WSSecurityException(WSSecurityException.FAILED_AUTHENTICATION, e.getMessage());
}
}
use of org.forgerock.openam.sts.TokenValidationException in project OpenAM by OpenRock.
the class AuthenticationUrlProviderImpl method authenticationUrl.
@Override
public URL authenticationUrl(TokenTypeId tokenTypeId) throws TokenValidationException {
String urlString;
AuthTargetMapping.AuthTarget target = authTargetMapping.getAuthTargetMapping(tokenTypeId);
if (target != null) {
urlString = urlConstituentCatenator.catenateUrlConstituents(amDeploymentUrl, jsonRoot, realm, restAuthnUriElement, QUESTION_MARK, AUTH_INDEX_TYPE_PARAM, target.getAuthIndexType(), AMPERSAND, AUTH_INDEX_VALUE_PARAM, target.getAuthIndexValue());
} else {
urlString = urlConstituentCatenator.catenateUrlConstituents(amDeploymentUrl, jsonRoot, realm, restAuthnUriElement);
}
try {
return new URL(urlString);
} catch (MalformedURLException e) {
throw new TokenValidationException(ResourceException.INTERNAL_ERROR, e.getMessage(), e);
}
}
use of org.forgerock.openam.sts.TokenValidationException in project OpenAM by OpenRock.
the class OpenIdConnectAuthenticationRequestDispatcher method dispatch.
@Override
public String dispatch(URL url, AuthTargetMapping.AuthTarget target, OpenIdConnectIdToken token) throws TokenValidationException {
if (target == null) {
throw new TokenValidationException(org.forgerock.json.resource.ResourceException.BAD_REQUEST, "When validatating OIDC tokens, an AuthTarget needs to be configured with a Map containing a String " + "entry referenced by key" + AMSTSConstants.OPEN_ID_CONNECT_ID_TOKEN_AUTH_TARGET_HEADER_KEY + " which specifies the header name which will reference the OIDC ID Token.");
}
Object headerKey = target.getContext().get(AMSTSConstants.OPEN_ID_CONNECT_ID_TOKEN_AUTH_TARGET_HEADER_KEY);
if (!(headerKey instanceof String)) {
//checks both for null and String
throw new TokenValidationException(org.forgerock.json.resource.ResourceException.BAD_REQUEST, "When validatating OIDC tokens, an AuthTarget needs to be configured with a Map containing a String " + "entry referenced by key" + AMSTSConstants.OPEN_ID_CONNECT_ID_TOKEN_AUTH_TARGET_HEADER_KEY + " which specifies the header name which will reference the OIDC ID Token.");
}
try {
Map<String, String> headerMap = new HashMap<>();
headerMap.put(AMSTSConstants.CONTENT_TYPE, AMSTSConstants.APPLICATION_JSON);
headerMap.put(AMSTSConstants.CREST_VERSION_HEADER_KEY, crestVersionAuthNService);
headerMap.put((String) headerKey, token.getTokenValue());
HttpURLConnectionWrapper.ConnectionResult connectionResult = httpURLConnectionWrapperFactory.httpURLConnectionWrapper(url).setRequestHeaders(headerMap).setRequestMethod(AMSTSConstants.POST).makeInvocation();
final int responseCode = connectionResult.getStatusCode();
if (responseCode != HttpURLConnection.HTTP_OK) {
throw new TokenValidationException(responseCode, "Non-200 response from posting OIDC token " + "to rest authN: " + connectionResult.getResult());
} else {
return connectionResult.getResult();
}
} catch (IOException e) {
throw new TokenValidationException(org.forgerock.json.resource.ResourceException.INTERNAL_ERROR, "Exception caught posting OIDC token to rest authN: " + e, e);
}
}
use of org.forgerock.openam.sts.TokenValidationException in project OpenAM by OpenRock.
the class RestUsernameTokenAuthenticationRequestDispatcher method dispatch.
@Override
public String dispatch(URL url, AuthTargetMapping.AuthTarget target, RestUsernameToken token) throws TokenValidationException {
try {
Map<String, String> headerMap = new HashMap<>();
headerMap.put(AMSTSConstants.CONTENT_TYPE, AMSTSConstants.APPLICATION_JSON);
headerMap.put(AMSTSConstants.CREST_VERSION_HEADER_KEY, crestVersionAuthNService);
headerMap.put(AMSTSConstants.AM_REST_AUTHN_USERNAME_HEADER, new String(token.getUsername(), AMSTSConstants.UTF_8_CHARSET_ID));
headerMap.put(AMSTSConstants.AM_REST_AUTHN_PASSWORD_HEADER, new String(token.getPassword(), AMSTSConstants.UTF_8_CHARSET_ID));
HttpURLConnectionWrapper.ConnectionResult connectionResult = httpURLConnectionWrapperFactory.httpURLConnectionWrapper(url).setRequestHeaders(headerMap).setRequestMethod(AMSTSConstants.POST).makeInvocation();
final int responseCode = connectionResult.getStatusCode();
if (responseCode != HttpURLConnection.HTTP_OK) {
throw new TokenValidationException(responseCode, "Non-200 response from posting Username token " + "to rest authN: " + connectionResult.getResult());
} else {
return connectionResult.getResult();
}
} catch (IOException e) {
throw new TokenValidationException(ResourceException.INTERNAL_ERROR, "Exception caught posting UsernameToken to rest authN: " + e, e);
}
}
use of org.forgerock.openam.sts.TokenValidationException in project OpenAM by OpenRock.
the class TokenTranslateOperationImpl method translateToken.
@Override
@SuppressWarnings("unchecked")
public JsonValue translateToken(RestSTSTokenTranslationInvocationState invocationState, Context context) throws TokenMarshalException, TokenValidationException, TokenCreationException {
TokenTypeId inputTokenType = tokenRequestMarshaller.getTokenType(invocationState.getInputTokenState());
TokenTypeId outputTokenType = tokenRequestMarshaller.getTokenType(invocationState.getOutputTokenState());
TokenTransform targetedTransform = null;
for (TokenTransform transform : tokenTransforms) {
if (transform.isTransformSupported(inputTokenType, outputTokenType)) {
targetedTransform = transform;
break;
}
}
if (targetedTransform == null) {
String message = "The desired transformation, from " + inputTokenType.getId() + " to " + outputTokenType.getId() + ", is not a supported token translation.";
throw new TokenValidationException(ResourceException.BAD_REQUEST, message);
}
RestTokenTransformValidatorParameters<?> validatorParameters = tokenRequestMarshaller.buildTokenTransformValidatorParameters(invocationState.getInputTokenState(), context);
RestTokenProviderParameters<?> providerParameters = tokenRequestMarshaller.buildTokenProviderParameters(inputTokenType, invocationState.getInputTokenState(), outputTokenType, invocationState.getOutputTokenState());
return targetedTransform.transformToken(validatorParameters, providerParameters);
}
Aggregations