Examples of SAMLSSOReqValidationResponseDTO

Examples of org.wso2.carbon.identity.sso.saml.dto.SAMLSSOReqValidationResponseDTO

    public SAMLSSOReqValidationResponseDTO validateRequest(String authReq, String sessionId,
                                                           String rpSessionId, String authnMode) throws IdentityException {
        XMLObject request = SAMLSSOUtil.unmarshall(SAMLSSOUtil.decode(authReq));
        if (request instanceof AuthnRequest) {
            AuthnRequestValidator authnRequestValidator = new AuthnRequestValidator((AuthnRequest)request);
            SAMLSSOReqValidationResponseDTO validationResp = authnRequestValidator.validate();
            validationResp.setAssertionString(authReq);
            if (validationResp.isValid()) {
                SSOSessionPersistenceManager sessionPersistenceManager = SSOSessionPersistenceManager.getPersistenceManager();
                boolean isExistingSession = sessionPersistenceManager.isExistingSession(sessionId);
                if(authnMode.equals(SAMLSSOConstants.AuthnModes.OPENID) && !isExistingSession){
                    AuthnRequestProcessor authnRequestProcessor = new AuthnRequestProcessor();
                    try {
                        return authnRequestProcessor.process(validationResp, sessionId, rpSessionId, authnMode);
                    } catch (Exception e) {
                        throw new IdentityException("Error processing the Authentication Request", e);
                    }
                }
                if (isExistingSession) {
                    AuthnRequestProcessor authnRequestProcessor = new AuthnRequestProcessor();
                    try {
                        return authnRequestProcessor.process(validationResp, sessionId, rpSessionId, authnMode);
                    } catch (Exception e) {
                        throw new IdentityException("Error processing the Authentication Request", e);
                    }
                }
            }
            validationResp.setRpSessionId(rpSessionId);
            return validationResp;
        }
        else if(request instanceof LogoutRequest){
            LogoutRequestProcessor logoutReqProcessor = new LogoutRequestProcessor();
            SAMLSSOReqValidationResponseDTO validationResponseDTO = logoutReqProcessor.process(
                    (LogoutRequest)request, sessionId);
            return validationResponseDTO;
        }


        return null;

View Full Code Here

Examples of org.wso2.carbon.identity.sso.saml.dto.SAMLSSOReqValidationResponseDTO

        }
    }


    public SAMLSSOReqValidationResponseDTO doSingleLogout(String sessionId) throws IdentityException {
         LogoutRequestProcessor logoutReqProcessor = new LogoutRequestProcessor();
            SAMLSSOReqValidationResponseDTO validationResponseDTO = logoutReqProcessor.process(null, sessionId);
            return validationResponseDTO;
    }

View Full Code Here

Examples of org.wso2.carbon.identity.sso.saml.dto.SAMLSSOReqValidationResponseDTO

        }
        else{
            authReqDTO.setUsername(valiationDTO.getSubject());
        }


        SAMLSSOReqValidationResponseDTO responseDTO = new SAMLSSOReqValidationResponseDTO();
        SAMLSSORespDTO respDTO = process(authReqDTO, sessionId, true, authMode);
        responseDTO.setValid(true);
        responseDTO.setResponse(respDTO.getRespString());
        responseDTO.setAssertionConsumerURL(respDTO.getAssertionConsumerURL());
        responseDTO.setLoginPageURL(respDTO.getLoginPageURL());
        return responseDTO;
    }

View Full Code Here

Examples of org.wso2.carbon.identity.sso.saml.dto.SAMLSSOReqValidationResponseDTO

     * @throws IdentityException
     */
    public SAMLSSOReqValidationResponseDTO validate() throws IdentityException {


        try {
            SAMLSSOReqValidationResponseDTO validationResponse = new SAMLSSOReqValidationResponseDTO();
            Issuer issuer = authnReq.getIssuer();
            Subject subject = authnReq.getSubject();


            //Validate the version
            if (!(authnReq.getVersion().equals(SAMLVersion.VERSION_20))) {
                String errorResp = buildErrorResponse(SAMLSSOConstants.StatusCodes.VERSION_MISMATCH,
                        "Invalid SAML Version in Authentication Request. SAML Version should be equal to 2.0");
                validationResponse.setResponse(errorResp);
                validationResponse.setValid(false);
                return validationResponse;
            }


            //validate the issuer
            if (issuer.getValue() != null) {
                validationResponse.setIssuer(issuer.getValue());
            } else if (issuer.getSPProvidedID() != null) {
                validationResponse.setIssuer(issuer.getSPProvidedID());
            } else {
                validationResponse.setValid(false);
                String errorResp = buildErrorResponse(SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR,
                        "Issuer/ProviderName should not be empty in the Authentication Request.");
                validationResponse.setResponse(errorResp);
                validationResponse.setValid(false);
                return validationResponse;
            }


            // set the custom login page URL, if available
            SSOServiceProviderConfigManager spConfigManager = SSOServiceProviderConfigManager.getInstance();
            SAMLSSOServiceProviderDO spDO = spConfigManager.getServiceProvider(issuer.getValue());
            if(spDO != null){
                validationResponse.setLoginPageURL(spDO.getLoginPageURL());
            }


            //TODO : Validate the NameID Format
            if (subject != null) {
                if (subject.getNameID() != null) {
                    validationResponse.setSubject(subject.getNameID().getValue());
                }
            }
            //TODO : validate the signature
            validationResponse.setId(authnReq.getID());
            validationResponse.setAssertionConsumerURL(authnReq.getAssertionConsumerServiceURL());
            validationResponse.setValid(true);


            if (log.isDebugEnabled()) {
                log.debug("Authentication Request Validation is successfull..");
            }
            return validationResponse;

View Full Code Here

Examples of org.wso2.carbon.identity.sso.saml.dto.SAMLSSOReqValidationResponseDTO




    public SAMLSSOReqValidationResponseDTO process(LogoutRequest logoutRequest, String sessionId) throws IdentityException {


        try {
            SAMLSSOReqValidationResponseDTO reqValidationResponseDTO = new SAMLSSOReqValidationResponseDTO();
            reqValidationResponseDTO.setLogOutReq(true);


            String subject = null;


            //Only if the logout request is received.
            if (logoutRequest != null) {
                if (logoutRequest.getIssuer() == null) {
                    String message = "Issuer should be mentioned in the Logout Request";
                    log.error(message);
                    return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, message);
                }


                // TODO : Check for BaseID and EncryptedID as well.
                if (logoutRequest.getNameID() != null) {
                    NameID nameID = logoutRequest.getNameID();
                    subject = nameID.getValue();
                } else {
                    String message = "Subject Name should be specified in the Logout Request";
                    log.error(message);
                    return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, message);
                }


                if (logoutRequest.getSessionIndexes() == null) {
                    String message = "At least one Session Index should be present in the Logout Request";
                    log.error(message);
                    return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, message);
                }
            }


            //Get the sessions from the SessionPersistenceManager and prepare the logout responses
            SSOSessionPersistenceManager ssoSessionPersistenceManager = SSOSessionPersistenceManager.getPersistenceManager();
            SessionInfoData sessionInfoData = ssoSessionPersistenceManager.getSessionInfo(sessionId);


            if (sessionInfoData == null) {
                String message = "No Established Sessions corresponding to Session Indexes provided.";
                log.error(message);
                return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR,
                        message);
            }
            subject = sessionInfoData.getSubject();
            String issuer = logoutRequest.getIssuer().getValue();
            Map<String, SAMLSSOServiceProviderDO> sessionsList = sessionInfoData.getServiceProviderList();
            SAMLSSOServiceProviderDO logoutReqIssuer = sessionsList.get(issuer);


            // validate the signature, if it is set.
            if(logoutReqIssuer.getCertAlias() != null){
                boolean isSignatureValid = SAMLSSOUtil.validateAssertionSignature(logoutRequest, logoutReqIssuer.getCertAlias(),
                                                       MultitenantUtils.getTenantDomain(subject));
                if (!isSignatureValid) {
                    String message = "The signature contained in the Assertion is not valid.";
                    log.error(message);
                    return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR,
                            message);
                }
            }


            SingleLogoutMessageBuilder logoutMsgBuilder = new SingleLogoutMessageBuilder();
            Map<String, String> rpSessionsList = sessionInfoData.getRPSessionsList();
            SingleLogoutRequestDTO[] singleLogoutReqDTOs = new SingleLogoutRequestDTO[sessionsList.size()-1];
            LogoutRequest logoutReq = logoutMsgBuilder.buildLogoutRequest(subject, sessionId,
                    SAMLSSOConstants.SingleLogoutCodes.LOGOUT_USER);
            String logoutReqString = SAMLSSOUtil.encode(SAMLSSOUtil.marshall(logoutReq));
            int index = 0;
            for (String key : sessionsList.keySet()) {
                if (!key.equals(issuer)) {
                    SingleLogoutRequestDTO logoutReqDTO = new SingleLogoutRequestDTO();
                    logoutReqDTO.setAssertionConsumerURL(sessionsList.get(key).getLogoutURL());
                    if (sessionsList.get(key).getLogoutURL() == null ||
                        sessionsList.get(key).getLogoutURL().length() == 0) {
                        logoutReqDTO.setAssertionConsumerURL(sessionsList.get(key).getAssertionConsumerUrl());
                    }
                    logoutReqDTO.setLogoutResponse(logoutReqString);
                    logoutReqDTO.setRpSessionId(rpSessionsList.get(key));
                    singleLogoutReqDTOs[index] = logoutReqDTO;
                    index ++;
                }
                else {
                    reqValidationResponseDTO.setIssuer(sessionsList.get(key).getIssuer());
                    reqValidationResponseDTO.setAssertionConsumerURL(sessionsList.get(key).getAssertionConsumerUrl());
                    if(sessionsList.get(key).getLogoutURL() != null && sessionsList.get(key).getLogoutURL().length() > 0){
                        reqValidationResponseDTO.setAssertionConsumerURL(sessionsList.get(key).getLogoutURL());
                    }
                }
            }
            reqValidationResponseDTO.setLogoutRespDTO(singleLogoutReqDTOs);


            if (logoutRequest != null) {
                LogoutResponse logoutResponse = logoutMsgBuilder.buildLogoutResponse(logoutRequest.getID(),
                        SAMLSSOConstants.StatusCodes.SUCCESS_CODE, null);
                reqValidationResponseDTO.setLogoutResponse(SAMLSSOUtil.encode(SAMLSSOUtil.marshall(logoutResponse)));
                reqValidationResponseDTO.setValid(true);
            }


            ssoSessionPersistenceManager.removeSession(sessionId, issuer);
            return reqValidationResponseDTO;
        } catch (Exception e) {

View Full Code Here

Examples of org.wso2.carbon.identity.sso.saml.dto.SAMLSSOReqValidationResponseDTO

            throw new IdentityException("Error Processing the Logout Request", e);
        }
    }


    private SAMLSSOReqValidationResponseDTO buildErrorResponse(String id, String status, String statMsg) throws Exception {
        SAMLSSOReqValidationResponseDTO reqValidationResponseDTO = new SAMLSSOReqValidationResponseDTO();
        LogoutResponse logoutResp = new SingleLogoutMessageBuilder().buildLogoutResponse(id, status, statMsg);
        reqValidationResponseDTO.setLogOutReq(true);
        reqValidationResponseDTO.setValid(false);
        reqValidationResponseDTO.setResponse(SAMLSSOUtil.encode(SAMLSSOUtil.marshall(logoutResp)));
        return reqValidationResponseDTO;
    }

View Full Code Here

Examples of org.wso2.carbon.identity.sso.saml.stub.types.SAMLSSOReqValidationResponseDTO

            throws IdentityException, IOException {


        FESessionManager sessionManager = FESessionManager.getInstance();
        String authSessionID = httpServletRequest.getParameter(SAMLSSOProviderConstants.FE_SESSION_KEY);
        FESessionBean sessionBean = sessionManager.getFESessionBean(authSessionID);
        SAMLSSOReqValidationResponseDTO validationResponseDTO = null;
        if (sessionBean != null) {
            if (sessionBean.getSessionBean() instanceof SAMLSSOReqValidationResponseDTO) {
                validationResponseDTO = (SAMLSSOReqValidationResponseDTO) sessionBean.getSessionBean();
            }
        }
        else{
            String errorSessionId = sessionManager.addNewSession(new FESessionBean("This authenticated session is expired.", "Please sign-in again."));
            httpServletResponse.sendRedirect(getAdminConsoleURL(httpServletRequest) + "sso-saml/notification_page.jsp?" +
                                  SAMLSSOProviderConstants.FE_SESSION_KEY + "=" + errorSessionId);
            return;
        }
        // Create SAMLSSOAuthnReqDTO using a SAMLSSOReqValidationResponseDTO
        SAMLSSOAuthnReqDTO authnReqDTO = new SAMLSSOAuthnReqDTO();
        authnReqDTO.setAssertionConsumerURL(validationResponseDTO.getAssertionConsumerURL());
        authnReqDTO.setId(validationResponseDTO.getId());
        authnReqDTO.setIssuer(validationResponseDTO.getIssuer());
        authnReqDTO.setPassword(password);
        authnReqDTO.setUsername(username);
        authnReqDTO.setSubject(validationResponseDTO.getSubject());
        authnReqDTO.setRpSessionId(validationResponseDTO.getRpSessionId());
        authnReqDTO.setAssertionString(validationResponseDTO.getAssertionString());


        // authenticate the user
        SAMLSSORespDTO authRespDTO = ssoServiceClient.authenticate(authnReqDTO, ssoTokenID);


        if (authRespDTO.getSessionEstablished()) {  // authentication is SUCCESSFUL
            storeSSOTokenCookie(ssoTokenID, httpServletRequest, httpServletResponse);
            String respSessionAuthID = sessionManager.addNewSession(new FESessionBean(authRespDTO, sessionBean.getRelayState()));
            sessionManager.removeSession(authSessionID);    // remove the SAMLSSORespDTO
            httpServletResponse.sendRedirect(getAdminConsoleURL(httpServletRequest) + "sso-saml/redirect_ajaxprocessor.jsp?" + SAMLSSOProviderConstants.FE_SESSION_KEY + "=" + respSessionAuthID);
        } else {    // authentication FAILURE
            validationResponseDTO.setValid(false);
            httpServletResponse.sendRedirect(calculateLoginPage(
                        getAdminConsoleURL(httpServletRequest), authRespDTO.getLoginPageURL())+ "?" + SAMLSSOProviderConstants.FE_SESSION_KEY + "=" + authSessionID);
        }
    }

View Full Code Here

Examples of org.wso2.carbon.identity.sso.saml.stub.types.SAMLSSOReqValidationResponseDTO

                                   HttpServletResponse httpServletResponse, HttpSession session,
                                   String ssoTokenID, SAMLSSOServiceClient ssoServiceClient,
                                   String samlRequest, String relayState, String authMode)
            throws IdentityException, IOException {
        String rpSessionId = httpServletRequest.getParameter(MultitenantConstants.SSO_AUTH_SESSION_ID);
        SAMLSSOReqValidationResponseDTO signInRespDTO = ssoServiceClient.validate(samlRequest, ssoTokenID, rpSessionId, authMode);
        FESessionManager sessionManager = FESessionManager.getInstance();
        // If it is a login request.
        if (!signInRespDTO.getLogOutReq()) {
            //  an authentication context has not been already established, redirect user to a login page.
            if (signInRespDTO.getValid() && signInRespDTO.getResponse() == null) {
                String sessionID = sessionManager.addNewSession(new FESessionBean(signInRespDTO, relayState));
                httpServletResponse.sendRedirect(calculateLoginPage(
                        getAdminConsoleURL(httpServletRequest), signInRespDTO.getLoginPageURL())+ "?" +
                                                 SAMLSSOProviderConstants.FE_SESSION_KEY + "=" + sessionID);


                // an auth. context has been already established. So redirect users back to ACS.
            } else if (signInRespDTO.getResponse() != null) {
                String sessionID = sessionManager.addNewSession(new FESessionBean(signInRespDTO, relayState));
                if(SAMLSSOProviderConstants.AuthnModes.OPENID.equals(authMode)){
                    storeSSOTokenCookie(ssoTokenID, httpServletRequest, httpServletResponse);
                }
                httpServletResponse.sendRedirect(getAdminConsoleURL(httpServletRequest) + "sso-saml/redirect_ajaxprocessor.jsp?" + SAMLSSOProviderConstants.FE_SESSION_KEY + "=" + sessionID);
            }
        } else {     // in case of a logout request
            String sessionID = sessionManager.addNewSession(new FESessionBean(signInRespDTO, relayState));
            LogoutRequestSender.getInstance().sendLogoutRequests(signInRespDTO.getLogoutRespDTO());
            httpServletResponse.sendRedirect(getAdminConsoleURL(httpServletRequest) + "sso-saml/redirect_ajaxprocessor.jsp?" + SAMLSSOProviderConstants.FE_SESSION_KEY + "=" + sessionID);
        }
    }

View Full Code Here

TOP

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.