コード例 #1
0
 /**
  * Processes the termination request received from a remote provider. Invoded when Http redirect
  * profile is used.
  *
  * @param request HTTP request
  * @param response HTTP response
  * @param reqTermination the federation termination request received from remote provider
  */
 public void processTerminationRequest(
     HttpServletRequest request,
     HttpServletResponse response,
     FSFederationTerminationNotification reqTermination) {
   FSUtils.debug.message("Entered FSFedTerminationHandler::processTerminationRequest...");
   this.request = request;
   this.locale = FSServiceUtils.getLocale(request);
   this.response = response;
   this.relayState = reqTermination.getRelayState();
   setTerminationURL();
   if (managerInst == null) {
     FSUtils.debug.error(
         "FSSPFedTerminationHandler "
             + FSUtils.bundle.getString(IFSConstants.FEDERATION_FAILED_ACCOUNT_INSTANCE));
     if (FSUtils.debug.messageEnabled()) {
       FSUtils.debug.message(
           "FSSPFedTerminationHandler::handleFederationTermination"
               + "failed to get Account Manager instance");
     }
     returnToSource();
     return;
   }
   boolean bStatus = updateAccountInformation(reqTermination.getNameIdentifier());
   if (!bStatus) {
     FSUtils.debug.message("Termination request processing failed");
     String[] data = {
       FSUtils.bundle.getString(IFSConstants.TERMINATION_REQUEST_PROCESSING_FAILED)
     };
     LogUtil.error(Level.INFO, LogUtil.TERMINATION_FAILED, data, ssoToken);
     returnToSource();
     return;
   }
   FSUtils.debug.message("User sucessfully defederated");
   String[] data = {FSUtils.bundle.getString(IFSConstants.TERMINATION_SUCCEEDED)};
   LogUtil.access(Level.INFO, LogUtil.TERMINATION_SUCCESS, data, ssoToken);
   // Call SP Adaper for remote IDP initiated HTTP profile
   if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
     FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
     if (spAdapter != null) {
       FSUtils.debug.message("FSFedTerminationHandler.HTTP");
       try {
         spAdapter.postTerminationNotificationSuccess(
             hostedEntityId,
             request,
             response,
             userID,
             reqTermination,
             IFSConstants.TERMINATION_IDP_HTTP_PROFILE);
       } catch (Exception e) {
         // ignore adapter exception
         FSUtils.debug.error("postTermNotification.IDP/HTTP", e);
       }
     }
   }
   returnToSource();
   return;
 }
コード例 #2
0
  /**
   * Finds the user based on the termination request received from a remote provider.
   *
   * @param reqTermination the termination request
   * @return <code>true</code> if the user is found; <code>false</code> otherwise.
   */
  public boolean setUserID(FSFederationTerminationNotification reqTermination) {
    try {

      // UserDN needs to be figured from termination request
      String sourceProviderId = "";
      if (managerInst != null) {
        sourceProviderId = reqTermination.getProviderId();
        if (FSUtils.debug.messageEnabled()) {
          FSUtils.debug.message("sourceProviderId : " + sourceProviderId);
        }
        String opaqueHandle = (reqTermination.getNameIdentifier()).getName().trim();
        if (FSUtils.debug.messageEnabled()) {
          FSUtils.debug.message("processTerminationRequest Handle : " + opaqueHandle);
        }
        String associatedDomain = (reqTermination.getNameIdentifier().getNameQualifier()).trim();
        if (FSUtils.debug.messageEnabled()) {
          FSUtils.debug.message("Name Qualifier : " + associatedDomain);
        }
        if (FSUtils.debug.messageEnabled()) {
          FSUtils.debug.message("Realm : " + realm);
        }

        String searchDomain = hostedEntityId;
        if ((associatedDomain != null)
            && (associatedDomain.length() != 0)
            && (!sourceProviderId.equals(associatedDomain))) {
          searchDomain = associatedDomain;
        }
        FSAccountFedInfoKey acctkey = new FSAccountFedInfoKey(searchDomain, opaqueHandle);
        Map env = new HashMap();
        env.put(IFSConstants.FS_USER_PROVIDER_ENV_TERMINATION_KEY, reqTermination);
        this.userID = managerInst.getUserID(acctkey, realm, env);
        if (this.userID == null) {
          acctkey = new FSAccountFedInfoKey(remoteEntityId, opaqueHandle);
          this.userID = managerInst.getUserID(acctkey, realm, env);
          if (this.userID == null) {
            FSUtils.debug.message("UserID is null");
            return false;
          }
        }
        if (FSUtils.debug.messageEnabled()) {
          FSUtils.debug.message("user id is " + userID);
        }
        return true;
      }
    } catch (FSAccountMgmtException e) {
      FSUtils.debug.error("In FSAccountMgmtException :: ", e);
    }
    this.userID = null;
    return false;
  }
コード例 #3
0
 /**
  * Generates Federation termination request based onthe <code>FSAccountFedInfo</code> object that
  * represents the account federation for a user between 2 providers.
  *
  * @param acctInfo represents the current user account information
  * @return termination request message
  */
 private FSFederationTerminationNotification createFederationTerminationRequest(
     FSAccountFedInfo acctInfo) {
   FSUtils.debug.message("FSFedTerminationHandler::createFederationTerminationRequest:");
   FSFederationTerminationNotification reqName = new FSFederationTerminationNotification();
   if (reqName != null) {
     NameIdentifier nameIdentifier = acctInfo.getRemoteNameIdentifier();
     if (nameIdentifier == null) {
       nameIdentifier = acctInfo.getLocalNameIdentifier();
     }
     if (FSUtils.debug.messageEnabled()) {
       FSUtils.debug.message("SP Provider Id : " + hostedEntityId);
     }
     reqName.setProviderId(hostedEntityId);
     reqName.setNameIdentifier(nameIdentifier);
     // TODO: Any more member settings + signature
     return reqName;
   } else {
     FSUtils.debug.message("failed to create termination request");
     FSUtils.debug.error(
         "FSFedTerminationHandler::createFederationTerminationRequest "
             + FSUtils.bundle.getString(IFSConstants.TERMINATION_REQUEST_CREATION));
     return null;
   }
 }
コード例 #4
0
  /**
   * Initiates federation termination at remote end. The termination requested is constructed and
   * based on the profile the request is sent over SOAP or as HTTP redirect. Profile is always based
   * on the SPs profile
   *
   * @param acctInfo represents the user account federation information
   * @return <code>true</code> if termination request is sent to remote provider successfully;
   *     <code>false</code> otherwise.
   */
  private boolean doFederationTermination(
      HttpServletRequest request, HttpServletResponse response, FSAccountFedInfo acctInfo) {
    FSUtils.debug.message("Entered FSFedTerminationHandler::doFederationTermination");
    try {
      if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message(
            "FSFedTerminationHandler::doFederationTermination create" + " request start");
      }
      FSFederationTerminationNotification reqFedTermination =
          createFederationTerminationRequest(acctInfo);
      reqFedTermination.setMinorVersion(
          FSServiceUtils.getMinorVersion(remoteDescriptor.getProtocolSupportEnumeration()));
      if (reqFedTermination == null) {
        if (FSUtils.debug.messageEnabled()) {
          FSUtils.debug.message(
              "FSIDPFedTerminationHandler::Termination request could " + "not be formed");
        }
        // Always show success page since local termination succeeded
        FSServiceUtils.returnLocallyAfterOperation(
            response,
            termination_done_url,
            true,
            IFSConstants.TERMINATION_SUCCESS,
            IFSConstants.TERMINATION_FAILURE);
        return false;
      }
      if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message(
            "FSIDPFedTerminationHandler::Termination request formed" + "successfully");
      }
      // Find out which profile to use
      boolean isSOAPProfile = true;
      if (acctInfo.isRoleIDP()) {
        List hostProfiles = hostedDescriptor.getFederationTerminationNotificationProtocolProfile();
        if (hostProfiles == null || hostProfiles.isEmpty()) {
          FSUtils.debug.error(
              "FSFedTerminationHandler::"
                  + "doFederationTermination no termination profile"
                  + " cannot process request");
          FSServiceUtils.returnLocallyAfterOperation(
              response,
              termination_done_url,
              true,
              IFSConstants.TERMINATION_SUCCESS,
              IFSConstants.TERMINATION_FAILURE);
          return false;
        }
        String profile = (String) hostProfiles.iterator().next();
        if (profile.equalsIgnoreCase(IFSConstants.TERMINATION_SP_SOAP_PROFILE)
            || profile.equalsIgnoreCase(IFSConstants.TERMINATION_IDP_SOAP_PROFILE)) {
          isSOAPProfile = true;
        } else if (profile.equalsIgnoreCase(IFSConstants.TERMINATION_SP_HTTP_PROFILE)
            || profile.equalsIgnoreCase(IFSConstants.TERMINATION_IDP_HTTP_PROFILE)) {
          isSOAPProfile = false;
        } else {
          FSUtils.debug.error(
              "FSFedTerminationHandler::"
                  + "doFederationTermination Invalid termination profile"
                  + " cannot process request");
          FSServiceUtils.returnLocallyAfterOperation(
              response,
              termination_done_url,
              true,
              IFSConstants.TERMINATION_SUCCESS,
              IFSConstants.TERMINATION_FAILURE);
          return false;
        }
      } else {
        List remoteProfiles =
            remoteDescriptor.getFederationTerminationNotificationProtocolProfile();
        if (remoteProfiles == null || remoteProfiles.isEmpty()) {
          FSUtils.debug.error(
              "FSFedTerminationHandler::"
                  + "doFederationTermination no termination profile"
                  + " cannot process request");
          FSServiceUtils.returnLocallyAfterOperation(
              response,
              termination_done_url,
              true,
              IFSConstants.TERMINATION_SUCCESS,
              IFSConstants.TERMINATION_FAILURE);
          return false;
        }

        String profile = (String) remoteProfiles.iterator().next();
        if (profile.equalsIgnoreCase(IFSConstants.TERMINATION_SP_SOAP_PROFILE)
            || profile.equalsIgnoreCase(IFSConstants.TERMINATION_IDP_SOAP_PROFILE)) {
          isSOAPProfile = true;
        } else if (profile.equalsIgnoreCase(IFSConstants.TERMINATION_SP_HTTP_PROFILE)
            || profile.equalsIgnoreCase(IFSConstants.TERMINATION_IDP_HTTP_PROFILE)) {
          isSOAPProfile = false;
        } else {
          FSUtils.debug.error(
              "FSFedTerminationHandler::"
                  + "doFederationTermination Invalid termination profile"
                  + " cannot process request");
          FSServiceUtils.returnLocallyAfterOperation(
              response,
              termination_done_url,
              true,
              IFSConstants.TERMINATION_SUCCESS,
              IFSConstants.TERMINATION_FAILURE);
          return false;
        }
      }
      if (isSOAPProfile) {
        FSSOAPService instSOAP = FSSOAPService.getInstance();
        if (instSOAP != null) {
          FSUtils.debug.message("Signing suceeded. To call bindTerminationRequest");
          // String id = reqFedTermination.getRequestID();
          reqFedTermination.setID(IFSConstants.TERMINATIONID);
          SOAPMessage msgTermination = instSOAP.bind(reqFedTermination.toXMLString(true, true));
          if (msgTermination != null) {
            try {
              if (FSServiceUtils.isSigningOn()) {
                int minorVersion = reqFedTermination.getMinorVersion();
                if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
                  msgTermination =
                      signTerminationRequest(
                          msgTermination, IFSConstants.ID, reqFedTermination.getID());
                } else if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
                  msgTermination =
                      signTerminationRequest(
                          msgTermination,
                          IFSConstants.REQUEST_ID,
                          reqFedTermination.getRequestID());
                } else {
                  FSUtils.debug.message("invalid minor version.");
                }
              }
              boolean sendStatus =
                  instSOAP.sendTerminationMessage(
                      msgTermination, remoteDescriptor.getSoapEndpoint());
              // Call SP Adapter for SP initiated SOAP profile
              if (hostedProviderRole != null
                  && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
                FederationSPAdapter spAdapter =
                    FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
                if (spAdapter != null) {
                  try {
                    spAdapter.postTerminationNotificationSuccess(
                        hostedEntityId,
                        request,
                        response,
                        userID,
                        reqFedTermination,
                        IFSConstants.TERMINATION_SP_SOAP_PROFILE);
                  } catch (Exception e) {
                    // ignore adapter exception
                    FSUtils.debug.error("postTerm.SP/SOAP", e);
                  }
                }
              }

              // Always show success page since local termination
              // succeeded and that is what is important
              FSServiceUtils.returnLocallyAfterOperation(
                  response,
                  termination_done_url,
                  true,
                  IFSConstants.TERMINATION_SUCCESS,
                  IFSConstants.TERMINATION_FAILURE);
              return sendStatus;
            } catch (Exception e) {
              FSUtils.debug.error(
                  "FSFedTerminationHandler::"
                      + "doFederationTermination "
                      + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
              // Always show success page since local
              // termination succeeded
              FSServiceUtils.returnLocallyAfterOperation(
                  response,
                  termination_done_url,
                  true,
                  IFSConstants.TERMINATION_SUCCESS,
                  IFSConstants.TERMINATION_FAILURE);
              return false;
            }
          } else {
            if (FSUtils.debug.messageEnabled()) {
              FSUtils.debug.message(
                  "FSSPFedTerminationHandler::doFederation"
                      + "Termination failed. Error in forming Message");
            }
            FSUtils.debug.error(
                "FSSPFedTerminationHandler.doFederationTermination "
                    + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
            // Always show success page since local termination
            // succeeded
            FSServiceUtils.returnLocallyAfterOperation(
                response,
                termination_done_url,
                true,
                IFSConstants.TERMINATION_SUCCESS,
                IFSConstants.TERMINATION_FAILURE);
            return false;
          }
        }
        if (FSUtils.debug.messageEnabled()) {
          FSUtils.debug.message(
              "FSFedTerminationHandler::doFederationTermination "
                  + "failed. Cannot get Service Manager instance");
        }
        FSUtils.debug.error(
            "FSSPFedTerminationHandler::doFederationTermination "
                + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
        // Always show success page since local termination succeeded
        FSServiceUtils.returnLocallyAfterOperation(
            response,
            termination_done_url,
            true,
            IFSConstants.TERMINATION_SUCCESS,
            IFSConstants.TERMINATION_FAILURE);
        return false;
      } else {
        if (FSUtils.debug.messageEnabled()) {
          FSUtils.debug.message(
              "FSFedTerminationHandler::doFederationTermination " + "In Redirect profile");
        }
        String urlEncodedRequest = reqFedTermination.toURLEncodedQueryString();
        // Sign the request querystring
        if (FSServiceUtils.isSigningOn()) {
          String certAlias =
              IDFFMetaUtils.getFirstAttributeValueFromConfig(
                  hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
          if (certAlias == null || certAlias.length() == 0) {
            if (FSUtils.debug.messageEnabled()) {
              FSUtils.debug.message(
                  "FSBrowserArtifactConsumerHandler:: "
                      + "signSAMLRequest:"
                      + "couldn't obtain this site's cert alias.");
            }
            throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
          }
          urlEncodedRequest =
              FSSignatureUtil.signAndReturnQueryString(urlEncodedRequest, certAlias);
        }
        StringBuffer redirectURL = new StringBuffer();
        if (FSUtils.debug.messageEnabled()) {
          FSUtils.debug.message("Request to be sent : " + urlEncodedRequest);
        }
        String retURL = remoteDescriptor.getFederationTerminationServiceURL();
        redirectURL.append(retURL);
        if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
          redirectURL.append(IFSConstants.QUESTION_MARK);
        } else {
          redirectURL.append(IFSConstants.AMPERSAND);
        }
        redirectURL.append(urlEncodedRequest);
        if (FSUtils.debug.messageEnabled()) {
          FSUtils.debug.message(
              "FSFedTerminationHandler::Redirect URL is " + redirectURL.toString());
        }
        // Call SP Adaper for SP initiated HTTP profile
        // ideally this should be called from the
        // FSTerminationReturnServlet, but info not available there
        if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
          FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
          if (spAdapter != null) {
            try {
              spAdapter.postTerminationNotificationSuccess(
                  hostedEntityId,
                  request,
                  response,
                  userID,
                  reqFedTermination,
                  IFSConstants.TERMINATION_SP_HTTP_PROFILE);
            } catch (Exception e) {
              // ignore adapter exception
              FSUtils.debug.error("postTerm.SP/HTTP", e);
            }
          }
        }
        response.sendRedirect(redirectURL.toString());
        return true;
      }
    } catch (IOException e) {
      FSUtils.debug.error(
          "FSFedTerminationHandler"
              + FSUtils.bundle.getString(IFSConstants.FEDERATION_REDIRECT_FAILED));
    } catch (FSMsgException e) {
      FSUtils.debug.error(
          "FSFedTerminationHandler::doFederationTermination "
              + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
    } catch (SAMLResponderException e) {
      FSUtils.debug.error(
          "FSFedTerminationHandler::doFederationTermination "
              + FSUtils.bundle.getString(IFSConstants.TERMINATION_FAILED_SEND_REMOTE));
    }
    // Always show success page since local termination succeeded
    FSServiceUtils.returnLocallyAfterOperation(
        response,
        termination_done_url,
        true,
        IFSConstants.TERMINATION_SUCCESS,
        IFSConstants.TERMINATION_FAILURE);
    return false;
  }
コード例 #5
0
  /**
   * Processes the termination request received from a remote provider. Invoded when SOAP profile is
   * used.
   *
   * @param reqTermination the federation termination request received from remote provider
   * @return <code>true</code> when the process is successful; <code>false</code> otherwise.
   */
  public boolean processSOAPTerminationRequest(
      HttpServletRequest request,
      HttpServletResponse response,
      FSFederationTerminationNotification reqTermination) {
    FSUtils.debug.message("Entered FSFedTerminationHandler::processSOAPTerminationRequest");
    if (managerInst == null) {
      FSUtils.debug.error("FSSPFedTerminationHandler " + "Account Manager instance is null");
      if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message(
            "FSSPFedTerminationHandler::handleFederationTermination"
                + "failed to get Account Manager instance");
      }
      return false;
    }

    if (FSUtils.debug.messageEnabled()) {
      FSUtils.debug.message("Begin processTerminationRequest SOAP profile...");
    }
    boolean bStatus = false;
    if (reqTermination != null) {
      boolean bUserStatus = setUserID(reqTermination);
      if (bUserStatus) {
        bStatus = updateAccountInformation(reqTermination.getNameIdentifier());
        if (!bStatus) {
          FSUtils.debug.error(
              "FSFedTerminationHandler "
                  + FSUtils.bundle.getString(IFSConstants.TERMINATION_REQUEST_PROCESSING_FAILED));
          return false;
        } else {
          FSUtils.debug.message("User sucessfully defederated");
          // Call SP Adapter for remote IDP initiated SOAP case
          if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
            FederationSPAdapter spAdapter =
                FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
            if (spAdapter != null) {
              FSUtils.debug.message("FSFedTerminationHandler.SOAP");
              try {
                spAdapter.postTerminationNotificationSuccess(
                    hostedEntityId,
                    request,
                    response,
                    userID,
                    reqTermination,
                    IFSConstants.TERMINATION_IDP_SOAP_PROFILE);
              } catch (Exception e) {
                // ignore adapter exception
                FSUtils.debug.error("postTerm.IDP/SOAP", e);
              }
            }
          }

          return true;
        }
      } else {
        FSUtils.debug.message("Failed to get UserDN. Invalid termination request");
        return false;
      }
    } else {
      FSUtils.debug.error(
          "FSFedTerminationHandler::processTerminationRequest "
              + "Federation termination request is improper");
      return false;
    }
  }