/**
   * Initiates the federation termination operation.
   *
   * @param request HTTP request
   * @param response HTTP response
   * @param ssoToken corresponding to the user's session
   * @return <code>true</code> if the termination initiation operation is successful; <code>false
   *     </code> otherwise.
   */
  public boolean handleFederationTermination(
      HttpServletRequest request, HttpServletResponse response, Object ssoToken) {
    FSUtils.debug.message("Entered FSFedTerminationHandler::handleFederationTermination");
    this.request = request;
    this.locale = FSServiceUtils.getLocale(request);
    this.response = response;
    this.ssoToken = ssoToken;
    setTerminationURL();
    if (managerInst == null) {
      FSUtils.debug.error("FSSPFedTerminationHandler " + "Account Manager instance is null");
      if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message(
            "FSSPFedTerminationHandler::handleFederationTermination"
                + "failed to get Account Manager instance");
      }
      FSServiceUtils.returnLocallyAfterOperation(
          response,
          termination_done_url,
          false,
          IFSConstants.TERMINATION_SUCCESS,
          IFSConstants.TERMINATION_FAILURE);
      return false;
    }

    try {
      this.userID = SessionManager.getProvider().getPrincipalName(ssoToken);
    } catch (SessionException e) {
      FSUtils.debug.error("FSFedTerminationHandler::handleFederationTermination:", e);
      // cannot proceed without user
      LogUtil.error(Level.INFO, LogUtil.USER_NOT_FOUND, null, ssoToken);
      return false;
    }
    boolean bStatus = updateAccountInformation(null);
    FSUtils.debug.message("After updateAccountInformation");
    if (!bStatus) {
      if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message(
            "FSSPFedTerminationHandler::handleFederationTermination "
                + "Federation Termination failed locally. Cannot update "
                + "account");
      }
      String[] data = {userID};
      LogUtil.error(Level.INFO, LogUtil.TERMINATION_FAILED, data, ssoToken);
      FSServiceUtils.returnLocallyAfterOperation(
          response,
          termination_done_url,
          false,
          IFSConstants.TERMINATION_SUCCESS,
          IFSConstants.TERMINATION_FAILURE);
      return false;
    }
    FSUtils.debug.message("Status of local update true");
    String[] data = {userID};
    LogUtil.access(Level.INFO, LogUtil.TERMINATION_SUCCESS, data, ssoToken);
    resetFederateCookie();
    boolean bRemoteStatus = doFederationTermination(request, response, acctInfo);
    return bRemoteStatus;
  }
Exemplo n.º 2
0
 /*
  * Method to send the passed SOAPMessage to the SOAPEndpoint URL
  * that is passed. The SOAP Message will then be sent across to the remote
  * provider in order to perform federation termination.
  * @param msg the <code>FSFederationTerminationNotification</code>
  *  SOAPMesage to be sent
  * @param soapEndPoint the SOAPEndpoint URL of remote provider
  * @return boolean true if successful else false
  */
 public boolean sendTerminationMessage(SOAPMessage msg, String soapEndPoint) {
   try {
     FSUtils.debug.message("started in func sendTerminationMessage");
     if (soapEndPoint == null) {
       FSUtils.debug.error("createSOAPReceiverURL Error!");
       String[] data = {FSUtils.bundle.getString("failCreateURLEndpoint")};
       LogUtil.error(Level.INFO, LogUtil.FAILED_SOAP_URL_END_POINT_CREATION, data);
       return false;
     }
     // Send the message to the provider using the connection.
     ByteArrayOutputStream output = new ByteArrayOutputStream();
     msg.writeTo(output);
     if (FSUtils.debug.messageEnabled()) {
       String xmlString = output.toString(IFSConstants.DEFAULT_ENCODING);
       FSUtils.debug.message("SENDING message: \n " + xmlString);
       FSUtils.debug.message("URLEndpoint :" + soapEndPoint);
     }
     SOAPConnection con = scf.createConnection();
     SOAPMessage reply = con.call(msg, soapEndPoint);
     FSUtils.debug.message("SOAP CALL COMPLETED");
     return true;
   } catch (Exception e) {
     if (FSUtils.debug.messageEnabled()) {
       FSUtils.debug.message("In catch of sendTerminationMessage", e);
     }
     return false;
   }
 }
 /**
  * Processes the termination request received from a remote provider. Invoded when Http redirect
  * profile is used.
  *
  * @param request HTTP request
  * @param response HTTP response
  * @param reqTermination the federation termination request received from remote provider
  */
 public void processTerminationRequest(
     HttpServletRequest request,
     HttpServletResponse response,
     FSFederationTerminationNotification reqTermination) {
   FSUtils.debug.message("Entered FSFedTerminationHandler::processTerminationRequest...");
   this.request = request;
   this.locale = FSServiceUtils.getLocale(request);
   this.response = response;
   this.relayState = reqTermination.getRelayState();
   setTerminationURL();
   if (managerInst == null) {
     FSUtils.debug.error(
         "FSSPFedTerminationHandler "
             + FSUtils.bundle.getString(IFSConstants.FEDERATION_FAILED_ACCOUNT_INSTANCE));
     if (FSUtils.debug.messageEnabled()) {
       FSUtils.debug.message(
           "FSSPFedTerminationHandler::handleFederationTermination"
               + "failed to get Account Manager instance");
     }
     returnToSource();
     return;
   }
   boolean bStatus = updateAccountInformation(reqTermination.getNameIdentifier());
   if (!bStatus) {
     FSUtils.debug.message("Termination request processing failed");
     String[] data = {
       FSUtils.bundle.getString(IFSConstants.TERMINATION_REQUEST_PROCESSING_FAILED)
     };
     LogUtil.error(Level.INFO, LogUtil.TERMINATION_FAILED, data, ssoToken);
     returnToSource();
     return;
   }
   FSUtils.debug.message("User sucessfully defederated");
   String[] data = {FSUtils.bundle.getString(IFSConstants.TERMINATION_SUCCEEDED)};
   LogUtil.access(Level.INFO, LogUtil.TERMINATION_SUCCESS, data, ssoToken);
   // Call SP Adaper for remote IDP initiated HTTP profile
   if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
     FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
     if (spAdapter != null) {
       FSUtils.debug.message("FSFedTerminationHandler.HTTP");
       try {
         spAdapter.postTerminationNotificationSuccess(
             hostedEntityId,
             request,
             response,
             userID,
             reqTermination,
             IFSConstants.TERMINATION_IDP_HTTP_PROFILE);
       } catch (Exception e) {
         // ignore adapter exception
         FSUtils.debug.error("postTermNotification.IDP/HTTP", e);
       }
     }
   }
   returnToSource();
   return;
 }
  /**
   * Updates the user account information. After sucessful operation, the federation status
   * corresponding to the user with the remote provider is set to inactive.
   *
   * @param ni <code>NameIdentifier</code> object corresponding to a user
   * @return boolean containing the status of the update operation
   */
  protected boolean updateAccountInformation(NameIdentifier ni) {
    try {
      FSUtils.debug.message("FSFedTerminationHandler::updateAccountInformation: start");
      String searchDomain = remoteEntityId;
      // get name identifier to remove it from federation info key
      String nameId = null;
      String nameQualifier = null;
      if (ni != null) {
        nameQualifier = ni.getNameQualifier();
        if (nameQualifier != null
            && (nameQualifier.length() != 0)
            && !nameQualifier.equals(remoteEntityId)) {
          searchDomain = nameQualifier;
        }
        nameId = ni.getName();
      }
      if (nameId == null && acctInfo != null) {
        FSUtils.debug.message("FSAccountManager: getnameId in accInfo");
        NameIdentifier temp = acctInfo.getLocalNameIdentifier();
        if (temp != null) {
          nameId = temp.getName();
          nameQualifier = temp.getNameQualifier();
        } else {
          temp = acctInfo.getRemoteNameIdentifier();
          if (temp != null) {
            nameId = temp.getName();
            nameQualifier = temp.getNameQualifier();
          }
        }
      }
      FSAccountFedInfoKey fedInfoKey = new FSAccountFedInfoKey(nameQualifier, nameId);
      managerInst.removeAccountFedInfo(userID, fedInfoKey, searchDomain);

      if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message(
            "FSFedTerminationHandler:: "
                + "updateAccountInformation deactivate successfully completed");
      }
    } catch (FSAccountMgmtException e) {
      FSUtils.debug.error(
          "FSFedTerminationHandler::updateAccountInformation "
              + FSUtils.bundle.getString(IFSConstants.TERMINATION_LOCAL_FAILED));
      String[] data = {userID};
      LogUtil.error(Level.INFO, LogUtil.TERMINATION_FAILED, data, ssoToken);
      return false;
    }
    // Clean SessionMap off the partner to be done here.
    if (FSUtils.debug.messageEnabled()) {
      FSUtils.debug.message("Cleaning Session manager for user : "******"Cleaning Session manager for remote provider: " + remoteEntityId);
      FSUtils.debug.message("Cleaning Session manager for hosted provider: " + hostedEntityId);
    }
    FSLogoutUtil.cleanSessionMapPartnerList(userID, remoteEntityId, metaAlias, null);
    return true;
  }
Exemplo n.º 5
0
  /*
   * Sends a synchronous SOAPMessage to remote provider.
   * @param response the http response object
   * @param msg the <code>SOAPMessage</code> to be sent
   * @param partnerDecriptor the remote provider meta descriptor
   * @param needAuthn determines forced authn
   * @return <code>SOAPMessage</code> corresponding to liberty
   *  request/response message
   * @exception IOException, SOAPException if error occurrs
   */
  public SOAPMessage doSyncCall(
      HttpServletResponse response,
      SOAPMessage msg,
      ProviderDescriptorType partnerDecriptor,
      boolean needAuthn)
      throws IOException, SOAPException {
    FSUtils.debug.message("FSSOAPService.doSyncCall: Called");

    String soapURL = createSOAPReceiverUrl(response, partnerDecriptor, false);
    if (soapURL == null) {
      FSUtils.debug.error("FSSOAPService.doSyncCall: " + "createSOAPReceiverURL Error!");
      String[] data = {FSUtils.bundle.getString("failCreateURLEndpoint")};
      LogUtil.error(Level.INFO, LogUtil.FAILED_SOAP_URL_END_POINT_CREATION, data);
      return null;
    }
    // Send the message to the provider using the connection.
    ByteArrayOutputStream output = new ByteArrayOutputStream();
    msg.writeTo(output);
    String xmlString = output.toString(IFSConstants.DEFAULT_ENCODING);
    if (FSUtils.debug.messageEnabled()) {
      FSUtils.debug.message("FSSOAPService.doSyncCall: SENDING message\n" + xmlString);
    }
    SOAPConnection con = scf.createConnection();
    SOAPMessage reply = con.call(msg, soapURL);
    if (reply == null) {
      response.sendError(
          response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("noReplyfromSOAPReceiver"));
      return null;
    }

    // check the SOAP message for any SOAP related errors
    // before passing control to SAML processor
    output = new ByteArrayOutputStream();
    reply.writeTo(output);
    xmlString = output.toString(IFSConstants.DEFAULT_ENCODING);
    if (FSUtils.debug.messageEnabled()) {
      FSUtils.debug.message("FSSOAPService.doSyncCall: REPLIED message:\n" + xmlString);
    }
    return reply;
  }
Exemplo n.º 6
0
 /*
  * Sends the passed SOAPMessage to the SOAPEndpoint URL
  * that is passed.
  * @param msg the <code>SOAPMessage</code> to be sent
  * @param soapEndPoint the SOAPEndpoint URL of remote provider
  * @return SOAPMessage response message from remote provider
  * @exception IOException, SOAPException if error occurrs
  */
 public SOAPMessage sendMessage(SOAPMessage msg, String soapEndPoint)
     throws IOException, SOAPException {
   try {
     FSUtils.debug.message("just started in func sendMessage");
     if (soapEndPoint == null) {
       FSUtils.debug.error("createSOAPReceiverURL Error!");
       String[] data = {soapEndPoint};
       LogUtil.error(Level.INFO, LogUtil.FAILED_SOAP_URL_END_POINT_CREATION, data);
       return null;
     }
     // Send the message to the provider using the connection.
     ByteArrayOutputStream output = new ByteArrayOutputStream();
     msg.writeTo(output);
     String xmlString = output.toString(IFSConstants.DEFAULT_ENCODING);
     if (FSUtils.debug.messageEnabled()) {
       FSUtils.debug.message(
           "SENDING message: \n " + xmlString + "\nURLEndpoint :" + soapEndPoint + "\nSOAP CALL");
     }
     SOAPConnection con = scf.createConnection();
     SOAPMessage reply = con.call(msg, soapEndPoint);
     FSUtils.debug.message("SOAP CALL COMPLETED");
     if (reply == null) {
       return null;
     }
     // check the SOAP message for any SOAP related errors
     // before passing control to SAML processor
     output = new ByteArrayOutputStream();
     reply.writeTo(output);
     xmlString = output.toString(IFSConstants.DEFAULT_ENCODING);
     if (FSUtils.debug.messageEnabled()) {
       FSUtils.debug.message("REPLIED message: \n " + xmlString);
     }
     return reply;
   } catch (Exception e) {
     FSUtils.debug.error("In catch of sendMessage", e);
     return null;
   }
 }
Exemplo n.º 7
0
  /*
   * Method to construct the URLEndpoint depending on whether basic
   * authentication of one provider to another is to be done. Otherwise the
   * SOAPEndpoint of the remote provider is returned
   * @param response the response object
   * @param partnerDecriptor the remote provider descriptor
   * @param needAuthn determines forced authn
   * @return Element corresponding to liberty request/response
   */
  public String createSOAPReceiverUrl(
      HttpServletResponse response, ProviderDescriptorType partnerDecriptor, boolean needAuthn)
      throws IOException {
    // TODO: need to handle needAuthn correctly
    // TODO: need to retrieve auth type, user name and password from meta
    // basic authentication
    String username = null;
    String password = null;
    String to = partnerDecriptor.getSoapEndpoint();
    String authtype = null;
    String soapURL = null;
    if (needAuthn) {
      int idnx = -1;
      if ((idnx = to.indexOf("//")) == -1) {
        FSUtils.debug.error(
            "FSSOAPService.createSOAPReceiverUrl: "
                + "createSOAPReceiverUrl: SOAP-Receiver-URL illegal format.");
        response.sendError(
            response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("illegalFormatSOAPUrl"));
        return null;
      }
      String protocol = to.substring(0, idnx - 1);
      if (authtype.equalsIgnoreCase(IFSConstants.BASICAUTH)
          || authtype.equalsIgnoreCase(IFSConstants.NOAUTH)) {
        if (!protocol.equals(IFSConstants.HTTP)) {
          String[] data = {protocol, authtype};
          LogUtil.error(Level.INFO, LogUtil.MISMATCH_AUTH_TYPE_AND_PROTOCOL, data);
          response.sendError(
              response.SC_INTERNAL_SERVER_ERROR,
              FSUtils.bundle.getString("mismatchAuthTypeandProtocol"));
          return null;
        }
      } else if (authtype.equalsIgnoreCase(IFSConstants.SSLWITHBASICAUTH)
          || authtype.equalsIgnoreCase(IFSConstants.SSL)) {
        if (!protocol.equals(IFSConstants.HTTPS)) {
          String[] data = {protocol, authtype};
          LogUtil.error(Level.INFO, LogUtil.MISMATCH_AUTH_TYPE_AND_PROTOCOL, data);
          response.sendError(
              response.SC_INTERNAL_SERVER_ERROR,
              FSUtils.bundle.getString("mismatchAuthTypeandProtocol"));
          return null;
        }
      } else {
        String[] data = {authtype};
        LogUtil.error(Level.INFO, LogUtil.WRONG_AUTH_TYPE, data);
        response.sendError(
            response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("wrongAuthType"));
        return null;
      }

      if (authtype.equalsIgnoreCase(IFSConstants.BASICAUTH)
          || authtype.equalsIgnoreCase(IFSConstants.SSLWITHBASICAUTH)) {
        Map userMap = null; // partnerDecriptor.getAuthType();
        username = (String) userMap.get(IFSConstants.USER);
        password = (String) userMap.get(IFSConstants.PASSWORD);
        if (username == null || password == null) {
          FSUtils.debug.error(
              "FSSOAPService.createSOAPReceiverUrl: "
                  + "PartnerSite required basic authentication. But "
                  + "the user name used for authentication is null.");
          response.sendError(
              response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("wrongConfigBasicAuth"));
          return null;
        }
        StringBuffer toSOAP = new StringBuffer(100);
        toSOAP
            .append(to.substring(0, idnx + 2))
            .append(username)
            .append(":")
            .append(password)
            .append("@")
            .append(to.substring(idnx + 2));
        soapURL = toSOAP.toString();
      }
      return null;
    } else {
      soapURL = to;
    }
    if (FSUtils.debug.messageEnabled()) {
      FSUtils.debug.message(
          "FSSOAPService.createSOAPReceiverUrl: Sending message to URL: " + soapURL);
    }
    String[] data = {soapURL};
    LogUtil.access(Level.FINER, "SOAP_RECEIVER_URL", data);
    return soapURL;
  }