/** * Returns the SSOToken of the user. If user has not authenticated re-directs the user to login * page */ private SSOToken getSSOToken(HttpServletRequest request, HttpServletResponse response) throws IOException { SSOToken token = null; try { /* SSOTokenManager.createSSOToken() throws an SSOException if the * token is not valid, so for a invalid token manager.isValidToken() * will never get executed for an invalid token. */ if (((token = tokenManager.createSSOToken(request)) == null) || !tokenManager.isValidToken(token)) { if (debug.messageEnabled()) { debug.message( "CDCClientServlet.getSSOToken:SSOToken is " + "either null or not valid: " + token + "\nRedirecting for authentication"); } token = null; } } catch (com.iplanet.sso.SSOException e) { if (debug.messageEnabled()) { debug.message("CDCClientServlet.getSSOToken:SSOException " + "caught= " + e); } token = null; } return (token); }
/** * Returns names of all realms included in the subtree rooted by the realm indicated in the query * url. * * <p>Names are unsorted and given as full paths. * * <p>Filtering, sorting, and paging of results is not supported. * * <p>{@inheritDoc} */ @Override public void queryCollection( final ServerContext context, final QueryRequest request, final QueryResultHandler handler) { final String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context); final RealmContext realmContext = context.asContext(RealmContext.class); final String realmPath = realmContext.getResolvedRealm(); try { final SSOTokenManager mgr = SSOTokenManager.getInstance(); final SSOToken ssoToken = mgr.createSSOToken(getCookieFromServerContext(context)); final OrganizationConfigManager ocm = new OrganizationConfigManager(ssoToken, realmPath); final List<String> realmsInSubTree = new ArrayList<String>(); realmsInSubTree.add(realmPath); for (final Object subRealmRelativePath : ocm.getSubOrganizationNames("*", true)) { if (realmPath.endsWith("/")) { realmsInSubTree.add(realmPath + subRealmRelativePath); } else { realmsInSubTree.add(realmPath + "/" + subRealmRelativePath); } } debug.message("RealmResource :: QUERY : performed by " + principalName); for (final Object realmName : realmsInSubTree) { JsonValue val = new JsonValue(realmName); Resource resource = new Resource((String) realmName, "0", val); handler.handleResource(resource); } handler.handleResult(new QueryResult()); } catch (SSOException ex) { debug.error("RealmResource :: QUERY by " + principalName + " failed : " + ex); handler.handleError(ResourceException.getException(ResourceException.FORBIDDEN)); } catch (SMSException ex) { debug.error("RealmResource :: QUERY by " + principalName + " failed :" + ex); switch (ex.getExceptionCode()) { case STATUS_NO_PERMISSION: // This exception will be thrown if permission to read realms from SMS has not been // delegated handler.handleError(ResourceException.getException(ResourceException.FORBIDDEN)); break; default: handler.handleError(ResourceException.getException(ResourceException.INTERNAL_ERROR)); break; } } }
protected void ldapLogin() throws CLIException { if (ssoToken == null) { Authenticator auth = Authenticator.getInstance(); String bindUser = getAdminID(); ssoToken = auth.ldapLogin(getCommandManager(), bindUser, getAdminPassword()); } else { try { SSOTokenManager mgr = SSOTokenManager.getInstance(); mgr.validateToken(ssoToken); } catch (SSOException e) { throw new CLIException(e, ExitCodes.SESSION_EXPIRED); } } }
/** * Creates an instance of <code>ServiceManager</code>. The <code>SSOToken</code> is used to * identify the user performing service operations. * * @param token the authenticated single sign on token. * @throws SSOException if the user's single sign on token is invalid or expired * @throws SMSException if an error occurred while performing the operation * @supported.api */ public ServiceManager(SSOToken token) throws SSOException, SMSException { // Initilaize the static variables and caches initialize(token); // Validate SSOToken SSOTokenManager.getInstance().validateToken(token); this.token = token; }
private void populateContextFromTokenId(String tokenId) { try { SSOToken token = SSOTokenManager.getInstance().createSSOToken(tokenId); AuditRequestContext.putProperty(USER_ID, getUserId(token)); AuditRequestContext.putProperty(SESSION.toString(), getContextFromSSOToken(token)); } catch (SSOException e) { debug.warning("No SSO Token found when trying to audit an authentication request."); } }
/** * Constructor for FAMSecurityToken * * @param ssoToken Single Sign on token of the subject. * @throws com.sun.identity.wss.security.SecurityException */ public FAMSecurityToken(SSOToken ssoToken) throws SecurityException { try { SSOTokenManager.getInstance().validateToken(ssoToken); tokenID = ssoToken.getTokenID().toString(); tokenType = SecurityToken.WSS_FAM_SSO_TOKEN; appTokenID = (WSSUtils.getAdminToken()).getTokenID().toString(); } catch (SSOException se) { throw new SecurityException(se.getMessage()); } }
private SSOTokenManager getTokenManager() { if (ssoTokenManager == null) { try { ssoTokenManager = SSOTokenManager.getInstance(); } catch (Exception ex) { throw new RuntimeException("Could not get an instance of SSOTokenManager", ex); } } return ssoTokenManager; }
private SSOToken validateAssertionSubjectSession( TokenGenerationServiceInvocationState invocationState) throws ForbiddenException { SSOToken subjectToken; SSOTokenManager tokenManager; try { tokenManager = SSOTokenManager.getInstance(); subjectToken = tokenManager.createSSOToken(invocationState.getSsoTokenString()); } catch (SSOException e) { logger.debug( "Exception caught creating the SSO token from the token string, almost certainly " + "because token string does not correspond to a valid session: " + e); throw new ForbiddenException(e.toString(), e); } if (!tokenManager.isValidToken(subjectToken)) { throw new ForbiddenException("SSO token string does not correspond to a valid SSOToken"); } try { AMIdentity subjectIdentity = IdUtils.getIdentity(subjectToken); String invocationRealm = invocationState.getRealm(); String subjectSessionRealm = DNMapper.orgNameToRealmName(subjectIdentity.getRealm()); logger.debug( "TokenGenerationService:validateAssertionSubjectSession subjectRealm " + subjectSessionRealm + " invocation realm: " + invocationRealm); if (!invocationRealm.equalsIgnoreCase(subjectSessionRealm)) { logger.error( "TokenGenerationService:validateAssertionSubjectSession realms do not match: Subject realm : " + subjectSessionRealm + " invocation realm: " + invocationRealm); throw new ForbiddenException("SSO token subject realm does not match invocation realm"); } } catch (SSOException | IdRepoException e) { logger.error( "TokenGenerationService:validateAssertionSubjectSession error while validating identity : " + e); throw new ForbiddenException(e.toString(), e); } return subjectToken; }
private String getAuthModulesFromSSOToken(OAuth2Request request) { String authModules = null; try { SSOToken token = ssoTokenManager.createSSOToken(ServletUtils.getRequest(request.<Request>getRequest())); if (token != null) { authModules = token.getProperty(ISAuthConstants.AUTH_TYPE); } } catch (SSOException e) { logger.warning("Could not get list of auth modules from authentication", e); } return authModules; }
private void initAuthSessions() throws SSOException, SessionException { if (authSession == null) { authSession = getSS().getAuthenticationSession(defaultOrg, null); if (authSession == null) { debug.error("AuthD failed to get auth session"); throw new SessionException(BUNDLE_NAME, "gettingSessionFailed", null); } String clientID = authSession.getClientID(); authSession.setProperty("Principal", clientID); authSession.setProperty("Organization", defaultOrg); authSession.setProperty("Host", authSession.getID().getSessionServer()); DN dn = new DN(clientID); if (dn.isDN()) { String[] tokens = dn.explodeDN(true); String id = "id=" + tokens[0] + ",ou=user," + ServiceManager.getBaseDN(); authSession.setProperty(Constants.UNIVERSAL_IDENTIFIER, id); } SSOTokenManager ssoManager = SSOTokenManager.getInstance(); ssoAuthSession = ssoManager.createSSOToken(authSession.getID().toString()); } }
private int validateTokenId(HttpServletRequest request) throws ServletException, IOException { String tokenId = request.getHeader(RestServiceManager.SUBJECT_HEADER_NAME); String hashed = request.getParameter(RestServiceManager.HASHED_SUBJECT_QUERY); if (((tokenId == null) || (tokenId.trim().length() == 0)) && ((hashed == null) || (hashed.trim().length() == 0))) { // by pass the check return HttpServletResponse.SC_OK; } if ((tokenId == null) || (tokenId.trim().length() == 0)) { try { SSOTokenManager mgr = SSOTokenManager.getInstance(); SSOToken token = mgr.createSSOToken(request); tokenId = token.getTokenID().toString(); } catch (SSOException e) { return HttpServletResponse.SC_UNAUTHORIZED; } } if (!Boolean.parseBoolean( SystemProperties.get(RestServiceManager.DISABLE_HASHED_SUBJECT_CHECK, "false"))) { if ((hashed == null) || (hashed.trim().length() == 0)) { return HttpServletResponse.SC_UNAUTHORIZED; } else { int idx = tokenId.indexOf(':'); if (idx != -1) { tokenId = tokenId.substring(idx + 1); } if (!Hash.hash(tokenId).equals(hashed)) { return HttpServletResponse.SC_UNAUTHORIZED; } } } return HttpServletResponse.SC_OK; }
/** * @param config the ServletConfig object that contains configutation information for this * servlet. * @exception ServletException if an exception occurs that interrupts the servlet's normal * operation. */ public void init(ServletConfig config) throws ServletException { super.init(config); if (debug.messageEnabled()) { debug.message("CDCClientServlet.init:CDCClientServlet " + "Initializing..."); } try { tokenManager = SSOTokenManager.getInstance(); } catch (SSOException ssoe) { debug.error("CDCClientServlet.init:unable to get SSOTokenManager", ssoe); } authURLCookieName = SystemProperties.get(Constants.AUTH_UNIQUE_COOKIE_NAME, "sunIdentityServerAuthNServer"); authURLCookieDomain = SystemProperties.get(Constants.AUTH_UNIQUE_COOKIE_DOMAIN, ""); deployDescriptor = SystemProperties.get(Constants.AM_DISTAUTH_DEPLOYMENT_DESCRIPTOR, "/distauth"); }
public Subject getAuthZSubject(HttpServletRequest req) throws RestException { try { String tokenId = req.getHeader(RestServiceManager.SUBJECT_HEADER_NAME); if ((tokenId == null) || (tokenId.trim().length() == 0)) { SSOTokenManager mgr = SSOTokenManager.getInstance(); SSOToken token = mgr.createSSOToken(req); return SubjectUtils.createSubject(token); } else { int idx = tokenId.indexOf(':'); if (idx != -1) { tokenId = tokenId.substring(idx + 1); } SSOTokenManager mgr = SSOTokenManager.getInstance(); SSOToken token = mgr.createSSOToken(tokenId); return SubjectUtils.createSubject(token); } } catch (SSOException ex) { throw new RestException(1, ex); } }
/** * Helper method to check if client has taken permission to set value to it. If * * @param clientToken Token of the client setting protected property. * @param key Property key * @param value Property value. * @throws SessionException if the key is protected property. */ public static void checkPermissionToSetProperty(SSOToken clientToken, String key, String value) throws SessionException { if (InternalSession.isProtectedProperty(key)) { if (clientToken == null) { // Throw Ex. Client should identify itself. if (SessionService.sessionDebug.warningEnabled()) { SessionService.sessionDebug.warning( "SessionUtils.checkPermissionToSetProperty(): " + "Attempt to set protected property without client " + "token [" + key + "=" + value + "]"); } throw new SessionException( SessionBundle.getString("protectedPropertyNoClientToken") + " " + key); } SSOTokenManager ssoTokenManager = null; try { ssoTokenManager = SSOTokenManager.getInstance(); } catch (SSOException ssoEx) { // Throw Ex. Not able to get SSOTokenManager instance. SessionService.sessionDebug.error( "SessionUtils.checkPermissionToSetProperty(): " + "Cannot get instance of SSOTokenManager."); throw new SessionException( SessionBundle.getString("protectedPropertyNoSSOTokenMgrInstance") + " " + key); } if (!ssoTokenManager.isValidToken(clientToken)) { // Throw Ex. Client should identify itself. if (SessionService.sessionDebug.warningEnabled()) { SessionService.sessionDebug.warning( "SessionUtils.checkPermissionToSetProperty(): " + "Attempt to set protected property with invalid client" + " token [" + key + "=" + value + "]"); } throw new SessionException( SessionBundle.getString("protectedPropertyInvalidClientToken") + " " + key); } SSOToken admToken = null; try { admToken = SessionUtils.getAdminToken(); } catch (SSOException ssoEx) { // Throw Ex. Server not able to get Admin Token. SessionService.sessionDebug.error( "SessionUtils.checkPermissionToSetProperty(): " + "Cannot get Admin Token for validation to set protected " + "property [" + key + "=" + value + "]"); throw new SessionException( SessionBundle.getString("protectedPropertyNoAdminToken") + " " + key); } if (!SessionUtils.isAdmin(admToken, clientToken)) { // Throw Ex. Client not authorized to set this property. SessionService.sessionDebug.error( "SessionUtils.checkPermissionToSetProperty(): " + "Client does not have permission to set protected " + "property" + key + "=" + value + "]"); throw new SessionException( SessionBundle.getString("protectedPropertyNoPermission") + " " + key); } } }
/* * Process the XMLRequest */ private AuthXMLResponse processAuthXMLRequest( String xml, AuthXMLRequest authXMLRequest, HttpServletRequest servletRequest, HttpServletResponse servletResponse) { if (messageEnabled) { debug.message("authXMLRequest is : " + authXMLRequest); } int requestType = authXMLRequest.getRequestType(); String sessionID = authXMLRequest.getAuthIdentifier(); String orgName = authXMLRequest.getOrgName(); AuthContextLocal authContext = authXMLRequest.getAuthContext(); LoginState loginState = AuthUtils.getLoginState(authContext); String params = authXMLRequest.getParams(); List envList = authXMLRequest.getEnvironment(); Map envMap = toEnvMap(envList); AuthXMLResponse authResponse = new AuthXMLResponse(requestType); authResponse.setAuthContext(authContext); authResponse.setAuthIdentifier(sessionID); if (messageEnabled) { debug.message("authContext is : " + authContext); debug.message("requestType : " + requestType); } if (authXMLRequest.getValidSessionNoUpgrade()) { authResponse.setAuthXMLRequest(authXMLRequest); authResponse.setValidSessionNoUpgrade(true); return authResponse; } String securityEnabled = null; try { securityEnabled = AuthUtils.getRemoteSecurityEnabled(); } catch (AuthException auExp) { debug.error("Got Exception", auExp); setErrorCode(authResponse, auExp); return authResponse; } if (debug.messageEnabled()) { debug.message("Security Enabled = " + securityEnabled); } if (requestType != 0) { if ((securityEnabled != null) && (securityEnabled.equals("true"))) { security = true; String indexNameLoc = authXMLRequest.getIndexName(); AuthContext.IndexType indexTypeLoc = authXMLRequest.getIndexType(); if (indexTypeLoc == null) { indexTypeLoc = AuthUtils.getIndexType(authContext); indexNameLoc = AuthUtils.getIndexName(authContext); } if (debug.messageEnabled()) { debug.message("Index Name Local : " + indexNameLoc); debug.message("Index Type Local : " + indexTypeLoc); } if (((indexTypeLoc == null) || (indexNameLoc == null)) || !((indexTypeLoc == AuthContext.IndexType.MODULE_INSTANCE) && indexNameLoc.equals("Application"))) { try { String ssoTokenID = authXMLRequest.getAppSSOTokenID(); if (debug.messageEnabled()) { debug.message("Session ID = : " + ssoTokenID); } SSOTokenManager manager = SSOTokenManager.getInstance(); SSOToken appSSOToken = manager.createSSOToken(ssoTokenID); // if the token isn't valid, let the client know so they // retry if (!manager.isValidToken(appSSOToken)) { if (debug.messageEnabled()) { debug.message("App SSOToken is not valid"); } setErrorCode( authResponse, new AuthException(AMAuthErrorCode.REMOTE_AUTH_INVALID_SSO_TOKEN, null)); return authResponse; } else { debug.message("App SSOToken is VALID"); } } catch (SSOException ssoe) { // token is unknown to OpenAM, let the client know so they // can retry if (debug.messageEnabled()) { debug.message("App SSOToken is not valid: " + ssoe.getMessage()); } setErrorCode( authResponse, new AuthException(AMAuthErrorCode.REMOTE_AUTH_INVALID_SSO_TOKEN, null)); return authResponse; } catch (Exception exp) { debug.error("Got Exception", exp); setErrorCode(authResponse, exp); return authResponse; } } } } else { security = false; } // if index type is level and choice callback has a // selected choice then start module based authentication. if ((AuthUtils.getIndexType(authContext) == AuthContext.IndexType.LEVEL) || (AuthUtils.getIndexType(authContext) == AuthContext.IndexType.COMPOSITE_ADVICE)) { Callback[] callbacks = authXMLRequest.getSubmittedCallbacks(); if (messageEnabled) { debug.message("Callbacks are : " + callbacks); } if (callbacks != null) { if (messageEnabled) { debug.message("Callback length is : " + callbacks.length); } if (callbacks[0] instanceof ChoiceCallback) { ChoiceCallback cc = (ChoiceCallback) callbacks[0]; int[] selectedIndexes = cc.getSelectedIndexes(); int selected = selectedIndexes[0]; String[] choices = cc.getChoices(); String indexName = choices[selected]; if (messageEnabled) { debug.message("Selected Index is : " + indexName); } authXMLRequest.setIndexType("moduleInstance"); authXMLRequest.setIndexName(indexName); authXMLRequest.setRequestType(AuthXMLRequest.LoginIndex); requestType = AuthXMLRequest.LoginIndex; } } } AuthContext.Status loginStatus = AuthContext.Status.IN_PROGRESS; HttpServletRequest clientRequest = authXMLRequest.getClientRequest(); if (loginState != null) { loginState.setHttpServletRequest(clientRequest); loginState.setHttpServletResponse(authXMLRequest.getClientResponse()); if (clientRequest != null) { loginState.setParamHash(AuthUtils.parseRequestParameters(clientRequest)); } } switch (requestType) { case AuthXMLRequest.NewAuthContext: try { processNewRequest(servletRequest, servletResponse, authResponse, loginState, authContext); postProcess(loginState, authResponse); } catch (Exception ex) { debug.error("Error in NewAuthContext ", ex); setErrorCode(authResponse, ex); } break; case AuthXMLRequest.Login: try { if (sessionID != null && sessionID.equals("0")) { processNewRequest( servletRequest, servletResponse, authResponse, loginState, authContext); } String clientHost = null; if (security) { clientHost = authXMLRequest.getHostName(); if (messageEnabled) { debug.message("Client Host from Request = " + clientHost); } } if ((clientHost == null) && (servletRequest != null)) { clientHost = ClientUtils.getClientIPAddress(servletRequest); } loginState.setClient(clientHost); authContext.login(); // setServletRequest(servletRequest,authContext); processRequirements(xml, authContext, authResponse, params, servletRequest); loginStatus = authContext.getStatus(); authResponse.setRemoteRequest(loginState.getHttpServletRequest()); authResponse.setRemoteResponse(loginState.getHttpServletResponse()); postProcess(loginState, authResponse); checkACException(authResponse, authContext); } catch (Exception ex) { debug.error("Error during login ", ex); setErrorCode(authResponse, ex); authResponse.setLoginStatus(authContext.getStatus()); } break; case AuthXMLRequest.LoginIndex: try { AuthContext.IndexType indexType = authXMLRequest.getIndexType(); String indexName = authXMLRequest.getIndexName(); if (messageEnabled) { debug.message("indexName is : " + indexName); debug.message("indexType is : " + indexType); } if (sessionID != null && sessionID.equals("0")) { processNewRequest( servletRequest, servletResponse, authResponse, loginState, authContext); } String clientHost = null; if (security) { clientHost = authXMLRequest.getHostName(); if (messageEnabled) { debug.message("Client Host from Request = " + clientHost); } } if ((clientHost == null) && (servletRequest != null)) { clientHost = ClientUtils.getClientIPAddress(servletRequest); } loginState.setClient(clientHost); String locale = authXMLRequest.getLocale(); if (locale != null && locale.length() > 0) { if (debug.messageEnabled()) { debug.message("locale is : " + locale); } authContext.login(indexType, indexName, envMap, locale); } else { authContext.login(indexType, indexName, envMap, null); } // setServletRequest(servletRequest,authContext); processRequirements(xml, authContext, authResponse, params, servletRequest); loginStatus = authContext.getStatus(); authResponse.setRemoteRequest(loginState.getHttpServletRequest()); authResponse.setRemoteResponse(loginState.getHttpServletResponse()); postProcess(loginState, authResponse); checkACException(authResponse, authContext); } catch (Exception ex) { debug.error("Exception during LoginIndex", ex); setErrorCode(authResponse, ex); } break; case AuthXMLRequest.LoginSubject: try { Subject subject = authXMLRequest.getSubject(); authContext.login(subject); // setServletRequest(servletRequest,authContext); processRequirements(xml, authContext, authResponse, params, servletRequest); postProcess(loginState, authResponse); loginStatus = authContext.getStatus(); checkACException(authResponse, authContext); } catch (AuthLoginException ale) { debug.error("Exception during LoginSubject", ale); setErrorCode(authResponse, ale); } break; case AuthXMLRequest.SubmitRequirements: try { // setServletRequest(servletRequest,authContext); Callback[] submittedCallbacks = authXMLRequest.getSubmittedCallbacks(); authContext.submitRequirements(submittedCallbacks); Callback[] reqdCallbacks = null; if (authContext.hasMoreRequirements()) { reqdCallbacks = authContext.getRequirements(); authResponse.setReqdCallbacks(reqdCallbacks); } authResponse.setRemoteRequest(loginState.getHttpServletRequest()); authResponse.setRemoteResponse(loginState.getHttpServletResponse()); postProcess(loginState, authResponse); loginStatus = authContext.getStatus(); authResponse.setLoginStatus(loginStatus); InternalSession oldSession = loginState.getOldSession(); authResponse.setOldSession(oldSession); checkACException(authResponse, authContext); } catch (Exception ex) { debug.error("Error during submit requirements ", ex); setErrorCode(authResponse, ex); } break; case AuthXMLRequest.QueryInformation: try { if (sessionID != null && sessionID.equals("0")) { processNewRequest( servletRequest, servletResponse, authResponse, loginState, authContext); } Set moduleNames = authContext.getModuleInstanceNames(); authResponse.setModuleNames(moduleNames); authResponse.setAuthContext(authContext); postProcess(loginState, authResponse); checkACException(authResponse, authContext); } catch (Exception ex) { debug.error("Error during Query Information", ex); setErrorCode(authResponse, ex); } break; case AuthXMLRequest.Logout: // Object loginContext = null; // InternalSession intSess = null; // SSOToken token = null; // boolean logoutCalled = false; if (sessionID != null && !sessionID.equals("0")) { /*intSess = AuthD.getSession(sessionID); try { token = SSOTokenManager.getInstance(). createSSOToken(sessionID); if (debug.messageEnabled()) { debug.message("AuthXMLHandler." + "processAuthXMLRequest: Created token " + "during logout = "+token); } } catch (com.iplanet.sso.SSOException ssoExp) { if (debug.messageEnabled()) { debug.message("AuthXMLHandler.processAuthXMLRequest:" + "SSOException checking validity of SSO Token"); } }*/ try { AuthUtils.logout(sessionID, servletRequest, servletResponse); } catch (com.iplanet.sso.SSOException ssoExp) { if (debug.messageEnabled()) { debug.message( "AuthXMLHandler.processAuthXMLRequest:" + "SSOException checking validity of SSO Token"); } } } /*if (intSess != null) { loginContext = intSess.getObject(ISAuthConstants. LOGIN_CONTEXT); } try { if (loginContext != null) { if (loginContext instanceof javax.security.auth.login.LoginContext) { javax.security.auth.login.LoginContext lc = (javax.security.auth.login.LoginContext) loginContext; lc.logout(); } else { com.sun.identity.authentication.jaas.LoginContext jlc = (com.sun.identity.authentication.jaas. LoginContext) loginContext; jlc.logout(); } logoutCalled = true; } } catch (javax.security.auth.login.LoginException loginExp) { debug.error("AuthXMLHandler.processAuthXMLRequest: " + "Cannot Execute module Logout", loginExp); } Set postAuthSet = null; if (intSess != null) { postAuthSet = (Set) intSess.getObject(ISAuthConstants. POSTPROCESS_INSTANCE_SET); } if ((postAuthSet != null) && !(postAuthSet.isEmpty())) { AMPostAuthProcessInterface postLoginInstance=null; for(Iterator iter = postAuthSet.iterator(); iter.hasNext();) { try { postLoginInstance = (AMPostAuthProcessInterface) iter.next(); postLoginInstance.onLogout(servletRequest, servletResponse, token); } catch (Exception exp) { debug.error("AuthXMLHandler.processAuthXMLRequest: " + "Failed in post logout.", exp); } } } else { String plis = null; if (intSess != null) { plis = intSess.getProperty( ISAuthConstants.POST_AUTH_PROCESS_INSTANCE); } if (plis != null && plis.length() > 0) { StringTokenizer st = new StringTokenizer(plis, "|"); if (token != null) { while (st.hasMoreTokens()) { String pli = (String)st.nextToken(); try { AMPostAuthProcessInterface postProcess = (AMPostAuthProcessInterface) Thread.currentThread(). getContextClassLoader(). loadClass(pli).newInstance(); postProcess.onLogout(servletRequest, servletResponse, token); } catch (Exception e) { debug.error("AuthXMLHandler." + "processAuthXMLRequest:" + pli, e); } } } } } try { boolean isTokenValid = SSOTokenManager.getInstance(). isValidToken(token); if ((token != null) && isTokenValid) { AuthD.getAuth().logLogout(token); Session session = Session.getSession( new SessionID(sessionID)); session.logout(); debug.message("logout successful."); } } catch (com.iplanet.dpro.session.SessionException sessExp) { if (debug.messageEnabled()) { debug.message("AuthXMLHandler." + "processAuthXMLRequest: SessionException" + " checking validity of SSO Token"); } } catch (com.iplanet.sso.SSOException ssoExp) { if (debug.messageEnabled()) { debug.message("AuthXMLHandler." + "processAuthXMLRequest: SSOException " + "checking validity of SSO Token"); } }*/ authResponse.setLoginStatus(AuthContext.Status.COMPLETED); break; case AuthXMLRequest.Abort: try { authContext.abort(); loginStatus = authContext.getStatus(); authResponse.setLoginStatus(loginStatus); checkACException(authResponse, authContext); } catch (AuthLoginException ale) { debug.error("Error aborting ", ale); setErrorCode(authResponse, ale); } break; } if (messageEnabled) { debug.message("loginStatus: " + loginStatus); if (authContext != null) { debug.message("error Code: " + authContext.getErrorCode()); debug.message("error Template: " + authContext.getErrorTemplate()); } } if (loginStatus == AuthContext.Status.FAILED) { if ((authContext.getErrorMessage() != null) && (authContext .getErrorMessage() .equals( AMResourceBundleCache.getInstance() .getResBundle( "amAuthLDAP", com.sun.identity.shared.locale.Locale.getLocale(loginState.getLocale())) .getString(ISAuthConstants.EXCEED_RETRY_LIMIT)))) { loginState.setErrorCode(AMAuthErrorCode.AUTH_LOGIN_FAILED); } if ((authContext.getErrorCode() != null) && ((authContext.getErrorCode()).length() > 0)) { authResponse.setErrorCode(authContext.getErrorCode()); } checkACException(authResponse, authContext); if ((authContext.getErrorTemplate() != null) && ((authContext.getErrorTemplate()).length() > 0)) { authResponse.setErrorTemplate(authContext.getErrorTemplate()); } // Account Lockout Warning Check if ((authContext.getErrorCode() != null) && (authContext.getErrorCode().equals(AMAuthErrorCode.AUTH_INVALID_PASSWORD))) { String lockWarning = authContext.getLockoutMsg(); if ((lockWarning != null) && (lockWarning.length() > 0)) { authResponse.setErrorMessage(lockWarning); } } } return authResponse; }