8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: AuthContext.java,v 1.10 2009/01/28 05:34:52 ww203982 Exp $
f0e56106ee05e35ce4aa00ba4f47ba1789341ec7Mark de Reeper * Portions Copyrighted 2011-2015 ForgeRock AS.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpackage com.sun.identity.authentication.internal;
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunningtonimport static org.forgerock.openam.ldap.LDAPUtils.isDN;
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunningtonimport static org.forgerock.openam.ldap.LDAPUtils.rdnValueFromDn;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.security.auth.callback.ChoiceCallback;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.security.auth.callback.NameCallback;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.security.auth.callback.PasswordCallback;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.security.auth.callback.TextInputCallback;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.security.auth.callback.TextOutputCallback;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.security.auth.login.LoginException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.internal.server.AuthSPrincipal;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.internal.util.AuthI18n;
a14393818a78c503f7715c393044b33c86e90195Phill Cunningtonimport org.forgerock.i18n.LocalizedIllegalArgumentException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The AuthContext provides the implementation for authenticating users using
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the JAAS technology. It complements <code>LoginContext
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * </code> provided by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * JAAS by supporting organization environments that cannot handle sessions, for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * A typical caller instantiates this class and starts the login process. The
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * caller then obtains an array of <code>Callback</code> objects, which
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * contains the information required by the authentication plug-in module. The
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * caller requests information from the user. On receiving the information from
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the user, the caller submits the same to this class. If more information is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * required, the above process continues until all the information required by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the plug-ins has been supplied. The caller then checks if the user has
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * successfully been authenticated. If successfully authenticated, the caller
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * can then get the <code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Subject</code> for the user; if not successfully
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authenticated, the caller obtains the LoginException.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This login status indicates that the login process
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * has not started yet. Basically, it means that the method
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>startLogin</code> has not been called.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This login status indicates that the login process
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * is in progress. Basically, it means that the <code>startLogin</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * method has been called and that this object is waiting for the user to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * send authentication information.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This login status indicates that the login process
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * has succeeded.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This login status indicates that the login process
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * has failed.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This login status indicates that the user has been
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * successfully logged out.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Protected variables used locally
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected final String authComponentName = "Authentication";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected final static String authKeyName = "authContext";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Debug class
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected final static String authDebugName = "amAuthInternal";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected static Debug authDebug = Debug.getInstance(authDebugName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected static I18n myAuthI18n = AuthI18n.authI18n;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static boolean isEnableHostLookUp = Boolean.valueOf(
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster SystemProperties.get(Constants.ENABLE_HOST_LOOKUP)).booleanValue();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // overall, AuthContext is a "conduit" between the application and the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // login module. the Principal implementation must be agreed upon at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // those two endpoints; AuthContext just passes the Subject that contains
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // the Principal(s).
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Constructor to get an instance of
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>AuthContext</code>. Caller would then use
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>getRequirements()</code> and <code>submitRequirements()</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * to pass the credentials needed for authentication by the plugin modules.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws LoginException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // initialize
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Constructor to get an authenticated instance
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of this class given the <code>java.security.Principal</code> the user
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * would like to be authenticated as, and the <code>password</code> for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param principal
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * name of the user to be authenticated
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param password
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * password for the user
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws LoginException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public AuthContext(Principal principal, char[] password)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Constructor for DPro to provide hostname and port for LDAP
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public AuthContext(Principal principal, char[] password, String hostname,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster this(LoginContext.LDAP_AUTH_URL + hostname + ":" + port, principal,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Constructor to get an instance of this class
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * given the organization name <code>orgName</code> the user would like to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * access, the <code>java.security.Principal
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * </code>the user would like to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * be authenticated as, and the <code>password</code> for the user.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgName
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * name of the user's organization
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param principal
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * name of the user to be authenticated
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param password
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * password for the user
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws LoginException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public AuthContext(String orgName, Principal principal, char[] password)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Make sure principal and password are not null
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster .getString("com.iplanet.auth.invalid-username")));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster .getString("com.iplanet.auth.invalid-password")));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Set the username and password in LoginContext's sharedState
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster loginContext.updateSharedState(principal.getName(), password);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean gotName = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean gotPassword = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("Instantiated AuthContext with parameters "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "organization name: "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster : "principal: ")
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ((password.length == 0) ? "password is empty\n"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster : "password present\n"));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // assume that there are requirements, and they are NameCallback and
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // PasswordCallback. then submit those.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster while (this.hasMoreRequirements()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::init() Has requirements");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (callbacks[i] instanceof PasswordCallback) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster PasswordCallback pc = (PasswordCallback) callbacks[i];
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (callbacks[i] instanceof TextOutputCallback) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "AuthContext::init() Got TextOutputCallback");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (callbacks[i] instanceof TextInputCallback) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "AuthContext::init() Got TextInputCallback");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster } else if (callbacks[i] instanceof ChoiceCallback) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::init() Got ChoiceCallback");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster ChoiceCallback cc = (ChoiceCallback) callbacks[i];
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "AuthContext::init() Got Unknown Callback");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Debug messages
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster if (authDebug.messageEnabled() && gotName && gotPassword) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "AuthContext::init() Got name and password callbacks");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::init() Login status: "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check login status
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Constructor to get an instance of this class given the organization name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>orgName</code> the user would like to access, and the principal's
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>subject</code> the user would like to be authenticated as.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected AuthContext(String orgName, AuthSubject subject)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("Instantiating AuthContext with parameters "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "organization name: "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ((subject == null) ? "subject is null" : "subject: "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // the org + appname, supposedly
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // from offset to i2 should be the orgName
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::init() auth:// "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // get past the "/" after the orgName; look for appName
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // the next check could be for a "?", this is for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // future use where parameters such as
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // "?userid=<userid>&password=<pswd>" could be passed
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // parameters specified; pick off appName first
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // the rest assumes the userid and password
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // parameters as
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // described above. To be implmented
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // subsample = subsample.substring(i2+1);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Only appName was provided, no user name and
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // no appName, just OrgName and "/" at the end
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // means just the orgName was specified
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("local form AuthContext specified; "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster orgname = orgName.substring(offset); // just the org,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // hopefully
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // An alternate form of the <code>orgName</code> is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // "auth://<orgName>/<appName>"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // note that a private form of orgName is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // "local://...". this is for administrative-type
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // configuration information for install commands,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // for example.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Constructor to get an instance of this class
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * given the organization name <code>orgName</code>. The plug-in modules
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * would then query for the user name and related information.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param orgName organization name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws LoginException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public AuthContext(String orgName) throws LoginException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("Instantiated AuthContext with organization name: "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Method to reset this instance of <code>AuthContext</code> object, so
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * that a new login process can be initiated. Authenticates the user to the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * same organization or resource this object was instantiated with. If this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * object was instantiated with a <code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Subject</code>, it will be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::reset() exiting");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Method to reset this instance of <code>AuthContext</code> object, so
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * that a new login process can be initiated for the given
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>Subject</code>. Authenticates the user to the same organization
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * or resource this object was instantiated with.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster protected void reset(AuthSubject subject) throws LoginException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::reset(" + organizationName + ", "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ((subject == null) ? "null" : subject.toString()) + ")");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthLoginThread isAlive = " + loginThread.isAlive());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster contextName = organizationName + "%" + applicationName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster .message("AuthContext::reset:using contextName=" + contextName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster loginContext = new LoginContext(contextName, loginThread);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster loginContext = new LoginContext(contextName, subject, loginThread);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster .message("Successfully reset AuthContext for organization: "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + ((subject == null) ? " with no subject name "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the set of Principals the user has been authenticated as. This
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * can be invoked only after successful authentication. If the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication fails, this will return <code>null</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::getSubject()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Method to start the login process. This method will
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * read the plug-ins configured for the application and initialize them.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws LoginException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void startLogin() throws LoginException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::startLogin() called");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Make sure we are the current state
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::startLogin called "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "when the current login state is" + getLoginStatus());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster .getString("authError-invalidMethod" + getLoginStatus())));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Change the login status
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Initiate the login
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "starting a new thread to run the login process");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("exception starting thread: " + ex);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns true if the login process requires more
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * information from the user to complete the authentication.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return true if the login process requires more information from the user
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * to complete the authentication.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::requiresMoreInformation()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (false);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster return (true);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns an array of <code>Callback</code> objects
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * that must be populated by the user and returned back. These objects are
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * requested by the authentication plug-ins, and these are usually displayed
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * to the user. The user then provides the requested information for it to
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * be authenticated.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return an array of <code>Callback</code> objects that must be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * populated by the user and returned back.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::getInformationRequired()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check the status of LOGIN
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext:getInformationRequired() "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "called when the current login state is: "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Login has completed, could be either success or failure
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Check if information required is present
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // wait for required information to be available
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::getInformationRequired"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "() waiting for Callback array");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster synchronized (loginThread) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::getInformationRequired"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "() returned from waiting for Callback array");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // do nothing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Submits the populated <code>Callback</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * objects to the authentication plug-in modules. Called after
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>getInformationRequired</code> method and obtaining user's
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * response to these requests.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param info
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * array of <code>Callback</code> objects.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public void submitRequiredInformation(Callback[] info) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::submitRequestedInformation()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Set the submitted info & wake up the callback hander thread
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster synchronized (loginThread) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::submitRequestedInformation"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster + "() sending notify to sleeping threads");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Logs the user out.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws LoginException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("Called LoginContext::logout()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns login exception, if any, during the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * authentication process. Typically set when the login fails.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return login exception.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::getLoginException()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the current state of the login process.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Possible states are listed above.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return the current state of the login process.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::getLoginStatus()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Method to set the login status. Used internally and not visible outside
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * this package.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::setLoginStatus()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns the (first) <code>AuthPrincipal</code> in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the <code>Subject</code>. Returns the first <code>Principal</code>,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * if more than one exists.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return the (first) <code>AuthPrincipal</code> in the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>Subject</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::getAuthPrincipal(): " + sop);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Method to get the (first) <code>AuthPrincipal</code> in the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>Subject</code>. Returns the first <code>Principal</code>, if
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * more than one exists.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @deprecated Use getPrincipal() instead
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::getAuthPrincipal()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Method to get the set of <code>AuthPrincipal</code>s in the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>Subject</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("AuthContext::getAuthPrincipals()");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Method to get organization name that was set during
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * construction of this instance.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return organization name; <code>null</code> if it was not initialized
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * during construction of this instance
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
a14393818a78c503f7715c393044b33c86e90195Phill Cunnington organizationName = DN.valueOf(ServiceManager.getBaseDN()).toString().toLowerCase();
a14393818a78c503f7715c393044b33c86e90195Phill Cunnington } catch (LocalizedIllegalArgumentException e) {
a14393818a78c503f7715c393044b33c86e90195Phill Cunnington throw new IllegalStateException("AuthContext.getOrganizationName: Base DN cannot be parsed", e);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Method to get the Single-Sign-On (SSO) Token. This
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * token can be used as the authenticated token.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return single-sign-on token.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @throws InvalidAuthContextException
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster public SSOToken getSSOToken() throws InvalidAuthContextException {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Set Organization
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Set Host name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster InetAddress address = InetAddress.getLocalHost();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("Complete Host : " + address.toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.message("getSSOToken : IP : " + ipAddress);
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington final String strHostName = address.getHostName();
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington authDebug.message("getSSOToken : HOST Name : " + strHostName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Set AuthType
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Set Principal
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Set Universal Identifier
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Get the username
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Since internal auth will be used during install time
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // and during boot strap for users "dsame" and "amadmin"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // the IdType will be hardcoded to User
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster .append(",ou=user,").append(getOrganizationName());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster token.setProperty(Constants.UNIVERSAL_IDENTIFIER,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster // Set AuthLevel
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster token.setProperty("AuthLevel", Integer.toString(0));
bee2440354b4bc8796e1de0b6cbd60e1f68deba0Phill Cunnington //Set ContextId
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster token.setProperty(Constants.AM_CTX_ID, amCtxId);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster authDebug.warning("getSSOToken: setProperty exception : ", e);