/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: FSSOAPReceiver.java,v 1.7 2008/06/25 05:46:56 qcheng Exp $
*
*/
/**
* <code>SOAP</code> endpoint that handles federation <code>SOAP</code>
* request.
*/
/**
* Initializes the servlet.
* @param config <code>ServletConfig</code> object
* @exception ServletException if error occurrs
*/
// initializing the msgFactory field with a default
// MessageFactory object.
try {
// Initialize it to the default.
} catch (SOAPException ex) {
, ex);
}
}
/**
* Default constructor.
*/
public FSSOAPReceiver() {
}
/**
* Handles post request.
* @param request http request object
* @param response http response object
* @exception ServletException, IOException if error occurrs.
*/
{
try {
return;
} catch (SOAPException se) {
throw new ServletException(se);
}
}
/**
* Process the request.
* @param request http request object
* @param response http response object
* @param message received soap message
*/
{
try {
+ "Error in processing saml:Request. Invalid SOAPMessage");
response);
return;
}
+ " localName: " + nodeName);
}
//check for saml:Request
{
try {
if (metaManager == null) {
+ "could not create meta instance");
response);
return;
}
if (samlResponse != null) {
+ "SAML Response created: "
+ samlResponse.toXMLString());
}
} else {
+ "SAML Response is null");
response);
return;
}
// introduce id attribute for Assertion bind in
// SOAPEnvelope and sign
toXMLString(true, true));
if (FSServiceUtils.isSigningOn()) {
"SOAPReceiver.onMessage: couldn't " +
"obtain this site's cert alias.");
}
throw new SAMLResponderException(
"cannotFindCertAlias"));
}
if (minorVersion ==
{
doc,
id,
false);
} else if (minorVersion ==
||
minorVersion ==
{
doc,
false);
} else {
}
}
}
if (retMessage == null) {
+ "Error in processing saml:Request");
response);
return;
}
} catch(SAMLException se){
+ "Error in processing saml:Request:" , se);
response);
return;
} catch (IDFFMetaException me) {
+ "Error in processing saml:Request:" , me);
response);
return;
}
return;
{
try {
retMessage = null;
} catch(FSException e){
+ "Error in processing lecp AuthnRequest:", e);
response);
return;
}
return;
} else if(
{
boolean isError = false;
try {
+ "Handling NameRegistrationRequest");
}
if (metaManager == null) {
isError = true;
} else {
{
+ "Hosted Provider. Cannot process request");
}
isError = true;
}
try {
if (hostedRole != null &&
{
} else if (hostedRole != null &&
{
}
if (hostedProviderDesc == null) {
}
} catch(IDFFMetaException eam) {
"Unable to find Hosted Provider. "
+ "Cannot process request");
isError = true;
}
}
return;
} else {
if (regisResponse == null) {
"Error in creating NameRegistration Response");
} else {
"FSSOAPReceiver.onMessage: "
+ "Completed creating response");
}
regisResponse.toXMLString(true, true));
"Completed bind message");
if (retMessage == null) {
"Error in processing NameRegistration " +
"Response");
} else {
if (FSServiceUtils.isSigningOn()) {
try {
int minorVersion =
if (minorVersion == IFSConstants.
{
} else if(minorVersion == IFSConstants.
{
} else {
"invalid minor version.");
}
}
} catch(SAMLException e) {
"FSNameRegistrationHandler:" +
"sign soap Response failed",
e);
"Server",
"cannotProcessRequest",
null),
response);
return;
} catch(FSMsgException e){
"FSNameRegistrationHandler::" +
"signRegistrationResponse failed",
e);
"Server",
"cannotProcessRequest",
null),
response);
return;
}
}
}
}
}
bop = new ByteArrayOutputStream();
}
}
return;
"Error in processing Name Registration request"
+ se.getMessage());
}
} else if(
{
"FSSOAPReceiver:handling Name Identifier Mapping Request");
if (FSServiceUtils.isSigningOn()) {
//hostedProviderDesc.getProviderRole(),
realm);
if (remoteDesc == null) {
return;
}
remoteDesc, remoteEntityId, true)))
{
"FSSOAPReceiver: Success in verifying "
+ "Name Identifier Mapping Request");
}
} else {
"Failed verifying Name Identifier Mapping Request");
response);
return;
}
}
false);
if (enableEncryption != null &&
{
}
if (FSServiceUtils.isSigningOn()) {
}
return;
} else if(nodeName.equalsIgnoreCase(
"FederationTerminationNotification") &&
{
try {
"calling FSSOAPReceiver::handleTerminationRequest");
boolean bHandleStatus = handleTerminationRequest(
if (bHandleStatus) {
"Completed processing terminationRequest");
return;
} else {
"Failed processing terminationRequest");
response);
return;
}
"Error in processing Federation Termination Request",
se);
data);
response);
return;
}
{
try {
"calling FSSOAPReceiver::handleLogoutRequest");
try {
if (hostedRole != null) {
} else if (hostedRole.equalsIgnoreCase(
{
}
}
} catch (Exception e){
}
new FSLogoutNotification(elt);
boolean statusSuccess = false;
} else {
} else {
statusSuccess = true;
}
}
resp.toXMLString(true, true));
if (hostedRole != null &&
{
try {
} catch (Exception e) {
// ignore adapter exception
}
}
}
if (FSServiceUtils.isSigningOn()){
try{
if (minorVersion ==
{
} else if (minorVersion ==
{
} else {
}
} catch(SAMLException e){
e);
}
response);
return;
} catch(FSMsgException e){
e);
}
response);
return;
} catch (Exception e) {
}
}
}
return;
"Error in processing logout Request",se);
data);
response);
return;
}
}
//check for other Liberty msgs should go here
} catch(Exception e) {
+ "Error in processing Request: Exception occured: ", e);
response);
return;
}
response);
return;
}
{
try {
if (metaManager == null) {
return null;
}
} else {
}
return remoteDesc;
} catch (IDFFMetaException eam) {
"Unable to find Hosted Provider.Cannot process request:", eam);
return null;
}
}
{
try {
new FSNameRegistrationRequest(elt);
boolean isIDP = false;
isIDP = true;
}
realm);
if (remoteDesc == null) {
return null;
}
if (!FSServiceUtils.isSigningOn() ||
{
"Registration Signature successfully passed");
{
if (instService != null) {
new FSNameRegistrationHandler();
return regisResponse;
} else {
"FSServiceManager instance is null. "
+ "Cannot process registration request");
}
return null;
}
}
return null;
} else {
"Registration Signature failed verification");
return null;
}
"FSNameRegistrationHandler.doPost.doGet:Exception occured ",
se );
return null;
}
}
private boolean handleTerminationRequest(
{
try {
+ "Cannot process the termination request");
return false;
}
if (metaManager == null) {
return false;
}
try {
if (hostedRole == null) {
return false;
}
if (hostedProviderDesc == null) {
return false;
}
if (remoteDesc == null) {
return false;
}
} catch(IDFFMetaException eam) {
"Unable to find Hosted Provider. Cannot process request:",
eam);
return false;
}
remoteDesc, remoteEntityId, true);
if (!FSServiceUtils.isSigningOn() ||
{
"Termination Signature successfully verified");
{
if (instService != null) {
if (terminationHandler != null) {
boolean bProcessStatus = terminationHandler.
return bProcessStatus;
} else {
"Unable to get Termination Handler");
return false;
}
} else {
"FSServiceManager instance is null. "
+ "Cannot process termination request");
}
return false;
}
}
return false;
} else {
"Termination Signature failed verification");
return false;
}
"FSSOAPService::handleTerminationRequest failed ", se);
return false;
}
}
/**
* Initiates the processing of the logout request received from a remote
* trusted provider.
* @param elt containing the logout request in the XML message
* @param logoutRequest logout notification
* @param msgLogout logout message
* @param request http request object
* @param response http response object
* @param hostedProviderDesc hosted provider meta descriptor
* @param hostedConfig hosted provider's extended meta
* @param providerAlias hosted provider's meta alias
* @param realm The realm under which the entity resides.
* @param hostedEntityId hosted provider's entity ID
* @param hostedRole hosted provider's role
* @return null if error in processing, or Map containing two
* keys, MESSAGE for SOAPMessage object and USERID for userID string
*/
{
try {
if (remoteDesc == null) {
return null;
}
boolean isIDP = false;
isIDP = true;
}
if (!FSServiceUtils.isSigningOn() ||
{
"Hosted Provider Cannot process logout request");
return null;
}
+ "Completed forming request FSLogoutNotification");
}
{
"FSSOAPReceiver:handleLogoutRequest"
+ " found user Id = " + userID);
}
if (hostedRole != null &&
{
}
try {
} catch (Exception e){
// ignore adapter process error
}
}
}
// TODO : change to use FSLogoutUtil.liveConnectionsExist
// Need to get the list of servers from the
// platform list and make a call to each of them
//to do the cleanup
"FSSOAPReceiver:handleLogoutRequest: User "+
"does not exist locally. Finding remotely");
}
try {
} catch (SystemConfigurationException se) {
"FSSOAPReceiver:handleLogoutRequest: " +
"Couldn't find remote server:", se);
}
}
if (platformList == null) {
"FSSOAPReceiver:handleLogoutRequest"
+ "platformList is null");
}
return null;
}
new StringBuffer(remoteServerURL);
"com.iplanet.am.services." +
"deploymentDescriptor"));
"FSSOAPReceiver:handleLogoutRequest"
+ "remoteServerURL = "
+ " and self serverUrl ="
+ FSServiceUtils.getBaseURL());
}
if ((FSServiceUtils.getBaseURL()).
{
continue;
}
"FSSOAPReceiver:handleLogoutRequest"
+ "user found here ="
+ remoteServerURL);
}
.append(
"com.iplanet.am.services." +
"deploymentDescriptor"))
.append(
.append("/")
try {
"Forward logout request to "
}
if (retSOAPMessage != null) {
}
return map;
} else {
return null;
}
} catch(SOAPException e){
"FSSOAPException in doSOAPProfile"
+ " Cannot send request", e );
return null;
}
} else {
return null;
}
}
}
}
if (instService != null) {
if (logoutHandler != null) {
if (bProcessStatus.getStatus().
{
if (successSOAP != null) {
}
return map;
} else {
return null;
}
} else if (bProcessStatus.getStatus().
{
if (retSOAPMessage != null) {
}
return map;
} else {
return null;
}
} else {
return null;
}
} else {
"Unable to get PreLogoutHandler");
return null;
}
} else {
+ "null. Cannot process logout request");
return null;
}
}
return null;
} else {
return null;
}
return null;
}
}
private void handleLECPRequest(
) {
try {
// handle sso
"FSSSOAndFedService.onMessage: Exception occured ", se);
return;
}
}
/**
* Verifies the signature on the request received from a remote trusted
* provider.
* @param elt containing the logout request in the XML message
* @param msg request soap message
* @param cert Certificate to be used in verifying the signature.
* @return boolean <code>true</code> if signature verfication successful;
* otherwise return <code>false.
*/
protected boolean verifyRequestSignature(
{
try {
": couldn't obtain this site's cert.");
throw new SAMLResponderException(
}
+ "Provider's cert is found. "
}
} catch(Exception e){
" Exception occured while verifying signature:", e);
return false;
}
}
/**
* Signs SOAP Response before sending it to the provider.
* @param msg the response message to be sent to provider
* @param idAttrName name of the id attribute to be signed
* @param id the value of the id attributer to be signed
* @param hostedConfig hosted provider's extended meta
* @return SOAPMessage the signed response message
* @exception SAMLException, FSMsgException if error occurrs
*/
throws SAMLException, FSMsgException
{
+ " couldn't obtain this site's cert alias.");
}
throw new SAMLResponderException(
}
"signResponse::Provider's certAlias is found: " +
}
doc,
id,
false,
xpath);
}
private void returnSOAPMessage(
{
try {
return;
} else {
return;
}
} catch(Exception e) {
"FSSOAPReceiver.returnSOAPMessage: Exception::", e);
return;
}
}
/**
* Federation termination must send 204 status when it succeeds.
*/
try {
return;
} catch(Exception e) {
"FSSOAPReceiver.returnFedTerminationStatus: Exception::", e);
}
}
try {
synchronized(sessionMgr) {
if (sessionList == null) {
"SOAPReceiver:isUserExists:List is empty");
return false;
} else {
"SOAPReceiver:isUserExists: List is not empty. "
+ "User found: " + userDN);
}
return true;
}
}
} catch(Exception e) {
}
return false;
}
}
try {
u.getPath());
"AssertionManager.getFullServiceURL:full remote URL is: " +
result);
}
} catch (Exception e) {
"AssertionManager.getFullServiceURL:Exception:", e);
}
}
return result;
}
}