/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: SAMLClient.java,v 1.6 2008/08/19 19:11:11 veiming Exp $
*
* Portions Copyrighted 2015 ForgeRock AS.
*/
/**
* The class <code>SAMLClient</code> provides interfaces
* to do Web and POST profile as specified by SAML specification. It
* also provides methods to get Assertions based on Artifacts.
* @supported.api
*/
public class SAMLClient {
/**
* This private method is designed to do the SAML Single-Sign-On.
* It is called internally by doWebArtifact and doWebPOST methods.
* @param request HTTP Servlet Request
* @param response HTTP Servlet Response
* @param target the target URL
* @param service the service name
* @exception IOException if an input or output exception occurs when
* redirecting to service <code>URL</code>
* @exception SAMLException if SAML error occurs during Single-Sign-On.
*/
throws IOException, SAMLException {
}
throw new SAMLException(
}
try {
throw new SAMLException(
}
throw new SAMLException(
}
} catch (SessionException se) {
}
try {
} catch(SystemConfigurationException ue) {
throw new SAMLException(
}
}
/**
* This method is designed to do the SAML web-browser profile with
* Artifact. Once the browser (user) authenticated to OpenAM,
* it can call this method to complete the single sign on to the
* target host and be redirected to the specified target site.
* @param request HTTP Servlet Request
* @param response HTTP Servlet Response
* @param target A String representing the target URL
* @exception IOException if an input or output exception occurs when
* redirecting to service <code>URL</code>
* @exception SAMLException if SAML error occurs during the process
* @supported.api
*/
throws IOException, SAMLException {
}
/**
* This method is designed to do the SAML web-browser POST profile.
* Once the browser (user) authenticated to OpenAM,
* it can call this method
* to complete the single sign on to the target host and be
* redirected to the target site.
* @param request HTTP Servlet Request
* @param response HTTP Servlet Response
* @param target A String representing the target URL
* @exception IOException if an input or output exception occurs when
* redirecting to service <code>URL</code>
* @exception SAMLException if SAML error occurs during the process
* @supported.api
*/
throws IOException, SAMLException {
}
/**
* This method returns the Assertion for the corresponding artifact.
* It sends an <code>ArtifactQuery</code> SAML message to the
* destination identified by the source ID in the artifact and
* returns the Assertion contained in the SAML response message.
*
* @param artifact An <code>AssertionArtifact</code> representing the
* artifact
* @return An Assertion corresponding to the artifact
* @exception IOException if an input or output exception occurs when
* connecting to SAML service <code>URL</code>
* @exception SAMLException if SAML error occurs during the process
* @supported.api
*/
throws IOException, SAMLException {
}
/**
* This method returns the Assertion for the corresponding artifact.
* It sends an <code>ArtifactQuery</code> SAML message to the destination
* identified by the source ID in the artifact and returns the Assertion
* contained in the SAML response message.
*
* @param artifact A String representing the artifact
* @return An Assertion corresponding to the artifact
* @exception IOException if an input or output exception occurs when
* connecting to SAML service <code>URL</code>
* @exception SAMLException if SAML error occurs during the process
* @supported.api
*/
throws IOException, SAMLException {
}
throw new SAMLException(
}
// first, check if the sourceid contained in the artifact has an entry
// in SAML config
// if not, query naming service to get the soap url in case of local
try {
throw new SAMLException(
}
throw new SAMLException(
}
} else {
}
}
} catch (SystemConfigurationException ue) {
throw new SAMLException(
}
if (!setLocalFlag(samlsoap)) {
throw new SAMLException(
}
"check localFlag : " +
}
// if the localFlag is true and the Artifact's source id is
// the same as my site_id, (means SAMLClient and AssertionManager
// in the same JVM, call AssertionManager directly.
":call AssertionManager.getAssertion(" +
"AssertionArtifact)");
}
return assertion;
}
} else {
}
":returned assertion list is null.");
}
return null;
}
}
try {
return null;
}
if (partnerdest != null) {
} else {
" is not on trusted site list.");
}
}
return soapurl;
return null;
}
}
return false;
}
try {
// Preload class SAMLSOAPReceiver since it wouldn't be included
// in the remote sdk. If the class SAMLSOAPReceiver isn't
// presented, we consider it is client application.
}
SAMLServiceManager.localFlag = true;
return true;
}
}
} catch (ClassNotFoundException cnfe) {
cnfe);
}
SAMLServiceManager.localFlag = false;
return true;
} catch (Exception e) {
return false;
}
SAMLServiceManager.localFlag = false;
return true;
}
/**
* This private method takes a SAML request object and returns a SOAPMessage
* wrapped around the request object.
* @param req A SAML request object
* @return a SOAPMessage
* @exception SAMLException
*/
throws SAMLException {
}
try {
} catch (Exception e) {
throw new SAMLException(e.getMessage());
}
}
/**
* This private method is designed to get the URLEndpoint which points to
* the partner's SOAP Receiver service, such as the URLEndpoint of
* SAMLSOAPReceiver servlet in OpenAM context.
* @param destSite A object of
* com.sun.identity.saml.common.SAMLServiceManager.SOAPEntry
* @param to An URLEndpoint object
* @exception IOException if <code>URL</code> is invalid
* @exception SAMLException if SAML error occurs during the process
*/
}
//get authentication type
int idnx = -1;
"Illegal format of input parameter.");
throw new SAMLException(
}
// check if the authentication type matches the protocol specified in
// input parameter "to".
if (SystemConfigurationUtil.isServerMode()) {
"mismatchAuthTypeandProtocol")};
}
throw new SAMLException(
}
if (SystemConfigurationUtil.isServerMode()) {
"mismatchAuthTypeandProtocol")};
}
throw new SAMLException(
}
} else {
if (SystemConfigurationUtil.isServerMode()) {
"wrongAuthType")};
}
throw new SAMLException(
}
// If the authentication type is BASICAUTH or SSLWITHBASICAUTH,
// call ServiceManager to retrieve the partner's user name and password
// which protects the partner's SOAPReceiverURL.
"PartnerSite required basic authentication. But the " +
"user name or password used for authentication is null.");
throw new SAMLException(
}
} else {
urlEndpoint = to;
}
}
if (SystemConfigurationUtil.isServerMode()) {
}
return urlEndpoint;
}
/**
* This private method is designed to get the SAML response object from
* a SOAPMessage string.
* @param xmlString A String representing a string of SOAPMessage
* @return a SAML Response object
* @exception IOException if an input or output exception occurs when
* connecting to SAML service <code>URL</code>
* @exception SAMLException if SAML error occurs during the process
*/
throws IOException, SAMLException {
}
throw new SAMLException (
}
throw new SAMLException(
}
//exam the child element of <SOAP-ENV:Envelope>
if (nodeCount <= 0) {
throw new SAMLException(
}
for (int i = 0; i < nodeCount; i++) {
throw new SAMLException(
}
for (int j = 0; j < cnodeCount; j++) {
"child element of <SOAP-ENV:Body>");
throw new SAMLException(
"missingChildTagName"));
}
throw new SAMLException(
}
break;
} else {
"in SOAPBody");
throw new SAMLException(
"wrongSOAPBody"));
}
}
} // end of for(int j=0; j <cnodeCount; j++)
" SOAP Header");
}
} else {
throw new SAMLException(
}
} // end of if (currentNode.getNodeType() == Node.ELEMENT_NODE)
} // end of for (int i = 0; i < nodeCount; i++)
return samlResp;
}
/**
* This method is designed to get a list of assertion from the
* SAML Response.
* @param samlresponse A SAML Response object
* @param alist a List
* @return a List object representing a list of Assertion
* @exception SAMLException
*/
throws SAMLException {
}
// get a list of SAML assertion
if (SystemConfigurationUtil.isServerMode()) {
}
throw new SAMLException(
}
+ "the number of artifacts in SAML request");
if (SystemConfigurationUtil.isServerMode()) {
"wrongNumberAssertions"),
samlresponse.toString(true, true)};
}
throw new SAMLException(
}
return assertions;
}
/**
* This method is designed to get a list of assertion based on the input
* <code>AssertionArtifact</code>(s).
*
* @param arti An array of String
* @return a List object representing a list of Assertions
* @exception IOException if an input or output exception occurs when
* connecting to SAML service <code>URL</code>
* @exception SAMLException if SAML error occurs during the process
*/
throws IOException, SAMLException {
}
if (SystemConfigurationUtil.isServerMode()) {
arti[0]};
}
// check if all Artifact come from the same source id
}
"have different source id.");
}
throw new SAMLException(
}
if (SystemConfigurationUtil.isServerMode()) {
+ k, arti[k]};
}
}
try {
//Retrieve the soap-receiver-url using the sourceid inside of
//the AssertionArtifact
throw new SAMLException(
}
if (SystemConfigurationUtil.isServerMode()) {
"wrongPartnerSOAPUrl")};
}
throw new SAMLException(
} else {
}
} else {
}
} else {
+ "Failed to locate SOAP-Receiver-URL " +
"using the source id from AssertionArtifact.");
}
throw new SAMLException(
} else {
}
}
if (urlEndpoint == null) {
"createSOAPReceiverURL Error!");
if (SystemConfigurationUtil.isServerMode()) {
"wrongPartnerSOAPUrl")};
}
"wrongPartnerSOAPUrl"));
}
//generate SAML Request
}
}
{
}
// SOAPMessage msg = createSOAPMessage(req);
// Send the message to the provider using the connection.
}
if (SystemConfigurationUtil.isServerMode()) {
"sendingSAMLRequest"), xmlString};
}
// SOAPMessage reply = con.call(msg, urlEndpoint);
inbuf, "UTF-8"));
}
//reply should contain SAML response
if (SystemConfigurationUtil.isServerMode()) {
"noReplyfromSOAPReceiver")};
}
throw new SAMLException(
}
// check the SOAP message for any SOAP related errors
// before passing control to SAML processor
}
if (SystemConfigurationUtil.isServerMode()) {
"repliedSOAPMessage"), xmlString};
}
if (samlresponse == null) {
"No SAML Response contained in SOAPMessage.");
if (SystemConfigurationUtil.isServerMode()) {
"noSAMLResponse")};
}
"noSAMLResponse"));
}
} catch (Exception e) {
throw new SAMLException(e.getMessage());
}
}
// Process saml Response
if (!samlresponse.isSignatureValid()) {
if (SystemConfigurationUtil.isServerMode()) {
"cannotVerifyResponse")};
}
throw new SAMLException(
}
try {
getValue();
int idex=0;
throw new SAMLException(
}
throw new SAMLException(
}
} catch (Exception e) {
if (SystemConfigurationUtil.isServerMode()) {
"errorSAMLStatusCode")};
}
throw new SAMLException(e.getMessage());
}
// retrieve SAML Assertion
return asserts;
}
}