Federation.java revision 4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1c
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * The contents of this file are subject to the terms
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * of the Common Development and Distribution License
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * (the License). You may not use this file except in
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * compliance with the License.
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * You can obtain a copy of the License at
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * https://opensso.dev.java.net/public/CDDLv1.0.html or
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * See the License for the specific language governing
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * permission and limitations under the License.
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * When distributing Covered Code, include this CDDL
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * Header Notice in each file and include the License file
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * If applicable, add the following below the CDDL Header,
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * with the fields enclosed by brackets [] replaced by
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * your own identifying information:
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * "Portions Copyrighted [year] [name of copyright owner]"
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * $Id: Federation.java,v 1.3 2009/01/28 05:35:10 ww203982 Exp $
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkpackage com.sun.identity.authentication.modules.federation;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport com.sun.identity.shared.datastruct.CollectionHelper;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport com.sun.identity.authentication.spi.AMLoginModule;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport com.sun.identity.authentication.spi.AuthLoginException;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport com.sun.identity.authentication.util.ISAuthConstants;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport com.sun.identity.plugin.session.SessionProvider;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport com.sun.identity.plugin.session.impl.FMSessionProvider;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport javax.security.auth.callback.CallbackHandler;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport javax.security.auth.callback.NameCallback;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenkimport javax.security.auth.callback.UnsupportedCallbackException;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk// import com.sun.identity.shared.ldap.util.DN;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk private static final String fmAuthFederation = "fmAuthFederation";
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk private static Debug debug = Debug.getInstance(fmAuthFederation);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk static private String AUTH_LEVEL = ISAuthConstants.AUTH_ATTR_PREFIX_NEW +
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk "FederationAuthLevel";
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * Constructor
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * Initialize parameters.
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk public void init(Subject subject, Map sharedState, Map options) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk bundle = amCache.getResBundle(fmAuthFederation, locale);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk "fmAuthFederation Authentication resource bundle locale="+
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk String authLevelStr = CollectionHelper.getMapAttr(
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk } catch (Exception e) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * Process the authentication request.
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * @return ISAuthConstants.LOGIN_SUCCEED as succeeded;
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * ISAuthConstants.LOGIN_IGNORE as failed.
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * @exception AuthLoginException upon any failure. login state should be
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * kept on exceptions for status check in auth chaining.
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk public int process(Callback[] callbacks, int state)
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk cbs[0] = new NameCallback(FMSessionProvider.RANDOM_SECRET);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk cbs[1] = new NameCallback(SessionProvider.PRINCIPAL_NAME);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk cbs[2] = new NameCallback(SessionProvider.AUTH_LEVEL);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk randomSecret = ((NameCallback)cbs[0]).getName();
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk principalName = ((NameCallback)cbs[1]).getName();
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk throw new AuthLoginException(fmAuthFederation, "IllegalArgs", null);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk throw new AuthLoginException(fmAuthFederation, "UnsupportedCallback",
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk if (!FMSessionProvider.matchSecret(randomSecret)) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk throw new AuthLoginException(fmAuthFederation, "NoMatchingSecret",
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk // TBD: This piece may or may not be needed
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk DN dnObject = new DN(userName);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk String [] array = dnObject.explodeDN(true);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk userName = array[0];
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk if (authLevel != null && authLevel.length() != 0) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk } catch (Exception e) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * Returns principal of the authenticated user.
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * @return Principal of the authenticated user.
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk if (userPrincipal == null && userName != null) {
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk userPrincipal = new FederationPrincipal(userName);
dbcf55756e293292dfbfbb75fe317dd094b0585fjeff.schenk * Clean up the login state.