<%-- /* * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved * * The contents of this file are subject to the terms * of the Common Development and Distribution License * (the License). You may not use this file except in * compliance with the License. * * You can obtain a copy of the License at * https://opensso.dev.java.net/public/CDDLv1.0.html or * opensso/legal/CDDLv1.0.txt * See the License for the specific language governing * permission and limitations under the License. * * When distributing Covered Code, include this CDDL * Header Notice in each file and include the License file * at opensso/legal/CDDLv1.0.txt. * If applicable, add the following below the CDDL Header, * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: fedletapplication.aspx,v 1.6 2009/11/12 00:36:50 ggennaro Exp $ */ /* * Portions Copyrighted 2013 ForgeRock Inc. */ --%> <%@ Page Language="C#" MasterPageFile="~/site.master" %> <%@ Import Namespace="System.IO" %> <%@ Import Namespace="System.Xml" %> <%@ Import Namespace="Sun.Identity.Saml2" %> <%@ Import Namespace="Sun.Identity.Saml2.Exceptions" %> <% string errorMessage = null; string errorTrace = null; AuthnResponse authnResponse = null; ServiceProviderUtility serviceProviderUtility = null; try { serviceProviderUtility = (ServiceProviderUtility)Cache["spu"]; if (serviceProviderUtility == null) { serviceProviderUtility = new ServiceProviderUtility(Context); Cache["spu"] = serviceProviderUtility; } authnResponse = serviceProviderUtility.GetAuthnResponse(Context); } catch (Saml2Exception se) { errorMessage = se.Message; errorTrace = se.StackTrace; if (se.InnerException != null) errorTrace += "
" + se.InnerException.StackTrace; } catch (ServiceProviderUtilityException spue) { errorMessage = spue.Message; errorTrace = spue.StackTrace; if (spue.InnerException != null) errorTrace += "
" + spue.InnerException.StackTrace; } %>

Fedlet Single Sign On Results

Once succesfully authenticated by your OpenAM deployment, your browser was redirected to this location with a SAML response. This response can be consumed as follows:

AuthnResponse authnResponse = null; try { ServiceProviderUtility serviceProviderUtility = new ServiceProviderUtility(Context); authnResponse = serviceProviderUtility.GetAuthnResponse(Context); } catch (Saml2Exception se) { // invalid AuthnResponse received } catch (ServiceProviderUtilityException spue) { // issues with deployment (reading metadata) }

<% if (errorMessage != null) { %>

However, an error occured:

<%=Server.HtmlEncode(errorMessage) %>
<%=Server.HtmlEncode(errorTrace) %>

<% } else { %>

Once the AuthnResponse object has been retrieved, you could easily access attributes from the response as demonstrated below:

Method

Returns

Output

authnResponse.XmlDom

System.Xml.XPath.IXPathNavigable

authnResponse.SubjectNameId

System.String

<%=Server.HtmlEncode(authnResponse.SubjectNameId)%>

authnResponse.SessionIndex

System.String

<%=Server.HtmlEncode(authnResponse.SessionIndex)%>

authnResponse.Attributes

System.Collections.Hashtable

<% if (authnResponse.Attributes.Count == 0) { Response.Write("\n"); Response.Write(" \n"); Response.Write("\n"); } else { foreach (string key in authnResponse.Attributes.Keys) { ArrayList values = (ArrayList)authnResponse.Attributes[key]; Response.Write("\n"); Response.Write("\n"); Response.Write("\n"); Response.Write("\n"); } } %>

key	value(s)
No attributes found in the response
" + Server.HtmlEncode(key) + "	\n"); foreach (string value in values) { Response.Write(Server.HtmlEncode(value) + " \n"); } Response.Write("

<% string fedletUrl = Request.Url.AbsoluteUri.Substring(0, Request.Url.AbsoluteUri.LastIndexOf("/") + 1); Hashtable identityProviders = serviceProviderUtility.IdentityProviders; IdentityProvider idp = (IdentityProvider)identityProviders[authnResponse.Issuer]; StringBuilder sloListItems = new StringBuilder(); string sloListItemFormat = "

Run {1} initiated Single Logout using {2} binding

"; if (idp != null) { string idpDeployment = null; string idpMetaAlias = null; foreach (XmlNode node in idp.SingleLogOutServiceLocations) { string location = node.Attributes["Location"].Value; if (location != null) { UriBuilder uri = new UriBuilder(location); if (uri != null) { string[] v = uri.Path.Split('/'); if (v != null && location.Contains("metaAlias") && v.Length > 2) { idpDeployment = uri.Scheme + "://" + uri.Host + (uri.Port > 0 ? ":" + uri.Port : "") + "/" + v[1]; idpMetaAlias = "/" + v[v.Length - 1]; break; } } } } if (!String.IsNullOrEmpty(idpDeployment) && !String.IsNullOrEmpty(idpMetaAlias)) { string idpUrlFormat = "{0}/IDPSloInit?metaAlias={1}&binding={2}&RelayState={3}"; string idpUrl = string.Empty; idpUrl = Server.HtmlEncode(String.Format(idpUrlFormat, idpDeployment, idpMetaAlias, Saml2Constants.HttpRedirectProtocolBinding, fedletUrl)); sloListItems.Append(String.Format(sloListItemFormat, idpUrl, "Identity Provider", "HTTP Redirect")); idpUrl = Server.HtmlEncode(String.Format(idpUrlFormat, idpDeployment, idpMetaAlias, Saml2Constants.HttpPostProtocolBinding, fedletUrl)); sloListItems.Append(String.Format(sloListItemFormat, idpUrl, "Identity Provider", "HTTP POST")); idpUrl = Server.HtmlEncode(String.Format(idpUrlFormat, idpDeployment, idpMetaAlias, Saml2Constants.HttpSoapProtocolBinding, fedletUrl)); sloListItems.Append(String.Format(sloListItemFormat, idpUrl, "Identity Provider", "SOAP")); } } string spUrlFormat = "spinitiatedslo.aspx?idpEntityID={0}&SubjectNameId={1}&SessionIndex={2}&binding={3}&RelayState={4}"; string spUrl = string.Empty; spUrl = Server.HtmlEncode(String.Format(spUrlFormat, idp.EntityId, authnResponse.SubjectNameId, authnResponse.SessionIndex, Saml2Constants.HttpRedirectProtocolBinding, fedletUrl)); sloListItems.Append(String.Format(sloListItemFormat, spUrl, "Fedlet", "HTTP Redirect")); spUrl = Server.HtmlEncode(String.Format(spUrlFormat, idp.EntityId, authnResponse.SubjectNameId, authnResponse.SessionIndex, Saml2Constants.HttpPostProtocolBinding, fedletUrl)); sloListItems.Append(String.Format(sloListItemFormat, spUrl, "Fedlet", "HTTP POST")); spUrl = Server.HtmlEncode(String.Format(spUrlFormat, idp.EntityId, authnResponse.SubjectNameId, authnResponse.SessionIndex, Saml2Constants.HttpSoapProtocolBinding, fedletUrl)); sloListItems.Append(String.Format(sloListItemFormat, spUrl, "Fedlet", "SOAP")); %>

Fedlet Attribute Query

Use this form to perform Attribute Query with <%=idp.EntityId %>:

Subject:
SAML2 Token (Transient)
Attribute 1:
Attribute 2:
Attribute 3:
Profile Name:	will use the Default when no X.509 Subject DN value below is entered
X.509 Subject DN:

Fedlet Single Log Out

Use one of the links below to perform Single Log Out with <%=idp.EntityId %>:

<%=sloListItems.ToString() %> <% } %>

Return to the homepage to try other examples available in this sample application.