<%-- /* * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved * * The contents of this file are subject to the terms * of the Common Development and Distribution License * (the License). You may not use this file except in * compliance with the License. * * You can obtain a copy of the License at * https://opensso.dev.java.net/public/CDDLv1.0.html or * opensso/legal/CDDLv1.0.txt * See the License for the specific language governing * permission and limitations under the License. * * When distributing Covered Code, include this CDDL * Header Notice in each file and include the License file * at opensso/legal/CDDLv1.0.txt. * If applicable, add the following below the CDDL Header, * with the fields enclosed by brackets [] replaced by * your own identifying information: * "Portions Copyrighted [year] [name of copyright owner]" * * $Id: spinitiatedsso.aspx,v 1.2 2010/01/26 01:20:14 ggennaro Exp $ */ --%> <%@ Page Language="C#" Debug="true" %> <%@ Import Namespace="System.IO" %> <%@ Import Namespace="System.Net" %> <%@ Import Namespace="System.Xml" %> <%@ Import Namespace="Sun.Identity.Saml2" %> <%@ Import Namespace="Sun.Identity.Saml2.Exceptions" %> <% /* * Following are the list of supported query parameters: * * Query Parameter Description * --------------- ----------- * AllowCreate Value indicates if IDP is allowed to created a new * identifier for the principal if it does not exist. * Value of this parameter can be true OR false. * True - IDP can dynamically create user. * * AssertionConsumerServiceIndex * An integer number indicating the location to which * the Response message should be returned to the * requester. * * AuthComparison The comparison method used to evaluate the requested * context classes or statements. Allowed values are: * exact * minimum * maximum * better * * AuthLevel The Authentication Level of the Authentication * Context to use for Authentication. * * AuthnContextClassRef * Specifies the AuthnContext Class References. The * value is a pipe separated value with multiple * references. * * AuthnContextDeclRef * Specifies the AuthnContext Declaration Reference. * The value is a pipe separated value with multiple * references. * * Binding URI value that identifies a SAML protocol binding * to used when returning the Response message. The * supported values are: * HTTP-Artifact * HTTP-POST (default) * * Consent Specifies a URI a SAML defined identifier known as * Consent Identifiers. These are defined in the SAML2 * Assertions and Protocols Document. * * Destination A URI Reference indicating the address to which the * request has been sent. * * ForceAuthN True or false value indicating if IDP must force * authentication OR false if IDP can rely on reusing * existing security contexts. Default is false. * True - force authentication * * idpEntityID Identifier for Identity Provider. If unspecified, * first available remote IDP is used. * * IsPassive True or false value indicating whether the IDP * should authenticate passively. Default is false. * * RelayState Destination URL to redirect the browser after successful * login. * * ReqBinding URI value that identifies a SAML protocol binding to * used when sending the AuthnRequest. The supported * values are: * urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect * urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST * HTTP-Redirect is the default. * */ ServiceProviderUtility serviceProviderUtility = (ServiceProviderUtility)Cache["spu"]; if (serviceProviderUtility == null) { serviceProviderUtility = new ServiceProviderUtility(Context); Cache["spu"] = serviceProviderUtility; } // Store parameters for initializing SSO NameValueCollection parameters = Saml2Utils.GetRequestParameters(Request); string idpEntityId = parameters["idpEntityId"]; // If the IDP entity ID not specified, discover it. if (String.IsNullOrEmpty(idpEntityId)) { // Determine if the IDP has already been discovered... idpEntityId = IdentityProviderDiscoveryUtils.GetPreferredIdentityProvider(Request); if (idpEntityId == null) { // Discover the IDP by redirecting to the reader service. IdentityProviderDiscoveryUtils.StoreRequestParameters(Context); Uri readerServiceUrl = IdentityProviderDiscoveryUtils.GetReaderServiceUrl(serviceProviderUtility, Context); if (readerServiceUrl != null) { IdentityProviderDiscoveryUtils.RedirectToReaderService(readerServiceUrl, Context); return; } } // Retrieve all previously stored parameters and reset the discovery // process if we've exhausted all reader services... parameters = IdentityProviderDiscoveryUtils.RetrieveRequestParameters(Context); IdentityProviderDiscoveryUtils.ResetDiscovery(Context); } // If the IDP entity ID is still null, use the first one configured if (idpEntityId == null) { IEnumerator idps = serviceProviderUtility.IdentityProviders.Keys.GetEnumerator(); if (idps.MoveNext()) { idpEntityId = (string) idps.Current; } } // If the binding is null, use POST. if (String.IsNullOrEmpty(parameters[Saml2Constants.Binding])) { parameters[Saml2Constants.Binding] = Saml2Constants.HttpPostProtocolBinding; } try { // Check for required parameters... if (idpEntityId == null) { throw new ServiceProviderUtilityException("IDP Entity ID not specified nor discovered."); } // Perform SP initiated SSO serviceProviderUtility.SendAuthnRequest(Context, idpEntityId, parameters); } catch (Saml2Exception se) { Response.StatusCode = 400; Response.StatusDescription = se.Message; Response.End(); } catch (ServiceProviderUtilityException spue) { Response.StatusCode = 400; Response.StatusDescription = spue.Message; Response.End(); } %>