<%@ page import="com.iplanet.sso.SSOTokenManager,
<%@ page import="com.sun.identity.common.SystemConfigurationUtil" %>
<%@ page import="com.sun.identity.cot.CircleOfTrustManager" %>
<%@ page import="com.sun.identity.cot.CircleOfTrustDescriptor" %>
<%@ page import="com.sun.identity.federation.accountmgmt.FSAccountManager" %>
<%@ page import="com.sun.identity.federation.meta.IDFFMetaManager" %>
<%@ page import="com.sun.identity.multiprotocol.MultiProtocolUtils" %>
<%@ page import="com.sun.identity.multiprotocol.SingleLogoutManager" %>
<%@ page import="com.sun.identity.saml2.common.AccountUtils" %>
<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
<%@ page import="com.sun.identity.saml2.meta.SAML2MetaManager" %>
<%@ page import="com.sun.identity.wsfederation.meta.WSFederationMetaManager" %>
<%@ page import="java.util.*, java.net.URLEncoder" %>
String deployuri = SystemConfigurationUtil.getProperty(
String UNIVERSAL_IDENTIFIER = "sun.am.UniversalIdentifier";
if ((deployuri == null) || (deployuri.length() == 0)) {
deployuri = "../../..";
String utf8 = "UTF-8";
String REALM = "/";
String SAMPLES_DIR = "samples/multiprotocol/demo";
// Change the value if you want to show a different title in your install
String idpTitle = "Multi-Federation Protocol Identity Provider";
// Change the value if you want to show a different title in your install
String spTitle = "Service Provider";
String SAMPLE_COT_NAME = "samplemultiprotocolcot";
String WSFED_PROTOCOL = "WS-Federation";
boolean iAmIDP = false;
boolean iAmSAML2SP = false;
boolean iAmIDFFSP = false;
boolean iAmWSFedSP = false;
String spProtocol = "";
String saml2SPMetaAlias = null;
String saml2SPEntityID = null;
String idffSPMetaAlias = null;
String idffSPEntityID = null;
String wsfedSPMetaAlias = null;
String wsfedSPEntityID = null;
String saml2IDPMetaAlias = null;
String saml2IDPEntityID = null;
String idffIDPMetaAlias = null;
String idffIDPEntityID = null;
String wsfedIDPMetaAlias = null;
String wsfedIDPEntityID = null;
String thisUrl = request.getRequestURL().toString();
String appBase = thisUrl.substring(0, thisUrl.lastIndexOf("/samples") + 1);
String localLoginUrl = appBase + "UI/Login";
String localLogoutUrl = appBase + "UI/Logout";
String samplesBase = appBase + SAMPLES_DIR + "/";
String myTitle = "";
SSOToken ssoToken = null;
boolean userLoggedIn = false;
String userName = "";
String userLabel = "";
boolean federatedWithPartner = false;
CircleOfTrustManager cotManager = new CircleOfTrustManager();
CircleOfTrustDescriptor cot = null;
try {
cot = cotManager.getCircleOfTrust(REALM, SAMPLE_COT_NAME);
} catch (Exception e) {
// ignore as COT might not be created.
if (cot != null) {
Set saml2Provider = cot.getTrustedProviders(SingleLogoutManager.SAML2);
if ((saml2Provider != null) && !saml2Provider.isEmpty()) {
Iterator it = saml2Provider.iterator();
while (it.hasNext()) {
String entityID = (String) it.next();
SAML2MetaManager mm = SAML2Utils.getSAML2MetaManager();
config3 = mm.getEntityConfig(REALM, entityID);
idpConfig = mm.getIDPSSOConfig(REALM, entityID);
spConfig = mm.getSPSSOConfig(REALM, entityID);
if (config3.isHosted()) {
// hosted provider
if (idpConfig != null) {
iAmIDP = true;
saml2IDPEntityID = config3.getEntityID();
saml2IDPMetaAlias = idpConfig.getMetaAlias();
} else if (spConfig != null) {
iAmSAML2SP = true;
saml2SPEntityID = config3.getEntityID();
saml2SPMetaAlias = spConfig.getMetaAlias();
spProtocol = SAML2_PROTOCOL;
} else {
// remote provider
if (idpConfig != null) {
saml2IDPEntityID = config3.getEntityID();
} else if (spConfig != null) {
saml2SPEntityID = config3.getEntityID();
//idpTitle = saml2IDPEntityID;
Set idffProvider = cot.getTrustedProviders(SingleLogoutManager.IDFF);
if ((idffProvider != null) && !idffProvider.isEmpty()) {
Iterator it = idffProvider.iterator();
while (it.hasNext()) {
String entityID = (String) it.next();
IDFFMetaManager mm = new IDFFMetaManager(null);
config2 = mm.getEntityConfig(REALM, entityID);
idpConfig = mm.getIDPDescriptorConfig(REALM, entityID);
spConfig = mm.getSPDescriptorConfig(REALM, entityID);
if (config2.isHosted()) {
// hosted provider
if (idpConfig != null) {
iAmIDP = true;
idffIDPEntityID = config2.getEntityID();
idffIDPMetaAlias = idpConfig.getMetaAlias();
} else if (spConfig != null) {
iAmIDFFSP = true;
idffSPEntityID = config2.getEntityID();
idffSPMetaAlias = spConfig.getMetaAlias();
spProtocol = IDFF_PROTOCOL;
} else {
// remote provider
if (idpConfig != null) {
idffIDPEntityID = config2.getEntityID();
} else if (spConfig != null) {
idffSPEntityID = config2.getEntityID();
//idpTitle = idffIDPEntityID;
Set wsfedProviders = cot.getTrustedProviders(SingleLogoutManager.WS_FED);
if ((wsfedProviders != null) && !wsfedProviders.isEmpty()) {
Iterator it = wsfedProviders.iterator();
while (it.hasNext()) {
String entityID = (String) it.next();
WSFederationMetaManager wsfedMetaManager = new WSFederationMetaManager();
config3 = wsfedMetaManager.getEntityConfig(REALM, entityID);
idpConfig = wsfedMetaManager.getIDPSSOConfig(REALM, entityID);
spConfig = wsfedMetaManager.getSPSSOConfig(REALM, entityID);
if (config3.isHosted()) {
// hosted provider
if (idpConfig != null) {
iAmIDP = true;
wsfedIDPEntityID = config3.getFederationID();
wsfedIDPMetaAlias = idpConfig.getMetaAlias();
} else if (spConfig != null) {
iAmWSFedSP = true;
wsfedSPEntityID = config3.getFederationID();
wsfedSPMetaAlias = spConfig.getMetaAlias();
spProtocol = WSFED_PROTOCOL;
} else {
// remote provider
if (idpConfig != null) {
wsfedIDPEntityID = config3.getFederationID();
} else if (spConfig != null) {
wsfedSPEntityID = config3.getFederationID();
if(!iAmIDP && !iAmSAML2SP && !iAmIDFFSP && !iAmWSFedSP) {
"No Hosted Service or Identity Provider configured for this instance."
+ "<br/>Please configure the sample first.");
if (iAmIDP) {
myTitle = idpTitle;
} else {
myTitle = spProtocol + " " + spTitle;
try {
SSOTokenManager tokenManager = SSOTokenManager.getInstance();
ssoToken = tokenManager.createSSOToken(request);
if ((ssoToken != null) && tokenManager.isValidToken(ssoToken)) {
userLoggedIn = true;
userName = ssoToken.getProperty(UNIVERSAL_IDENTIFIER);
userLabel = userName;
int j = userName.indexOf("=");
int k = userName.indexOf(",");
if ((j > 0) && (k > j)) {
userLabel = userName.substring(j+1,k).trim();
userLabel = userLabel.substring(0,1).toUpperCase()
+ ((userLabel.length() > 0)
? userLabel.substring(1, userLabel.length())
: "");
} catch (SSOException e) {
if (userLoggedIn) {
if (iAmSAML2SP) {
federatedWithPartner = (AccountUtils.getAccountFederation(userName,
saml2SPEntityID, saml2IDPEntityID) == null) ? false : true;
} else if (iAmIDFFSP) {
FSAccountManager manager =
federatedWithPartner = (manager.readAccountFedInfo(userName,
idffIDPEntityID) == null) ? false : true;
} else if (iAmWSFedSP) {
// no persistent federation for WS-Federation
federatedWithPartner = false;
<title>Multi-Federation Protocol Demo</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" type="text/css" href="<%= deployuri %>/com_sun_web_ui/css/css_ns6up.css" />
<%@ include file="header.jspf" %>
&lt; <a href="Readme.html">Multi-Federation Protocol Sample Page</a>
<h3><center><%= myTitle%> <p>Welcome <%= userLoggedIn ? " " + userLabel : ""%> to the Demo.</center></h3>
<table cellpadding="2" cellspacing="2" border="0" width="100%">
<td valign="top" align="left">
<% if (cot == null) { %>
This instance is not configured, please start sample configuration from a Service Provider.
<% } else {
String status = request.getParameter("logoutStatus");
if ((status != null) && status.equals("logoutSuccess")) {
<b>Single Logout succeeded.</b><br><p>
} else if ((status != null) && !status.equals("")) {
<b><font color="red">Single Logout failed.</font><br><p>
if (iAmIDP) { %>
Followings are the tasks that can be performed on the multi-federation protocol Identity Provider:
<% } else { %>
Followings are the tasks that can be performed on the <%= spProtocol %> Service Provider:
<% } %>
<td valign="top" align="left"> </td>
<!-- Login/Logout prompt -->
<td valign="top" align="left">
<% if(!userLoggedIn) { %> <!-- user not logged in -->
<% if(iAmIDP) { %> <!-- not logged in, i am idp -->
<a href="<%= localLoginUrl %>?goto=<%= thisUrl %>">Login</a>
<% } else { // not logged in, I am sp
if (spProtocol.equals(SAML2_PROTOCOL)) { %>
<a href="<%= appBase %>spssoinit?metaAlias=<%= saml2SPMetaAlias %>&idpEntityID=<%= saml2IDPEntityID %>&<%= SAML2Constants.BINDING %>=HTTP-Artifact&RelayState=<%= thisUrl %>">
Login, provided by <%= spProtocol %> Identity Provider (<%= idpTitle%>)</a>
<% } else if (spProtocol.equals(IDFF_PROTOCOL)) { %>
<a href="<%= localLoginUrl %>?goto=<%= thisUrl %>">Local Login</a>
<a href="<%= appBase %>preLogin?metaAlias=<%= idffSPMetaAlias %>&goto=<%= thisUrl %>">
Login, provided by <%= spProtocol %> Identity Provider (<%= idpTitle%>)</a>
<% } else if (spProtocol.equals(WSFED_PROTOCOL)) { %>
<a href="<%= appBase %>WSFederationServlet/metaAlias<%= wsfedSPMetaAlias %>?goto=<%= thisUrl %>">
Login provided by <%= spProtocol %> Identity Provider (<%= idpTitle%>)</a>
<% } else { // should not come here %>
Sample not configured, please start configuration from a Service Provider.
<% }
} %>
<% } else { %> <!-- user logged in -->
<% if (iAmIDP) { %> <!-- logged in, i am idp -->
<% boolean localLogout = true; %>
<% if ((saml2SPEntityID != null) && MultiProtocolUtils.usedInProtocol(request, SingleLogoutManager.SAML2)) { %> <!-- SAML2 protocol configured -->
<a href="<%= appBase %>IDPSloInit?<%= SAML2Constants.BINDING %>=<%= SAML2Constants.HTTP_REDIRECT %>&RelayState=<%= thisUrl %>">
Logout initiated using SAMLv2 protocol. </a>
<% localLogout = false;
} %>
<% if ((idffSPEntityID != null) && MultiProtocolUtils.usedInProtocol(request, SingleLogoutManager.IDFF)) { %> <!-- SAML2 protocol configured -->
<a href="<%= appBase %>liberty-logout?metaAlias=<%= idffIDPMetaAlias %>&RelayState=<%= thisUrl %>">
Logout initiated using ID-FF protocol. </a>
<% localLogout = false;
} %>
<% if (localLogout) { %>
<a href="<%= localLogoutUrl %>?goto=<%= thisUrl %>">Logout</a>
<% } %>
<% if ((wsfedSPEntityID != null) && MultiProtocolUtils.usedInProtocol(request, SingleLogoutManager.WS_FED)) { %> <!-- WS-Fed protocol configured -->
<a href="<%= appBase %>WSFederationServlet/metaAlias<%= wsfedIDPMetaAlias %>?wa=wsignout1.0&wreply=<%= thisUrl %>">
Logout initiated using WS-Federation protocol. </a>
<% localLogout = false;
} %>
<% } else { // I am login, I am SP
if (spProtocol.equals(SAML2_PROTOCOL)) { %>
<a href="<%= appBase %>SPSloInit?idpEntityID=<%= saml2IDPEntityID %>&<%= SAML2Constants.BINDING %>=<%= SAML2Constants.HTTP_REDIRECT %>&RelayState=<%= thisUrl %>">
<% } else if (spProtocol.equals(IDFF_PROTOCOL)) { %>
<% if (federatedWithPartner) { %>
<a href="<%= appBase %>liberty-logout?metaAlias=<%= idffSPMetaAlias %>&goto=<%= thisUrl %>">
Logout </a>
<% } else {
String relayState = URLEncoder.encode(appBase + "config/federation/default/FederationDone.jsp?metaAlias=" + idffSPMetaAlias);
<a href="<%= appBase %>federation?metaAlias=<%= idffSPMetaAlias %>&selectedprovider=<%= idffIDPEntityID %>&RelayState=<%= relayState %>">
Federate with <%= spProtocol %> Identity Provider (<%= idpTitle%>)</a>
<% } %>
<% } else if (spProtocol.equals(WSFED_PROTOCOL)) { %>
<a href="<%= appBase %>WSFederationServlet/metaAlias<%= wsfedSPMetaAlias %>?wa=wsignout1.0&wreply=<%= thisUrl %>">
<% } else { // should not come here %>
Sample not configured, please start configuration from a Service Provider.
<% }
} %>
<% } %>
<% } %>