a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: FSLoginHelper.java,v 1.5 2008/06/25 05:46:54 qcheng Exp $
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * Portions Copyrighted 2015 ForgeRock AS.
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport com.sun.identity.cot.CircleOfTrustDescriptor;
449854c2a07b50ea64d9d6a8b03d18d4afeeee43Ken Stubbingsimport com.sun.identity.cot.CircleOfTrustManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FSUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.IFSConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.jaxb.entityconfig.BaseConfigType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSAuthnRequest;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSAuthnRequestEnvelope;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSIDPList;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.common.IDPEntries;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.common.IDPEntry;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.common.RequestAuthnContext;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.util.FSServiceUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.encode.URLEncDec;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Helper class for handling login process at Service Provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static String headerKey = IFSConstants.HEADER_KEY;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static String responseDataKey = IFSConstants.RESPONSE_DATA_KEY;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static String URLKey = IFSConstants.URL_KEY;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static String authnReqIDKey = IFSConstants.AUTH_REQUEST_ID;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static String providerIDKey = IFSConstants.PROVIDER_ID_KEY;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private SPDescriptorType hostDescriptor = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static IDFFMetaManager metaManager =null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Creates a new <code>FSLoginHelper</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request HTTP Servlet request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public FSLoginHelper(HttpServletRequest request) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster amserverURI = FSServiceUtils.getBaseURL(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster interSiteURL = amserverURI + "/" + IFSConstants.INTERSITE_URL;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLoginHepler::Constructor called. Setting "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLoginHepler::isPassive query param"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((passiveQuery != null) && (passiveQuery.equals("true") )) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (actionOnNoFedCookie == null || actionOnNoFedCookie.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster anonymousOnetime = request.getParameter(IFSConstants.ANONYMOUS_ONETIME);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void setMetaInfo(String metaAlias, String authLevel)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostEntityID = metaManager.getEntityIDByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostConfig = metaManager.getSPDescriptorConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSLoginHelper::setMetaInfo "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "could not get meta manager handle "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Cannot proceed so throwing error page");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper:: could not get meta manager handle.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSLoginHelper::setMetaInfo "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "getHostedProviderByMetaAlias retured null. "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Cannot proceed so throwing error page");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSLoginHelperException("FSLoginHelper:: could not get"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " host provider Descriptor handle.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster nameIDPolicy = IDFFMetaUtils.getFirstAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster cotList = IDFFMetaUtils.getAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster forceAuthn = IDFFMetaUtils.getBooleanAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster isPassive = IDFFMetaUtils.getBooleanAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaUtils.getFirstAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostConfig, IFSConstants.SUPPORTED_SSO_PROFILE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaUtils.getFirstAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper()::authLevel not null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map spAuthInfoMap = FSServiceUtils.getSPAuthContextInfo(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (FSSPAuthenticationContextInfo)mapEntry.getValue();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster int authLevelInt = Integer.parseInt(authLevel);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (tmpObj.getAuthenticationLevel() == authLevelInt){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper()::Found auth context "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLoginHelper()::respondWithString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLoginHelper()::providerID: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLoginHelper()::forceAuthn: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLoginHelper()::isPassive: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSLoginHelper:setMetaInfo failed"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "host extended meta is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper::could not get host meta config.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSLoginHelper::setMetaInfo "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper::IDFFMetaException:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSLoginHelper::setMetaInfo "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper::Exception:" + exp.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns a Map of headers,lrurl/responsedata.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param headers Map of headers
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param LRURL relay state url
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authLevel authentication level
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias meta alias of hosted provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param remoteEntityID remote provider's entity ID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param isFedCookiePresent if fed cookie present or not
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Map of headers and lrurl/responedata
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception FSLoginHelperException if error occurrs
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLoginHelper.createAuthnRequest(): called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authnRequest = getAuthnReq(headers, LRURL, true);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authnRequest = getAuthnReq(headers, LRURL, false);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper.createAuthnRequest()::AuthnRequest is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + URLEncDec.encode("Unable to create AuthnRequest") + "&"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Please check your Federation Configuration.") ;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return createMap(redirectURL, null, retHeaderMap);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String requestID = authnRequest.getRequestID();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper.createAuthnRequest()::RequestID: " + requestID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSessionManager sessMngr = FSSessionManager.getInstance(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessMngr.setAuthnRequest(requestID, authnRequest);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessMngr.setIDPEntityID(requestID, remoteEntityID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //check if dontgotothird level domain flag is off is yes
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //if yes then get one provider and and send to intersiteurl
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //else send to third level domain for provider id
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //also check if there is a single idp if yes go to intersite transfer
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //with providerid
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean isSingleIDP = true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean isSSO = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //*****************
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper.createAuthnRequest():LECP Request Identified" );
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "content-type", IFSConstants.LECP_CONTENT_TYPE_HEADER);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSAuthnRequestEnvelope authnRequestEnvelope = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean isPassive = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //get IDPList from directory
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster idpLocation = idpDescr.getSingleSignOnServiceURL();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPEntries idpEntries = new IDPEntries(idpEntryList);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster int minorVersion = FSServiceUtils.getMinorVersion(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostDescriptor.getProtocolSupportEnumeration());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaUtils.getFirstAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authnRequestEnvelope = new FSAuthnRequestEnvelope(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authnRequestEnvelope.setMinorVersion(minorVersion);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLoginHelper.createAuthnRequest: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "AuthnRequestEnvelope: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster responseData = authnRequestEnvelope.toXMLString();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // responseData = authnRequestEnvelope.toBASE64EncodedString();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSLoginHelper.createAuthnRequest(): "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map retMap = createMap(null, responseData, retHeaderMap);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //*****************
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (isSSO && tldURL != null && !isSingleIDP ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLoginHelper:: createAuthnRequest "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "In case where isSSO true and tldURL is true and not "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "single idp. So redirecting to thirdlevel domain");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster redirectURL = tldURL + "?" + IFSConstants.LRURL + "=" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster URLEncDec.encode(interSiteURL + "?" + authnReqIDKey
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "&" + IFSConstants.META_ALIAS + "=" + metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLoginHelper:: createAuthnRequest "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " In case where isSSO true and not a single idp so have "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "show common login page");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map retMap = createMap(null,null,retHeaderMap);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean noIDP = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster remoteEntityID = (String)idpSet.iterator().next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper:: no idps found in config."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " Cannot proceed.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + URLEncDec.encode("No IDPs Found in Configuration.")
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Please configure you Federation Services for an IDP.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String succintID = FSUtils.generateSourceID(remoteEntityID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLoginHelper:: createAuthnRequest "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " Redirecting to intersiteTransfer URL "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " with providerID and Base64 encoded SuccintID. "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //check for presence of federate cookie
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (actionOnNoFedCookie.equals(IFSConstants.COMMON_LOGIN)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map retMap = createMap(null,null,retHeaderMap);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if(actionOnNoFedCookie.equals(IFSConstants.ACTIVE)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String providerID = FSUtils.stringToBase64(succintID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "?" + authnReqIDKey + "=" + URLEncDec.encode(requestID)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "&" + providerIDKey + "=" + URLEncDec.encode(providerID)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "&" + IFSConstants.META_ALIAS + "=" + metaAlias ;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If this flag is set via the query param, we will always make
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * a passive call to the IDP.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster changeToPassiveAuthnRequest(requestID, true, metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLoginHelper.createAuthnRequest()::"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster retHeaderMap.put("content-type","text/vnd.wap.wml");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map retMap = createMap(redirectURL, null, retHeaderMap);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String requestID, boolean isPassiveFlag, String metaAlias)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSPreLogin.changeToPassiveAuthnRequest called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSessionManager sessMngr = FSSessionManager.getInstance(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSAuthnRequest authnRequest = sessMngr.getAuthnRequest(requestID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (authnRequest != null && !(authnRequest.getFederate())){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessMngr.setAuthnRequest(requestID, authnRequest);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set trustedProviders = metaManager.getAllTrustedProviders(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (trustedProviders != null && !trustedProviders.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster providerDesc = metaManager.getIDPDescriptor(realm,provider);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getIDPDescriptorConfig(realm, provider);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (providerDesc == null || providerConfig == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaUtils.getFirstAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLoginHelper::getIDPs For " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster providerStatus.equalsIgnoreCase(IFSConstants.ACTIVE)))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper::getIDPs Error in getting idp List:", ame);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper::getIDPs returing idpset as " + idpSet);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List authnContextProfileClassRefArray = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List authnContextStatementRefArray = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protocolProfile = IFSConstants.SSO_PROF_WML_POST;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLoginHelper::getAuthnReq():"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authnContextProfileClassRefArray.add(authContextString) ;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // this should be configurable
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String authnContextComparison = IFSConstants.MINIMUM;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster nameIDPolicyForReal = IFSConstants.NAME_ID_POLICY_NONE;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (anonymousOnetime != null && anonymousOnetime.equals("true")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster nameIDPolicyForReal = IFSConstants.NAME_ID_POLICY_ONETIME;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper.getAuthnReq():Error during procesing:", ex);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper.getAuthnReq() In Exception " + ex.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private Map createMap(String redirectURL, String content, Map retHeaderMap){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLoginHelper.isLECPProfile called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (String)headers.get(IFSConstants.LECP_HEADER_NAME);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String header = (IFSConstants.LECP_HEADER_NAME).toLowerCase();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper.isLECPProfile checking for "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String wmlHeaderValue =(String)headers.get("accept");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster indexOf((IFSConstants.WML_HEADER_VALUE))) != -1)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper.isWMLProfile() :: true ");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLoginHelper.getTLDURL() :: called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSLoginHelper::getTLDURL():"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Received COT Set is Invalid");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLoginHelper::getTLDURL() "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster +"Multiple COTs found will do polling " );
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper::getTLDURL() Single COT found");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster CircleOfTrustManager cotManager = new CircleOfTrustManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLoginHelper::getTLDURL "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "found a active cot with cotid : "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSLoginHelper.getTLDURL():"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper.getTLDURL():General Exception:", exp);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLoginHelper::getTLDURL().tldURL "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Creates <code>AuthnRequestEnvelope</code> for <code>LECP</code> profile.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request <code>HttpServletRequest</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return xml string of an <code>AuthnRequestEnvelope</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String createAuthnRequestEnvelope(HttpServletRequest request) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper.createAuthnRequestEnvelope(): called" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String metaAlias = request.getParameter("metaAlias");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //FSServiceUtils.getMetaAlias(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Enumeration headerNames = request.getHeaderNames();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String hn = headerNames.nextElement().toString();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String LRURL = request.getParameter (IFSConstants.LRURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LRURL = FSServiceUtils.getFederationDonePageURL(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authnRequest = getAuthnReq(headerMap, LRURL, true);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authnRequest.setMinorVersion(FSServiceUtils.getMinorVersion(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostDescriptor.getProtocolSupportEnumeration()));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper.createAuthnRequest()::AuthnRequest is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + URLEncDec.encode("Unable to create AuthnRequest") + "&"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Please check your Federation Configuration.") ;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String requestID = authnRequest.getRequestID();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper.createAuthnRequest()::RequestID: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSessionManager sessMngr = FSSessionManager.getInstance(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessMngr.setAuthnRequest(requestID, authnRequest);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object ssoToken = SessionManager.getProvider().getSession(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessMngr.setLocalSessionToken(requestID, ssoToken);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //check if dontgotothird level domain flag is off is yes
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //if yes then get one provider and and send to intersiteurl
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //else send to third level domain for provider id
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //also check if there is a single idp if yes go to intersite
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //transfer with providerid
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //*****************
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSAuthnRequestEnvelope authnRequestEnvelope = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean isPassive = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //get IDPList from directory
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster idpLocation = idpDescr.getSingleSignOnServiceURL();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster idpEntryList.add(new IDPEntry(idpID, idpID, idpLocation));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster int minorVersion = FSServiceUtils.getMinorVersion(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostDescriptor.getProtocolSupportEnumeration());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPEntries idpEntries = new IDPEntries(idpEntryList);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaUtils.getFirstAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authnRequestEnvelope.setMinorVersion(minorVersion);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLoginHelper.createAuthnRequest: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "AuthnRequestEnvelope: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLoginHelper.createAuthnRequest():Exception Occured: ", e);