/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: FSAssertionConsumerService.java,v 1.3 2008/06/25 05:46:57 qcheng Exp $
*
*/
/**
* <code>SP</code> <code>AssertionConsumerService</code>.
*/
/**
* Initializes the servlet.
*/
}
/**
* Default constructor.
*/
public FSAssertionConsumerService() {
}
/**
* Handles artifact profile.
* @param request <code>HttpServletRequest</code> object
* @param response <code>HttpServletResponse</code> object
* @exception ServletException, IOException if error occurrs.
*/
public void doGet(
) throws ServletException, IOException
{
return;
}
"FSAssertionConsumerService.doGet():Resource URL: "
+ relayState);
}
"FSAssertionConsumerService: CommonLoginPage: "
+ framedPageURL);
}
try {
} catch (Exception e) {
return;
}
+ "AuthnRequest Processing Failed at the IDP "
+ "Redirecting to the Framed Login Page");
}
try {
+ "SourceID within the Artifact is "
+ firstSourceID);
}
// check all artifacts coming from the same source id
new FSAssertionArtifact(arti[k]);
+ "SourceID within the Artifact is "
+ dest);
}
"Received multiple artifacts have different source id");
return;
}
}
} catch(SAMLException se) {
return;
} catch(FSMsgException se) {
return;
}
try {
// handle sso
+ "Trying to get BrowserArtifactHandler");
}
return;
}
+ "BrowserArtifactHandler created");
}
return;
} catch(Exception e) {
+ "Exception occurred :", e);
return;
}
}
/**
* Handles post profile.
* @param request <code>HttpServletRequest</code> object
* @param response <code>HttpServletResponse</code> object
* @exception ServletException, IOException if error occurs.
*/
public void doPost(
) throws ServletException, IOException
{
return;
}
try {
} catch (Exception e) {
"Exception when obtain host meta data:", e);
return;
}
// obtain AuthnResponse message
+ "Base64 encoded AuthnResponse: " + encodedAuthnResponse);
}
if (encodedAuthnResponse == null) {
+ " AuthnRequest Processing Failed at the IDP"
+ " Redirecting to the Framed Login Page");
return;
}
+ "Base64 encoded AuthnResponse2: " + encodedAuthnResponse);
}
try {
"FSAssertionConsumerService.doPost:Error "
+ "while parsing input xml string");
}
}
if (authnResponse == null){
+ "Invalid AuthnResponse. "
+ "Can't parse Base64 encoded AuthnResponse");
+ " AuthnRequest Processing Failed at the IDP"
+ " Redirecting to the Framed Login Page");
return;
}
} catch(FSException e){
+ "Invalid AuthnResponse. FSException"
+ " occured while parsing Base64 encoded AuthnResponse: ", e);
+ " AuthnRequest Processing Failed at the IDP"
+ " Redirecting to the Framed Login Page");
return;
} catch(SAMLException e) {
+ "Invalid AuthnResponse. SAMLException"
+ " occurred while parsing Base64 encoded AuthnResponse: ", e);
+ " AuthnRequest Processing Failed at the IDP"
+ " Redirecting to the Framed Login Page");
return;
}
try {
"AuthnResponse received is valid: " +
}
} catch(FSException e){
+ "Invalid AuthnResponse. FSException"
+ " occurred while calling AuthnResponse.toXMLString(): ", e);
+ " AuthnRequest Processing Failed at the IDP"
+ " Redirecting to the Framed Login Page");
return;
}
+ "Invalid AuthnResponse. AuthnResponse "
+ "received does not have inResponseTo attribute");
+ " AuthnRequest Processing Failed at the IDP"
+ " Redirecting to the Framed Login Page");
return;
}
"AuthnResponse received is against requestID: " + requestID);
}
if (authnRequest == null){
+ "Invalid AuthnResponse. AuthnResponse"
+ " received does not have an associated AuthnRequest");
+ " AuthnRequest Processing Failed at the IDP"
+ " Redirecting to the Framed Login Page");
return;
}
+ "inResponseTo validation is successful");
}
try {
{
realm, idpEntityId);
+ "Invalid AuthnResponse. Sender information "
+ "not found for the received AuthnResponse");
+ " AuthnRequest Processing Failed at the IDP"
+ " Redirecting to the Framed Login Page");
return;
}
if ((FSServiceUtils.isSigningOn () ||
{
"FSAssertionConsumerService.doPost: Signature " +
"verification failed");
return;
}
} else {
+ "LECP Profile identified. IDP info is unknown so far"
+ "Get providerId from the response");
}
realm, idpEntityId);
}
// handle sso
+ "could not create AssertionArtifactHandler");
+ " AuthnRequest Processing Failed at the IDP"
+ " Redirecting to the Framed Login Page");
return;
}
return;
+ "Exception: ", se);
+ " AuthnRequest Processing Failed at the IDP"
+ " Redirecting to the Framed Login Page");
return;
}
}
)
{
"FSAssertionConsumerService::getInResponseToRequest: Called");
}
}
private boolean verifyAuthnResponseSignature(
{
"FSAssertionConsumerService.verifyAuthnResponseSignature: Called");
try {
idpDescriptor, idpEntityId, true);
+ "verifyAuthnResponseSignature: couldn't obtain "
+ "this site's cert.");
return false;
}
} catch(Exception e){
+ "verifyAuthnResponseSignature: Exception occurred while "
+ "verifying signature: "
, e);
return false;
}
}
}