/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: FSBrowserArtifactConsumerHandler.java,v 1.8 2008/12/19 06:50:46 exu Exp $
*
*/
/**
* <code>SP</code> side assertion consumer handler handes artifact profile.
*/
{
protected FSBrowserArtifactConsumerHandler() {
}
/**
* Constructs a <code>FSBrowserArtifactHandler</code> object.
* @param request <code>HttpServletRequest</code> object.
* @param response <code>HttpServletResponse</code> object
* @param idpDescriptor <code>IDP</code> provider descriptor
* @param idpEntityId <code>IDP</code> entity id
* @param doFederate a flag indicating if it is a federation request
* @param nameIDPolicy <code>nameIDPolicy</code> used
* @param relayState <code>RelayState</code> url
*/
public FSBrowserArtifactConsumerHandler(
boolean doFederate,
)
{
super(
}
/**
* Constructs a <code>FSBrowserArtifactConsumerHandler</code> object.
* @param request <code>HttpServletRequest</code> object.
* @param response <code>HttpServletResponse</code> object
* @param idpDescriptor <code>IDP</code> provider descriptor
* @param idpEntityId <code>IDP</code> entity id
* @param relayState <code>RelayState</code> url
* @param samlReq <code>FSRequest</code> with artifact
*/
public FSBrowserArtifactConsumerHandler(
)
{
false, null, relayState);
this.samlRequest = samlReq;
{
} else {
}
}
/**
* Builds <code>SAML</code> request (with artifact),
* sends <code>SAML</code> request to <code>IDP</code> through
* <code>SOAP</code>, receives <code>SAML</code> response, then
* processes the response.
*/
public void processSAMLRequest() {
"FSBrowserArtifactConsumerHandler.processSAMLRequest: Called");
try {
samlRequest.toXMLString(true, true));
//sign here
if (FSServiceUtils.isSigningOn())
{
if (metaManager == null) {
"processSAMLRequest: could not create meta " +
"instance");
return;
}
+ "processSAMLRequest: couldn't obtain this site's cert"
+ " alias.");
return;
}
+ "processSAMLRequest: certAlias: "
+ certAlias);
}
if (minorVersion ==
doc,
samlRequest.getID(),
false);
} else if(minorVersion ==
doc,
false,
} else {
}
}
//call with saml request
+ "processSAMLRequest: "
+ " Response SOAPMessage is null");
return;
}
//getback response
if ((samlResponseElt != null) &&
"Fault"))
{
+ "processSAMLRequest: "
+ " SOAPFault occured");
return;
} else if ((samlResponseElt != null) &&
{
if (samlResponse == null) {
+ "processSAMLRequest: "
+ " Could not create SAML Response");
return;
}
} else {
+ "processSAMLRequest: "
+ " SOAP response does not contain samlp:Response");
return;
}
//process saml response
return;
} catch(Exception e){
+ "processSAMLRequest: Exception occured: "
try {
+ "processSAMLRequest: IOException occured: ", e);
}
return;
}
}
"FSBrowserArtifactConsumerHandler.processSAMLResponse: Called");
try {
if (samlResponse == null) {
+ "processSAMLResponse: null input "
return;
}
+ "processSAMLResponse: Received "
+ samlResponse.toXMLString());
}
if (!valid) {
+ "processSAMLResponse: verify Status failed "
{
}
return;
}
// check Assertion
+ "processSAMLResponse"
+ ": No assertion found inside the AuthnResponse");
return;
}
if (authnRequestRef == null) {
+ "processSAMLResponse: "
+ ": Assertion does not correspond to any AuthnRequest");
return;
}
this.authnRequest = authnRequestRef;
if ((this.relayState == null) ||
{
this.relayState =
if ((this.relayState == null) ||
{
this.relayState =
}
}
// Call SP preSSOFederationProcess for Artifact case
"Artifact, Invoke spAdapter.preSSOFederationProcess");
}
try {
} catch (Exception e) {
// log run time exception in Adapter
// implementation, continue
+ " SPAdapter.preSSOFederationSuccess", e);
}
}
null,
baseURL);
if ((idpEntityIdRef == null) ||
{
+ "processSAMLResponse: "
+ ": Assertion does not correspond to any IDP");
return;
}
if (validSubject == null) {
+ "processSAMLResponse: validateAssertions failed: "
{
}
return;
}
if (doFederate) {
}
// remove it from session manager table
return;
} else {
+ "processSAMLResponse: "
"AccountFederationFailed"));
"AccountFederationFailed") };
{
}
}
} else {
+ "processSAMLResponse: Single Sign-On failed. "
+ "NameIdentifier of the subject is null: ");
}
} else {
// remove it from session manager table
}
return;
}
int handleType;
return;
}
} else {
}
"FSBrowserArtifactConsumerHandler."
+ "processSAMLResponse: NameIdentifier="
+ " securityDomain="
+ ni.getNameQualifier());
}
int returnCode = doSingleSignOn(
if (isIDPProxyEnabled(requestID)) {
return;
}
data,
ssoToken);
// Call SP Adapter
try {
{
return;
}
} catch (Exception e) {
// log run time exception in Adapter
// implementation, continue
+ " SPAdapter.postSSOFederationSuccess:",e);
}
}
redirectToResource(this.relayState);
return;
} else {
+ "processSAMLResponse: SingleSignOnFailed, ni="
{
}
return;
}
} else {
+ "processSAMLResponse: SingleSignOnFailed (null)");
}
}
} catch(Exception e){
+ "processSAMLResponse: Exception occured: ", e);
return;
}
}
throws FSException
{
null,
baseURL);
try {
"FSBrowserArtifactConsumerHandler.redirectToResource: Called");
if (resourceURL == null){
+ "redirectToResource: Resource URL is null");
}
+ "redirectToResource: User's Authentication"
+ " Assertion verified redirecting to Resource:"
+ resourceURL);
}
} catch(IOException e){
throw new FSException(e.getMessage());
}
}
"FSBrowserArtifactConsumerHandler.getInResponseToRequest: Called");
return authnRequest;
}
) throws SAMLException
{
"FSBrowserArtifactConsumerHandler.signSAMLRequest: Called");
if (samlRequest.isSigned()) {
+ "signSAMLRequest: the request is already signed.");
}
throw new SAMLException(
}
"signSAMLRequest: couldn't obtain this site's cert alias.");
}
throw new SAMLResponderException(
}
+ "signSAMLRequest: Provider's certAlias is found: "
+ certAlias);
}
+ "signSAMLRequest: XMLString to be signed: "
+ samlRequest.toString(true, true));
}
return samlRequest;
}
}