a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: FSIntersiteTransferService.java,v 1.6 2008/08/29 04:57:16 exu Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.federation.services.fednsso;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.cot.CircleOfTrustManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FSUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.IFSConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.LogUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.jaxb.entityconfig.BaseConfigType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSAuthnRequest;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.common.IDPEntries;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.common.IDPEntry;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSIDPList;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSScoping;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.plugins.FederationSPAdapter;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.FSSessionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.util.FSServiceUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.util.FSSignatureManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.util.FSSignatureException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.encode.URLEncDec;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Gets called to send <code>AuthnRequest</code> to <code>IDP</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class FSIntersiteTransferService extends HttpServlet {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "redirectToCommonDomain: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster HttpSession session = request.getSession(true);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (Set)session.getAttribute(IFSConstants.SESSION_COTSET_ATTR);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster CircleOfTrustManager cotManager = new CircleOfTrustManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster cotSet = cotManager.getAllCirclesOfTrust(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster session.setAttribute(IFSConstants.SESSION_COTSET_ATTR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService. redirect"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "ToCommonDomain: No CommonDomain metadata found");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster { FSUtils.bundle.getString("noCommonDomainMetadata") };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //response.sendRedirect(framedLoginPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "redirectToCommonDomain: No more CommonDomain left");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster { FSUtils.bundle.getString("noCommonDomainMetadata") };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //response.sendRedirect(framedLoginPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.forwardRequest(request, response, framedLoginPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster session.setAttribute(IFSConstants.SESSION_COTSET_ATTR, cotSet);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster StringBuffer redirectURL = new StringBuffer(300);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster StringBuffer returnURL = request.getRequestURL();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "redirectToCommonDomain: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Redirecting to check for PrefferedIDP @:" + url);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "redirectToCommonDomain: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "COTException occured while trying to "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "redirect to the CommonDomain: " , e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //response.sendRedirect(framedLoginPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.forwardRequest(request, response, framedLoginPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "redirectToCommonDomain: IOException : " , ex);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "redirectToCommonDomain: IOException"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " occured while trying to redirect to the CommonDomain: ", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private String findRequestID(HttpServletRequest request) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSIntersiteTransferService.findRequestID: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String requestID = request.getParameter(IFSConstants.AUTH_REQUEST_ID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (requestID == null || requestID.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSIntersiteTransferService.findRequestID:"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "No requestID in the query string");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "signAndReturnQueryString: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(queryString == null || queryString.length() == 0){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "signAndReturnQueryString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "signAndReturnQueryString: certAlias: " + certAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(queryString == null || queryString.length() == 0){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "signAndReturnQueryString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSignatureManager manager = FSSignatureManager.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String sigAlg = IFSConstants.ALGO_ID_SIGNATURE_RSA_JCA;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(manager.getKeyProvider().getPrivateKey(certAlias).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getAlgorithm().equals(IFSConstants.KEY_ALG_RSA))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSIntersiteTransferService.signAndReturnQueryString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "private key algorithm is: RSA");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sigAlg = IFSConstants.ALGO_ID_SIGNATURE_RSA_JCA;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if(manager.getKeyProvider().getPrivateKey(certAlias).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getAlgorithm().equals(IFSConstants.KEY_ALG_DSA))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSIntersiteTransferService.signAndReturnQueryString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "private key algorithm is: DSA");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sigAlg = IFSConstants.ALGO_ID_SIGNATURE_DSA_JCA;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSIntersiteTransferService.signAndReturnQueryString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "private key algorithm is not supported");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(queryString.charAt(queryString.length()-1) != '&'){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(sigAlg.equals(IFSConstants.ALGO_ID_SIGNATURE_DSA_JCA)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (sigAlg.equals(IFSConstants.ALGO_ID_SIGNATURE_RSA_JCA)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSIntersiteTransferService.signAndReturnQueryString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Invalid signature algorithim");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster queryString + "SigAlg=" + URLEncDec.encode(algoId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSIntersiteTransferService.signAndReturnQueryString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster signature = manager.signBuffer(queryString, certAlias, sigAlg);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "signAndReturnQueryString: FSSignatureException occured "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "while signing query string: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "signAndReturnQueryString: Signature generated is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "signAndReturnQueryString:Signed Querystring: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Generates <code>AuthnRequest</code> and sends it to <code>IDP</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request <code>HttpServletRequest</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response <code>HttpServletResponse</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception ServletException,IOException if error occurred
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSIntersiteTransferService.doGet: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Check to see if there is a need to set lb cookie.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This is for the use case that AuthnRequest is not created by the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * preLogin process and lb cookie wasn't set there.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (FSUtils.needSetLBCookieAndRedirect(request, response, false)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (metaAlias == null || metaAlias.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaAlias = FSServiceUtils.getMetaAlias(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String hostEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.bundle.getString("nullInputParameter"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "QueryString Received from CommonDomain: " + qs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //throw error page
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + FSUtils.bundle.getString("nullInputParameter"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.bundle.getString("nullInputParameter"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSessionManager sessionMgr = FSSessionManager.getInstance(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSAuthnRequest authnRequest = sessionMgr.getAuthnRequest(requestID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + FSUtils.bundle.getString("invalidRequestId"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { FSUtils.bundle.getString("invalidRequestId")};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,"INVALID_AUTHN_REQUEST",data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String resourceUrl = authnRequest.getRelayState();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String baseURL = FSServiceUtils.getBaseURL(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster framedLoginPageURL = FSServiceUtils.getCommonLoginPageURL(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaAlias, resourceUrl, null, request, baseURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String idpID = FSUtils.findPreferredIDP(realm, request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "No Preffered IDP found in this Common Domain. "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Try to find PrefferedIDP in other common domains");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster redirectToCommonDomain(request, response, requestID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster idpDescriptor = metaManager.getIDPDescriptor(realm, idpID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,"PROVIDER_NOT_TRUSTED",data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster HttpSession session = request.getSession(true);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster session.removeAttribute(IFSConstants.SESSION_COTSET_ATTR);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Set the authn request version here
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster int minorVersion = FSServiceUtils.getMinorVersion(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster idpDescriptor.getProtocolSupportEnumeration());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authnRequest.getAuthnContext().setMinorVersion(minorVersion);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getSPDescriptor(realm, hostEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getSPDescriptorConfig(realm, hostEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (IDFFMetaUtils.getBooleanAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (affiliations != null && !affiliations.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AffiliationDescriptorType affiliateDescriptor =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaUtils.getBooleanAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaUtils.getFirstAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List proxyIDPs = IDFFMetaUtils.getAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (proxyIDPs != null && !proxyIDPs.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSIDPList idpList = new FSIDPList(entries, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "AuthnRequest:" + authnRequest.toXMLString(true, true));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if(authnRequest.getProtocolProfile().equals(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster handleWMLIST(request, response, authnRequest, idpDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Unknown Protocol Profile");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { FSUtils.bundle.getString("invalidAuthnRequest") };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.INVALID_AUTHN_REQUEST,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.bundle.getString("invalidAuthnRequest"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService.doGet: ", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + FSUtils.bundle.getString("sendFailed")+ioe.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Generates <code>AuthnRequest</code> and sends it to <code>IDP</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request <code>HttpServletRequest</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response <code>HttpServletResponse</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception ServletException,IOException if error occurred
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ) throws javax.servlet.ServletException, java.io.IOException
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSIntersiteTransferService.handleBrowserArtifactPOSTIST: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService.doGet: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + FSUtils.bundle.getString("nullInputParameter"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.bundle.getString("nullInputParameter"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String targetURL = idpDescriptor.getSingleSignOnServiceURL();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "handleBrowserArtifactPOSTIST: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Destination URL to send AuthnRequest: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Call SP adapter in case of browser GET
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSIntersiteTransferService, " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "GET, call spAdapter.preSSOFederationRequest");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // log run time exception in Adapter
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // implementation, continue
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService,"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "GET SPAdapter.preSSOFederationRequest:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String queryString = authnRequest.toURLEncodedQueryString();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "handleBrowserArtifactPOSTIST: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { FSUtils.bundle.getString("invalidRequest") };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.INVALID_AUTHN_REQUEST,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //signAuthnRequest If specified
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaUtils.getFirstAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean authnRequestSigned = hostDesc.isAuthnRequestsSigned();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster queryString = signAndReturnQueryString(queryString,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "handleBrowserArtifactPOSTIST: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "AuthnRequest signing failed");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster tmp.append(targetURL).append("&").append(queryString);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster tmp.append(targetURL).append("?").append(queryString);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.FINER, "REDIRECT_TO",data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (redirecto.length() > IFSConstants.URL_MAX_LENGTH) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "handleBrowserArtifactPOSTIST: Redirection URL"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " length exceeding the URL MAX length restriction. "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Switching to form post");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sendAuthnRequestPost(response, targetURL, authnRequest);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.setStatus(response.SC_MOVED_TEMPORARILY);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "handleBrowserArtifactPOSTIST: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Sending AuthnRequest by http-redirect to: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "handleBrowserArtifactPOSTIST: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + FSUtils.bundle.getString("sendFailed") , ioe);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSIntersiteTransferService.handleWMLIST: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService.handleWMLIST: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + FSUtils.bundle.getString("nullInputParameter"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.bundle.getString("nullInputParameter"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String targetURL = idpDescriptor.getSingleSignOnServiceURL();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSIntersiteTransferService.handleWMLIST: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Destination URL to send AuthnRequest: " + targetURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.INFO,LogUtil.REDIRECT_TO, data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sendWMLB64Post(response, targetURL, authnRequest);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService.handleWMLIST: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService.handleWMLIST: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + FSUtils.bundle.getString("sendFailed"), ioe);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSIntersiteTransferService:sendWMLB64Post: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster out.println("<!DOCTYPE wml PUBLIC \"-//WAPFORUM//DTD WML 1.1//EN\""
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " \"http://www.wapforum.org/DTD/wml_1.1.xml\">");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster out.println("<card id=\"request\" title=\"SP Request\">");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster out.println("<onevent type=\"onenterforward\">");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster out.println("<go method=\"post\" href=\"" + destination + "\">");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + authnRequest.toBASE64EncodedString() + "\"/>");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster out.println("<onevent type=\"onenterbackward\">");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster out.println("Contacting IdP. Please wait....");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSIntersiteTransferService:sendWMLB64Post: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Base64 Encoded AuthnRequest at the Sender: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSIntersiteTransferService:sendWMLB64Post: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "AuthnRequest sent successfully to: " + destination);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSIntersiteTransferService:sendWMLB64Post:",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSIntersiteTransferService.sendAuthnRequestPost: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster out.println("<BODY Onload=\"document.Request.submit()\">");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster out.println("<FORM NAME=\"Request\" METHOD=\"POST\" ACTION=\""
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + authnRequest.toBASE64EncodedString() + "\"/>");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSIntersiteTransferService:sendAuthnRequestPost: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Base64 Encoded AuthnRequest at the Sender: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "\nFSIntersiteTransferService:sendAuthnRequestPost: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "AuthnRequest sent successfully to: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSIntersiteTransferService:sendAuthnRequestPost:", ex);