a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington/*
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * opensso/legal/CDDLv1.0.txt
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * at opensso/legal/CDDLv1.0.txt.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: SAMLClient.java,v 1.6 2008/08/19 19:11:11 veiming Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * Portions Copyrighted 2015 ForgeRock AS.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.saml;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.io.*;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.*;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.net.URL;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport javax.servlet.http.*;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.common.SystemConfigurationUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.common.SystemConfigurationException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionProvider;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.*;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.*;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.protocol.*;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.servlet.SAMLSOAPReceiver;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.jaxrpc.SOAPClient;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.xml.XMLUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport org.w3c.dom.Document;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport org.w3c.dom.Node;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport org.w3c.dom.NodeList;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport org.w3c.dom.Element;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The class <code>SAMLClient</code> provides interfaces
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * to do Web and POST profile as specified by SAML specification. It
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * also provides methods to get Assertions based on Artifacts.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class SAMLClient {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This private method is designed to do the SAML Single-Sign-On.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * It is called internally by doWebArtifact and doWebPOST methods.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request HTTP Servlet Request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response HTTP Servlet Response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param target the target URL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param service the service name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception IOException if an input or output exception occurs when
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * redirecting to service <code>URL</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAMLException if SAML error occurs during Single-Sign-On.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static void doSSO(HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster HttpServletResponse response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String target, String service)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws IOException, SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (request == null || response == null || target == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("SAMLClient:Input parameter is null.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((!service.equals(SAMLConstants.SAML_AWARE_NAMING)) &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (!service.equals(SAMLConstants.SAML_POST_NAMING)) &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (!service.equals(SAMLConstants.SAML_SOAP_NAMING))) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("SAMLClient:illegal naming service name.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("illegalNamingService"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object ssoToken = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SessionProvider sessionProvider;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessionProvider = SessionManager.getProvider();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ssoToken =sessionProvider.getSession(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (ssoToken == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("SAMLClient:SSOToken is null.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("nullSSOToken"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!sessionProvider.isValid(ssoToken)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("SAMLClient:Session is invalid.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("invalidSSOToken"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (SessionException se) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("SAMLClient", se);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException("SAMLClient:doSSO:" + se.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster URL weburl = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster URL serverurl = new URL(SAMLServiceManager.getServerURL());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster weburl = SystemConfigurationUtil.getServiceURL(service,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster serverurl.getProtocol(), serverurl.getHost(),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster serverurl.getPort(), serverurl.getPath());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch(SystemConfigurationException ue) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("SAMLClient", ue);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("URLNotFoundException"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster StringBuffer redirectedurl = new StringBuffer(200);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String tname = (String) SAMLServiceManager.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getAttribute(SAMLConstants.TARGET_SPECIFIER);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster redirectedurl.append(weburl).append("?").append(tname).append("=").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append(target);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.sendRedirect(redirectedurl.toString());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This method is designed to do the SAML web-browser profile with
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * Artifact. Once the browser (user) authenticated to OpenAM,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * it can call this method to complete the single sign on to the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * target host and be redirected to the specified target site.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request HTTP Servlet Request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response HTTP Servlet Response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param target A String representing the target URL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception IOException if an input or output exception occurs when
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * redirecting to service <code>URL</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAMLException if SAML error occurs during the process
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static void doWebArtifact(HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster HttpServletResponse response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String target)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws IOException, SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster doSSO(request, response, target, SAMLConstants.SAML_AWARE_NAMING);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This method is designed to do the SAML web-browser POST profile.
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * Once the browser (user) authenticated to OpenAM,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * it can call this method
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * to complete the single sign on to the target host and be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * redirected to the target site.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request HTTP Servlet Request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response HTTP Servlet Response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param target A String representing the target URL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception IOException if an input or output exception occurs when
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * redirecting to service <code>URL</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAMLException if SAML error occurs during the process
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static void doWebPOST(HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster HttpServletResponse response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String target)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws IOException, SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster doSSO(request, response, target, SAMLConstants.SAML_POST_NAMING);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This method returns the Assertion for the corresponding artifact.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * It sends an <code>ArtifactQuery</code> SAML message to the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * destination identified by the source ID in the artifact and
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * returns the Assertion contained in the SAML response message.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param artifact An <code>AssertionArtifact</code> representing the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * artifact
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return An Assertion corresponding to the artifact
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception IOException if an input or output exception occurs when
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * connecting to SAML service <code>URL</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAMLException if SAML error occurs during the process
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Assertion getAssertionByArtifact(AssertionArtifact artifact)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws IOException, SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return getAssertionByArtifact(artifact.getAssertionArtifact());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This method returns the Assertion for the corresponding artifact.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * It sends an <code>ArtifactQuery</code> SAML message to the destination
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * identified by the source ID in the artifact and returns the Assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * contained in the SAML response message.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param artifact A String representing the artifact
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return An Assertion corresponding to the artifact
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception IOException if an input or output exception occurs when
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * connecting to SAML service <code>URL</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAMLException if SAML error occurs during the process
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.api
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Assertion getAssertionByArtifact(String artifact)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws IOException, SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (artifact == null || artifact.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("SAMLClient: input is null.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("nullInput"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // first, check if the sourceid contained in the artifact has an entry
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // in SAML config
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AssertionArtifact aa = new AssertionArtifact(artifact);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String sid = aa.getSourceID();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String ssurl = getSamlSoapUrl(sid);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // if not, query naming service to get the soap url in case of local
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster URL samlsoap = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (ssurl == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map instances= (Map)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLServiceManager.getAttribute(SAMLConstants.INSTANCE_LIST);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (instances == null || instances.size() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("instancemapNull"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String server= (String) instances.get(sid);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (server == null || server.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("instanceNotFound"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster URL serverurl = new URL(server);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster samlsoap = SystemConfigurationUtil.getServiceURL(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLConstants.SAML_SOAP_NAMING,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster serverurl.getProtocol(), serverurl.getHost(),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster serverurl.getPort(), serverurl.getPath());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster samlsoap = new URL(ssurl);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("SAMLClient:SOAPUrl=" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster samlsoap.toString());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (SystemConfigurationException ue) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("SAMLClient", ue);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("URLNotFoundException"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!setLocalFlag(samlsoap)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("failSetLocalFlag"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("SAMLClient:getAssertionByArtifact: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "check localFlag : " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLServiceManager.localFlag);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String encodedSourceid = (String) SAMLServiceManager.getAttribute(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLConstants.SITE_ID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean isMySite = sid.equals(encodedSourceid.trim());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLServiceManager.localFlag && isMySite) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // if the localFlag is true and the Artifact's source id is
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // the same as my site_id, (means SAMLClient and AssertionManager
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // in the same JVM, call AssertionManager directly.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("SAMLClient:getAssertionByArtifact" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ":call AssertionManager.getAssertion(" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AssertionArtifact)");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AssertionManager assertManager = AssertionManager.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Assertion assertion = assertManager.getAssertion(aa);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return assertion;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] strarray = new String[1];
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster strarray[0]= artifact;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List asserts = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (isMySite && ssurl == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster asserts = artifactQueryHandler(strarray, samlsoap.toString());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster asserts = artifactQueryHandler(strarray, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (asserts == null || asserts.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("SAMLClient:getAssertionByArtifact" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ":returned assertion list is null.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return ((Assertion) asserts.get(0));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static String getSamlSoapUrl(String sourceid) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String soapurl = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map partner = (Map) SAMLServiceManager.getAttribute(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLConstants.PARTNER_URLS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (partner == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("SAMLClient:Partner URL is null.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLServiceManager.SOAPEntry partnerdest =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (SAMLServiceManager.SOAPEntry) partner.get(sourceid);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (partnerdest != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster soapurl = partnerdest.getSOAPUrl();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("SAMLClient: " + sourceid +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " is not on trusted site list.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return soapurl;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (Exception se) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("SAMLClient: ", se);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static boolean setLocalFlag(URL url) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (url == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("SAMLClient:setLocalFlag has null input.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Preload class SAMLSOAPReceiver since it wouldn't be included
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // in the remote sdk. If the class SAMLSOAPReceiver isn't
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // presented, we consider it is client application.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Class.forName("com.sun.identity.saml.servlet.SAMLSOAPReceiver");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("in setLocalFlag(), url : " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster url.toString());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("SAMLSOAPReceiver.localSAMLServiceID : "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + SAMLSOAPReceiver.localSAMLServiceID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLSOAPReceiver.localSAMLServiceID != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster URL samlservice =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster new URL(SAMLSOAPReceiver.localSAMLServiceID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((url.getHost().equalsIgnoreCase(samlservice.getHost())) &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (url.getPort() == samlservice.getPort())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLServiceManager.localFlag = true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (ClassNotFoundException cnfe) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("SAMLClient::setLocalFlag: ",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster cnfe);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLServiceManager.localFlag = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (Exception e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("SAMLClient::setLocalFlag:: ", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLServiceManager.localFlag = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This private method takes a SAML request object and returns a SOAPMessage
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * wrapped around the request object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param req A SAML request object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a SOAPMessage
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAMLException
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static String createSOAPMessage(Request req)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (req == null){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster StringBuffer envBegin = new StringBuffer(100);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster envBegin.append("<").append(SAMLConstants.SOAP_ENV_PREFIX).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append(":Envelope").append(SAMLConstants.SPACE).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append("xmlns:").append(SAMLConstants.SOAP_ENV_PREFIX).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append("=\"").append(SAMLConstants.SOAP_URI).append("\">").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append(SAMLConstants.NL).append("<").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append(SAMLConstants.SOAP_ENV_PREFIX).append(":Body>").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append(SAMLConstants.NL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster StringBuffer envEnd = new StringBuffer(100);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster envEnd.append(SAMLConstants.START_END_ELEMENT).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append(SAMLConstants.SOAP_ENV_PREFIX).append(":Body>").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append(SAMLConstants.NL).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append(SAMLConstants.START_END_ELEMENT).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append(SAMLConstants.SOAP_ENV_PREFIX).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append(":Envelope>").append(SAMLConstants.NL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster StringBuffer sb = new StringBuffer(300);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sb.append(envBegin).append(req.toString(true, true)).append(envEnd);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return(sb.toString());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (Exception e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(e.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This private method is designed to get the URLEndpoint which points to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the partner's SOAP Receiver service, such as the URLEndpoint of
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * SAMLSOAPReceiver servlet in OpenAM context.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param destSite A object of
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * com.sun.identity.saml.common.SAMLServiceManager.SOAPEntry
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param to An URLEndpoint object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception IOException if <code>URL</code> is invalid
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAMLException if SAML error occurs during the process
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static String createSOAPReceiverUrl(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster com.sun.identity.saml.common.SAMLServiceManager.SOAPEntry destSite,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String to) throws IOException, SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (destSite == null || to == null || to.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //get authentication type
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String authtype = destSite.getAuthType();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String urlEndpoint = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster int idnx = -1;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((idnx = to.indexOf("//")) == -1) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("SAMLClient:createSOAPReceiverUrl:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Illegal format of input parameter.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("illegalFormatSOAPUrl"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String protocol = to.substring(0, idnx-1);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // check if the authentication type matches the protocol specified in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // input parameter "to".
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (authtype.equalsIgnoreCase(SAMLConstants.BASICAUTH) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authtype.equalsIgnoreCase(SAMLConstants.NOAUTH)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!protocol.equals(SAMLConstants.HTTP)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SystemConfigurationUtil.isServerMode()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = {SAMLUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "mismatchAuthTypeandProtocol")};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.error(java.util.logging.Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.AUTH_PROTOCOL_MISMATCH, data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("mismatchAuthTypeandProtocol"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (authtype.equalsIgnoreCase(SAMLConstants.SSLWITHBASICAUTH)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster || authtype.equalsIgnoreCase(SAMLConstants.SSL)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!protocol.equals(SAMLConstants.HTTPS)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SystemConfigurationUtil.isServerMode()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = {SAMLUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "mismatchAuthTypeandProtocol")};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.error(java.util.logging.Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.AUTH_PROTOCOL_MISMATCH, data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("mismatchAuthTypeandProtocol"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SystemConfigurationUtil.isServerMode()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = {SAMLUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "wrongAuthType")};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.error(java.util.logging.Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.INVALID_AUTH_TYPE, data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("wrongAuthType"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // If the authentication type is BASICAUTH or SSLWITHBASICAUTH,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // call ServiceManager to retrieve the partner's user name and password
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // which protects the partner's SOAPReceiverURL.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (authtype.equalsIgnoreCase(SAMLConstants.BASICAUTH) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authtype.equalsIgnoreCase(SAMLConstants.SSLWITHBASICAUTH)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String username = destSite.getBasicAuthUserID();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String password = destSite.getBasicAuthPassword();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (username == null || password == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("SAMLClient:createSOAPReceiverUrl:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "PartnerSite required basic authentication. But the " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "user name or password used for authentication is null.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("wrongConfigBasicAuth"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String toSOAP = to.substring(0, idnx+2) + username + ":" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster password + "@" + to.substring(idnx+2);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEndpoint = toSOAP;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEndpoint = to;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Sending message to URL: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEndpoint);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SystemConfigurationUtil.isServerMode()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = {SAMLUtils.bundle.getString("SOAPReceiverURL"),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEndpoint};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.access(java.util.logging.Level.FINE,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.SOAP_RECEIVER_URL, data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return urlEndpoint;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This private method is designed to get the SAML response object from
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * a SOAPMessage string.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param xmlString A String representing a string of SOAPMessage
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a SAML Response object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception IOException if an input or output exception occurs when
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * connecting to SAML service <code>URL</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAMLException if SAML error occurs during the process
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static Response getSAMLResponse(String xmlString)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws IOException, SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (xmlString == null || xmlString.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Response samlResp = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Document doc = XMLUtils.toDOMDocument(xmlString, SAMLUtils.debug);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Element root= doc.getDocumentElement();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String rootName = root.getLocalName();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((rootName == null) || (rootName.length() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("Missing Envelope tag.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException (
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("missingSOAPEnvTag"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!(rootName.equals("Envelope")) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (!(root.getNamespaceURI().equals(SAMLConstants.SOAP_URI)))) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("Wrong Envelope tag or namespace.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("serverError"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //exam the child element of <SOAP-ENV:Envelope>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster NodeList nodes = root.getChildNodes();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster int nodeCount = nodes.getLength();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (nodeCount <= 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("Envelope does not contain a SOAP body.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("missingSOAPBody"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String tagName = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String ctagName = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Node currentNode = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Node cnode = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (int i = 0; i < nodeCount; i++) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster currentNode = nodes.item(i);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (currentNode.getNodeType() == Node.ELEMENT_NODE) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster tagName = currentNode.getLocalName();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((tagName == null) || tagName.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("Missing tag name of child element");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("missingChildTagName"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (tagName.equals("Body")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster NodeList cNodes = currentNode.getChildNodes();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster int cnodeCount = cNodes.getLength();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (int j = 0; j < cnodeCount; j++) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster cnode = cNodes.item(j);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (cnode.getNodeType() == Node.ELEMENT_NODE){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ctagName = cnode.getLocalName();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((ctagName == null) || ctagName.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("Missing tag name of " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "child element of <SOAP-ENV:Body>");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "missingChildTagName"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (ctagName.equals("Fault")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("SOAPFault error.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XMLUtils.print(cnode));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (ctagName.equals("Response")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster samlResp = new Response((Element) cnode);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("SAML Response:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster samlResp.toString());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster break;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("Wrong child element " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "in SOAPBody");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "wrongSOAPBody"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } // end of for(int j=0; j <cnodeCount; j++)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (tagName.equals("Header")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Inside SOAP Response:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " SOAP Header");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("Wrong child element in Envelope");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("wrongSOAPElement"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } // end of if (currentNode.getNodeType() == Node.ELEMENT_NODE)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } // end of for (int i = 0; i < nodeCount; i++)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return samlResp;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This method is designed to get a list of assertion from the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SAML Response.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param samlresponse A SAML Response object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param alist a List
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a List object representing a list of Assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAMLException
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static List getAssertionList(Response samlresponse, List alist)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (samlresponse == null || alist == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // get a list of SAML assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List assertions = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster assertions = samlresponse.getAssertion();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (assertions == null || assertions.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SystemConfigurationUtil.isServerMode()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = {SAMLUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "noAssertioninResponse"), samlresponse.toString(true, true)};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.error(java.util.logging.Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.NO_ASSERTION_IN_RESPONSE, data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.displayXML(samlresponse.getStatus().toString()));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (assertions.size() != alist.size()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("The SAML response containing assertions !="
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "the number of artifacts in SAML request");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SystemConfigurationUtil.isServerMode()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = {SAMLUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "wrongNumberAssertions"),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster samlresponse.toString(true, true)};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.error(java.util.logging.Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.MISMATCHED_ASSERTION_AND_ARTIFACT, data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("wrongNumberAssertions"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return assertions;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This method is designed to get a list of assertion based on the input
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AssertionArtifact</code>(s).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param arti An array of String
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a List object representing a list of Assertions
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception IOException if an input or output exception occurs when
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * connecting to SAML service <code>URL</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAMLException if SAML error occurs during the process
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static List artifactQueryHandler(String[] arti, String connecto)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws IOException, SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((arti == null) || (arti.length == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("artifactQueryHandler: null input.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(SAMLUtils.bundle.getString("nullInput"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String firstSourceID = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster com.sun.identity.saml.common.SAMLServiceManager.SOAPEntry dest= null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Response samlresponse = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List al = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List artl = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AssertionArtifact firstArtifact = new AssertionArtifact(arti[0]);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster firstSourceID = firstArtifact.getSourceID();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SystemConfigurationUtil.isServerMode()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = {SAMLUtils.bundle.getString("Artifact") + " " + 0,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster arti[0]};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.access(java.util.logging.Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.ARTIFACT_TO_SEND, data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster artl.add(firstArtifact);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster al.add(arti[0]);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AssertionArtifact assertArtifact = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String destination = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (int k = 1; k < arti.length; k++) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // check if all Artifact come from the same source id
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster assertArtifact = new AssertionArtifact(arti[k]);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster destination = assertArtifact.getSourceID();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("SourceID within the Artifact is " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster destination);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!destination.equals(firstSourceID)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Received multiple Artifacts " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "have different source id.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("sourceidDifferent"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SystemConfigurationUtil.isServerMode()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = {SAMLUtils.bundle.getString("Artifact") + " "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + k, arti[k]};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.access(java.util.logging.Level.FINE,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.ARTIFACT_TO_SEND, data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster artl.add(assertArtifact);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster al.add(arti[k]);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //Retrieve the soap-receiver-url using the sourceid inside of
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //the AssertionArtifact
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String to = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map soaps = (Map) SAMLServiceManager.getAttribute(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLConstants.PARTNER_URLS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (soaps == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("nullPartnerUrl"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("nullPartnerUrl"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String urlEndpoint = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (soaps.containsKey(firstSourceID)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster dest = (SAMLServiceManager.SOAPEntry) soaps.get(firstSourceID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster to = dest.getSOAPUrl();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (to==null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (connecto == null || connecto.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SystemConfigurationUtil.isServerMode()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = {SAMLUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "wrongPartnerSOAPUrl")};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.error(java.util.logging.Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.WRONG_SOAP_URL, data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("wrongPartnerSOAPUrl"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEndpoint = connecto;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEndpoint = createSOAPReceiverUrl(dest, to);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("SAMLClient:artifactQueryHandler: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Failed to locate SOAP-Receiver-URL " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "using the source id from AssertionArtifact.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (connecto == null || connecto.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("failedLocateSOAPUrl"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEndpoint = connecto;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (urlEndpoint == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("SAMLClient:artifactQueryHandler:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "createSOAPReceiverURL Error!");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SystemConfigurationUtil.isServerMode()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = {SAMLUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "wrongPartnerSOAPUrl")};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.error(java.util.logging.Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.WRONG_SOAP_URL, data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(SAMLUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "wrongPartnerSOAPUrl"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //generate SAML Request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Request req = new Request(null, artl);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String ver = dest.getVersion();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (ver != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster StringTokenizer st = new StringTokenizer(ver,".");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (st.countTokens() == 2) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster req.setMajorVersion(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Integer.parseInt(st.nextToken().trim()));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster req.setMinorVersion(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Integer.parseInt(st.nextToken().trim()));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (((Boolean) SAMLServiceManager.getAttribute(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLConstants.SIGN_REQUEST)).booleanValue())
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster req.signXML();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // SOAPMessage msg = createSOAPMessage(req);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String xmlString = createSOAPMessage(req);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Send the message to the provider using the connection.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("SENDING message: \n " + xmlString);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SystemConfigurationUtil.isServerMode()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = {SAMLUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "sendingSAMLRequest"), xmlString};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.access(java.util.logging.Level.FINE,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.SAML_ARTIFACT_QUERY, data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // SOAPMessage reply = con.call(msg, urlEndpoint);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] urls = { urlEndpoint };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SOAPClient client = new SOAPClient(urls);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster InputStream inbuf = client.call(xmlString, null, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster StringBuffer reply = new StringBuffer();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String line;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster BufferedReader reader = new BufferedReader(new InputStreamReader(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster inbuf, "UTF-8"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster while ((line = reader.readLine()) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster reply.append(line).append("\n");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //reply should contain SAML response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (reply == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SystemConfigurationUtil.isServerMode()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = {SAMLUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "noReplyfromSOAPReceiver")};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.error(java.util.logging.Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.NO_REPLY_FROM_SOAP_RECEIVER, data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("noReplyfromSOAPReceiver"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // check the SOAP message for any SOAP related errors
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // before passing control to SAML processor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster xmlString = reply.toString();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("REPLIED message: \n " + xmlString);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SystemConfigurationUtil.isServerMode()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = {SAMLUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "repliedSOAPMessage"), xmlString};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.access(java.util.logging.Level.FINE,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.REPLIED_SOAP_MESSAGE, data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster samlresponse = getSAMLResponse(xmlString);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (samlresponse == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("SAMLClient:artifactQueryHandler:"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "No SAML Response contained in SOAPMessage.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SystemConfigurationUtil.isServerMode()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = {SAMLUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "noSAMLResponse")};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.error(java.util.logging.Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.NULL_SAML_RESPONSE, data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(SAMLUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "noSAMLResponse"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (Exception e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("SAMLClient:artifactQueryHandler", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(e.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAMLUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.message("Start to process SAML Response...");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Process saml Response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!samlresponse.isSignatureValid()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SystemConfigurationUtil.isServerMode()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = {SAMLUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "cannotVerifyResponse")};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.error(java.util.logging.Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.INVALID_RESPONSE_SIGNATURE, data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("cannotVerifyResponse"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster try {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String statuscode= samlresponse.getStatus().getStatusCode().
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getValue();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster int idex=0;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((idex=statuscode.indexOf(":")) == -1) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.bundle.getString("wrongformatStatusCode"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!(statuscode.substring(idex).equals(":Success"))) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.debug.error("Error:SAML StatusCode is not Success");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.displayXML(samlresponse.getStatus().toString()));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } catch (Exception e) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SystemConfigurationUtil.isServerMode()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = {SAMLUtils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "errorSAMLStatusCode")};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.error(java.util.logging.Level.INFO,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtils.ERROR_RESPONSE_STATUS, data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLException(e.getMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // retrieve SAML Assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List asserts = new ArrayList();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster asserts = getAssertionList(samlresponse, al);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return asserts;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster}