/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: SAMLAwareServlet.java,v 1.5 2009/06/12 22:21:39 mallas Exp $
*
* Portions Copyrighted 2013 ForgeRock AS
*/
/**
* Endpoint that supports <code>SAML</code> web browser artifact profile.
*/
/**
* Overrides doGet method to support <code>SAML</code> web browser artifact
* profile in two ways:
* <pre>
* - Initiates <code>SAML</code> single sign-on
* - Accepts <code>SAML</code> artifact to complete single sign-on
* </pre>
*
* @param request <code>HttpServletRequest</code> instance.
* @param response <code>HttpServletResponse</code> instance.
* @throws IOException,ServletException if there is an error.
*/
throws IOException, ServletException {
"nullInputParameter",
return;
}
// avoid dos attack
"invalidConfig",
return;
}
} else {
}
}
/**
* Overrides doPost method. It simply calls <code>doGet</code> method.
*
* @param request <code>HttpServletRequest</code> instance.
* @param response <code>HttpServletResponse</code> instance.
* @throws IOException,ServletException if there is an error.
*/
throws IOException, ServletException {
}
/**
* Creates a list of AssertionArtifact's id.
*
* @param sso the user Session object
* @param target A String representing the target host
* @param targetUrl A URL String representing the target site
* @param version The relying party preferred Assertion version number
* @return a List representing a list of AssertionArtifact's id
* @throws SAMLException if there is an error.
*/
throw new SAMLException(
}
try {
}
} catch (SessionException se) {
"nullSessionProvider"));
}
return artifactList;
}
/**
* Creates a list of AssertionArtifact's id.
*
* @param request the <code>HttpServletRequest</code> object.
* @param response the <code>HttpServletResponse</code> object.
* @param target String representing the target host.
* @throws IOException if there is an error.
* @throws SAMLException if there is an error.
*/
throws IOException, ServletException {
// put _Sites as HashSet, loop through _Sites.
// to check if the real target contains the siteid from the config
// and if the targte port number equals the port number in config
// (the port number is optional)
"Failed to get host name of target URL.");
}
"missingTargetHost",
return;
}
" Port= " + thePort);
}
// target break on ":"
if (trustedserver == null) {
"nullTrustedSite",
return;
}
int portNum = 0;
if (portNum != -1) {
if (thePort != -1) {
break;
}
}
}
} else {
// there is no port number specified in the SiteEntry:Target
}
}
}
//create Session
boolean loggedIn = false;
try {
loggedIn = true;
}
} catch (SessionException se) {
}
if (!loggedIn) {
return;
}
// create AssertionArtifact(s)
try {
} catch (SAMLException se) {
" AssertionArtifact(s)");
"errorCreateArtifact",
se.getMessage());;
return;
}
//bounce the user off to the remote site, pointing them to the
//location of SamlAwareServlet at that site, and adding the
//assertion artifact
samltmp);
}
}
} else {
target};
"targetForbidden",
return;
}
}
/**
* Partner SAML aware servlet part.
* Responsible for
* <ol type="1">
* <li>communicate with SOAP Receiver
* <li>parse the replied SOAP Message
* <li>analyze the SOAP Message and SSO Assertion inside the msg
* <li>check the validity of the SSO assertion, if so, generate
* Session and set to cookie
* </ol>
*
* @param request the <code>HttpServletRequest</code> object.
* @param response the <code>HttpServletResponse</code> object.
* @throws IOException if there is an error.
* @throws ServletException if there is an error.
*/
throws IOException, ServletException {
try {
"failedCreateSSOToken")};
"failedCreateSSOToken",
return;
}
// now we know the assertions are valid, so use those to POST if
// this target is in the POST to target list
}
} else {
}
}
}