/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2010-2014 ForgeRock AS. All Rights Reserved.
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
*/
/**
* This class <code>SAML2IDPProxyFRImpl</code> is used to find a preferred Identity
* Authenticating provider to proxy the authentication request. It might use an external
* JSP page to interact with the user agent
*/
/*
* Constructor.
*/
public SAML2IDPProxyFRImpl() {
}
/**
* Returns a list of preferred IDP providerIDs.
* @param authnRequest original authnrequest
* @param hostProviderID ProxyIDP providerID.
* @param realm Realm
* @param request HttpServletRequest
* @param response HttpServletResponse
* @return a list of providerID's of the authenticating providers to be
* proxied or <code>null</code> to disable the proxying and continue
* for the localauthenticating provider.
* @exception SAML2Exception if error occurs.
*/
// Entering the class and method
// Start the logic to obtain the list of preferred IdPs
try {
// Inititate the metadata manager
throw new SAML2Exception(
}
// Obtain the SP configuration
try {
spSSODescriptor = IDPSSOUtil.metaManager.getSPSSODescriptor(realm, authnRequest.getIssuer().getValue().toString());
} catch (SAML2MetaException sme) {
}
// Get the relay state from the request, if exists
}
// Read the local metadata of the SP that made the request
if (spEntityCfg != null) {
}
// Check if the local configuration of the remote SP wants to use
// the Introduction Cookie
Boolean isIntroductionForProxyingEnabled = false;
if (useIntroductionForProxying != null)
// Check if the local configuration of the remote SP wants to use
// the IDP Finder
Boolean isIdPFinderEnabled = false;
if (idpFinderEnabled != null)
// providerIDs will contain the list of IdPs to return from this method
// If the SP doesn't want to use the Introduction cookie and does not
// want to use the IdP Finder. i.e. just use the manual list in the
// extended metadata
&& !isIdpFinderForAllSPsEnabled) {
}
+ "Preferred IDPs are null.");
return null;
}
// If there are several IdPs listed in the SP configuration,
// give the user the chance to select one interactively
// Construct the IDPFinder URL to redirect to
// Generate the requestID
// Store the important stuff and the session parameters so the
// idpFinderImplemenatation can read them and process them
// return something different than null
return providerIDs;
}
return providerIDs;
}
// If the SP wants to use the IdPFinder or it is globally enabled
// and it does not want to use the introduction cookie
|| isIdpFinderForAllSPsEnabled)) {
// Construct the IDPFinder URL to redirect to
// Generate the requestID
// Store the important stuff and the session parameters so the
// idpFinderImplemenatation can read them and process them
// return something different than null
return providerIDs;
} else {
return null;
}
} else {
// IDP Proxy with introduction cookie
+ "discovery reader URL = " + readerURL);
}
+ "Redirect url = " + redirectURL);
}
if (redirectURL != null) {
return providerIDs;
}
}
}
return null;
} catch (SAML2MetaException ex) {
+ "meta Exception in retrieving the preferred IDP", ex);
return null;
} catch (COTException sme) {
+ "Error retreiving COT ", sme);
return null;
} catch (Exception e) {
+ "Exception in retrieving the preferred IDP", e);
return null;
}
}
}
}
{
try {
List<String> idpList = SAML2Utils.getSAML2MetaManager().getAllRemoteIdentityProviderEntities(realm);
} catch (SAML2MetaException me) {
return null;
}
}
try {
if (requestedAuthnContext == null) {
//Handle the special case when the original request did not contain any Requested AuthnContext:
//In this case we just simply return all the IdPs as each one should support a default AuthnContext.
}
try {
authnRequestContextSet = new HashSet();
}
while (idpExtensionsI.hasNext()) {
// TODO: Verify what type of element this is (Attribute or assertion)
// For validation purposes
+ "-->" + contentL);
+ ": " + idpContextSet);
}
}
}
}
}
}
}
}
}
}
} else {
}
} else {
}
}
}
} catch (SAML2MetaException me) {
}
}
try {
try {
authnRequestContextSet = new HashSet();
}
if (supportedAuthnContextsbyIDP != null) {
+ ": " + idpContextSet);
}
} else {
+ " contexts configured");
}
}
}
SAML2Utils.debug.error(classMethod + "Error when trying to get the idp's by standard Authn Context: " + me);
}
}
while (I.hasNext()) {
}
return trimmedSet;
}
}
} else {
}
return returnURL;
}
private void storeSessionParamsAndCache(
// Save the important param in the reqParamHash so we can
// locate them when we return to the IDPSSOFederate.
}
// Get the base URL and construct the IdP Finder URL
+ request.getContextPath();
return idpFinder;
}
/**
* Returns <code>true</code> or <code>false</code>
* depending if the flag isIDPFinderForAllSPs is set in the
* IDP Extended metadata
*
* @param realm the realm name
* @param idpEntityID the entity id of the identity provider
*
* @exception SAML2Exception if the operation is not successful
*/
throws SAML2Exception {
Boolean isIdpFinderForAllSPsEnabled = false;
try {
} else isIdpFinderForAllSPsEnabled = false;
"Unable to get IDP Proxy Finder.", ex);
throw new SAML2Exception(ex);
}
return isIdpFinderForAllSPsEnabled;
}
/**
* Returns the IDP Finder JSP configured in the extended metadata
*
* @param realm the realm name
* @param idpEntityID the entity id of the identity provider
*
* @return the IDP Finder JSP
* @exception SAML2Exception if the operation is not successful
*/
throws SAML2Exception {
try {
}
"Unable to get IDP Proxy Finder.", ex);
throw new SAML2Exception(ex);
}
return idpFinderJSP;
}
{
try {
}
} catch (SAML2MetaException sme) {
"get IDPSSOConfig failed:", sme);
}
}
return result;
}
{
}
}
}
return authnContextList;
}
}