idpSSOFederate.jsp revision 6ee2adce4b7ba1c7cdee88dce16cc901d1a1e1ce
842ae4bd224140319ae7feec1872b93dfd491143fielding DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
842ae4bd224140319ae7feec1872b93dfd491143fielding Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
842ae4bd224140319ae7feec1872b93dfd491143fielding The contents of this file are subject to the terms
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse of the Common Development and Distribution License
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd (the License). You may not use this file except in
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse compliance with the License.
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd You can obtain a copy of the License at
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd See the License for the specific language governing
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd permission and limitations under the License.
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd When distributing Covered Code, include this CDDL
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd Header Notice in each file and include the License file
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd If applicable, add the following below the CDDL Header,
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd with the fields enclosed by brackets [] replaced by
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd your own identifying information:
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd "Portions Copyrighted [year] [name of copyright owner]"
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse $Id: idpSSOFederate.jsp,v 1.6 2009/10/15 00:00:41 exu Exp $
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse Portions Copyrighted 2013-2015 ForgeRock AS.
70535d6421eb979ac79d8f49d31cd94d75dd8b2fjorton<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse<%@ page import="com.sun.identity.saml2.profile.IDPSSOUtil" %>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse<%@ page import="com.sun.identity.saml2.profile.IDPSSOFederate" %>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse<%@ page import="java.io.PrintWriter" %>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse<%@ page import="org.forgerock.guice.core.InjectorHolder" %>
c1b78a620dc5a3b0ba6d90ed0dd2ac3e1b0201b7jorton<%@ page import="org.forgerock.openam.audit.AuditEventPublisher" %>
c1b78a620dc5a3b0ba6d90ed0dd2ac3e1b0201b7jorton<%@ page import="org.forgerock.openam.saml2.audit.SAML2Auditor" %>
c1b78a620dc5a3b0ba6d90ed0dd2ac3e1b0201b7jorton<%@ page import="org.forgerock.openam.audit.AuditEventFactory" %>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse AuditEventPublisher aep = InjectorHolder.getInstance(AuditEventPublisher.class);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse AuditEventFactory aef = InjectorHolder.getInstance(AuditEventFactory.class);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse SAML2Auditor saml2Auditor = new SAML2Auditor(aep, aef, request);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse saml2Auditor.setMethod("idpSSOFederate");
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse saml2Auditor.setRealm(SAML2Utils.getRealm(request.getParameterMap()));
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse // check request, response
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse if ((request == null) || (response == null)) {
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "nullInput",
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse saml2Auditor.auditAccessFailure(String.valueOf(response.SC_BAD_REQUEST),
c1b78a620dc5a3b0ba6d90ed0dd2ac3e1b0201b7jorton String cachedResID = request.getParameter(SAML2Constants.RES_INFO_ID);
c1b78a620dc5a3b0ba6d90ed0dd2ac3e1b0201b7jorton // if this id is set, then this is a redirect from the COT
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse // cookie writer. There is already an assertion response
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse // cached in this provider. Send it back directly.
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse if ((cachedResID != null) && (cachedResID.length() != 0)) {
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse IDPSSOUtil.sendResponse(request, response, new PrintWriter(out, true), cachedResID);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse } catch (SAML2Exception sse) {
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse SAML2Utils.debug.error("Error processing request " , sse);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "requestProcessingError",
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse SAML2Utils.bundle.getString("requestProcessingError") + " " + sse.getMessage());
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse saml2Auditor.auditAccessFailure(String.valueOf(response.SC_BAD_REQUEST),
e16695d440d82ec6f9a4b9af18ae38dbeaa19366jerenkrantz SAML2Utils.bundle.getString("requestProcessingError"));
e16695d440d82ec6f9a4b9af18ae38dbeaa19366jerenkrantz String reqBinding = SAML2Constants.HTTP_REDIRECT;
e16695d440d82ec6f9a4b9af18ae38dbeaa19366jerenkrantz if (request.getMethod().equals("POST")) {
c1b78a620dc5a3b0ba6d90ed0dd2ac3e1b0201b7jorton * This call handles the federation and/or single sign on request
c1b78a620dc5a3b0ba6d90ed0dd2ac3e1b0201b7jorton * from a service provider. It processes the AuthnRequest
c5f8a69aa8ce3dc9b7c3f99284ed912d375ae40ejorton * sent by the service provider and generates a proper
7d3e81b6534692d0a08d4b2ab3c364b92f9d7bdbjorton * SAML Response that contains an Assertion.
7d3e81b6534692d0a08d4b2ab3c364b92f9d7bdbjorton * It sends back a response containing error status if
7d3e81b6534692d0a08d4b2ab3c364b92f9d7bdbjorton * something is wrong during the request processing.
c5f8a69aa8ce3dc9b7c3f99284ed912d375ae40ejorton IDPSSOFederate.doSSOFederate(request, response, new PrintWriter(out, true), reqBinding, saml2Auditor);