spAssertionConsumer.jsp revision 0e107349d3f7763a9c67fb2f32c86c11364c72cf
40N/A<%--
40N/A DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
40N/A
40N/A Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
371N/A
40N/A The contents of this file are subject to the terms
40N/A of the Common Development and Distribution License
40N/A (the License). You may not use this file except in
40N/A compliance with the License.
40N/A
40N/A You can obtain a copy of the License at
40N/A https://opensso.dev.java.net/public/CDDLv1.0.html or
40N/A opensso/legal/CDDLv1.0.txt
40N/A See the License for the specific language governing
40N/A permission and limitations under the License.
40N/A
40N/A When distributing Covered Code, include this CDDL
40N/A Header Notice in each file and include the License file
40N/A at opensso/legal/CDDLv1.0.txt.
40N/A If applicable, add the following below the CDDL Header,
40N/A with the fields enclosed by brackets [] replaced by
40N/A your own identifying information:
40N/A "Portions Copyrighted [year] [name of copyright owner]"
40N/A
40N/A $Id: spAssertionConsumer.jsp,v 1.17 2010/01/23 00:07:06 exu Exp $
40N/A
40N/A--%>
40N/A
40N/A<%--
40N/A Portions Copyrighted 2012-2014 ForgeRock AS
40N/A--%>
40N/A
493N/A<%@page
40N/Aimport="com.sun.identity.shared.encode.URLEncDec,
40N/Acom.sun.identity.federation.common.FSUtils,
70N/Acom.sun.identity.saml.common.SAMLUtils,
493N/Acom.sun.identity.saml2.common.SAML2Constants,
40N/Acom.sun.identity.saml2.common.SAML2Exception,
40N/Acom.sun.identity.saml2.common.SAML2Utils,
493N/Acom.sun.identity.saml2.logging.LogUtil,
40N/Acom.sun.identity.saml2.meta.SAML2MetaException,
40N/Acom.sun.identity.saml2.meta.SAML2MetaManager,
40N/Acom.sun.identity.saml2.meta.SAML2MetaUtils,
40N/Acom.sun.identity.saml2.profile.ResponseInfo,
40N/Acom.sun.identity.saml2.profile.SPACSUtils,
40N/Acom.sun.identity.saml2.profile.IDPProxyUtil,
40N/Acom.sun.identity.saml2.protocol.Response,
40N/Acom.sun.identity.plugin.session.SessionManager,
40N/Acom.sun.identity.plugin.session.SessionProvider,
70N/Acom.sun.identity.plugin.session.SessionException,
493N/Ajava.util.logging.Level
70N/A"
493N/A%>
40N/A<%@ page import="java.io.PrintWriter" %>
40N/A
493N/A<html>
40N/A<head>
493N/A <title>SP Assertion Consumer Service</title>
40N/A</head>
70N/A
493N/A<%!
493N/A private String getLocalLoginUrl(
40N/A String orgName,
70N/A String hostEntityId,
70N/A SAML2MetaManager metaManager,
40N/A ResponseInfo respInfo,
70N/A String requestURL,
String relayState)
{
String localLoginUrl = SPACSUtils.prepareForLocalLogin(
orgName, hostEntityId, metaManager, respInfo, requestURL);
if (localLoginUrl.indexOf("?") == -1) {
localLoginUrl += "?goto=";
} else {
localLoginUrl += "&goto=";
}
String gotoURL = requestURL + "?resID="
+ URLEncDec.encode(respInfo.getResponse().getID());
if (relayState != null && relayState.length() != 0) {
gotoURL += "&RelayState=" + URLEncDec.encode(relayState);
}
localLoginUrl += URLEncDec.encode(gotoURL);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("spAssertionConsumer.jsp: local login "
+ "url=" + localLoginUrl);
}
return localLoginUrl;
}
%>
<body>
<%
// check request, response, content length
if ((request == null) || (response == null)) {
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
"nullInput", SAML2Utils.bundle.getString("nullInput"));
return;
}
// to avoid dos attack
// or use SAML2Utils?
try {
SAMLUtils.checkHTTPContentLength(request);
} catch (ServletException se) {
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
"largeContentLength", se.getMessage());
return;
}
if (FSUtils.needSetLBCookieAndRedirect(request, response, false)) {
return;
}
String requestURL = request.getRequestURL().toString();
// get entity id and orgName
String metaAlias = SAML2MetaUtils.getMetaAliasByUri(requestURL);
SAML2MetaManager metaManager = SAML2Utils.getSAML2MetaManager();
if (metaManager == null) {
// logging?
SAMLUtils.sendError(request, response,
response.SC_INTERNAL_SERVER_ERROR, "errorMetaManager",
SAML2Utils.bundle.getString("errorMetaManager"));
return;
}
String hostEntityId = null;
try {
hostEntityId = metaManager.getEntityByMetaAlias(metaAlias);
} catch (SAML2MetaException sme) {
// logging?
SAMLUtils.sendError(request, response,
response.SC_INTERNAL_SERVER_ERROR, "metaDataError",
SAML2Utils.bundle.getString("metaDataError"));
return;
}
if (hostEntityId == null) {
// logging?
SAMLUtils.sendError(request, response,
response.SC_INTERNAL_SERVER_ERROR, "metaDataError",
SAML2Utils.bundle.getString("metaDataError"));
return;
}
String orgName = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
if (orgName == null || orgName.length() == 0) {
orgName = "/";
}
String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
// federate flag
String federate = request.getParameter(SAML2Constants.FEDERATE);
SessionProvider sessionProvider = null;
ResponseInfo respInfo = null;
try {
sessionProvider = SessionManager.getProvider();
} catch (SessionException se) {
SAMLUtils.sendError(request, response,
response.SC_INTERNAL_SERVER_ERROR, "nullSessionProvider",
se.getMessage());
return;
}
try {
respInfo = SPACSUtils.getResponse(
request, response, orgName, hostEntityId, metaManager);
} catch (SAML2Exception se) {
// Only do a sendError if one hasn't already been called.
if (!response.isCommitted()) {
SAMLUtils.sendError(request, response,
response.SC_INTERNAL_SERVER_ERROR, "getResponseError",
se.getMessage());
}
return;
}
String ecpRelayState = respInfo.getRelayState();
if ((ecpRelayState != null) && (ecpRelayState.length() > 0)) {
relayState = ecpRelayState;
}
Object token = null;
try {
token = sessionProvider.getSession(request);
} catch (SessionException se) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message(
"spAssertionConsumer.jsp: Token is null." +
se.getMessage());
}
token = null;
}
if (federate != null && federate.trim().equals("true") &&
token == null) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("spAssertionConsumer.jsp: federate "
+ "is true, and token is null. do local login first.");
}
FSUtils.forwardRequest(request, response, getLocalLoginUrl(
orgName, hostEntityId, metaManager, respInfo,
requestURL, relayState));
return;
}
Object newSession = null;
try {
newSession = SPACSUtils.processResponse(
request, response, new PrintWriter(out, true), metaAlias, token, respInfo,
orgName, hostEntityId, metaManager);
} catch (SAML2Exception se) {
SAML2Utils.debug.error("spAssertionConsumer.jsp: SSO failed.", se);
String[] data = {hostEntityId,se.getMessage(),""};
if (LogUtil.isErrorLoggable(Level.FINE)) {
data[2] = respInfo.getResponse().toXMLString(true, true);
}
LogUtil.error(Level.INFO,
LogUtil.SP_SSO_FAILED,
data,
null);
if (se.isRedirectionDone()) {
// response had been redirected already.
return;
}
if (se.getMessage().equals(SAML2Utils.bundle.getString("noUserMapping"))) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("spAssertionConsumer.jsp:need "
+ " local login!!");
}
// logging?
FSUtils.forwardRequest(request, response, getLocalLoginUrl(
orgName, hostEntityId, metaManager, respInfo,
requestURL, relayState));
return;
}
SAMLUtils.sendError(request, response,
response.SC_INTERNAL_SERVER_ERROR, "SSOFailed",
SAML2Utils.bundle.getString("SSOFailed"));
return;
}
if (newSession == null) {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("Session is null.");
SAML2Utils.debug.message("spAssertionConsumer.jsp:Login has "
+ "failed!!");
}
SAMLUtils.sendError(request, response,
response.SC_INTERNAL_SERVER_ERROR, "SSOFailed",
SAML2Utils.bundle.getString("SSOFailed"));
return;
}
SAML2Utils.debug.message("SSO SUCCESS");
String[] redirected = sessionProvider.getProperty(newSession,
SAML2Constants.RESPONSE_REDIRECTED);
if ((redirected != null) && (redirected.length != 0) &&
redirected[0].equals("true")) {
SAML2Utils.debug.message("Redirection already done in SPAdapter.");
// response redirected already in SPAdapter
return;
}
Response saml2Resp = respInfo.getResponse();
String requestID = saml2Resp.getInResponseTo();
boolean isProxyOn = IDPProxyUtil.isIDPProxyEnabled(requestID);
if (isProxyOn) {
try {
IDPProxyUtil.generateProxyResponse(request, response, new PrintWriter(out, true), metaAlias,
respInfo,newSession);
} catch (SAML2Exception se) {
SAML2Utils.debug.message("Failed sending proxy response");
}
return;
}
// redirect to relay state
String finalUrl = SPACSUtils.getRelayState(
relayState, orgName, hostEntityId, metaManager);
String realFinalUrl = finalUrl;
if (finalUrl != null && finalUrl.length() != 0) {
try {
realFinalUrl =
sessionProvider.rewriteURL(newSession, finalUrl);
} catch (SessionException se) {
SAML2Utils.debug.message(
"spAssertionConsumer.jsp: URL rewriting failed.", se);
realFinalUrl = finalUrl;
}
}
String redirectUrl = SPACSUtils.getIntermediateURL(
orgName, hostEntityId, metaManager);
String realRedirectUrl = null;
if (redirectUrl != null && redirectUrl.length() != 0) {
if (realFinalUrl != null && realFinalUrl.length() != 0) {
if (redirectUrl.indexOf("?") != -1) {
redirectUrl += "&goto=";
} else {
redirectUrl += "?goto=";
}
redirectUrl += URLEncDec.encode(realFinalUrl);
try {
realRedirectUrl = sessionProvider.rewriteURL(
newSession, redirectUrl);
} catch (SessionException se) {
SAML2Utils.debug.message(
"spAssertionConsumer.jsp: URL rewriting failed.", se);
realRedirectUrl = redirectUrl;
}
} else {
realRedirectUrl = redirectUrl;
}
} else {
realRedirectUrl = finalUrl;
}
if (realRedirectUrl == null || (realRedirectUrl.trim().length() == 0)) {
if (isProxyOn) {
return;
} else {
%>
<jsp:forward page="/saml2/jsp/default.jsp?message=ssoSuccess" />
<%
}
} else {
// log it
try {
SAML2Utils.validateRelayStateURL(orgName, hostEntityId,
realRedirectUrl,
SAML2Constants.SP_ROLE);
} catch (SAML2Exception se) {
SAMLUtils.sendError(request, response,
response.SC_BAD_REQUEST, "requestProcessingError",
SAML2Utils.bundle.getString("requestProcessingError") + " " +
se.getMessage());
return;
}
response.sendRedirect(realRedirectUrl);
}
%>
</body>
</html>