saml2/jsp/spMNIRequestInit.jsp

	spMNIRequestInit.jsp revision 0e107349d3f7763a9c67fb2f32c86c11364c72cf
2N/A<%--
2N/A   DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
2N/A
2N/A   Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
2N/A
2N/A   The contents of this file are subject to the terms
2N/A   of the Common Development and Distribution License
2N/A   (the License). You may not use this file except in
2N/A   compliance with the License.
2N/A
2N/A   You can obtain a copy of the License at
2N/A   https://opensso.dev.java.net/public/CDDLv1.0.html or
2N/A   opensso/legal/CDDLv1.0.txt
2N/A   See the License for the specific language governing
2N/A   permission and limitations under the License.
2N/A
2N/A   When distributing Covered Code, include this CDDL
2N/A   Header Notice in each file and include the License file
2N/A   at opensso/legal/CDDLv1.0.txt.
2N/A   If applicable, add the following below the CDDL Header,
2790N/A   with the fields enclosed by brackets [] replaced by
2790N/A   your own identifying information:
3739N/A   "Portions Copyrighted [year] [name of copyright owner]"
2N/A
2N/A   $Id: spMNIRequestInit.jsp,v 1.12 2009/10/15 00:00:41 exu Exp $
2N/A
2N/A--%>
2N/A
2N/A<%--
3817N/A   Portions Copyrighted 2013-2014 ForgeRock AS
2N/A--%>
2N/A
2N/A<%@ page import="com.sun.identity.federation.common.FSUtils" %>
59N/A<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
59N/A<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
2N/A<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
2N/A<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
2N/A<%@ page import="com.sun.identity.saml2.meta.SAML2MetaManager" %>
2N/A<%@ page import="com.sun.identity.saml2.meta.SAML2MetaUtils" %>
26N/A<%@ page import="com.sun.identity.saml2.profile.DoManageNameID" %>
26N/A<%@ page import="java.util.HashMap" %>
2N/A<%@ page import="org.owasp.esapi.ESAPI" %>
26N/A
1470N/A<%--
38N/A    idpMNIRequestInit.jsp initiates the ManageNameIDRequest at
1470N/A    the Identity Provider.
1470N/A    Required parameters to this jsp are :
1470N/A    - metaAlias - identifier for Service Provider
181N/A    - idpEntityID - identifier for Identity Provider
26N/A    - requestType - the request type of ManageNameIDRequest (Terminate / NewID)
3739N/A
3739N/A    Somce of the other optional parameters are :
3739N/A    - relayState - the target URL on successful complete of the Request
3739N/A
3739N/A    Check the SAML2 Documentation for supported parameters.
3739N/A
3739N/A--%>
3739N/A
3817N/A<%
3817N/A    // Retreive the Request Query Parameters
26N/A    // metaAlias, idpEntiyID and RequestType are the required query parameters
26N/A    // metaAlias - Hosted Entity Id
26N/A    // idpEntityID - Identity Provider Identifier
26N/A    // requestType - the request type of ManageNameIDRequest (Terminate / NewID)
26N/A    // affiliationID - affiliation entity ID
26N/A    // Query parameters supported will be documented.
26N/A
700N/A    if (FSUtils.needSetLBCookieAndRedirect(request, response, false)) {
700N/A        return;
26N/A    }
26N/A
26N/A    try {
1498N/A        String metaAlias = request.getParameter("metaAlias");
1498N/A        if ((metaAlias ==  null) || (metaAlias.length() == 0)) {
26N/A            SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
1498N/A                "nullIDPEntityID",
151N/A                SAML2Utils.bundle.getString("nullIDPEntityID"));
206N/A            return;
26N/A        }
26N/A
26N/A        String idpEntityID = request.getParameter("idpEntityID");
26N/A
26N/A        if ((idpEntityID == null) || (idpEntityID.length() == 0)) {
3998N/A            SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
2818N/A                "nullIDPEntityID",
2830N/A                SAML2Utils.bundle.getString("nullIDPEntityID"));
3127N/A            return;
3998N/A        }
26N/A
3294N/A        String binding = DoManageNameID.getMNIBindingInfo(request, metaAlias,
26N/A                                        SAML2Constants.SP_ROLE, idpEntityID);
2N/A        SAML2MetaManager metaManager= new SAML2MetaManager();
26N/A        String hostEntity = metaManager.getEntityByMetaAlias(metaAlias);
26N/A        String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
26N/A        if (!SAML2Utils.isSPProfileBindingSupported(
26N/A            realm, hostEntity, SAML2Constants.MNI_SERVICE, binding))
883N/A        {
26N/A            SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
26N/A                "unsupportedBinding",
26N/A                SAML2Utils.bundle.getString("unsupportedBinding"));
26N/A            return;
1043N/A        }
586N/A
26N/A        String requestType = request.getParameter("requestType");
93N/A
166N/A        if ((requestType == null) || (requestType.length() == 0)) {
26N/A            SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
379N/A                "nullRequestType",
379N/A                SAML2Utils.bundle.getString("nullRequestType"));
1498N/A            return;
1498N/A        }
2899N/A
2899N/A        String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
2899N/A        if (!ESAPI.validator().isValidInput("HTTP Query String: " + relayState, relayState, "HTTPQueryString", 2000, true)) {
2899N/A            relayState = null;
2899N/A        }
2899N/A
2236N/A
2236N/A        if ((relayState == null) || (relayState.isEmpty())) {
2818N/A            relayState = SAML2Utils.getAttributeValueFromSSOConfig(
2N/A                realm, hostEntity, SAML2Constants.SP_ROLE,
26N/A                SAML2Constants.DEFAULT_RELAY_STATE);
26N/A        }
181N/A
181N/A        String affiliationID =
4353N/A            request.getParameter(SAML2Constants.AFFILIATION_ID);
4353N/A
4353N/A        HashMap paramsMap = new HashMap();
181N/A        paramsMap.put("metaAlias", metaAlias);
99N/A        paramsMap.put("idpEntityID", idpEntityID);
59N/A        paramsMap.put("requestType", requestType);
12N/A        paramsMap.put(SAML2Constants.ROLE, SAML2Constants.SP_ROLE);
30N/A        paramsMap.put(SAML2Constants.BINDING, binding);
1256N/A
1256N/A        if (relayState != null && !relayState.isEmpty()) {
1256N/A            paramsMap.put(SAML2Constants.RELAY_STATE, relayState);
2818N/A        }
1256N/A
1256N/A        if (affiliationID != null) {
1256N/A            paramsMap.put(SAML2Constants.AFFILIATION_ID, affiliationID);
1256N/A        }
1256N/A
1256N/A        Object sess = SAML2Utils.checkSession(request,response,
1256N/A                                          metaAlias, paramsMap);
1256N/A        if (sess == null) {
1256N/A            return;
2818N/A        }
1256N/A
1256N/A        DoManageNameID.initiateManageNameIDRequest(request,response,
1256N/A                                          metaAlias, idpEntityID, paramsMap);
1256N/A
1256N/A        if (binding.equalsIgnoreCase(SAML2Constants.SOAP)) {
1256N/A            if (relayState != null && !relayState.isEmpty() &&
1256N/A                    SAML2Utils.isRelayStateURLValid(request, relayState, SAML2Constants.SP_ROLE) &&
3109N/A                    ESAPI.validator().isValidInput("HTTP URL Value: " + relayState, relayState, "URL", 2000, true)) {
3109N/A                response.sendRedirect(relayState);
3109N/A            } else {
3109N/A                %>
3109N/A                <jsp:forward page="/saml2/jsp/default.jsp?message=mniSuccess" />
3109N/A                <%
3109N/A            }
3109N/A        }
3109N/A    } catch (SAML2Exception e) {
3109N/A        SAML2Utils.debug.error("Error sending ManageNameIDRequest " , e);
3109N/A        SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
3109N/A            "requestProcessingMNIError",
3109N/A            SAML2Utils.bundle.getString("requestProcessingMNIError") + " " +
3109N/A            e.getMessage());
3109N/A        return;
3109N/A    }
3109N/A%>
1256N/A