spMNIRequestInit.jsp revision 0e107349d3f7763a9c67fb2f32c86c11364c72cf
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync The contents of this file are subject to the terms
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync of the Common Development and Distribution License
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync (the License). You may not use this file except in
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync compliance with the License.
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync You can obtain a copy of the License at
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync https://opensso.dev.java.net/public/CDDLv1.0.html or
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync See the License for the specific language governing
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync permission and limitations under the License.
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync When distributing Covered Code, include this CDDL
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync Header Notice in each file and include the License file
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync If applicable, add the following below the CDDL Header,
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync with the fields enclosed by brackets [] replaced by
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync your own identifying information:
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync "Portions Copyrighted [year] [name of copyright owner]"
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync $Id: spMNIRequestInit.jsp,v 1.12 2009/10/15 00:00:41 exu Exp $
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync Portions Copyrighted 2013-2014 ForgeRock AS
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync<%@ page import="com.sun.identity.federation.common.FSUtils" %>
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync<%@ page import="com.sun.identity.saml2.meta.SAML2MetaManager" %>
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync<%@ page import="com.sun.identity.saml2.meta.SAML2MetaUtils" %>
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync<%@ page import="com.sun.identity.saml2.profile.DoManageNameID" %>
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync<%@ page import="java.util.HashMap" %>
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync<%@ page import="org.owasp.esapi.ESAPI" %>
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync idpMNIRequestInit.jsp initiates the ManageNameIDRequest at
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync the Identity Provider.
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync Required parameters to this jsp are :
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync - metaAlias - identifier for Service Provider
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync - idpEntityID - identifier for Identity Provider
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync - requestType - the request type of ManageNameIDRequest (Terminate / NewID)
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync Somce of the other optional parameters are :
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync - relayState - the target URL on successful complete of the Request
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync Check the SAML2 Documentation for supported parameters.
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync // Retreive the Request Query Parameters
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync // metaAlias, idpEntiyID and RequestType are the required query parameters
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync // metaAlias - Hosted Entity Id
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync // idpEntityID - Identity Provider Identifier
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync // requestType - the request type of ManageNameIDRequest (Terminate / NewID)
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync // affiliationID - affiliation entity ID
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync // Query parameters supported will be documented.
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync if (FSUtils.needSetLBCookieAndRedirect(request, response, false)) {
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync String metaAlias = request.getParameter("metaAlias");
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync if ((metaAlias == null) || (metaAlias.length() == 0)) {
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync "nullIDPEntityID",
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync SAML2Utils.bundle.getString("nullIDPEntityID"));
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync String idpEntityID = request.getParameter("idpEntityID");
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync if ((idpEntityID == null) || (idpEntityID.length() == 0)) {
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync "nullIDPEntityID",
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync SAML2Utils.bundle.getString("nullIDPEntityID"));
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync String binding = DoManageNameID.getMNIBindingInfo(request, metaAlias,
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync SAML2MetaManager metaManager= new SAML2MetaManager();
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync String hostEntity = metaManager.getEntityByMetaAlias(metaAlias);
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync realm, hostEntity, SAML2Constants.MNI_SERVICE, binding))
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync "unsupportedBinding",
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync SAML2Utils.bundle.getString("unsupportedBinding"));
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync String requestType = request.getParameter("requestType");
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync if ((requestType == null) || (requestType.length() == 0)) {
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync "nullRequestType",
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync SAML2Utils.bundle.getString("nullRequestType"));
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync if (!ESAPI.validator().isValidInput("HTTP Query String: " + relayState, relayState, "HTTPQueryString", 2000, true)) {
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync relayState = null;
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync if ((relayState == null) || (relayState.isEmpty())) {
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync relayState = SAML2Utils.getAttributeValueFromSSOConfig(
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync realm, hostEntity, SAML2Constants.SP_ROLE,
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync String affiliationID =
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync request.getParameter(SAML2Constants.AFFILIATION_ID);
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync HashMap paramsMap = new HashMap();
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync paramsMap.put("metaAlias", metaAlias);
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync paramsMap.put("idpEntityID", idpEntityID);
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync paramsMap.put("requestType", requestType);
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync paramsMap.put(SAML2Constants.ROLE, SAML2Constants.SP_ROLE);
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync if (relayState != null && !relayState.isEmpty()) {
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync paramsMap.put(SAML2Constants.RELAY_STATE, relayState);
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync if (affiliationID != null) {
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync paramsMap.put(SAML2Constants.AFFILIATION_ID, affiliationID);
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync Object sess = SAML2Utils.checkSession(request,response,
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync metaAlias, paramsMap);
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync if (sess == null) {
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync DoManageNameID.initiateManageNameIDRequest(request,response,
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync metaAlias, idpEntityID, paramsMap);
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync if (binding.equalsIgnoreCase(SAML2Constants.SOAP)) {
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync if (relayState != null && !relayState.isEmpty() &&
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync SAML2Utils.isRelayStateURLValid(request, relayState, SAML2Constants.SP_ROLE) &&
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync ESAPI.validator().isValidInput("HTTP URL Value: " + relayState, relayState, "URL", 2000, true)) {
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync <jsp:forward page="/saml2/jsp/default.jsp?message=mniSuccess" />
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync } catch (SAML2Exception e) {
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync SAML2Utils.debug.error("Error sending ManageNameIDRequest " , e);
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync "requestProcessingMNIError",
38ae7e4efe803ea78b6499cd05a394db32623e41vboxsync SAML2Utils.bundle.getString("requestProcessingMNIError") + " " +