spSSOInit.jsp revision 0e107349d3f7763a9c67fb2f32c86c11364c72cf
321N/A<%--
321N/A DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
1276N/A
321N/A Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
1339N/A
321N/A The contents of this file are subject to the terms
321N/A of the Common Development and Distribution License
919N/A (the License). You may not use this file except in
919N/A compliance with the License.
919N/A
919N/A You can obtain a copy of the License at
919N/A https://opensso.dev.java.net/public/CDDLv1.0.html or
919N/A opensso/legal/CDDLv1.0.txt
919N/A See the License for the specific language governing
919N/A permission and limitations under the License.
919N/A
919N/A When distributing Covered Code, include this CDDL
919N/A Header Notice in each file and include the License file
919N/A at opensso/legal/CDDLv1.0.txt.
919N/A If applicable, add the following below the CDDL Header,
919N/A with the fields enclosed by brackets [] replaced by
919N/A your own identifying information:
919N/A "Portions Copyrighted [year] [name of copyright owner]"
919N/A
321N/A $Id: spSSOInit.jsp,v 1.11 2009/06/24 23:05:30 mrudulahg Exp $
321N/A
321N/A--%>
321N/A
493N/A<%--
321N/A Portions Copyrighted 2013-2014 ForgeRock AS
970N/A--%>
977N/A
970N/A
970N/A<%@ page import="com.sun.identity.shared.debug.Debug" %>
1339N/A<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
1339N/A<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
1339N/A<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
321N/A<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
1276N/A<%@ page import="com.sun.identity.saml2.profile.SPCache" %>
321N/A<%@ page import="com.sun.identity.saml2.profile.SPSSOFederate" %>
911N/A<%@ page import="java.util.HashMap" %>
1276N/A<%@ page import="java.util.ArrayList" %>
1276N/A<%@ page import="java.util.List" %>
1276N/A<%@ page import="java.util.Map" %>
911N/A<%@ page import="java.util.StringTokenizer" %>
321N/A
321N/A<%--
321N/A spssoinit.jsp initiates the Single Sign-On at the Service Provider.
321N/A
1276N/A Following are the list of supported query parameters :
493N/A
321N/A Required parameters to this jsp are :
1124N/A
1124N/A Query Parameter Name Description
1124N/A
1124N/A 1. metaAlias MetaAlias for Service Provider. The format of
970N/A this parameter is /realm_name/SP name.
970N/A
970N/A 2. idpEntityID Identifier for Identity Provider
321N/A
Optional Query Parameters :
Query Parameter Name Description
3. RelayState Target URL on successful complete of SSO/Federation
4. RelayStateAlias Specify the parameter(s) to use as the RelayState.
e.g. if the request URL has :
?TARGET=http://server:port/uri&RelayStateAlias=TARGET
then the TARGET query parameter will be interpreted as
RelayState and on successful completion of
SSO/Federation user will be redirected to the TARGET URL.
5. NameIDFormat NameIDPolicy format Identifier Value.
For example,
urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
urn:oasis:names:tc:SAML:2.0:nameid-format:transient
6. binding URI value that identifies a SAML protocol binding to
used when returning the Response message.
The supported values are :
HTTP-Artifact
HTTP-POST
7. AssertionConsumerServiceIndex
An integer number indicating the location
to which the Response message should be returned to
the requester.
8. AttributeConsumingServiceIndex
Indirectly specifies information associated
with the requester describing the SAML attributes
the requester desires or requires to be supplied
by the IDP in the generated Response message.
Note: This parameter may not be supported for
this release.
9. isPassive true or false value indicating whether the IDP
should authenticate passively.
10. ForceAuthn true or false value indicating if IDP must
force authentication OR false if IDP can rely on
reusing existing security contexts.
true - force authentication
11.AllowCreate Value indicates if IDP is allowed to created a new
identifier for the principal if it does not exist.
Value of this parameter can be true OR false.
true - IDP can dynamically create user.
12.Destination A URI Reference indicating the address to which the
request has been sent.
13.AuthnContextDeclRef Specifies the AuthnContext Declaration Reference.
The value is a pipe separated value with multiple
references.
14.AuthnContextClassRef Specifies the AuthnContext Class References.
The value is a pipe separated value with multiple
references.
15 AuthLevel The Authentication Level of the Authentication
Context to use for Authentication.
16.AuthComparison The comparison method used to evaluate the
requested context classes or statements.
Allowed values are :
exact
minimum
maximum
better
17.Consent Specifies a URI a SAML defined identifier
known as Consent Identifiers.These are defined in
the SAML 2 Assertions and Protocols Document.
Note: This parameter may not be supported for
this release.
18.reqBinding URI value that identifies a SAML protocol binding to
used when sending the AuthnRequest.
The supported values are :
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
19.affiliationID affiliation entity ID
20.sunamcompositeadvice URLEncoded XML blob that specifies auth level
advice. Here is an example of the xml blob:
<Advice>
<AttributeValuePair>
<Attribute name="AuthLevelConditionAdvice"/>
<Value>/:1</Value>
</AttributeValuePair>
</Advice>
In this advice, the requested auth level is 1.
Note: The ":" before auth level 1 is a must.
--%>
<%
// Retreive the Request Query Parameters
// metaAlias and idpEntiyID are the required query parameters
// metaAlias - Service Provider Entity Id
// idpEntityID - Identity Provider Identifier
// Query parameters supported will be documented.
String idpEntityID = null;
String metaAlias= null;
Map paramsMap = null;
try {
String reqID = request.getParameter("requestID");
if (reqID != null) {
//get the preferred idp
idpEntityID = SAML2Utils.getPreferredIDP(request);
paramsMap = (Map)SPCache.reqParamHash.get(reqID);
metaAlias = (String) paramsMap.get("metaAlias");
SPCache.reqParamHash.remove(reqID);
} else {
// this is an original request check
// get the metaAlias ,idpEntityID
// if idpEntityID is null redirect to IDP Discovery
// Service to retrieve.
metaAlias = request.getParameter("metaAlias");
if ((metaAlias == null) || (metaAlias.length() == 0)) {
SAMLUtils.sendError(request, response,
response.SC_BAD_REQUEST, "nullSPEntityID",
SAML2Utils.bundle.getString("nullSPEntityID"));
return;
}
idpEntityID = request.getParameter("idpEntityID");
paramsMap = SAML2Utils.getParamsMap(request);
if ((idpEntityID == null) || (idpEntityID.length() == 0)) {
// get reader url
String readerURL = SAML2Utils.getReaderURL(metaAlias);
if (readerURL != null) {
String rID = SAML2Utils.generateID();
String redirectURL =
SAML2Utils.getRedirectURL(readerURL,rID,request);
if (redirectURL != null) {
paramsMap.put("metaAlias",metaAlias);
SPCache.reqParamHash.put(rID,paramsMap);
response.sendRedirect(redirectURL);
return;
}
}
}
}
if ((idpEntityID == null) || (idpEntityID.length() == 0)) {
SAMLUtils.sendError(request, response,
response.SC_BAD_REQUEST, "nullIDPEntityID",
SAML2Utils.bundle.getString("nullIDPEntityID"));
return;
}
// get the parameters and put it in a map.
SPSSOFederate.initiateAuthnRequest( request,response,metaAlias,
idpEntityID,
paramsMap);
} catch (SAML2Exception sse) {
SAML2Utils.debug.error("Error sending AuthnRequest " , sse);
SAMLUtils.sendError(request, response,
response.SC_BAD_REQUEST, "requestProcessingError",
SAML2Utils.bundle.getString("requestProcessingError") + " " +
sse.getMessage());
return;
} catch (Exception e) {
SAML2Utils.debug.error("Error processing Request ",e);
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
"requestProcessingError",
SAML2Utils.bundle.getString("requestProcessingError") + " " +
e.getMessage());
return;
}
%>