idpMNIRequestInit.jsp revision 984ea967792540448d05fba2ac6fad5dadf91fd6
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews<%--
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews The contents of this file are subject to the terms
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews of the Common Development and Distribution License
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews (the License). You may not use this file except in
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews compliance with the License.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews You can obtain a copy of the License at
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews https://opensso.dev.java.net/public/CDDLv1.0.html or
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews opensso/legal/CDDLv1.0.txt
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews See the License for the specific language governing
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews permission and limitations under the License.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews When distributing Covered Code, include this CDDL
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews Header Notice in each file and include the License file
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews at opensso/legal/CDDLv1.0.txt.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews If applicable, add the following below the CDDL Header,
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews with the fields enclosed by brackets [] replaced by
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews your own identifying information:
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews "Portions Copyrighted [year] [name of copyright owner]"
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews $Id: idpMNIRequestInit.jsp,v 1.10 2009/10/15 00:00:40 exu Exp $
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews--%>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews<%@ page import="com.sun.identity.shared.debug.Debug" %>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews<%@ page import="com.sun.identity.federation.common.FSUtils" %>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews<%@ page import="com.sun.identity.saml2.meta.SAML2MetaUtils" %>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews<%@ page import="com.sun.identity.saml2.profile.DoManageNameID" %>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews<%@ page import="java.util.HashMap" %>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews<%--
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews idpMNIRequestInit.jsp initiates the ManageNameIDRequest at
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews the Identity Provider.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews Required parameters to this jsp are :
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews - metaAlias - identifier for Identity Provider
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews - spEntityID - identifier for Service Provider
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews - requestType - the request type of ManageNameIDRequest (Terminate / NewID)
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews Somce of the other optional parameters are :
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews - relayState - the target URL on successful complete of the Request
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews Check the SAML2 Documentation for supported parameters.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews--%>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews<%
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews // Retreive the Request Query Parameters
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews // metaAlias, spEntiyID and RequestType are the required query parameters
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews // metaAlias - Hosted Entity Id
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews // spEntityID - Service Provider Identifier
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews // requestType - the request type of ManageNameIDRequest (Terminate / NewID)
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews // affiliationID - affiliation entity ID
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews // Query parameters supported will be documented.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews if (FSUtils.needSetLBCookieAndRedirect(request, response, true)) {
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews return;
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews }
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews try {
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews String metaAlias = request.getParameter("metaAlias");
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews if ((metaAlias == null) || (metaAlias.length() == 0)) {
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews "nullIDPEntityID",
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews SAML2Utils.bundle.getString("nullIDPEntityID"));
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews return;
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews }
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews String idpEntityID =
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(metaAlias);
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews String spEntityID = request.getParameter("spEntityID");
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews if ((spEntityID == null) || (spEntityID.length() == 0)) {
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews "nullSPEntityID",
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews SAML2Utils.bundle.getString("nullSPEntityID"));
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews return;
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews }
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews String binding = DoManageNameID.getMNIBindingInfo(request, metaAlias,
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews SAML2Constants.IDP_ROLE, spEntityID);
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews if (!SAML2Utils.isIDPProfileBindingSupported(
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews realm, idpEntityID, SAML2Constants.MNI_SERVICE, binding))
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews {
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews "unsupportedBinding",
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews SAML2Utils.bundle.getString("unsupportedBinding"));
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews return;
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews }
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews String requestType = request.getParameter("requestType");
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews if ((requestType == null) || (requestType.length() == 0)) {
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews "nullRequestType",
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews SAML2Utils.bundle.getString("nullRequestType"));
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews return;
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews }
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews String RelayState = request.getParameter(SAML2Constants.RELAY_STATE);
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews String affiliationID =
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews request.getParameter(SAML2Constants.AFFILIATION_ID);
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews HashMap paramsMap = new HashMap();
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews paramsMap.put("metaAlias", metaAlias);
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews paramsMap.put("spEntityID", spEntityID);
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews paramsMap.put("requestType", requestType);
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews paramsMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE);
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews paramsMap.put(SAML2Constants.BINDING, binding);
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews if (RelayState != null) {
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews paramsMap.put(SAML2Constants.RELAY_STATE, RelayState);
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews }
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews if (affiliationID != null) {
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews paramsMap.put(SAML2Constants.AFFILIATION_ID, affiliationID);
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews }
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews Object sess = SAML2Utils.checkSession(request,response,
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews metaAlias, paramsMap);
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews if (sess == null) {
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews return;
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews }
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews DoManageNameID.initiateManageNameIDRequest(request,response,
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews metaAlias, spEntityID, paramsMap);
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews if (binding.equalsIgnoreCase(SAML2Constants.SOAP)) {
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews if (RelayState != null) {
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews response.sendRedirect(RelayState);
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews } else {
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews %>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews <jsp:forward page="/saml2/jsp/default.jsp?message=mniSuccess" />
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews <%
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews }
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews }
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews } catch (SAML2Exception e) {
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews SAML2Utils.debug.error("Error processing ManageNameID Request ",e);
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews "requestProcessingMNIError",
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews SAML2Utils.bundle.getString("requestProcessingMNIError"));
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews }
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews%>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews