saml2/jsp/spAssertionConsumer.jsp

	spAssertionConsumer.jsp revision 984ea967792540448d05fba2ac6fad5dadf91fd6
155N/A<%--
155N/A   DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
155N/A
155N/A   Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
155N/A
155N/A   The contents of this file are subject to the terms
155N/A   of the Common Development and Distribution License
155N/A   (the License). You may not use this file except in
155N/A   compliance with the License.
155N/A
155N/A   You can obtain a copy of the License at
155N/A   https://opensso.dev.java.net/public/CDDLv1.0.html or
155N/A   opensso/legal/CDDLv1.0.txt
155N/A   See the License for the specific language governing
155N/A   permission and limitations under the License.
155N/A
155N/A   When distributing Covered Code, include this CDDL
155N/A   Header Notice in each file and include the License file
155N/A   at opensso/legal/CDDLv1.0.txt.
155N/A   If applicable, add the following below the CDDL Header,
3817N/A   with the fields enclosed by brackets [] replaced by
155N/A   your own identifying information:
155N/A   "Portions Copyrighted [year] [name of copyright owner]"
155N/A
485N/A   $Id: spAssertionConsumer.jsp,v 1.17 2010/01/23 00:07:06 exu Exp $
485N/A
277N/A--%>
277N/A
277N/A<%--
277N/A    Portions Copyrighted 2012 ForgeRock Inc
155N/A--%>
1499N/A
155N/A
618N/A<%@page
155N/Aimport="com.sun.identity.shared.encode.URLEncDec,
155N/Acom.sun.identity.federation.common.FSUtils,
844N/Acom.sun.identity.saml.common.SAMLUtils,
1499N/Acom.sun.identity.saml2.common.SAML2Constants,
155N/Acom.sun.identity.saml2.common.SAML2Exception,
1258N/Acom.sun.identity.saml2.common.SAML2Utils,
3557N/Acom.sun.identity.saml2.logging.LogUtil,
155N/Acom.sun.identity.saml2.meta.SAML2MetaException,
3817N/Acom.sun.identity.saml2.meta.SAML2MetaManager,
3817N/Acom.sun.identity.saml2.meta.SAML2MetaUtils,
3817N/Acom.sun.identity.saml2.profile.ResponseInfo,
155N/Acom.sun.identity.saml2.profile.SPACSUtils,
155N/Acom.sun.identity.saml2.profile.IDPProxyUtil,
215N/Acom.sun.identity.saml2.protocol.Response,
215N/Acom.sun.identity.plugin.session.SessionManager,
215N/Acom.sun.identity.plugin.session.SessionProvider,
215N/Acom.sun.identity.plugin.session.SessionException,
215N/Ajava.util.logging.Level
215N/A"
215N/A%>
215N/A
215N/A<html>
215N/A<head>
215N/A    <title>SP Assertion Consumer Service</title>
215N/A</head>
215N/A
215N/A<%!
3901N/A    private String getLocalLoginUrl(
3901N/A                                String orgName,
3901N/A                                String hostEntityId,
215N/A                                SAML2MetaManager metaManager,
155N/A                                ResponseInfo respInfo,
155N/A                                String requestURL,
155N/A                                String relayState)
155N/A    {
155N/A        String localLoginUrl = SPACSUtils.prepareForLocalLogin(
155N/A                orgName, hostEntityId, metaManager, respInfo, requestURL);
155N/A        if (localLoginUrl.indexOf("?") == -1) {
155N/A            localLoginUrl += "?goto=";
741N/A        } else {
741N/A            localLoginUrl += "&goto=";
1405N/A        }
1405N/A        String gotoURL = requestURL + "?resID="
1405N/A                        + URLEncDec.encode(respInfo.getResponse().getID());
1405N/A        if (relayState != null && relayState.length() != 0) {
156N/A                gotoURL += "&RelayState=" + URLEncDec.encode(relayState);
155N/A        }
155N/A        localLoginUrl += URLEncDec.encode(gotoURL);
155N/A        if (SAML2Utils.debug.messageEnabled()) {
155N/A            SAML2Utils.debug.message("spAssertionConsumer.jsp: local login "
155N/A                        + "url=" + localLoginUrl);
155N/A        }
155N/A        return localLoginUrl;
155N/A    }
155N/A%>
155N/A
3837N/A<body>
155N/A<%
155N/A    // check request, response, content length
1405N/A    if ((request == null) || (response == null)) {
155N/A        SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
1405N/A            "nullInput", SAML2Utils.bundle.getString("nullInput"));
1405N/A        return;
1641N/A    }
1641N/A    // to avoid dos attack
1641N/A    // or use SAML2Utils?
1405N/A    try {
155N/A        SAMLUtils.checkHTTPContentLength(request);
155N/A    } catch (ServletException se) {
155N/A        SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
155N/A            "largeContentLength", se.getMessage());
155N/A        return;
155N/A    }
741N/A
741N/A    if (FSUtils.needSetLBCookieAndRedirect(request, response, false)) {
741N/A        return;
155N/A    }
155N/A
155N/A    String requestURL = request.getRequestURL().toString();
155N/A    // get entity id and orgName
155N/A    String metaAlias = SAML2MetaUtils.getMetaAliasByUri(requestURL);
155N/A    SAML2MetaManager metaManager = SAML2Utils.getSAML2MetaManager();
155N/A    if (metaManager == null) {
155N/A        // logging?
155N/A        SAMLUtils.sendError(request, response,
155N/A            response.SC_INTERNAL_SERVER_ERROR, "errorMetaManager",
155N/A            SAML2Utils.bundle.getString("errorMetaManager"));
155N/A        return;
155N/A    }
155N/A    String hostEntityId = null;
155N/A    try {
1641N/A        hostEntityId = metaManager.getEntityByMetaAlias(metaAlias);
1641N/A    } catch (SAML2MetaException sme) {
1641N/A        // logging?
1641N/A        SAMLUtils.sendError(request, response,
1641N/A            response.SC_INTERNAL_SERVER_ERROR, "metaDataError",
1641N/A            SAML2Utils.bundle.getString("metaDataError"));
1641N/A        return;
1641N/A    }
1641N/A    if (hostEntityId == null) {
1641N/A        // logging?
1641N/A        SAMLUtils.sendError(request, response,
1641N/A            response.SC_INTERNAL_SERVER_ERROR, "metaDataError",
1641N/A            SAML2Utils.bundle.getString("metaDataError"));
1641N/A        return;
1641N/A    }
1641N/A    String orgName = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
3477N/A    if (orgName == null || orgName.length() == 0) {
3477N/A        orgName = "/";
155N/A    }
155N/A    String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
155N/A
155N/A    // federate flag
181N/A    String federate = request.getParameter(SAML2Constants.FEDERATE);
155N/A    SessionProvider sessionProvider = null;
1405N/A    ResponseInfo respInfo = null;
1405N/A    try {
155N/A        sessionProvider = SessionManager.getProvider();
607N/A    } catch (SessionException se) {
181N/A        SAMLUtils.sendError(request, response,
1405N/A            response.SC_INTERNAL_SERVER_ERROR, "nullSessionProvider",
155N/A            se.getMessage());
3817N/A        return;
3817N/A    }
3817N/A    try {
3817N/A        respInfo = SPACSUtils.getResponse(
3817N/A            request, response, orgName, hostEntityId, metaManager);
3817N/A    } catch (SAML2Exception se) {
3817N/A        // Only do a sendError if one hasn't already been called.
        if (!response.isCommitted()) {
            SAMLUtils.sendError(request, response,
                response.SC_INTERNAL_SERVER_ERROR, "getResponseError",
                se.getMessage());
        }
        return;
    }

    String ecpRelayState = respInfo.getRelayState();
    if ((ecpRelayState != null) && (ecpRelayState.length() > 0)) {
        relayState = ecpRelayState;
    }

    Object token = null;
    try {
        token = sessionProvider.getSession(request);
    } catch (SessionException se) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(
                "spAssertionConsumer.jsp: Token is null." +
                se.getMessage());
        }
        token = null;
    }
    if (federate != null && federate.trim().equals("true") &&
        token == null) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("spAssertionConsumer.jsp: federate "
                + "is true, and token is null. do local login first.");
        }
        FSUtils.forwardRequest(request, response, getLocalLoginUrl(
            orgName, hostEntityId, metaManager, respInfo,
            requestURL, relayState));
        return;
    }
    Object newSession = null;
    try {
        newSession = SPACSUtils.processResponse(
            request, response, metaAlias, token, respInfo,
            orgName, hostEntityId, metaManager);
    } catch (SAML2Exception se) {
        SAML2Utils.debug.error("spAssertionConsumer.jsp: SSO failed.", se);
        String[] data = {hostEntityId,se.getMessage(),""};
        if (LogUtil.isErrorLoggable(Level.FINE)) {
            data[2] = respInfo.getResponse().toXMLString(true, true);
        }
        LogUtil.error(Level.INFO,
                    LogUtil.SP_SSO_FAILED,
                    data,
                    null);
        if (se.isRedirectionDone()) {
            // response had been redirected already.
            return;
        }
        if (se.getMessage().equals(SAML2Utils.bundle.getString("noUserMapping"))) {
            if (SAML2Utils.debug.messageEnabled()) {
                SAML2Utils.debug.message("spAssertionConsumer.jsp:need "
                    + " local login!!");
            }
            // logging?
            FSUtils.forwardRequest(request, response, getLocalLoginUrl(
                orgName, hostEntityId, metaManager, respInfo,
                requestURL, relayState));
            return;
        }
        SAMLUtils.sendError(request, response,
            response.SC_INTERNAL_SERVER_ERROR, "SSOFailed",
            SAML2Utils.bundle.getString("SSOFailed"));
        return;
    }
    if (newSession == null) {
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message("Session is null.");
            SAML2Utils.debug.message("spAssertionConsumer.jsp:Login has "
                + "failed!!");
        }
        SAMLUtils.sendError(request, response,
            response.SC_INTERNAL_SERVER_ERROR, "SSOFailed",
            SAML2Utils.bundle.getString("SSOFailed"));
        return;
    }
    SAML2Utils.debug.message("SSO SUCCESS");
    String[] redirected = sessionProvider.getProperty(newSession,
        SAML2Constants.RESPONSE_REDIRECTED);
    if ((redirected != null) && (redirected.length != 0) &&
        redirected[0].equals("true")) {
        SAML2Utils.debug.message("Redirection already done in SPAdapter.");
        // response redirected already in SPAdapter
        return;
    }
    Response saml2Resp = respInfo.getResponse();
    String requestID = saml2Resp.getInResponseTo();
    boolean isProxyOn = IDPProxyUtil.isIDPProxyEnabled(requestID);
    if (isProxyOn) {
    try {
        IDPProxyUtil.generateProxyResponse(request, response, metaAlias,
             respInfo,newSession);
    } catch (SAML2Exception se) {
        SAML2Utils.debug.message("Failed sending proxy response");
    }
        return;
    }
    // redirect to relay state
    String finalUrl = SPACSUtils.getRelayState(
        relayState, orgName, hostEntityId, metaManager);

    String realFinalUrl = finalUrl;
    if (finalUrl != null && finalUrl.length() != 0) {
        try {
            realFinalUrl =
                sessionProvider.rewriteURL(newSession, finalUrl);
        } catch (SessionException se) {
            SAML2Utils.debug.message(
                 "spAssertionConsumer.jsp: URL rewriting failed.", se);
                 realFinalUrl = finalUrl;
        }
    }
    String redirectUrl = SPACSUtils.getIntermediateURL(
        orgName, hostEntityId, metaManager);
    String realRedirectUrl = null;
    if (redirectUrl != null && redirectUrl.length() != 0) {
        if (realFinalUrl != null && realFinalUrl.length() != 0) {
            if (redirectUrl.indexOf("?") != -1) {
                redirectUrl += "&goto=";
            } else {
                redirectUrl += "?goto=";
            }
            redirectUrl += URLEncDec.encode(realFinalUrl);
            try {
                realRedirectUrl = sessionProvider.rewriteURL(
                    newSession, redirectUrl);
            } catch (SessionException se) {
                SAML2Utils.debug.message(
                    "spAssertionConsumer.jsp: URL rewriting failed.", se);
                realRedirectUrl = redirectUrl;
            }
        } else {
            realRedirectUrl = redirectUrl;
        }
    } else {
        realRedirectUrl = finalUrl;
    }
    if (realRedirectUrl == null || (realRedirectUrl.trim().length() == 0)) {
        if (isProxyOn) {
           return;
        } else {
           %>
            <jsp:forward page="/saml2/jsp/default.jsp?message=ssoSuccess" />
          <%
        }
    } else {
        // log it
	try {
	    SAML2Utils.validateRelayStateURL(orgName, hostEntityId,
                                             realRedirectUrl,
                                             SAML2Constants.SP_ROLE);

        } catch (SAML2Exception se) {
	    SAMLUtils.sendError(request, response,
                response.SC_BAD_REQUEST, "requestProcessingError",
	        SAML2Utils.bundle.getString("requestProcessingError") + " " +
                se.getMessage());
            return;
        }
        response.sendRedirect(realRedirectUrl);
    }
%>
</body>
</html>