federation/plugins/FSDefaultSPAdapter.java

4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster/**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * The contents of this file are subject to the terms
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * of the Common Development and Distribution License
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * (the License). You may not use this file except in
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * compliance with the License.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * You can obtain a copy of the License at
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * opensso/legal/CDDLv1.0.txt
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * See the License for the specific language governing
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * permission and limitations under the License.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * When distributing Covered Code, include this CDDL
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * Header Notice in each file and include the License file
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * at opensso/legal/CDDLv1.0.txt.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * If applicable, add the following below the CDDL Header,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * with the fields enclosed by brackets [] replaced by
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * your own identifying information:
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * "Portions Copyrighted [year] [name of copyright owner]"
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster * $Id: FSDefaultSPAdapter.java,v 1.6 2008/06/25 05:49:54 qcheng Exp $
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterpackage com.sun.identity.federation.plugins;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.iplanet.sso.SSOToken;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.iplanet.sso.SSOException;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.authentication.util.ISAuthConstants;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.accountmgmt.FSAccountManager;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.accountmgmt.FSAccountMgmtException;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.common.FederationException;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.common.FSUtils;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.common.IFSConstants;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.common.LogUtil;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.jaxb.entityconfig.SPDescriptorConfigElement;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.message.FSAuthenticationStatement;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.message.FSAssertion;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.message.FSAuthnRequest;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.message.FSAuthnResponse;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.message.FSFederationTerminationNotification;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.message.FSLogoutNotification;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.message.FSLogoutResponse;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.message.FSNameRegistrationRequest;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.message.FSNameRegistrationResponse;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.message.FSResponse;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.message.FSSubject;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.meta.IDFFMetaException;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.meta.IDFFMetaManager;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.federation.services.util.FSServiceUtils;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.idm.AMIdentity;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.idm.AMIdentityRepository;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.idm.IdRepoException;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.idm.IdSearchControl;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.idm.IdSearchOpModifier;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.idm.IdSearchResults;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.idm.IdType;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.idm.IdUtils;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml.assertion.NameIdentifier;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml.assertion.Statement;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml.protocol.Status;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.saml.protocol.StatusCode;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.security.AdminTokenAction;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.shared.Constants;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport com.sun.identity.shared.encode.URLEncDec;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.security.AccessController;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.HashMap;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.HashSet;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.Iterator;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.List;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.Map;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.Set;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport java.util.logging.Level;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport javax.servlet.http.HttpServletRequest;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterimport javax.servlet.http.HttpServletResponse;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Fosterpublic class FSDefaultSPAdapter implements FederationSPAdapter {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private final String ROOT_REALM = "/";
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    private String realm = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * Initializes the federation adapter, this method will only be executed
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * once after creation of the adapter instance.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param hostedProviderID provider ID for the hosted SP
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param initParams  initial set of parameters configured in the service
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *          provider for this adapter
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public void initialize(String hostedProviderID, Set initParams) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSUtils.debug.message("In FSDefaultSPAdapter.initialize.");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if ((initParams != null) && !initParams.isEmpty()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            Iterator iter = initParams.iterator();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            while (iter.hasNext()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                String envValue = (String) iter.next();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if ((envValue.toUpperCase()).startsWith(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    FederationSPAdapter.ENV_REALM))
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        realm = envValue.substring(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            (FederationSPAdapter.ENV_REALM).length(),
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            envValue.length());
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    } catch (Exception e) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        if (FSUtils.debug.warningEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                           FSUtils.debug.warning(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                               "FSDefaultSPAdapter.init:Could not get realm:",
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                               e);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    break;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if ((realm == null) || (realm.length() == 0)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            realm = ROOT_REALM;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * Invokes before federation manager sends the Single-Sing-On and Federation     * request to IDP.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param hostedProviderID provider ID for the hosted SP
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param idpProviderID provider id for the IDP to which the request will
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *          be sent
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param request servlet request
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param response servlet response
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param authnRequest the authentication request to be send to IDP
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public void preSSOFederationRequest(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String hostedProviderID,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String idpProviderID,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        HttpServletRequest request,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        HttpServletResponse response,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSAuthnRequest authnRequest)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSUtils.debug.message("In FSDefaultSPAdapter.preSSOFederationRequest.");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * Invokes when the FM received the Single-Sign-On and Federation response
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * from the IDP, this is called before any processing started on SP side.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param hostedProviderID provider ID for the hosted SP
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param request servlet request
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param response servlet response
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param authnRequest the original authentication request sent from SP
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param authnResponse response from IDP if Browser POST or LECP profile
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        is used for the request, value will be null if Browser Artifact
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        profile is used.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param samlResponse response from IDP if Browser Artifact profile is used
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        for the request, value will be null if Browser POST or LECP
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        profile is used.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @exception FederationException if user want to fail the process.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public void preSSOFederationProcess(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String hostedProviderID,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        HttpServletRequest request,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        HttpServletResponse response,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSAuthnRequest authnRequest,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSAuthnResponse authnResponse,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSResponse samlResponse)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    throws FederationException {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSUtils.debug.message("In FSDefaultSPAdapter.preSSOFederationProcess.");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * Invokes this method after the successful Single Sign-On or Federation.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param hostedEntityID provider ID for the hosted SP
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param request servlet request
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param response servlet response
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param ssoToken user's SSO token
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param authnRequest the original authentication request sent from SP
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param authnResponse response from IDP if Browser POST or LECP profile
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        is used for the request, value will be null if Browser Artifact
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        profile is used.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param samlResponse response from IDP if Browser Artifact profile is used
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        for the request, value will be null if Browser POST or LECP
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        profile is used.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @exception FederationException if user want to fail the process.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @return true if browser redirection happened, false otherwise.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public boolean postSSOFederationSuccess(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String hostedEntityID,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        HttpServletRequest request,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        HttpServletResponse response,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        Object ssoToken,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSAuthnRequest authnRequest,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSAuthnResponse authnResponse,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSResponse samlResponse
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    ) throws FederationException {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (FSUtils.debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            FSUtils.debug.message("FSDefaultSPAdapter.postFedSuccess, "
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                + "process " + hostedEntityID);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        // find out if this is a federation request
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        boolean isFederation = false;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (authnRequest == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            FSUtils.debug.error("FSDefaultSPAdapter.postFedSuccess null");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        } else {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            String nameIDPolicy = authnRequest.getNameIDPolicy();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (FSUtils.debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                FSUtils.debug.message("FSDefaultSPAdapter.postSuccess "
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    + nameIDPolicy);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (nameIDPolicy.equals(IFSConstants.NAME_ID_POLICY_FEDERATED)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                isFederation = true;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        SSOToken adminToken = (SSOToken)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            AccessController.doPrivileged(AdminTokenAction.getInstance());
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (isFederation && adminToken != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                // get name Identifier
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                String nameId = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                List assertions = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                String idpEntityId = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (authnResponse != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    // POST profile
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    assertions = authnResponse.getAssertion();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    idpEntityId = authnResponse.getProviderId();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                } else {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    // Artifact profile
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    assertions = samlResponse.getAssertion();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                FSAssertion assertion =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    (FSAssertion) assertions.iterator().next();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (idpEntityId == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    idpEntityId = assertion.getIssuer();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (FSUtils.debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    FSUtils.debug.message("FSAdapter.postSuccess: idp="
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        + idpEntityId);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                Iterator stmtIter = assertion.getStatement().iterator();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                while (stmtIter.hasNext()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    Statement statement = (Statement) stmtIter.next();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    int stmtType = statement.getStatementType();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    if (stmtType == Statement.AUTHENTICATION_STATEMENT) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        FSAuthenticationStatement authStatement =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            (FSAuthenticationStatement) statement;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        FSSubject subject =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            (FSSubject) authStatement.getSubject();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        NameIdentifier ni =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            subject.getIDPProvidedNameIdentifier();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        if (ni == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            ni = subject.getNameIdentifier();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        if (ni != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            nameId = ni.getName();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        if (FSUtils.debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            FSUtils.debug.message("FSAdapter.postSuccess: "
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                + "found name id =" + nameId);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        break;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (nameId == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    FSUtils.debug.warning("FSAdapter.postSuc : null nameID");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    return false;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                Map map = new HashMap();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                Set set = new HashSet();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                set.add("|" + hostedEntityID + "|" + nameId + "|");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                map.put("iplanet-am-user-federation-info-key", set);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                AMIdentityRepository idRepo = new AMIdentityRepository(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    adminToken,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    ((SSOToken) ssoToken).getProperty(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        ISAuthConstants.ORGANIZATION));
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                IdSearchControl searchControl = new IdSearchControl();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                searchControl.setTimeOut(0);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                searchControl.setMaxResults(0);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                searchControl.setAllReturnAttributes(false);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                searchControl.setSearchModifiers(IdSearchOpModifier.AND, map);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                IdSearchResults searchResults = idRepo.searchIdentities(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    IdType.USER, "*", searchControl);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                Set amIdSet = searchResults.getSearchResults();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (amIdSet.size() > 1) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    String univId = ((SSOToken) ssoToken).getProperty(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        Constants.UNIVERSAL_IDENTIFIER);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    if (FSUtils.debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        FSUtils.debug.message("FSAdapter.postSuccess: found "
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            + amIdSet.size() + " federation with same ID as "
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            + univId);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    String metaAlias = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        IDFFMetaManager metaManager =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            new IDFFMetaManager(ssoToken);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        if (metaManager != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            SPDescriptorConfigElement spConfig =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                metaManager.getSPDescriptorConfig(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                    realm, hostedEntityID);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            if (spConfig != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                metaAlias = spConfig.getMetaAlias();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    } catch (IDFFMetaException ie) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        if (FSUtils.debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            FSUtils.debug.message("FSAdapter.postSuccess: "
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                + "couldn't find meta alias:", ie);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    FSAccountManager accManager =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        FSAccountManager.getInstance(metaAlias);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    FSAccountFedInfoKey fedInfoKey =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        new FSAccountFedInfoKey(hostedEntityID, nameId);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    // previous federation exists with different users
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    Iterator it = amIdSet.iterator();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    while (it.hasNext()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        AMIdentity amId = (AMIdentity) it.next();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        // compare with the SSO token
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        String tmpUnivId = IdUtils.getUniversalId(amId);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        if (univId.equalsIgnoreCase(tmpUnivId)) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            continue;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        // remove federation information for this user
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        if (FSUtils.debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            FSUtils.debug.message("FSAdapter.postSucces, "
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                                + "remove fed info for user " + tmpUnivId);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        accManager.removeAccountFedInfo(tmpUnivId, fedInfoKey,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                            idpEntityId);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            } catch (FSAccountMgmtException f) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", f);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            } catch (IdRepoException i) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", i);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            } catch (SSOException e) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                FSUtils.debug.warning("FSDefaultSPAdapter.postSSOSuccess", e);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        return false;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * Invokes this method if the Single-Sign-On or Federation fails
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * for some reason.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param request servlet request
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param response servlet response
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param authnRequest the original authentication request sent from SP
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param authnResponse response from IDP if Browser POST or LECP profile
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        is used for the request, value will be null if Browser Artifact
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        profile is used.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param samlResponse response from IDP if Browser Artifact profile is used
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        for the request, value will be null if Browser POST or LECP
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        profile is used.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param failureCode an integer specifies the failure code.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @return true if browser redirection happened, false otherwise.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public boolean postSSOFederationFailure(String hostedEntityID,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        HttpServletRequest request,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        HttpServletResponse response,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSAuthnRequest authnRequest,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSAuthnResponse authnResponse,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSResponse samlResponse,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        int failureCode
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    ) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (FSUtils.debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            FSUtils.debug.message("FSDefaultSPAdapter.postFedFailure, "
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                 + "process " + hostedEntityID
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                 + "\nfailure code=" + failureCode);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String baseURL = FSServiceUtils.getBaseURL(request);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String relayState = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (authnRequest != null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            relayState = authnRequest.getRelayState();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String framedLoginPageURL = FSServiceUtils.getCommonLoginPageURL(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            FSServiceUtils.getMetaAlias(request),
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            relayState, null, request, baseURL);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        StringBuffer sb = new StringBuffer();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        sb.append(framedLoginPageURL)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            .append("&").append(IFSConstants.FAILURE_CODE).append("=")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            .append(failureCode);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (failureCode == INVALID_AUTHN_RESPONSE ||
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            failureCode == INVALID_RESPONSE)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            Status status = null;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (failureCode == INVALID_AUTHN_RESPONSE) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                status = authnResponse.getStatus();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            } else {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                status = samlResponse.getStatus();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            StatusCode firstLevelStatusCode = status.getStatusCode();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (firstLevelStatusCode == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (FSUtils.debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    FSUtils.debug.message("FSDefaultSPAdapter.postSSO" +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        "FederationFailure: Status is null");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                return false;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            StatusCode secondLevelStatusCode =
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                firstLevelStatusCode.getStatusCode();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            if (secondLevelStatusCode == null) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                if (FSUtils.debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                    FSUtils.debug.message("FSDefaultSPAdapter.postSSO" +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                        "FederationFailure: Second level status is empty");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                return false;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            String statusValue = URLEncDec.encode(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                secondLevelStatusCode.getValue());
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            sb.append("&").append(IFSConstants.STATUS_CODE).append("=")
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                .append(statusValue);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String redirectURL = sb.toString();
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        if (FSUtils.debug.messageEnabled()) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            FSUtils.debug.message("FSDefaultSPAdapter.postSSOFederation" +
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster                "Failure. URL to be redirected: " + redirectURL);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        try {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            response.setHeader("Location", redirectURL);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            response.sendRedirect(redirectURL);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        } catch (java.io.IOException io) {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            FSUtils.debug.error("FSDefaultSPAdapter.postSSOFedFailure", io);
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            return false;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        return true;
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * Invokes after Register Name Identifier processing is successful
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param hostedProviderID provider ID for the hosted SP
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param request servlet request
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param response servlet response
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param userDN DN of the user with whom name identifier registration
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        performed
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param regRequest register name identifier request, value will be
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        null if the request object is not available
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param regResponse register name identifier response, value will be
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        null if the response object is not available
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param regProfile register name identifier profile used, one of following
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        <code>IFSConstants.NAME_REGISTRATION_SP_HTTP_PROFILE</code>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        <code>IFSConstants.NAME_REGISTRATION_SP_SOAP_PROFILE</code>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        <code>IFSConstants.NAME_REGISTRATION_IDP_HTTP_PROFILE</code>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        <code>IFSConstants.NAME_REGISTRATION_IDP_SOAP_PROFILE</code>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public void postRegisterNameIdentifierSuccess(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String hostedProviderID,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        HttpServletRequest request,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        HttpServletResponse response,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String userDN,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSNameRegistrationRequest regRequest,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSNameRegistrationResponse regResponse,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String regProfile)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSUtils.debug.message(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            "In FSDefaultSPAdapter.postRegistrationNameIdentifierSuccess");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * Invokes after the service provider successfully terminates federation
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * with IDP.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param hostedProviderID provider ID for the hosted SP
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param request servlet request
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param response servlet response
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param userDN DN of the user with whom name identifier registration
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        performed
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param notification federation termination notification message
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param termProfile federation termination profile used, one of following
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        <code>IFSConstants.TERMINATION_SP_HTTP_PROFILE</code>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        <code>IFSConstants.TERMINATION_SP_SOAP_PROFILE</code>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        <code>IFSConstants.TERMINATION_IDP_HTTP_PROFILE</code>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        <code>IFSConstants.TERMINATION_IDP_SOAP_PROFILE</code>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public void postTerminationNotificationSuccess(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String hostedProviderID,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        HttpServletRequest request,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        HttpServletResponse response,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String userDN,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSFederationTerminationNotification notification,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String termProfile)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSUtils.debug.message(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster            "In FSDefaultSPAdapter.postTerminationNotificationSuccess.");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * Invokes before single logout process started on FM side. This method
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * is called before the user token is invalidated on the service provider
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * side.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param hostedProviderID provider ID for the hosted SP
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param request servlet request
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param response servlet response
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param userDN user DN
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param logoutRequest single logout request object
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param logoutResponse single logout response, value will be
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *          null if the response object is not available
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param sloProfile single logout profile used, one of following
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        <code>IFSConstants.LOGOUT_SP_REDIRECT_PROFILE</code>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        <code>IFSConstants.LOGOUT_SP_SOAP_PROFILE</code>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        <code>IFSConstants.LOGOUT_IDP_REDIRECT_PROFILE</code>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        <code>IFSConstants.LOGOUT_IDP_SOAP_PROFILE</code>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public void preSingleLogoutProcess(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String hostedProviderID,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        HttpServletRequest request,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        HttpServletResponse response,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String userDN,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSLogoutNotification logoutRequest,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSLogoutResponse logoutResponse,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String sloProfile)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSUtils.debug.message("In FSDefaultSPAdapter.preSingleLogoutProcess.");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    /**
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * Invokes after single logout is successful completed, i.e. user token
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * has been invalidated.
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param hostedProviderID provider ID for the hosted SP
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param request servlet request
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param response servlet response
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param userDN user DN
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param logoutRequest single logout request, value will be
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *          null if the request object is not available
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param logoutResponse single logout response, value will be
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *          null if the response object is not available
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     * @param sloProfile single logout profile used, one of following
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        <code>IFSConstants.LOGOUT_SP_HTTP_PROFILE</code>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        <code>IFSConstants.LOGOUT_SP_SOAP_PROFILE</code>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        <code>IFSConstants.LOGOUT_IDP_HTTP_PROFILE</code>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     *        <code>IFSConstants.LOGOUT_IDP_SOAP_PROFILE</code>
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster     */
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    public void postSingleLogoutSuccess(
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String hostedProviderID,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        HttpServletRequest request,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        HttpServletResponse response,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String userDN,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSLogoutNotification logoutRequest,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSLogoutResponse logoutResponse,
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        String sloProfile)
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    {
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster        FSUtils.debug.message("In FSDefaultSPAdapter.postSingleLogoutSuccess.");
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster    }
4a2f0f0be43dfd4c1b490cbf3cc48b6ba6084b1cAllan Foster}