default.aspx revision a688bcbb4bcff5398fdd29b86f83450257dc0df4
<%--
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2009 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
*/
--%>
<%@ Import Namespace="System.Xml" %>
<%@ Import Namespace="Sun.Identity.Saml2" %>
<%@ Import Namespace="Sun.Identity.Saml2.Exceptions" %>
<asp:Content ID="Content1" ContentPlaceHolderID="content" runat="server">
<%
string fedletUrl = Request.Url.AbsoluteUri;
%>
<p>
This sample application demonstrates a simple Fedlet with OpenSSO and
a .NET application. Please be sure to follow the instructions of the
README file to ensure your sample application will function correctly.
</p>
<h2>Based on the README file, you should have...</h2>
<ol class="instructions">
<li>A Circle of Trust within your OpenSSO deployment.</li>
<li>A hosted Identity Service Provider within your OpenSSO deployment.</li>
<li>
This sample application configured with metadata edited appropriately
and placed into this application's <span class="resource">App_Data/</span>
folder.
<ol class="summary">
<li>
The HTTP-POST service location should have been edited appropriately
within your OpenSSO deployment for this Service Provider.<br />
For example:
</li>
<li>
Optionally added attribute mappings to be passed within the assertion
to this sample application.
</li>
</ol>
</li>
<li>
application's <span class="resource">Bin/</span> folder.
</li>
</ol>
<h2>To try it out...</h2>
<%
StringBuilder idpListItems = new StringBuilder();
string idpListItemFormat = "<li><a href=\"{0}\">Run Identity Provider initiated Single Sign-On using {1} binding</a></li>";
string idpUrlFormat = "{0}/idpssoinit?NameIDFormat=urn:oasis:names:tc:SAML:2.0:nameid-format:transient&metaAlias={1}&spEntityID={2}&binding={3}";
StringBuilder spListItems = new StringBuilder();
string spListItemFormat = "<li><a href=\"{0}\">Run Fedlet (SP) initiated Single Sign-On using {1} binding</a></li>";
string spUrlFormat = "spinitiatedsso.aspx?idpEntityId={0}&binding={1}";
string errorMessage = null;
bool hasMultipleIdps = false;
bool spSupportsArtifact = false;
bool spSupportsPost = false;
try
{
ServiceProviderUtility serviceProviderUtility;
serviceProviderUtility = (ServiceProviderUtility)Cache["spu"];
if (serviceProviderUtility == null)
{
serviceProviderUtility = new ServiceProviderUtility(Context);
Cache["spu"] = serviceProviderUtility;
}
hasMultipleIdps = (serviceProviderUtility.IdentityProviders.Count > 1);
spSupportsPost = !string.IsNullOrEmpty(serviceProviderUtility.ServiceProvider.GetAssertionConsumerServiceLocation(Saml2Constants.HttpPostProtocolBinding));
spSupportsArtifact = !string.IsNullOrEmpty(serviceProviderUtility.ServiceProvider.GetAssertionConsumerServiceLocation(Saml2Constants.HttpArtifactProtocolBinding));
foreach (string idpEntityId in serviceProviderUtility.IdentityProviders.Keys)
{
IdentityProvider idp = (IdentityProvider) serviceProviderUtility.IdentityProviders[idpEntityId];
// create the idp initiated links
string deploymentUrl = null;
string metaAlias = null;
string pattern = "(.+?/opensso).+?/metaAlias(.+?)$";
Match m = null;
foreach (XmlNode node in idp.SingleSignOnServiceLocations)
{
string binding = node.Attributes["Binding"].Value;
string location = node.Attributes["Location"].Value;
if (binding != null && location != null)
{
m = Regex.Match(location, pattern);
{
}
break;
}
}
{
string idpListItem;
string idpUrl;
idpUrl = Server.HtmlEncode(
idpUrlFormat,
deploymentUrl,
metaAlias,
idpListItems.Append(idpListItem);
idpUrl = Server.HtmlEncode(
idpUrlFormat,
deploymentUrl,
metaAlias,
idpListItems.Append(idpListItem);
}
// create the sp initiated links
if (spSupportsPost)
{
string spUrl = Server.HtmlEncode(
spUrlFormat,
spListItems.Append(spListItem);
}
if (spSupportsArtifact)
{
string spUrl = Server.HtmlEncode(
spUrlFormat,
spListItems.Append(spListItem);
}
}
if (idpListItems.Length == 0)
{
idpListItems.Append("<li>IDP initiated SSO is currently only supported with an OpenSSO deployment.</li>");
}
if (spListItems.Length == 0)
{
spListItems.Append("<li>SP initiated SSO requires either HTTP-POST or HTTP-Artifact assertion consumer service locations to be configured.</li>");
}
}
catch (ServiceProviderUtilityException spue)
{
}
%>
<% if( errorMessage == null ) { %>
<p>
Perform the IDP initiated Single Sign On to take you to the OpenSSO login form.
Upon successfull login, you will be taken to the location configured for your Fedlet
for this sample application.
</p>
<%=idpListItems.ToString()%>
<p>
Alternatively, you can perform SP initiated Single Sign On with the link(s) provided
below.
</p>
<ul>
<%=spListItems.ToString()%>
</ul>
<% if( hasMultipleIdps ) { %>
<p>
Since you have multiple identity providers specified, you can optionally
to perform Single Sign On with your preferred IDP if you have specified
the reader service within your circle-of-trust file.
</p>
<% } %>
<p>
The above demonstrates how a .NET developer could issue a redirect
to non-authenticated users from their .NET application to the OpenSSO
login page for authentication.
</p>
<% } else { %>
<p>
Please be sure to follow the instructions within the README file as well as review the
information above.
</p>
<p>
The following error was encountered:<br />
<%=errorMessage %>
</p>
<% } %>
</asp:Content>