a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: FSPostLogin.java,v 1.6 2008/07/31 00:55:33 exu Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.cot.CircleOfTrustDescriptor;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.cot.CircleOfTrustManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.IFSConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FSUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.jaxb.entityconfig.BaseConfigType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.FSLoginHelper;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.FSLoginHelperException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.util.FSServiceUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.FSSessionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.FSSession;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.logout.FSTokenListener;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionProvider;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.encode.URLEncDec;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This class defines methods which will be invoked post
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static IDFFMetaManager metaManager = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Retreives and forwards request to URL after login.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request <code>HttpServletRequest</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response <code>HttpServletResponse</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void doPostLogin(HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String sso = request.getParameter(IFSConstants.SSOKEY);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String lrURL = request.getParameter(IFSConstants.LRURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request.getParameter(IFSConstants.FEDERATEKEY);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaAlias = FSServiceUtils.getMetaAlias(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster lrURL = getValueFromURL(rqst, IFSConstants.LRURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sso = getValueFromURL(rqst, IFSConstants.SSOKEY);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // this is for LECP, we need to map the random id back to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // original URL stored in session manager
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSessionManager sessMgr = FSSessionManager.getInstance(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String relayStateURL = sessMgr.getRelayState(lrURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster lrURL = LibertyManager.getHomeURL(realm, entityID, providerRole);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster && sso.equalsIgnoreCase(IFSConstants.SSOVALUE)) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // means in middle of SSO show consent to introduction page
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String cotSelected = (String)cotSet.iterator().next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSPostLogin::doPostLogin "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster returnURL = new StringBuffer().append(consentPage)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append(IFSConstants.EQUAL_TO).append(metaAlias)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSPostLogin::doPostLogin: No "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "COTS configured. redirecting to lrurl "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //show do u want to federate page with list of IDP's
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String providerID = LibertyManager.getEntityID(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String univId = LibertyManager.getUser(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String preLoginURL = LibertyManager.getLoginURL(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sendResponse(request, response, preLoginURL + "&goto=" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set providerSet = LibertyManager.getProvidersToFederate(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (providerSet != null && providerSet.size() != 0 &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSPostLogin::doPostLogin: Found "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "provider(s) to federated with " + providerSet);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster returnURL = new StringBuffer().append(federationPage).append
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append(metaAlias).append(IFSConstants.AMPERSAND)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSPostLogin::doPostLogin: No "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "provider(s) to federated with or "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "federationPage null. Redirecting to LRURL "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSPostLogin::doPostLogin. No cotkey or "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Federatekey found");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster setTokenListenerAndSessionInfo(request, metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSPostLogin::doPostLogin return url "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the Session Listener and session information.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request the <code>HttpServletRequest</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias the provider alias string.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SessionProvider sessionProvider = SessionManager.getProvider();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ssoToken = sessionProvider.getSession(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessionID = sessionProvider.getSessionID(ssoToken);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster userID = sessionProvider.getPrincipalName(ssoToken);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSPostLogin::setTokenListenerAndSessionInfo "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Failed during trying to add token Listener:", ssoExp);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSession session = sessionManager.getSession(userID, sessionID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSPostLogin::setTokenListenerAndSessionInfo. "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "No existing session found for user " + userID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " Creating a new Session");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSession newSession = new FSSession(sessionID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Forwards request to the Return URL.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request the <code>HttpServletRequest</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request the <code>HttpServletResponse</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param returnURL the url to forward to.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void sendResponse(HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.forwardRequest(request, response, returnURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSPreLogin:: sendError Error during sending error page");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the introduction URL.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request the <code>HttpServletRequest</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a String the Introduction URL.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception FSPostLoginException on error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String doConsentToIntro(HttpServletRequest request)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String targetURL = request.getParameter(IFSConstants.LRURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String cotSelected = request.getParameter(IFSConstants.COTKEY);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return doConsentToIntro(metaAlias,targetURL,cotSelected);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Retrieves the entityID of the provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias the provider alias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request the <code>HttpServletRequest</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception FSPostLoginException on error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void setMetaInfo(String metaAlias,HttpServletRequest request)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getProviderRoleByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedConfig = metaManager.getIDPDescriptorConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster providerRole.equalsIgnoreCase(IFSConstants.SP))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedConfig = metaManager.getSPDescriptorConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSPostLogin::setMetaInfo: exception:",ie);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster consentPage = FSServiceUtils.getConsentPageURL(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster federationPage = FSServiceUtils.getDoFederatePageURL(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSPostLogin::setMetaInfo "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "could not get alliane manager handle "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Cannot proceed so throwing error page");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSPostLogin:: could not get meta manager handle.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the Introduction Writer URL.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias the provider alias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param targetURL the url the writer servlet will redirect to.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param cotSelected the name of the Circle fo Trust.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the writer url.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception FSPostLoginException on error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private String doConsentToIntro(String metaAlias,String targetURL,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster entityID = metaManager.getEntityIDByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster CircleOfTrustManager cotManager = new CircleOfTrustManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster CircleOfTrustDescriptor cotDesc = cotManager.getCircleOfTrust(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSPostLogin::doConsentToIntro in cot managment expextion:",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSPostLogin::doConsentToIntro in cot managment expextion:",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster redirectURL = new StringBuffer().append(tldURL)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append(IFSConstants.LRURL).append(IFSConstants.EQUAL_TO)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append(URLEncDec.encode(entityID)).toString();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSPostLogin::doConsentToIntro return url"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the URL to which request should be redirected
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * for federation. This method reads the request parameters
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * and creates an Authentication Request to send to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * initiate the Single Sign-On / Federation process.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request the <code>HttpServletRequest</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response the <code>HttpServletResponse</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the URL to redirect request to.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception FSPostLoginException on error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String doFederation(HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String metaAlias = request.getParameter(IFSConstants.META_ALIAS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String LRURL = request.getParameter(IFSConstants.LRURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request.getParameter(IFSConstants.SELECTEDPROVIDER);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSPostLogin::doFederation metaAlias "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSPostLogin::doFederation lrurl "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSPostLogin::doFederation selected provider"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Enumeration headerNames = request.getHeaderNames();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String hn = headerNames.nextElement().toString();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSLoginHelper plh = new FSLoginHelper(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster HttpSession httpSession = request.getSession(false);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSPostLogin::doFederate in exception ",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSPostLoginException("FSPostLogin::doFederate exception "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map retHeaderMap = (Map)retMap.get(IFSConstants.HEADER_KEY);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Iterator hdrNames = retHeaderMap.keySet().iterator();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String urlKey = (String) retMap.get(IFSConstants.URL_KEY);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSPostLogin::doFederation returning with "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Retrieves the value of a parameter from the URL. This is
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * an utility method.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param reqURLStr the url string.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param name the value of the parameter to be retrieved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return value of the parameter
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static String getValueFromURL(String reqURLStr, String name) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ((iIndex = reqURLStr.lastIndexOf(name)) != -1))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (endOfString = 0; endOfString < len; endOfString++) {