a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: FSAuthnRequest.java,v 1.4 2008/07/08 06:03:37 exu Exp $
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpotts * Portions Copyrighted 2014-2016 ForgeRock AS.
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpottsimport static org.forgerock.openam.utils.Time.*;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FSUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.IFSConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.common.Extension;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.common.FSMsgException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.common.RequestAuthnContext;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLResponderException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.protocol.AbstractRequest;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.xmlsig.XMLSignatureManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.encode.URLEncDec;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The class <code>FSAuthnRequest</code> is used to create , parse
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AuthnRequest</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @supported.all.api
f948ca04a28ccfeed9633bf4b0fb0d2c59c37478David Luna * @deprecated since 12.0.0
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class FSAuthnRequest extends AbstractRequest {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private RequestAuthnContext authnContext = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected String assertionConsumerServiceID = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static final String QUERY_STRING_EXTENSION_PREFIX = "AE_";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Default AuthnRequest construtor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor to create <code>FSAuthnRequest</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param requestId the request identifier.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param respondWiths List of respond withs attributes.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param providerID provider id of the requesting provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param forceAuthn Force Authentication boolean value.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param isPassive attribute for IDP to be passive or active.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param fed attribute to distingush this request for Federation or SSO
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param nameIDPolicy Name ID Policy for this request, possible values
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * are "none", "onetime", "federated", "any".
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param protocolProf ProtocolProfile used for the SSO.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authnCxt Authentication Context used for the SSO.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param relaySt Relay State i.e. original URL to be redirected after SSO.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authContextCompType AuthContext comparison type.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws <code>FSMsgException</code> on error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if((respondWiths != null) && (respondWiths != Collections.EMPTY_LIST)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthnRequest: wrong input for " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "RespondWith");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((requestId != null) && (requestId.length() != 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // random generate one
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthnRequest: couldn't gen RequestID.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("errorGenerateID",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster this.authContextCompType = authContextCompType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor to create <code>FSAuthnRequest</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param root the Document Element object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws <code>FSMsgException</code> on error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public FSAuthnRequest(Element root) throws FSMsgException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthnRequest(Element): null input.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthnRequest(Element): wrong input");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Attribute IssueInstant
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String instantString = root.getAttribute(IFSConstants.ISSUE_INSTANT);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((instantString == null) || (instantString.length() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthnRequest(Element): "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "missing IssueInstant");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] args = { IFSConstants.ISSUE_INSTANT };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("missingAttribute",args);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster issueInstant = DateUtils.stringToDate(instantString);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthnRequest(Element): "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "could not parse IssueInstant", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Consent attribute
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster consentURI = root.getAttribute(IFSConstants.CONSENT);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster requestID = root.getAttribute(IFSConstants.AUTH_REQUEST_ID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster parseMajorVersion(root.getAttribute(IFSConstants.MAJOR_VERSION));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster parseMinorVersion(root.getAttribute(IFSConstants.MINOR_VERSION));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((nodeName = child.getLocalName()) != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (nodeName.equals(IFSConstants.RESPONDWITH)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster respondWiths.add(XMLUtils.getElementValue((Element) child));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (nodeName.equals(IFSConstants.PROVIDER_ID)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(providerId != null && providerId.length() != 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthnRequest(Element): should"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "contain only one ProviderID.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster providerId = XMLUtils.getElementValue((Element) child);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if(nodeName.equals(IFSConstants.NAMEID_POLICY_ELEMENT)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster nameIDPolicy=XMLUtils.getElementValue((Element) child);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (nodeName.equals(IFSConstants.FEDERATE)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(strFederate != null && strFederate.length() != 0 &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (nodeName.equals(IFSConstants.IS_PASSIVE_ELEM)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(strIsPassive != null && strIsPassive.length() != 0 &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (nodeName.equals(IFSConstants.FORCE_AUTHN_ELEM)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(strForceAuthn != null && strForceAuthn.length() != 0 &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (nodeName.equals(IFSConstants.PROTOCOL_PROFILE)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthnRequest(Element): "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "should contain only one ProtocolProfile.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protocolProfile = XMLUtils.getElementValue((Element) child);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (nodeName.equals(IFSConstants.AUTHN_CONTEXT)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authnContext = new RequestAuthnContext((Element) child);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authnContext = new RequestAuthnContext((Element) child);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (nodeName.equals(IFSConstants.RELAY_STATE)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster relayState = XMLUtils.getElementValue((Element) child);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(!(authContextCompType.equals(IFSConstants.MINIMUM) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authContextCompType.equals(IFSConstants.EXACT) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authContextCompType.equals(IFSConstants.MAXIMUM) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authContextCompType.equals(IFSConstants.BETTER)) ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if(nodeName.equals(IFSConstants.AFFILIATIONID)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster affiliationID = XMLUtils.getElementValue((Element) child);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if(nodeName.equals(IFSConstants.EXTENSION)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if(nodeName.equals(IFSConstants.SCOPING)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthnRequest(Element): invalid"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //check for signature
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List signs = XMLUtils.getElementsByTagNameNS1(root,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthnRequest(Element): "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "included more than one Signature element.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //end check for signature
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This method translates the request to an XML document String based on
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the Request schema described above.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * NOTE: this is a complete AuthnRequest xml string with RequestID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * MajorVersion, etc.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return XML String representing the request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSMsgException if there is an error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String toXMLString() throws FSMsgException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return toXMLString(true, true);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Creates a String representation of the <lib:AuthnRequest> element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeNS : Determines whether or not the namespace qualifier
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is prepended to the Element when converted
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param declareNS : Determines whether or not the namespace is declared
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * within the Element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return string containing the valid XML for this element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSMsgException if there is an error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return toXMLString(includeNS, declareNS, false);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Creates a String representation of the <lib:AuthnRequest> element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeNS Determines whether or not the namespace qualifier
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is prepended to the Element when converted
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param declareNS Determines whether or not the namespace is declared
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * within the Element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param includeHeader Determines whether the output include the xml
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * declaration header.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return A string containing the valid XML for this element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSMsgException if there is an error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if((providerId == null) || (providerId.length() == 0)){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthnRequest.toXMLString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "providerId is null in the request with requestId:"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("nullProviderIdWRequestId",args);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((requestID == null) || (requestID.length() == 0)){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthnRequest.toXMLString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "couldn't generate RequestID.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("errorGenerateID",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster xml.append("<?xml version=\"1.0\" encoding=\"").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster append(IFSConstants.DEFAULT_ENCODING).append("\" ?>");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster samlpUri = IFSConstants.PROTOCOL_NAMESPACE_STRING;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String instantString = DateUtils.toUTCDateFormat(issueInstant);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster while (i.hasNext()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((extensions != null) && (!extensions.isEmpty())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for(Iterator iter = extensions.iterator(); iter.hasNext();) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String strFederate = IFSConstants.NAME_ID_POLICY_NONE;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster strFederate = IFSConstants.NAME_ID_POLICY_FEDERATED;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (nameIDPolicy != null && nameIDPolicy.length()>0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(protocolProfile != null && protocolProfile.length() != 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append(IFSConstants.ASSERTION_CONSUMER_SVC_ID)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append(IFSConstants.ASSERTION_CONSUMER_SVC_ID)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(relayState != null && relayState.length() != 0){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append(XMLUtils.escapeSpecialCharacters(relayState))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthnRequest.toString: requestID is null ");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("nullAuthnRequestID",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the <code>FSAuthnRequest</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param xml the XML string.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>FSAuthnRequest</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSMsgException if there is
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * error creating the object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static FSAuthnRequest parseXML(String xml) throws FSMsgException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Document doc = XMLUtils.toDOMDocument(xml, FSUtils.debug);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthnRequest.parseXML:Error "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "while parsing input xml string");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns Signed XML String representation of this object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return signed XML String.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the signature string.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the signature string.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns a list of <code>Extension</code> objects.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Each entry of the list is a <code>Extension</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a list of <code>Extension</code> elements.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #setExtensions(List)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets <code>Extension</code> objects.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Each entry of the list is a <code>Extension</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param extensions a list of <code>Extension</code> objects.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #getExtensions
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the value of Force Authentication attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the value of Force Authentication attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the value of Force Authentication attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param forceAuthn value of Force Authentication attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setForceAuthn(boolean forceAuthn) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the value of the <code>isPassive</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return value of <code>isPassive</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the value of the <code>IsPassive</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param isPassive value of <code>isPassive</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the value of the <code>Federate</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the value fo the <code>Federate</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the value of the <code>Federate</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param fed the value of the <code>Federate</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the <code>NameIDPolicy</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the <code>NameIDPolicy</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #setNameIDPolicy(String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the <code>NameIDPolicy</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param nameIDPolicy the new <code>NameIDPolicy</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #getNameIDPolicy
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setNameIDPolicy(String nameIDPolicy) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the value of <code>ProtocolProfile<code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the value of <code>ProtocolProfile<code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #setProtocolProfile(String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the value of <code>ProtocolProfile<code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param protocolProf the value of <code>ProtocolProfile<code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #getProtocolProfile()
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setProtocolProfile(String protocolProf) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the value of RelayState attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the value of RelayState attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #setRelayState(String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Set the value of RelayState attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param relaySt the value of RelayState attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #getRelayState()
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the <code>RequestedAuthnContext</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the <code>RequestedAuthnContext</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #setAuthnContext(RequestAuthnContext)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the <code>RequestedAuthnContext</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authnCxt the <code>RequestAuthnContext</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #getAuthnContext()
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setAuthnContext(RequestAuthnContext authnCxt) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the value of <code>ProviderID</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the value of <code>ProviderID</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #setProviderId(String).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the value of <code>ProviderID</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param provId the value of <code>ProviderID</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #getProviderId()
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the value of AuthContext Comparison attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return he value of AuthContext Comparison attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #setAuthContextCompType(String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the value of AuthContext Comparison attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authType he value of AuthContext Comparison attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #getAuthContextCompType()
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setAuthContextCompType(String authType) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the value of <code>id</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the value of <code>id</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #setID(String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the value of <code>id</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param id the value of <code>id</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #getID()
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the value of the <code>MinorVersion</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the value of the <code>MinorVersion</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #setMinorVersion(int)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the value of the <code>MinorVersion</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param version the value of the <code>MinorVersion</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #getMinorVersion()
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the Affliation Identifier.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the Affliation Identifier.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #setAffiliationID(String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the Affiliation Identifier.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param affiliationID the Affiliation Identifier.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #getAffiliationID()
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setAffiliationID(String affiliationID) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the Assertion Consumer Service Identifier.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the Assertion Consumer Service Identifier.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #setAssertionConsumerServiceID(String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String getAssertionConsumerServiceID() {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the Assertion Consumer Service Identifier.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param assertionConsumerServiceID the Assertion Consumer
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Service Identifier.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #getAssertionConsumerServiceID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster this.assertionConsumerServiceID = assertionConsumerServiceID;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the value of <code>consent</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the value of <code>consent</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #setConsent(String)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the value of <code>consent</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param consentURI the value of <code>consent</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #getConsent()
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the <code>FSScoping</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param scoping the <code>FSScoping</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #getScoping()
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the <code>FSScoping</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the <code>FSScoping</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @see #setScoping(FSScoping)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Validates the the <code>MajorVersion</code> property in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AuthnRequest</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param majorVer the value of <code>MajorVersion</code> property
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSMsgException if the <code>MajoorVersion</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is null or is invalid.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void parseMajorVersion(String majorVer) throws FSMsgException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthnRequest(Element): invalid "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "MajorVersion", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (majorVersion != IFSConstants.PROTOCOL_MAJOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (majorVersion > IFSConstants.PROTOCOL_MAJOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthnRequest(Element): "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "MajorVersion of the AuthnRequest is too high.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("requestVersionTooHigh",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthnRequest(Element): "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "MajorVersion of the AuthnRequest is too low.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("requestVersionTooLow",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Validates the the <code>MinorVersion</code> property in the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>AuthnRequest</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param minorVer the value of <code>MinorVersion</code> property
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSMsgException if the <code>MinorVersion</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is null or is invalid.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void parseMinorVersion(String minorVer) throws FSMsgException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthnRequest(Element): invalid "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "MinorVersion", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(minorVersion > IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthnRequest.checkMinorVersion:"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " Minor Version of the AuthnRequest is too high.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("requestVersionTooHigh",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (minorVersion < IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthnRequest.checkMinorVersion:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " Minor Version of the AuthnRequest is too low.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("requestVersionTooLow",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Checks the value of the <code>MajorVersion</code> property
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * in the <code>AuthnRequest</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param minorVer the value of <code>MajorVersion</code> property
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return integer value of <code>MajorVersion</code> property
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSMsgException if the <code>MajorVersion</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is null or invalid.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static int checkMajorVersion(String majorVer)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("nullMajorVersion",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthnRequest.checkMajorVersion: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (majorVersion != SAMLConstants.PROTOCOL_MAJOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (majorVersion > SAMLConstants.PROTOCOL_MAJOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthnRequest.checkMajorVersion: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "MajorVersion of the AuthnRequest is too high"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("requestVersionTooHigh",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSAuthnRequest.checkMajorVersion:MajorVersion of "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "the AuthnRequest is too low. " + majorVersion);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("requestVersionTooLow",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Checks the value of the <code>MinorVersion</code> property
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * in the <code>AuthnRequest</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param minorVer the value of <code>MinorVersion</code> property
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return integer value of <code>MinorVersion</code> property
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSMsgException if the <code>MinorVersion</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is null or invalid.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static int checkMinorVersion(String minorVer)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("nullMinorVersion",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthnRequest.checkMinorVersion: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "invalid MinorVersion", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(minorVersion > IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthnRequest.checkMinorVersion:"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " Minor Version of the AuthnRequest is too high.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("requestVersionTooHigh",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthnRequest.checkMinorVersion:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " Minor Version of the AuthnRequest is too low.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("requestVersionTooLow",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns an URL Encoded Query String.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a url encoded query string.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSMsgException if there is an error.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String toURLEncodedQueryString() throws FSMsgException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((providerId == null) || (providerId.length() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthnRequest.toURLEncodedQueryString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "providerId is null in the request with requestId:"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("nullProviderIdWRequestId",args);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((requestID == null) || (requestID.length() == 0)){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthnRequest.toURLEncodedQueryString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "couldn't generate RequestID.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("errorGenerateID",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster StringBuffer urlEncodedAuthnReq = new StringBuffer(300);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEncodedAuthnReq.append(IFSConstants.AUTH_REQUEST_ID)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((extensions != null) && (!extensions.isEmpty())) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Extension extension = (Extension)extensions.get(0);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEncodedAuthnReq.append(extension.toURLEncodedQueryString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster QUERY_STRING_EXTENSION_PREFIX)).append(IFSConstants.AMPERSAND);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSAuthnRequest.toURLEncodedQueryString: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "only one Extension element is allowed and extras " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " will be removed");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEncodedAuthnReq.append(IFSConstants.PROVIDER_ID)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEncodedAuthnReq.append(IFSConstants.CONSENT)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEncodedAuthnReq.append(IFSConstants.AFFILIATIONID)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEncodedAuthnReq.append(IFSConstants.ISSUE_INSTANT)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthnRequest.toURLEncodedQueryString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "issueInstant missing");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] args = { IFSConstants.ISSUE_INSTANT };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("missingAttribute",args);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEncodedAuthnReq.append(IFSConstants.FORCE_AUTHN_ELEM)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEncodedAuthnReq.append(IFSConstants.IS_PASSIVE_ELEM)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String strFederate = IFSConstants.NAME_ID_POLICY_NONE;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster strFederate = IFSConstants.NAME_ID_POLICY_FEDERATED;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (nameIDPolicy != null && nameIDPolicy.length() > 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEncodedAuthnReq.append(IFSConstants.NAMEID_POLICY_ELEMENT)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEncodedAuthnReq.append(IFSConstants.FEDERATE)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (protocolProfile != null && protocolProfile.length() != 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEncodedAuthnReq.append(IFSConstants.PROTOCOL_PROFILE)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEncodedAuthnReq.append(authnContext.toURLEncodedQueryString());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (relayState != null && relayState.length() != 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEncodedAuthnReq.append(IFSConstants.RELAY_STATE)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEncodedAuthnReq.append(scoping.toURLEncodedQueryString());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEncodedAuthnReq.append(IFSConstants.AUTHN_CONTEXT_COMPARISON)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEncodedAuthnReq = urlEncodedAuthnReq.deleteCharAt(len);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns a Base64 Encoded String.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return a Base64 Encoded String.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSMsgException if there is an error encoding
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the string.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public String toBASE64EncodedString() throws FSMsgException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if((providerId == null) || (providerId.length() == 0)){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthnRequest.toBASE64EncodedString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "providerId is null in the request with requestId:"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("nullProviderIdWRequestId",args);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((requestID == null) || (requestID.length() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAuthnRequest.toBASE64EncodedString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "couldn't generate RequestID.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("errorGenerateID",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return Base64.encode(this.toXMLString().getBytes());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns <code>FSAuthnRequest</code> object. The
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * object is creating by parsing the <code>HttpServletRequest</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request the <code>HttpServletRequest</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSMsgException if there is an error
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * creating <code>FSAuthnRequest</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static FSAuthnRequest parseURLEncodedRequest(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster HttpServletRequest request) throws FSMsgException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSAuthnRequest retAuthnRequest = new FSAuthnRequest();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String authReqID = request.getParameter(IFSConstants.AUTH_REQUEST_ID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (authReqID == null || authReqID.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("nullAuthnRequestID",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request.getParameter(IFSConstants.ISSUE_INSTANT);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (instantString == null || instantString.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] args = { IFSConstants.ISSUE_INSTANT };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("missingAttribute",args);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String providerId = request.getParameter(IFSConstants.PROVIDER_ID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (providerId == null || providerId.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSMsgException("nullProviderIdInRequest",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("ProviderID of the sender: " + providerId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request.getParameter(IFSConstants.AFFILIATIONID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String forceAuthn = request.getParameter(IFSConstants.FORCE_AUTHN_ELEM);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ( forceAuthn != null && forceAuthn.length() != 0
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String isPassive = request.getParameter(IFSConstants.IS_PASSIVE_ELEM);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (isPassive != null && isPassive.length() != 0 &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request.getParameter(IFSConstants.NAMEID_POLICY_ELEMENT);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String federate = request.getParameter(IFSConstants.FEDERATE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request.getParameter(IFSConstants.PROTOCOL_PROFILE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (protocolProfile != null && protocolProfile.length() != 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster retAuthnRequest.protocolProfile = protocolProfile;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String relayState = request.getParameter(IFSConstants.RELAY_STATE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if(relayState != null && relayState.length() != 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request.getParameter(IFSConstants.AUTHN_CONTEXT_COMPARISON);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster retAuthnRequest.setAuthContextCompType(authnContextComparison);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String authType = retAuthnRequest.getAuthContextCompType();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster retAuthnRequest.scoping = FSScoping.parseURLEncodedRequest(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Extension extension = Extension.parseURLEncodedRequest(request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster QUERY_STRING_EXTENSION_PREFIX, retAuthnRequest.getMinorVersion());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns <code>FSAuthnRequest</code> object. The object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * is created by parsing an Base64 encode authentication
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * request string.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param encodedReq the encode string
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws FSMsgException if there is an error
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * creating <code>FSAuthnRequest</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static FSAuthnRequest parseBASE64EncodedString(String encodedReq)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (encodedReq != null && encodedReq.length() != 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String decodedAuthnReq = new String(Base64.decode(encodedReq));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSAuthnRequest.parseBASE64EncodedString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSAuthnRequest.parseBASE64EncodedString: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "null String passed in as argument.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Signs the Request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param certAlias the Certificate Alias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @throws XMLSignatureException if <code>FSAuthnRequest</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * cannot be signed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void signXML(String certAlias) throws SAMLException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthnRequest.signXML: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSAuthnRequest.signXML: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "the assertion is "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "already signed.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAMLResponderException(FSUtils.BUNDLE_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (certAlias == null || certAlias.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.BUNDLE_NAME,"cannotFindCertAlias",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XMLSignatureManager manager = XMLSignatureManager.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster signatureString = manager.signXML(this.toXMLString(true, true),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster this.id, false);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster certAlias, (String) null, IFSConstants.REQUEST_ID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster this.getRequestID(), false);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("invalid minor version.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XMLUtils.toDOMDocument(signatureString, FSUtils.debug)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Unsupported Method.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.BUNDLE_NAME,"unsupportedOperation",null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the Signature of the Element passed.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param elem the Document Element.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return true if success otherwise false.