a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: FSSOAPReceiver.java,v 1.7 2008/06/25 05:46:56 qcheng Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.common.SystemConfigurationException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.common.SystemConfigurationUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FSException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FSUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.IFSConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.LogUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.jaxb.entityconfig.BaseConfigType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSAssertion;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSAuthnRequest;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSFederationTerminationNotification;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSLogoutNotification;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSLogoutResponse;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSNameIdentifierMappingRequest;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSNameIdentifierMappingResponse;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSNameRegistrationRequest;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSNameRegistrationResponse;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSResponse;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSSAMLRequest;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.common.EncryptedNameIdentifier;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.common.FSMsgException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.plugins.FederationSPAdapter;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.fednsso.FSSSOBrowserArtifactProfileHandler;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.fednsso.FSSSOLECPProfileHandler;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.logout.FSLogoutStatus;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.logout.FSLogoutUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.logout.FSPreLogoutHandler;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.namemapping.FSNameMappingHandler;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.registration.FSNameRegistrationHandler;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.termination.FSFedTerminationHandler;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.util.FSServiceUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.NameIdentifier;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.xmlsig.XMLSignatureManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>SOAP</code> endpoint that handles federation <code>SOAP</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class FSSOAPReceiver extends HttpServlet {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static MessageFactory msgFactory = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static final String MESSAGE = "message";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Initializes the servlet.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param config <code>ServletConfig</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception ServletException if error occurrs
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void init(ServletConfig config) throws ServletException {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // initializing the msgFactory field with a default
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // MessageFactory object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Initialize it to the default.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSSOAPReceiver:Unable to get message factory"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Default constructor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Handles post request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request http request object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response http response object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception ServletException, IOException if error occurrs.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void doPost(HttpServletRequest request, HttpServletResponse response)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throws javax.servlet.ServletException, java.io.IOException
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSSOAPReceiver.doPost: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster MimeHeaders mimeHeaders = SAMLUtils.getMimeHeaders(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ServletInputStream sInputStream = request.getInputStream();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster msgFactory.createMessage(mimeHeaders, sInputStream);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster this.onMessage(request, response, soapMessage);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Process the request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request http request object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response http response object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param message received soap message
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void onMessage(HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSSOAPReceiver.onMessage: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Element elt = soapService.parseSOAPMessage(message);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSSOAPReceiver.onMessage: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Error in processing saml:Request. Invalid SOAPMessage");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSSOAPReceiver.onMessage: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "tagName: " + eltTagName + " namespaceUri: " + ns
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //check for saml:Request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ns.equalsIgnoreCase(IFSConstants.PROTOCOL_NAMESPACE_URI))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSAMLRequest samlRequest = new FSSAMLRequest(elt);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSSOAPReceiver.onMessage: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "could not create meta instance");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String metaAlias = FSServiceUtils.getMetaAlias(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getIDPDescriptor(realm, hostedEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSServiceManager sm = FSServiceManager.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster handler.setHostedDescriptorConfig(hostedConfig);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSSOAPReceiver.onMessage: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "SAML Response created: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSSOAPReceiver.onMessage: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "SAML Response is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // introduce id attribute for Assertion bind in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // SOAPEnvelope and sign
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster retMessage = soapService.bind(((FSResponse)samlResponse).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSAssertion assertion = (FSAssertion)iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaUtils.getFirstAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SOAPReceiver.onMessage: couldn't " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "obtain this site's cert alias.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "cannotFindCertAlias"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster int minorVersion = assertion.getMinorVersion();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IFSConstants.FF_12_POST_ASSERTION_MINOR_VERSION
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IFSConstants.FF_12_ART_ASSERTION_MINOR_VERSION)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster retMessage = FSServiceUtils.convertDOMToSOAP(doc);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSSOAPReceiver.onMessage: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Error in processing saml:Request");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSSOAPReceiver.onMessage: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSSOAPReceiver.onMessage: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } if (nodeName.equalsIgnoreCase("AuthnRequest") &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS)))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSAuthnRequest authnRequest = new FSAuthnRequest(elt);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster handleLECPRequest(request, response, authnRequest);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSSOAPReceiver.onMessage: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Error in processing lecp AuthnRequest:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster nodeName.equalsIgnoreCase("RegisterNameIdentifierRequest") &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS)))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean isError = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ProviderDescriptorType hostedProviderDesc = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSSOAPReceiver.onMessage: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Handling NameRegistrationRequest");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Unable to get meta manager");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (providerAlias == null || providerAlias.length() < 1)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Unable to retrieve alias"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Hosted Provider. Cannot process request");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedEntityId = metaManager.getEntityIDByMetaAlias(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Unable to find Hosted Provider. "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Cannot process request");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster elt, message, hostedProviderDesc, hostedConfig,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedRole, realm,hostedEntityId, providerAlias,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Error in creating NameRegistration Response");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSOAPReceiver.onMessage: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Completed creating response");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Completed bind message");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Error in processing NameRegistration " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Response");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "invalid minor version.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSNameRegistrationHandler:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "sign soap Response failed",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "cannotProcessRequest",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSNameRegistrationHandler::" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "signRegistrationResponse failed",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "cannotProcessRequest",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster xmlString = bop.toString(IFSConstants.DEFAULT_ENCODING);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Error in processing Name Registration request"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster nodeName.equalsIgnoreCase("NameIdentifierMappingRequest") &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS)))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSOAPReceiver:handling Name Identifier Mapping Request");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String metaAlias = FSServiceUtils.getMetaAlias(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String hostedEntityId = metaManager.getEntityIDByMetaAlias(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getIDPDescriptor(realm, hostedEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSNameIdentifierMappingRequest mappingRequest =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String remoteEntityId = mappingRequest.getProviderID();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //hostedProviderDesc.getProviderRole(),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSOAPReceiver: Success in verifying "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Name Identifier Mapping Request");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Failed verifying Name Identifier Mapping Request");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String targetNamespace = mappingRequest.getTargetNamespace();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String inResponseTo = mappingRequest.getRequestID();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Status status = new Status(new StatusCode("samlp:Success"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSNameMappingHandler(hostedEntityId, hostedDesc,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster NameIdentifier nameIdentifier = idpHandler.getNameIdentifier(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaUtils.getFirstAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedConfig, IFSConstants.ENABLE_NAMEID_ENCRYPTION);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSNameIdentifierMappingResponse mappingResponse = new
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSNameIdentifierMappingResponse(hostedEntityId,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaUtils.getFirstAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster soapService.bind(mappingResponse.toXMLString(true, true));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FederationTerminationNotification") &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS)))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "calling FSSOAPReceiver::handleTerminationRequest");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean bHandleStatus = handleTerminationRequest(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Completed processing terminationRequest");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Failed processing terminationRequest");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Error in processing Federation Termination Request",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster { IFSConstants.TERMINATION_REQUEST_PROCESSING_FAILED };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (nodeName.equalsIgnoreCase("LogoutRequest") &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS)))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "calling FSSOAPReceiver::handleLogoutRequest");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ProviderDescriptorType hostedProviderDesc = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster providerAlias = FSServiceUtils.getMetaAlias(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedRole = metaManager.getProviderRoleByMetaAlias(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedEntityId = metaManager.getEntityIDByMetaAlias(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSSOAPReceiver, provider", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster elt, logoutRequest, message, request, response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedConfig, providerAlias, realm, hostedEntityId,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String inResponseTo = logoutRequest.getRequestID();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String relayState = logoutRequest.getRelayState();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean statusSuccess = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster retSoapMessage = (SOAPMessage) map.get(MESSAGE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster resp.setMinorVersion(logoutRequest.getMinorVersion());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Call SP Adapter postSingleLogoutSuccess for IDP/SOAP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedRole.equalsIgnoreCase(IFSConstants.SP) &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "call postSingleLogoutSuccess, IDP/SOAP"); }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request, response, (String) map.get(USERID), logoutRequest, resp,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // ignore adapter exception
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IFSConstants.LOGOUT_REQUEST_PROCESSING_FAILED) };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //check for other Liberty msgs should go here
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSSOAPReceiver.onMessage: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Error in processing Request: Exception occured: ", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster e.printStackTrace(new java.io.PrintStream(strm));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster soapService.formSOAPError("Server", "cannotProcessRequest", null),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private ProviderDescriptorType getRemoteProviderDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String hostedProviderRole, String remoteEntityId, String realm)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Unable to get meta manager");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster remoteDesc = metaManager.getIDPDescriptor(realm,remoteEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Unable to find Hosted Provider.Cannot process request:", eam);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private FSNameRegistrationResponse handleRegistrationRequest(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String remoteEntityId = regisRequest.getProviderId();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean isIDP = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster X509Certificate cert = KeyUtil.getVerificationCert(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Registration Signature successfully passed");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster regisHandler.setHostedDescriptorConfig(hostedConfig);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster regisHandler.setHostedEntityId(hostedEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster regisHandler.setHostedProviderRole(hostedRole);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster regisHandler.setRemoteEntityId(remoteEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSServiceManager instance is null. "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Cannot process registration request");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("Remote provider not in trusted list");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Registration Signature failed verification");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSNameRegistrationHandler.doPost.doGet:Exception occured ",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String providerAlias = FSServiceUtils.getMetaAlias(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (providerAlias == null || providerAlias.length() < 1) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("Unable to retrieve alias, Hosted Provider."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Cannot process the termination request");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("Unable to get meta manager");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSFederationTerminationNotification terminationRequest =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ProviderDescriptorType hostedProviderDesc = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String remoteEntityId = terminationRequest.getProviderId();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedRole = metaManager.getProviderRoleByMetaAlias(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedEntityId = metaManager.getEntityIDByMetaAlias(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedProviderDesc = metaManager.getIDPDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedConfig = metaManager.getIDPDescriptorConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster } else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedProviderDesc = metaManager.getSPDescriptor(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedConfig = metaManager.getSPDescriptorConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Unable to find Hosted Provider. Cannot process request:",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster X509Certificate cert = KeyUtil.getVerificationCert(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster verifyRequestSignature(elt, terminationMsg, cert))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Termination Signature successfully verified");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster terminationHandler.setMetaAlias(providerAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Unable to get Termination Handler");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSServiceManager instance is null. "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Cannot process termination request");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Remote provider not in trusted list");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Termination Signature failed verification");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSOAPService::handleTerminationRequest failed ", se);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Initiates the processing of the logout request received from a remote
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * trusted provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param elt containing the logout request in the XML message
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param logoutRequest logout notification
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param msgLogout logout message
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request http request object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response http response object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedProviderDesc hosted provider meta descriptor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedConfig hosted provider's extended meta
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param providerAlias hosted provider's meta alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm The realm under which the entity resides.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedEntityId hosted provider's entity ID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedRole hosted provider's role
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return null if error in processing, or Map containing two
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * keys, MESSAGE for SOAPMessage object and USERID for userID string
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String remoteEntityId = logoutRequest.getProviderId();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean isIDP = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster X509Certificate remoteCert = KeyUtil.getVerificationCert(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster verifyRequestSignature(elt, msgLogout, remoteCert))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Logout Signature successfully verified");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (providerAlias == null || providerAlias.length() < 1) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Unable to retrieve alias, " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Hosted Provider Cannot process logout request");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Completed forming request FSLogoutNotification");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String userID = FSLogoutUtil.getUserFromRequest(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster logoutRequest, realm, hostedEntityId, hostedRole,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSOAPReceiver:handleLogoutRequest"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Call SP Adapter preSingleLogoutProcess for IDP/SOAP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "call preSingleLogoutProcess, IDP/SOAP");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // ignore adapter process error
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("preSingleLogoutProcess." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // TODO : change to use FSLogoutUtil.liveConnectionsExist
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Need to get the list of servers from the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // platform list and make a call to each of them
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //to do the cleanup
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSOAPReceiver:handleLogoutRequest: User "+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "does not exist locally. Finding remotely");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSOAPReceiver:handleLogoutRequest: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSOAPReceiver:handleLogoutRequest"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "platformList is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "com.iplanet.am.services." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "deploymentDescriptor"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSOAPReceiver:handleLogoutRequest"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "remoteServerURL = "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " and self serverUrl ="
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSOAPReceiver:handleLogoutRequest"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "user found here ="
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "com.iplanet.am.services." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "deploymentDescriptor"))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Forward logout request to "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSOAPException in doSOAPProfile"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " Cannot send request", e );
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster logoutHandler.setHostedEntityId(hostedEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster logoutHandler.setHostedProviderRole(hostedRole);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster logoutHandler.setRemoteEntityId(remoteEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Unable to get PreLogoutHandler");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSServiceManager instance is"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "null. Cannot process logout request");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Remote provider not in trusted list");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("Logout Signature failed verification");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSSOAPService::handleLogoutRequest failed",se);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSSOAPReceiver.handleLECPRequest: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String metaAlias = FSServiceUtils.getMetaAlias(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String hostedEntityId = metaManager.getEntityIDByMetaAlias(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSessionManager sessionService = FSSessionManager.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // handle sso
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSServiceManager sm = FSServiceManager.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSSOLECPProfileHandler handler = sm.getLECPProfileHandler(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getIDPDescriptor(realm, hostedEntityId));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getIDPDescriptorConfig(realm, hostedEntityId));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSSOAndFedService.onMessage: Exception occured ", se);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Verifies the signature on the request received from a remote trusted
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param elt containing the logout request in the XML message
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param msg request soap message
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param cert Certificate to be used in verifying the signature.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return boolean <code>true</code> if signature verfication successful;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * otherwise return <code>false.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSSOAPReceiver::verifyRequestSignature: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSSOAPReceiver.verifyRequestSignature" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ": couldn't obtain this site's cert.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.bundle.getString(IFSConstants.NO_CERT));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSSOAPReceiver::verifyRequestSignature: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "Provider's cert is found. "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "\nxmlString to be verified: " + XMLUtils.print(elt));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XMLSignatureManager manager = XMLSignatureManager.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Document doc = (Document)FSServiceUtils.createSOAPDOM(msg);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSSOPAReceiver::verifyRequestSignature " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " Exception occured while verifying signature:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Signs SOAP Response before sending it to the provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param msg the response message to be sent to provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param idAttrName name of the id attribute to be signed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param id the value of the id attributer to be signed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedConfig hosted provider's extended meta
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return SOAPMessage the signed response message
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAMLException, FSMsgException if error occurrs
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSSOAPReceiver::Entered signResponse::");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (certAlias == null || certAlias.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSSOAPReceiver.signResponse:"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " couldn't obtain this site's cert alias.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "signResponse::Provider's certAlias is found: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XMLSignatureManager manager = XMLSignatureManager.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Document doc = (Document)FSServiceUtils.createSOAPDOM(msg);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String xpath = "//*[local-name()=\'ProviderID\']";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.setMimeHeaders(msg.getMimeHeaders(), response);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSOAPReceiver.returnSOAPMessage: Exception::", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Federation termination must send 204 status when it succeeds.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void returnTerminationStatus(HttpServletResponse response) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSOAPReceiver.returnFedTerminationStatus: Exception::", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private boolean isUserExists(String userDN, String providerAlias) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSessionManager sessionMgr = FSSessionManager.getInstance(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster synchronized(sessionMgr) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("About to call getSessionList");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List sessionList = sessionMgr.getSessionList(userDN);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SOAPReceiver:isUserExists:List is empty");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SOAPReceiver:isUserExists: List is not empty. "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("SOAPReceiver.isUserExists:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private String getFullServiceURL(String shortUrl) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster URL weburl = SystemConfigurationUtil.getServiceURL(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SERVICE_NAMING, u.getProtocol(), u.getHost(), u.getPort(),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AssertionManager.getFullServiceURL:full remote URL is: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AssertionManager.getFullServiceURL:Exception:", e);