a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: FSBrowserArtifactConsumerHandler.java,v 1.8 2008/12/19 06:50:46 exu Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.federation.services.fednsso;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.common.SystemConfigurationUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FSException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FSUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.IFSConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.LogUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSAssertion;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSAuthnRequest;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSRequest;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSResponse;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSSubject;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.plugins.FederationSPAdapter;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.FSSOAPService;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.FSSessionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.util.FSServiceUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.NameIdentifier;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLResponderException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.xmlsig.XMLSignatureManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>SP</code> side assertion consumer handler handes artifact profile.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class FSBrowserArtifactConsumerHandler extends FSAssertionArtifactHandler
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructs a <code>FSBrowserArtifactHandler</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request <code>HttpServletRequest</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response <code>HttpServletResponse</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param idpDescriptor <code>IDP</code> provider descriptor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param idpEntityId <code>IDP</code> entity id
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param doFederate a flag indicating if it is a federation request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param nameIDPolicy <code>nameIDPolicy</code> used
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param relayState <code>RelayState</code> url
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructs a <code>FSBrowserArtifactConsumerHandler</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request <code>HttpServletRequest</code> object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response <code>HttpServletResponse</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param idpDescriptor <code>IDP</code> provider descriptor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param idpEntityId <code>IDP</code> entity id
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param relayState <code>RelayState</code> url
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param samlReq <code>FSRequest</code> with artifact
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster super(request, response, idpDescriptor, idpEntityId,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster idpDescriptor.getProtocolSupportEnumeration()) ==
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IFSConstants.FF_12_SAML_PROTOCOL_MINOR_VERSION);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IFSConstants.FF_11_SAML_PROTOCOL_MINOR_VERSION);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Builds <code>SAML</code> request (with artifact),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * sends <code>SAML</code> request to <code>IDP</code> through
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>SOAP</code>, receives <code>SAML</code> response, then
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * processes the response.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSBrowserArtifactConsumerHandler.processSAMLRequest: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String baseURL = FSServiceUtils.getBaseURL(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String framedPageURL = FSServiceUtils.getCommonLoginPageURL(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostMetaAlias, relayState, null, request,baseURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSOAPService soapHelper = FSSOAPService.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Document doc = (Document)FSServiceUtils.createSOAPDOM(msg);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSBrowserArtifactConsumerHandler." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "processSAMLRequest: could not create meta " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "instance");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.forwardRequest(request, response, framedPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaUtils.getFirstAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLRequest: couldn't obtain this site's cert"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " alias.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.forwardRequest(request, response, framedPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLRequest: certAlias: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XMLSignatureManager manager = XMLSignatureManager.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster int minorVersion = samlRequest.getMinorVersion();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IFSConstants.FF_11_SAML_PROTOCOL_MINOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IFSConstants.FF_12_SAML_PROTOCOL_MINOR_VERSION) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("invalid minor version.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //call with saml request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster soapHelper.doSyncCall(response, msg, idpDescriptor, false);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLRequest: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + FSUtils.bundle.getString("invalidSOAPResponse")
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " Response SOAPMessage is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.forwardRequest(request, response, framedPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //getback response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster samlResponseElt = soapHelper.parseSOAPMessage(retMsg);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (samlResponseElt.getLocalName().trim()).equals(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLRequest: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + FSUtils.bundle.getString("invalidSOAPResponse")
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " SOAPFault occured");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster { FSUtils.bundle.getString("invalidSOAPResponse") };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.INVALID_SOAP_RESPONSE,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.forwardRequest(request, response, framedPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (samlResponseElt.getLocalName().trim()).equals("Response"))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster samlResponse = new FSResponse(samlResponseElt);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLRequest: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + FSUtils.bundle.getString("invalidSOAPResponse")
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " Could not create SAML Response");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster { FSUtils.bundle.getString("invalidSOAPResponse") };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Level.INFO,LogUtil.INVALID_SOAP_RESPONSE, data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.forwardRequest(request, response, framedPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLRequest: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + FSUtils.bundle.getString("invalidSOAPResponse")
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " SOAP response does not contain samlp:Response");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster { FSUtils.bundle.getString("invalidSOAPResponse") };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.INVALID_SOAP_RESPONSE,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.forwardRequest(request, response, framedPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //process saml response
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLRequest: Exception occured: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + e.getMessage()+ "\n" + baos.getBuffer().toString());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.forwardRequest(request, response, framedPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLRequest: IOException occured: ", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void processSAMLResponse(FSResponse samlResponse) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSBrowserArtifactConsumerHandler.processSAMLResponse: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String baseURL = FSServiceUtils.getBaseURL(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String framedPageURL = FSServiceUtils.getCommonLoginPageURL(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostMetaAlias, relayState, null, request,baseURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLResponse: null input "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + FSUtils.bundle.getString("missingResponse"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { FSUtils.bundle.getString("missingResponse") };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.MISSING_RESPONSE,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.forwardRequest(request, response, framedPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLResponse: Received "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean valid = verifyResponseStatus(samlResponse);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLResponse: verify Status failed "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + FSUtils.bundle.getString("invalidResponse"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { samlResponse.toXMLString() };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.INVALID_RESPONSE,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster !spAdapter.postSSOFederationFailure(hostEntityId,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request, response, authnRequest, null, samlResponse,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.forwardRequest(request, response, framedPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // check Assertion
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((assertions == null) || !(assertions.size() > 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLResponse"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + ": No assertion found inside the AuthnResponse");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { samlResponse.toXMLString() };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.INVALID_RESPONSE,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.forwardRequest(request, response, framedPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSAssertion assertion = (FSAssertion)iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getInResponseToRequest(assertion.getInResponseTo());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLResponse: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + ": Assertion does not correspond to any AuthnRequest");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { samlResponse.toXMLString() };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.INVALID_RESPONSE,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.forwardRequest(request, response, framedPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster this.relayState = authnRequest.getRelayState();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaUtils.getFirstAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostConfig, IFSConstants.PROVIDER_HOME_PAGE_URL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster this.nameIDPolicy = authnRequest.getNameIDPolicy();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Call SP preSSOFederationProcess for Artifact case
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSBrowserArtifactConsumerHandler, " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Artifact, Invoke spAdapter.preSSOFederationProcess");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // log run time exception in Adapter
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // implementation, continue
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAssertionArtifactHandler"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " SPAdapter.preSSOFederationSuccess", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster framedPageURL = FSServiceUtils.getCommonLoginPageURL(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String idpEntityIdRef = getProvider(assertion.getInResponseTo());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLResponse: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + ": Assertion does not correspond to any IDP");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { FSUtils.bundle.getString("invalidAssertion")};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.INVALID_ASSERTION,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.forwardRequest(request, response, framedPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSubject validSubject =(FSSubject)validateAssertions(assertions);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLResponse: validateAssertions failed: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + FSUtils.bundle.getString("invalidAssertion"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] data = { FSUtils.bundle.getString("invalidAssertion")};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.INVALID_ASSERTION,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster !spAdapter.postSSOFederationFailure(hostEntityId,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request, response, authnRequest, null, samlResponse,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.forwardRequest(request, response, framedPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster NameIdentifier ni = validSubject.getIDPProvidedNameIdentifier();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (returnCode == FederationSPAdapter.SUCCESS) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // remove it from session manager table
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLResponse: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AccountFederationFailed"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "AccountFederationFailed") };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Level.INFO, LogUtil.ACCOUNT_FEDERATION_FAILED,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster !spAdapter.postSSOFederationFailure(hostEntityId,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLResponse: Single Sign-On failed. "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "NameIdentifier of the subject is null: ");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster { FSUtils.bundle.getString("SingleSignOnFailed") };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.SINGLE_SIGNON_FAILED,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSException("missingNIofSubject", null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // remove it from session manager table
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster NameIdentifier ni = validSubject.getNameIdentifier();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster { FSUtils.bundle.getString("invalidResponse") };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.INVALID_RESPONSE,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.forwardRequest(request, response, framedPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((idpHandle == null) || (spHandle == null)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster { FSUtils.bundle.getString("invalidResponse") };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.INVALID_RESPONSE,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.forwardRequest(request, response, framedPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster handleType = IFSConstants.REMOTE_OPAQUE_HANDLE;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLResponse: NameIdentifier="
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " securityDomain="
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster env.put(IFSConstants.FS_USER_PROVIDER_ENV_FSRESPONSE_KEY,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (returnCode == FederationSPAdapter.SUCCESS) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String requestID = assertion.getInResponseTo();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Call SP Adapter
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // log run time exception in Adapter
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // implementation, continue
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSAssertionArtifactHandler"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " SPAdapter.postSSOFederationSuccess:",e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLResponse: SingleSignOnFailed, ni="
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + ni.getName() + "[" + ni.getNameQualifier() + "]");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Level.INFO,LogUtil.SINGLE_SIGNON_FAILED ,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster !spAdapter.postSSOFederationFailure(hostEntityId,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLResponse: SingleSignOnFailed (null)");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster { FSUtils.bundle.getString("SingleSignOnFailed") };
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.SINGLE_SIGNON_FAILED,data);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new FSException("missingNIofSubject", null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "processSAMLResponse: Exception occured: ", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected void redirectToResource( String resourceURL)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String baseURL = FSServiceUtils.getBaseURL(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String framedPageURL = FSServiceUtils.getCommonLoginPageURL(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSBrowserArtifactConsumerHandler.redirectToResource: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "redirectToResource: Resource URL is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.forwardRequest(request, response, framedPageURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "redirectToResource: User's Authentication"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " Assertion verified redirecting to Resource:"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected FSAuthnRequest getInResponseToRequest(String requestID) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSBrowserArtifactConsumerHandler.getInResponseToRequest: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster authnRequest = sessionManager.getAuthnRequest(requestID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSBrowserArtifactConsumerHandler.signSAMLRequest: Called");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "signSAMLRequest: the request is already signed.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (certAlias == null || certAlias.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSBrowserArtifactConsumerHandler." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "signSAMLRequest: couldn't obtain this site's cert alias.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.bundle.getString("cannotFindCertAlias"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "signSAMLRequest: Provider's certAlias is found: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster XMLSignatureManager manager = XMLSignatureManager.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSBrowserArtifactConsumerHandler."
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "signSAMLRequest: XMLString to be signed: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster manager.signXML(samlRequest.toString(true, true), certAlias);