a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: FSSSOLECPProfileHandler.java,v 1.3 2008/06/25 05:46:59 qcheng Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.federation.services.fednsso;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.common.SystemConfigurationUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FSUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.IFSConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.jaxb.entityconfig.BaseConfigType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSAssertion;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSAuthnRequest;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSAuthnResponse;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSAuthnResponseEnvelope;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.common.FSMsgException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.util.*;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.assertion.NameIdentifier;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.xmlsig.XMLSignatureManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.encode.URLEncDec;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>IDP</code> single sign on service handler handles <code>LECP</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class FSSSOLECPProfileHandler extends FSSSOAndFedHandler {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request <code>HttpServletRequest</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response <code>HttpServletResponse</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authnRequest authentication request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param spDescriptor <code>SP</code>'s provider descriptor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param spConfig <code>SP</code>'s extended meta config
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param spEntityId <code>SP</code>'s entity id
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param relayState where to go after single sign on is done
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public FSSSOLECPProfileHandler (HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster super(request, response, authnRequest, spDescriptor,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Processes <code>LECP</code> authentication request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authnRequest authentication request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void processLECPAuthnRequest (FSAuthnRequest authnRequest){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Generates local login url.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param loginUrl authentication base url
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authnContext requested <code>AuthnContextRef</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return local login url with appropriate parameters
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSSOLECPProfileHandler.formatLoginURL: Called" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSSSOLECPProfileHandler.formatLoginURL: ");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //create return url
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String ssoUrl = hostedDesc.getSingleSignOnServiceURL();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster StringBuffer returnUrl = new StringBuffer(ssoUrl);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster returnUrl.append(IFSConstants.LECP_INDICATOR_PARAM)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append("=").append(IFSConstants.LECP_INDICATOR_VALUE)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append("&").append(IFSConstants.AUTHN_INDICATOR_PARAM)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append("=").append(IFSConstants.AUTHN_INDICATOR_VALUE)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append("&").append(IFSConstants.AUTH_REQUEST_ID)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append(URLEncDec.encode(authnRequest.getRequestID()));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //create goto url
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster new StringBuffer(IFSConstants.POST_LOGIN_PAGE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster gotoUrl.append("/").append(IFSConstants.META_ALIAS)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessMgr.setRelayState(id, returnUrl.toString());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .append("/").append(IFSConstants.SSOKEY).append("/")
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //create redirect url
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster StringBuffer redirectUrl = new StringBuffer(100);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster redirectUrl.append(IFSConstants.GOTO_URL_PARAM).append("=");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String authUrl = FSUtils.getAuthDomainURL(realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster redirectUrl.append(IFSConstants.ORGKEY).append("=").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSSOLECPProfileHandler.formatLoginURL: Exception: ", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected void sendAuthnResponse (FSAuthnResponse authnResponse) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster respEnvelope.setMinorVersion(authnResponse.getMinorVersion());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSServiceUtils.getAssertionConsumerServiceURL(spDescriptor, null));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSOAPService soapService = FSSOAPService.getInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster retMessage = soapService.bind(respEnvelope.toXMLString(true, true));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSSOLECPProfileHandler.sendAuthnResponse: ", ex);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.setHeader(IFSConstants.LECP_HEADER_NAME ,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request.getHeader(IFSConstants.LECP_HEADER_NAME));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.setContentType(IFSConstants.LECP_RESP_CONTENT_TYPE_HEADER);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSAssertion assertion = (FSAssertion)iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (Document)FSServiceUtils.createSOAPDOM(retMessage);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaUtils.getFirstAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSSOLECPProfileHandler.sendAuthnResponse: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + "couldn't obtain this site's cert alias.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster int minorVersion = assertion.getMinorVersion();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IFSConstants.FF_12_POST_ASSERTION_MINOR_VERSION ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IFSConstants.FF_12_ART_ASSERTION_MINOR_VERSION)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("invalid minor version.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster retMessage = FSServiceUtils.convertDOMToSOAP(doc);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected boolean doSingleSignOn (Object ssoToken,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSAuthnResponse authnResponse = createAuthnResponse(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ssoToken, inResponseTo, opaqueHandle, idpOpaqueHandle);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.setHeader(IFSConstants.LECP_HEADER_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request.getHeader(IFSConstants.LECP_HEADER_NAME));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSOAPReceiver.returnSOAPMessage: Exception::", e);