/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: IDPArtifactResolution.java,v 1.13 2009/11/20 21:41:16 exu Exp $
*
* Portions Copyrighted 2012-2016 ForgeRock AS.
*/
/**
* This class handles the artifact resolution request
* from a service provider. It processes the artifact
* resolution request sent by the service provider and
* sends a proper SOAPMessage that contains an Assertion.
*/
public class IDPArtifactResolution {
static {
try {
} catch (SOAPException se) {
}
}
private IDPArtifactResolution() {
}
/**
* This method processes the artifact resolution request coming
* from a service provider. It processes the artifact
* resolution request sent by the service provider and
* sends back a proper SOAPMessage that contains an Assertion.
*
* @param request the <code>HttpServletRequest</code> object
* @param response the <code>HttpServletResponse</code> object
*/
public static void doArtifactResolution(
try {
if ((idpMetaAlias == null)
request.getRequestURI());
}
if ((idpMetaAlias == null)
"unable to get IDP meta alias from request.");
}
"nullIDPMetaAlias",
return;
}
// retrieve IDP entity id from meta alias
try {
if ((idpEntityID == null)
"Unable to get IDP Entity ID from meta.");
"nullIDPEntityID",
return;
}
} catch (SAML2MetaException sme) {
"Unable to get IDP Entity ID from meta.");
return;
}
{
"Artifact Resolution Service binding: Redirect is not " +
"supported for " + idpEntityID);
return;
}
try {
// Get all the headers from the HTTP request
// Get the body of the HTTP request
/* Need to call saveChanges because we're
* going to use the MimeHeaders to set HTTP
* response information. These MimeHeaders
* are generated as part of the save. */
if (reply.saveRequired()) {
reply.saveChanges();
}
// Write out the message on the response stream
} else {
}
} catch (SOAPException ex) {
return;
} catch (SAML2Exception se) {
"unableToCreateArtifactResponse",
"unableToCreateArtifactResponse") +
return;
}
} catch (IOException ioe) {
}
}
/**
* This method generates a <code>SOAPMessage</code> containing the
* <code>ArtifactResponse</code> that is corresponding to the
* <code>ArtifactResolve</code> contained in the
* <code>SOAPMessage</code> passed in.
*
* @param message <code>SOAPMessage</code> contains a
* <code>ArtifactResolve</code>
* @param request the <code>HttpServletRequest</code> object
* @param realm the realm to where the identity provider belongs
* @param idpEntityID the entity id of the identity provider
*
* @return <code>SOAPMessage</code> contains the
* <code>ArtifactResponse</code>
* @exception SAML2Exception if the operation is not successful
*/
throws SAML2Exception {
}
"ArtifactResolve");
if (artResolve == null) {
"no valid ArtifactResolve node found in SOAP body.");
}
"noArtifactResolve", null);
}
if (!SAML2Utils.isSourceSiteValid(
{
" is not trusted issuer.");
"invalidIssuerInRequest", null);
}
try {
} catch (SAML2MetaException sme) {
}
if (spSSODescriptor == null) {
"Unable to get SP SSO Descriptor from meta.");
"metaDataError", null);
}
//String protocolBinding = (String) acsSet.get(1);
if ((isArtifactResolveSigned != null)
if (!artResolve.isSigned()) {
"The artifact resolve is not signed " +
"when it is expected to be signed.");
"ArtifactResolveNotSigned", null);
}
"artifact resolve verification failed.");
"invalidArtifact", null);
}
"artifact resolve signature verification is successful.");
}
}
"Unable to get an artifact from ArtifactResolve.");
"invalidArtifactSignature", null);
}
// in LB case, artifact may reside on the other server.
.getMessageHandle());
if (targetServerID == null) {
+ "target serverID is null");
}
"InvalidArtifactId", null);
}
if (!localTarget) {
+ "target serverID is not valid: "
+ targetServerID);
}
null);
}
try {
.getRequestURI());
return resMsg;
.message(
+ "unable to forward request to remote server. "
+ "remote url = "
+ remoteArtURL, ex);
}
if (!saml2FailoverEnabled) {
"RemoteArtifactResolutionFailed", null);
}
// when the target server is running but the remote call was
// failed to this server (due to a network error)
// and the saml2failover is enabled, we can still find the
// artifact in the SAML2 repository.
// However the cached entry in the target server will not be
// deleted this way.
}
}
if (saml2FailoverEnabled) {
// Check the SAML2 Token Repository
try {
}
} catch (SAML2Exception e) {
"UnableToFindResponseInRepo", null);
} catch (SAML2TokenRepositoryException se) {
"UnableToFindResponseInRepo", null);
}
}
}
saml2FailoverEnabled ? "UnableToFindResponseInRepo"
: "UnableToFindResponse", null);
}
// Remove Response from SAML2 Token Repository
try {
if (saml2FailoverEnabled) {
}
} catch (SAML2TokenRepositoryException e) {
" Error deleting the response from the SAML2 Token Repository using artStr:" + artStr, e);
}
if (nameIDString != null) {
}
// check if need to sign the assertion
if (signAssertion) {
"signing the assertion.");
}
}
// on SP config setting and sign the assertion.
// set the idp entity id as the response issuer
if ((wantArtifactResponseSigned != null) && (wantArtifactResponseSigned.equals(SAML2Constants.TRUE))) {
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "nullKeyProvider", null);
}
String idpSignCertAlias = SAML2Utils.getSigningCertAlias(realm, idpEntityID, SAML2Constants.IDP_ROLE);
if (idpSignCertAlias == null) {
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "missingSigningCertAlias", null);
}
} else {
}
}
}
} else {
}
}
try {
} catch (SOAPException se) {
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "unableToCreateSOAPMessage", null);
}
return msg;
}
// gets the MIME headers from a HTTPRequest
while (enumerator.hasMoreElements()) {
while (values.hasMoreTokens()) {
}
}
return headers;
}
// puts MIME headers into a HTTPResponse
} else {
int i = 0;
if (i != 0) {
}
}
}
}
}
}