IDPProxyUtil.java revision 3b705ce0a025821048ff45b348fb10188c46a608
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: IDPProxyUtil.java,v 1.18 2009/11/20 21:41:16 exu Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Portions Copyrighted 2010-2012 ForgeRock Inc
80849398a45dca1fb917716907d6ec99be6222c2Peter Majorimport com.iplanet.dpro.session.exceptions.StoreException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.datastruct.OrderedSet;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.encode.URLEncDec;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.Assertion;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.Subject;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.assertion.AssertionFactory;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Constants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Exception;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.common.SAML2Utils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.meta.SAML2MetaException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.meta.SAML2MetaManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.meta.SAML2MetaUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.plugins.SAML2IDPFinder;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.protocol.AuthnRequest;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.protocol.IDPEntry;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.protocol.LogoutRequest;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.protocol.LogoutResponse;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.protocol.NameIDPolicy;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.protocol.Response;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.protocol.ProtocolFactory;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionProvider;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionException;
89503929c8983c48e2049c77284b52e79ad37c32jeff.schenkimport com.sun.identity.saml2.common.SAML2RepositoryFactory;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Utility class to be used for IDP Proxying.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // IDP proxy finder
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // private static SAML2IDPFinder proxyFinder = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static SessionProvider sessionProvider = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessionProvider = SessionManager.getProvider();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.error("IDPSSOFederate:Static Init Failed", ex);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Gets the preferred IDP Id to be proxied. This method makes use of an
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * SPI to determine the preferred IDP.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authnRequest original Authn Request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedEntityId hosted provider ID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm Realm
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request HttpServletRequest
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response HttpServletResponse
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception for any SAML2 failure.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return String Provider id of the preferred IDP to be proxied.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2IDPFinder proxyFinder = getIDPProxyFinder(realm, hostedEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List idpProviderIDs = proxyFinder.getPreferredIDP(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((idpProviderIDs == null) || idpProviderIDs.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sends a new AuthnRequest to the authenticating provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authnRequest original AuthnRequest sent by the service provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param preferredIDP IDP to be proxied.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param spSSODescriptor SPSSO Descriptor Element
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedEntityId hosted provider ID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request HttpServletRequest
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response HttpServletResponse
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm Realm
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param relayState the Relay State
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param binding the binding
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception for any SAML2 failure.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception IOException if there is a failure in redirection.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static void sendProxyAuthnRequest (
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String classMethod = "IDPProxyUtil.sendProxyAuthnRequest: ";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AuthnRequest newAuthnRequest = getNewAuthnRequest(hostedEntityId,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "New Authentication request:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // save the AuthnRequest in the IDPCache so that it can be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // retrieved later when the user successfully authenticates
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // save the SP descriptor in IDPCache
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // save the original AuthnRequest
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SPSSOConfigElement localDescriptorConfig = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster targetURL = SPSSOFederate.getSSOURL(ssoServiceList, binding);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster localDescriptorConfig = IDPSSOUtil.metaManager.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.error(classMethod + "Single Sign-on service " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "is not found for the proxying IDP.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new SAML2Exception(SAML2Utils.bundle.getString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "ssoServiceNotFoundIDPProxy"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean signingNeeded = ((idpDescriptor != null) &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // check if relayState is present and get the unique
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // id which will be appended to the SSO URL before
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // redirecting
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (relayState != null && relayState.length()> 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster relayStateID = SPSSOFederate.getRelayStateID(relayState,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (binding.equals(SAML2Constants.HTTP_POST)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaUtils.getAttributes(localDescriptorConfig),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SPSSOFederate.signAuthnRequest(certAlias,newAuthnRequest);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String authXMLString = newAuthnRequest.toXMLString(true,true);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String encodedReqMsg = SAML2Utils.encodeForPOST(authXMLString);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.postToTarget(response, "SAMLRequest",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster encodedReqMsg, "RelayState", relayStateID, targetURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String authReqXMLString = newAuthnRequest.toXMLString(true,true);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message(classMethod + " AuthnRequest: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // encode the xml string
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String encodedXML = SAML2Utils.encodeForRedirect(authReqXMLString);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster new StringBuffer().append(SAML2Constants.SAML_REQUEST)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //TODO: should it be newAuthnRequest???
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (relayStateID != null && relayStateID.length() > 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster queryString.append("&").append(SAML2Constants.RELAY_STATE)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // sign the query string
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaUtils.getAttributes(localDescriptorConfig),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String signedQueryStr = SPSSOFederate.signQueryString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.access(Level.INFO, LogUtil.REDIRECT_TO_SP,data, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AuthnRequestInfo reqInfo = new AuthnRequestInfo(request, response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm, hostedEntityId, preferredIDP, newAuthnRequest, relayState,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // sessionExpireTime is counted in seconds
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster long sessionExpireTime = System.currentTimeMillis() / 1000 + SPCache.interval;
80849398a45dca1fb917716907d6ec99be6222c2Peter Major SAML2RepositoryFactory.getInstance().saveSAML2Token(requestID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster new AuthnRequestInfoCopy(reqInfo), sessionExpireTime, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message(classMethod + " SAVE AuthnRequestInfoCopy for requestID " + requestID);
80849398a45dca1fb917716907d6ec99be6222c2Peter Major SAML2Utils.debug.error(classMethod + " SAVE AuthnRequestInfoCopy for requestID " + requestID + ", has failed!",se);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructs new authentication request by using the original request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * that is sent by the service provider to the proxying IDP.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedEntityId hosted provider ID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param idpEntityID IDP provider ID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm Realm
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param origRequest Original Authn Request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return AuthnRequest new authn request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception for failure in creating new authn request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return AuthnRequest object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static AuthnRequest getNewAuthnRequest(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String classMethod = "IDPProxyUtil.getNewAuthnRequest: ";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // New Authentication request should only be a single sign-on request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster AuthnRequest newRequest = ProtocolFactory.getInstance().
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((requestID == null) || (requestID.length() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("cannotGenerateID"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String dest = SPSSOFederate.getSSOURL(ssoServiceList,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster newRequest.setDestination(XMLUtils.escapeSpecialCharacters(dest));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster newRequest.setConsent(origRequest.getConsent());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster newRequest.setIsPassive(origRequest.isPassive());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster newRequest.setForceAuthn(origRequest.isForceAuthn());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster newRequest.setAttributeConsumingServiceIndex(origRequest.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster newRequest.setAssertionConsumerServiceIndex(origRequest.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String protocolBinding = origRequest.getProtocolBinding();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster newRequest.setProtocolBinding(protocolBinding);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster newRequest.setAssertionConsumerServiceURL(acsURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Issuer issuer = AssertionFactory.getInstance().createIssuer();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster NameIDPolicy origNameIDPolicy = origRequest.getNameIDPolicy();
3b705ce0a025821048ff45b348fb10188c46a608Peter Major NameIDPolicy newNameIDPolicy = ProtocolFactory.getInstance().createNameIDPolicy();
3b705ce0a025821048ff45b348fb10188c46a608Peter Major newNameIDPolicy.setFormat(origNameIDPolicy.getFormat());
3b705ce0a025821048ff45b348fb10188c46a608Peter Major newNameIDPolicy.setSPNameQualifier(hostedEntityId);
3b705ce0a025821048ff45b348fb10188c46a608Peter Major newNameIDPolicy.setAllowCreate(origNameIDPolicy.isAllowCreate());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster newRequest.setRequestedAuthnContext(origRequest.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster newRequest.setExtensions(origRequest.getExtensions());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster newRequest.setVersion(SAML2Constants.VERSION_2_0);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Scoping newScoping = ProtocolFactory.getInstance().
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Integer proxyCountInt = scoping.getProxyCount();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster proxyCount = scoping.getProxyCount().intValue();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster newScoping.setProxyCount(new Integer(proxyCount-1));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //handling the alwaysIdpProxy case -> the incoming request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //did not contained a Scoping field
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SPSSOConfigElement spConfig = getSPSSOConfigByAuthnRequest(realm, origRequest);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Map<String, List<String>> spConfigAttrMap = SAML2MetaUtils.getAttributes(spConfig);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster scoping = ProtocolFactory.getInstance().createScoping();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String proxyCountParam = SPSSOFederate.getParameter(spConfigAttrMap,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (proxyCountParam != null && (!proxyCountParam.equals(""))) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster int proxyCount = Integer.valueOf(proxyCountParam);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //since this is a remote SP configuration, we should
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //decrement the proxycount by one
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (proxyIdPs != null && !proxyIdPs.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List<IDPEntry> list = new ArrayList<IDPEntry>();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPEntry entry = ProtocolFactory.getInstance().
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPList idpList = ProtocolFactory.getInstance().
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Checks if the identity provider is configured for proxying the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * authentication requests for a requesting service provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param authnRequest Authentication Request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm Realm
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>true</code> if the IDP is configured for proxying.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception for any failure.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static boolean isIDPProxyEnabled(AuthnRequest authnRequest,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //let's check if always IdP proxy and IdP Proxy itself is enabled
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster spConfig = getSPSSOConfigByAuthnRequest(realm, authnRequest);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster spConfigAttrsMap = SAML2MetaUtils.getAttributes(spConfig);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Boolean alwaysEnabled = SPSSOFederate.getAttrValueFromMap(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster spConfigAttrsMap, SAML2Constants.ALWAYS_IDP_PROXY);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Boolean proxyEnabled = SPSSOFederate.getAttrValueFromMap(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster spConfigAttrsMap, SAML2Constants.ENABLE_IDP_PROXY);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Integer proxyCountInt = scoping.getProxyCount();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //Proxy count missing, IDP Proxy allowed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster spConfigAttrsMap = SAML2MetaUtils.getAttributes(spConfig);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Boolean enabledString = SPSSOFederate.getAttrValueFromMap(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster spConfigAttrsMap, SAML2Constants.ENABLE_IDP_PROXY);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Checks if the proxying is enabled. It will be checking if the proxy
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * service provider descriptor is set in the session manager for the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * specific request ID.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param requestID authentication request id which is created by the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * proxying IDP to the authenticating IDP.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return true if the proxying is enabled.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static boolean isIDPProxyEnabled(String requestID) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return IDPCache.proxySPDescCache.containsKey(requestID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sends the proxy authentication response to the proxying service
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * provider which has originally requested for the authentication.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request HttpServletRequest
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response HttpServletResponse
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param requestID request ID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param idpMetaAlias meta Alias
80849398a45dca1fb917716907d6ec99be6222c2Peter Major * @param newSess Session object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception for any SAML2 failure.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static void sendProxyResponse(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String classMethod = "IDPProxyUtil.sendProxyResponse: ";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPCache.proxySPAuthnReqCache.remove(requestID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String proxySPEntityId = origRequest.getIssuer().getValue();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + ":Original requesting service provider id:"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Save the SP provider id based on the token id
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (String) sessionProvider.getSessionID(newSess),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //TODO: set AuthnContext
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster /*AuthnContext authnContextStm;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (authnContextStmt != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String authnContext = authnContextStmt.getAuthnContextClassRef();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster session.setAuthnContext(authnContext);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPCache.relayStateCache.get(origRequest.getID());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Generates the AuthnResponse by the IDP Proxy and send to the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * service provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request HttpServletRequest
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response HttpServletResponse
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias meta Alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param respInfo ResponseInfo object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param newSession Session object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception for any SAML2 failure.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static void generateProxyResponse(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster HttpServletRequest request, HttpServletResponse response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String requestID = saml2Resp.getInResponseTo();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //if (isIDPProxyEnabled(requestID)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String nameidFormat = getNameIDFormat(saml2Resp);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (nameidFormat != null && SAML2Utils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("NAME ID Format= " + nameidFormat );
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sendProxyResponse(request, response, requestID, metaAlias,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static String getNameIDFormat(Response res)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((assertions == null) || (assertions.size() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Assertion assertion = (Assertion)assertions.get(0);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Initiates the Single logout request by the IDP Proxy to the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * authenticating identity provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request HttpServletRequest
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response HttpServletResponse
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param partner Authenticating identity provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param spMetaAlias IDP proxy's meta alias acting as SP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm Realm
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static void initiateSPLogoutRequest(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "nullSSOToken",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] values = SessionManager.getProvider().
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getProperty(ssoToken, SAML2Constants.SP_METAALIAS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster paramsMap.put(SAML2Constants.ROLE, SAML2Constants.SP_ROLE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster paramsMap.put(SAML2Constants.BINDING, binding);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String dest = getLocation(realm, partner, binding);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "sloResponseServiceLocationNotfound"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster paramsMap.put("Consent", request.getParameter("Consent"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster paramsMap.put("Extension", request.getParameter("Extension"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster paramsMap.put(SAML2Constants.RELAY_STATE, relayState);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SPSingleLogout.initiateLogoutRequest(request,response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.error("Error sending Logout Request " , sse);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "LogoutRequestCreationError",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "LogoutRequestCreationError"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.error("Error initializing Request ",e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "LogoutRequestCreationError",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "LogoutRequestCreationError"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Gets the SLO response service location of the authenticating
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * identity provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm Realm
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param idpEntityID authenticating identity provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return location URL of the SLO response service, return null
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * if not found.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static String getLocation (String realm, String idpEntityID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // get IDPSSODescriptor
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.IDP_METADATA_ERROR,data,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List slosList = idpsso.getSingleLogoutService();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.SLO_NOT_FOUND,data,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("sloServiceListNotfound"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster location = LogoutUtil.getSLOServiceLocation(slosList,binding);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SAML2Utils.debug.messageEnabled() && (location != null)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static List getSessionPartners(HttpServletRequest request)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object tmpsession = sessionProvider.getSession(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String tokenID = sessionProvider.getSessionID(tmpsession);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SESSION PARTNER's Provider ID: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static void sendProxyLogoutRequest(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object tmpsession = sessionProvider.getSession(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String tokenID = sessionProvider.getSessionID(tmpsession);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "CURRENT PARTNER's provider ID: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("Starting IDP proxy logout.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaUtils.getMetaAliasByUri(request.getRequestURI()) ;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAlias));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPCache.idpSessionsBySessionID.remove(tokenID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster initiateSPLogoutRequest(request,response, party, metaAlias, realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster logoutReq, null, idpSession, binding, relayState);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static void sendProxyLogoutResponse(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityID = (String) infoMap.get("entityid");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.bundle.getString("nullIDPEntityID"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("Proxy IDP EntityID=" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //TODO: need to take realm from infoMap
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogoutResponse logoutRes = LogoutUtil.generateResponse(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String location = IDPSingleLogout.getSingleLogoutLocation(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster remoteEntity,"/", SAML2Constants.HTTP_REDIRECT);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("Proxy to: " + location);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String relayState = (String) infoMap.get(SAML2Constants.RELAY_STATE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogoutUtil.sendSLOResponse(response, logoutRes,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static void sendProxyLogoutRequestSOAP(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "CURRENT PARTNER's provider ID: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("Starting IDP proxy logout.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaUtils.getMetaAliasByUri(request.getRequestURI()) ;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAlias));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster initiateSPLogoutRequest(request,response, party, metaAlias, realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster null, msg ,idpSession, SAML2Constants.SOAP, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static Map getSessionPartners(SOAPMessage message) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Element reqElem = SAML2Utils.getSamlpElement(message,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "LogoutRequest");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ProtocolFactory.getInstance().createLogoutRequest(reqElem);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Number of session indices in the logout request is "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("getSessionPartners: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPCache.idpSessionsByIndices.get(sessionIndex);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // session is in another server
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessMap.put(SAML2Constants.SESSION_INDEX, sessionIndex);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessMap.put(SAML2Constants.IDP_SESSION, idpSession);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String tokenId = sessionProvider.getSessionID(session);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SESSION PARTNER's Provider ID: "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessMap.put(SAML2Constants.PARTNERS, partners);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message("getSessionPartners: Number of " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "session indices in the logout request is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.error("getSessionPartners: ", se);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static void sendProxyLogoutResponseBySOAP(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Need to call saveChanges because we're
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // going to use the MimeHeaders to set HTTP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // response information. These MimeHeaders
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // are generated as part of the save.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.putHeaders(reply.getMimeHeaders(), resp);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Write out the message on the response stream
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.error("sendProxyLogoutResponseBySOAP: ", se);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.error("sendProxyLogoutResponseBySOAP: ", ie);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static void sendIDPInitProxyLogoutRequest(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object tmpsession = sessionProvider.getSession(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String tokenID = sessionProvider.getSessionID(tmpsession);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2MetaUtils.getMetaAliasByUri(request.getRequestURI());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAlias));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String logoutAll = request.getParameter(SAML2Constants.LOGOUT_ALL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPSSOConfigElement config = sm.getIDPSSOConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster paramsMap.put("metaAlias", config.getMetaAlias());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster paramsMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster paramsMap.put("Consent", request.getParameter("Consent"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster paramsMap.put("Extension", request.getParameter("Extension"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster logoutResponseMap.put("LogoutResponse", logoutResponse);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (location != null && !location.equals("")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (spEntityID != null && !spEntityID.equals("")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster logoutResponseMap.put("spEntityID", spEntityID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (idpEntityID != null && !idpEntityID.equals("")) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster logoutResponseMap.put("idpEntityID", idpEntityID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster paramsMap.put(SAML2Constants.LOGOUT_ALL, logoutAll);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPSingleLogout.initiateLogoutRequest(request,response,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (binding.equalsIgnoreCase(SAML2Constants.SOAP)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (RelayState != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.sendRedirect(RelayState);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster <jsp:forward
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster page="/saml2/jsp/default.jsp?message=idpSloSuccess" />
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static List getSPSessionPartners(HttpServletRequest request)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object tmpsession = sessionProvider.getSession(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String tokenID = sessionProvider.getSessionID(tmpsession);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster pid=(String)IDPCache.spSessionPartnerBySessionID.get(tokenID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDPCache.spSessionPartnerBySessionID.remove(tokenID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns an <code>IDPProxyFinder</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm the realm name
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param idpEntityID the entity id of the identity provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return the <code>IDPProxyFinder</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @exception SAML2Exception if the operation is not successful
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String classMethod = "IDPProxyUtil.getIDPProxyFinder: ";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster idpProxyFinderName = IDPSSOUtil.getAttributeValueFromIDPSSOConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm, idpEntityID, SAML2Constants.PROXY_IDP_FINDER_CLASS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (idpProxyFinderName == null || idpProxyFinderName.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SAML2Utils.debug.message(classMethod + "use " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Class.forName(idpProxyFinderName).newInstance();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "got the IDPProxyFinder from cache");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static SPSSOConfigElement getSPSSOConfigByAuthnRequest(