IPSigninRequest.java revision 5af0d70c754ff38ed1da1daf16b553645f62b87e
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: IPSigninRequest.java,v 1.8 2009/10/28 23:59:00 exu Exp $
*
* Portions Copyrighted 2014 ForgeRock AS.
*/
/**
* This class implements the sign-in request for the identity provider.
*/
public class IPSigninRequest extends WSFederationAction {
/**
* Creates a new instance of RPSigninRequest
* @param request HTTPServletRequest for this interaction
* @param response HTTPServletResponse for this interaction
* @param whr the whr parameter from the signin request
* @param wtrealm the wtrealm parameter from the signin request
* @param wct the wct parameter from the signin request
* @param wctx the wctx parameter from the signin request
* @param wreply the wreply parameter from the signin request
*/
}
/**
* Processes the sign-in request, returning a response via the
* HttpServletResponse passed to the constructor.
*/
{
request.getRequestURI());
if ((idpMetaAlias == null)
"unable to get IDP meta alias from request.");
throw new WSFederationException(
}
// retrieve IDP entity id from meta alias
if ((idpEntityID == null)
"Unable to get IDP Entity ID from metaAlias");
throw new WSFederationException(
}
wtrealm);
if ((spEntityID == null)
"Unable to get SP Entity ID from wtrealm");
throw new WSFederationException(
}
// check if the remote provider is valid
spEntityID)) {
"The remote provider is not valid.");
throw new WSFederationException(
}
// get the user sso session from the request
try {
} catch (SessionException se) {
if (debug.messageEnabled()) {
classMethod + "Unable to retrieve user session.");
}
}
// the user has not logged in yet, redirect to auth
return;
}
// TODO
boolean sessionUpgrade = false;
if (!sessionUpgrade) {
// set session property for multi-federation protocol hub
realm);
}
}
/**
* Redirect to authenticate service
*/
throws WSFederationException, IOException {
// get the authentication service url
request));
// find out the authentication method, e.g. module=LDAP, from
// authn context mapping
/*
IDPAuthnContextMapper idpAuthnContextMapper =
IDPSSOUtil.getIDPAuthnContextMapper(realm, idpEntityID);
IDPAuthnContextInfo info =
idpAuthnContextMapper.getIDPAuthnContextInfo(
authnReq, idpEntityID, realm);
Set authnTypeAndValues = info.getAuthnTypeAndValues();
if ((authnTypeAndValues != null)
&& (!authnTypeAndValues.isEmpty())) {
Iterator iter = authnTypeAndValues.iterator();
StringBuffer authSB = new StringBuffer((String)iter.next());
while (iter.hasNext()) {
authSB.append("&");
authSB.append((String)iter.next());
}
if (newURL.indexOf("?") == -1) {
newURL.append("?");
} else {
newURL.append("&");
}
newURL.append(authSB.toString());
if (debug.messageEnabled()) {
debug.message(classMethod +
"authString=" + authSB.toString());
}
}
*/
} else {
}
append("?").
if (debug.messageEnabled()) {
}
if (debug.messageEnabled()) {
}
// We want authentication request from browser to come back to this
// instance
// TODO: here we should check if the new URL is one
// the same web container, if yes, forward,
// if not, redirect
}
/**
* Sends <code>RequestSecurityTokenResponse</code> containing an
* <code>Assertion</code> back to the requesting service provider
*/
throws WSFederationException, IOException {
/*
String nameIDFormat = null;
NameIDPolicy policy = authnReq.getNameIDPolicy();
if (policy != null) {
nameIDFormat = policy.getFormat();
}
*/
throw new WSFederationException(
}
{
+ idpEntityId);
throw new WSFederationException(
getString("unableToFindIDPConfiguration"));
}
{
+ spEntityId);
throw new WSFederationException(
getString("unableToFindSPConfiguration"));
}
try {
"UserId")[0]; // ISAuthConstants.USER_ID
} catch (SessionException se) {
throw new WSFederationException(se);
}
spEntityId, realm);
authInstant = new Date();
} else {
try {
} catch (ParseException pe) {
throw new WSFederationException(pe);
}
}
if (notBeforeSkewStr != null) {
try {
if (debug.messageEnabled()) {
"got not before skew from config:" + notBeforeSkew);
}
} catch (NumberFormatException nfe) {
"Failed to get not before skew from IDP SSO config: ",
nfe);
throw new WSFederationException(nfe);
}
}
if (effectiveTimeStr != null) {
try {
if (debug.messageEnabled()) {
"got effective time from config:" + effectiveTime);
}
} catch (NumberFormatException nfe) {
"Failed to get assertion effective time from " +
"IDP SSO config: ", nfe);
throw new WSFederationException(nfe);
}
}
// By default, we want to sign assertions
: true;
{
// SP wants us to sign the assertion, but we don't have a signing
// cert
"SP wants signed assertion, but no signing cert is " +
"configured");
throw new WSFederationException(
}
if ( ! wantAssertionSigned )
{
// SP doesn't want us to sign the assertion, so pass null certAlias
// to indicate no assertion signature required
}
// generate a response for the authn request
// TODO - check WS-Fed error handling
/*
res = IDPSSOUtil.getErrorResponse(authnReq,
SAML2Constants.RESPONDER, errorMsg, idpEntityID);
*/
return;
} else {
try {
// Add SP to SP list in session
{
}
} catch (SessionException e) {
"error setting idpMetaAlias into the session: ", e);
}
try {
} catch (ServletException se) {
throw new WSFederationException(se);
}
}
}
/**
* This method posts the assertion response to the service provider using
* the HttpServletResponse object.
*
* @param rstr the <code>RequestSecurityTokenResponse</code> to send
* @param targetURL the <code>URL</code> of the target location
*
* @exception IOException if there is any network I/O problem
*/
throws IOException, ServletException
{
if (debug.messageEnabled()) {
}
}
if (accountMapperList != null) {
try {
newInstance());
} catch (ClassNotFoundException cfe) {
throw new WSFederationException(cfe);
} catch (InstantiationException ie) {
throw new WSFederationException(ie);
} catch (IllegalAccessException iae) {
throw new WSFederationException(iae);
}
}
if (accountMapper == null) {
throw new WSFederationException(
}
return accountMapper;
}
throws WSFederationException {
if (attrMapperList != null) {
try {
newInstance());
} catch (ClassNotFoundException cfe) {
throw new WSFederationException(cfe);
} catch (InstantiationException ie) {
throw new WSFederationException(ie);
} catch (IllegalAccessException iae) {
throw new WSFederationException(iae);
}
}
if (attrMapper == null) {
throw new WSFederationException(
}
return attrMapper;
}
}