a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: RPSigninRequest.java,v 1.9 2009/11/03 00:48:54 madan_ranganath Exp $
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major * Portions Copyrighted 2015-2016 ForgeRock AS.
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpottsimport static org.forgerock.openam.utils.Time.*;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.meta.SAML2MetaUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.encode.CookieUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.encode.URLEncDec;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.common.WSFederationConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.common.WSFederationException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.common.WSFederationUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.meta.WSFederationMetaManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.meta.WSFederationMetaUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This class implements the sign-in request for the service provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class RPSigninRequest extends WSFederationAction {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static Debug debug = WSFederationUtils.debug;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Creates a new instance of RPSigninRequest
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request HTTPServletRequest for this interaction
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response HTTPServletResponse for this interaction
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param whr the whr parameter from the signin request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param wct the wct parameter from the signin request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param wctx the wctx parameter from the signin request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param wreply the wreply parameter from the signin request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public RPSigninRequest(HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Processes the sign-in request, redirecting the browser to the identity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * provider via the HttpServletResponse passed to the constructor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void process() throws WSFederationException, IOException
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String classMethod = "RPSigninRequest.process: ";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Exchange reply URL for opaque identifier
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster wctx = (wreply != null && (wreply.length() > 0)) ?
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String spMetaAlias = WSFederationMetaUtils.getMetaAliasByUri(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ( spMetaAlias==null || spMetaAlias.length()==0 ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster WSFederationUtils.bundle.getString("MetaAliasNotFound"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String spRealm = SAML2MetaUtils.getRealmByMetaAlias(spMetaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ( spEntityId==null || spEntityId.length()==0 )
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new WSFederationException(WSFederationConstants.BUNDLE_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getSPSSOConfig(spRealm,spEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster throw new WSFederationException(WSFederationConstants.BUNDLE_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster com.sun.identity.wsfederation.common.WSFederationConstants.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster WSFederationConstants.ACCOUNT_REALM_SELECTION_DEFAULT;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster WSFederationConstants.ACCOUNT_REALM_COOKIE_NAME_DEFAULT;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster WSFederationConstants.HOME_REALM_DISCOVERY_SERVICE).get(0);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message(classMethod+"account realm selection method is " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // whr parameter overrides other mechanisms...
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (accountRealmSelection.equals(WSFederationConstants.COOKIE))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // ...and overwrites cookie
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Cookie cookie = new Cookie(accountRealmCookieName,whr);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Set cookie to persist for a year
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster CookieUtils.addCookieToResponse(response, cookie);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request.getHeader(WSFederationConstants.USERAGENT);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message(classMethod+"user-agent is :" + uaHeader);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster WSFederationUtils.accountRealmFromUserAgent(uaHeader,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error(classMethod+"unexpected value for " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster WSFederationConstants.ACCOUNT_REALM_SELECTION + " : " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster WSFederationUtils.bundle.getString("badAccountRealm"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getEntityDescriptor(spRealm,spEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message(classMethod+"SP issuer name:" + spIssuerName);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (idpIssuerName != null && idpIssuerName.length() > 0)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Got the issuer name from the cookie/UA string - let's see if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // we know the entity ID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // See if there is only one trusted IdP configured...
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster metaManager.getAllRemoteIdentityProviderEntities(spRealm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ArrayList<String> trustedRemoteIdPs = new ArrayList<String>();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Misconfiguration!
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster WSFederationUtils.bundle.getString("noIDPConfigured"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Set LB cookie here so it's done regardless of which redirect happens
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // We want response to come back to this instance
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major WSFederationUtils.sessionProvider.setLoadBalancerCookie(request, response);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // If we still don't know the IdP, redirect to home realm discovery
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster StringBuffer url = new StringBuffer(homeRealmDiscoveryService);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster url.append(URLEncDec.encode(request.getRequestURL().toString()));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message(classMethod+"account realm:" + idpEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message(classMethod+"endpoint:" + endpoint);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message(classMethod+"replyURL:" + replyURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster url.append(URLEncDec.encode(WSFederationConstants.WSIGNIN10));
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpotts url.append(URLEncDec.encode(DateUtils.toUTCDateFormat(newDate())));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message(classMethod+"Redirecting to:" + url);