wsfederation/servlet/RPSigninRequest.java

ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpotts/*
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * opensso/legal/CDDLv1.0.txt
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * at opensso/legal/CDDLv1.0.txt.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: RPSigninRequest.java,v 1.9 2009/11/03 00:48:54 madan_ranganath Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster *
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major * Portions Copyrighted 2015-2016 ForgeRock AS.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.wsfederation.servlet;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpottsimport static org.forgerock.openam.utils.Time.*;
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpotts
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml2.meta.SAML2MetaUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.DateUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.debug.Debug;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.encode.CookieUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.shared.encode.URLEncDec;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.common.WSFederationConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.common.WSFederationException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.io.IOException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Date;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport javax.servlet.http.Cookie;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport javax.servlet.http.HttpServletRequest;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport javax.servlet.http.HttpServletResponse;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.common.WSFederationUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.meta.WSFederationMetaManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.meta.WSFederationMetaUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.ArrayList;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.List;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport java.util.Map;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster/**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This class implements the sign-in request for the service provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class RPSigninRequest extends WSFederationAction {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    private static Debug debug = WSFederationUtils.debug;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    String whr;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    String wreply;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    String wctx;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    String wct;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Creates a new instance of RPSigninRequest
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param request HTTPServletRequest for this interaction
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param response HTTPServletResponse for this interaction
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param whr the whr parameter from the signin request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param wct the wct parameter from the signin request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param wctx the wctx parameter from the signin request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * @param wreply the wreply parameter from the signin request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public RPSigninRequest(HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        HttpServletResponse response, String whr,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String wct, String wctx, String wreply) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        super(request,response);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        this.whr = whr;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        this.wct = wct;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        this.wctx = wctx;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        this.wreply = wreply;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    /**
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * Processes the sign-in request, redirecting the browser to the identity
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     * provider via the HttpServletResponse passed to the constructor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster     */
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    public void process() throws WSFederationException, IOException
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String classMethod = "RPSigninRequest.process: ";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            debug.message(classMethod+"entered method");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (wctx == null || wctx.length() == 0){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            // Exchange reply URL for opaque identifier
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            wctx = (wreply != null && (wreply.length() > 0)) ?
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                WSFederationUtils.putReplyURL(wreply) : null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String spMetaAlias = WSFederationMetaUtils.getMetaAliasByUri(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                                            request.getRequestURI());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if ( spMetaAlias==null || spMetaAlias.length()==0 ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            throw new WSFederationException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                WSFederationUtils.bundle.getString("MetaAliasNotFound"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String spRealm = SAML2MetaUtils.getRealmByMetaAlias(spMetaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        WSFederationMetaManager metaManager =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            WSFederationUtils.getMetaManager();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String spEntityId =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            metaManager.getEntityByMetaAlias(spMetaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if ( spEntityId==null || spEntityId.length()==0 )
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String[] args = {spMetaAlias, spRealm};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            throw new WSFederationException(WSFederationConstants.BUNDLE_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                "invalidMetaAlias", args);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        SPSSOConfigElement spConfig =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            metaManager.getSPSSOConfig(spRealm,spEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if ( spConfig==null ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            String[] args = {spEntityId, spRealm};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            throw new WSFederationException(WSFederationConstants.BUNDLE_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                "badSPEntityID",args);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        Map<String,List<String>> spConfigAttributes =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            WSFederationMetaUtils.getAttributes(spConfig);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String accountRealmSelection =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                spConfigAttributes.get(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                com.sun.identity.wsfederation.common.WSFederationConstants.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                ACCOUNT_REALM_SELECTION).get(0);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if ( accountRealmSelection == null )
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            accountRealmSelection =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                WSFederationConstants.ACCOUNT_REALM_SELECTION_DEFAULT;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String accountRealmCookieName =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            spConfigAttributes.get(WSFederationConstants.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            ACCOUNT_REALM_COOKIE_NAME).get(0);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if ( accountRealmCookieName == null )
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            accountRealmCookieName =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                WSFederationConstants.ACCOUNT_REALM_COOKIE_NAME_DEFAULT;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String homeRealmDiscoveryService =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            spConfigAttributes.get(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            WSFederationConstants.HOME_REALM_DISCOVERY_SERVICE).get(0);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            debug.message(classMethod+"account realm selection method is " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                accountRealmSelection);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String idpIssuerName = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (whr != null && whr.length() > 0)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            // whr parameter overrides other mechanisms...
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            idpIssuerName = whr;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (accountRealmSelection.equals(WSFederationConstants.COOKIE))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                // ...and overwrites cookie
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                Cookie cookie = new Cookie(accountRealmCookieName,whr);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                // Set cookie to persist for a year
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                cookie.setMaxAge(60*60*24*365);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        CookieUtils.addCookieToResponse(response, cookie);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        else
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (accountRealmSelection.equals(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                WSFederationConstants.USERAGENT)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                String uaHeader =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    request.getHeader(WSFederationConstants.USERAGENT);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    debug.message(classMethod+"user-agent is :" + uaHeader);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                idpIssuerName =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    WSFederationUtils.accountRealmFromUserAgent(uaHeader,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    accountRealmCookieName);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            } else if (accountRealmSelection.equals(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                WSFederationConstants.COOKIE)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                Cookie[] cookies = request.getCookies();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                if (cookies != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    for (int i = 0; i < cookies.length; i++) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        if (cookies[i].getName().equals(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                            accountRealmCookieName)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                            idpIssuerName = cookies[i].getValue();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                            break;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            } else {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                debug.error(classMethod+"unexpected value for " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    WSFederationConstants.ACCOUNT_REALM_SELECTION + " : " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    accountRealmSelection);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                throw new WSFederationException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    WSFederationUtils.bundle.getString("badAccountRealm"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FederationElement sp =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            metaManager.getEntityDescriptor(spRealm,spEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String spIssuerName =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            metaManager.getTokenIssuerName(sp);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            debug.message(classMethod+"SP issuer name:" + spIssuerName);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String idpEntityId = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (idpIssuerName != null && idpIssuerName.length() > 0)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            // Got the issuer name from the cookie/UA string - let's see if
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            // we know the entity ID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            idpEntityId =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                metaManager.getEntityByTokenIssuerName(null,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                idpIssuerName);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (idpEntityId == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            // See if there is only one trusted IdP configured...
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            List<String> allRemoteIdPs =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                metaManager.getAllRemoteIdentityProviderEntities(spRealm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            ArrayList<String> trustedRemoteIdPs = new ArrayList<String>();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            for ( String idp : allRemoteIdPs )
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                if ( metaManager.isTrustedProvider(spRealm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    spEntityId, idp) ) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    trustedRemoteIdPs.add(idp);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if ( trustedRemoteIdPs.size() == 0 )
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                // Misconfiguration!
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                throw new WSFederationException(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    WSFederationUtils.bundle.getString("noIDPConfigured"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            else if ( trustedRemoteIdPs.size() == 1 )
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                idpEntityId = trustedRemoteIdPs.get(0);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        FederationElement idp = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if ( idpEntityId != null )
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            idp = metaManager.getEntityDescriptor(null,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                idpEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        // Set LB cookie here so it's done regardless of which redirect happens
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        // We want response to come back to this instance
6cf99bcf5206a0fcc9dd9296fc46ac28c3fe8adePeter Major        WSFederationUtils.sessionProvider.setLoadBalancerCookie(request, response);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        // If we still don't know the IdP, redirect to home realm discovery
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (idp == null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            StringBuffer url = new StringBuffer(homeRealmDiscoveryService);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            url.append("?wreply=");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            url.append(URLEncDec.encode(request.getRequestURL().toString()));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (wctx != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                url.append("&wctx=");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                url.append(URLEncDec.encode(wctx));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                debug.message(classMethod +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster                    "no account realm - redirecting to :" + url);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            response.sendRedirect(url.toString());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            return;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            debug.message(classMethod+"account realm:" + idpEntityId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String endpoint =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            metaManager.getTokenIssuerEndpoint(idp);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            debug.message(classMethod+"endpoint:" + endpoint);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        String replyURL =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            metaManager.getTokenIssuerEndpoint(sp);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            debug.message(classMethod+"replyURL:" + replyURL);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        StringBuffer url = new StringBuffer(endpoint);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        url.append("?wa=");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        url.append(URLEncDec.encode(WSFederationConstants.WSIGNIN10));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if ( wctx != null )
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            url.append("&wctx=");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            url.append(URLEncDec.encode(wctx));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        url.append("&wreply=");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        url.append(URLEncDec.encode(replyURL));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        url.append("&wct=");
ccf9d4a5c6453fa9f8b839baeee25147865fbb7dJames Phillpotts        url.append(URLEncDec.encode(DateUtils.toUTCDateFormat(newDate())));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        url.append("&wtrealm=");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        url.append(URLEncDec.encode(spIssuerName));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        if (debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster            debug.message(classMethod+"Redirecting to:" + url);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster        response.sendRedirect(url.toString());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster    }
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster}