a78048ccbdb6256da15e6b0e7e95355e480c2301nd DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a78048ccbdb6256da15e6b0e7e95355e480c2301nd Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
a78048ccbdb6256da15e6b0e7e95355e480c2301nd The contents of this file are subject to the terms
a78048ccbdb6256da15e6b0e7e95355e480c2301nd of the Common Development and Distribution License
a78048ccbdb6256da15e6b0e7e95355e480c2301nd (the License). You may not use this file except in
a78048ccbdb6256da15e6b0e7e95355e480c2301nd compliance with the License.
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen You can obtain a copy of the License at
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen See the License for the specific language governing
a78048ccbdb6256da15e6b0e7e95355e480c2301nd permission and limitations under the License.
d229f940abfb2490dee17979e9a5ff31b7012eb5rbowen When distributing Covered Code, include this CDDL
3f08db06526d6901aa08c110b5bc7dde6bc39905nd Header Notice in each file and include the License file
a78048ccbdb6256da15e6b0e7e95355e480c2301nd If applicable, add the following below the CDDL Header,
a78048ccbdb6256da15e6b0e7e95355e480c2301nd with the fields enclosed by brackets [] replaced by
3f08db06526d6901aa08c110b5bc7dde6bc39905nd your own identifying information:
a78048ccbdb6256da15e6b0e7e95355e480c2301nd "Portions Copyrighted [year] [name of copyright owner]"
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung $Id: fedletSampleApp.jsp,v 1.15 2010/01/08 21:56:58 vimal_67 Exp $
4b575a6b6704b516f22d65a3ad35696d7b9ba372rpluem Portions Copyrighted 2013-2016 ForgeRock AS.
a78048ccbdb6256da15e6b0e7e95355e480c2301nd<%@ page import="java.io.PrintWriter" %>
a78048ccbdb6256da15e6b0e7e95355e480c2301nd<%@ include file="header.jspf" %>
a78048ccbdb6256da15e6b0e7e95355e480c2301nd String deployuri = request.getRequestURI();
a78048ccbdb6256da15e6b0e7e95355e480c2301nd int slashLoc = deployuri.indexOf("/", 1);
a78048ccbdb6256da15e6b0e7e95355e480c2301nd if (slashLoc != -1) {
a78048ccbdb6256da15e6b0e7e95355e480c2301nd deployuri = deployuri.substring(0, slashLoc);
a78048ccbdb6256da15e6b0e7e95355e480c2301nd <title>Fedlet Sample Application</title>
a78048ccbdb6256da15e6b0e7e95355e480c2301nd <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
a78048ccbdb6256da15e6b0e7e95355e480c2301nd <link rel="stylesheet" type="text/css" href="<%= deployuri %>/com_sun_web_ui/css/css_ns6up.css" />
a78048ccbdb6256da15e6b0e7e95355e480c2301nd<div class="MstDiv"><table width="100%" border="0" cellpadding="0" cellspacing="0" class="MstTblTop" title="">
a78048ccbdb6256da15e6b0e7e95355e480c2301nd<tbody><tr>
a78048ccbdb6256da15e6b0e7e95355e480c2301nd<td nowrap="nowrap"> </td>
a78048ccbdb6256da15e6b0e7e95355e480c2301nd<td nowrap="nowrap"> </td>
a78048ccbdb6256da15e6b0e7e95355e480c2301nd</tr></tbody></table>
a78048ccbdb6256da15e6b0e7e95355e480c2301nd<table width="100%" border="0" cellpadding="0" cellspacing="0" class="MstTblBot" title="">
a78048ccbdb6256da15e6b0e7e95355e480c2301nd<tbody><tr>
a78048ccbdb6256da15e6b0e7e95355e480c2301nd<td class="MstTdTtl" width="99%">
a78048ccbdb6256da15e6b0e7e95355e480c2301nd<div class="MstDivTtl"><img name="ProdName" src="<%= deployuri %>/console/images/PrimaryProductName.png" alt="" /></div></td><td class="MstTdLogo" width="1%"><img name="RMRealm.mhCommon.BrandLogo" src="<%= deployuri %>/com_sun_web_ui/images/other/javalogo.gif" alt="Java(TM) Logo" border="0" height="55" width="31" /></td></tr></tbody></table>
a78048ccbdb6256da15e6b0e7e95355e480c2301nd<table class="MstTblEnd" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td><img name="RMRealm.mhCommon.EndorserLogo" src="<%= deployuri %>/com_sun_web_ui/images/masthead/masthead-sunname.gif" alt="Sun(TM) Microsystems,
a78048ccbdb6256da15e6b0e7e95355e480c2301ndInc." align="right" border="0" height="10" width="108" /></td></tr></tbody></table></div><div class="SkpMedGry1"><a name="SkipAnchor2089" id="SkipAnchor2089"></a></div>
a78048ccbdb6256da15e6b0e7e95355e480c2301nd<div class="SkpMedGry1"><a href="#SkipAnchor4928"><img src="<%= deployuri %>/com_sun_web_ui/images/other/dot.gif" alt="Jump Over Tab Navigation Area. Current Selection is: Access Control" border="0" height="1" width="1" /></a></div>
a78048ccbdb6256da15e6b0e7e95355e480c2301nd // BEGIN : following code is a must for Fedlet (SP) side application
a78048ccbdb6256da15e6b0e7e95355e480c2301nd // invoke the Fedlet processing logic. this will do all the
a78048ccbdb6256da15e6b0e7e95355e480c2301nd // necessary processing conforming to SAMLv2 specifications,
a78048ccbdb6256da15e6b0e7e95355e480c2301nd // such as XML signature validation, Audience and Recipient
a78048ccbdb6256da15e6b0e7e95355e480c2301nd // validation etc.
a78048ccbdb6256da15e6b0e7e95355e480c2301nd map = SPACSUtils.processResponseForFedlet(request, response, new PrintWriter(out, true));
a78048ccbdb6256da15e6b0e7e95355e480c2301nd } catch (SAML2Exception sme) {
a78048ccbdb6256da15e6b0e7e95355e480c2301nd SAMLUtils.sendError(request, response,
a78048ccbdb6256da15e6b0e7e95355e480c2301nd response.SC_INTERNAL_SERVER_ERROR, "failedToProcessSSOResponse",
a78048ccbdb6256da15e6b0e7e95355e480c2301nd } catch (IOException ioe) {
a78048ccbdb6256da15e6b0e7e95355e480c2301nd SAMLUtils.sendError(request, response,
a78048ccbdb6256da15e6b0e7e95355e480c2301nd response.SC_INTERNAL_SERVER_ERROR, "failedToProcessSSOResponse",
a78048ccbdb6256da15e6b0e7e95355e480c2301nd } catch (SessionException se) {
a78048ccbdb6256da15e6b0e7e95355e480c2301nd SAMLUtils.sendError(request, response,
a78048ccbdb6256da15e6b0e7e95355e480c2301nd response.SC_INTERNAL_SERVER_ERROR, "failedToProcessSSOResponse",
a78048ccbdb6256da15e6b0e7e95355e480c2301nd } catch (ServletException se) {
a78048ccbdb6256da15e6b0e7e95355e480c2301nd SAMLUtils.sendError(request, response,
a78048ccbdb6256da15e6b0e7e95355e480c2301nd response.SC_BAD_REQUEST, "failedToProcessSSOResponse",
a78048ccbdb6256da15e6b0e7e95355e480c2301nd // END : code is a must for Fedlet (SP) side application
a78048ccbdb6256da15e6b0e7e95355e480c2301nd String relayUrl = (String) map.get(SAML2Constants.RELAY_STATE);
a78048ccbdb6256da15e6b0e7e95355e480c2301nd if ((relayUrl != null) && (relayUrl.length() != 0)) {
a78048ccbdb6256da15e6b0e7e95355e480c2301nd // something special for validation to send redirect
a78048ccbdb6256da15e6b0e7e95355e480c2301nd int stringPos = relayUrl.indexOf("sendRedirectForValidationNow=true");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd if (stringPos != -1) {
a78048ccbdb6256da15e6b0e7e95355e480c2301nd // Following are sample code to show how to retrieve information,
a78048ccbdb6256da15e6b0e7e95355e480c2301nd // such as Reponse/Assertion/Attributes, from the returned map.
a78048ccbdb6256da15e6b0e7e95355e480c2301nd // You might not need them in your real application code.
a78048ccbdb6256da15e6b0e7e95355e480c2301nd Response samlResp = (Response) map.get(SAML2Constants.RESPONSE);
a78048ccbdb6256da15e6b0e7e95355e480c2301nd Assertion assertion = (Assertion) map.get(SAML2Constants.ASSERTION);
a78048ccbdb6256da15e6b0e7e95355e480c2301nd Subject subject = (Subject) map.get(SAML2Constants.SUBJECT);
a78048ccbdb6256da15e6b0e7e95355e480c2301nd String entityID = (String) map.get(SAML2Constants.IDPENTITYID);
a78048ccbdb6256da15e6b0e7e95355e480c2301nd String spEntityID = (String) map.get(SAML2Constants.SPENTITYID);
a78048ccbdb6256da15e6b0e7e95355e480c2301nd String value = nameId.getValue();
a78048ccbdb6256da15e6b0e7e95355e480c2301nd String format = nameId.getFormat();
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<br><br><b>Single Sign-On successful with IDP "
a78048ccbdb6256da15e6b0e7e95355e480c2301nd + entityID + ".</b>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<br><br>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<table border=0>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd if (format != null) {
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<td valign=top><b>Name ID format: </b></td>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<td>" + format + "</td>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd if (value != null) {
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<td valign=top><b>Name ID value: </b></td>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<td>" + value + "</td>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd String sessionIndex = (String) map.get(SAML2Constants.SESSION_INDEX);
a78048ccbdb6256da15e6b0e7e95355e480c2301nd if (sessionIndex != null) {
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<td valign=top><b>SessionIndex: </b></td>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<td>" + sessionIndex + "</td>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd if (attrs != null) {
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<td valign=top><b>Attributes: </b></td>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd Iterator iter = attrs.keySet().iterator();
a78048ccbdb6256da15e6b0e7e95355e480c2301nd String attrName = (String) iter.next();
a78048ccbdb6256da15e6b0e7e95355e480c2301nd Set attrVals = (HashSet) attrs.get(attrName);
a78048ccbdb6256da15e6b0e7e95355e480c2301nd if ((attrVals != null) && !attrVals.isEmpty()) {
a78048ccbdb6256da15e6b0e7e95355e480c2301nd Iterator it = attrVals.iterator();
a78048ccbdb6256da15e6b0e7e95355e480c2301nd while (it.hasNext()) {
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("</table>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<br><br><b><a href=# onclick=toggleDisp('resinfo')>Click to view SAML2 Response XML</a></b><br>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<span style='display:none;' id=resinfo><textarea rows=40 cols=100>" + samlResp.toXMLString(true, true) + "</textarea></span>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<br><b><a href=# onclick=toggleDisp('assr')>Click to view Assertion XML</a></b><br>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<span style='display:none;' id=assr><br><textarea rows=40 cols=100>" + assertion.toXMLString(true, true) + "</textarea></span>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<br><b><a href=# onclick=toggleDisp('subj')>Click to view Subject XML</a></b><br>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<span style='display:none;' id=subj><br><textarea rows=10 cols=100>" + subject.toXMLString(true, true) + "</textarea></span>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd if ((relayUrl != null) && (relayUrl.length() != 0)) {
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<br><br>Click <a href=\"" + relayUrl
a78048ccbdb6256da15e6b0e7e95355e480c2301nd + "\">here</a> to redirect to final destination.");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<br><b>Test Attribute Query:</b></br>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.print("<b><a href="+deployuri+"/fedletAttrQuery.jsp?nameIDValue="+value+"&idpEntityID="+entityID+"&spEntityID="+spEntityID+">Fedlet Attribute Query </a></b>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<br><b>Test XACML Policy Decision Query:</b></br>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.print("<b><a href="+deployuri+"/fedletXACMLQuery.jsp?nameIDValue="+value+"&idpEntityID="+entityID+"&spEntityID="+spEntityID+">Fedlet XACML Query </a></b>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd Map idpMap = getIDPBaseUrlAndMetaAlias(entityID, deployuri);
a78048ccbdb6256da15e6b0e7e95355e480c2301nd String idpBaseUrl = (String) idpMap.get("idpBaseUrl");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd String idpMetaAlias = (String) idpMap.get("idpMetaAlias");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd String fedletBaseUrl = getFedletBaseUrl(spEntityID, deployuri);
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<br><b>Test Single Logout:</b></br>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd if (idpMetaAlias != null) {
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<br><b><a href=\"" + idpBaseUrl + "/IDPSloInit?metaAlias=" + idpMetaAlias + "&binding=urn:oasis:names:tc:SAML:2.0:bindings:SOAP&RelayState=" + fedletBaseUrl + "/index.jsp\">Run Identity Provider initiated Single Logout using SOAP binding</a></b></br>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<br><b><a href=\"" + idpBaseUrl + "/IDPSloInit?metaAlias=" + idpMetaAlias + "&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect&RelayState=" + fedletBaseUrl + "/index.jsp\">Run Identity Provider initiated Single Logout using HTTP Redirect binding</a></b></br>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<br><b><a href=\"" + idpBaseUrl + "/IDPSloInit?metaAlias=" + idpMetaAlias + "&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&RelayState=" + fedletBaseUrl + "/index.jsp\">Run Identity Provider initiated Single Logout using HTTP POST binding</a></b></br>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<br><b><a href=\"" + fedletBaseUrl + "/fedletSloInit?spEntityID=" + URLEncDec.encode(spEntityID) + "&idpEntityID=" + URLEncDec.encode(entityID) + "&NameIDValue=" + URLEncDec.encode(value) + "&SessionIndex=" + URLEncDec.encode(sessionIndex) + "&binding=urn:oasis:names:tc:SAML:2.0:bindings:SOAP&RelayState=" + URLEncDec.encode(fedletBaseUrl + "/index.jsp") + "\">Run Fedlet initiated Single Logout using SOAP binding</a></b></br>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<br><b><a href=\"" + fedletBaseUrl + "/fedletSloInit?spEntityID=" + URLEncDec.encode(spEntityID) + "&idpEntityID=" + URLEncDec.encode(entityID) + "&NameIDValue=" + URLEncDec.encode(value) + "&SessionIndex=" + URLEncDec.encode(sessionIndex) + "&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect&RelayState=" + URLEncDec.encode(fedletBaseUrl + "/index.jsp") + "\">Run Fedlet initiated Single Logout using HTTP Redirect binding</a></b></br>");
a78048ccbdb6256da15e6b0e7e95355e480c2301nd out.println("<br><b><a href=\"" + fedletBaseUrl + "/fedletSloInit?spEntityID=" + URLEncDec.encode(spEntityID) + "&idpEntityID=" + URLEncDec.encode(entityID) + "&NameIDValue=" + URLEncDec.encode(value) + "&SessionIndex=" + URLEncDec.encode(sessionIndex) + "&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&RelayState=" + URLEncDec.encode(fedletBaseUrl + "/index.jsp") + "\">Run Fedlet initiated Single Logout using HTTP POST binding</a></b></br>");
a78048ccbdb6256da15e6b0e7e95355e480c2301ndfunction toggleDisp(id)
a78048ccbdb6256da15e6b0e7e95355e480c2301nd var elem = document.getElementById(id);
a78048ccbdb6256da15e6b0e7e95355e480c2301nd if (elem.style.display == 'none')