fedletSampleApp.jsp revision 0fdab8904a8fe223f6934b878769fe45e7651c60
9e0d0a279b956cc2eae41c00a6846b0ca8c617c6Automatic Updater DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
1840745dd553b2ff5b114a03cde40a2a404aa559Michael Graff The contents of this file are subject to the terms
1840745dd553b2ff5b114a03cde40a2a404aa559Michael Graff of the Common Development and Distribution License
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence (the License). You may not use this file except in
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews compliance with the License.
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews You can obtain a copy of the License at
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews https://opensso.dev.java.net/public/CDDLv1.0.html or
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews See the License for the specific language governing
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews permission and limitations under the License.
1840745dd553b2ff5b114a03cde40a2a404aa559Michael Graff When distributing Covered Code, include this CDDL
debd489a44363870f96f75818e89ec27d3cab736Francis Dupont Header Notice in each file and include the License file
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein If applicable, add the following below the CDDL Header,
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence with the fields enclosed by brackets [] replaced by
1840745dd553b2ff5b114a03cde40a2a404aa559Michael Graff your own identifying information:
1840745dd553b2ff5b114a03cde40a2a404aa559Michael Graff "Portions Copyrighted [year] [name of copyright owner]"
f61a7c87bf36b189d8f04ea4c8ab3ec55778355cMark Andrews $Id: fedletSampleApp.jsp,v 1.15 2010/01/08 21:56:58 vimal_67 Exp $
c0564c15e73fc366a9200fc47dfcc7894382aa98Andreas Gustafsson Portions Copyrighted 2013 ForgeRock AS
1e107b3d7b54de5022c3328423164e533afcc15eMark Andrewsimport="com.sun.identity.saml2.common.SAML2Exception,
386d3a99c190bad55edf44d076e6bd087e230ab8Tatuya JINMEI 神明達哉com.sun.identity.saml2.profile.SPACSUtils,
d9059b0c38bd630c367d81424d72b1308cd74b04Tatuya JINMEI 神明達哉com.sun.identity.plugin.session.SessionException,
c2bc56dc65b4b103a5600565680eb5f33fa4c90bMark Andrews<%@ page import="java.io.PrintWriter" %>
c2bc56dc65b4b103a5600565680eb5f33fa4c90bMark Andrews<%@ include file="header.jspf" %>
d0eb2cc33c5db3366a16b1cb0abcca6ec7c8ee3cTatuya JINMEI 神明達哉 String deployuri = request.getRequestURI();
081cff0c33514a5dc63ab794fc199c07377ab756Mark Andrews int slashLoc = deployuri.indexOf("/", 1);
fd15c8e32ed0c1cfd3ed737858a81966e7fbaeacAndreas Gustafsson if (slashLoc != -1) {
c0564c15e73fc366a9200fc47dfcc7894382aa98Andreas Gustafsson deployuri = deployuri.substring(0, slashLoc);
30e6ea9dedbe0738f9729833b1b59042dbebc4dfBrian Wellington <title>Fedlet Sample Application</title>
c0564c15e73fc366a9200fc47dfcc7894382aa98Andreas Gustafsson <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
65e117d576ffa9588abc070c570c84d6c258e3baAndreas Gustafsson <link rel="stylesheet" type="text/css" href="<%= deployuri %>/com_sun_web_ui/css/css_ns6up.css" />
0822cc50657c972c6a5ee29cba9506847c7ea7c2Mark Andrews<div class="MstDiv"><table width="100%" border="0" cellpadding="0" cellspacing="0" class="MstTblTop" title="">
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence<td nowrap="nowrap"> </td>
b312748a11d27fe387984973ba79975a9d6863c4Mark Andrews<td nowrap="nowrap"> </td>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews</tr></tbody></table>
2dd99c098ca162f985b7ef3c8142a964ad8281aeMark Andrews<table width="100%" border="0" cellpadding="0" cellspacing="0" class="MstTblBot" title="">
f5facdfc297825bbd99adf45421dd2ba13a1132eBob Halley<td class="MstTdTtl" width="99%">
8f16e457f722681f67ee6af9c1cd39553f6dcc9aAndreas Gustafsson<div class="MstDivTtl"><img name="ProdName" src="<%= deployuri %>/console/images/PrimaryProductName.png" alt="" /></div></td><td class="MstTdLogo" width="1%"><img name="RMRealm.mhCommon.BrandLogo" src="<%= deployuri %>/com_sun_web_ui/images/other/javalogo.gif" alt="Java(TM) Logo" border="0" height="55" width="31" /></td></tr></tbody></table>
35541328a8c18ba1f984300dfe30ec8713c90031Mark Andrews<table class="MstTblEnd" border="0" cellpadding="0" cellspacing="0" width="100%"><tbody><tr><td><img name="RMRealm.mhCommon.EndorserLogo" src="<%= deployuri %>/com_sun_web_ui/images/masthead/masthead-sunname.gif" alt="Sun(TM) Microsystems,
ce1f5b8d0ae5936fd187c1f414ff12a7e3b0aa37Andreas GustafssonInc." align="right" border="0" height="10" width="108" /></td></tr></tbody></table></div><div class="SkpMedGry1"><a name="SkipAnchor2089" id="SkipAnchor2089"></a></div>
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence<div class="SkpMedGry1"><a href="#SkipAnchor4928"><img src="<%= deployuri %>/com_sun_web_ui/images/other/dot.gif" alt="Jump Over Tab Navigation Area. Current Selection is: Access Control" border="0" height="1" width="1" /></a></div>
173b32c660c1e4d5141b5ca740e8fab3c593652fBob Halley // BEGIN : following code is a must for Fedlet (SP) side application
1840745dd553b2ff5b114a03cde40a2a404aa559Michael Graff // invoke the Fedlet processing logic. this will do all the
63c82cf3ce90e60d3140b0d1c10d9cea9e0740f5Brian Wellington // necessary processing conforming to SAMLv2 specifications,
9f5423a84021a7381a504399b77a3b30b33014a9Brian Wellington // such as XML signature validation, Audience and Recipient
63c82cf3ce90e60d3140b0d1c10d9cea9e0740f5Brian Wellington // validation etc.
b03758b04ea5134c805d44fcc5315c878c6f7996Andreas Gustafsson map = SPACSUtils.processResponseForFedlet(request, response, new PrintWriter(out, true));
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington } catch (SAML2Exception sme) {
1d92d8a2456b23842a649b6104c60a9d6ea25333Brian Wellington SAMLUtils.sendError(request, response,
a55d0a9080c8ef4117d2fc27f63220a56afb2434Andreas Gustafsson response.SC_INTERNAL_SERVER_ERROR, "failedToProcessSSOResponse",
8a23742754e4640a298acb0d6bd7ed4da0c11798Brian Wellington } catch (IOException ioe) {
fe6b7ccc8de18264107a96602fefe7be772e9d4fMark Andrews SAMLUtils.sendError(request, response,
bcc1d6507b69be307fc1e0206827a0b09b10ba4bBob Halley response.SC_INTERNAL_SERVER_ERROR, "failedToProcessSSOResponse",
9259fed3d8ac5d1efa9b5a647969e40c9c934484Andreas Gustafsson } catch (SessionException se) {
9259fed3d8ac5d1efa9b5a647969e40c9c934484Andreas Gustafsson SAMLUtils.sendError(request, response,
9259fed3d8ac5d1efa9b5a647969e40c9c934484Andreas Gustafsson response.SC_INTERNAL_SERVER_ERROR, "failedToProcessSSOResponse",
f754fa97bc698cc251d227173a95e4d39a88ac01Mark Andrews } catch (ServletException se) {
f754fa97bc698cc251d227173a95e4d39a88ac01Mark Andrews SAMLUtils.sendError(request, response,
1840745dd553b2ff5b114a03cde40a2a404aa559Michael Graff response.SC_BAD_REQUEST, "failedToProcessSSOResponse",
c0564c15e73fc366a9200fc47dfcc7894382aa98Andreas Gustafsson // END : code is a must for Fedlet (SP) side application
819b98479eff49ed93f57f4d65eb0ffe72136adcMark Andrews String relayUrl = (String) map.get(SAML2Constants.RELAY_STATE);
819b98479eff49ed93f57f4d65eb0ffe72136adcMark Andrews if ((relayUrl != null) && (relayUrl.length() != 0)) {
c0564c15e73fc366a9200fc47dfcc7894382aa98Andreas Gustafsson // something special for validation to send redirect
c0564c15e73fc366a9200fc47dfcc7894382aa98Andreas Gustafsson int stringPos = relayUrl.indexOf("sendRedirectForValidationNow=true");
c0564c15e73fc366a9200fc47dfcc7894382aa98Andreas Gustafsson if (stringPos != -1) {
c0564c15e73fc366a9200fc47dfcc7894382aa98Andreas Gustafsson // Following are sample code to show how to retrieve information,
c0564c15e73fc366a9200fc47dfcc7894382aa98Andreas Gustafsson // such as Reponse/Assertion/Attributes, from the returned map.
c0564c15e73fc366a9200fc47dfcc7894382aa98Andreas Gustafsson // You might not need them in your real application code.
c0564c15e73fc366a9200fc47dfcc7894382aa98Andreas Gustafsson Response samlResp = (Response) map.get(SAML2Constants.RESPONSE);
c0564c15e73fc366a9200fc47dfcc7894382aa98Andreas Gustafsson Assertion assertion = (Assertion) map.get(SAML2Constants.ASSERTION);
c0564c15e73fc366a9200fc47dfcc7894382aa98Andreas Gustafsson Subject subject = (Subject) map.get(SAML2Constants.SUBJECT);
c0564c15e73fc366a9200fc47dfcc7894382aa98Andreas Gustafsson String entityID = (String) map.get(SAML2Constants.IDPENTITYID);
c0564c15e73fc366a9200fc47dfcc7894382aa98Andreas Gustafsson String spEntityID = (String) map.get(SAML2Constants.SPENTITYID);
8689f943a4859a8f68344236a1dcb81299a98347Mark Andrews NameID nameId = (NameID) map.get(SAML2Constants.NAMEID);
819b98479eff49ed93f57f4d65eb0ffe72136adcMark Andrews String value = nameId.getValue();
8689f943a4859a8f68344236a1dcb81299a98347Mark Andrews String format = nameId.getFormat();
8689f943a4859a8f68344236a1dcb81299a98347Mark Andrews out.println("<br><br><b>Single Sign-On successful with IDP "
8689f943a4859a8f68344236a1dcb81299a98347Mark Andrews + entityID + ".</b>");
8689f943a4859a8f68344236a1dcb81299a98347Mark Andrews out.println("<table border=0>");
8689f943a4859a8f68344236a1dcb81299a98347Mark Andrews if (format != null) {
8689f943a4859a8f68344236a1dcb81299a98347Mark Andrews out.println("<td valign=top><b>Name ID format: </b></td>");
8689f943a4859a8f68344236a1dcb81299a98347Mark Andrews out.println("<td>" + format + "</td>");
c0564c15e73fc366a9200fc47dfcc7894382aa98Andreas Gustafsson if (value != null) {
c0564c15e73fc366a9200fc47dfcc7894382aa98Andreas Gustafsson out.println("<td valign=top><b>Name ID value: </b></td>");
c0564c15e73fc366a9200fc47dfcc7894382aa98Andreas Gustafsson out.println("<td>" + value + "</td>");
7781f25078c491a9650dec555bdc86cb0ed49861Tatuya JINMEI 神明達哉 String sessionIndex = (String) map.get(SAML2Constants.SESSION_INDEX);
7781f25078c491a9650dec555bdc86cb0ed49861Tatuya JINMEI 神明達哉 if (sessionIndex != null) {
7781f25078c491a9650dec555bdc86cb0ed49861Tatuya JINMEI 神明達哉 out.println("<td valign=top><b>SessionIndex: </b></td>");
7781f25078c491a9650dec555bdc86cb0ed49861Tatuya JINMEI 神明達哉 out.println("<td>" + sessionIndex + "</td>");
62700b67eb8abb7d13f9c3c1bc4b60a1477d35d8Mark Andrews Map attrs = (Map) map.get(SAML2Constants.ATTRIBUTE_MAP);
62700b67eb8abb7d13f9c3c1bc4b60a1477d35d8Mark Andrews if (attrs != null) {
62700b67eb8abb7d13f9c3c1bc4b60a1477d35d8Mark Andrews out.println("<td valign=top><b>Attributes: </b></td>");
62700b67eb8abb7d13f9c3c1bc4b60a1477d35d8Mark Andrews Iterator iter = attrs.keySet().iterator();
7781f25078c491a9650dec555bdc86cb0ed49861Tatuya JINMEI 神明達哉 String attrName = (String) iter.next();
7781f25078c491a9650dec555bdc86cb0ed49861Tatuya JINMEI 神明達哉 Set attrVals = (HashSet) attrs.get(attrName);
7781f25078c491a9650dec555bdc86cb0ed49861Tatuya JINMEI 神明達哉 if ((attrVals != null) && !attrVals.isEmpty()) {
7781f25078c491a9650dec555bdc86cb0ed49861Tatuya JINMEI 神明達哉 out.println(attrName + "=" + it.next() + "<br>");
0822cc50657c972c6a5ee29cba9506847c7ea7c2Mark Andrews out.println("<br><br><b><a href=# onclick=toggleDisp('resinfo')>Click to view SAML2 Response XML</a></b><br>");
0822cc50657c972c6a5ee29cba9506847c7ea7c2Mark Andrews out.println("<span style='display:none;' id=resinfo><textarea rows=40 cols=100>" + samlResp.toXMLString(true, true) + "</textarea></span>");
0822cc50657c972c6a5ee29cba9506847c7ea7c2Mark Andrews out.println("<br><b><a href=# onclick=toggleDisp('assr')>Click to view Assertion XML</a></b><br>");
0822cc50657c972c6a5ee29cba9506847c7ea7c2Mark Andrews out.println("<span style='display:none;' id=assr><br><textarea rows=40 cols=100>" + assertion.toXMLString(true, true) + "</textarea></span>");
0822cc50657c972c6a5ee29cba9506847c7ea7c2Mark Andrews out.println("<br><b><a href=# onclick=toggleDisp('subj')>Click to view Subject XML</a></b><br>");
0822cc50657c972c6a5ee29cba9506847c7ea7c2Mark Andrews out.println("<span style='display:none;' id=subj><br><textarea rows=10 cols=100>" + subject.toXMLString(true, true) + "</textarea></span>");
0822cc50657c972c6a5ee29cba9506847c7ea7c2Mark Andrews if ((relayUrl != null) && (relayUrl.length() != 0)) {
0822cc50657c972c6a5ee29cba9506847c7ea7c2Mark Andrews out.println("<br><br>Click <a href=\"" + relayUrl
0822cc50657c972c6a5ee29cba9506847c7ea7c2Mark Andrews + "\">here</a> to redirect to final destination.");
0822cc50657c972c6a5ee29cba9506847c7ea7c2Mark Andrews out.println("<br><b>Test Attribute Query:</b></br>");
0822cc50657c972c6a5ee29cba9506847c7ea7c2Mark Andrews out.print("<b><a href="+deployuri+"/fedletAttrQuery.jsp?nameIDValue="+value+"&idpEntityID="+entityID+"&spEntityID="+spEntityID+">Fedlet Attribute Query </a></b>");
0822cc50657c972c6a5ee29cba9506847c7ea7c2Mark Andrews out.println("<br><b>Test XACML Policy Decision Query:</b></br>");
6b79e960e6ba2991aeb02a6c39af255ab7f06d99Mark Andrews out.print("<b><a href="+deployuri+"/fedletXACMLQuery.jsp?nameIDValue="+value+"&idpEntityID="+entityID+"&spEntityID="+spEntityID+">Fedlet XACML Query </a></b>");
6b79e960e6ba2991aeb02a6c39af255ab7f06d99Mark Andrews Map idpMap = getIDPBaseUrlAndMetaAlias(entityID, deployuri);
6b79e960e6ba2991aeb02a6c39af255ab7f06d99Mark Andrews String idpBaseUrl = (String) idpMap.get("idpBaseUrl");
6b79e960e6ba2991aeb02a6c39af255ab7f06d99Mark Andrews String idpMetaAlias = (String) idpMap.get("idpMetaAlias");
6b79e960e6ba2991aeb02a6c39af255ab7f06d99Mark Andrews String fedletBaseUrl = getFedletBaseUrl(spEntityID, deployuri);
6b79e960e6ba2991aeb02a6c39af255ab7f06d99Mark Andrews out.println("<br><b>Test Single Logout:</b></br>");
6b79e960e6ba2991aeb02a6c39af255ab7f06d99Mark Andrews if (idpMetaAlias != null) {
6b79e960e6ba2991aeb02a6c39af255ab7f06d99Mark Andrews out.println("<br><b><a href=\"" + idpBaseUrl + "/IDPSloInit?metaAlias=" + idpMetaAlias + "&binding=urn:oasis:names:tc:SAML:2.0:bindings:SOAP&RelayState=" + fedletBaseUrl + "/index.jsp\">Run Identity Provider initiated Single Logout using SOAP binding</a></b></br>");
6b79e960e6ba2991aeb02a6c39af255ab7f06d99Mark Andrews out.println("<br><b><a href=\"" + idpBaseUrl + "/IDPSloInit?metaAlias=" + idpMetaAlias + "&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect&RelayState=" + fedletBaseUrl + "/index.jsp\">Run Identity Provider initiated Single Logout using HTTP Redirect binding</a></b></br>");
6b79e960e6ba2991aeb02a6c39af255ab7f06d99Mark Andrews out.println("<br><b><a href=\"" + idpBaseUrl + "/IDPSloInit?metaAlias=" + idpMetaAlias + "&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&RelayState=" + fedletBaseUrl + "/index.jsp\">Run Identity Provider initiated Single Logout using HTTP POST binding</a></b></br>");
6b79e960e6ba2991aeb02a6c39af255ab7f06d99Mark Andrews out.println("<br><b><a href=\"" + fedletBaseUrl + "/fedletSloInit?spEntityID=" + URLEncDec.encode(spEntityID) + "&idpEntityID=" + URLEncDec.encode(entityID) + "&NameIDValue=" + URLEncDec.encode(value) + "&SessionIndex=" + URLEncDec.encode(sessionIndex) + "&binding=urn:oasis:names:tc:SAML:2.0:bindings:SOAP&RelayState=" + URLEncDec.encode(fedletBaseUrl + "/index.jsp") + "\">Run Fedlet initiated Single Logout using SOAP binding</a></b></br>");
6b79e960e6ba2991aeb02a6c39af255ab7f06d99Mark Andrews out.println("<br><b><a href=\"" + fedletBaseUrl + "/fedletSloInit?spEntityID=" + URLEncDec.encode(spEntityID) + "&idpEntityID=" + URLEncDec.encode(entityID) + "&NameIDValue=" + URLEncDec.encode(value) + "&SessionIndex=" + URLEncDec.encode(sessionIndex) + "&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect&RelayState=" + URLEncDec.encode(fedletBaseUrl + "/index.jsp") + "\">Run Fedlet initiated Single Logout using HTTP Redirect binding</a></b></br>");
6b79e960e6ba2991aeb02a6c39af255ab7f06d99Mark Andrews out.println("<br><b><a href=\"" + fedletBaseUrl + "/fedletSloInit?spEntityID=" + URLEncDec.encode(spEntityID) + "&idpEntityID=" + URLEncDec.encode(entityID) + "&NameIDValue=" + URLEncDec.encode(value) + "&SessionIndex=" + URLEncDec.encode(sessionIndex) + "&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST&RelayState=" + URLEncDec.encode(fedletBaseUrl + "/index.jsp") + "\">Run Fedlet initiated Single Logout using HTTP POST binding</a></b></br>");
6b79e960e6ba2991aeb02a6c39af255ab7f06d99Mark Andrewsfunction toggleDisp(id)