idpMNIRequestInit.jsp revision 0e107349d3f7763a9c67fb2f32c86c11364c72cf
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%--
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync The contents of this file are subject to the terms
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync of the Common Development and Distribution License
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync (the License). You may not use this file except in
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync compliance with the License.
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync You can obtain a copy of the License at
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync https://opensso.dev.java.net/public/CDDLv1.0.html or
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync opensso/legal/CDDLv1.0.txt
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync See the License for the specific language governing
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync permission and limitations under the License.
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync When distributing Covered Code, include this CDDL
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync Header Notice in each file and include the License file
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync at opensso/legal/CDDLv1.0.txt.
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync If applicable, add the following below the CDDL Header,
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync with the fields enclosed by brackets [] replaced by
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync your own identifying information:
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync "Portions Copyrighted [year] [name of copyright owner]"
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync $Id: idpMNIRequestInit.jsp,v 1.10 2009/10/15 00:00:40 exu Exp $
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync--%>
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%--
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync Portions Copyrighted 2013-2014 ForgeRock AS
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync--%>
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%@ page import="com.sun.identity.federation.common.FSUtils" %>
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%@ page import="com.sun.identity.saml2.meta.SAML2MetaUtils" %>
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%@ page import="com.sun.identity.saml2.profile.DoManageNameID" %>
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%@ page import="java.util.HashMap" %>
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%@ page import="org.owasp.esapi.ESAPI" %>
<%--
idpMNIRequestInit.jsp initiates the ManageNameIDRequest at
the Identity Provider.
Required parameters to this jsp are :
- metaAlias - identifier for Identity Provider
- spEntityID - identifier for Service Provider
- requestType - the request type of ManageNameIDRequest (Terminate / NewID)
Somce of the other optional parameters are :
- relayState - the target URL on successful complete of the Request
Check the SAML2 Documentation for supported parameters.
--%>
<%
// Retreive the Request Query Parameters
// metaAlias, spEntiyID and RequestType are the required query parameters
// metaAlias - Hosted Entity Id
// spEntityID - Service Provider Identifier
// requestType - the request type of ManageNameIDRequest (Terminate / NewID)
// affiliationID - affiliation entity ID
// Query parameters supported will be documented.
if (FSUtils.needSetLBCookieAndRedirect(request, response, true)) {
return;
}
try {
String metaAlias = request.getParameter("metaAlias");
if ((metaAlias == null) || (metaAlias.length() == 0)) {
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
"nullIDPEntityID",
SAML2Utils.bundle.getString("nullIDPEntityID"));
return;
}
String idpEntityID =
SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(metaAlias);
String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
String spEntityID = request.getParameter("spEntityID");
if ((spEntityID == null) || (spEntityID.length() == 0)) {
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
"nullSPEntityID",
SAML2Utils.bundle.getString("nullSPEntityID"));
return;
}
String binding = DoManageNameID.getMNIBindingInfo(request, metaAlias,
SAML2Constants.IDP_ROLE, spEntityID);
if (!SAML2Utils.isIDPProfileBindingSupported(
realm, idpEntityID, SAML2Constants.MNI_SERVICE, binding))
{
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
"unsupportedBinding",
SAML2Utils.bundle.getString("unsupportedBinding"));
return;
}
String requestType = request.getParameter("requestType");
if ((requestType == null) || (requestType.length() == 0)) {
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
"nullRequestType",
SAML2Utils.bundle.getString("nullRequestType"));
return;
}
String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
if (!ESAPI.validator().isValidInput("HTTP Query String: " + relayState, relayState, "HTTPQueryString", 2000, true)) {
relayState = null;
}
String affiliationID =
request.getParameter(SAML2Constants.AFFILIATION_ID);
HashMap paramsMap = new HashMap();
paramsMap.put("metaAlias", metaAlias);
paramsMap.put("spEntityID", spEntityID);
paramsMap.put("requestType", requestType);
paramsMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE);
paramsMap.put(SAML2Constants.BINDING, binding);
if (relayState != null) {
paramsMap.put(SAML2Constants.RELAY_STATE, relayState);
}
if (affiliationID != null) {
paramsMap.put(SAML2Constants.AFFILIATION_ID, affiliationID);
}
Object sess = SAML2Utils.checkSession(request,response,
metaAlias, paramsMap);
if (sess == null) {
return;
}
DoManageNameID.initiateManageNameIDRequest(request,response,
metaAlias, spEntityID, paramsMap);
if (binding.equalsIgnoreCase(SAML2Constants.SOAP)) {
if (relayState != null && SAML2Utils.isRelayStateURLValid(request, relayState, SAML2Constants.IDP_ROLE) &&
ESAPI.validator().isValidInput("HTTP URL Value: " + relayState, relayState, "URL", 2000, true)) {
response.sendRedirect(relayState);
} else {
%>
<jsp:forward page="/saml2/jsp/default.jsp?message=mniSuccess" />
<%
}
}
} catch (SAML2Exception e) {
SAML2Utils.debug.error("Error processing ManageNameID Request ",e);
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
"requestProcessingMNIError",
SAML2Utils.bundle.getString("requestProcessingMNIError"));
return;
}
%>