idpMNIRequestInit.jsp revision 0e107349d3f7763a9c67fb2f32c86c11364c72cf
a898afa0c41d5bdca1134dce14666fef3cfed666Andrew Forrest<%--
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a898afa0c41d5bdca1134dce14666fef3cfed666Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a898afa0c41d5bdca1134dce14666fef3cfed666Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest The contents of this file are subject to the terms
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest of the Common Development and Distribution License
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest (the License). You may not use this file except in
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest compliance with the License.
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest You can obtain a copy of the License at
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest https://opensso.dev.java.net/public/CDDLv1.0.html or
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest opensso/legal/CDDLv1.0.txt
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest See the License for the specific language governing
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest permission and limitations under the License.
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest When distributing Covered Code, include this CDDL
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest Header Notice in each file and include the License file
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest at opensso/legal/CDDLv1.0.txt.
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest If applicable, add the following below the CDDL Header,
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest with the fields enclosed by brackets [] replaced by
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest your own identifying information:
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest "Portions Copyrighted [year] [name of copyright owner]"
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest $Id: idpMNIRequestInit.jsp,v 1.10 2009/10/15 00:00:40 exu Exp $
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
887712849e5b2fb58199a680a47bb45bdaa6a0c6Gabor Melkvi--%>
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest<%--
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest Portions Copyrighted 2013-2014 ForgeRock AS
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest--%>
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest<%@ page import="com.sun.identity.federation.common.FSUtils" %>
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest<%@ page import="com.sun.identity.saml2.meta.SAML2MetaUtils" %>
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest<%@ page import="com.sun.identity.saml2.profile.DoManageNameID" %>
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest<%@ page import="java.util.HashMap" %>
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest<%@ page import="org.owasp.esapi.ESAPI" %>
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest<%--
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest idpMNIRequestInit.jsp initiates the ManageNameIDRequest at
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest the Identity Provider.
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest Required parameters to this jsp are :
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest - metaAlias - identifier for Identity Provider
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest - spEntityID - identifier for Service Provider
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest - requestType - the request type of ManageNameIDRequest (Terminate / NewID)
5a7b89066fcba7cced4e980306cf91163ed79c3dAndrew Forrest
5a7b89066fcba7cced4e980306cf91163ed79c3dAndrew Forrest Somce of the other optional parameters are :
5a7b89066fcba7cced4e980306cf91163ed79c3dAndrew Forrest - relayState - the target URL on successful complete of the Request
5a7b89066fcba7cced4e980306cf91163ed79c3dAndrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest Check the SAML2 Documentation for supported parameters.
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest--%>
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest<%
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest // Retreive the Request Query Parameters
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest // metaAlias, spEntiyID and RequestType are the required query parameters
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest // metaAlias - Hosted Entity Id
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest // spEntityID - Service Provider Identifier
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest // requestType - the request type of ManageNameIDRequest (Terminate / NewID)
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest // affiliationID - affiliation entity ID
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest // Query parameters supported will be documented.
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest if (FSUtils.needSetLBCookieAndRedirect(request, response, true)) {
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest return;
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest }
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest try {
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest String metaAlias = request.getParameter("metaAlias");
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest if ((metaAlias == null) || (metaAlias.length() == 0)) {
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest "nullIDPEntityID",
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest SAML2Utils.bundle.getString("nullIDPEntityID"));
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest return;
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest }
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest String idpEntityID =
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(metaAlias);
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest String spEntityID = request.getParameter("spEntityID");
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest if ((spEntityID == null) || (spEntityID.length() == 0)) {
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest "nullSPEntityID",
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest SAML2Utils.bundle.getString("nullSPEntityID"));
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest return;
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest }
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest String binding = DoManageNameID.getMNIBindingInfo(request, metaAlias,
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest SAML2Constants.IDP_ROLE, spEntityID);
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest if (!SAML2Utils.isIDPProfileBindingSupported(
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest realm, idpEntityID, SAML2Constants.MNI_SERVICE, binding))
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest {
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest "unsupportedBinding",
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest SAML2Utils.bundle.getString("unsupportedBinding"));
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest return;
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest }
c0f53aa89d68ce3e4df7e9af73c00b292c8cbfefAndrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest String requestType = request.getParameter("requestType");
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
751a89ff3a7a62c4981ea2dad1b06c79a782a609Jaco Jooste if ((requestType == null) || (requestType.length() == 0)) {
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest "nullRequestType",
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest SAML2Utils.bundle.getString("nullRequestType"));
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest return;
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest }
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest if (!ESAPI.validator().isValidInput("HTTP Query String: " + relayState, relayState, "HTTPQueryString", 2000, true)) {
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest relayState = null;
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest }
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest String affiliationID =
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest request.getParameter(SAML2Constants.AFFILIATION_ID);
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest HashMap paramsMap = new HashMap();
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest paramsMap.put("metaAlias", metaAlias);
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest paramsMap.put("spEntityID", spEntityID);
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest paramsMap.put("requestType", requestType);
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest paramsMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE);
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest paramsMap.put(SAML2Constants.BINDING, binding);
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest if (relayState != null) {
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest paramsMap.put(SAML2Constants.RELAY_STATE, relayState);
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest }
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest if (affiliationID != null) {
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest paramsMap.put(SAML2Constants.AFFILIATION_ID, affiliationID);
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest }
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest Object sess = SAML2Utils.checkSession(request,response,
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest metaAlias, paramsMap);
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest if (sess == null) {
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest return;
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest }
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest DoManageNameID.initiateManageNameIDRequest(request,response,
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest metaAlias, spEntityID, paramsMap);
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest if (binding.equalsIgnoreCase(SAML2Constants.SOAP)) {
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest if (relayState != null && SAML2Utils.isRelayStateURLValid(request, relayState, SAML2Constants.IDP_ROLE) &&
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest ESAPI.validator().isValidInput("HTTP URL Value: " + relayState, relayState, "URL", 2000, true)) {
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest response.sendRedirect(relayState);
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest } else {
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest %>
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest <jsp:forward page="/saml2/jsp/default.jsp?message=mniSuccess" />
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest <%
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest }
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest }
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest } catch (SAML2Exception e) {
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest SAML2Utils.debug.error("Error processing ManageNameID Request ",e);
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest "requestProcessingMNIError",
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest SAML2Utils.bundle.getString("requestProcessingMNIError"));
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest return;
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest }
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest%>
402cd5da45d9182b81c16a13c3568faf78701827Andrew Forrest