idpMNIRequestInit.jsp revision 4fcbcd38661c2b921ccda5af9413aaceaa790866
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User<%--
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
7a2a1b8b14fc804ac80612d7b98064095e445be5Automatic Updater
7a42357217528037bdfedcb17eeebfe96ae4266aAutomatic Updater Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
1167fc7904c5f0a472f8df207ac46dd52c7f1ec8Automatic Updater
0c39b3ed9409ecb277d5e32fa763a4e4d6598df8Automatic Updater The contents of this file are subject to the terms
46da3117812814a29432a8d9a9ccf8acdbfdadceAutomatic Updater of the Common Development and Distribution License
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User (the License). You may not use this file except in
fe84edc17e0d582cf7b4270f8df9d4742a107b1cAutomatic Updater compliance with the License.
79b273c187a4aa1016a62181983dfdd0521681aeMark Andrews
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User You can obtain a copy of the License at
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington https://opensso.dev.java.net/public/CDDLv1.0.html or
b253dcf9668f95e141bce9556dc88e30d3305a1dTinderbox User opensso/legal/CDDLv1.0.txt
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User See the License for the specific language governing
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User permission and limitations under the License.
1ac49378a458420bc685293d12e567d7222d17b6Tinderbox User
bbde8dc56605130058a1540609264fa109da3b63Automatic Updater When distributing Covered Code, include this CDDL
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Header Notice in each file and include the License file
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater at opensso/legal/CDDLv1.0.txt.
3cc98b8ecedcbc8465f1cf2740b966b315662430Automatic Updater If applicable, add the following below the CDDL Header,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews with the fields enclosed by brackets [] replaced by
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews your own identifying information:
a01aa536188bb3535dfc1107a623e6355a8e6b7cMark Andrews "Portions Copyrighted [year] [name of copyright owner]"
89623368b8f662d458d9964b923050f33c5f75b0Tinderbox User
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews $Id: idpMNIRequestInit.jsp,v 1.10 2009/10/15 00:00:40 exu Exp $
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews--%>
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<%--
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater Portions Copyrighted 2013 ForgeRock AS
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater--%>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater<%@ page import="com.sun.identity.federation.common.FSUtils" %>
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<%@ page import="com.sun.identity.saml2.meta.SAML2MetaUtils" %>
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt<%@ page import="com.sun.identity.saml2.profile.DoManageNameID" %>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<%@ page import="java.util.HashMap" %>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<%@ page import="org.owasp.esapi.ESAPI" %>
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt<%--
e130ab53e992670e2a2ecf043976ac09f21358d1Automatic Updater idpMNIRequestInit.jsp initiates the ManageNameIDRequest at
2d2dc37599979c83495510f8af8d1756753aa2c5Automatic Updater the Identity Provider.
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt Required parameters to this jsp are :
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User - metaAlias - identifier for Identity Provider
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater - spEntityID - identifier for Service Provider
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater - requestType - the request type of ManageNameIDRequest (Terminate / NewID)
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater Somce of the other optional parameters are :
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater - relayState - the target URL on successful complete of the Request
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater Check the SAML2 Documentation for supported parameters.
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater--%>
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews<%
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews // Retreive the Request Query Parameters
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User // metaAlias, spEntiyID and RequestType are the required query parameters
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User // metaAlias - Hosted Entity Id
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews // spEntityID - Service Provider Identifier
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater // requestType - the request type of ManageNameIDRequest (Terminate / NewID)
8e9f3b69914ee02a80b87c97b1f8093edb3e9ae0Automatic Updater // affiliationID - affiliation entity ID
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews // Query parameters supported will be documented.
a80993946f29ff39df38818ee9b2e58a4e46cb7eTinderbox User
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews if (FSUtils.needSetLBCookieAndRedirect(request, response, true)) {
930f6069e5aa157cf6987cdafd412f5757a5a558Automatic Updater return;
80faf1588895fd26490f82f95a7a1b771df1c324Automatic Updater }
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater try {
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews String metaAlias = request.getParameter("metaAlias");
114f7780384371121918624ae2c80ecfce545683Tinderbox User if ((metaAlias == null) || (metaAlias.length() == 0)) {
693c4232dfdffaff672197d4b9fea944c64cf80aAutomatic Updater SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews "nullIDPEntityID",
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater SAML2Utils.bundle.getString("nullIDPEntityID"));
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson return;
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater }
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews String idpEntityID =
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(metaAlias);
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater String spEntityID = request.getParameter("spEntityID");
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson if ((spEntityID == null) || (spEntityID.length() == 0)) {
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User "nullSPEntityID",
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews SAML2Utils.bundle.getString("nullSPEntityID"));
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews return;
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User }
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews String binding = DoManageNameID.getMNIBindingInfo(request, metaAlias,
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont SAML2Constants.IDP_ROLE, spEntityID);
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User if (!SAML2Utils.isIDPProfileBindingSupported(
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User realm, idpEntityID, SAML2Constants.MNI_SERVICE, binding))
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont {
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User "unsupportedBinding",
3349f0044fda807e1fd6681c833d3593a22dad86Tinderbox User SAML2Utils.bundle.getString("unsupportedBinding"));
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews return;
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews }
24bf1e02f03577db0feb50b80238c4150c96d05dAutomatic Updater
24bf1e02f03577db0feb50b80238c4150c96d05dAutomatic Updater String requestType = request.getParameter("requestType");
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews if ((requestType == null) || (requestType.length() == 0)) {
7500521cecdff3c00e594ec41d3a17292332ffbcTinderbox User SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
a308b69ac66fadf66863484f301314d6e6a3f1d2Automatic Updater "nullRequestType",
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews SAML2Utils.bundle.getString("nullRequestType"));
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews return;
a01aa536188bb3535dfc1107a623e6355a8e6b7cMark Andrews }
89623368b8f662d458d9964b923050f33c5f75b0Tinderbox User
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews if (!ESAPI.validator().isValidInput("HTTP Query String: " + relayState, relayState, "HTTPQueryString", 2000, true)) {
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews relayState = null;
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews }
01a5c5503482fb3ba52088bf0178a7213273bf96Mark Andrews String affiliationID =
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews request.getParameter(SAML2Constants.AFFILIATION_ID);
b871c7156eb037d41f53828c6fcb9cc876128962Mark Andrews
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater HashMap paramsMap = new HashMap();
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater paramsMap.put("metaAlias", metaAlias);
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater paramsMap.put("spEntityID", spEntityID);
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater paramsMap.put("requestType", requestType);
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater paramsMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE);
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater paramsMap.put(SAML2Constants.BINDING, binding);
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater if (relayState != null) {
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater paramsMap.put(SAML2Constants.RELAY_STATE, relayState);
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson }
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater
aa1d397c4736cd86540555193d71e55fa3b37b2aMark Andrews if (affiliationID != null) {
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson paramsMap.put(SAML2Constants.AFFILIATION_ID, affiliationID);
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater }
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater Object sess = SAML2Utils.checkSession(request,response,
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater metaAlias, paramsMap);
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater if (sess == null) {
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater return;
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater }
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson
f2770f6b39a9b2a98afb7a11ed105f73f1570c1eAutomatic Updater DoManageNameID.initiateManageNameIDRequest(request,response,
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User metaAlias, spEntityID, paramsMap);
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User if (binding.equalsIgnoreCase(SAML2Constants.SOAP)) {
1368e4b34cef64604c874fcc40201c78e548714cTinderbox User if (relayState != null && SAML2Utils.isRelayStateURLValid(request, relayState, SAML2Constants.IDP_ROLE) &&
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User ESAPI.validator().isValidInput("HTTP URL Value: " + relayState, relayState, "URL", 2000, true)) {
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User response.sendRedirect(relayState);
f132a836c4e386b1af045dd8fe7106ae61b90bffAutomatic Updater } else {
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater %>
c6a0f4ae1d7183a16ffb196b86b647f870694796Automatic Updater <jsp:forward page="/saml2/jsp/default.jsp?message=mniSuccess" />
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater <%
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User }
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User }
269519eeb959d905ed125f96426e01d725c3b597Tinderbox User } catch (SAML2Exception e) {
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater SAML2Utils.debug.error("Error processing ManageNameID Request ",e);
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater "requestProcessingMNIError",
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater SAML2Utils.bundle.getString("requestProcessingMNIError"));
8f2c45a35dd8c40bcc9caba8f7d40ce64fc27bcdAutomatic Updater }
4e0e18467f8ec5a9e5d0c538ce46bf07409ecf9bTinderbox User%>
e85565067cf73f8cc21ee29b11761659f1d47ee9Automatic Updater