saml2/jsp/idpSSOInit.jsp

	idpSSOInit.jsp revision f5efa5619bc4c83c0a58f55945e87d480e1011da
1N/A<%--
1N/A   DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
1N/A
1N/A   Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
1N/A
1N/A   The contents of this file are subject to the terms
1N/A   of the Common Development and Distribution License
1N/A   (the License). You may not use this file except in
1N/A   compliance with the License.
1N/A
1N/A   You can obtain a copy of the License at
1N/A   https://opensso.dev.java.net/public/CDDLv1.0.html or
1N/A   opensso/legal/CDDLv1.0.txt
1N/A   See the License for the specific language governing
1N/A   permission and limitations under the License.
1N/A
1N/A   When distributing Covered Code, include this CDDL
1N/A   Header Notice in each file and include the License file
1N/A   at opensso/legal/CDDLv1.0.txt.
1N/A   If applicable, add the following below the CDDL Header,
1N/A   with the fields enclosed by brackets [] replaced by
1N/A   your own identifying information:
1N/A   "Portions Copyrighted [year] [name of copyright owner]"
1N/A
1N/A   $Id: idpSSOInit.jsp,v 1.9 2009/06/24 23:05:30 mrudulahg Exp $
1N/A
1N/A   Portions Copyrighted 2013-2016 ForgeRock AS.
1N/A--%>
1N/A
1N/A<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
1N/A<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
1N/A<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
1N/A<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
1N/A<%@ page import="com.sun.identity.saml2.meta.SAML2MetaUtils" %>
1N/A<%@ page import="com.sun.identity.saml2.profile.IDPSSOUtil" %>
1N/A<%@ page import="java.io.PrintWriter" %>
1N/A<%@ page import="org.forgerock.guice.core.InjectorHolder" %>
1N/A<%@ page import="org.forgerock.openam.audit.AuditEventPublisher" %>
1N/A<%@ page import="org.forgerock.openam.saml2.audit.SAML2Auditor" %>
1N/A<%@ page import="org.forgerock.openam.audit.AuditEventFactory" %>
1N/A
1N/A<%--
1N/A    idpssoinit.jsp initiates Unsolicited SSO at the Identity Provider.
1N/A
1N/A    Following are the list of supported query parameters :
1N/A
1N/A    Required parameters to this jsp are :
1N/A
1N/A    Query Parameter Name    Description
1N/A
1N/A    1. metaAlias        MetaAlias for Identity Provider. The format of
1N/A                this parameter is /realm_name/IDP name.
1N/A
1N/A    2. spEntityID       Identifier for Service Provider.
1N/A
1N/A    Optional Query Parameters :
1N/A
1N/A    Query Parameter Name    Description
1N/A
1N/A    3. RelayState       Target URL on successful complete of SSO/Federation
1N/A
1N/A    4. RelayStateAlias      Specify the parameter(s) to use as the RelayState.
1N/A                            e.g. if the request URL has :
1N/A                             ?TARGET=http://server:port/uri&RelayStateAlias=TARGET
1N/A                            then the TARGET query parameter will be interpreted as
1N/A                            RelayState and on successful completion of
1N/A                            SSO/Federation user will be redirected to the TARGET URL.
1N/A
1N/A
1N/A    5. NameIDFormat     NameID format Identifier Value.
1N/A                For example,
1N/A                                urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
1N/A                                urn:oasis:names:tc:SAML:2.0:nameid-format:transient
1N/A
1N/A    6. binding              URI value that identifies a SAML protocol binding to
1N/A                            used when returning the Response message.
1N/A                            The supported values are :
1N/A                                HTTP-Artifact
1N/A                                HTTP-POST
1N/A
1N/A                NOTE: There are other SAML defined values for these
1N/A                  which are not supported by FM/AM.
1N/A    7. affiliationID        affiliation entity ID
1N/A--%>
1N/A<%
1N/A    AuditEventPublisher aep = InjectorHolder.getInstance(AuditEventPublisher.class);
1N/A    AuditEventFactory aef = InjectorHolder.getInstance(AuditEventFactory.class);
1N/A    SAML2Auditor saml2Auditor = new SAML2Auditor(aep, aef, request);
1N/A    saml2Auditor.setMethod("idpSSOInit");
1N/A    saml2Auditor.setSessionTrackingId(session.getId());
1N/A    saml2Auditor.auditAccessAttempt();
1N/A    // Retrieve the Request Query Parameters
1N/A    // metaAlias and spEntiyID are the required query parameters
1N/A    // metaAlias - Identity Provider Entity Id
1N/A    // spEntityID - Service Provider Identifier
1N/A
1N/A    try {
1N/A        String cachedResID = request.getParameter(SAML2Constants.RES_INFO_ID);
1N/A        // if this id is set, then this is a redirect from the COT
1N/A        // cookie writer. There is already an assertion response
1N/A        // cached in this provider. Send it back directly.
1N/A        if ((cachedResID != null) && (cachedResID.length() != 0)) {
1N/A            IDPSSOUtil.sendResponse(request, response, new PrintWriter(out, true), cachedResID);
1N/A            return;
1N/A        }
1N/A
1N/A        String metaAlias = request.getParameter("metaAlias");
1N/A        saml2Auditor.setRealm(SAML2MetaUtils.getRealmByMetaAlias(metaAlias));
1N/A        if ((metaAlias ==  null) || (metaAlias.length() == 0)) {
1N/A            SAMLUtils.sendError(
1N/A                    request, response, response.SC_BAD_REQUEST, "nullIDPEntityID",
1N/A                    SAML2Utils.bundle.getString("nullIDPEntityID"));
1N/A            saml2Auditor.auditAccessFailure(String.valueOf(response.SC_BAD_REQUEST),
1N/A                    SAML2Utils.bundle.getString("nullSPEntityID"));
1N/A            return;
1N/A        }
1N/A        String spEntityID = request.getParameter("spEntityID");
1N/A
1N/A        if ((spEntityID == null) || (spEntityID.length() == 0)) {
1N/A            SAMLUtils.sendError(
1N/A                    request, response, response.SC_BAD_REQUEST, "nullSPEntityID",
1N/A                    SAML2Utils.bundle.getString("nullSPEntityID"));
1N/A            saml2Auditor.auditAccessFailure(String.valueOf(response.SC_BAD_REQUEST),
1N/A                    SAML2Utils.bundle.getString("nullSPEntityID"));
1N/A            return;
1N/A        }
1N/A
1N/A        // get the nameIDPolicy
1N/A        String nameIDFormat = request.getParameter(SAML2Constants.NAMEID_POLICY_FORMAT);
1N/A        String relayState = SAML2Utils.getRelayState(request);
1N/A        IDPSSOUtil.doSSOFederate(request, response, new PrintWriter(out, true), null, spEntityID, metaAlias,
1N/A                nameIDFormat, relayState, saml2Auditor);
1N/A        saml2Auditor.auditAccessSuccess();
1N/A    } catch (SAML2Exception sse) {
1N/A        SAML2Utils.debug.error("Error processing request " , sse);
1N/A        SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
1N/A            "requestProcessingError",
1N/A            SAML2Utils.bundle.getString("requestProcessingError") + " " +
1N/A            sse.getMessage());
1N/A        saml2Auditor.auditAccessFailure(String.valueOf(response.SC_BAD_REQUEST),
1N/A                SAML2Utils.bundle.getString("requestProcessingError"));
1N/A        return;
1N/A    } catch (Exception e) {
1N/A        SAML2Utils.debug.error("Error processing request ",e);
1N/A        SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
1N/A            "requestProcessingError",
1N/A            SAML2Utils.bundle.getString("requestProcessingError") + " " +
1N/A            e.getMessage());
1N/A        saml2Auditor.auditAccessFailure(String.valueOf(response.SC_BAD_REQUEST),
1N/A                SAML2Utils.bundle.getString("requestProcessingError"));
1N/A        return;
1N/A    }
1N/A%>
1N/A