spAssertionConsumer.jsp revision 94c4282963f7db4f8703c196fecb5826a6c9b729
669e108d6753b27a9745cc506193a9e0b32d217cEvan Hunt DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
669e108d6753b27a9745cc506193a9e0b32d217cEvan Hunt Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
45fd95544cd650a8e6a0fc39b656d1109b811ac0Evan Hunt The contents of this file are subject to the terms
45fd95544cd650a8e6a0fc39b656d1109b811ac0Evan Hunt of the Common Development and Distribution License
76af83c9adb772f7b045c62cf8b411165bfaa5efMark Andrews (the License). You may not use this file except in
76af83c9adb772f7b045c62cf8b411165bfaa5efMark Andrews compliance with the License.
6552f33198438390724c5823b8dbcf477ec9638cEvan Hunt You can obtain a copy of the License at
6552f33198438390724c5823b8dbcf477ec9638cEvan Hunt https://opensso.dev.java.net/public/CDDLv1.0.html or
9e0cd8be9aa2b24fa373fe227c5eaf5641ac62f4Mark Andrews See the License for the specific language governing
9e0cd8be9aa2b24fa373fe227c5eaf5641ac62f4Mark Andrews permission and limitations under the License.
2a1860ad83294da4abe34a72bdb6f5a28b87f2efMark Andrews When distributing Covered Code, include this CDDL
2a1860ad83294da4abe34a72bdb6f5a28b87f2efMark Andrews Header Notice in each file and include the License file
de6469b663b55aacd19bdcdd925ce381f0c4b4dfMark Andrews If applicable, add the following below the CDDL Header,
de6469b663b55aacd19bdcdd925ce381f0c4b4dfMark Andrews with the fields enclosed by brackets [] replaced by
d389069a397c99347b5b281f90577e19e7662b03Mark Andrews your own identifying information:
d389069a397c99347b5b281f90577e19e7662b03Mark Andrews "Portions Copyrighted [year] [name of copyright owner]"
d389069a397c99347b5b281f90577e19e7662b03Mark Andrews $Id: spAssertionConsumer.jsp,v 1.17 2010/01/23 00:07:06 exu Exp $
fd2f4551d9498e1dce8e44a24e5e886ef2aa75cbMark Andrews Portions Copyrighted 2012-2016 ForgeRock AS.
7c66fc970082f2f8b4a7ae1bbfca3531ab6798b4Mark Andrewsimport="com.sun.identity.shared.encode.URLEncDec,
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecickicom.sun.identity.saml2.common.InvalidStatusCodeSaml2Exception,
802e0662ef6041078cb7bad4cdb197a295eab770Mark Andrewscom.sun.identity.plugin.session.SessionProvider,
3fe7c625ff1d4477806e5ecd700c5917ba2d7b90Mark Andrewscom.sun.identity.plugin.session.SessionException,
c034b72ba147e86ec40816fdf0cfb19c9ed7f1d6Witold Krecicki <title>SP Assertion Consumer Service</title>
82a50a619afa73ae9a212399505b9f1b327128cdMark Andrews private String getLocalLoginUrl(
82a50a619afa73ae9a212399505b9f1b327128cdMark Andrews String orgName,
2f1c460beaa1e372255e7a1b8aad8996f011816dMark Andrews String hostEntityId,
2f1c460beaa1e372255e7a1b8aad8996f011816dMark Andrews SAML2MetaManager metaManager,
9ee66e3a5b45654235472711439f9db1766c82caMark Andrews ResponseInfo respInfo,
9ee66e3a5b45654235472711439f9db1766c82caMark Andrews String requestURL,
af9b975ccc2f0e6d82a4dfc2daa6cedfc5f4bdc2Mark Andrews String relayState)
9ee66e3a5b45654235472711439f9db1766c82caMark Andrews String localLoginUrl = SPACSUtils.prepareForLocalLogin(
8b2b41ba4f8cabed897f2d852a6c07abfb23231eMark Andrews orgName, hostEntityId, metaManager, respInfo, requestURL);
8b2b41ba4f8cabed897f2d852a6c07abfb23231eMark Andrews if (localLoginUrl.indexOf("?") == -1) {
47f8b47b8df05aade51e35b31c3df46fb121a098Mark Andrews localLoginUrl += "?goto=";
fcadf0b3205be950da14c80fedbf088fc8fd2190Evan Hunt localLoginUrl += "&goto=";
fcadf0b3205be950da14c80fedbf088fc8fd2190Evan Hunt String gotoURL = requestURL + "?resID="
fcadf0b3205be950da14c80fedbf088fc8fd2190Evan Hunt + URLEncDec.encode(respInfo.getResponse().getID());
fcadf0b3205be950da14c80fedbf088fc8fd2190Evan Hunt if (relayState != null && relayState.length() != 0) {
47f8b47b8df05aade51e35b31c3df46fb121a098Mark Andrews gotoURL += "&RelayState=" + URLEncDec.encode(relayState);
47f8b47b8df05aade51e35b31c3df46fb121a098Mark Andrews localLoginUrl += URLEncDec.encode(gotoURL);
8269f06a0fdaf5f4f03ffb20a3c0effd557c794cMark Andrews SAML2Utils.debug.message("spAssertionConsumer.jsp: local login "
31c7bf574e6e1b296c5cfa5699e4f2007fbd61cdMark Andrews + "url=" + localLoginUrl);
6f2752da7a1036cd59be17236ca66630d00f11cdMukund Sivaraman return localLoginUrl;
48ec547968d7da5b1240222c53a90efce25157a2Mark Andrews // set up audit logger and attach initial information
48ec547968d7da5b1240222c53a90efce25157a2Mark Andrews AuditEventPublisher aep = InjectorHolder.getInstance(AuditEventPublisher.class);
48ec547968d7da5b1240222c53a90efce25157a2Mark Andrews AuditEventFactory aef = InjectorHolder.getInstance(AuditEventFactory.class);
095c47be5456c17087d7b39dfc97ebee65e0dfbbMark Andrews SAML2Auditor saml2Auditor = new SAML2Auditor(aep, aef, request);
095c47be5456c17087d7b39dfc97ebee65e0dfbbMark Andrews saml2Auditor.setMethod("spAssertionConsumer");
178dc0e1d617a6ef6387e9942ba9cdb370d1bde2Mark Andrews saml2Auditor.setSessionTrackingId(session.getId());
6aaf3d01a1a9829802498c5772b22d649d012181Mark Andrews // check request, response, content length
6aaf3d01a1a9829802498c5772b22d649d012181Mark Andrews if ((request == null) || (response == null)) {
6aaf3d01a1a9829802498c5772b22d649d012181Mark Andrews SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
e51ba2650025460b26092fb2500e0b6dfbf6d548Mark Andrews "nullInput", SAML2Utils.bundle.getString("nullInput"));
e51ba2650025460b26092fb2500e0b6dfbf6d548Mark Andrews saml2Auditor.auditAccessFailure(String.valueOf(response.SC_BAD_REQUEST),
15bee593e70faca91a00331184fbbbc66080d422Mark Andrews // to avoid dos attack
15bee593e70faca91a00331184fbbbc66080d422Mark Andrews // or use SAML2Utils?
af326c2e3f90d86a8966a1298d7aa157667f97cdEvan Hunt } catch (ServletException se) {
af326c2e3f90d86a8966a1298d7aa157667f97cdEvan Hunt SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
af326c2e3f90d86a8966a1298d7aa157667f97cdEvan Hunt "largeContentLength", se.getMessage());
ce786900292468e465fb74df8712a625ce10e103Mukund Sivaraman saml2Auditor.auditAccessFailure(String.valueOf(response.SC_BAD_REQUEST),
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews if (FSUtils.needSetLBCookieAndRedirect(request, response, false)) {
f503aa345b451f94875a5bab637223bcbbd93b6dEvan Hunt String requestURL = request.getRequestURL().toString();
f503aa345b451f94875a5bab637223bcbbd93b6dEvan Hunt // get entity id and realm
7df3f06c0bf0b78a88221348d6af6704d9ece7efMark Andrews String metaAlias = SAML2MetaUtils.getMetaAliasByUri(requestURL);
7df3f06c0bf0b78a88221348d6af6704d9ece7efMark Andrews String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
a3253fb44c15a52bbb19bb38592b4dc02a004527Tinderbox User if (realm == null || realm.length() == 0) {
d1cacbb37474b0cbee6c1ddd05d27f731b2b43baMark Andrews realm = "/";
2be9d18ee9bd1b4eec4720218e4f43352603291fMark Andrews SAML2MetaManager metaManager = SAML2Utils.getSAML2MetaManager();
2be9d18ee9bd1b4eec4720218e4f43352603291fMark Andrews if (metaManager == null) {
65a3f6329735860093004f6b0fe69d6be886417bTinderbox User SAMLUtils.sendError(request, response,
8b82b4982c21dfeb164f04700c7204f6541a7856Evan Hunt response.SC_INTERNAL_SERVER_ERROR, "errorMetaManager",
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews SAML2Utils.bundle.getString("errorMetaManager"));
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews saml2Auditor.auditAccessFailure(String.valueOf(response.SC_BAD_REQUEST),
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews SAML2Utils.bundle.getString("errorMetaManager"));
e8c70b0c35c27a28ea2e0cafb252e1774ccc1727Mark Andrews String hostEntityId = null;
e8c70b0c35c27a28ea2e0cafb252e1774ccc1727Mark Andrews hostEntityId = metaManager.getEntityByMetaAlias(metaAlias);
7204d08a319cf590ae4280b8cc20999320398574Mark Andrews } catch (SAML2MetaException sme) {
7204d08a319cf590ae4280b8cc20999320398574Mark Andrews SAMLUtils.sendError(request, response,
7204d08a319cf590ae4280b8cc20999320398574Mark Andrews response.SC_INTERNAL_SERVER_ERROR, "metaDataError",
6ce5279d0f30c8c760e27baf92bb44b3f4962354Evan Hunt SAML2Utils.bundle.getString("metaDataError"));
6ce5279d0f30c8c760e27baf92bb44b3f4962354Evan Hunt saml2Auditor.auditAccessFailure(String.valueOf(response.SC_INTERNAL_SERVER_ERROR),
6ce5279d0f30c8c760e27baf92bb44b3f4962354Evan Hunt SAML2Utils.bundle.getString("metaDataError"));
f5898cf3484b1588d5239faa4062a2b2b606ce91Evan Hunt if (hostEntityId == null) {
f5898cf3484b1588d5239faa4062a2b2b606ce91Evan Hunt SAMLUtils.sendError(request, response,
f5898cf3484b1588d5239faa4062a2b2b606ce91Evan Hunt response.SC_INTERNAL_SERVER_ERROR, "metaDataError",
f5898cf3484b1588d5239faa4062a2b2b606ce91Evan Hunt SAML2Utils.bundle.getString("metaDataError"));
f5898cf3484b1588d5239faa4062a2b2b606ce91Evan Hunt saml2Auditor.auditAccessFailure(String.valueOf(response.SC_INTERNAL_SERVER_ERROR),
f5898cf3484b1588d5239faa4062a2b2b606ce91Evan Hunt SAML2Utils.bundle.getString("metaDataError"));
c27c710939766a7bb315bde1f12ab18d93c77cc8Mark Andrews String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
4e9a1ad22618a46dab82eeb2d030190cec0afbc6Mukund Sivaraman // federate flag
4e9a1ad22618a46dab82eeb2d030190cec0afbc6Mukund Sivaraman String federate = request.getParameter(SAML2Constants.FEDERATE);
4e9a1ad22618a46dab82eeb2d030190cec0afbc6Mukund Sivaraman SessionProvider sessionProvider = null;
4e9a1ad22618a46dab82eeb2d030190cec0afbc6Mukund Sivaraman ResponseInfo respInfo = null;
555469af35c12189525921abbc3de3cefb5f9f0fMark Andrews sessionProvider = SessionManager.getProvider();
555469af35c12189525921abbc3de3cefb5f9f0fMark Andrews } catch (SessionException se) {
c5342425ea5568af04f4b87d5d9690453b21c9f1Mark Andrews SAMLUtils.sendError(request, response,
c5342425ea5568af04f4b87d5d9690453b21c9f1Mark Andrews response.SC_INTERNAL_SERVER_ERROR, "nullSessionProvider",
b4bbf494183e4158b417d9200297ff0764af2f9dMark Andrews saml2Auditor.auditAccessFailure(se.getErrorCode(), se.getLocalizedMessage());
f3a4a5f8db3d9fd352a3e2eb6be779a78da03f52Mark Andrews request, response, realm, hostEntityId, metaManager);
2fb6d3782b548ba678cfb8ff09e0d1e49fafb84dMark Andrews saml2Auditor.setRequestId(respInfo.getResponse().getInResponseTo());
2fb6d3782b548ba678cfb8ff09e0d1e49fafb84dMark Andrews } catch (SAML2Exception se) {
2fb6d3782b548ba678cfb8ff09e0d1e49fafb84dMark Andrews // Only do a sendError if one hasn't already been called.
2fb6d3782b548ba678cfb8ff09e0d1e49fafb84dMark Andrews SAMLUtils.sendError(request, response,
2fb6d3782b548ba678cfb8ff09e0d1e49fafb84dMark Andrews response.SC_INTERNAL_SERVER_ERROR, "getResponseError",
bc09fd1365d1a48972fa99cd6ed2aa788a28ef33Mark Andrews saml2Auditor.auditAccessFailure(se.getErrorCode(), se.getLocalizedMessage());
36be0aad8ec241987e1866a547372eb28ee7dc09Mark Andrews String ecpRelayState = respInfo.getRelayState();
36be0aad8ec241987e1866a547372eb28ee7dc09Mark Andrews if ((ecpRelayState != null) && (ecpRelayState.length() > 0)) {
33f91e248b67afa96c5b855ba3ace20b5d89dbd0Mark Andrews relayState = ecpRelayState;
51227d6f16840ae359701b5d56970a5f3860db5aEvan Hunt Object token = null;
51227d6f16840ae359701b5d56970a5f3860db5aEvan Hunt token = sessionProvider.getSession(request);
9e4811dc90cca1f6f2d1ef86182f9613add06df3Mark Andrews } catch (SessionException se) {
12b791ae2018561482f3b68dd6658c2ad1a4d934Mark Andrews "spAssertionConsumer.jsp: Token is null." +
080582dc4739cabf0170b54e9a453785d577e364Mark Andrews token = null;
3a71cd8ca3c4970b71ef503553eda2666ce3d2b1Mark Andrews if (federate != null && federate.trim().equals("true") &&
3a71cd8ca3c4970b71ef503553eda2666ce3d2b1Mark Andrews token == null) {
02ceed9f83f82f0de35c7bd73c27a33d4f0fe9cbMark Andrews SAML2Utils.debug.message("spAssertionConsumer.jsp: federate "
02ceed9f83f82f0de35c7bd73c27a33d4f0fe9cbMark Andrews + "is true, and token is null. do local login first.");
32431c79c76257130e1b31223e59a614e19bea1bEvan Hunt FSUtils.forwardRequest(request, response,
32431c79c76257130e1b31223e59a614e19bea1bEvan Hunt getLocalLoginUrl(realm, hostEntityId, metaManager, respInfo, requestURL, relayState));
8db83c1e908ac92a28ad0dd6dc2bdcff1d20084cWitold Krecicki saml2Auditor.auditForwardToLocalUserLogin();
ba340e446906b21925df63b0dec9b299ef093ad2Witold Krecicki Object newSession = null;
b62db16a580addacf9b2a4d0a6e272632ad5712aMark Andrews Response saml2Resp = respInfo.getResponse();
b62db16a580addacf9b2a4d0a6e272632ad5712aMark Andrews String requestID = saml2Resp.getInResponseTo();
72cc860dd232dd8ae1b792c7c7c5d929211ed161Mark Andrews boolean isProxyOn = IDPProxyUtil.isIDPProxyEnabled(requestID);
b7161f9898405faee05ba72a63ad10e4541f1346Mark Andrews newSession = SPACSUtils.processResponse( request, response, new PrintWriter(out, true), metaAlias, token,
b7161f9898405faee05ba72a63ad10e4541f1346Mark Andrews respInfo, realm, hostEntityId, metaManager, saml2Auditor);
b7161f9898405faee05ba72a63ad10e4541f1346Mark Andrews saml2Auditor.setUserId(sessionProvider.getPrincipalName(newSession));
b7161f9898405faee05ba72a63ad10e4541f1346Mark Andrews } catch (SAML2Exception se) {
6d609c3cbe7d91bf02ac60a4a34cc4bffa13a3e6Evan Hunt String[] data = {hostEntityId, se.getMessage(), ""};
6d609c3cbe7d91bf02ac60a4a34cc4bffa13a3e6Evan Hunt data[2] = saml2Resp.toXMLString(true, true);
b83e886b3023c9a3bb40f20e399c3d2d40604eadEvan Hunt LogUtil.error(Level.INFO, LogUtil.SP_SSO_FAILED, data, null);
b83e886b3023c9a3bb40f20e399c3d2d40604eadEvan Hunt if (se instanceof InvalidStatusCodeSaml2Exception) {
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt if (isProxyOn) {
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt SAML2Utils.debug.error("spAssertionConsumer.jsp: Non-Success status code in response");
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt String firstlevelStatusCodeValue = ((InvalidStatusCodeSaml2Exception) se).getFirstlevelStatuscode();
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt String secondlevelStatusCodeValue = ((InvalidStatusCodeSaml2Exception) se).getSecondlevelStatuscode();
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt IDPProxyUtil.sendResponseWithStatus(request, response, new PrintWriter(out, true),
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt requestID, metaAlias, hostEntityId, realm, firstlevelStatusCodeValue,
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt secondlevelStatusCodeValue);
801707fe19600313a0b1f7845a518100f69e58b6Evan Hunt } catch (SAML2Exception samle) {
adb0ac475d4a58404812eee3a158447decf9e026Tinderbox User SAML2Utils.debug.error("Failed to send response with status ", samle);
529d8a7cf1960f96a78d1b2b004aa63aff80b16bMark Andrews SAML2Utils.debug.error("spAssertionConsumer.jsp: SSO failed.", se);
1fe29e5d65d81d1ff0b94bfa7ce80f506a62af91Witold Krecicki if (se.getMessage().equals(SAML2Utils.bundle.getString("noUserMapping"))) {
d907426f0f5b6100cbe4d03e417f59ce67ff171bEvan Hunt SAML2Utils.debug.message("spAssertionConsumer.jsp:need local login!!");
d907426f0f5b6100cbe4d03e417f59ce67ff171bEvan Hunt FSUtils.forwardRequest(request, response,
f0fe1930a2350c1110bff2203e48335c147ca52dEvan Hunt getLocalLoginUrl(realm, hostEntityId, metaManager, respInfo, requestURL, relayState));
a78396e6522d807dceb81c09cfdbca9acee3cc00Evan Hunt saml2Auditor.auditAccessFailure(String.valueOf(response.SC_INTERNAL_SERVER_ERROR),
181125e682a4a7de03baedc099d4006ffd6d972cTinderbox User SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "SSOFailed",
1ddde9710ed9298bf8cd4dfd1921ec363e308f87Mark Andrews if (newSession == null) {
2d5581de6e5d6606a8acef041ca808f4b8e24b1bMukund Sivaraman SAML2Utils.debug.message("Session is null.");
2d5581de6e5d6606a8acef041ca808f4b8e24b1bMukund Sivaraman SAML2Utils.debug.message("spAssertionConsumer.jsp:Login has failed!!");
a217937e597bbdaa1805d13cf85c9a9d6131b884Tinderbox User SAMLUtils.sendError(request, response, response.SC_INTERNAL_SERVER_ERROR, "SSOFailed",
3525200d9fb0e70aec4f6a3c7e0ed5a7dd8398afEvan Hunt response.SC_INTERNAL_SERVER_ERROR), SAML2Utils.bundle.getString("SSOFailed"));
28303a06cec9c9c71ffb8164c85e47281dfca873Mark Andrews String[] redirected = sessionProvider.getProperty(newSession,
8a659aae94652e1dd151705551cca1dab7cafd75Mark Andrews if ((redirected != null) && (redirected.length != 0) &&
8a659aae94652e1dd151705551cca1dab7cafd75Mark Andrews redirected[0].equals("true")) {
4d8940486ca555f8308c503eef3bd479c0095eb8Mark Andrews SAML2Utils.debug.message("Redirection already done in SPAdapter.");
35c014cb1d151983c455ad1ac99093591cbda97aMark Andrews // response redirected already in SPAdapter
a16f42441a0bdfc911aafe841a975af55181f2f0Mukund Sivaraman if (isProxyOn) {
61b1075ddbc2d32043531dd90c20043f419fcfb7Mark Andrews IDPProxyUtil.generateProxyResponse(request, response, new PrintWriter(out, true), metaAlias, respInfo,
f555b59e3678ba3e67201ef158b5f355e6d3ce13Mark Andrews newSession, saml2Auditor);
b740318a42e7e9e9511c4a3213a81a51257c1ab9Mark Andrews } catch (SAML2Exception se) {
f555b59e3678ba3e67201ef158b5f355e6d3ce13Mark Andrews SAML2Utils.debug.error("Failed sending proxy response", se);
8d9a134fe75c57052094b30ad43a20582ad71ebfMark Andrews saml2Auditor.auditAccessFailure(se.getErrorCode(), se.getLocalizedMessage());
c2a6e9d347ea5364041d4241e4683d076d4e091bMark Andrews // redirect to relay state
c2a6e9d347ea5364041d4241e4683d076d4e091bMark Andrews String finalUrl = SPACSUtils.getRelayState(relayState, realm, hostEntityId, metaManager);
cccfafa31131844c3b82e4c92f87f243d7ca3287Mark Andrews String realFinalUrl = finalUrl;
cccfafa31131844c3b82e4c92f87f243d7ca3287Mark Andrews if (finalUrl != null && finalUrl.length() != 0) {
e8555412f186ad05a064591bcb25c2f7d7395756Mark Andrews realFinalUrl = sessionProvider.rewriteURL(newSession, finalUrl);
e8555412f186ad05a064591bcb25c2f7d7395756Mark Andrews } catch (SessionException se) {
f5b0ad3c8d4b665037b4eeda2fc24547c698c012Witold Krecicki "spAssertionConsumer.jsp: URL rewriting failed.", se);
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews realFinalUrl = finalUrl;
50a3eae6cf9a401ea70f5e81579f14f829f3e457Mark Andrews String redirectUrl = SPACSUtils.getIntermediateURL(realm, hostEntityId, metaManager);
50a3eae6cf9a401ea70f5e81579f14f829f3e457Mark Andrews String realRedirectUrl = null;
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews if (redirectUrl != null && redirectUrl.length() != 0) {
8d49a1a0d1658952181cc686fc4dc62006baa1a7Mark Andrews if (realFinalUrl != null && realFinalUrl.length() != 0) {
8d49a1a0d1658952181cc686fc4dc62006baa1a7Mark Andrews if (redirectUrl.indexOf("?") != -1) {
8d49a1a0d1658952181cc686fc4dc62006baa1a7Mark Andrews redirectUrl += "&goto=";
97e13cc244a1fc67fd42c421c92ccead5e38a2f5Mark Andrews redirectUrl += "?goto=";
9f5443280fcfd625a06f63a1b457ed2335840278Mark Andrews redirectUrl += URLEncDec.encode(realFinalUrl);
c1a72112b2391bd8f149c5f19bdb12fa0d39fef4Mark Andrews realRedirectUrl = sessionProvider.rewriteURL(newSession, redirectUrl);
c1a72112b2391bd8f149c5f19bdb12fa0d39fef4Mark Andrews } catch (SessionException se) {
c1a72112b2391bd8f149c5f19bdb12fa0d39fef4Mark Andrews SAML2Utils.debug.message("spAssertionConsumer.jsp: URL rewriting failed.", se);
c1a72112b2391bd8f149c5f19bdb12fa0d39fef4Mark Andrews realRedirectUrl = redirectUrl;
7d262a3647a517a86d6d83058aedd18b7a6b06dfMark Andrews realRedirectUrl = redirectUrl;
f4c0d8db2b1a14e62660fa92f8aaf614b99d7f2fWitold Krecicki realRedirectUrl = finalUrl;
96d49a84fff54fe19b430c56912db0a55cf3ded8Mark Andrews if (realRedirectUrl == null || (realRedirectUrl.trim().length() == 0)) {
f4c0d8db2b1a14e62660fa92f8aaf614b99d7f2fWitold Krecicki if (isProxyOn) {
322efcb27d26cb5949ceabf6d3b93d0a2e25746fWitold Krecicki <jsp:forward page="/saml2/jsp/default.jsp?message=ssoSuccess" />
4681ab1fc2c40e1d70fae38e64630c72c51c300eWitold Krecicki SAML2Utils.validateRelayStateURL(realm, hostEntityId, realRedirectUrl, SAML2Constants.SP_ROLE);
b56bd9b59f590ade778ac6621fb5bede4001d8aeMark Andrews } catch (SAML2Exception se) {
b56bd9b59f590ade778ac6621fb5bede4001d8aeMark Andrews SAMLUtils.sendError(request, response,
b56bd9b59f590ade778ac6621fb5bede4001d8aeMark Andrews response.SC_BAD_REQUEST, "requestProcessingError",
96beefd76f597b77d4fcd51f8d766e5e59a2d216Mark Andrews SAML2Utils.bundle.getString("requestProcessingError") + " " + se.getMessage());
96beefd76f597b77d4fcd51f8d766e5e59a2d216Mark Andrews saml2Auditor.auditAccessFailure(se.getErrorCode(), se.getLocalizedMessage());
948fe5822b9c8489856bc38b3063e30e9d34fcd3Mark Andrews response.sendRedirect(realRedirectUrl);