spMNIRequestInit.jsp revision 4fcbcd38661c2b921ccda5af9413aaceaa790866
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync The contents of this file are subject to the terms
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync of the Common Development and Distribution License
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync (the License). You may not use this file except in
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync compliance with the License.
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync You can obtain a copy of the License at
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync https://opensso.dev.java.net/public/CDDLv1.0.html or
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync See the License for the specific language governing
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync permission and limitations under the License.
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync When distributing Covered Code, include this CDDL
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync Header Notice in each file and include the License file
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync If applicable, add the following below the CDDL Header,
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync with the fields enclosed by brackets [] replaced by
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync your own identifying information:
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync "Portions Copyrighted [year] [name of copyright owner]"
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync $Id: spMNIRequestInit.jsp,v 1.12 2009/10/15 00:00:41 exu Exp $
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync Portions Copyrighted 2013 ForgeRock AS
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync<%@ page import="com.sun.identity.federation.common.FSUtils" %>
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync<%@ page import="com.sun.identity.saml2.meta.SAML2MetaManager" %>
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync<%@ page import="com.sun.identity.saml2.meta.SAML2MetaUtils" %>
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync<%@ page import="com.sun.identity.saml2.profile.DoManageNameID" %>
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync<%@ page import="java.util.HashMap" %>
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync<%@ page import="org.owasp.esapi.ESAPI" %>
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync idpMNIRequestInit.jsp initiates the ManageNameIDRequest at
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync the Identity Provider.
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync Required parameters to this jsp are :
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync - metaAlias - identifier for Service Provider
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync - idpEntityID - identifier for Identity Provider
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync - requestType - the request type of ManageNameIDRequest (Terminate / NewID)
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync Somce of the other optional parameters are :
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync - relayState - the target URL on successful complete of the Request
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync Check the SAML2 Documentation for supported parameters.
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync // Retreive the Request Query Parameters
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync // metaAlias, idpEntiyID and RequestType are the required query parameters
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync // metaAlias - Hosted Entity Id
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync // idpEntityID - Identity Provider Identifier
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync // requestType - the request type of ManageNameIDRequest (Terminate / NewID)
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync // affiliationID - affiliation entity ID
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync // Query parameters supported will be documented.
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync if (FSUtils.needSetLBCookieAndRedirect(request, response, false)) {
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync String metaAlias = request.getParameter("metaAlias");
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync if ((metaAlias == null) || (metaAlias.length() == 0)) {
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync "nullIDPEntityID",
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync SAML2Utils.bundle.getString("nullIDPEntityID"));
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync String idpEntityID = request.getParameter("idpEntityID");
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync if ((idpEntityID == null) || (idpEntityID.length() == 0)) {
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync "nullIDPEntityID",
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync SAML2Utils.bundle.getString("nullIDPEntityID"));
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync String binding = DoManageNameID.getMNIBindingInfo(request, metaAlias,
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync SAML2MetaManager metaManager= new SAML2MetaManager();
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync String hostEntity = metaManager.getEntityByMetaAlias(metaAlias);
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync realm, hostEntity, SAML2Constants.MNI_SERVICE, binding))
b8e299dddd091ae24e0c08c45d91b8f937bd14d2vboxsync SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
SAML2Utils.bundle.getString("unsupportedBinding"));
String requestType = request.getParameter("requestType");
if ((requestType == null) || (requestType.length() == 0)) {
SAML2Utils.bundle.getString("nullRequestType"));
if (!ESAPI.validator().isValidInput("HTTP Query String: " + relayState, relayState, "HTTPQueryString", 2000, true)) {
if ((relayState == null) || (relayState.isEmpty())) {
relayState = SAML2Utils.getAttributeValueFromSSOConfig(
realm, hostEntity, SAML2Constants.SP_ROLE,
paramsMap.put("metaAlias", metaAlias);
paramsMap.put("idpEntityID", idpEntityID);
paramsMap.put("requestType", requestType);
if (relayState != null && !relayState.isEmpty()) {
Object sess = SAML2Utils.checkSession(request,response,
DoManageNameID.initiateManageNameIDRequest(request,response,
if (relayState != null && !relayState.isEmpty() &&
ESAPI.validator().isValidInput("HTTP URL Value: " + relayState, relayState, "URL", 2000, true)) {
response.sendRedirect(relayState);
<jsp:forward page="/saml2/jsp/default.jsp?message=mniSuccess" />
SAML2Utils.debug.error("Error sending ManageNameIDRequest " , e);
SAML2Utils.bundle.getString("requestProcessingMNIError") + " " +
e.getMessage());