spMNIRequestInit.jsp revision e8721886dbfd32e88cc7077cbee4b6bb1b44b443
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye The contents of this file are subject to the terms
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye of the Common Development and Distribution License
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye (the License). You may not use this file except in
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye compliance with the License.
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye You can obtain a copy of the License at
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye https://opensso.dev.java.net/public/CDDLv1.0.html or
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye See the License for the specific language governing
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye permission and limitations under the License.
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye When distributing Covered Code, include this CDDL
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye Header Notice in each file and include the License file
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye If applicable, add the following below the CDDL Header,
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye with the fields enclosed by brackets [] replaced by
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye your own identifying information:
349b53dd4e695e3d833b5380540385145b2d3ae8Stuart Maybee "Portions Copyrighted [year] [name of copyright owner]"
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye $Id: spMNIRequestInit.jsp,v 1.12 2009/10/15 00:00:41 exu Exp $
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye<%@ page import="com.sun.identity.shared.debug.Debug" %>
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye<%@ page import="com.sun.identity.federation.common.FSUtils" %>
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye<%@ page import="com.sun.identity.saml2.meta.SAML2MetaManager" %>
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye<%@ page import="com.sun.identity.saml2.meta.SAML2MetaUtils" %>
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye<%@ page import="com.sun.identity.saml2.profile.DoManageNameID" %>
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye<%@ page import="java.util.HashMap" %>
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye idpMNIRequestInit.jsp initiates the ManageNameIDRequest at
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye the Identity Provider.
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye Required parameters to this jsp are :
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye - metaAlias - identifier for Service Provider
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye - idpEntityID - identifier for Identity Provider
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye - requestType - the request type of ManageNameIDRequest (Terminate / NewID)
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye Somce of the other optional parameters are :
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye - relayState - the target URL on successful complete of the Request
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye Check the SAML2 Documentation for supported parameters.
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye // Retreive the Request Query Parameters
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye // metaAlias, idpEntiyID and RequestType are the required query parameters
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye // metaAlias - Hosted Entity Id
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye // idpEntityID - Identity Provider Identifier
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye // requestType - the request type of ManageNameIDRequest (Terminate / NewID)
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye // affiliationID - affiliation entity ID
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye // Query parameters supported will be documented.
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye if (FSUtils.needSetLBCookieAndRedirect(request, response, false)) {
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye String metaAlias = request.getParameter("metaAlias");
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye if ((metaAlias == null) || (metaAlias.length() == 0)) {
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye "nullIDPEntityID",
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye SAML2Utils.bundle.getString("nullIDPEntityID"));
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye String idpEntityID = request.getParameter("idpEntityID");
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye if ((idpEntityID == null) || (idpEntityID.length() == 0)) {
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye "nullIDPEntityID",
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye SAML2Utils.bundle.getString("nullIDPEntityID"));
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye String binding = DoManageNameID.getMNIBindingInfo(request, metaAlias,
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye SAML2MetaManager metaManager= new SAML2MetaManager();
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye String hostEntity = metaManager.getEntityByMetaAlias(metaAlias);
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye realm, hostEntity, SAML2Constants.MNI_SERVICE, binding))
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye "unsupportedBinding",
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye SAML2Utils.bundle.getString("unsupportedBinding"));
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye String requestType = request.getParameter("requestType");
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye if ((requestType == null) || (requestType.length() == 0)) {
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye "nullRequestType",
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye SAML2Utils.bundle.getString("nullRequestType"));
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye String RelayState = request.getParameter(SAML2Constants.RELAY_STATE);
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye if ((RelayState == null) || (RelayState.equals(""))) {
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye RelayState = SAML2Utils.getAttributeValueFromSSOConfig(
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye realm, hostEntity, SAML2Constants.SP_ROLE,
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye String affiliationID =
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye request.getParameter(SAML2Constants.AFFILIATION_ID);
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye HashMap paramsMap = new HashMap();
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye paramsMap.put("metaAlias", metaAlias);
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye paramsMap.put("idpEntityID", idpEntityID);
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye paramsMap.put("requestType", requestType);
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye paramsMap.put(SAML2Constants.ROLE, SAML2Constants.SP_ROLE);
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye paramsMap.put(SAML2Constants.BINDING, binding);
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye if (RelayState != null && !RelayState.equals("")) {
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye paramsMap.put(SAML2Constants.RELAY_STATE, RelayState);
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye if (affiliationID != null) {
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye paramsMap.put(SAML2Constants.AFFILIATION_ID, affiliationID);
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye Object sess = SAML2Utils.checkSession(request,response,
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye metaAlias, paramsMap);
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye if (sess == null) {
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye DoManageNameID.initiateManageNameIDRequest(request,response,
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye metaAlias, idpEntityID, paramsMap);
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye if (binding.equalsIgnoreCase(SAML2Constants.SOAP)) {
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye if (RelayState != null && !RelayState.equals("")) {
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye <jsp:forward page="/saml2/jsp/default.jsp?message=mniSuccess" />
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye } catch (SAML2Exception e) {
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye SAML2Utils.debug.error("Error sending ManageNameIDRequest " , e);
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye "requestProcessingMNIError",
e4b86885570d77af552e9cf94f142f4d744fb8c8Cheng Sean Ye SAML2Utils.bundle.getString("requestProcessingMNIError") + " " +