spSSOInit.jsp revision f5efa5619bc4c83c0a58f55945e87d480e1011da
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync The contents of this file are subject to the terms
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync of the Common Development and Distribution License
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync (the License). You may not use this file except in
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync compliance with the License.
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync You can obtain a copy of the License at
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync https://opensso.dev.java.net/public/CDDLv1.0.html or
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync See the License for the specific language governing
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync permission and limitations under the License.
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync When distributing Covered Code, include this CDDL
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync Header Notice in each file and include the License file
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync If applicable, add the following below the CDDL Header,
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync with the fields enclosed by brackets [] replaced by
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync your own identifying information:
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync "Portions Copyrighted [year] [name of copyright owner]"
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync $Id: spSSOInit.jsp,v 1.11 2009/06/24 23:05:30 mrudulahg Exp $
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync Portions Copyright 2013-2016 ForgeRock AS.
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%@ page import="com.sun.identity.saml2.meta.SAML2MetaUtils" %>
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%@ page import="com.sun.identity.saml2.profile.SPCache" %>
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%@ page import="com.sun.identity.saml2.profile.SPSSOFederate" %>
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%@ page import="java.util.Map" %>
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%@ page import="org.forgerock.guice.core.InjectorHolder" %>
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%@ page import="org.forgerock.openam.audit.AuditEventPublisher" %>
14ea49401f3c8c61422aefbda43809e275f60c6cvboxsync<%@ page import="org.forgerock.openam.saml2.audit.SAML2Auditor" %>
<%@ page import="org.forgerock.openam.audit.AuditEventFactory" %>
spssoinit.jsp initiates the Single Sign-On at the Service Provider.
this parameter is /realm_name/SP name.
3. RelayState Target URL on successful complete of SSO/Federation
e.g. if the request URL has :
SSO/Federation user will be redirected to the TARGET URL.
11.AllowCreate Value indicates if IDP is allowed to created a new
12.Destination A URI Reference indicating the address to which the
13.AuthnContextDeclRef Specifies the AuthnContext Declaration Reference.
14.AuthnContextClassRef Specifies the AuthnContext Class References.
16.AuthComparison The comparison method used to evaluate the
17.Consent Specifies a URI a SAML defined identifier
known as Consent Identifiers.These are defined in
18.reqBinding URI value that identifies a SAML protocol binding to
19.affiliationID affiliation entity ID
20.sunamcompositeadvice URLEncoded XML blob that specifies auth level
21.includeRequestedAuthnContext boolean flag to indicate if the authentication request should include the
saml2Auditor.setMethod("spSSOInit");
String reqID = request.getParameter("requestID");
idpEntityID = SAML2Utils.getPreferredIDP(request);
paramsMap = (Map)SPCache.reqParamHash.get(reqID);
metaAlias = (String) paramsMap.get("metaAlias");
SPCache.reqParamHash.remove(reqID);
metaAlias = request.getParameter("metaAlias");
if ((metaAlias == null) || (metaAlias.length() == 0)) {
SAML2Utils.bundle.getString("nullSPEntityID"));
SAML2Utils.bundle.getString("nullSPEntityID"));
idpEntityID = request.getParameter("idpEntityID");
paramsMap = SAML2Utils.getParamsMap(request);
if ((idpEntityID == null) || (idpEntityID.length() == 0)) {
String readerURL = SAML2Utils.getReaderURL(metaAlias);
String rID = SAML2Utils.generateID();
String redirectURL = SAML2Utils.getRedirectURL(readerURL, rID, request);
paramsMap.put("metaAlias", metaAlias);
SPCache.reqParamHash.put(rID, paramsMap);
response.sendRedirect(redirectURL);
if ((idpEntityID == null) || (idpEntityID.length() == 0)) {
SAML2Utils.bundle.getString("nullIDPEntityID"));
SAML2Utils.bundle.getString("nullIDPEntityID"));
SPSSOFederate.initiateAuthnRequest(request, response, metaAlias, idpEntityID, paramsMap, saml2Auditor);
SAML2Utils.debug.error("Error sending AuthnRequest " , sse);
SAML2Utils.bundle.getString("requestProcessingError"));
SAML2Utils.debug.error("Error processing Request ",e);
SAML2Utils.bundle.getString("requestProcessingError") + " " +
e.getMessage());
SAML2Utils.bundle.getString("requestProcessingError"));