idpSSOInit.jsp revision 41202e15f589286770cacca433bbee5df379d00b
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews<%--
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews The contents of this file are subject to the terms
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews of the Common Development and Distribution License
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews (the License). You may not use this file except in
4b6dc226f78862286daa69fba761eac9fd5da16aAutomatic Updater compliance with the License.
659c68b446073e4e450dd2021fdb5bc40decffe2David Lawrence
659c68b446073e4e450dd2021fdb5bc40decffe2David Lawrence You can obtain a copy of the License at
3761c433912beabe43abeed2c3513b6201c59f64Mark Andrews https://opensso.dev.java.net/public/CDDLv1.0.html or
854d0238dbc2908490197984b3b9d558008a53dfMark Andrews opensso/legal/CDDLv1.0.txt
854d0238dbc2908490197984b3b9d558008a53dfMark Andrews See the License for the specific language governing
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews permission and limitations under the License.
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff
6324997211a5e2d82528dcde98e8981190a35faeMichael Graff When distributing Covered Code, include this CDDL
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff Header Notice in each file and include the License file
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence at opensso/legal/CDDLv1.0.txt.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews If applicable, add the following below the CDDL Header,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews with the fields enclosed by brackets [] replaced by
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews your own identifying information:
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews "Portions Copyrighted [year] [name of copyright owner]"
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman
f7b99290c31abeb20c55fc55391510450ce60423Mark Andrews $Id: idpSSOInit.jsp,v 1.9 2009/06/24 23:05:30 mrudulahg Exp $
ae114ded82e773a4d9058f833f964a17514712a8Brian Wellington
659c68b446073e4e450dd2021fdb5bc40decffe2David Lawrence--%>
bddfe77128b0f16af263ff149db40f0d885f43d0Mark Andrews
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence
add4043305ca411202ed9cf1929a4179016515ceBrian Wellington
add4043305ca411202ed9cf1929a4179016515ceBrian Wellington
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews<!-- %@ page import="com.iplanet.am.util.Debug" % -->
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews<%@ page import="com.sun.identity.shared.debug.Debug" %>
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence
e0a30050c8516a3d54a4f8dcdd88435704a8a3edMark Andrews<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
e0a30050c8516a3d54a4f8dcdd88435704a8a3edMark Andrews<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
9ac7076ebad044afb15e9e2687e3696868778538Mark Andrews<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews<%@ page import="com.sun.identity.saml2.profile.IDPSSOUtil" %>
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff<%--
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence idpssoinit.jsp initiates Unsolicited SSO at the Identity Provider.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews Following are the list of supported query parameters :
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews Required parameters to this jsp are :
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman Query Parameter Name Description
b589e90689c6e87bf9608424ca8d99571c18bc61Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews 1. metaAlias MetaAlias for Identity Provider. The format of
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews this parameter is /realm_name/IDP name.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews 2. spEntityID Identifier for Service Provider.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews Optional Query Parameters :
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson Query Parameter Name Description
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews 3. RelayState Target URL on successful complete of SSO/Federation
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews 4. RelayStateAlias Specify the parameter(s) to use as the RelayState.
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff e.g. if the request URL has :
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence ?TARGET=http://server:port/uri&RelayStateAlias=TARGET
4b6dc226f78862286daa69fba761eac9fd5da16aAutomatic Updater then the TARGET query parameter will be interpreted as
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews RelayState and on successful completion of
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman SSO/Federation user will be redirected to the TARGET URL.
f7b99290c31abeb20c55fc55391510450ce60423Mark Andrews
ae114ded82e773a4d9058f833f964a17514712a8Brian Wellington
659c68b446073e4e450dd2021fdb5bc40decffe2David Lawrence 5. NameIDFormat NameID format Identifier Value.
1ef8965366d91e02a4672c35a187d30aa4a4c72cMark Andrews For example,
94a08e09db3dc844b6ee4841c368a2d7074a9c3fAndreas Gustafsson urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
659c68b446073e4e450dd2021fdb5bc40decffe2David Lawrence urn:oasis:names:tc:SAML:2.0:nameid-format:transient
4b6dc226f78862286daa69fba761eac9fd5da16aAutomatic Updater
4b6dc226f78862286daa69fba761eac9fd5da16aAutomatic Updater 6. binding URI value that identifies a SAML protocol binding to
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews used when returning the Response message.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews The supported values are :
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff HTTP-Artifact
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence HTTP-POST
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
cdc50af0bff41accc02c613b9c6d8cd41b171ffeBrian Wellington NOTE: There are other SAML defined values for these
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews which are not supported by FM/AM.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews 7. affiliationID affiliation entity ID
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman--%>
b589e90689c6e87bf9608424ca8d99571c18bc61Mark Andrews<%
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews // Retreive the Request Query Parameters
94a08e09db3dc844b6ee4841c368a2d7074a9c3fAndreas Gustafsson // metaAlias and spEntiyID are the required query parameters
52637f592f705ca93fadc218e403fd55e8ce4aeaMark Andrews // metaAlias - Identity Provider Entity Id
cdc50af0bff41accc02c613b9c6d8cd41b171ffeBrian Wellington // spEntityID - Service Provider Identifier
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews try {
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews String cachedResID = request.getParameter(SAML2Constants.RES_INFO_ID);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews // if this id is set, then this is a redirect from the COT
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews // cookie writer. There is already an assertion response
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews // cached in this provider. Send it back directly.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if ((cachedResID != null) && (cachedResID.length() != 0)) {
4529cdaedaf1a0a5f8ff89aeca510b7a4475446cBob Halley IDPSSOUtil.sendResponse(request, response, cachedResID);
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence return;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews }
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews String metaAlias = request.getParameter("metaAlias");
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if ((metaAlias == null) || (metaAlias.length() == 0)) {
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews "nullIDPEntityID",
d981ca645597116d227a48bf37cc5edc061c854dBob Halley SAML2Utils.bundle.getString("nullIDPEntityID"));
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman return;
b589e90689c6e87bf9608424ca8d99571c18bc61Mark Andrews }
b589e90689c6e87bf9608424ca8d99571c18bc61Mark Andrews String spEntityID = request.getParameter("spEntityID");
f7b99290c31abeb20c55fc55391510450ce60423Mark Andrews
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if ((spEntityID == null) || (spEntityID.length() == 0)) {
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews "nullSPEntityID",
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews SAML2Utils.bundle.getString("nullSPEntityID"));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews return;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews }
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews // get the nameIDPolicy
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews String nameIDFormat =
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews request.getParameter(SAML2Constants.NAMEID_POLICY_FORMAT);
7c0539bea56022274da04263eb41fbb5b8835c38Mark Andrews String relayState = SAML2Utils.getRelayState(request);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews IDPSSOUtil.doSSOFederate(request,response,null,spEntityID,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews metaAlias, nameIDFormat,relayState);
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff } catch (SAML2Exception sse) {
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence SAML2Utils.debug.error("Error processing request " , sse);
373ce67419680a398ba3dc51a14a486caaf0afb0Mark Andrews SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
373ce67419680a398ba3dc51a14a486caaf0afb0Mark Andrews "requestProcessingError",
f7b99290c31abeb20c55fc55391510450ce60423Mark Andrews SAML2Utils.bundle.getString("requestProcessingError") + " " +
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman sse.getMessage());
373ce67419680a398ba3dc51a14a486caaf0afb0Mark Andrews } catch (Exception e) {
373ce67419680a398ba3dc51a14a486caaf0afb0Mark Andrews SAML2Utils.debug.error("Error processing request ",e);
373ce67419680a398ba3dc51a14a486caaf0afb0Mark Andrews SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews "requestProcessingError",
ae114ded82e773a4d9058f833f964a17514712a8Brian Wellington SAML2Utils.bundle.getString("requestProcessingError") + " " +
63cef8bde8b92aeb30ccdcf21d4e44c9be9cc6e3Andreas Gustafsson e.getMessage());
63cef8bde8b92aeb30ccdcf21d4e44c9be9cc6e3Andreas Gustafsson }
373ce67419680a398ba3dc51a14a486caaf0afb0Mark Andrews%>
373ce67419680a398ba3dc51a14a486caaf0afb0Mark Andrews