com.sun.identity.federation.services.fednsso

Class FSAssertionArtifactHandler

java.lang.Object

com.sun.identity.federation.services.fednsso.FSAssertionArtifactHandler

Direct Known Subclasses:

FSBrowserArtifactConsumerHandler, FSBrowserPostConsumerHandler, FSLECPConsumerHandler, FSWMLPostConsumerHandler

public class FSAssertionArtifactHandler
extends Object

Handler that runs on SP side to receive and process AuthnResponse.

Field Summary

Fields

Modifier and Type	Field and Description
protected AttributeStatement	_autoFedStatement
protected static String	ANONYMOUS_PRINCIPAL
protected FSAttributeMapper	attributeMapper
protected List	attrStatements
protected FSAuthnRequest	authnRequest
protected FSAuthnResponse	authnResponse
protected Map	autoFedSearchMap
protected AttributeStatement	bootStrapStatement
protected boolean	doFederate
protected com.sun.identity.federation.jaxb.entityconfig.BaseConfigType	hostConfig
protected com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType	hostDesc
protected String	hostEntityId
protected String	hostMetaAlias
protected com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType	idpDescriptor
protected String	idpEntityId
protected static Map	idTimeMap
protected String	nameIDPolicy
protected String	realm
protected FSRealmAttributeMapper	realmAttributeMapper
protected String	relayState
protected javax.servlet.http.HttpServletRequest	request
protected javax.servlet.http.HttpServletResponse	response
protected FSResponse	samlResponse
protected Element	samlResponseElt
protected List	securityAssertions
protected Object	ssoToken

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	FSAssertionArtifactHandler() Default constructor.
	FSAssertionArtifactHandler(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType idpDescriptor, String idpEntityId, boolean doFederate, String nameIDPolicy, String relayState) Constructs a FSAssertionArtifactHandler object.
	FSAssertionArtifactHandler(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType idpDescriptor, String idpEntityId, FSAuthnRequest authnRequest, boolean doFederate, String relayState) Constructs a FSAssertionArtifactHandler object.

Method Summary

Modifier and Type	Method and Description
protected int	doAccountFederation(NameIdentifier ni)
protected int	doSingleSignOn(NameIdentifier ni, int handleType, NameIdentifier niIdp, Map env)
protected boolean	forThisServer(Conditions conds)
protected Object	generateAnonymousToken(javax.servlet.http.HttpServletResponse response) Generates an anonymous token for onetime case.
protected int	generateToken(NameIdentifier ni, int handleType, NameIdentifier niIdp, Map env)
String	getAuthInstant() Gets AuthInstant.
FSAuthnRequest	getAuthnRequest() Gets FSAuthnRequest object.
String	getHostEntityId() Gets hosted SP's Entity ID.
protected FSAuthnRequest	getInResponseToRequest(String requestID)
protected String	getProvider(String requestID)
String	getRealm() Gets the realm under which the entity resides.
protected boolean	isIDPProxyEnabled(String requestID) Checks if the proxying is enabled.
void	processAuthnResponse(FSAuthnResponse authnResponse) Processes FSAuthnResponse.
protected void	processSAMLRequest()
protected void	redirectToResource(String resourceURL)
protected void	sendProxyResponse(String requestID) Sends the proxy authentication response to the proxying service provider which has originally requested for the authentication.
void	setAuthnRequest(FSAuthnRequest authnRequest) Sets FSAuthnRequest object.
void	setHostDescriptor(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType desc) Sets hosted SP meta descriptor.
void	setHostDescriptorConfig(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType config) Sets hosted SP extended meta config.
void	setHostEntityId(String entityId) Sets hosted SP entity ID.
void	setMetaAlias(String metaAlias) Sets hosted SP's meta alias.
void	setProviderDescriptor(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType idpDescriptor) Sets IDP provider descriptor.
void	setProviderEntityId(String idpEntityId) Sets IDP provider entity ID.
void	setRealm(String realm) Sets the realm under which the entity resides.
protected Subject	validateAssertions(List assertions)
protected boolean	verifyAssertionSignature(FSAssertion assertion)
protected boolean	verifyResponseStatus(Response resp)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

request

protected javax.servlet.http.HttpServletRequest request

response

protected javax.servlet.http.HttpServletResponse response

idpDescriptor

protected com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType idpDescriptor

idpEntityId

protected String idpEntityId

authnRequest

protected FSAuthnRequest authnRequest

relayState

protected String relayState

idTimeMap

protected static Map idTimeMap

doFederate

protected boolean doFederate

nameIDPolicy

protected String nameIDPolicy

bootStrapStatement

protected AttributeStatement bootStrapStatement

_autoFedStatement

protected AttributeStatement _autoFedStatement

autoFedSearchMap

protected Map autoFedSearchMap

securityAssertions

protected List securityAssertions

ssoToken

protected Object ssoToken

authnResponse

protected FSAuthnResponse authnResponse

samlResponseElt

protected Element samlResponseElt

attrStatements

protected List attrStatements

hostDesc

protected com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType hostDesc

hostConfig

protected com.sun.identity.federation.jaxb.entityconfig.BaseConfigType hostConfig

realm

protected String realm

hostEntityId

protected String hostEntityId

hostMetaAlias

protected String hostMetaAlias

ANONYMOUS_PRINCIPAL

protected static String ANONYMOUS_PRINCIPAL

attributeMapper

protected FSAttributeMapper attributeMapper

realmAttributeMapper

protected FSRealmAttributeMapper realmAttributeMapper

samlResponse

protected FSResponse samlResponse

Constructor Detail

FSAssertionArtifactHandler

protected FSAssertionArtifactHandler()

Default constructor.

FSAssertionArtifactHandler

public FSAssertionArtifactHandler(javax.servlet.http.HttpServletRequest request,
                                  javax.servlet.http.HttpServletResponse response,
                                  com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType idpDescriptor,
                                  String idpEntityId,
                                  boolean doFederate,
                                  String nameIDPolicy,
                                  String relayState)

Constructs a FSAssertionArtifactHandler object.

Parameters:

request - HttpServletRequest object.

response - HttpServletResponse object

idpDescriptor - IDP provider descriptor

idpEntityId - entity ID of the IDP

doFederate - a flag indicating if it is a federation request

nameIDPolicy - nameIDPolicy used

relayState - RelayState url

FSAssertionArtifactHandler

public FSAssertionArtifactHandler(javax.servlet.http.HttpServletRequest request,
                                  javax.servlet.http.HttpServletResponse response,
                                  com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType idpDescriptor,
                                  String idpEntityId,
                                  FSAuthnRequest authnRequest,
                                  boolean doFederate,
                                  String relayState)

Constructs a FSAssertionArtifactHandler object.

Parameters:

request - HttpServletRequest object.

response - HttpServletResponse object

idpDescriptor - IDP provider descriptor

idpEntityId - entity ID of the IDP

authnRequest - FSAuthnRequest from soap

doFederate - a flag indicating if it is a federation request

relayState - RelayState url

Method Detail

setHostEntityId

public void setHostEntityId(String entityId)

Sets hosted SP entity ID.

Parameters:

entityId - hosted SP's entity ID to be set

setHostDescriptor

public void setHostDescriptor(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType desc)

Sets hosted SP meta descriptor.

Parameters:

desc - SP's meta descriptor to be set.

See Also:

getHostEntityId()

setHostDescriptorConfig

public void setHostDescriptorConfig(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType config)

Sets hosted SP extended meta config.

Parameters:

config - SP's extended meta to be set.

setMetaAlias

public void setMetaAlias(String metaAlias)

Sets hosted SP's meta alias.

Parameters:

metaAlias - SP's meta alias to be set

getHostEntityId

public String getHostEntityId()

Gets hosted SP's Entity ID.

Returns:

hosted entity id.

See Also:

setHostEntityId(String)

getRealm

public String getRealm()

Gets the realm under which the entity resides.

Returns:

the realm under which the entity resides.

See Also:

setRealm(String)

setRealm

public void setRealm(String realm)

Sets the realm under which the entity resides.

Parameters:

realm - The realm under which the entity resides.

See Also:

getRealm()

getAuthnRequest

public FSAuthnRequest getAuthnRequest()

Gets FSAuthnRequest object.

Returns:

FSAuthnRequest object

See Also:

setAuthnRequest(FSAuthnRequest)

setAuthnRequest

public void setAuthnRequest(FSAuthnRequest authnRequest)

Sets FSAuthnRequest object.

Parameters:

authnRequest - FSAuthnRequest object to be set.

See Also:

getAuthnRequest()

processAuthnResponse

public void processAuthnResponse(FSAuthnResponse authnResponse)

Processes FSAuthnResponse.

Parameters:

authnResponse - FSAuthnResponse objec to be processed

verifyResponseStatus

protected boolean verifyResponseStatus(Response resp)

validateAssertions

protected Subject validateAssertions(List assertions)

verifyAssertionSignature

protected boolean verifyAssertionSignature(FSAssertion assertion)

forThisServer

protected boolean forThisServer(Conditions conds)

generateToken

protected int generateToken(NameIdentifier ni,
                            int handleType,
                            NameIdentifier niIdp,
                            Map env)

processSAMLRequest

protected void processSAMLRequest()

doSingleSignOn

protected int doSingleSignOn(NameIdentifier ni,
                             int handleType,
                             NameIdentifier niIdp,
                             Map env)

redirectToResource

protected void redirectToResource(String resourceURL)
                           throws FSException

Throws:

FSException

doAccountFederation

protected int doAccountFederation(NameIdentifier ni)

generateAnonymousToken

protected Object generateAnonymousToken(javax.servlet.http.HttpServletResponse response)
                                 throws SessionException

Generates an anonymous token for onetime case.

Throws:

SessionException

getInResponseToRequest

protected FSAuthnRequest getInResponseToRequest(String requestID)

getProvider

protected String getProvider(String requestID)

setProviderDescriptor

public void setProviderDescriptor(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType idpDescriptor)

Sets IDP provider descriptor.

Parameters:

idpDescriptor - identity provider descriptor.

setProviderEntityId

public void setProviderEntityId(String idpEntityId)

Sets IDP provider entity ID.

Parameters:

idpEntityId - identity provider entity id.

getAuthInstant

public String getAuthInstant()

Gets AuthInstant.

Returns:

AuthInstant in UTC date format.

isIDPProxyEnabled

protected boolean isIDPProxyEnabled(String requestID)

Checks if the proxying is enabled. It will be checking if the proxy service provider descriptor is set in the session manager for the specific request ID.

Parameters:

requestID - authentication request id which is created by the proxying IDP to the authenticating IDP.

Returns:

true if the proxying is enabled.

sendProxyResponse

protected void sendProxyResponse(String requestID)

Sends the proxy authentication response to the proxying service provider which has originally requested for the authentication.

Parameters:

requestID - authnRequest id that is sent to the authenticating Identity Provider.