com.sun.identity.federation.services.fednsso

Class FSSSOAndFedHandler

java.lang.Object

com.sun.identity.federation.services.fednsso.FSSSOAndFedHandler

Direct Known Subclasses:

FSProxyHandler, FSSSOBrowserArtifactProfileHandler, FSSSOBrowserPostProfileHandler, FSSSOLECPProfileHandler, FSSSOWMLPostProfileHandler

public abstract class FSSSOAndFedHandler
extends Object

Base class for IDP side handler that handles single sign on and federation requests.

Field Summary

Fields

Modifier and Type	Field and Description
protected FSAccountManager	accountManager
protected FSAuthnRequest	authnRequest
protected com.sun.identity.federation.jaxb.entityconfig.BaseConfigType	hostedConfig
protected com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType	hostedDesc
protected String	hostedEntityId
protected String	metaAlias
protected static IDFFMetaManager	metaManager
protected Status	noFedStatus
protected String	realm
protected String	relayState
protected javax.servlet.http.HttpServletRequest	request
protected javax.servlet.http.HttpServletResponse	response
protected com.sun.identity.federation.jaxb.entityconfig.BaseConfigType	spConfig
protected com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType	spDescriptor
protected String	spEntityId
protected Object	ssoToken

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	FSSSOAndFedHandler() Default constructor.
	FSSSOAndFedHandler(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Constructor.
	FSSSOAndFedHandler(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, FSAuthnRequest authnRequest, com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType spDescriptor, com.sun.identity.federation.jaxb.entityconfig.BaseConfigType spConfig, String spEntityId, String relayState) Constructor.
	FSSSOAndFedHandler(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, FSAuthnRequest authnRequest, com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType spDescriptor, com.sun.identity.federation.jaxb.entityconfig.BaseConfigType spConfig, String spEntityId, String relayState, Object ssoToken) Constructor.

Method Summary

Modifier and Type	Method and Description
static String	cleanMetaAlias(javax.servlet.http.HttpServletRequest request) Removes meta alias from request parameters.
protected FSAuthnResponse	createAuthnResponse(Object ssoToken, String inResponseTo, NameIdentifier userHandle, NameIdentifier idpHandle)
protected FSAccountFedInfo	doAccountFederation(Object ssoToken, FSAuthnRequest authnRequest, FSSession session)
protected boolean	doSingleSignOn(Object ssoToken, String inResponseTo)
protected boolean	doSingleSignOn(Object ssoToken, String inResponseTo, NameIdentifier spHandle, NameIdentifier idpHandle)
String	formatLoginURL(String loginUrl, String authnContext) Generates local login url.
String	getHostedEntityId() Gets hosted provider id.
com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType	getProvider() Returns remote SP provider descriptor.
String	getRealm() Gets the realm under which the entity resides.
protected boolean	isIDPProxyEnabled(FSAuthnRequest authnRequest) Checks if the identity provider is configured for proxying the authentication requests for a requesting service provider.
void	processAuthnRequest(FSAuthnRequest authnRequest, boolean bPostAuthn) Processes authentication request.
boolean	processPostAuthnSSO(FSAuthnRequest authnRequest) Handles authentication request after local login.
boolean	processPreAuthnSSO(FSAuthnRequest authnRequest) Handles authentication request.
FSResponse	processSAMLRequest(FSSAMLRequest samlRequest) Processes SAML request.
protected void	returnErrorResponse()
protected void	sendAuthnResponse(FSAuthnResponse authnResponse)
protected void	sendProxyAuthnRequest(FSAuthnRequest authnRequest, String preferredIDP) Sends a new AuthnRequest to the authenticating provider.
void	setHostedDescriptor(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType hostedDesc) Sets host identity provider's meta descriptor.
void	setHostedDescriptorConfig(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType hostedConfig) Sets host identity provider's extended meta.
void	setHostedEntityId(String hostedEntityId) Sets host identity provider's entity ID.
void	setMetaAlias(String metaAlias) Sets meta alias of the host identity provider.
void	setRealm(String realm) Sets the realm under which the entity resides.
void	setSPDescriptor(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType spDescriptor) Sets remote SP provider descriptor.
protected boolean	verifyRequestSignature(FSAuthnRequest authnRequest)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

metaManager

protected static IDFFMetaManager metaManager

request

protected javax.servlet.http.HttpServletRequest request

response

protected javax.servlet.http.HttpServletResponse response

spDescriptor

protected com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType spDescriptor

spConfig

protected com.sun.identity.federation.jaxb.entityconfig.BaseConfigType spConfig

spEntityId

protected String spEntityId

relayState

protected String relayState

authnRequest

protected FSAuthnRequest authnRequest

ssoToken

protected Object ssoToken

metaAlias

protected String metaAlias

hostedDesc

protected com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType hostedDesc

hostedConfig

protected com.sun.identity.federation.jaxb.entityconfig.BaseConfigType hostedConfig

realm

protected String realm

hostedEntityId

protected String hostedEntityId

noFedStatus

protected Status noFedStatus

accountManager

protected FSAccountManager accountManager

Constructor Detail

FSSSOAndFedHandler

protected FSSSOAndFedHandler()

Default constructor.

FSSSOAndFedHandler

public FSSSOAndFedHandler(javax.servlet.http.HttpServletRequest request,
                          javax.servlet.http.HttpServletResponse response,
                          FSAuthnRequest authnRequest,
                          com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType spDescriptor,
                          com.sun.identity.federation.jaxb.entityconfig.BaseConfigType spConfig,
                          String spEntityId,
                          String relayState,
                          Object ssoToken)

Constructor.

Parameters:

request - HttpServletRequest object

response - HttpServletResponse object

authnRequest - authentication request

spDescriptor - SP's provider descriptor

spConfig - SP's provider extended meta

spEntityId - SP's entity id

relayState - where to go after single sign on is done

ssoToken - token of the user to be single sign-oned

FSSSOAndFedHandler

public FSSSOAndFedHandler(javax.servlet.http.HttpServletRequest request,
                          javax.servlet.http.HttpServletResponse response,
                          FSAuthnRequest authnRequest,
                          com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType spDescriptor,
                          com.sun.identity.federation.jaxb.entityconfig.BaseConfigType spConfig,
                          String spEntityId,
                          String relayState)

Constructor.

Parameters:

request - HttpServletRequest object

response - HttpServletResponse object

authnRequest - authentication request

spDescriptor - SP's provider descriptor

spConfig - SP's extended meta

spEntityId - SP's entity id

relayState - where to go after single sign on is done

FSSSOAndFedHandler

public FSSSOAndFedHandler(javax.servlet.http.HttpServletRequest request,
                          javax.servlet.http.HttpServletResponse response)

Constructor.

Parameters:

request - HttpServletRequest object

response - HttpServletResponse object

Method Detail

setMetaAlias

public void setMetaAlias(String metaAlias)

Sets meta alias of the host identity provider.

Parameters:

metaAlias - meta alias of the provider.

setHostedEntityId

public void setHostedEntityId(String hostedEntityId)

Sets host identity provider's entity ID.

Parameters:

hostedEntityId - entity ID to be set

See Also:

getHostedEntityId()

setHostedDescriptor

public void setHostedDescriptor(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType hostedDesc)

Sets host identity provider's meta descriptor.

Parameters:

hostedDesc - hosted meta descriptor to be set

setHostedDescriptorConfig

public void setHostedDescriptorConfig(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType hostedConfig)

Sets host identity provider's extended meta.

Parameters:

hostedConfig - host identity provider's extended meta to be set

getHostedEntityId

public String getHostedEntityId()

Gets hosted provider id.

Returns:

hosted provider id.

See Also:

setHostedEntityId(String)

getRealm

public String getRealm()

Gets the realm under which the entity resides.

Returns:

the realm under which the entity resides.

See Also:

setRealm(String)

setRealm

public void setRealm(String realm)

Sets the realm under which the entity resides.

Parameters:

realm - The realm under which the entity resides.

See Also:

getRealm()

processPreAuthnSSO

public boolean processPreAuthnSSO(FSAuthnRequest authnRequest)

Handles authentication request.

Parameters:

authnRequest - FSAuthnRequest object

Returns:

true if the request is handled successfully; false otherwise.

formatLoginURL

public String formatLoginURL(String loginUrl,
                             String authnContext)

Generates local login url.

Parameters:

loginUrl - authentication base url

authnContext - requested AuthnContextRef

Returns:

local login url with appropriate parameters

processPostAuthnSSO

public boolean processPostAuthnSSO(FSAuthnRequest authnRequest)

Handles authentication request after local login.

Parameters:

authnRequest - FSAuthnRequest object

Returns:

true if the request is handled successfully; false otherwise.

createAuthnResponse

protected FSAuthnResponse createAuthnResponse(Object ssoToken,
                                              String inResponseTo,
                                              NameIdentifier userHandle,
                                              NameIdentifier idpHandle)

doSingleSignOn

protected boolean doSingleSignOn(Object ssoToken,
                                 String inResponseTo,
                                 NameIdentifier spHandle,
                                 NameIdentifier idpHandle)

doSingleSignOn

protected boolean doSingleSignOn(Object ssoToken,
                                 String inResponseTo)

doAccountFederation

protected FSAccountFedInfo doAccountFederation(Object ssoToken,
                                               FSAuthnRequest authnRequest,
                                               FSSession session)

returnErrorResponse

protected void returnErrorResponse()

processSAMLRequest

public FSResponse processSAMLRequest(FSSAMLRequest samlRequest)

Processes SAML request.

Parameters:

samlRequest - FSSAMLRequest object

Returns:

generated FSResponse object

processAuthnRequest

public void processAuthnRequest(FSAuthnRequest authnRequest,
                                boolean bPostAuthn)

Processes authentication request.

Parameters:

authnRequest - authentication request

bPostAuthn - true indicates it's post authentication; false indicates it's pre authentication.

sendAuthnResponse

protected void sendAuthnResponse(FSAuthnResponse authnResponse)

setSPDescriptor

public void setSPDescriptor(com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType spDescriptor)

Sets remote SP provider descriptor.

Parameters:

spDescriptor - remote SP provider descriptor.

See Also:

getProvider()

getProvider

public com.sun.identity.liberty.ws.meta.jaxb.SPDescriptorType getProvider()

Returns remote SP provider descriptor.

Returns:

remote SP provider descriptor

verifyRequestSignature

protected boolean verifyRequestSignature(FSAuthnRequest authnRequest)

cleanMetaAlias

public static String cleanMetaAlias(javax.servlet.http.HttpServletRequest request)

Removes meta alias from request parameters.

Parameters:

request - HttpServletRequest object

Returns:

parameter string which doesn't contain meta alias

sendProxyAuthnRequest

protected void sendProxyAuthnRequest(FSAuthnRequest authnRequest,
                                     String preferredIDP)
                              throws FSException,
                                     IOException

Sends a new AuthnRequest to the authenticating provider.

Parameters:

authnRequest - original AuthnRequest sent by the service provider.

preferredIDP - IDP to be proxied.

Throws:

FSException - for any federation failure.

IOException - if there is a failure in redirection.

isIDPProxyEnabled

protected boolean isIDPProxyEnabled(FSAuthnRequest authnRequest)
                             throws FSException

Checks if the identity provider is configured for proxying the authentication requests for a requesting service provider.

Parameters:

authnRequest - Authentication Request.

Returns:

true if the IDP is configured for proxying.

Throws:

FSException - for any failure.