Package com.sun.identity.saml2.profile

Class IDPProxyUtil

  • public class IDPProxyUtil
extends Object
    Utility class to be used for IDP Proxying.

    • Method Detail

      • getPreferredIDP

        public static String getPreferredIDP​(AuthnRequest authnRequest,
                                     String hostedEntityId,
                                     String realm,
                                     jakarta.servlet.http.HttpServletRequest request,
                                     jakarta.servlet.http.HttpServletResponse response)
                              throws SAML2Exception
        Gets the preferred IDP Id to be proxied. This method makes use of an SPI to determine the preferred IDP.
        Parameters:
        authnRequest - original Authn Request.
        hostedEntityId - hosted provider ID
        realm - Realm
        request - HttpServletRequest
        response - HttpServletResponse
        Returns:
        String Provider id of the preferred IDP to be proxied.
        Throws:
        SAML2Exception - for any SAML2 failure.

      • sendProxyAuthnRequest

        public static void sendProxyAuthnRequest​(AuthnRequest authnRequest,
                                         String preferredIDP,
                                         SPSSODescriptorElement spSSODescriptor,
                                         String hostedEntityId,
                                         jakarta.servlet.http.HttpServletRequest request,
                                         jakarta.servlet.http.HttpServletResponse response,
                                         String realm,
                                         String relayState,
                                         String originalBinding)
                                  throws SAML2Exception,
                                         IOException
        Sends a new AuthnRequest to the authenticating provider.
        Parameters:
        authnRequest - original AuthnRequest sent by the service provider.
        preferredIDP - IDP to be proxied.
        spSSODescriptor - SPSSO Descriptor Element
        hostedEntityId - hosted provider ID
        request - HttpServletRequest
        response - HttpServletResponse
        realm - Realm
        relayState - the Relay State
        originalBinding - The binding used to send the original AuthnRequest.
        Throws:
        SAML2Exception - for any SAML2 failure.
        IOException - if there is a failure in redirection.

      • isIDPProxyEnabled

        public static boolean isIDPProxyEnabled​(AuthnRequest authnRequest,
                                        String realm)
                                 throws SAML2Exception
        Checks if the identity provider is configured for proxying the authentication requests for a requesting service provider.
        Parameters:
        authnRequest - Authentication Request.
        realm - Realm
        Returns:
        true if the IDP is configured for proxying.
        Throws:
        SAML2Exception - for any failure.

      • isIDPProxyEnabled

        public static boolean isIDPProxyEnabled​(String requestID)
        Checks if the proxying is enabled. It will be checking if the proxy service provider descriptor is set in the session manager for the specific request ID.
        Parameters:
        requestID - authentication request id which is created by the proxying IDP to the authenticating IDP.
        Returns:
        true if the proxying is enabled.

      • sendResponseWithStatus

        public static void sendResponseWithStatus​(jakarta.servlet.http.HttpServletRequest request,
                                          jakarta.servlet.http.HttpServletResponse response,
                                          PrintWriter out,
                                          String requestID,
                                          String idpMetaAlias,
                                          String hostEntityID,
                                          String realm,
                                          String firstlevelStatusCodeValue,
                                          String secondlevelStatusCodeValue)
                                   throws SAML2Exception
        Sends back response with firstlevel and secondlevel status code if available for the original AuthnRequest.
        Parameters:
        request - The request.
        response - The response.
        out - The print writer for writing out presentation.
        requestID - The requestID of the proxied AuthnRequest.
        idpMetaAlias - The IdP's metaAlias.
        hostEntityID - The IdP's entity ID.
        realm - The realm where the IdP belongs to.
        firstlevelStatusCodeValue - First-level status code value passed.
        secondlevelStatusCodeValue - Second-level status code value passed.
        Throws:
        SAML2Exception - If there was an error while sending the response with second-level status-code.

      • generateProxyResponse

        public static void generateProxyResponse​(jakarta.servlet.http.HttpServletRequest request,
                                         jakarta.servlet.http.HttpServletResponse response,
                                         PrintWriter out,
                                         String metaAlias,
                                         ResponseInfo respInfo,
                                         Object newSession,
                                         SAML2EventLogger auditor)
                                  throws SAML2Exception
        Generates the AuthnResponse by the IDP Proxy and send to the service provider.
        Parameters:
        request - HttpServletRequest The HTTP request.
        response - HttpServletResponse The HTTP response.
        out - The print writer for writing out presentation.
        metaAlias - The meta alias.
        respInfo - ResponseInfo object.
        newSession - Session object.
        auditor - a SAML2EventLogger auditor
        Throws:
        SAML2Exception - for any SAML2 failure.

      • initiateSPLogoutRequest

        public static void initiateSPLogoutRequest​(jakarta.servlet.http.HttpServletRequest request,
                                           jakarta.servlet.http.HttpServletResponse response,
                                           PrintWriter out,
                                           String partner,
                                           String spMetaAlias,
                                           String realm,
                                           LogoutRequest logoutReq,
                                           jakarta.xml.soap.SOAPMessage msg,
                                           IDPSession idpSession,
                                           String binding,
                                           String relayState)
        Initiates the Single logout request by the IDP Proxy to the authenticating identity provider.
        Parameters:
        request - HttpServletRequest
        response - HttpServletResponse
        out - The print writer for writing out presentation.
        partner - Authenticating identity provider
        spMetaAlias - IDP proxy's meta alias acting as SP
        realm - Realm

      • getLocation

        public static String getLocation​(String realm,
                                 String idpEntityID,
                                 String binding)
        Gets the SLO response service location of the authenticating identity provider
        Parameters:
        realm - Realm
        idpEntityID - authenticating identity provider.
        Returns:
        location URL of the SLO response service, return null if not found.

      • getSessionPartners

        public static List getSessionPartners​(jakarta.servlet.http.HttpServletRequest request)

      • sendProxyLogoutRequest

        public static void sendProxyLogoutRequest​(jakarta.servlet.http.HttpServletRequest request,
                                          jakarta.servlet.http.HttpServletResponse response,
                                          PrintWriter out,
                                          LogoutRequest logoutReq,
                                          List partners,
                                          String binding,
                                          String relayState)

      • sendProxyLogoutResponse

        public static void sendProxyLogoutResponse​(jakarta.servlet.http.HttpServletResponse response,
                                           jakarta.servlet.http.HttpServletRequest request,
                                           String originatingRequestID,
                                           Map<String,​String> infoMap,
                                           String remoteEntity,
                                           String binding)
                                    throws SAML2Exception
        Throws:
        SAML2Exception

      • sendProxyLogoutRequestSOAP

        public static void sendProxyLogoutRequestSOAP​(jakarta.servlet.http.HttpServletRequest request,
                                              jakarta.servlet.http.HttpServletResponse response,
                                              PrintWriter out,
                                              jakarta.xml.soap.SOAPMessage msg,
                                              List partners,
                                              IDPSession idpSession)

      • getSessionPartners

        public static Map getSessionPartners​(jakarta.xml.soap.SOAPMessage message)

      • sendProxyLogoutResponseBySOAP

        public static void sendProxyLogoutResponseBySOAP​(jakarta.xml.soap.SOAPMessage reply,
                                                 jakarta.servlet.http.HttpServletResponse resp,
                                                 PrintWriter out)

      • getSPSessionPartners

        public static List getSPSessionPartners​(jakarta.servlet.http.HttpServletRequest request)