com.sun.identity.saml2.profile

Class IDPProxyUtil

java.lang.Object

com.sun.identity.saml2.profile.IDPProxyUtil

public class IDPProxyUtil
extends Object

Utility class to be used for IDP Proxying.

Method Summary

Modifier and Type	Method and Description
static void	addRequesterIDToScope(Scoping scoping, String requesterId)
static void	generateProxyResponse(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, PrintWriter out, String metaAlias, ResponseInfo respInfo, Object newSession, SAML2EventLogger auditor) Generates the AuthnResponse by the IDP Proxy and send to the service provider.
static String	getLocation(String realm, String idpEntityID, String binding) Gets the SLO response service location of the authenticating identity provider
static String	getPreferredIDP(AuthnRequest authnRequest, String hostedEntityId, String realm, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Gets the preferred IDP Id to be proxied.
static List	getSessionPartners(javax.servlet.http.HttpServletRequest request)
static Map	getSessionPartners(SOAPMessage message)
static List	getSPSessionPartners(javax.servlet.http.HttpServletRequest request)
static void	initiateSPLogoutRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, PrintWriter out, String partner, String spMetaAlias, String realm, LogoutRequest logoutReq, SOAPMessage msg, IDPSession idpSession, String binding, String relayState) Initiates the Single logout request by the IDP Proxy to the authenticating identity provider.
static boolean	isIDPProxyEnabled(AuthnRequest authnRequest, String realm) Checks if the identity provider is configured for proxying the authentication requests for a requesting service provider.
static boolean	isIDPProxyEnabled(String requestID) Checks if the proxying is enabled.
static void	sendIDPInitProxyLogoutRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, PrintWriter out, LogoutResponse logoutResponse, String location, String spEntityID, String idpEntityID, String binding, String realm)
static void	sendProxyAuthnRequest(AuthnRequest authnRequest, String preferredIDP, SPSSODescriptorElement spSSODescriptor, String hostedEntityId, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String realm, String relayState, String originalBinding) Sends a new AuthnRequest to the authenticating provider.
static void	sendProxyLogoutRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, PrintWriter out, LogoutRequest logoutReq, List partners, String binding, String relayState)
static void	sendProxyLogoutRequestSOAP(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, PrintWriter out, SOAPMessage msg, List partners, IDPSession idpSession)
static void	sendProxyLogoutResponse(javax.servlet.http.HttpServletResponse response, javax.servlet.http.HttpServletRequest request, String originatingRequestID, Map<String,String> infoMap, String remoteEntity, String binding)
static void	sendProxyLogoutResponseBySOAP(SOAPMessage reply, javax.servlet.http.HttpServletResponse resp, PrintWriter out)
static void	sendResponseWithStatus(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, PrintWriter out, String requestID, String idpMetaAlias, String hostEntityID, String realm, String firstlevelStatusCodeValue, String secondlevelStatusCodeValue) Sends back response with firstlevel and secondlevel status code if available for the original AuthnRequest.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getPreferredIDP

public static String getPreferredIDP(AuthnRequest authnRequest,
                                     String hostedEntityId,
                                     String realm,
                                     javax.servlet.http.HttpServletRequest request,
                                     javax.servlet.http.HttpServletResponse response)
                              throws SAML2Exception

Gets the preferred IDP Id to be proxied. This method makes use of an SPI to determine the preferred IDP.

Parameters:

authnRequest - original Authn Request.

hostedEntityId - hosted provider ID

realm - Realm

request - HttpServletRequest

response - HttpServletResponse

Returns:

String Provider id of the preferred IDP to be proxied.

Throws:

SAML2Exception - for any SAML2 failure.

sendProxyAuthnRequest

public static void sendProxyAuthnRequest(AuthnRequest authnRequest,
                                         String preferredIDP,
                                         SPSSODescriptorElement spSSODescriptor,
                                         String hostedEntityId,
                                         javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response,
                                         String realm,
                                         String relayState,
                                         String originalBinding)
                                  throws SAML2Exception,
                                         IOException

Sends a new AuthnRequest to the authenticating provider.

Parameters:

authnRequest - original AuthnRequest sent by the service provider.

preferredIDP - IDP to be proxied.

spSSODescriptor - SPSSO Descriptor Element

hostedEntityId - hosted provider ID

request - HttpServletRequest

response - HttpServletResponse

realm - Realm

relayState - the Relay State

originalBinding - The binding used to send the original AuthnRequest.

Throws:

SAML2Exception - for any SAML2 failure.

IOException - if there is a failure in redirection.

addRequesterIDToScope

public static void addRequesterIDToScope(Scoping scoping,
                                         String requesterId)
                                  throws SAML2Exception

Throws:

SAML2Exception

isIDPProxyEnabled

public static boolean isIDPProxyEnabled(AuthnRequest authnRequest,
                                        String realm)
                                 throws SAML2Exception

Checks if the identity provider is configured for proxying the authentication requests for a requesting service provider.

Parameters:

authnRequest - Authentication Request.

realm - Realm

Returns:

true if the IDP is configured for proxying.

Throws:

SAML2Exception - for any failure.

isIDPProxyEnabled

public static boolean isIDPProxyEnabled(String requestID)

Checks if the proxying is enabled. It will be checking if the proxy service provider descriptor is set in the session manager for the specific request ID.

Parameters:

requestID - authentication request id which is created by the proxying IDP to the authenticating IDP.

Returns:

true if the proxying is enabled.

sendResponseWithStatus

public static void sendResponseWithStatus(javax.servlet.http.HttpServletRequest request,
                                          javax.servlet.http.HttpServletResponse response,
                                          PrintWriter out,
                                          String requestID,
                                          String idpMetaAlias,
                                          String hostEntityID,
                                          String realm,
                                          String firstlevelStatusCodeValue,
                                          String secondlevelStatusCodeValue)
                                   throws SAML2Exception

Sends back response with firstlevel and secondlevel status code if available for the original AuthnRequest.

Parameters:

request - The request.

response - The response.

out - The print writer for writing out presentation.

requestID - The requestID of the proxied AuthnRequest.

idpMetaAlias - The IdP's metaAlias.

hostEntityID - The IdP's entity ID.

realm - The realm where the IdP belongs to.

firstlevelStatusCodeValue - First-level status code value passed.

secondlevelStatusCodeValue - Second-level status code value passed.

Throws:

SAML2Exception - If there was an error while sending the response with second-level status-code.

generateProxyResponse

public static void generateProxyResponse(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response,
                                         PrintWriter out,
                                         String metaAlias,
                                         ResponseInfo respInfo,
                                         Object newSession,
                                         SAML2EventLogger auditor)
                                  throws SAML2Exception

Generates the AuthnResponse by the IDP Proxy and send to the service provider.

Parameters:

request - HttpServletRequest The HTTP request.

response - HttpServletResponse The HTTP response.

out - The print writer for writing out presentation.

metaAlias - The meta alias.

respInfo - ResponseInfo object.

newSession - Session object.

auditor - a SAML2EventLogger auditor

Throws:

SAML2Exception - for any SAML2 failure.

initiateSPLogoutRequest

public static void initiateSPLogoutRequest(javax.servlet.http.HttpServletRequest request,
                                           javax.servlet.http.HttpServletResponse response,
                                           PrintWriter out,
                                           String partner,
                                           String spMetaAlias,
                                           String realm,
                                           LogoutRequest logoutReq,
                                           SOAPMessage msg,
                                           IDPSession idpSession,
                                           String binding,
                                           String relayState)

Initiates the Single logout request by the IDP Proxy to the authenticating identity provider.

Parameters:

request - HttpServletRequest

response - HttpServletResponse

out - The print writer for writing out presentation.

partner - Authenticating identity provider

spMetaAlias - IDP proxy's meta alias acting as SP

realm - Realm

getLocation

public static String getLocation(String realm,
                                 String idpEntityID,
                                 String binding)

Gets the SLO response service location of the authenticating identity provider

Parameters:

realm - Realm

idpEntityID - authenticating identity provider.

Returns:

location URL of the SLO response service, return null if not found.

getSessionPartners

public static List getSessionPartners(javax.servlet.http.HttpServletRequest request)

sendProxyLogoutRequest

public static void sendProxyLogoutRequest(javax.servlet.http.HttpServletRequest request,
                                          javax.servlet.http.HttpServletResponse response,
                                          PrintWriter out,
                                          LogoutRequest logoutReq,
                                          List partners,
                                          String binding,
                                          String relayState)

sendProxyLogoutResponse

public static void sendProxyLogoutResponse(javax.servlet.http.HttpServletResponse response,
                                           javax.servlet.http.HttpServletRequest request,
                                           String originatingRequestID,
                                           Map<String,String> infoMap,
                                           String remoteEntity,
                                           String binding)
                                    throws SAML2Exception

Throws:

SAML2Exception

sendProxyLogoutRequestSOAP

public static void sendProxyLogoutRequestSOAP(javax.servlet.http.HttpServletRequest request,
                                              javax.servlet.http.HttpServletResponse response,
                                              PrintWriter out,
                                              SOAPMessage msg,
                                              List partners,
                                              IDPSession idpSession)

getSessionPartners

public static Map getSessionPartners(SOAPMessage message)

sendProxyLogoutResponseBySOAP

public static void sendProxyLogoutResponseBySOAP(SOAPMessage reply,
                                                 javax.servlet.http.HttpServletResponse resp,
                                                 PrintWriter out)

sendIDPInitProxyLogoutRequest

public static void sendIDPInitProxyLogoutRequest(javax.servlet.http.HttpServletRequest request,
                                                 javax.servlet.http.HttpServletResponse response,
                                                 PrintWriter out,
                                                 LogoutResponse logoutResponse,
                                                 String location,
                                                 String spEntityID,
                                                 String idpEntityID,
                                                 String binding,
                                                 String realm)
                                          throws SAML2Exception

Throws:

SAML2Exception

getSPSessionPartners

public static List getSPSessionPartners(javax.servlet.http.HttpServletRequest request)