com.sun.identity.saml2.profile

Class SPSSOFederate

java.lang.Object

com.sun.identity.saml2.profile.SPSSOFederate

public class SPSSOFederate
extends Object

This class reads the query parameters and performs the required processing logic for sending Authentication Request from SP to IDP.

Constructor Summary

Constructors

Constructor and Description
SPSSOFederate()

Method Summary

Modifier and Type	Method and Description
static AuthnRequest	createAuthnRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String realmName, String spEntityID, String idpEntityID, Map paramsMap, Map spConfigMap, List extensionsList, SPSSODescriptorElement spsso, IDPSSODescriptorElement idpsso, String ssourl, boolean isForECP) Create an AuthnRequest.
static Map<String,Collection<String>>	getAttrsMapForAuthnReq(String realm, String spEntityID) Gets the Configuration attributes for the given sp entity id in the given realm.
static Boolean	getAttrValueFromMap(Map attrMap, String attrName) Returns value of an boolean parameter in the SP SSO Config.
static List	getExtensionsList(String entityID, String realm) Gets the extensions list for the sp entity.
static IDPSSODescriptorElement	getIDPSSOForAuthnReq(String realm, String idpEntityID) Gets the IDP SSO Descriptor for the given sp entity id in the given realm.
static String	getParameter(Map paramsMap, String attrName) Gets the query parameter value for the param specified.
static String	getPostBindingMsg(IDPSSODescriptorElement idpsso, SPSSODescriptorElement spsso, Map spConfigAttrsMap, AuthnRequest authnRequest) Gets the Post Binding message
static String	getRealm(String realm) Fills in the realm with the default top level realm if it does not contain a more specific subrealm.
static String	getRedirect(String authReqXMLString, String relayStateID, String ssoURL, IDPSSODescriptorElement idpsso, SPSSODescriptorElement spsso, Map spConfigAttrsMap) Gets the redirect String.
static String	getRelayStateID(String relayState, String requestID) Gets the Relay State ID for the request.
static SingleSignOnServiceElement	getSingleSignOnServiceEndpoint(List<SingleSignOnServiceElement> ssoServiceList, String binding) Returns the SingleSignOnService service.
static String	getSPEntityId(String metaAlias) Gets the SP Entity ID from the metaAlias.
static SPSSODescriptorElement	getSPSSOForAuthnReq(String realm, String spEntityID) Gets the SP SSO Descriptor for the given sp entity id in the given realm.
static void	initiateAuthnRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, String metaAlias, String idpEntityID, Map paramsMap, SAML2EventLogger auditor) Parses the request parameters and builds the Authentication Request to sent to the IDP.
static void	initiateECPRequest(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) Parses the request parameters and builds ECP Request to sent to the IDP.
static boolean	isFromECP(javax.servlet.http.HttpServletRequest request) Checks if the request is from ECP.
static void	signAuthnRequest(String certAlias, AuthnRequest authnRequest) Sign an authentication request.
static String	signQueryString(String queryString, String certAlias) Signs the query string.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SPSSOFederate

public SPSSOFederate()

Method Detail

initiateAuthnRequest

public static void initiateAuthnRequest(javax.servlet.http.HttpServletRequest request,
                                        javax.servlet.http.HttpServletResponse response,
                                        String metaAlias,
                                        String idpEntityID,
                                        Map paramsMap,
                                        SAML2EventLogger auditor)
                                 throws SAML2Exception

Parses the request parameters and builds the Authentication Request to sent to the IDP.

Parameters:

request - the HttpServletRequest.

response - the HttpServletResponse.

metaAlias - metaAlias to locate the service providers.

idpEntityID - entityID of Identity Provider.

paramsMap - Map of all other parameters.The key in the map are of the type String. The values in the paramsMap are of the type List. Some of the possible keys are:RelayState,NameIDFormat, reqBinding, binding, AssertionConsumerServiceIndex, AttributeConsumingServiceIndex (currently not supported), isPassive, ForceAuthN, AllowCreate, Destination, AuthnContextDeclRef, AuthnContextClassRef, AuthComparison, Consent (currently not supported), AuthLevel, and sunamcompositeadvice.

auditor - the SAML2EventLogger to use to log the saml request - may be null

Throws:

SAML2Exception - if error initiating request to IDP.

getSPEntityId

public static String getSPEntityId(String metaAlias)
                            throws SAML2MetaException

Gets the SP Entity ID from the metaAlias.

Parameters:

metaAlias - the metaAlias String

Returns:

the EntityId of the SP from the meta Alias

Throws:

SAML2MetaException - if there was a problem extracting

getRedirect

public static String getRedirect(String authReqXMLString,
                                 String relayStateID,
                                 String ssoURL,
                                 IDPSSODescriptorElement idpsso,
                                 SPSSODescriptorElement spsso,
                                 Map spConfigAttrsMap)
                          throws SAML2Exception

Gets the redirect String.

Parameters:

authReqXMLString - Auth Request XML.

relayStateID - the id of the relay state

ssoURL - the url for the reidrect

idpsso - the idp descriptor to use

spsso - the sp descriptor to use

spConfigAttrsMap - the sp configuration details

Returns:

a String to use for the redirect request.

Throws:

SAML2Exception - if there is a problem creating the redirect string

getSPSSOForAuthnReq

public static SPSSODescriptorElement getSPSSOForAuthnReq(String realm,
                                                         String spEntityID)
                                                  throws SAML2MetaException

Gets the SP SSO Descriptor for the given sp entity id in the given realm.

Parameters:

realm - the realm the sp is configured in

spEntityID - the entity id of the sp to get the Descriptor for

Returns:

the SPSSODescriptorElement for the requested sp entity

Throws:

SAML2MetaException - if there is a problem looking up the SPSSODescriptorElement.

getAttrsMapForAuthnReq

public static Map<String,Collection<String>> getAttrsMapForAuthnReq(String realm,
                                                                    String spEntityID)
                                                             throws SAML2MetaException

Gets the Configuration attributes for the given sp entity id in the given realm.

Parameters:

realm - the realm the sp is configured in

spEntityID - the entity id of the sp to get the attributes map for

Returns:

a map of SAML2 Attributes with String keys mapped to a collection of values

Throws:

SAML2MetaException

getIDPSSOForAuthnReq

public static IDPSSODescriptorElement getIDPSSOForAuthnReq(String realm,
                                                           String idpEntityID)
                                                    throws SAML2MetaException

Gets the IDP SSO Descriptor for the given sp entity id in the given realm.

Parameters:

realm - the realm the idp is configured in

idpEntityID - the entity id of the idp[ to get the Descriptor for

Returns:

the SPSSODescriptorElement for the requested idp entity

Throws:

SAML2MetaException - if there is a problem looking up the IDPSSODescriptorElement.

getPostBindingMsg

public static String getPostBindingMsg(IDPSSODescriptorElement idpsso,
                                       SPSSODescriptorElement spsso,
                                       Map spConfigAttrsMap,
                                       AuthnRequest authnRequest)
                                throws SAML2Exception

Gets the Post Binding message

Parameters:

idpsso -

spsso -

spConfigAttrsMap -

authnRequest -

Returns:

Throws:

SAML2Exception

initiateECPRequest

public static void initiateECPRequest(javax.servlet.http.HttpServletRequest request,
                                      javax.servlet.http.HttpServletResponse response)
                               throws SAML2Exception,
                                      IOException

Parses the request parameters and builds ECP Request to sent to the IDP.

Parameters:

request - the HttpServletRequest.

response - the HttpServletResponse.

Throws:

SAML2Exception - if error creating AuthnRequest.

IOException - if error sending AuthnRequest to ECP.

isFromECP

public static boolean isFromECP(javax.servlet.http.HttpServletRequest request)

Checks if the request is from ECP.

Parameters:

request - the HttpServletRequest.

Returns:

true if the request is from ECP.

createAuthnRequest

public static AuthnRequest createAuthnRequest(javax.servlet.http.HttpServletRequest request,
                                              javax.servlet.http.HttpServletResponse response,
                                              String realmName,
                                              String spEntityID,
                                              String idpEntityID,
                                              Map paramsMap,
                                              Map spConfigMap,
                                              List extensionsList,
                                              SPSSODescriptorElement spsso,
                                              IDPSSODescriptorElement idpsso,
                                              String ssourl,
                                              boolean isForECP)
                                       throws SAML2Exception

Create an AuthnRequest.

Parameters:

request - the Http request object.

response - the http response object.

realmName - the authentication realm for this request

spEntityID - the entity id for the service provider

idpEntityID - the entity id for the identity provider

paramsMap - the map of parameters for the authentication request

spConfigMap - the configuration map for the service provider

extensionsList - a list of extendsions for the authentication request

spsso - the SPSSODescriptorElement for theservcie provider

idpsso - the IDPSSODescriptorElement for the identity provider

ssourl - the url for the single sign on request

isForECP - boolean to indicatge if the request originated from an ECP

Returns:

a new AuthnRequest object

Throws:

SAML2Exception

getAttrValueFromMap

public static Boolean getAttrValueFromMap(Map attrMap,
                                          String attrName)

Returns value of an boolean parameter in the SP SSO Config.

Parameters:

attrMap - the map of attributes for the sso config

attrName - the key to get the boolean value for

Returns:

the value of the parameter in the sso config or null if the attribute was not found or was not a boolean parameter

getSingleSignOnServiceEndpoint

public static SingleSignOnServiceElement getSingleSignOnServiceEndpoint(List<SingleSignOnServiceElement> ssoServiceList,
                                                                        String binding)

Returns the SingleSignOnService service. If no binding is specified it will return the first endpoint in the list matching either HTTP-Redirect or HTTP-Post. If the binding is specified it will attempt to return a match. If either of the above is not found it will return null.

Parameters:

ssoServiceList - list of sso services

binding - binding of the sso service to get the url for

Returns:

a SingleSignOnServiceElement or null if no match found.

getRealm

public static String getRealm(String realm)

Fills in the realm with the default top level realm if it does not contain a more specific subrealm. i.e. if it is null or empty it becomes "/"

Parameters:

realm - the current realm

Returns:

the realm to use

getParameter

public static String getParameter(Map paramsMap,
                                  String attrName)

Gets the query parameter value for the param specified.

Parameters:

paramsMap - the map of parameters

attrName - the parameter name to get the value for

Returns:

the string value for the given parameter

getExtensionsList

public static List getExtensionsList(String entityID,
                                     String realm)

Gets the extensions list for the sp entity.

Parameters:

entityID - the entity of the id for get the extensions list for

realm - the realm that the entity is configured in

Returns:

a List ofd the extensions for the sso request

getRelayStateID

public static String getRelayStateID(String relayState,
                                     String requestID)

Gets the Relay State ID for the request.

Parameters:

relayState - the relay state

requestID - the request id

Returns:

the relay state id

signQueryString

public static String signQueryString(String queryString,
                                     String certAlias)
                              throws SAML2Exception

Signs the query string.

Parameters:

queryString - the query string

certAlias - the certificate alias

Returns:

the signed query string

Throws:

SAML2Exception

signAuthnRequest

public static void signAuthnRequest(String certAlias,
                                    AuthnRequest authnRequest)
                             throws SAML2Exception

Sign an authentication request.

Parameters:

certAlias - the certificate alias

authnRequest - the authentication request to sign

Throws:

SAML2Exception - the signed authentication request