Package com.sun.identity.saml2.profile

Class SPSSOFederate

  • public class SPSSOFederate
extends Object
    This class reads the query parameters and performs the required processing logic for sending Authentication Request from SP to IDP.

    • Constructor Detail

      • SPSSOFederate

        public SPSSOFederate()

    • Method Detail

      • initiateAuthnRequest

        public static void initiateAuthnRequest​(jakarta.servlet.http.HttpServletRequest request,
                                        jakarta.servlet.http.HttpServletResponse response,
                                        String metaAlias,
                                        String idpEntityID,
                                        Map paramsMap,
                                        SAML2EventLogger auditor)
                                 throws SAML2Exception
        Parses the request parameters and builds the Authentication Request to sent to the IDP.
        Parameters:
        request - the HttpServletRequest.
        response - the HttpServletResponse.
        metaAlias - metaAlias to locate the service providers.
        idpEntityID - entityID of Identity Provider.
        paramsMap - Map of all other parameters.The key in the map are of the type String. The values in the paramsMap are of the type List. Some of the possible keys are:RelayState,NameIDFormat, reqBinding, binding, AssertionConsumerServiceIndex, AttributeConsumingServiceIndex (currently not supported), isPassive, ForceAuthN, AllowCreate, Destination, AuthnContextDeclRef, AuthnContextClassRef, AuthComparison, Consent (currently not supported), AuthLevel, and sunamcompositeadvice.
        auditor - the SAML2EventLogger to use to log the saml request - may be null
        Throws:
        SAML2Exception - if error initiating request to IDP.

      • getSPEntityId

        public static String getSPEntityId​(String metaAlias)
                            throws SAML2MetaException
        Gets the SP Entity ID from the metaAlias.
        Parameters:
        metaAlias - the metaAlias String
        Returns:
        the EntityId of the SP from the meta Alias
        Throws:
        SAML2MetaException - if there was a problem extracting

      • getRedirect

        public static String getRedirect​(String authReqXMLString,
                                 String relayStateID,
                                 String ssoURL,
                                 IDPSSODescriptorElement idpsso,
                                 SPSSODescriptorElement spsso,
                                 Map spConfigAttrsMap)
                          throws SAML2Exception
        Gets the redirect String.
        Parameters:
        authReqXMLString - Auth Request XML.
        relayStateID - the id of the relay state
        ssoURL - the url for the reidrect
        idpsso - the idp descriptor to use
        spsso - the sp descriptor to use
        spConfigAttrsMap - the sp configuration details
        Returns:
        a String to use for the redirect request.
        Throws:
        SAML2Exception - if there is a problem creating the redirect string

      • getSPSSOForAuthnReq

        public static SPSSODescriptorElement getSPSSOForAuthnReq​(String realm,
                                                         String spEntityID)
                                                  throws SAML2MetaException
        Gets the SP SSO Descriptor for the given sp entity id in the given realm.
        Parameters:
        realm - the realm the sp is configured in
        spEntityID - the entity id of the sp to get the Descriptor for
        Returns:
        the SPSSODescriptorElement for the requested sp entity
        Throws:
        SAML2MetaException - if there is a problem looking up the SPSSODescriptorElement.

      • getAttrsMapForAuthnReq

        public static Map<String,​Collection<String>> getAttrsMapForAuthnReq​(String realm,
                                                                          String spEntityID)
                                                                   throws SAML2MetaException
        Gets the Configuration attributes for the given sp entity id in the given realm.
        Parameters:
        realm - the realm the sp is configured in
        spEntityID - the entity id of the sp to get the attributes map for
        Returns:
        a map of SAML2 Attributes with String keys mapped to a collection of values
        Throws:
        SAML2MetaException

      • getIDPSSOForAuthnReq

        public static IDPSSODescriptorElement getIDPSSOForAuthnReq​(String realm,
                                                           String idpEntityID)
                                                    throws SAML2MetaException
        Gets the IDP SSO Descriptor for the given sp entity id in the given realm.
        Parameters:
        realm - the realm the idp is configured in
        idpEntityID - the entity id of the idp[ to get the Descriptor for
        Returns:
        the SPSSODescriptorElement for the requested idp entity
        Throws:
        SAML2MetaException - if there is a problem looking up the IDPSSODescriptorElement.

      • initiateECPRequest

        public static void initiateECPRequest​(jakarta.servlet.http.HttpServletRequest request,
                                      jakarta.servlet.http.HttpServletResponse response)
                               throws SAML2Exception,
                                      IOException
        Parses the request parameters and builds ECP Request to sent to the IDP.
        Parameters:
        request - the HttpServletRequest.
        response - the HttpServletResponse.
        Throws:
        SAML2Exception - if error creating AuthnRequest.
        IOException - if error sending AuthnRequest to ECP.

      • isFromECP

        public static boolean isFromECP​(jakarta.servlet.http.HttpServletRequest request)
        Checks if the request is from ECP.
        Parameters:
        request - the HttpServletRequest.
        Returns:
        true if the request is from ECP.

      • createAuthnRequest

        public static AuthnRequest createAuthnRequest​(jakarta.servlet.http.HttpServletRequest request,
                                              jakarta.servlet.http.HttpServletResponse response,
                                              String realmName,
                                              String spEntityID,
                                              String idpEntityID,
                                              Map paramsMap,
                                              Map spConfigMap,
                                              List extensionsList,
                                              SPSSODescriptorElement spsso,
                                              IDPSSODescriptorElement idpsso,
                                              String ssourl,
                                              boolean isForECP)
                                       throws SAML2Exception
        Create an AuthnRequest.
        Parameters:
        request - the Http request object.
        response - the http response object.
        realmName - the authentication realm for this request
        spEntityID - the entity id for the service provider
        idpEntityID - the entity id for the identity provider
        paramsMap - the map of parameters for the authentication request
        spConfigMap - the configuration map for the service provider
        extensionsList - a list of extendsions for the authentication request
        spsso - the SPSSODescriptorElement for theservcie provider
        idpsso - the IDPSSODescriptorElement for the identity provider
        ssourl - the url for the single sign on request
        isForECP - boolean to indicatge if the request originated from an ECP
        Returns:
        a new AuthnRequest object
        Throws:
        SAML2Exception

      • getAttrValueFromMap

        public static Boolean getAttrValueFromMap​(Map attrMap,
                                          String attrName)
        Returns value of an boolean parameter in the SP SSO Config.
        Parameters:
        attrMap - the map of attributes for the sso config
        attrName - the key to get the boolean value for
        Returns:
        the value of the parameter in the sso config or null if the attribute was not found or was not a boolean parameter

      • getSingleSignOnServiceEndpoint

        public static SingleSignOnServiceElement getSingleSignOnServiceEndpoint​(List<SingleSignOnServiceElement> ssoServiceList,
                                                                        String binding)
        Returns the SingleSignOnService service. If no binding is specified it will return the first endpoint in the list matching either HTTP-Redirect or HTTP-Post. If the binding is specified it will attempt to return a match. If either of the above is not found it will return null.
        Parameters:
        ssoServiceList - list of sso services
        binding - binding of the sso service to get the url for
        Returns:
        a SingleSignOnServiceElement or null if no match found.

      • getRealm

        public static String getRealm​(String realm)
        Fills in the realm with the default top level realm if it does not contain a more specific subrealm. i.e. if it is null or empty it becomes "/"
        Parameters:
        realm - the current realm
        Returns:
        the realm to use

      • getParameter

        public static String getParameter​(Map paramsMap,
                                  String attrName)
        Gets the query parameter value for the param specified.
        Parameters:
        paramsMap - the map of parameters
        attrName - the parameter name to get the value for
        Returns:
        the string value for the given parameter

      • getExtensionsList

        public static List getExtensionsList​(String entityID,
                                     String realm)
        Gets the extensions list for the sp entity.
        Parameters:
        entityID - the entity of the id for get the extensions list for
        realm - the realm that the entity is configured in
        Returns:
        a List ofd the extensions for the sso request

      • getRelayStateID

        public static String getRelayStateID​(String relayState,
                                     String requestID)
        Gets the Relay State ID for the request.
        Parameters:
        relayState - the relay state
        requestID - the request id
        Returns:
        the relay state id

      • signQueryString

        public static String signQueryString​(String queryString,
                                     String certAlias)
                              throws SAML2Exception
        Signs the query string.
        Parameters:
        queryString - the query string
        certAlias - the certificate alias
        Returns:
        the signed query string
        Throws:
        SAML2Exception

      • signAuthnRequest

        public static void signAuthnRequest​(String certAlias,
                                    AuthnRequest authnRequest)
                             throws SAML2Exception
        Sign an authentication request.
        Parameters:
        certAlias - the certificate alias
        authnRequest - the authentication request to sign
        Throws:
        SAML2Exception - the signed authentication request