com.sun.identity.wsfederation.common

Class WSFederationUtils

java.lang.Object

com.sun.identity.wsfederation.common.WSFederationUtils

public class WSFederationUtils
extends Object

Utility methods for WS-Federation implementation.

Field Summary

Fields

Modifier and Type	Field and Description
static ResourceBundle	bundle Resource bundle for the WS-Federation implementation.
static Debug	debug Debug instance for use by WS-Federation implementation.
static DataStoreProvider	dsProvider
static SessionProvider	sessionProvider

Method Summary

Modifier and Type	Method and Description
static String	accountRealmFromUserAgent(String uaHeader, String accountRealmCookieName) Extracts the home account realm from the user agent HTTP header.
static SAML11RequestedSecurityToken	createSAML11Token(String realm, String idpEntityId, String spEntityId, Object session, String spTokenIssuerName, String authMethod, boolean wantAssertionSigned) Creates a SAML 1.1 token object based on the provided details.
static WSFederationMetaManager	getMetaManager() Returns an instance of WSFederationMetaManager.
static boolean	isSignatureValid(Assertion assertion, String realm, String issuer) Determine the validity of the signature on the Assertion
static boolean	isTimeValid(Assertion assertion, int timeskew) Determines the timeliness of the assertion.
static boolean	isWReplyURLValid(javax.servlet.http.HttpServletRequest request, String relayState) Convenience method to validate a WSFederation wreply URL, often called from a JSP.
static boolean	isWReplyURLValid(String metaAlias, String wreply, String role) Convenience method to validate a WSFederation wreply URL, often called from a JSP.
static void	processMultiProtocolLogout(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, Object userSession) Processes Single Logout cross multiple federation protocols
static String	putReplyURL(String wreply) Put a reply URL in the wctx->wreply map.
static String	removeReplyURL(String wctx) Remove and return a reply URL from the wctx->wreply map.
static void	validateWReplyURL(String orgName, String hostEntityId, String wreply, String role) Validates the Wreply URL against a list of wreply State URLs created on the hosted service provider.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

debug

public static Debug debug

Debug instance for use by WS-Federation implementation.

bundle

public static ResourceBundle bundle

Resource bundle for the WS-Federation implementation.

dsProvider

public static DataStoreProvider dsProvider

sessionProvider

public static SessionProvider sessionProvider

Method Detail

getMetaManager

public static WSFederationMetaManager getMetaManager()

Returns an instance of WSFederationMetaManager.

Returns:

an instance of WSFederationMetaManager.

accountRealmFromUserAgent

public static String accountRealmFromUserAgent(String uaHeader,
                                               String accountRealmCookieName)

Extracts the home account realm from the user agent HTTP header.

Parameters:

uaHeader - user agent HTTP header. User agent header must be semi-colon separated, of the form Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1; amWSFederationAccountRealm:Adatum Corp).

accountRealmCookieName - identifier with which to search user agent HTTP header.

Returns:

the home account realm name.

putReplyURL

public static String putReplyURL(String wreply)

Put a reply URL in the wctx->wreply map.

Parameters:

wreply - reply URL

Returns:

value for WS-Federation context parameter (wctx).

removeReplyURL

public static String removeReplyURL(String wctx)

Remove and return a reply URL from the wctx->wreply map.

Parameters:

wctx - WS-Federation context parameter

Returns:

reply URL

isSignatureValid

public static boolean isSignatureValid(Assertion assertion,
                                       String realm,
                                       String issuer)

Determine the validity of the signature on the Assertion

Parameters:

assertion - SAML 1.1 Assertion

realm - Realm for the issuer

issuer - Assertion issuer - used to retrieve certificate for signature validation.

Returns:

true if the signature on the object is valid; false otherwise.

isTimeValid

public static boolean isTimeValid(Assertion assertion,
                                  int timeskew)

Determines the timeliness of the assertion.

Parameters:

assertion - SAML 1.1 Assertion

timeskew - in seconds

Returns:

true if the current time is after the Assertion's notBefore time - timeskew AND the current time is before the Assertion's notOnOrAfter time + timeskew

processMultiProtocolLogout

public static void processMultiProtocolLogout(javax.servlet.http.HttpServletRequest request,
                                              javax.servlet.http.HttpServletResponse response,
                                              Object userSession)

Processes Single Logout cross multiple federation protocols

Parameters:

request - HttpServletRequest object.

response - HttpServletResponse object

isWReplyURLValid

public static boolean isWReplyURLValid(javax.servlet.http.HttpServletRequest request,
                                       String relayState)

Convenience method to validate a WSFederation wreply URL, often called from a JSP.

Parameters:

request - Used to help establish the realm and hostEntityID.

relayState - The URL to validate.

Returns:

true if the wreply is valid.

isWReplyURLValid

public static boolean isWReplyURLValid(String metaAlias,
                                       String wreply,
                                       String role)

Convenience method to validate a WSFederation wreply URL, often called from a JSP.

Parameters:

metaAlias - The metaAlias of the hosted entity.

wreply - The URL to validate.

role - The role of the caller.

Returns:

true if the wreply is valid.

validateWReplyURL

public static void validateWReplyURL(String orgName,
                                     String hostEntityId,
                                     String wreply,
                                     String role)
                              throws WSFederationException

Validates the Wreply URL against a list of wreply State URLs created on the hosted service provider.

Parameters:

orgName - realm or organization name the provider resides in.

hostEntityId - Entity ID of the hosted provider.

wreply - wreply URL.

role - IDP/SP Role.

Throws:

WSFederationException - if the processing failed.

createSAML11Token

public static SAML11RequestedSecurityToken createSAML11Token(String realm,
                                                             String idpEntityId,
                                                             String spEntityId,
                                                             Object session,
                                                             String spTokenIssuerName,
                                                             String authMethod,
                                                             boolean wantAssertionSigned)
                                                      throws WSFederationException

Creates a SAML 1.1 token object based on the provided details.

Parameters:

realm - The realm of the WS-Fed entities

idpEntityId - The WS-Fed IdP (IP) entity ID.

spEntityId - The WS-Fed SP (RP) entity ID.

session - The authenticated session object.

spTokenIssuerName - The name of the token issuer corresponding to the SP (RP).

authMethod - The authentication method to specify in the AuthenticationStatement.

wantAssertionSigned - Whether the assertion should be signed.

Returns:

A SAML1.1 token.

Throws:

WSFederationException - If there was an error while creating the SAML1.1 token.