ProtocolContext protocolContext = new HTTPContext(request, response, context);
// Create the request/response
SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext, holder.getIssuer(),
null, HANDLER_TYPE.SP);
SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
saml2HandlerResponse.setDestination(identityURL);
// Reset the state
try {
for (SAML2Handler handler : handlers) {
handler.reset();
if (saml2HandlerResponse.isInError()) {
response.sendError(saml2HandlerResponse.getErrorCode());
break;
}
if (logOutRequest)
saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.LOGOUT);
else
saml2HandlerRequest.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.AUTH);
handler.generateSAMLRequest(saml2HandlerRequest, saml2HandlerResponse);
}
} catch (ProcessingException pe) {
throw new RuntimeException(pe);
}
Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
String relayState = saml2HandlerResponse.getRelayState();
String destination = saml2HandlerResponse.getDestination();
if (destination != null && samlResponseDocument != null) {
try {
this.sendToDestination(samlResponseDocument, relayState, destination, response,
saml2HandlerResponse.getSendRequest());
} catch (Exception e) {
if (trace)
log.trace("Exception:", e);
throw new ServletException(ErrorCodes.SERVICE_PROVIDER_SERVER_EXCEPTION + "Server Error");
}
return;
}
}
// See if we got a response from IDP
if (isNotNull(samlResponse)) {
boolean isValid = false;
try {
isValid = this.validate(request);
} catch (Exception e) {
throw new ServletException(e);
}
if (!isValid)
throw new ServletException(ErrorCodes.VALIDATION_CHECK_FAILED + "Validity check failed");
// deal with SAML response from IDP
byte[] base64DecodedResponse = PostBindingUtil.base64Decode(samlResponse);
InputStream is = new ByteArrayInputStream(base64DecodedResponse);
// Are we going to send Request to IDP?
boolean willSendRequest = true;
try {
SAML2Response saml2Response = new SAML2Response();
SAML2Object samlObject = saml2Response.getSAML2ObjectFromStream(is);
SAMLDocumentHolder documentHolder = saml2Response.getSamlDocumentHolder();
if (!ignoreSignatures) {
if (!verifySignature(documentHolder))
throw new ServletException(ErrorCodes.INVALID_DIGITAL_SIGNATURE + "Cannot verify sender");
}
Set<SAML2Handler> handlers = chain.handlers();
IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
ProtocolContext protocolContext = new HTTPContext(request, response, context);
// Create the request/response
SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext,
holder.getIssuer(), documentHolder, HANDLER_TYPE.SP);
if (keyManager != null)
saml2HandlerRequest.addOption(GeneralConstants.DECRYPTING_KEY, keyManager.getSigningKey());
SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
// Deal with handler chains
for (SAML2Handler handler : handlers) {
if (saml2HandlerResponse.isInError()) {
response.sendError(saml2HandlerResponse.getErrorCode());
break;
}
if (samlObject instanceof RequestAbstractType) {
handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
willSendRequest = false;
} else {
handler.handleStatusResponseType(saml2HandlerRequest, saml2HandlerResponse);
}
}
Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
String relayState = saml2HandlerResponse.getRelayState();
String destination = saml2HandlerResponse.getDestination();
if (destination != null && samlResponseDocument != null) {
this.sendToDestination(samlResponseDocument, relayState, destination, response, willSendRequest);
return;
}
// See if the session has been invalidated
try {
session.isNew();
} catch (IllegalStateException ise) {
// we are invalidated.
RequestDispatcher dispatch = context.getRequestDispatcher(this.logOutPage);
if (dispatch == null)
log.error("Cannot dispatch to the logout page: no request dispatcher:" + this.logOutPage);
else
dispatch.forward(request, response);
return;
}
filterChain.doFilter(request, servletResponse);
} catch (Exception e) {
log.error("Server Exception:", e);
throw new ServletException(ErrorCodes.SERVICE_PROVIDER_SERVER_EXCEPTION);
}
}
if (isNotNull(samlRequest)) {
// we got a logout request
// deal with SAML response from IDP
byte[] base64DecodedRequest = PostBindingUtil.base64Decode(samlRequest);
InputStream is = new ByteArrayInputStream(base64DecodedRequest);
// Are we going to send Request to IDP?
boolean willSendRequest = false;
try {
SAML2Request saml2Request = new SAML2Request();
SAML2Object samlObject = saml2Request.getSAML2ObjectFromStream(is);
SAMLDocumentHolder documentHolder = saml2Request.getSamlDocumentHolder();
if (!ignoreSignatures) {
if (!verifySignature(documentHolder))
throw new ServletException(ErrorCodes.INVALID_DIGITAL_SIGNATURE + "Cannot verify sender");
}
Set<SAML2Handler> handlers = chain.handlers();
IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
ProtocolContext protocolContext = new HTTPContext(request, response, context);
// Create the request/response
SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext,
holder.getIssuer(), documentHolder, HANDLER_TYPE.SP);
if (keyManager != null)
saml2HandlerRequest.addOption(GeneralConstants.DECRYPTING_KEY, keyManager.getSigningKey());
SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
// Deal with handler chains
for (SAML2Handler handler : handlers) {
if (saml2HandlerResponse.isInError()) {
response.sendError(saml2HandlerResponse.getErrorCode());
break;
}
if (samlObject instanceof RequestAbstractType) {
handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
willSendRequest = false;
} else {
handler.handleStatusResponseType(saml2HandlerRequest, saml2HandlerResponse);
}
}
Document samlResponseDocument = saml2HandlerResponse.getResultingDocument();
String relayState = saml2HandlerResponse.getRelayState();
String destination = saml2HandlerResponse.getDestination();
if (destination != null && samlResponseDocument != null) {
this.sendToDestination(samlResponseDocument, relayState, destination, response, willSendRequest);
return;
}