if (trace)
log.trace("Login Filters have not been configured");
response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
}
IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request, idpConfiguration, keyManager);
webRequestUtil.setCanonicalizationMethod(canonicalizationMethod);
boolean willSendRequest = true;
if (userPrincipal != null) {
if (trace) {
log.trace("Retrieved saml message and relay state from session");
log.trace("saml Request message=" + samlRequestMessage + "::relay state=" + relayState);
log.trace("saml Response message=" + samlResponseMessage + "::relay state=" + relayState);
}
session.removeAttribute(GeneralConstants.SAML_REQUEST_KEY);
session.removeAttribute(GeneralConstants.SAML_RESPONSE_KEY);
if (isNotNull(relayState))
session.removeAttribute(GeneralConstants.RELAY_STATE);
SAMLDocumentHolder samlDocumentHolder = null;
SAML2Object samlObject = null;
String destination = null;
Document samlResponse = null;
if (samlResponseMessage != null) {
StatusResponseType statusResponseType = null;
try {
samlDocumentHolder = webRequestUtil.getSAMLDocumentHolder(samlResponseMessage);
samlObject = samlDocumentHolder.getSamlObject();
boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
boolean isValid = validate(request.getRemoteAddr(), request.getQueryString(), new SessionHolder(
samlResponseMessage, null), isPost);
if (!isValid)
throw new GeneralSecurityException("Validation check failed");
String issuer = null;
IssuerInfoHolder idpIssuer = new IssuerInfoHolder(this.identityURL);
ProtocolContext protocolContext = new HTTPContext(request, response, context);
// Create the request/response
SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext,
idpIssuer.getIssuer(), samlDocumentHolder, HANDLER_TYPE.IDP);
saml2HandlerRequest.setRelayState(relayState);
SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
Set<SAML2Handler> handlers = chain.handlers();
if (samlObject instanceof StatusResponseType) {
statusResponseType = (StatusResponseType) samlObject;
issuer = statusResponseType.getIssuer().getValue();
webRequestUtil.isTrusted(issuer);
if (handlers != null) {
for (SAML2Handler handler : handlers) {
handler.reset();
handler.handleStatusResponseType(saml2HandlerRequest, saml2HandlerResponse);
willSendRequest = saml2HandlerResponse.getSendRequest();
}
}
} else
throw new RuntimeException(ErrorCodes.UNSUPPORTED_TYPE + "Unknown type:"
+ samlObject.getClass().getName());
samlResponse = saml2HandlerResponse.getResultingDocument();
relayState = saml2HandlerResponse.getRelayState();
destination = saml2HandlerResponse.getDestination();
} catch (Exception e) {
throw new RuntimeException(e);
}
} else
// Send valid saml response after processing the request
if (samlRequestMessage != null) {
// Get the SAML Request Message
RequestAbstractType requestAbstractType = null;
try {
samlDocumentHolder = webRequestUtil.getSAMLDocumentHolder(samlRequestMessage);
samlObject = samlDocumentHolder.getSamlObject();
boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
boolean isValid = validate(request.getRemoteAddr(), request.getQueryString(), new SessionHolder(
samlRequestMessage, null), isPost);
if (!isValid)
throw new GeneralSecurityException(ErrorCodes.VALIDATION_CHECK_FAILED + "Validation check failed");
String issuer = null;
IssuerInfoHolder idpIssuer = new IssuerInfoHolder(this.identityURL);
ProtocolContext protocolContext = new HTTPContext(request, response, context);
// Create the request/response
SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext,
idpIssuer.getIssuer(), samlDocumentHolder, HANDLER_TYPE.IDP);
saml2HandlerRequest.setRelayState(relayState);
// Set the options on the handler request
Map<String, Object> requestOptions = new HashMap<String, Object>();
requestOptions.put(GeneralConstants.ROLE_GENERATOR, roleGenerator);
requestOptions.put(GeneralConstants.CONFIGURATION, this.idpConfiguration);
Map<String, Object> attribs = this.attribManager.getAttributes(userPrincipal, attributeKeys);
requestOptions.put(GeneralConstants.ATTRIBUTES, attribs);
saml2HandlerRequest.setOptions(requestOptions);
List<String> roles = (List<String>) session.getAttribute(GeneralConstants.ROLES_ID);
if (roles == null) {
roles = roleGenerator.generateRoles(userPrincipal);
session.setAttribute(GeneralConstants.ROLES_ID, roles);
}
SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
Set<SAML2Handler> handlers = chain.handlers();
if (samlObject instanceof RequestAbstractType) {
requestAbstractType = (RequestAbstractType) samlObject;
issuer = requestAbstractType.getIssuer().getValue();
webRequestUtil.isTrusted(issuer);
if (handlers != null) {
for (SAML2Handler handler : handlers) {
handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
willSendRequest = saml2HandlerResponse.getSendRequest();
}
}
} else
throw new RuntimeException(ErrorCodes.UNSUPPORTED_TYPE + "Unknown type:"
+ samlObject.getClass().getName());
samlResponse = saml2HandlerResponse.getResultingDocument();
relayState = saml2HandlerResponse.getRelayState();
destination = saml2HandlerResponse.getDestination();
} catch (IssuerNotTrustedException e) {
if (trace)
log.trace("Exception:", e);
samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get(),
this.identityURL, this.signOutgoingMessages);
} catch (ParsingException e) {
if (trace)
log.trace("Exception:", e);
samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
this.identityURL, this.signOutgoingMessages);
} catch (ConfigurationException e) {
if (trace)
log.trace("Exception:", e);
samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
this.identityURL, this.signOutgoingMessages);
} catch (IssueInstantMissingException e) {
if (trace)
log.trace("Exception:", e);
samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
this.identityURL, this.signOutgoingMessages);
} catch (GeneralSecurityException e) {
if (trace)
log.trace("Security Exception:", e);
samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
this.identityURL, this.signOutgoingMessages);
} catch (Exception e) {
if (trace)
log.trace("Exception:", e);
samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
this.identityURL, this.signOutgoingMessages);
}
} else {
log.error("No SAML Request Message");
if (trace)
log.trace("Referer=" + referer);
try {
sendErrorResponseToSP(referer, response, relayState, webRequestUtil);
return;
} catch (ConfigurationException e) {
if (trace)
log.trace(e);
}
}
try {
if (samlResponse == null)
throw new ServletException(ErrorCodes.NULL_VALUE + "SAML Response has not been generated");
WebRequestUtilHolder holder = webRequestUtil.getHolder();
holder.setResponseDoc(samlResponse).setDestination(destination).setRelayState(relayState)
.setAreWeSendingRequest(willSendRequest).setPrivateKey(null).setSupportSignature(false)
.setServletResponse(response);
holder.setPostBindingRequested(true);
if (this.signOutgoingMessages) {
holder.setPrivateKey(keyManager.getSigningKey()).setSupportSignature(true);
}
if (strictPostBinding)
holder.setStrictPostBinding(strictPostBinding);
webRequestUtil.send(holder);
} catch (ParsingException e) {
if (trace)
log.trace(e);
} catch (GeneralSecurityException e) {
if (trace)