SAMLAssertion getSAMLAssertionFromACSResponse(HttpServletRequest request) {
String securityTokenResponse = request.getParameter("wresult");
Utils.logDebug("wsresult in the response from ACS is " + securityTokenResponse, LOG);
if (securityTokenResponse == null) {
return null;
}
// None of Java XML objects are thread-safe. Better to create instance on demand rather than
// caching.
DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
docBuilderFactory.setNamespaceAware(true); // very important, must
DocumentBuilder docBuilder;
SAMLAssertion assertion = null;
try {
docBuilder = docBuilderFactory.newDocumentBuilder();
Document respDoc =
docBuilder.parse(new ByteArrayInputStream(Utils.getUTF8Bytes(securityTokenResponse)));
// Find the response token
Element responseToken =
(Element)
respDoc
.getDocumentElement()
.getElementsByTagNameNS(
"http://schemas.xmlsoap.org/ws/2005/02/trust", "RequestedSecurityToken")
.item(0);
assertion = SAMLAssertion.getAssertionFromSecurityToken(responseToken);
} catch (Exception e) {
Utils.logError("Exception while parsing the security token response from ACS.", e, LOG);
}
return assertion;
}
void invokeChainWithRemoteUser(
FilterChain chain,
HttpServletRequest httpRequest,
HttpServletResponse httpResponse,
SAMLAssertion assertion)
throws IOException, ServletException {
// set assertion as an attribute in the request
try {
httpRequest.setAttribute(
ACS_SAML, Utils.getXMLStringFromNode(assertion.getAssertionXMLElement()));
} catch (Exception e) {
Utils.logError("Invalid Saml Content.", e, LOG);
throw new ServletException("Invalid SAML Content");
}
String remoteUser = getUserFromAssertion(assertion);
invokeChainWithRemoteUser(chain, httpRequest, httpResponse, remoteUser);
}