SAMLAssertion getSAMLAssertionFromACSResponse(HttpServletRequest request) { String securityTokenResponse = request.getParameter("wresult"); Utils.logDebug("wsresult in the response from ACS is " + securityTokenResponse, LOG); if (securityTokenResponse == null) { return null; } // None of Java XML objects are thread-safe. Better to create instance on demand rather than // caching. DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance(); docBuilderFactory.setNamespaceAware(true); // very important, must DocumentBuilder docBuilder; SAMLAssertion assertion = null; try { docBuilder = docBuilderFactory.newDocumentBuilder(); Document respDoc = docBuilder.parse(new ByteArrayInputStream(Utils.getUTF8Bytes(securityTokenResponse))); // Find the response token Element responseToken = (Element) respDoc .getDocumentElement() .getElementsByTagNameNS( "http://schemas.xmlsoap.org/ws/2005/02/trust", "RequestedSecurityToken") .item(0); assertion = SAMLAssertion.getAssertionFromSecurityToken(responseToken); } catch (Exception e) { Utils.logError("Exception while parsing the security token response from ACS.", e, LOG); } return assertion; }
void invokeChainWithRemoteUser( FilterChain chain, HttpServletRequest httpRequest, HttpServletResponse httpResponse, SAMLAssertion assertion) throws IOException, ServletException { // set assertion as an attribute in the request try { httpRequest.setAttribute( ACS_SAML, Utils.getXMLStringFromNode(assertion.getAssertionXMLElement())); } catch (Exception e) { Utils.logError("Invalid Saml Content.", e, LOG); throw new ServletException("Invalid SAML Content"); } String remoteUser = getUserFromAssertion(assertion); invokeChainWithRemoteUser(chain, httpRequest, httpResponse, remoteUser); }