예제 #1
0
 @GET
 public Response redirectBinding(
     @QueryParam(GeneralConstants.SAML_REQUEST_KEY) String samlRequest,
     @QueryParam(GeneralConstants.SAML_RESPONSE_KEY) String samlResponse,
     @QueryParam(GeneralConstants.RELAY_STATE) String relayState) {
   logger.debug("SAML GET");
   CacheControlUtil.noBackButtonCacheControlHeader();
   return new RedirectBindingProtocol().execute(samlRequest, samlResponse, relayState);
 }
예제 #2
0
  @GET
  @Path("clients/{client}")
  @Produces(MediaType.TEXT_HTML)
  public Response idpInitiatedSSO(
      @PathParam("client") String clientUrlName, @QueryParam("RelayState") String relayState) {
    event.event(EventType.LOGIN);
    CacheControlUtil.noBackButtonCacheControlHeader();
    ClientModel client = null;
    for (ClientModel c : realm.getClients()) {
      String urlName = c.getAttribute(SamlProtocol.SAML_IDP_INITIATED_SSO_URL_NAME);
      if (urlName == null) continue;
      if (urlName.equals(clientUrlName)) {
        client = c;
        break;
      }
    }
    if (client == null) {
      event.error(Errors.CLIENT_NOT_FOUND);
      return ErrorPage.error(session, Messages.CLIENT_NOT_FOUND);
    }
    if (client.getManagementUrl() == null
        && client.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE) == null
        && client.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE)
            == null) {
      logger.error("SAML assertion consumer url not set up");
      event.error(Errors.INVALID_REDIRECT_URI);
      return ErrorPage.error(session, Messages.INVALID_REDIRECT_URI);
    }

    String bindingType = SamlProtocol.SAML_POST_BINDING;
    if (client.getManagementUrl() == null
        && client.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE) == null
        && client.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE)
            != null) {
      bindingType = SamlProtocol.SAML_REDIRECT_BINDING;
    }

    String redirect = null;
    if (bindingType.equals(SamlProtocol.SAML_REDIRECT_BINDING)) {
      redirect = client.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE);
    } else {
      redirect = client.getAttribute(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE);
    }
    if (redirect == null) {
      redirect = client.getManagementUrl();
    }

    ClientSessionModel clientSession = session.sessions().createClientSession(realm, client);
    clientSession.setAuthMethod(SamlProtocol.LOGIN_PROTOCOL);
    clientSession.setAction(ClientSessionModel.Action.AUTHENTICATE.name());
    clientSession.setNote(SamlProtocol.SAML_BINDING, SamlProtocol.SAML_POST_BINDING);
    clientSession.setNote(SamlProtocol.SAML_IDP_INITIATED_LOGIN, "true");
    clientSession.setRedirectUri(redirect);

    if (relayState == null) {
      relayState = client.getAttribute(SamlProtocol.SAML_IDP_INITIATED_SSO_RELAY_STATE);
    }
    if (relayState != null && !relayState.trim().equals("")) {
      clientSession.setNote(GeneralConstants.RELAY_STATE, relayState);
    }

    return newBrowserAuthentication(clientSession, false, false);
  }