/** * when getting query params through this, only configured params will be appended as query params * The required params can be configured from application-authenticators.xml * * @param request * @return */ public static String getQueryStringWithConfiguredParams(HttpServletRequest request) { boolean configAvailable = FileBasedConfigurationBuilder.getInstance().isAuthEndpointQueryParamsConfigAvailable(); List<String> queryParams = FileBasedConfigurationBuilder.getInstance().getAuthEndpointQueryParams(); String action = FileBasedConfigurationBuilder.getInstance().getAuthEndpointQueryParamsAction(); StringBuilder queryStrBuilder = new StringBuilder(""); Map<String, String[]> reqParamMap = request.getParameterMap(); if (configAvailable) { if (action != null && action.equals(FrameworkConstants.AUTH_ENDPOINT_QUERY_PARAMS_ACTION_EXCLUDE)) { if (reqParamMap != null) { for (Map.Entry<String, String[]> entry : reqParamMap.entrySet()) { String paramName = entry.getKey(); String paramValue = entry.getValue()[0]; // skip issuer and type and sessionDataKey parameters if (SESSION_DATA_KEY.equals(paramName) || FrameworkConstants.RequestParams.ISSUER.equals(paramName) || FrameworkConstants.RequestParams.TYPE.equals(paramName)) { continue; } if (!queryParams.contains(paramName)) { if (queryStrBuilder.length() > 0) { queryStrBuilder.append('&'); } try { queryStrBuilder .append(URLEncoder.encode(paramName, UTF_8)) .append('=') .append(URLEncoder.encode(paramValue, UTF_8)); } catch (UnsupportedEncodingException e) { log.error( "Error while URL Encoding query param to be sent to the AuthenticationEndpoint", e); } } } } } else { for (String param : queryParams) { String paramValue = request.getParameter(param); if (paramValue != null) { if (queryStrBuilder.length() > 0) { queryStrBuilder.append('&'); } try { queryStrBuilder .append(URLEncoder.encode(param, UTF_8)) .append('=') .append(URLEncoder.encode(paramValue, UTF_8)); } catch (UnsupportedEncodingException e) { log.error( "Error while URL Encoding query param to be sent to the AuthenticationEndpoint", e); } } } } } else { if (reqParamMap != null) { for (Map.Entry<String, String[]> entry : reqParamMap.entrySet()) { String paramName = entry.getKey(); String paramValue = entry.getValue()[0]; // skip issuer and type and sessionDataKey parameters if (SESSION_DATA_KEY.equals(paramName) || FrameworkConstants.RequestParams.ISSUER.equals(paramName) || FrameworkConstants.RequestParams.TYPE.equals(paramName)) { continue; } if (queryStrBuilder.length() > 0) { queryStrBuilder.append('&'); } try { queryStrBuilder .append(URLEncoder.encode(paramName, UTF_8)) .append('=') .append(URLEncoder.encode(paramValue, UTF_8)); } catch (UnsupportedEncodingException e) { log.error( "Error while URL Encoding query param to be sent to the AuthenticationEndpoint", e); } } } } return queryStrBuilder.toString(); }
/** * Returns the redirection URL with the appended SAML2 Request message * * @param request SAML 2 request * @return redirectionUrl */ @Override public String buildRequest( HttpServletRequest request, boolean isLogout, boolean isPassive, String loginPage, AuthenticationContext context) throws SAMLSSOException { doBootstrap(); String contextIdentifier = context.getContextIdentifier(); RequestAbstractType requestMessage; if (request.getParameter(SSOConstants.HTTP_POST_PARAM_SAML2_AUTH_REQ) == null) { String queryParam = context.getQueryParams(); if (queryParam != null) { String[] params = queryParam.split("&"); for (String param : params) { String[] values = param.split("="); if (values.length == 2 && SSOConstants.HTTP_POST_PARAM_SAML2_AUTH_REQ.equals(values[0])) { request.setAttribute(SSOConstants.HTTP_POST_PARAM_SAML2_AUTH_REQ, values[1]); break; } } } } if (!isLogout) { requestMessage = buildAuthnRequest(request, isPassive, loginPage, context); } else { String username = (String) request.getSession().getAttribute(SSOConstants.LOGOUT_USERNAME); String sessionIndex = (String) request.getSession().getAttribute(SSOConstants.LOGOUT_SESSION_INDEX); String nameQualifier = (String) request.getSession().getAttribute(SSOConstants.NAME_QUALIFIER); String spNameQualifier = (String) request.getSession().getAttribute(SSOConstants.SP_NAME_QUALIFIER); requestMessage = buildLogoutRequest(username, sessionIndex, loginPage, nameQualifier, spNameQualifier); } String idpUrl = null; boolean isSignAuth2SAMLUsingSuperTenant = false; String encodedRequestMessage = encodeRequestMessage(requestMessage); StringBuilder httpQueryString = new StringBuilder("SAMLRequest=" + encodedRequestMessage); try { httpQueryString.append("&RelayState=" + URLEncoder.encode(contextIdentifier, "UTF-8").trim()); } catch (UnsupportedEncodingException e) { throw new SAMLSSOException("Error occurred while url encoding RelayState", e); } if (SSOUtils.isAuthnRequestSigned(properties)) { String signatureAlgoProp = properties.get(IdentityApplicationConstants.Authenticator.SAML2SSO.SIGNATURE_ALGORITHM); if (StringUtils.isEmpty(signatureAlgoProp)) { signatureAlgoProp = IdentityApplicationConstants.XML.SignatureAlgorithm.RSA_SHA1; } String signatureAlgo = IdentityApplicationManagementUtil.getXMLSignatureAlgorithms().get(signatureAlgoProp); Map<String, String> parameterMap = FileBasedConfigurationBuilder.getInstance() .getAuthenticatorBean(SSOConstants.AUTHENTICATOR_NAME) .getParameterMap(); if (parameterMap.size() > 0) { isSignAuth2SAMLUsingSuperTenant = Boolean.parseBoolean(parameterMap.get(SIGN_AUTH2_SAML_USING_SUPER_TENANT)); } if (isSignAuth2SAMLUsingSuperTenant) { SSOUtils.addSignatureToHTTPQueryString( httpQueryString, signatureAlgo, new X509CredentialImpl(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME, null)); } else { SSOUtils.addSignatureToHTTPQueryString( httpQueryString, signatureAlgo, new X509CredentialImpl(context.getTenantDomain(), null)); } } if (loginPage.indexOf("?") > -1) { idpUrl = loginPage.concat("&").concat(httpQueryString.toString()); } else { idpUrl = loginPage.concat("?").concat(httpQueryString.toString()); } return idpUrl; }