in plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java [435:523]
public RedirectionResponse createSignInRequest(HttpServletRequest request, FedizContext config)
throws ProcessingException {
try {
if (!(config.getProtocol() instanceof SAMLProtocol)) {
LOG.error("Unsupported protocol");
throw new IllegalStateException("Unsupported protocol");
}
String redirectURL = null;
String issuerURL = resolveIssuer(request, config);
LOG.info("Issuer url: " + issuerURL);
if (issuerURL != null && !issuerURL.isEmpty()) {
redirectURL = issuerURL;
}
SAMLPRequestBuilder samlpRequestBuilder =
((SAMLProtocol)config.getProtocol()).getSAMLPRequestBuilder();
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
String reply = resolveReply(request, config);
if (reply == null || reply.isEmpty()) {
reply = request.getRequestURL().toString();
} else {
try {
new URL(reply);
} catch (MalformedURLException ex) {
if (reply.startsWith("/")) {
reply = extractFullContextPath(request).concat(reply.substring(1));
} else {
reply = extractFullContextPath(request).concat(reply);
}
}
}
String realm = resolveWTRealm(request, config);
AuthnRequest authnRequest =
samlpRequestBuilder.createAuthnRequest(realm, reply);
if (((SAMLProtocol)config.getProtocol()).isSignRequest()) {
authnRequest.setDestination(redirectURL);
}
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");
RequestState requestState = new RequestState();
requestState.setTargetAddress(reply);
requestState.setIdpServiceAddress(redirectURL);
requestState.setRequestId(authnRequest.getID());
requestState.setIssuerId(realm);
requestState.setWebAppContext(authnRequest.getIssuer().getValue());
requestState.setState(relayState);
requestState.setCreatedAt(System.currentTimeMillis());
String urlEncodedRequest =
URLEncoder.encode(authnRequestEncoded, "UTF-8");
String signInQuery = resolveSignInQuery(request, config);
StringBuilder sb = new StringBuilder(SAMLSSOConstants.SAML_REQUEST).append('=').append(urlEncodedRequest)
.append('&').append(SAMLSSOConstants.RELAY_STATE).append('=').append(relayState);
if (((SAMLProtocol)config.getProtocol()).isSignRequest()) {
String signature = signRequest(config, sb);
sb.append('&').append(SAMLSSOConstants.SIGNATURE).append('=').append(signature);
}
// add signin query extensions
if (signInQuery != null && signInQuery.length() > 0) {
sb.append('&').append(signInQuery);
}
RedirectionResponse response = new RedirectionResponse();
response.addHeader("Cache-Control", "no-cache, no-store");
response.addHeader("Pragma", "no-cache");
response.setRequestState(requestState);
response.setRedirectionURL(redirectURL + '?' + sb.toString());
return response;
} catch (Exception ex) {
LOG.error("Failed to create SignInRequest", ex);
throw new ProcessingException("Failed to create SignInRequest");
}
}