@Override protected String getPassiveIDP(HttpServletRequest request) { String paramName = request.getParameter(RETURN_ID_PARAM); //we have received the alias in our request //so we need to translate that into an entityID String idpAlias = request.getParameter(paramName==null?"idp":paramName); if ( idpAlias!=null ) { Set<String> idps = metadata.getIDPEntityNames(); for (String idp : idps) { try { ExtendedMetadata emd = metadata.getExtendedMetadata(idp); if (emd!=null && idpAlias.equals(emd.getAlias())) { return idp; } } catch (MetadataProviderException e) { String message = "Unable to read extended metadata for alias["+idpAlias+"] IDP["+idp+"]"; throw new UnableToFindSamlIDPException(message, e); } } } throw new UnableToFindSamlIDPException("Unable to locate IDP provider for alias:"+idpAlias); //return super.getPassiveIDP(request); }
@RequestMapping public ModelAndView idpSelection(HttpServletRequest request) { if (comesFromDiscoveryFilter(request)) { ModelAndView idpSelection = new ModelAndView("idpselection"); idpSelection.addObject(SAMLDiscovery.RETURN_URL, request.getAttribute(SAMLDiscovery.RETURN_URL)); idpSelection.addObject(SAMLDiscovery.RETURN_PARAM, request.getAttribute(SAMLDiscovery.RETURN_PARAM)); Map<String, String> idpNameAliasMap = metadataManager.getIDPEntityNames().stream() .collect(toMap(identity(), this::getAlias)); idpSelection.addObject("idpNameAliasMap", idpNameAliasMap); return idpSelection; } throw new AuthenticationServiceException("SP Discovery flow not detected"); }
@RequestMapping(value = "/saml/idp", method = RequestMethod.GET) public ResponseEntity<?> getIdp() { MetadataManager metadataManager = context.getBean(MetadataManager.class); if(metadataManager != null){ //IDP List 반환 Set<String> idps = metadataManager.getIDPEntityNames(); return ResponseEntity.ok(idps); } return ResponseEntity.noContent().build(); } }
@RequestMapping(value = "/discovery", method = RequestMethod.GET) public String idpSelection(HttpServletRequest request, Model model) { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (auth == null) LOG.debug("Current authentication instance from security context is null"); else LOG.debug("Current authentication instance from security context: " + this.getClass().getSimpleName()); if (auth == null || (auth instanceof AnonymousAuthenticationToken)) { Set<String> idps = metadata.getIDPEntityNames(); for (String idp : idps) LOG.info("Configured Identity Provider for SSO: " + idp); model.addAttribute("idps", idps); return "pages/discovery"; } else { LOG.warn("The current user is already logged."); return "redirect:/landing"; } }
/** * Returns entity ID of the IDP to be used by default. In case the defaultIDP property has been set * it is returned. Otherwise first available IDP in IDP list is used. * * @return entity ID of IDP to use * @throws MetadataProviderException in case IDP can't be determined */ public String getDefaultIDP() throws MetadataProviderException { try { lock.readLock().lock(); if (defaultIDP != null) { return defaultIDP; } else { Iterator<String> iterator = getIDPEntityNames().iterator(); if (iterator.hasNext()) { return iterator.next(); } else { throw new MetadataProviderException("No IDP was configured, please update included metadata with at least one IDP"); } } } finally { lock.readLock().unlock(); } }