Search in sources :

Example 6 with FSLogoutNotification

use of com.sun.identity.federation.message.FSLogoutNotification in project OpenAM by OpenRock.

the class FSSingleLogoutHandler method doHttpRedirect.

/**
     * Performs the logout notification in the case of HTTP Redirect profile.
     * @param entityId the remote provider to whom logout message needs to
     *  be sent
     * @return logout status
     */
private FSLogoutStatus doHttpRedirect(String entityId) {
    try {
        FSUtils.debug.message("In HTTP Redirect profile");
        isHttpRedirect = true;
        FSSessionManager sMgr = FSSessionManager.getInstance(metaAlias);
        if (ssoToken == null) {
            try {
                //this is HTTP based protocol, get from HTTP servlet request
                ssoToken = SessionManager.getProvider().getSession(request);
            } catch (SessionException ex) {
                FSUtils.debug.error("FSSLOHandler.doHttpRedirect: null ssoToken:", ex);
            }
        }
        FSSession session = sMgr.getSession(ssoToken);
        FSAccountFedInfo acctObj = null;
        if (session != null) {
            acctObj = session.getAccountFedInfo();
        }
        if (acctObj == null && session != null && !session.getOneTime()) {
            acctObj = FSLogoutUtil.getCurrentWorkingAccount(userID, entityId, metaAlias);
        }
        if (acctObj == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSingleLogoutHandler.doHttp" + "Redirect: Account might have been terminated.");
            }
            return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
        }
        FSLogoutNotification reqLogout = createSingleLogoutRequest(acctObj, sessionIndex);
        if (this.relayState != null) {
            reqLogout.setRelayState(this.relayState);
        }
        if (reqLogout == null) {
            FSUtils.debug.message("Logout Request is null");
            return new FSLogoutStatus(IFSConstants.SAML_REQUESTER);
        }
        reqLogout.setMinorVersion(getMinorVersion(remoteDescriptor));
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSingleLogoutHandler::doHttpRedirect " + remoteDescriptor.getSingleLogoutServiceURL() + "\nLogout request: " + reqLogout.toXMLString());
        }
        String urlEncodedRequest = reqLogout.toURLEncodedQueryString();
        // Sign the request querystring
        if (FSServiceUtils.isSigningOn()) {
            String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Retrieving self certalias  : " + certAlias);
            }
            if (certAlias == null || certAlias.length() == 0) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSingleLogoutHandler::" + " doHttpRedirect: couldn't obtain " + "this site's cert alias.");
                }
                return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
            }
            urlEncodedRequest = FSSignatureUtil.signAndReturnQueryString(urlEncodedRequest, certAlias);
        }
        StringBuffer redirectURL = new StringBuffer();
        String retURL = remoteDescriptor.getSingleLogoutServiceURL();
        FSUtils.debug.message("Encoded Redirect URL " + urlEncodedRequest);
        redirectURL.append(retURL);
        if (retURL.indexOf(QUESTION_MARK) == -1) {
            redirectURL.append(QUESTION_MARK);
        } else {
            redirectURL.append(AMPERSAND);
        }
        redirectURL.append(urlEncodedRequest);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSingleLogoutHandler::doHttpRedirect" + " URL is " + redirectURL.toString());
        }
        response.sendRedirect(redirectURL.toString());
        return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
    } catch (FSMsgException e) {
        FSUtils.debug.error("FSSingleLogoutHandler::" + " doHttpRedirect FSMsgException:", e);
    } catch (IOException e) {
        FSUtils.debug.error("FSSingleLogoutHandler::" + "doHttpRedirect IOException:", e);
    }
    return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
Also used : FSMsgException(com.sun.identity.federation.message.common.FSMsgException) FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo) FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) FSLogoutNotification(com.sun.identity.federation.message.FSLogoutNotification) IOException(java.io.IOException) FSSessionManager(com.sun.identity.federation.services.FSSessionManager)

Aggregations

FSLogoutNotification (com.sun.identity.federation.message.FSLogoutNotification)6 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)5 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)4 FSAccountFedInfo (com.sun.identity.federation.accountmgmt.FSAccountFedInfo)3 ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)3 SessionException (com.sun.identity.plugin.session.SessionException)3 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)2 FSLogoutResponse (com.sun.identity.federation.message.FSLogoutResponse)2 FederationSPAdapter (com.sun.identity.federation.plugins.FederationSPAdapter)2 FSSession (com.sun.identity.federation.services.FSSession)2 FSSessionManager (com.sun.identity.federation.services.FSSessionManager)2 NameIdentifier (com.sun.identity.saml.assertion.NameIdentifier)2 IOException (java.io.IOException)2 HashMap (java.util.HashMap)2 SOAPMessage (javax.xml.soap.SOAPMessage)2 Element (org.w3c.dom.Element)2 SystemConfigurationException (com.sun.identity.common.SystemConfigurationException)1 FSException (com.sun.identity.federation.common.FSException)1 FSAssertion (com.sun.identity.federation.message.FSAssertion)1 FSAuthnRequest (com.sun.identity.federation.message.FSAuthnRequest)1