Example 1 with FSLogoutResponse
use of com.sun.identity.federation.message.FSLogoutResponse in project OpenAM by OpenRock.
the class FSSOAPReceiver method onMessage.
/**
* Process the request.
* @param request http request object
* @param response http response object
* @param message received soap message
*/
public void onMessage(HttpServletRequest request, HttpServletResponse response, SOAPMessage message) {
FSUtils.debug.message("FSSOAPReceiver.onMessage: Called");
try {
Element elt = soapService.parseSOAPMessage(message);
if (elt == null) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing saml:Request. Invalid SOAPMessage");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
String eltTagName = (elt.getTagName().trim());
String ns = elt.getNamespaceURI().trim();
String nodeName = elt.getLocalName().trim();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver.onMessage: " + "tagName: " + eltTagName + " namespaceUri: " + ns + " localName: " + nodeName);
}
//check for saml:Request
if (nodeName.equalsIgnoreCase("Request") && ns.equalsIgnoreCase(IFSConstants.PROTOCOL_NAMESPACE_URI)) {
SOAPMessage retMessage = null;
try {
FSSAMLRequest samlRequest = new FSSAMLRequest(elt);
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager == null) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "could not create meta instance");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
String metaAlias = FSServiceUtils.getMetaAlias(request);
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
String hostedEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
IDPDescriptorType hostedDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
FSServiceManager sm = FSServiceManager.getInstance();
FSSSOBrowserArtifactProfileHandler handler = (FSSSOBrowserArtifactProfileHandler) sm.getBrowserArtifactSSOAndFedHandler(request, response, samlRequest);
handler.setSOAPMessage(message);
handler.setSAMLRequestElement(elt);
handler.setHostedEntityId(hostedEntityId);
handler.setHostedDescriptor(hostedDesc);
handler.setHostedDescriptorConfig(hostedConfig);
handler.setMetaAlias(metaAlias);
handler.setRealm(realm);
FSResponse samlResponse = handler.processSAMLRequest(samlRequest);
if (samlResponse != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver.onMessage: " + "SAML Response created: " + samlResponse.toXMLString());
}
} else {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "SAML Response is null");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
// introduce id attribute for Assertion bind in
// SOAPEnvelope and sign
retMessage = soapService.bind(((FSResponse) samlResponse).toXMLString(true, true));
if (FSServiceUtils.isSigningOn()) {
List assList = samlResponse.getAssertion();
Iterator iter = assList.iterator();
while (iter.hasNext()) {
FSAssertion assertion = (FSAssertion) iter.next();
String id = assertion.getID();
Document doc = (Document) FSServiceUtils.createSOAPDOM(retMessage);
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("SOAPReceiver.onMessage: couldn't " + "obtain this site's cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString("cannotFindCertAlias"));
}
XMLSignatureManager manager = XMLSignatureManager.getInstance();
int minorVersion = assertion.getMinorVersion();
if (minorVersion == IFSConstants.FF_11_ASSERTION_MINOR_VERSION) {
manager.signXML(doc, certAlias, SystemConfigurationUtil.getProperty(SAMLConstants.XMLSIG_ALGORITHM), IFSConstants.ID, id, false);
} else if (minorVersion == IFSConstants.FF_12_POST_ASSERTION_MINOR_VERSION || minorVersion == IFSConstants.FF_12_ART_ASSERTION_MINOR_VERSION) {
manager.signXML(doc, certAlias, SystemConfigurationUtil.getProperty(SAMLConstants.XMLSIG_ALGORITHM), IFSConstants.ASSERTION_ID, assertion.getAssertionID(), false);
} else {
FSUtils.debug.error("invalid minor version.");
}
retMessage = FSServiceUtils.convertDOMToSOAP(doc);
}
}
if (retMessage == null) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing saml:Request");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
} catch (SAMLException se) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing saml:Request:", se);
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
} catch (IDFFMetaException me) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing saml:Request:", me);
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
returnSOAPMessage(retMessage, response);
return;
}
if (nodeName.equalsIgnoreCase("AuthnRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
SOAPMessage retMessage = null;
try {
FSAuthnRequest authnRequest = new FSAuthnRequest(elt);
handleLECPRequest(request, response, authnRequest);
retMessage = null;
} catch (FSException e) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing lecp AuthnRequest:", e);
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
returnSOAPMessage(retMessage, response);
return;
} else if (nodeName.equalsIgnoreCase("RegisterNameIdentifierRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
SOAPMessage retMessage = null;
boolean isError = false;
String providerAlias = null;
ProviderDescriptorType hostedProviderDesc = null;
BaseConfigType hostedConfig = null;
String realm = null;
String hostedEntityId = null;
String hostedRole = null;
try {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver.onMessage: " + "Handling NameRegistrationRequest");
}
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
if (metaManager == null) {
FSUtils.debug.message("Unable to get meta manager");
isError = true;
} else {
providerAlias = FSServiceUtils.getMetaAlias(request);
if (providerAlias == null || providerAlias.length() < 1) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to retrieve alias" + "Hosted Provider. Cannot process request");
}
isError = true;
}
realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
try {
hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedRole != null && hostedRole.equals(IFSConstants.IDP)) {
hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
} else if (hostedRole != null && hostedRole.equals(IFSConstants.SP)) {
hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
}
if (hostedProviderDesc == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException eam) {
FSUtils.debug.error("Unable to find Hosted Provider. " + "Cannot process request");
isError = true;
}
}
if (isError || hostedProviderDesc == null) {
returnSOAPMessage(retMessage, response);
return;
} else {
FSNameRegistrationResponse regisResponse = handleRegistrationRequest(elt, message, hostedProviderDesc, hostedConfig, hostedRole, realm, hostedEntityId, providerAlias, request, response);
if (regisResponse == null) {
FSUtils.debug.error("Error in creating NameRegistration Response");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
retMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver.onMessage: " + "Completed creating response");
}
retMessage = soapService.bind(regisResponse.toXMLString(true, true));
FSUtils.debug.message("Completed bind message");
if (retMessage == null) {
FSUtils.debug.error("Error in processing NameRegistration " + "Response");
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
retMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
} else {
if (FSServiceUtils.isSigningOn()) {
try {
int minorVersion = regisResponse.getMinorVersion();
if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
retMessage = signResponse(retMessage, IFSConstants.ID, regisResponse.getID(), hostedConfig);
} else if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
retMessage = signResponse(retMessage, IFSConstants.RESPONSE_ID, regisResponse.getResponseID(), hostedConfig);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("invalid minor version.");
}
}
} catch (SAMLException e) {
FSUtils.debug.error("FSNameRegistrationHandler:" + "sign soap Response failed", e);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
} catch (FSMsgException e) {
FSUtils.debug.error("FSNameRegistrationHandler::" + "signRegistrationResponse failed", e);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
}
}
}
}
if (FSUtils.debug.messageEnabled()) {
ByteArrayOutputStream bop = null;
String xmlString = null;
bop = new ByteArrayOutputStream();
retMessage.writeTo(bop);
xmlString = bop.toString(IFSConstants.DEFAULT_ENCODING);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("return SOAP message:" + xmlString);
}
}
returnSOAPMessage(retMessage, response);
return;
} catch (Exception se) {
FSUtils.debug.error("Error in processing Name Registration request" + se.getMessage());
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
retMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
returnSOAPMessage(retMessage, response);
}
} else if (nodeName.equalsIgnoreCase("NameIdentifierMappingRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
FSUtils.debug.message("FSSOAPReceiver:handling Name Identifier Mapping Request");
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
String metaAlias = FSServiceUtils.getMetaAlias(request);
String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
String hostedEntityId = metaManager.getEntityIDByMetaAlias(metaAlias);
ProviderDescriptorType hostedDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
FSNameIdentifierMappingRequest mappingRequest = new FSNameIdentifierMappingRequest(elt);
if (FSServiceUtils.isSigningOn()) {
String remoteEntityId = mappingRequest.getProviderID();
ProviderDescriptorType remoteDesc = getRemoteProviderDescriptor(// it has to be idp
IFSConstants.IDP, remoteEntityId, realm);
if (remoteDesc == null) {
return;
}
if (verifyRequestSignature(elt, message, KeyUtil.getVerificationCert(remoteDesc, remoteEntityId, true))) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver: Success in verifying " + "Name Identifier Mapping Request");
}
} else {
FSUtils.debug.error("Failed verifying Name Identifier Mapping Request");
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
}
String targetNamespace = mappingRequest.getTargetNamespace();
String inResponseTo = mappingRequest.getRequestID();
Status status = new Status(new StatusCode("samlp:Success"));
FSNameMappingHandler idpHandler = new FSNameMappingHandler(hostedEntityId, hostedDesc, hostedConfig, metaAlias);
NameIdentifier nameIdentifier = idpHandler.getNameIdentifier(mappingRequest, targetNamespace, false);
String enableEncryption = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.ENABLE_NAMEID_ENCRYPTION);
if (enableEncryption != null && enableEncryption.equalsIgnoreCase("true")) {
nameIdentifier = EncryptedNameIdentifier.getEncryptedNameIdentifier(nameIdentifier, realm, targetNamespace);
}
FSNameIdentifierMappingResponse mappingResponse = new FSNameIdentifierMappingResponse(hostedEntityId, inResponseTo, status, nameIdentifier);
if (FSServiceUtils.isSigningOn()) {
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
mappingResponse.signXML(certAlias);
}
SOAPMessage retMessage = soapService.bind(mappingResponse.toXMLString(true, true));
returnSOAPMessage(retMessage, response);
return;
} else if (nodeName.equalsIgnoreCase("FederationTerminationNotification") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
try {
FSUtils.debug.message("calling FSSOAPReceiver::handleTerminationRequest");
boolean bHandleStatus = handleTerminationRequest(elt, message, request, response);
if (bHandleStatus) {
FSUtils.debug.message("Completed processing terminationRequest");
returnTerminationStatus(response);
return;
} else {
FSUtils.debug.message("Failed processing terminationRequest");
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
} catch (Exception se) {
FSUtils.debug.error("Error in processing Federation Termination Request", se);
String[] data = { IFSConstants.TERMINATION_REQUEST_PROCESSING_FAILED };
LogUtil.error(Level.INFO, LogUtil.TERMINATION_REQUEST_PROCESSING_FAILED, data);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
} else if (nodeName.equalsIgnoreCase("LogoutRequest") && (ns.equalsIgnoreCase(IFSConstants.libertyMessageNamespaceURI) || ns.equalsIgnoreCase(IFSConstants.FF_12_XML_NS))) {
try {
FSUtils.debug.message("calling FSSOAPReceiver::handleLogoutRequest");
ProviderDescriptorType hostedProviderDesc = null;
BaseConfigType hostedConfig = null;
String providerAlias = null;
String realm = null;
String hostedEntityId = null;
String hostedRole = null;
try {
providerAlias = FSServiceUtils.getMetaAlias(request);
realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedRole != null) {
if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
} else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
}
}
} catch (Exception e) {
FSUtils.debug.error("FSSOAPReceiver, provider", e);
}
FSLogoutNotification logoutRequest = new FSLogoutNotification(elt);
Map map = handleLogoutRequest(elt, logoutRequest, message, request, response, hostedProviderDesc, hostedConfig, providerAlias, realm, hostedEntityId, hostedRole);
String responseID = SAMLUtils.generateID();
String inResponseTo = logoutRequest.getRequestID();
String relayState = logoutRequest.getRelayState();
FSLogoutResponse resp = null;
boolean statusSuccess = false;
SOAPMessage retSoapMessage = null;
if (map == null) {
StatusCode statusCode = new StatusCode(IFSConstants.SAML_RESPONDER);
Status status = new Status(statusCode);
resp = new FSLogoutResponse(responseID, inResponseTo, status, hostedEntityId, relayState);
} else {
retSoapMessage = (SOAPMessage) map.get(MESSAGE);
SOAPPart sp = retSoapMessage.getSOAPPart();
SOAPEnvelope se = sp.getEnvelope();
SOAPBody sb = se.getBody();
if (sb.hasFault()) {
StatusCode secondLevelstatusCode = new StatusCode(IFSConstants.SAML_UNSUPPORTED);
StatusCode statusCode = new StatusCode(IFSConstants.SAML_RESPONDER, secondLevelstatusCode);
Status status = new Status(statusCode);
resp = new FSLogoutResponse(responseID, inResponseTo, status, hostedEntityId, relayState);
} else {
StatusCode statusCode = new StatusCode(IFSConstants.SAML_SUCCESS);
Status status = new Status(statusCode);
resp = new FSLogoutResponse(responseID, inResponseTo, status, hostedEntityId, relayState);
statusSuccess = true;
}
}
resp.setID(IFSConstants.LOGOUTID);
resp.setMinorVersion(logoutRequest.getMinorVersion());
retSoapMessage = soapService.bind(resp.toXMLString(true, true));
// Call SP Adapter postSingleLogoutSuccess for IDP/SOAP
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP) && statusSuccess) {
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPReceiver, " + "call postSingleLogoutSuccess, IDP/SOAP");
}
try {
spAdapter.postSingleLogoutSuccess(hostedEntityId, request, response, (String) map.get(USERID), logoutRequest, resp, IFSConstants.LOGOUT_IDP_SOAP_PROFILE);
} catch (Exception e) {
// ignore adapter exception
FSUtils.debug.error("postSingleLogoutSuccess." + "IDP/SOAP", e);
}
}
}
if (FSServiceUtils.isSigningOn()) {
try {
int minorVersion = resp.getMinorVersion();
if (minorVersion == IFSConstants.FF_11_PROTOCOL_MINOR_VERSION) {
retSoapMessage = signResponse(retSoapMessage, IFSConstants.ID, resp.getID(), hostedConfig);
} else if (minorVersion == IFSConstants.FF_12_PROTOCOL_MINOR_VERSION) {
retSoapMessage = signResponse(retSoapMessage, IFSConstants.RESPONSE_ID, resp.getResponseID(), hostedConfig);
} else {
FSUtils.debug.error("invalid minor version.");
}
} catch (SAMLException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LogoutResponse failed", e);
}
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
} catch (FSMsgException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("LogoutResponse failed", e);
}
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Logout exception:", e);
}
}
}
returnSOAPMessage(retSoapMessage, response);
return;
} catch (Exception se) {
FSUtils.debug.error("Error in processing logout Request", se);
String[] data = { FSUtils.bundle.getString(IFSConstants.LOGOUT_REQUEST_PROCESSING_FAILED) };
LogUtil.error(Level.INFO, LogUtil.LOGOUT_REQUEST_PROCESSING_FAILED, data);
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
}
//check for other Liberty msgs should go here
} catch (Exception e) {
FSUtils.debug.error("FSSOAPReceiver.onMessage: " + "Error in processing Request: Exception occured: ", e);
response.setStatus(response.SC_INTERNAL_SERVER_ERROR);
java.io.ByteArrayOutputStream strm = new java.io.ByteArrayOutputStream();
e.printStackTrace(new java.io.PrintStream(strm));
FSUtils.debug.error(strm.toString());
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
returnSOAPMessage(soapService.formSOAPError("Server", "cannotProcessRequest", null), response);
return;
}
Also used :
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
NameIdentifier(com.sun.identity.saml.assertion.NameIdentifier)
EncryptedNameIdentifier(com.sun.identity.federation.message.common.EncryptedNameIdentifier)
Element(org.w3c.dom.Element)
FSAuthnRequest(com.sun.identity.federation.message.FSAuthnRequest)
FSLogoutNotification(com.sun.identity.federation.message.FSLogoutNotification)
SOAPEnvelope(javax.xml.soap.SOAPEnvelope)
Document(org.w3c.dom.Document)
SOAPMessage(javax.xml.soap.SOAPMessage)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSAssertion(com.sun.identity.federation.message.FSAssertion)
Iterator(java.util.Iterator)
FSException(com.sun.identity.federation.common.FSException)
SOAPPart(javax.xml.soap.SOAPPart)
List(java.util.List)
FSSAMLRequest(com.sun.identity.federation.message.FSSAMLRequest)
FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)
FSLogoutStatus(com.sun.identity.federation.services.logout.FSLogoutStatus)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
XMLSignatureManager(com.sun.identity.saml.xmlsig.XMLSignatureManager)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
FSNameIdentifierMappingResponse(com.sun.identity.federation.message.FSNameIdentifierMappingResponse)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
SOAPException(javax.xml.soap.SOAPException)
SystemConfigurationException(com.sun.identity.common.SystemConfigurationException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSException(com.sun.identity.federation.common.FSException)
IDPDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.IDPDescriptorType)
SOAPBody(javax.xml.soap.SOAPBody)
FSSSOBrowserArtifactProfileHandler(com.sun.identity.federation.services.fednsso.FSSSOBrowserArtifactProfileHandler)
FSNameMappingHandler(com.sun.identity.federation.services.namemapping.FSNameMappingHandler)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
FSResponse(com.sun.identity.federation.message.FSResponse)
FSNameRegistrationResponse(com.sun.identity.federation.message.FSNameRegistrationResponse)
FSNameIdentifierMappingRequest(com.sun.identity.federation.message.FSNameIdentifierMappingRequest)
Map(java.util.Map)
HashMap(java.util.HashMap)
Example 2 with FSLogoutResponse
use of com.sun.identity.federation.message.FSLogoutResponse in project OpenAM by OpenRock.
the class FSReturnLogoutServlet method doGetPost.
/**
* Processes logout response.
* @param request an <code>HttpServletRequest</code> object that contains
* the request the client has made of the servlet.
* @param response an <code>HttpServletResponse</code> object that contains
* the response the servlet sends to the client.
* @exception ServletException if an input or output error is detected when
* the servlet handles the request
* @exception IOException if the request could not be handled
*/
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
FSUtils.debug.message("FSReturnLogoutServlet doGetPost...");
// Alias processing
String providerAlias = request.getParameter(IFSConstants.META_ALIAS);
if (providerAlias == null || providerAlias.length() < 1) {
providerAlias = FSServiceUtils.getMetaAlias(request);
}
if (providerAlias == null || providerAlias.length() < 1) {
FSUtils.debug.message("Unable to retrieve alias, Hosted" + " Provider. Cannot process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("aliasNotFound"));
return;
}
Object ssoToken = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
if ((ssoToken == null) || (!sessionProvider.isValid(ssoToken))) {
FSUtils.debug.message("FSReturnLogoutRequest: Unable to get principal");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullSSOToken"));
return;
}
univId = sessionProvider.getPrincipalName(ssoToken);
} catch (SessionException ssoExp) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSReturnLogoutRequest: Unable to get principal", ssoExp);
}
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullSSOToken"));
return;
}
if (metaManager == null) {
FSUtils.debug.error("Failed to get meta manager");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FEDERATION_FAILED_META_INSTANCE));
return;
}
String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
String hostedRole = null;
String hostedEntityId = null;
BaseConfigType hostedConfig = null;
try {
hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedRole != null) {
if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
} else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
}
}
if (hostedConfig == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException e) {
FSUtils.debug.error("Failed to get Hosted Provider");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
return;
}
setLogoutURL(request, hostedConfig, providerAlias);
// Here we will need to
// 1. verify response signature
// 2. verify response status
// 3. retrieve registration request Id from Map
// 4. if status success then do locally else not do locally and
// 5. show status page or LRURL if found in MAP (eg intersiteTransfer)
FSLogoutResponse logoutResponse = null;
try {
logoutResponse = FSLogoutResponse.parseURLEncodedRequest(request);
} catch (FSMsgException e) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
} catch (SAMLException e) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
}
String remoteEntityId = logoutResponse.getProviderId();
ProviderDescriptorType remoteDesc = null;
boolean isRemoteIDP = false;
try {
if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
} else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
isRemoteIDP = true;
}
} catch (IDFFMetaException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSLogoutReturnServlet.doGetPost:", e);
}
}
if (remoteDesc == null) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
}
boolean bVerify = true;
if (FSServiceUtils.isSigningOn()) {
try {
bVerify = verifyResponseSignature(request, remoteDesc, remoteEntityId, isRemoteIDP);
} catch (SAMLException e) {
bVerify = false;
} catch (FSException e) {
bVerify = false;
}
}
Status status = logoutResponse.getStatus();
String logoutStatus = status.getStatusCode().getValue();
// remove session partner in case of logout success or this is IDP
if (logoutStatus.equalsIgnoreCase(IFSConstants.SAML_SUCCESS) || !isRemoteIDP) {
FSLogoutUtil.removeCurrentSessionPartner(providerAlias, remoteEntityId, ssoToken, univId);
}
if (bVerify) {
// in ReturnSessionManager only if it is failure
if (!logoutStatus.equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
FSReturnSessionManager localManager = FSReturnSessionManager.getInstance(providerAlias);
if (localManager != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("update status of logout to failure " + " in session manager");
}
localManager.setLogoutStatus(logoutStatus, univId);
} else {
FSUtils.debug.message("Cannot get FSReturnSessionManager");
}
FSUtils.debug.error("FSReturnLogoutServlet, failed logout response " + logoutStatus);
String[] data = { univId };
LogUtil.error(Level.INFO, LogUtil.LOGOUT_FAILED, data, ssoToken);
FSLogoutUtil.sendErrorPage(request, response, providerAlias);
return;
}
} else {
FSUtils.debug.error("FSReturnLogoutServlet " + "Signature on logout response is invalid" + "Cannot proceed logout");
String[] data = { univId };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data, ssoToken);
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
}
StringBuffer processLogout = new StringBuffer();
request.setAttribute("logoutSource", "remote");
processLogout.append(IFSConstants.SLO_VALUE).append("/").append(IFSConstants.META_ALIAS).append(providerAlias);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("About to get RequestDispatcher for " + processLogout.toString());
}
RequestDispatcher dispatcher = getServletConfig().getServletContext().getRequestDispatcher(processLogout.toString());
if (dispatcher == null) {
FSUtils.debug.message("RequestDispatcher is null");
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to find " + processLogout + "\ncalling sendErrorPage ");
}
FSLogoutUtil.sendErrorPage(request, response, providerAlias);
return;
}
dispatcher.forward(request, response);
return;
}
Also used :
Status(com.sun.identity.saml.protocol.Status)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
SessionException(com.sun.identity.plugin.session.SessionException)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
SAMLException(com.sun.identity.saml.common.SAMLException)
RequestDispatcher(javax.servlet.RequestDispatcher)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSException(com.sun.identity.federation.common.FSException)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 3 with FSLogoutResponse
use of com.sun.identity.federation.message.FSLogoutResponse in project OpenAM by OpenRock.
the class FSPreLogoutHandler method handleSingleLogout.
/**
* Initiates logout at this provider when the user has clicked on the
* logout option.
* @param request <code>HttPServletRequest</code> object from the user agent
* @param response <code>HttPServletRsponse</code> to be sent back to the
* user agent
* @param ssoToken used to identify the principal who wants to logout
* @param sourceCheck where the logout coming from
* @return <code>true</code> if the logout is successful; <code>false</code>
* otherwise.
*/
public FSLogoutStatus handleSingleLogout(HttpServletRequest request, HttpServletResponse response, Object ssoToken, String sourceCheck) {
this.request = request;
setLogoutURL();
FSUtils.debug.message("Entered FSPreLogoutHandler::handleSingleLogout");
try {
this.response = response;
this.ssoToken = ssoToken;
this.userID = SessionManager.getProvider().getPrincipalName(ssoToken);
String acceptString = request.getHeader("Accept");
if ((acceptString != null) && (acceptString.indexOf("text/vnd.wap.wml") != -1)) {
isWMLAgent = true;
}
FSSessionManager sMgr = FSSessionManager.getInstance(metaAlias);
FSSession session = sMgr.getSession(ssoToken);
String sessionIndex = null;
List partners = null;
if (session != null) {
sessionIndex = session.getSessionIndex();
partners = session.getSessionPartners();
}
if (FSUtils.debug.messageEnabled()) {
if (partners != null && partners.size() != 0) {
Iterator iter = partners.iterator();
while (iter.hasNext()) {
FSSessionPartner partner = (FSSessionPartner) iter.next();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("PARTNER:" + partner.getPartner());
}
}
}
}
if (FSLogoutUtil.liveConnectionsExist(userID, metaAlias)) {
HashMap providerMap = FSLogoutUtil.getCurrentProvider(userID, metaAlias, ssoToken);
if (providerMap != null) {
FSSessionPartner currentSessionProvider = (FSSessionPartner) providerMap.get(IFSConstants.PARTNER_SESSION);
sessionIndex = (String) providerMap.get(IFSConstants.SESSION_INDEX);
if (currentSessionProvider != null) {
// this is IDP initiated based single logout
// HTTP or SOAP is based on metadata
FSUtils.debug.message("creating IDP handler");
FSSingleLogoutHandler handlerObj = new FSSingleLogoutHandler();
handlerObj.setHostedDescriptor(hostedDescriptor);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setRealm(realm);
handlerObj.setHostedEntityId(hostedEntityId);
handlerObj.setHostedProviderRole(hostedRole);
handlerObj.setMetaAlias(metaAlias);
handlerObj.setRelayState(relayState);
return handlerObj.handleSingleLogout(response, request, currentSessionProvider, userID, sessionIndex, isWMLAgent, ssoToken);
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("No more providers, nothing to broadcast " + "\ndestroy user session call destroyPrincipalSession");
}
FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, sessionIndex, request, response);
// control could come here when local login has happened
// In this FSSessionmap will not have anything and so we destroy
// the session based on ssoToken
FSLogoutUtil.destroyLocalSession(ssoToken, request, response);
returnToPostLogout(IFSConstants.SAML_SUCCESS);
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("No live connections, destroy user" + " session call destroyPrincipalSession. source=" + sourceCheck);
}
FSLogoutResponse logoutResponse = null;
FederationSPAdapter spAdapter = null;
// Call SP Adapter preSingleLogoutProcess for SP/HTTP
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP) && sourceCheck.equals("remote")) {
spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPreLogoutHandler, " + "call preSingleLogoutProcess, SP/HTTP");
}
try {
logoutResponse = FSLogoutResponse.parseURLEncodedRequest(request);
relayState = logoutResponse.getRelayState();
// unabled to access logoutRequest here
spAdapter.preSingleLogoutProcess(hostedEntityId, request, response, userID, null, logoutResponse, IFSConstants.LOGOUT_SP_REDIRECT_PROFILE);
} catch (Exception e) {
// ignore adapter error
FSUtils.debug.error("preSingleLogoutProcess.SP/HTTP", e);
}
}
}
FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, sessionIndex, request, response);
// the session based on ssoToken
if (SessionManager.getProvider().isValid(ssoToken)) {
FSLogoutUtil.destroyLocalSession(ssoToken, request, response);
}
// Call SP Adapter postSingleLogoutProcess for SP/HTTP
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP) && sourceCheck.equals("remote")) {
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPreLogoutHandler, " + "call postSingleLogoutProcess, SP/HTTP");
}
try {
spAdapter.postSingleLogoutSuccess(hostedEntityId, request, response, userID, null, logoutResponse, IFSConstants.LOGOUT_SP_REDIRECT_PROFILE);
} catch (Exception e) {
// ignore adapter exception
FSUtils.debug.error("postSingleLogoutSuccess.SP/HTTP:", e);
}
}
}
returnToPostLogout(IFSConstants.SAML_SUCCESS);
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
}
} catch (SessionException e) {
FSUtils.debug.error("SessionException in liveConnectionsExist" + " So destroy self and exit");
FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, null, request, response);
// cannot call FSLogoutUtil.destroyLocalSession(ssoToken)
// since session exception has occurred
returnToPostLogout(IFSConstants.SAML_SUCCESS);
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
}
}
Also used :
HashMap(java.util.HashMap)
FSSession(com.sun.identity.federation.services.FSSession)
SessionException(com.sun.identity.plugin.session.SessionException)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
IOException(java.io.IOException)
FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner)
Iterator(java.util.Iterator)
List(java.util.List)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)
Example 4 with FSLogoutResponse
use of com.sun.identity.federation.message.FSLogoutResponse in project OpenAM by OpenRock.
the class FSSingleLogoutHandler method doSoapProfile.
/**
* Initiates SOAP proifle logout.
* @param providerId the first provider with SOAP as logout profile
*/
private FSLogoutStatus doSoapProfile(String providerId) {
FSUtils.debug.message("Entered IDP's doSoapProfile");
try {
FSSessionManager sMgr = FSSessionManager.getInstance(metaAlias);
FSSession session = sMgr.getSession(ssoToken);
FSAccountFedInfo currentAccount = null;
if (session != null) {
currentAccount = session.getAccountFedInfo();
}
if (currentAccount == null && !session.getOneTime()) {
currentAccount = FSLogoutUtil.getCurrentWorkingAccount(userID, providerId, metaAlias);
}
if (currentAccount == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler. User's " + "account may have been terminated.");
}
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
}
FSLogoutNotification reqLogout = createSingleLogoutRequest(currentAccount, sessionIndex);
reqLogout.setMinorVersion(getMinorVersion(remoteDescriptor));
if (reqLogout != null) {
FSSOAPService instSOAP = FSSOAPService.getInstance();
if (instSOAP != null) {
FSUtils.debug.message("Signing suceeded. To call bindLogoutRequest");
reqLogout.setID(IFSConstants.LOGOUTID);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("logout request before sign: " + reqLogout.toXMLString(true, true));
}
SOAPMessage msgLogout = instSOAP.bind(reqLogout.toXMLString(true, true));
if (msgLogout != null) {
SOAPMessage retSOAPMessage = null;
try {
if (FSServiceUtils.isSigningOn()) {
int minorVersion = reqLogout.getMinorVersion();
switch(minorVersion) {
case IFSConstants.FF_11_PROTOCOL_MINOR_VERSION:
msgLogout = signLogoutRequest(msgLogout, IFSConstants.ID, reqLogout.getID());
break;
case IFSConstants.FF_12_PROTOCOL_MINOR_VERSION:
msgLogout = signLogoutRequest(msgLogout, IFSConstants.REQUEST_ID, reqLogout.getRequestID());
break;
default:
FSUtils.debug.message("invalid minor version.");
break;
}
}
retSOAPMessage = instSOAP.sendMessage(msgLogout, remoteDescriptor.getSoapEndpoint());
} catch (Exception e) {
FSUtils.debug.error("FSSOAPException in doSOAPProfile" + " Cannot send request", e);
return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
if (retSOAPMessage != null) {
Element elt = instSOAP.parseSOAPMessage(retSOAPMessage);
if (FSServiceUtils.isSigningOn()) {
if (!verifyResponseSignature(retSOAPMessage)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Response " + "signature verification failed");
}
FSServiceUtils.returnLocallyAfterOperation(response, LOGOUT_DONE_URL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
return new FSLogoutStatus(IFSConstants.SAML_REQUESTER);
}
}
this.requestLogout = reqLogout;
respObj = new FSLogoutResponse(elt);
// Call SP Adapter preSingleLogout for SP/SOAP
if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSLOHandler." + "preSingleLogoutProcess, SP/SOAP");
}
try {
spAdapter.preSingleLogoutProcess(hostedEntityId, request, response, userID, reqLogout, respObj, IFSConstants.LOGOUT_SP_SOAP_PROFILE);
} catch (Exception e) {
// ignore adapter error
FSUtils.debug.error("spAdapter." + "preSingleLogoutProcess, SP/SOAP:", e);
}
}
}
Status status = respObj.getStatus();
StatusCode statusCode = status.getStatusCode();
StatusCode secondLevelStatus = statusCode.getStatusCode();
String statusString = statusCode.getValue();
if (statusString.equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler: " + " doSoapProfile returning success");
}
return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler: " + "SOAP Profile failure " + statusString);
}
return new FSLogoutStatus(statusString);
}
}
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to bindLogoutRequest." + "Current Provider cannot be processed");
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to create logout request" + " Current Provider cannot be processed");
}
}
} catch (Exception e) {
FSUtils.debug.error("In IOException of doSOAPProfile : ", e);
}
return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
Also used :
Status(com.sun.identity.saml.protocol.Status)
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
Element(org.w3c.dom.Element)
FSSession(com.sun.identity.federation.services.FSSession)
FSLogoutNotification(com.sun.identity.federation.message.FSLogoutNotification)
FSSOAPService(com.sun.identity.federation.services.FSSOAPService)
SOAPMessage(javax.xml.soap.SOAPMessage)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
StatusCode(com.sun.identity.saml.protocol.StatusCode)
ServletException(javax.servlet.ServletException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
IOException(java.io.IOException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)
Example 5 with FSLogoutResponse
use of com.sun.identity.federation.message.FSLogoutResponse in project OpenAM by OpenRock.
the class SingleLogoutManager method sendLogoutResponse.
/**
* Sends logout response, this is for the case of HTTP binding
* There are two cases here:
* 1. IDP initiated HTTP Logout, just redirect user browser to original
* relaystate.
* 2. SP initiated HTTP logout, need to send LogoutResponse back to SP.
*/
void sendLogoutResponse(HttpServletRequest request, HttpServletResponse response, String relayState) throws IOException {
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutResponse: relaystate=" + relayState);
}
String logoutResponseXML = (String) sloResponseXMLMap.get(relayState);
if (logoutResponseXML == null) {
// first case, just redirect to original relayState
String origRelayState = (String) relayStateMap.get(relayState);
int logoutStatus = ((Integer) currentStatusMap.get(relayState)).intValue();
String statusString = MultiProtocolUtils.getLogoutStatus(logoutStatus);
if ((origRelayState == null) || (origRelayState.length() == 0)) {
// TODO : get default single logout URL for each protocol
response.getWriter().print("Logout DONE. Status = " + statusString);
} else {
// include logout status
if (origRelayState.indexOf("?") == -1) {
response.sendRedirect(origRelayState + "?" + SingleLogoutManager.STATUS_PARAM + "=" + statusString);
} else {
response.sendRedirect(origRelayState + "&" + SingleLogoutManager.STATUS_PARAM + "=" + statusString);
}
}
} else {
String protocol = (String) origProtocolMap.get(relayState);
String spEntityID = (String) spEntityIDMap.get(relayState);
String origRelayState = (String) relayStateMap.get(relayState);
String realm = (String) realmMap.get(relayState);
String idpEntityID = (String) idpEntityIDMap.get(relayState);
int currentStatus = ((Integer) currentStatusMap.get(relayState)).intValue();
if (protocol.equals(SingleLogoutManager.SAML2)) {
try {
LogoutResponse logResp = ProtocolFactory.getInstance().createLogoutResponse(logoutResponseXML);
String location = logResp.getDestination();
String statusVal = logResp.getStatus().getStatusCode().getValue();
String newVal = getNewStatusCode(currentStatus, statusVal);
if (!statusVal.equals(newVal)) {
logResp.getStatus().getStatusCode().setValue(statusVal);
}
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "(SAML2) location=" + location + " orig status=" + statusVal + ", new status=" + newVal + ", orig relay=" + origRelayState + ", realm=" + realm + ", idpEntityID=" + idpEntityID + ", spEntityID=" + spEntityID);
}
LogoutUtil.sendSLOResponse(response, logResp, location, origRelayState, realm, idpEntityID, SAML2Constants.IDP_ROLE, spEntityID);
} catch (SAML2Exception ex) {
debug.error("SingleLogoutManager.sendLogoutResponse:saml2", ex);
throw new IOException(ex.getMessage());
}
} else if (protocol.equals(SingleLogoutManager.IDFF)) {
boolean failed = false;
String logoutDoneURL = null;
try {
debug.message("SingleLogoutManager.sendLogoutResp: IDFF");
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
ProviderDescriptorType descriptor = metaManager.getSPDescriptor(realm, spEntityID);
String retURL = descriptor.getSingleLogoutServiceReturnURL();
Element elem = XMLUtils.toDOMDocument(logoutResponseXML, SingleLogoutManager.debug).getDocumentElement();
FSLogoutResponse responseLogout = new FSLogoutResponse(elem);
BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, idpEntityID);
logoutDoneURL = FSServiceUtils.getLogoutDonePageURL(request, hostedConfig, null);
Status status = responseLogout.getStatus();
String statusVal = status.getStatusCode().getValue();
String newVal = getNewStatusCode(currentStatus, statusVal);
if (!statusVal.equals(newVal)) {
com.sun.identity.saml.protocol.StatusCode statCode = new com.sun.identity.saml.protocol.StatusCode(newVal);
com.sun.identity.saml.protocol.Status stat = new com.sun.identity.saml.protocol.Status(statCode);
responseLogout.setStatus(stat);
}
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "(IDFF) orig status=" + statusVal + ", new status=" + newVal + ", orig relay=" + origRelayState + ", logout done URL=" + logoutDoneURL + ", realm=" + realm + ", idpEntityID=" + idpEntityID + ", spEntityID=" + spEntityID);
}
String urlEncodedResponse = responseLogout.toURLEncodedQueryString();
// Sign the request querystring
if (FSServiceUtils.isSigningOn()) {
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null || certAlias.length() == 0) {
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendLogoutRes:" + "signSAMLRequest couldn't obtain cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
} else {
urlEncodedResponse = FSSignatureUtil.signAndReturnQueryString(urlEncodedResponse, certAlias);
}
}
StringBuffer redirectURL = new StringBuffer();
redirectURL.append(retURL);
if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
redirectURL.append(IFSConstants.QUESTION_MARK);
} else {
redirectURL.append(IFSConstants.AMPERSAND);
}
redirectURL.append(urlEncodedResponse);
if (debug.messageEnabled()) {
debug.message("SingleLogoutManager.sendResponse " + "for IDFF, url = " + redirectURL.toString());
}
response.sendRedirect(redirectURL.toString());
} catch (FSMsgException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
} catch (SAMLException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
;
} catch (IDFFMetaException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
} catch (IOException ex) {
debug.error("SingleLogoutManager.sendLogoutRes", ex);
failed = true;
}
if (failed) {
FSServiceUtils.returnLocallyAfterOperation(response, logoutDoneURL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
}
} else if (protocol.equals(SingleLogoutManager.WS_FED)) {
debug.message("SingleLogoutManager.sendLogoutResponse: WSFED");
if (origRelayState != null) {
response.sendRedirect(origRelayState);
} else {
response.getWriter().print("Logout DONE.");
}
} else {
// should never come here
debug.error("SingleLogoutManager.sendLogoutResponse: invalid" + " protocol : " + protocol);
}
}
cleanupParameters(relayState);
return;
}
Also used :
Element(org.w3c.dom.Element)
SAMLException(com.sun.identity.saml.common.SAMLException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
Status(com.sun.identity.saml.protocol.Status)
Status(com.sun.identity.saml.protocol.Status)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
LogoutResponse(com.sun.identity.saml2.protocol.LogoutResponse)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
IOException(java.io.IOException)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Aggregations
FSLogoutResponse (com.sun.identity.federation.message.FSLogoutResponse)8
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)8
SessionException (com.sun.identity.plugin.session.SessionException)6
SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)6
IOException (java.io.IOException)6
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)5
ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)5
HashMap (java.util.HashMap)5
SAMLException (com.sun.identity.saml.common.SAMLException)4
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)3
FederationSPAdapter (com.sun.identity.federation.plugins.FederationSPAdapter)3
Status (com.sun.identity.saml.protocol.Status)3
Element (org.w3c.dom.Element)3
FSException (com.sun.identity.federation.common.FSException)2
FSLogoutNotification (com.sun.identity.federation.message.FSLogoutNotification)2
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)2
FSSession (com.sun.identity.federation.services.FSSession)2
FSSessionManager (com.sun.identity.federation.services.FSSessionManager)2
Iterator (java.util.Iterator)2
List (java.util.List)2
