Examples with FSLogoutResponse com.sun.identity.federation.message.FSLogoutResponse used on opensource projects

Search in sources :

Example 6 with FSLogoutResponse

use of com.sun.identity.federation.message.FSLogoutResponse in project OpenAM by OpenRock.

the class FSSingleLogoutHandler method returnAfterCompletion.

/**
     * Invoked to either send back control to remote provider if logout message
     * was received from one or
     * to show the local logout status page to the user.
     */
protected void returnAfterCompletion() {
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("Entered FSSingleLogoutHandler::returnAC: " + "PROTOCOL=" + this.singleLogoutProtocol + ", relayState=" + this.relayState);
    }
    try {
        String returnProviderId = "";
        String relayState = "";
        String logoutStatusString = "";
        String inResponseTo = "";
        FSReturnSessionManager mngInst = FSReturnSessionManager.getInstance(metaAlias);
        HashMap providerMap = new HashMap();
        if (mngInst != null) {
            providerMap = mngInst.getUserProviderInfo(userID);
        }
        if (providerMap != null) {
            returnProviderId = (String) providerMap.get(IFSConstants.PROVIDER);
            relayState = (String) providerMap.get(IFSConstants.LOGOUT_RELAY_STATE);
            logoutStatusString = (String) providerMap.get(IFSConstants.LOGOUT_STATUS);
            if (logoutStatusString == null || logoutStatusString.length() == 0) {
                logoutStatusString = IFSConstants.SAML_SUCCESS;
            }
            inResponseTo = (String) providerMap.get(IFSConstants.RESPONSE_TO);
            mngInst.removeUserProviderInfo(userID);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Deleted " + returnProviderId + " from return list");
            }
            ProviderDescriptorType descriptor = null;
            if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
                descriptor = metaManager.getSPDescriptor(realm, returnProviderId);
            } else {
                descriptor = metaManager.getIDPDescriptor(realm, returnProviderId);
            }
            String retURL = descriptor.getSingleLogoutServiceReturnURL();
            if (retURL != null) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Getting provider " + returnProviderId + " IDP Return URL = " + retURL);
                }
                FSLogoutResponse responseLogout = new FSLogoutResponse();
                responseLogout.setResponseTo(inResponseTo);
                responseLogout.setRelayState(relayState);
                responseLogout.setProviderId(hostedEntityId);
                responseLogout.setStatus(logoutStatusString);
                responseLogout.setID(IFSConstants.LOGOUTID);
                responseLogout.setMinorVersion(getMinorVersion(descriptor));
                responseLogout.setResponseID(FSUtils.generateID());
                // Call SP Adapter postSingleLogoutSuccess for SP/HTTP
                callPostSingleLogoutSuccess(responseLogout, IFSConstants.LOGOUT_IDP_REDIRECT_PROFILE);
                // call multi-federation protocol processing
                if (MultiProtocolUtils.isMultipleProtocolSession(request, SingleLogoutManager.IDFF) && hostedRole.equalsIgnoreCase(IFSConstants.IDP) && !MultiProtocolUtils.isMultiProtocolRelayState(relayState)) {
                    int retStatus = handleMultiProtocolLogout(false, responseLogout.toXMLString(true, true), returnProviderId);
                    if (retStatus == SingleLogoutManager.LOGOUT_REDIRECTED_STATUS) {
                        return;
                    } else {
                        if ((retStatus == SingleLogoutManager.LOGOUT_FAILED_STATUS) || (retStatus == SingleLogoutManager.LOGOUT_PARTIAL_STATUS)) {
                            responseLogout.setStatus(IFSConstants.SAML_RESPONDER);
                        }
                    }
                }
                String urlEncodedResponse = responseLogout.toURLEncodedQueryString();
                // Sign the request querystring
                if (FSServiceUtils.isSigningOn()) {
                    String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
                    if (certAlias == null || certAlias.length() == 0) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSBrowserArtifactConsumerHandler:: " + "signSAMLRequest:" + "couldn't obtain this site's cert alias.");
                        }
                        throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
                    }
                    urlEncodedResponse = FSSignatureUtil.signAndReturnQueryString(urlEncodedResponse, certAlias);
                }
                StringBuffer redirectURL = new StringBuffer();
                redirectURL.append(retURL);
                if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
                    redirectURL.append(IFSConstants.QUESTION_MARK);
                } else {
                    redirectURL.append(IFSConstants.AMPERSAND);
                }
                redirectURL.append(urlEncodedResponse);
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Response to be sent : " + redirectURL.toString());
                }
                String[] data = { userID };
                LogUtil.access(Level.INFO, LogUtil.LOGOUT_SUCCESS, data);
                response.sendRedirect(redirectURL.toString());
                return;
            }
        } else {
            FSUtils.debug.message("no source provider. return to local status page");
            // Multiple protocol single logout handler
            if ((this.singleLogoutProtocol != null) && this.singleLogoutProtocol.equals(IFSConstants.LOGOUT_IDP_SOAP_PROFILE) && (this.relayState != null) && MultiProtocolUtils.isMultiProtocolRelayState(this.relayState)) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSingleLogoutHandler::returnAC:" + " this is multiProto for IDP initiated SOAP");
                }
                return;
            }
            // call multi-federation protocol processing
            if (MultiProtocolUtils.isMultipleProtocolSession(request, SingleLogoutManager.IDFF) && hostedRole.equalsIgnoreCase(IFSConstants.IDP) && !MultiProtocolUtils.isMultiProtocolRelayState(relayState)) {
                boolean isSOAPInitiated = false;
                if ((singleLogoutProtocol.equals(IFSConstants.LOGOUT_IDP_SOAP_PROFILE)) || (singleLogoutProtocol.equals(IFSConstants.LOGOUT_SP_SOAP_PROFILE))) {
                    isSOAPInitiated = true;
                }
                int retStatus = handleMultiProtocolLogout(isSOAPInitiated, null, remoteEntityId);
                if (retStatus == SingleLogoutManager.LOGOUT_REDIRECTED_STATUS) {
                    return;
                } else {
                    if ((retStatus == SingleLogoutManager.LOGOUT_FAILED_STATUS) || (retStatus == SingleLogoutManager.LOGOUT_PARTIAL_STATUS)) {
                        logoutStatus = false;
                    }
                }
            }
            if (logoutStatus) {
                FSServiceUtils.returnLocallyAfterOperation(response, LOGOUT_DONE_URL, true, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
            }
            return;
        }
    } catch (IDFFMetaException e) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Unable to get LRURL. " + "No location to redirect. processing completed");
        }
        String[] data = { FSUtils.bundle.getString(IFSConstants.LOGOUT_REDIRECT_FAILED) };
        LogUtil.error(Level.INFO, LogUtil.LOGOUT_REDIRECT_FAILED, data, ssoToken);
    } catch (Exception ex) {
        String[] data = { FSUtils.bundle.getString(IFSConstants.LOGOUT_REDIRECT_FAILED) };
        LogUtil.error(Level.INFO, LogUtil.LOGOUT_REDIRECT_FAILED, data, ssoToken);
    }
}
Also used : HashMap(java.util.HashMap) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType) FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse) ServletException(javax.servlet.ServletException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SessionException(com.sun.identity.plugin.session.SessionException) SAMLException(com.sun.identity.saml.common.SAMLException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) IOException(java.io.IOException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)

Example 7 with FSLogoutResponse

use of com.sun.identity.federation.message.FSLogoutResponse in project OpenAM by OpenRock.

the class FSLogoutUtil method buildSignedResponse.

/**
     * Builds signed logout response.
     * @param retURL logout return url
     * @param bArgStatus logout status
     * @param minorVersion minor version of the response should be set to
     * @param hostedConfig hosted provider's extended meta
     * @param hostedEntityId hosted provider's entity id
     * @param userID user id
     * @return signed logout response in string format
     */
private static String buildSignedResponse(String retURL, String bArgStatus, int minorVersion, BaseConfigType hostedConfig, String hostedEntityId, String userID) {
    try {
        String inResponseTo = "";
        String logoutStatus = "";
        String relayState = "";
        // If userID exists read ReturnManager
        // If manager has entry use that ResponseTo field else default
        FSLogoutResponse responseLogout = new FSLogoutResponse();
        responseLogout.setID(IFSConstants.LOGOUTID);
        if (userID != null) {
            FSReturnSessionManager mngInst = FSReturnSessionManager.getInstance(hostedConfig.getMetaAlias());
            HashMap providerMap = new HashMap();
            if (mngInst != null) {
                providerMap = mngInst.getUserProviderInfo(userID);
            }
            if (providerMap != null) {
                inResponseTo = (String) providerMap.get(IFSConstants.RESPONSE_TO);
                relayState = (String) providerMap.get(IFSConstants.LOGOUT_RELAY_STATE);
                logoutStatus = (String) providerMap.get(IFSConstants.LOGOUT_STATUS);
                inResponseTo = (String) providerMap.get(IFSConstants.RESPONSE_TO);
                mngInst.removeUserProviderInfo(userID);
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("Deleted " + userID + " from return list");
                }
                responseLogout.setResponseTo(inResponseTo);
                responseLogout.setRelayState(relayState);
                responseLogout.setProviderId(hostedEntityId);
                responseLogout.setStatus(logoutStatus);
            } else {
                responseLogout.setStatus(bArgStatus);
                responseLogout.setProviderId(hostedEntityId);
            }
        } else {
            responseLogout.setStatus(bArgStatus);
            responseLogout.setProviderId(hostedEntityId);
        }
        responseLogout.setMinorVersion(minorVersion);
        String urlEncodedResponse = responseLogout.toURLEncodedQueryString();
        // Sign the request querystring
        if (FSServiceUtils.isSigningOn()) {
            String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
            if (certAlias == null || certAlias.length() == 0) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSLogoutUtil::buildSignedResponse:" + "couldn't obtain this site's cert alias.");
                }
                throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
            }
            urlEncodedResponse = FSSignatureUtil.signAndReturnQueryString(urlEncodedResponse, certAlias);
        }
        StringBuffer redirectURL = new StringBuffer();
        redirectURL.append(retURL);
        if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
            redirectURL.append(IFSConstants.QUESTION_MARK);
        } else {
            redirectURL.append(IFSConstants.AMPERSAND);
        }
        redirectURL.append(urlEncodedResponse);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSLogoutUtil : Response to be sent : " + redirectURL.toString());
        }
        return redirectURL.toString();
    } catch (Exception e) {
        return null;
    }
}
Also used : HashMap(java.util.HashMap) FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) IOException(java.io.IOException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)

Example 8 with FSLogoutResponse

use of com.sun.identity.federation.message.FSLogoutResponse in project OpenAM by OpenRock.

the class FSPreLogoutHandler method returnToPostLogout.

/**
     * Determines the return location and redirects based on
     * logout Return URL of the provider that initially sent the logout request.
     * If request was not sent by remote provider then the local logout-done
     * page is thrown back to the user
     */
private void returnToPostLogout(String logoutStatus) {
    FSUtils.debug.message("Entered FSPreLogoutHandler::returnToPostLogout");
    boolean error = false;
    boolean logoutSuccess = true;
    if (!logoutStatus.equals(IFSConstants.SAML_SUCCESS)) {
        logoutSuccess = false;
    }
    boolean multiProtocolInvoked = false;
    boolean toInvokeMultiProtocol = false;
    if (MultiProtocolUtils.isMultipleProtocolSession(request, SingleLogoutManager.IDFF) && hostedRole.equalsIgnoreCase(IFSConstants.IDP) && !MultiProtocolUtils.isMultiProtocolRelayState(relayState)) {
        toInvokeMultiProtocol = true;
    }
    try {
        String returnProviderId = "";
        String relayState = "";
        String gLogoutStatus = "";
        String inResponseTo = "";
        String retURL = null;
        FSLogoutResponse responseLogout = new FSLogoutResponse();
        FSReturnSessionManager mngInst = FSReturnSessionManager.getInstance(metaAlias);
        HashMap providerMap = new HashMap();
        if (mngInst != null) {
            providerMap = mngInst.getUserProviderInfo(userID);
        }
        if (providerMap == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("Return URL based on local postlogout URL" + "\nNo Source in ReturnMAP : rs=" + this.relayState);
            }
            if (toInvokeMultiProtocol) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSPreLogHandler.retToPostLogout:" + " call MP HTTP, status=" + logoutStatus);
                }
                multiProtocolInvoked = true;
                int retStatus = handleMultiProtocolLogout(logoutStatus, null);
                if (retStatus == SingleLogoutManager.LOGOUT_REDIRECTED_STATUS) {
                    return;
                } else {
                    if ((retStatus == SingleLogoutManager.LOGOUT_FAILED_STATUS) || (retStatus == SingleLogoutManager.LOGOUT_PARTIAL_STATUS)) {
                        logoutSuccess = false;
                    }
                }
            }
            if ((this.relayState == null) || (this.relayState.length() == 0)) {
                FSServiceUtils.returnLocallyAfterOperation(response, LOGOUT_DONE_URL, logoutSuccess, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
            } else {
                FSServiceUtils.returnLocallyAfterOperation(response, this.relayState, logoutSuccess, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
            }
            return;
        }
        returnProviderId = (String) providerMap.get(IFSConstants.PROVIDER);
        ProviderDescriptorType descriptor = null;
        if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
            descriptor = metaManager.getSPDescriptor(realm, returnProviderId);
        } else {
            descriptor = metaManager.getIDPDescriptor(realm, returnProviderId);
        }
        retURL = descriptor.getSingleLogoutServiceReturnURL();
        relayState = (String) providerMap.get(IFSConstants.LOGOUT_RELAY_STATE);
        gLogoutStatus = (String) providerMap.get(IFSConstants.LOGOUT_STATUS);
        inResponseTo = (String) providerMap.get(IFSConstants.RESPONSE_TO);
        mngInst.removeUserProviderInfo(userID);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Deleted " + userID + " from return list");
        }
        responseLogout.setResponseTo(inResponseTo);
        responseLogout.setRelayState(relayState);
        responseLogout.setProviderId(hostedEntityId);
        if (gLogoutStatus != null) {
            responseLogout.setStatus(logoutStatus);
        }
        responseLogout.setID(IFSConstants.LOGOUTID);
        responseLogout.setMinorVersion(FSServiceUtils.getMinorVersion(descriptor.getProtocolSupportEnumeration()));
        // call multi-federation protocol processing
        if (toInvokeMultiProtocol) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSPreLogHandler.retToPostLogout:" + " call MP HTTP, response=" + responseLogout.toXMLString());
            }
            multiProtocolInvoked = true;
            int retStatus = handleMultiProtocolLogout(logoutStatus, responseLogout.toXMLString(true, true));
            if (retStatus == SingleLogoutManager.LOGOUT_REDIRECTED_STATUS) {
                return;
            } else {
                if ((retStatus == SingleLogoutManager.LOGOUT_FAILED_STATUS) || (retStatus == SingleLogoutManager.LOGOUT_PARTIAL_STATUS)) {
                    logoutSuccess = false;
                    responseLogout.setStatus(IFSConstants.SAML_RESPONDER);
                }
            }
        }
        String urlEncodedResponse = responseLogout.toURLEncodedQueryString();
        // Sign the request querystring
        if (FSServiceUtils.isSigningOn()) {
            String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
            if (certAlias == null || certAlias.length() == 0) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSBrowserArtifactConsumerHandler:: " + "signSAMLRequest:" + "couldn't obtain this site's cert alias.");
                }
                throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
            }
            urlEncodedResponse = FSSignatureUtil.signAndReturnQueryString(urlEncodedResponse, certAlias);
        }
        StringBuffer redirectURL = new StringBuffer();
        redirectURL.append(retURL);
        if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
            redirectURL.append(IFSConstants.QUESTION_MARK);
        } else {
            redirectURL.append(IFSConstants.AMPERSAND);
        }
        redirectURL.append(urlEncodedResponse);
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("Response to be sent (3) : " + redirectURL.toString());
        }
        response.sendRedirect(redirectURL.toString());
        return;
    } catch (IOException e) {
        FSUtils.debug.error("Unable to get LRURL. No location to redirect." + "processing completed:", e);
        error = true;
    } catch (IDFFMetaException e) {
        FSUtils.debug.error("Unable to get LRURL. No location to redirect" + " processing completed:", e);
        error = true;
    } catch (Exception e) {
        FSUtils.debug.error("FSPreLogoutHandler::General exception thrown :", e);
        error = true;
    }
    if (error) {
        String[] data = { FSUtils.bundle.getString(IFSConstants.LOGOUT_REDIRECT_FAILED) };
        LogUtil.error(Level.INFO, LogUtil.LOGOUT_REDIRECT_FAILED, data, ssoToken);
        logoutSuccess = false;
    }
    // call multi-federation protocol processing
    if (toInvokeMultiProtocol && !multiProtocolInvoked) {
        // invoke multiple federation protocol in exception case
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSPreLogHandler.retToPostLogout:" + " call MP HTTP, error=" + error);
        }
        multiProtocolInvoked = true;
        int retStatus = handleMultiProtocolLogout(logoutStatus, null);
        if (retStatus == SingleLogoutManager.LOGOUT_REDIRECTED_STATUS) {
            return;
        } else {
            if ((retStatus == SingleLogoutManager.LOGOUT_FAILED_STATUS) || (retStatus == SingleLogoutManager.LOGOUT_PARTIAL_STATUS)) {
                logoutSuccess = false;
            }
        }
    }
    FSServiceUtils.returnLocallyAfterOperation(response, LOGOUT_DONE_URL, logoutSuccess, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
    return;
}
Also used : HashMap(java.util.HashMap) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType) IOException(java.io.IOException) FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) IOException(java.io.IOException) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)

Aggregations

FSLogoutResponse (com.sun.identity.federation.message.FSLogoutResponse)8 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)8 SessionException (com.sun.identity.plugin.session.SessionException)6 SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)6 IOException (java.io.IOException)6 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)5 ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)5 HashMap (java.util.HashMap)5 SAMLException (com.sun.identity.saml.common.SAMLException)4 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)3 FederationSPAdapter (com.sun.identity.federation.plugins.FederationSPAdapter)3 Status (com.sun.identity.saml.protocol.Status)3 Element (org.w3c.dom.Element)3 FSException (com.sun.identity.federation.common.FSException)2 FSLogoutNotification (com.sun.identity.federation.message.FSLogoutNotification)2 IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)2 FSSession (com.sun.identity.federation.services.FSSession)2 FSSessionManager (com.sun.identity.federation.services.FSSessionManager)2 Iterator (java.util.Iterator)2 List (java.util.List)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial