Search in sources :

Example 1 with FSLogoutStatus

use of com.sun.identity.federation.services.logout.FSLogoutStatus in project OpenAM by OpenRock.

the class FSSOAPReceiver method handleLogoutRequest.

/**
     * Initiates the processing of the logout request received from a remote
     * trusted provider.
     * @param elt containing the logout request in the XML message
     * @param logoutRequest logout notification
     * @param msgLogout logout message
     * @param request http request object
     * @param response http response object
     * @param hostedProviderDesc hosted provider meta descriptor
     * @param hostedConfig hosted provider's extended meta
     * @param providerAlias hosted provider's meta alias
     * @param realm The realm under which the entity resides.
     * @param hostedEntityId hosted provider's entity ID
     * @param hostedRole hosted provider's role
     * @return null if error in processing, or Map containing two
     * keys, MESSAGE for SOAPMessage object and USERID for userID string
     */
private Map handleLogoutRequest(Element elt, FSLogoutNotification logoutRequest, SOAPMessage msgLogout, HttpServletRequest request, HttpServletResponse response, ProviderDescriptorType hostedProviderDesc, BaseConfigType hostedConfig, String providerAlias, String realm, String hostedEntityId, String hostedRole) {
    try {
        String remoteEntityId = logoutRequest.getProviderId();
        ProviderDescriptorType remoteDesc = getRemoteProviderDescriptor(hostedRole, remoteEntityId, realm);
        if (remoteDesc == null) {
            return null;
        }
        boolean isIDP = false;
        if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
            isIDP = true;
        }
        X509Certificate remoteCert = KeyUtil.getVerificationCert(remoteDesc, remoteEntityId, isIDP);
        if (!FSServiceUtils.isSigningOn() || verifyRequestSignature(elt, msgLogout, remoteCert)) {
            FSUtils.debug.message("Logout Signature successfully verified");
            if (providerAlias == null || providerAlias.length() < 1) {
                FSUtils.debug.message("Unable to retrieve alias, " + "Hosted Provider Cannot process logout request");
                return null;
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest: " + "Completed forming request FSLogoutNotification");
            }
            IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
            if (metaManager.isTrustedProvider(realm, hostedEntityId, remoteEntityId)) {
                String userID = FSLogoutUtil.getUserFromRequest(logoutRequest, realm, hostedEntityId, hostedRole, hostedConfig, providerAlias);
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + " found user Id = " + userID);
                }
                // Call SP Adapter preSingleLogoutProcess for IDP/SOAP
                if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
                    FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
                    if (spAdapter != null) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSOAPReceiver, " + "call preSingleLogoutProcess, IDP/SOAP");
                        }
                        try {
                            spAdapter.preSingleLogoutProcess(hostedEntityId, request, response, userID, logoutRequest, null, IFSConstants.LOGOUT_IDP_SOAP_PROFILE);
                        } catch (Exception e) {
                            // ignore adapter process error
                            FSUtils.debug.error("preSingleLogoutProcess." + "IDP/SOAP", e);
                        }
                    }
                }
                // TODO : change to use FSLogoutUtil.liveConnectionsExist
                if (!isUserExists(userID, providerAlias)) {
                    //to do the cleanup
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest: User " + "does not exist locally. Finding remotely");
                    }
                    List platformList = null;
                    try {
                        platformList = SystemConfigurationUtil.getServerList();
                    } catch (SystemConfigurationException se) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest: " + "Couldn't find remote server:", se);
                        }
                    }
                    if (platformList == null) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + "platformList is null");
                        }
                        return null;
                    }
                    Iterator iter = platformList.iterator();
                    while (iter.hasNext()) {
                        String remoteServerURL = (String) iter.next();
                        StringBuffer tmpremoteURL = new StringBuffer(remoteServerURL);
                        tmpremoteURL.append(SystemConfigurationUtil.getProperty("com.iplanet.am.services." + "deploymentDescriptor"));
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + "remoteServerURL = " + remoteServerURL + " and self serverUrl =" + FSServiceUtils.getBaseURL());
                        }
                        if ((FSServiceUtils.getBaseURL()).equalsIgnoreCase(remoteServerURL.toString())) {
                            continue;
                        }
                        FSAssertionManagerClient amc = new FSAssertionManagerClient(providerAlias, getFullServiceURL(remoteServerURL));
                        if (amc.isUserExists(userID)) {
                            if (FSUtils.debug.messageEnabled()) {
                                FSUtils.debug.message("FSSOAPReceiver:handleLogoutRequest" + "user found here =" + remoteServerURL);
                            }
                            StringBuffer remoteURL = new StringBuffer();
                            remoteURL.append(remoteServerURL.toString()).append(SystemConfigurationUtil.getProperty("com.iplanet.am.services." + "deploymentDescriptor")).append(IFSConstants.SOAP_END_POINT_VALUE).append("/").append(IFSConstants.META_ALIAS).append(providerAlias);
                            FSSOAPService instSOAP = FSSOAPService.getInstance();
                            SOAPMessage retSOAPMessage = null;
                            if (instSOAP != null) {
                                try {
                                    if (FSUtils.debug.messageEnabled()) {
                                        FSUtils.debug.message("Forward logout request to " + remoteURL.toString());
                                    }
                                    retSOAPMessage = instSOAP.sendMessage(msgLogout, remoteURL.toString());
                                    if (retSOAPMessage != null) {
                                        Map map = new HashMap();
                                        map.put(MESSAGE, retSOAPMessage);
                                        if (userID != null) {
                                            map.put(USERID, userID);
                                        }
                                        return map;
                                    } else {
                                        return null;
                                    }
                                } catch (SOAPException e) {
                                    FSUtils.debug.error("FSSOAPException in doSOAPProfile" + " Cannot send request", e);
                                    return null;
                                }
                            } else {
                                return null;
                            }
                        }
                    }
                }
                FSServiceManager instService = FSServiceManager.getInstance();
                if (instService != null) {
                    FSPreLogoutHandler logoutHandler = instService.getPreLogoutHandler();
                    if (logoutHandler != null) {
                        logoutHandler.setHostedDescriptor(hostedProviderDesc);
                        logoutHandler.setHostedDescriptorConfig(hostedConfig);
                        logoutHandler.setHostedEntityId(hostedEntityId);
                        logoutHandler.setHostedProviderRole(hostedRole);
                        logoutHandler.setMetaAlias(providerAlias);
                        logoutHandler.setRealm(realm);
                        logoutHandler.setRemoteDescriptor(remoteDesc);
                        logoutHandler.setRemoteEntityId(remoteEntityId);
                        logoutHandler.setLogoutRequest(logoutRequest);
                        FSLogoutStatus bProcessStatus = logoutHandler.processSingleLogoutRequest(logoutRequest);
                        if (bProcessStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
                            MessageFactory factory = MessageFactory.newInstance();
                            SOAPMessage successSOAP = factory.createMessage();
                            if (successSOAP != null) {
                                Map map = new HashMap();
                                map.put(MESSAGE, successSOAP);
                                if (userID != null) {
                                    map.put(USERID, userID);
                                }
                                return map;
                            } else {
                                return null;
                            }
                        } else if (bProcessStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_UNSUPPORTED)) {
                            SOAPMessage retSOAPMessage = soapService.formSOAPError("Server", "cannotProcessRequest", null);
                            if (retSOAPMessage != null) {
                                Map map = new HashMap();
                                map.put(MESSAGE, retSOAPMessage);
                                if (userID != null) {
                                    map.put(USERID, userID);
                                }
                                return map;
                            } else {
                                return null;
                            }
                        } else {
                            return null;
                        }
                    } else {
                        FSUtils.debug.error("Unable to get PreLogoutHandler");
                        FSUtils.debug.error("Cannot process request");
                        return null;
                    }
                } else {
                    FSUtils.debug.message("FSServiceManager instance is" + "null. Cannot process logout request");
                    return null;
                }
            }
            FSUtils.debug.message("Remote provider not in trusted list");
            return null;
        } else {
            FSUtils.debug.error("Logout Signature failed verification");
            return null;
        }
    } catch (Exception se) {
        FSUtils.debug.error("FSSOAPService::handleLogoutRequest failed", se);
        return null;
    }
}
Also used : MessageFactory(javax.xml.soap.MessageFactory) HashMap(java.util.HashMap) ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType) FSLogoutStatus(com.sun.identity.federation.services.logout.FSLogoutStatus) SystemConfigurationException(com.sun.identity.common.SystemConfigurationException) SOAPMessage(javax.xml.soap.SOAPMessage) X509Certificate(java.security.cert.X509Certificate) SOAPException(javax.xml.soap.SOAPException) SystemConfigurationException(com.sun.identity.common.SystemConfigurationException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSMsgException(com.sun.identity.federation.message.common.FSMsgException) FSException(com.sun.identity.federation.common.FSException) IDFFMetaManager(com.sun.identity.federation.meta.IDFFMetaManager) SOAPException(javax.xml.soap.SOAPException) FSPreLogoutHandler(com.sun.identity.federation.services.logout.FSPreLogoutHandler) Iterator(java.util.Iterator) List(java.util.List) FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter) Map(java.util.Map) HashMap(java.util.HashMap)

Example 2 with FSLogoutStatus

use of com.sun.identity.federation.services.logout.FSLogoutStatus in project OpenAM by OpenRock.

the class IDFFSingleLogoutHandler method handleSOAPInitiatedSingleLogout.

private int handleSOAPInitiatedSingleLogout(Set userSession, String userID, HttpServletRequest request, HttpServletResponse response, String realm, String idpMetaAlias, String idpEntityId, String relayState, IDFFMetaManager metaManager) throws Exception {
    // TODO : verify this works under LB
    Object ssoToken = null;
    if ((userSession != null) && !userSession.isEmpty()) {
        // TODO : handle multiple SSO token case
        ssoToken = (Object) userSession.iterator().next();
    } else {
        FSSessionManager manager = FSSessionManager.getInstance(idpMetaAlias);
        List sessions = manager.getSessionList(userID);
        if ((sessions != null) && !sessions.isEmpty()) {
            // TODO : handle multiple SSO token case
            ssoToken = sessions.iterator().next();
        } else {
            return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
        }
    }
    // call Single Logout Handler
    FSUtils.debug.message("creating FSSingleLogoutHandler");
    HashMap providerMap = FSLogoutUtil.getCurrentProvider(userID, idpEntityId, ssoToken);
    if (providerMap != null) {
        FSSessionPartner currentSessionProvider = (FSSessionPartner) providerMap.get(IFSConstants.PARTNER_SESSION);
        String sessionIndex = (String) providerMap.get(IFSConstants.SESSION_INDEX);
        if (currentSessionProvider != null) {
            ProviderDescriptorType hostedProviderDesc = metaManager.getIDPDescriptor(realm, idpEntityId);
            BaseConfigType hostedConfig = metaManager.getIDPDescriptorConfig(realm, idpEntityId);
            FSSingleLogoutHandler handlerObj = new FSSingleLogoutHandler();
            handlerObj.setHostedDescriptor(hostedProviderDesc);
            handlerObj.setHostedDescriptorConfig(hostedConfig);
            handlerObj.setHostedEntityId(idpEntityId);
            handlerObj.setHostedProviderRole(IFSConstants.IDP);
            handlerObj.setMetaAlias(idpMetaAlias);
            handlerObj.setSingleLogoutProtocol(IFSConstants.LOGOUT_IDP_SOAP_PROFILE);
            handlerObj.setRelayState(relayState);
            handlerObj.setRealm(realm);
            FSLogoutStatus logoutStatus = handlerObj.handleSingleLogout(response, request, currentSessionProvider, userID, sessionIndex, false, ssoToken);
            if (SingleLogoutManager.debug.messageEnabled()) {
                SingleLogoutManager.debug.message("IDFFSLOHandler." + "handleSOAPInitiatedSLO: logout status=" + logoutStatus.toString());
            }
            if (logoutStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
                return SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS;
            } else {
                return SingleLogoutManager.LOGOUT_FAILED_STATUS;
            }
        }
    }
    return SingleLogoutManager.LOGOUT_NO_ACTION_STATUS;
}
Also used : BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType) FSSingleLogoutHandler(com.sun.identity.federation.services.logout.FSSingleLogoutHandler) FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner) HashMap(java.util.HashMap) ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType) FSLogoutStatus(com.sun.identity.federation.services.logout.FSLogoutStatus) List(java.util.List) FSSessionManager(com.sun.identity.federation.services.FSSessionManager)

Aggregations

FSLogoutStatus (com.sun.identity.federation.services.logout.FSLogoutStatus)2 ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)2 HashMap (java.util.HashMap)2 List (java.util.List)2 SystemConfigurationException (com.sun.identity.common.SystemConfigurationException)1 FSException (com.sun.identity.federation.common.FSException)1 BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)1 FSMsgException (com.sun.identity.federation.message.common.FSMsgException)1 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)1 IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)1 FederationSPAdapter (com.sun.identity.federation.plugins.FederationSPAdapter)1 FSSessionManager (com.sun.identity.federation.services.FSSessionManager)1 FSSessionPartner (com.sun.identity.federation.services.FSSessionPartner)1 FSPreLogoutHandler (com.sun.identity.federation.services.logout.FSPreLogoutHandler)1 FSSingleLogoutHandler (com.sun.identity.federation.services.logout.FSSingleLogoutHandler)1 X509Certificate (java.security.cert.X509Certificate)1 Iterator (java.util.Iterator)1 Map (java.util.Map)1 MessageFactory (javax.xml.soap.MessageFactory)1 SOAPException (javax.xml.soap.SOAPException)1