Example 6 with ProviderDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType in project OpenAM by OpenRock.
the class FSSingleLogoutHandler method handleIDPProxyLogout.
private FSLogoutStatus handleIDPProxyLogout(String sourceEntityId) {
FSLogoutStatus retStatus = null;
FSUtils.debug.message("FSSingleLogoutHandler.handleIDPProxyLogout.");
// get sp metaAlias if any
String proxySPAlias = null;
boolean isProxy = false;
BaseConfigType proxySPConfig = null;
ProviderDescriptorType proxySPDescriptor = null;
if (hostedRole == IFSConstants.IDP) {
// see if there is a hosted SP with the same hostedEntityId
proxySPAlias = IDFFMetaUtils.getMetaAlias(realm, hostedEntityId, IFSConstants.SP, null);
if (proxySPAlias != null) {
// check to see if original SP is idp proxy enabled
if (metaManager != null) {
try {
BaseConfigType sourceSPConfig = metaManager.getSPDescriptorConfig(realm, sourceEntityId);
String enabledString = IDFFMetaUtils.getFirstAttributeValueFromConfig(sourceSPConfig, IFSConstants.ENABLE_IDP_PROXY);
if (enabledString != null && enabledString.equalsIgnoreCase("true")) {
isProxy = true;
}
} catch (IDFFMetaException ie) {
// Shouldn't be here
isProxy = false;
}
}
}
}
if (isProxy) {
FSUtils.debug.message("FSSingleLogoutHandler.handleIDPProxyLogout:isProxy is true.");
// see if there is any session with that proxySPAlias
try {
FSSessionManager sessionMgr = FSSessionManager.getInstance(proxySPAlias);
FSSession session = sessionMgr.getSession(ssoToken);
if (session != null) {
List partners = session.getSessionPartners();
if (partners != null && !partners.isEmpty()) {
FSSingleLogoutHandler handler = new FSSingleLogoutHandler();
proxySPConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
proxySPDescriptor = metaManager.getSPDescriptor(realm, hostedEntityId);
handler.setHostedDescriptor(proxySPDescriptor);
handler.setHostedDescriptorConfig(proxySPConfig);
handler.setRealm(realm);
handler.setHostedEntityId(hostedEntityId);
handler.setHostedProviderRole(IFSConstants.SP);
handler.setMetaAlias(proxySPAlias);
Iterator iter = partners.iterator();
retStatus = new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
// most of the time it will have only one idp partner
while (iter.hasNext()) {
FSSessionPartner sessionPartner = (FSSessionPartner) iter.next();
String curEntityId = sessionPartner.getPartner();
if (curEntityId.equals(sourceEntityId) || !sessionPartner.getIsRoleIDP()) {
continue;
}
FSLogoutStatus curStatus = handler.doIDPProxySoapProfile(request, response, sessionPartner, userID, session.getSessionIndex(), ssoToken);
if (!curStatus.getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
retStatus = curStatus;
}
}
}
}
} catch (Exception e) {
FSUtils.debug.error("FSSingleLogoutHandler.handleIDPProxy:", e);
retStatus = new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
}
}
return retStatus;
}
Also used :
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
FSSession(com.sun.identity.federation.services.FSSession)
ServletException(javax.servlet.ServletException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
IOException(java.io.IOException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner)
Iterator(java.util.Iterator)
List(java.util.List)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
Example 7 with ProviderDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType in project OpenAM by OpenRock.
the class FSProcessLogoutServlet method doGetPost.
/**
* Handles single logout request.
* @param request an <code>HttpServletRequest</code> object that contains
* the request the client has made of the servlet.
* @param response an <code>HttpServletResponse</code> object that contains
* the response the servlet sends to the client.
* @exception ServletException if an input or output error is detected when
* the servlet handles the request
* @exception IOException if the request could not be handled
*/
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
FSUtils.debug.message("FSProcessLogoutServlet doGetPost...");
// Alias processing
String providerAlias = request.getParameter(IFSConstants.META_ALIAS);
if (providerAlias == null || providerAlias.length() == 0) {
providerAlias = FSServiceUtils.getMetaAlias(request);
}
if (providerAlias == null || providerAlias.length() < 1) {
FSUtils.debug.error("Unable to retrieve alias, Hosted Provider. " + "Cannot process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("aliasNotFound"));
return;
}
if (metaManager == null) {
FSUtils.debug.error("Cannot retrieve hosted descriptor. " + "Cannot process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
return;
}
String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
ProviderDescriptorType hostedProviderDesc = null;
BaseConfigType hostedConfig = null;
String hostedRole = null;
String hostedEntityId = null;
try {
hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedRole != null) {
if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
hostedProviderDesc = metaManager.getIDPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
} else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
hostedProviderDesc = metaManager.getSPDescriptor(realm, hostedEntityId);
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
}
}
if (hostedProviderDesc == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException eam) {
FSUtils.debug.error("Unable to find Hosted Provider. " + "not process request", eam);
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
return;
}
String logoutDoneURL = FSServiceUtils.getLogoutDonePageURL(request, hostedConfig, providerAlias);
String commonErrorPage = FSServiceUtils.getErrorPageURL(request, hostedConfig, providerAlias);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("logoutDoneURL : " + logoutDoneURL + "\ncommonErrorPage : " + commonErrorPage);
}
String sourceCheck = (String) request.getAttribute("logoutSource");
if (sourceCheck == null) {
sourceCheck = request.getParameter("logoutSource");
}
Object ssoToken = getValidToken(request);
String userID = null;
if (ssoToken == null) {
if (sourceCheck != null) {
if (sourceCheck.equalsIgnoreCase("local")) {
// status=noSession
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSProcessLogoutServlet, " + "control where Source is local");
}
FSServiceUtils.returnLocallyAfterOperation(response, logoutDoneURL, false, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_NO_SESSION);
return;
} else if (sourceCheck.equalsIgnoreCase("remote")) {
// logout return
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Control where Source is remote - not from app" + "link but from other provider");
}
FSServiceUtils.returnLocallyAfterOperation(response, logoutDoneURL, true, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
return;
} else if (sourceCheck.equalsIgnoreCase("logoutGet")) {
// logout Get profile
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Control where Source is Http Get action - " + "not from app link ");
}
FSServiceUtils.returnLocallyAfterOperation(response, logoutDoneURL, true, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
return;
}
}
} else {
try {
userID = SessionManager.getProvider().getPrincipalName(ssoToken);
} catch (SessionException ssoExp) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Couldn't get user object:", ssoExp);
}
}
if (sourceCheck != null) {
if (sourceCheck.equalsIgnoreCase("local")) {
// initiate logout
FSUtils.debug.message("Control where Source is local - from applink");
doLogoutInitiation(request, response, hostedProviderDesc, hostedConfig, realm, hostedEntityId, hostedRole, providerAlias, ssoToken, logoutDoneURL, sourceCheck);
return;
} else if (sourceCheck.equalsIgnoreCase("remote")) {
// logout return
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Control where Source is remote - not from app" + "link but from other provider. Token valid");
}
doLogoutInitiation(request, response, hostedProviderDesc, hostedConfig, realm, hostedEntityId, hostedRole, providerAlias, ssoToken, logoutDoneURL, sourceCheck);
return;
} else if (sourceCheck.equalsIgnoreCase("logoutGet")) {
// logout Get profile
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Control where Source is Http Get action - not from" + " applink. Initiation will take care in " + "preLogouthandler ");
}
doLogoutInitiation(request, response, hostedProviderDesc, hostedConfig, realm, hostedEntityId, hostedRole, providerAlias, ssoToken, logoutDoneURL, sourceCheck);
return;
}
}
}
// received logout request from remote provider
FSLogoutNotification logoutObj = null;
try {
logoutObj = FSLogoutNotification.parseURLEncodedRequest(request);
} catch (FSMsgException e) {
// FSMsgException would mean that the request does not have the
// FSLogoutNotification message, so show error page
FSUtils.debug.message("Bad Logout request. calling showErrorPage");
FSServiceUtils.showErrorPage(response, commonErrorPage, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
}
if (logoutObj == null) {
FSUtils.debug.message("Bad Logout request. calling showErrorPage");
FSServiceUtils.showErrorPage(response, commonErrorPage, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
} else {
doRequestProcessing(request, response, hostedProviderDesc, hostedConfig, hostedRole, realm, hostedEntityId, providerAlias, logoutObj, commonErrorPage, userID, ssoToken);
}
return;
}
Also used :
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
SessionException(com.sun.identity.plugin.session.SessionException)
FSLogoutNotification(com.sun.identity.federation.message.FSLogoutNotification)
Example 8 with ProviderDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType in project OpenAM by OpenRock.
the class FSProcessLogoutServlet method doRequestProcessing.
/**
* Initiates logout request processing. It is called when a logout request
* is received from a remote provider.
* @param request <code>HTTPServletRequest</code> object received via a
* HTTP Redirect
* @param response <code>HTTPServletResponse</code> object to be sent back
* to user agent
* @param hostedDescriptor the provider for whom request is received
* @param hostedConfig hosted provider's extended meta config
* @param hostedRole hosted provider's role
* @param realm the realm in which the entity resides
* @param hostedEntityId hosted provider's entity id
* @param metaAlias hosted provider's meta alias
* @param reqLogout the single logout request
* @param commonErrorPage where to go if an error occurred
* @param userID user id
* @param ssoToken user session object
*/
private void doRequestProcessing(HttpServletRequest request, HttpServletResponse response, ProviderDescriptorType hostedDescriptor, BaseConfigType hostedConfig, String hostedRole, String realm, String hostedEntityId, String metaAlias, FSLogoutNotification reqLogout, String commonErrorPage, String userID, Object ssoToken) {
FSUtils.debug.message("Entered FSProcessLogoutServlet::doRequestProcessing");
int minorVersion = reqLogout.getMinorVersion();
String remoteEntityId = reqLogout.getProviderId();
ProviderDescriptorType remoteDesc = null;
boolean isIDP = false;
try {
if (hostedRole != null) {
if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
} else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
isIDP = true;
}
}
if (remoteDesc == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException e) {
FSUtils.debug.error("Remote provider metadata not found.");
String[] data = { remoteEntityId, realm };
LogUtil.error(Level.INFO, LogUtil.INVALID_PROVIDER, data, ssoToken);
FSLogoutUtil.returnToSource(response, remoteDesc, IFSConstants.SAML_RESPONDER, commonErrorPage, minorVersion, hostedConfig, hostedEntityId, userID);
return;
}
boolean bVerify = true;
if (FSServiceUtils.isSigningOn()) {
try {
FSUtils.debug.message("Calling verifyLogoutSignature");
bVerify = verifyLogoutSignature(request, remoteDesc, remoteEntityId, isIDP);
} catch (FSException e) {
FSUtils.debug.error("FSProcessLogoutServlet::doRequestProcessing " + "Signature on Logout request is invalid" + "Cannot proceed federation Logout");
String[] data = { userID };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data, ssoToken);
FSLogoutUtil.returnToSource(response, remoteDesc, IFSConstants.SAML_REQUESTER, commonErrorPage, minorVersion, hostedConfig, hostedEntityId, userID);
return;
} catch (SAMLException e) {
FSUtils.debug.error("FSProcessLogoutServlet::doRequestProcessing(SAML) " + "Signature on Logout request is invalid" + "Cannot proceed federation Logout");
String[] data = { userID };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data, ssoToken);
FSLogoutUtil.returnToSource(response, remoteDesc, IFSConstants.SAML_REQUESTER, commonErrorPage, minorVersion, hostedConfig, hostedEntityId, userID);
return;
}
}
String errorStatus = IFSConstants.SAML_RESPONDER;
if (bVerify) {
// Check if trusted provider
if (metaManager.isTrustedProvider(realm, hostedEntityId, remoteEntityId)) {
//Object ssoToken = getValidToken(request);
if (ssoToken != null) {
// session is valid, start single logout
// Invoke Messaging APIs to get providerid from request
FSServiceManager instSManager = FSServiceManager.getInstance();
if (instSManager != null) {
FSUtils.debug.message("FSServiceManager Instance not null");
// Call SP Adapter preSingleLogoutProcess
// for IDP/HTTP case
callPreSingleLogoutProcess(request, response, hostedRole, hostedConfig, hostedEntityId, userID, reqLogout);
FSPreLogoutHandler handlerObj = instSManager.getPreLogoutHandler();
if (handlerObj != null) {
handlerObj.setLogoutRequest(reqLogout);
handlerObj.setHostedDescriptor(hostedDescriptor);
handlerObj.setHostedDescriptorConfig(hostedConfig);
handlerObj.setRealm(realm);
handlerObj.setHostedEntityId(hostedEntityId);
handlerObj.setHostedProviderRole(hostedRole);
handlerObj.setMetaAlias(metaAlias);
handlerObj.setRemoteEntityId(remoteEntityId);
handlerObj.setRemoteDescriptor(remoteDesc);
handlerObj.processHttpSingleLogoutRequest(request, response, ssoToken);
return;
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSServiceManager Instance null. Cannot" + " continue logout");
}
String[] data = { userID };
LogUtil.error(Level.INFO, LogUtil.LOGOUT_FAILED, data, ssoToken);
FSLogoutUtil.returnToSource(response, remoteDesc, IFSConstants.SAML_RESPONDER, commonErrorPage, minorVersion, hostedConfig, hostedEntityId, userID);
return;
}
} else {
// ssoToken is null
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Invalid session in request processing. " + "Nothing to logout");
}
//Verify request,getUserDNcall destroyPrincipalSession
userID = FSLogoutUtil.getUserFromRequest(reqLogout, realm, hostedEntityId, hostedRole, hostedConfig, metaAlias);
if (userID != null) {
FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, reqLogout.getSessionIndex(), request, response);
// Here we need to send back to source
// provider's return URL
FSLogoutUtil.returnToSource(response, remoteDesc, IFSConstants.SAML_RESPONDER, commonErrorPage, minorVersion, hostedConfig, hostedEntityId, userID);
return;
}
}
} else {
FSUtils.debug.error("Remote provider not in trusted list");
}
} else {
FSUtils.debug.error("FSProcessLogoutServlet::doRequestProcesing " + "Signature on Logout request is invalid" + "Cannot proceed federation Logout");
String[] data = { userID };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data, ssoToken);
errorStatus = IFSConstants.SAML_REQUESTER;
}
FSLogoutUtil.returnToSource(response, remoteDesc, errorStatus, commonErrorPage, minorVersion, hostedConfig, hostedEntityId, userID);
return;
}
Also used :
FSServiceManager(com.sun.identity.federation.services.FSServiceManager)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
FSException(com.sun.identity.federation.common.FSException)
SAMLException(com.sun.identity.saml.common.SAMLException)
Example 9 with ProviderDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType in project OpenAM by OpenRock.
the class FSReturnLogoutServlet method doGetPost.
/**
* Processes logout response.
* @param request an <code>HttpServletRequest</code> object that contains
* the request the client has made of the servlet.
* @param response an <code>HttpServletResponse</code> object that contains
* the response the servlet sends to the client.
* @exception ServletException if an input or output error is detected when
* the servlet handles the request
* @exception IOException if the request could not be handled
*/
private void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
FSUtils.debug.message("FSReturnLogoutServlet doGetPost...");
// Alias processing
String providerAlias = request.getParameter(IFSConstants.META_ALIAS);
if (providerAlias == null || providerAlias.length() < 1) {
providerAlias = FSServiceUtils.getMetaAlias(request);
}
if (providerAlias == null || providerAlias.length() < 1) {
FSUtils.debug.message("Unable to retrieve alias, Hosted" + " Provider. Cannot process request");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("aliasNotFound"));
return;
}
Object ssoToken = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
ssoToken = sessionProvider.getSession(request);
if ((ssoToken == null) || (!sessionProvider.isValid(ssoToken))) {
FSUtils.debug.message("FSReturnLogoutRequest: Unable to get principal");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullSSOToken"));
return;
}
univId = sessionProvider.getPrincipalName(ssoToken);
} catch (SessionException ssoExp) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSReturnLogoutRequest: Unable to get principal", ssoExp);
}
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("nullSSOToken"));
return;
}
if (metaManager == null) {
FSUtils.debug.error("Failed to get meta manager");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FEDERATION_FAILED_META_INSTANCE));
return;
}
String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
String hostedRole = null;
String hostedEntityId = null;
BaseConfigType hostedConfig = null;
try {
hostedRole = metaManager.getProviderRoleByMetaAlias(providerAlias);
hostedEntityId = metaManager.getEntityIDByMetaAlias(providerAlias);
if (hostedRole != null) {
if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
hostedConfig = metaManager.getIDPDescriptorConfig(realm, hostedEntityId);
} else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
hostedConfig = metaManager.getSPDescriptorConfig(realm, hostedEntityId);
}
}
if (hostedConfig == null) {
throw new IDFFMetaException((String) null);
}
} catch (IDFFMetaException e) {
FSUtils.debug.error("Failed to get Hosted Provider");
response.sendError(response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString(IFSConstants.FAILED_HOSTED_DESCRIPTOR));
return;
}
setLogoutURL(request, hostedConfig, providerAlias);
// Here we will need to
// 1. verify response signature
// 2. verify response status
// 3. retrieve registration request Id from Map
// 4. if status success then do locally else not do locally and
// 5. show status page or LRURL if found in MAP (eg intersiteTransfer)
FSLogoutResponse logoutResponse = null;
try {
logoutResponse = FSLogoutResponse.parseURLEncodedRequest(request);
} catch (FSMsgException e) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
} catch (SAMLException e) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
}
String remoteEntityId = logoutResponse.getProviderId();
ProviderDescriptorType remoteDesc = null;
boolean isRemoteIDP = false;
try {
if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
remoteDesc = metaManager.getSPDescriptor(realm, remoteEntityId);
} else if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
remoteDesc = metaManager.getIDPDescriptor(realm, remoteEntityId);
isRemoteIDP = true;
}
} catch (IDFFMetaException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSLogoutReturnServlet.doGetPost:", e);
}
}
if (remoteDesc == null) {
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
}
boolean bVerify = true;
if (FSServiceUtils.isSigningOn()) {
try {
bVerify = verifyResponseSignature(request, remoteDesc, remoteEntityId, isRemoteIDP);
} catch (SAMLException e) {
bVerify = false;
} catch (FSException e) {
bVerify = false;
}
}
Status status = logoutResponse.getStatus();
String logoutStatus = status.getStatusCode().getValue();
// remove session partner in case of logout success or this is IDP
if (logoutStatus.equalsIgnoreCase(IFSConstants.SAML_SUCCESS) || !isRemoteIDP) {
FSLogoutUtil.removeCurrentSessionPartner(providerAlias, remoteEntityId, ssoToken, univId);
}
if (bVerify) {
// in ReturnSessionManager only if it is failure
if (!logoutStatus.equalsIgnoreCase(IFSConstants.SAML_SUCCESS)) {
FSReturnSessionManager localManager = FSReturnSessionManager.getInstance(providerAlias);
if (localManager != null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("update status of logout to failure " + " in session manager");
}
localManager.setLogoutStatus(logoutStatus, univId);
} else {
FSUtils.debug.message("Cannot get FSReturnSessionManager");
}
FSUtils.debug.error("FSReturnLogoutServlet, failed logout response " + logoutStatus);
String[] data = { univId };
LogUtil.error(Level.INFO, LogUtil.LOGOUT_FAILED, data, ssoToken);
FSLogoutUtil.sendErrorPage(request, response, providerAlias);
return;
}
} else {
FSUtils.debug.error("FSReturnLogoutServlet " + "Signature on logout response is invalid" + "Cannot proceed logout");
String[] data = { univId };
LogUtil.error(Level.INFO, LogUtil.INVALID_SIGNATURE, data, ssoToken);
FSServiceUtils.showErrorPage(response, COMMON_ERROR_PAGE, IFSConstants.LOGOUT_REQUEST_IMPROPER, IFSConstants.LOGOUT_FAILED);
return;
}
StringBuffer processLogout = new StringBuffer();
request.setAttribute("logoutSource", "remote");
processLogout.append(IFSConstants.SLO_VALUE).append("/").append(IFSConstants.META_ALIAS).append(providerAlias);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("About to get RequestDispatcher for " + processLogout.toString());
}
RequestDispatcher dispatcher = getServletConfig().getServletContext().getRequestDispatcher(processLogout.toString());
if (dispatcher == null) {
FSUtils.debug.message("RequestDispatcher is null");
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Unable to find " + processLogout + "\ncalling sendErrorPage ");
}
FSLogoutUtil.sendErrorPage(request, response, providerAlias);
return;
}
dispatcher.forward(request, response);
return;
}
Also used :
Status(com.sun.identity.saml.protocol.Status)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
SessionException(com.sun.identity.plugin.session.SessionException)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
SAMLException(com.sun.identity.saml.common.SAMLException)
RequestDispatcher(javax.servlet.RequestDispatcher)
BaseConfigType(com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)
FSException(com.sun.identity.federation.common.FSException)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
Example 10 with ProviderDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType in project OpenAM by OpenRock.
the class FSSingleLogoutHandler method getMultiLogoutRequest.
/**
* Prepares the IMG tags that correspond to Single logout requests that
* will all be shown in a single page when HTTP GET profile is used.
* @param providerMap contains information about all the providers
* for whom GET is the logout profile
* @return String that has the IMG tags for each provider to be notified
*/
private String getMultiLogoutRequest(HashMap providerMap) {
try {
Vector providerList = (Vector) providerMap.get(IFSConstants.PROVIDER);
HashMap sessionList = (HashMap) providerMap.get(IFSConstants.SESSION_INDEX);
StringBuffer imgString = new StringBuffer();
if (providerList != null) {
for (int i = 0; i < providerList.size(); i++) {
String providerId = (String) providerList.elementAt(i);
FSAccountFedInfo currentAccount = FSLogoutUtil.getCurrentWorkingAccount(userID, providerId, metaAlias);
FSLogoutNotification reqLogout = createSingleLogoutRequest(currentAccount, (String) sessionList.get(providerId));
ProviderDescriptorType descriptor = metaManager.getSPDescriptor(realm, providerId);
reqLogout.setMinorVersion(getMinorVersion(descriptor));
String urlEncodedRequest = reqLogout.toURLEncodedQueryString();
// Sign the request querystring
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("certalias : " + certAlias);
}
if (certAlias == null || certAlias.length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler" + " getMultiLogoutRequest: couldn't obtain " + "this site's cert alias.");
}
continue;
}
urlEncodedRequest = FSSignatureUtil.signAndReturnQueryString(urlEncodedRequest, certAlias);
StringBuffer redirectURL = new StringBuffer();
String retURL = descriptor.getSingleLogoutServiceURL();
redirectURL.append(retURL);
if (retURL.indexOf(QUESTION_MARK) == -1) {
redirectURL.append(QUESTION_MARK);
} else {
redirectURL.append(AMPERSAND);
}
redirectURL.append(urlEncodedRequest);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSingleLogoutHandler::" + "doHttpRedirect URL is " + redirectURL.toString());
}
imgString.append("<IMG SRC=\"").append(redirectURL.toString()).append("\" />");
}
return imgString.toString();
}
} catch (FSMsgException e) {
FSUtils.debug.error("FSSingleLogoutHandler::getMultiLogoutRequest" + " FSMsgException", e);
} catch (IDFFMetaException e) {
FSUtils.debug.error("FSSingleLogoutHandler::getMultiLogoutRequest" + " IDFFMetaException", e);
}
FSUtils.debug.error("Returning null from getMultiLogoutRequest");
return null;
}
Also used :
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
FSAccountFedInfo(com.sun.identity.federation.accountmgmt.FSAccountFedInfo)
HashMap(java.util.HashMap)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
FSLogoutNotification(com.sun.identity.federation.message.FSLogoutNotification)
Vector(java.util.Vector)
Aggregations
ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)28
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)26
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)14
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)12
SAMLException (com.sun.identity.saml.common.SAMLException)11
FSException (com.sun.identity.federation.common.FSException)10
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)9
HashMap (java.util.HashMap)8
SessionException (com.sun.identity.plugin.session.SessionException)6
List (java.util.List)6
FSLogoutResponse (com.sun.identity.federation.message.FSLogoutResponse)5
SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)5
SystemConfigurationException (com.sun.identity.common.SystemConfigurationException)4
FSSessionManager (com.sun.identity.federation.services.FSSessionManager)4
FSSessionPartner (com.sun.identity.federation.services.FSSessionPartner)4
IOException (java.io.IOException)4
Iterator (java.util.Iterator)4
SOAPException (javax.xml.soap.SOAPException)4
FSLogoutNotification (com.sun.identity.federation.message.FSLogoutNotification)3
FSNameRegistrationResponse (com.sun.identity.federation.message.FSNameRegistrationResponse)3
