Example 26 with ProviderDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType in project OpenAM by OpenRock.
the class FSSingleLogoutHandler method continueLogout.
/**
* Invoked in the case of Single Logout using SOAP profile.
* Only in the case of SOAP do we have control to initiate logout for the
* next-in-line provider. In the case of HTTP GET/Redirect we send the
* message to one provider and lose control. Here in SOAP profile
* <code>continueLogout</code> continues the logout process.
* @param isSuccess if true, means logout preformed successfully so far;
* if false, means logout failed in one or more providers.
*/
private void continueLogout(boolean isSuccess) {
FSUtils.debug.message("Entered FSSingleLogoutHandler::continueLogout");
if (FSLogoutUtil.liveConnectionsExist(userID, metaAlias)) {
FSUtils.debug.message("More liveConnectionsExist");
HashMap providerMap = FSLogoutUtil.getCurrentProvider(userID, metaAlias, ssoToken);
if (providerMap != null) {
FSSessionPartner currentSessionProvider = (FSSessionPartner) providerMap.get(IFSConstants.PARTNER_SESSION);
this.sessionIndex = (String) providerMap.get(IFSConstants.SESSION_INDEX);
if (currentSessionProvider != null) {
String currentEntityId = currentSessionProvider.getPartner();
isCurrentProviderIDPRole = currentSessionProvider.getIsRoleIDP();
ProviderDescriptorType currentDesc = null;
try {
if (isCurrentProviderIDPRole) {
currentDesc = metaManager.getIDPDescriptor(realm, currentEntityId);
} else {
currentDesc = metaManager.getSPDescriptor(realm, currentEntityId);
}
} catch (Exception e) {
FSUtils.debug.error("FSSingleLogoutHandler:cannot get meta:", e);
}
setRemoteDescriptor(currentDesc);
// Clean session Map
FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
FSSession session = sessionManager.getSession(sessionManager.getSessionList(userID), sessionIndex);
if (!supportSOAPProfile(remoteDescriptor)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Single Logout Profile cannot" + " be processed. Verify profile in metadata");
}
String[] data = { IFSConstants.LOGOUT_IDP_SOAP_PROFILE };
LogUtil.error(Level.INFO, LogUtil.LOGOUT_PROFILE_NOT_SUPPORTED, data, ssoToken);
return;
}
FSUtils.debug.message("FSSLOHandler, SOAP in case 2");
// this is IDP
if ((doIDPSoapProfile(currentEntityId)).getStatus().equalsIgnoreCase(IFSConstants.SAML_SUCCESS) || !isCurrentProviderIDPRole) {
FSLogoutUtil.removeCurrentSessionPartner(metaAlias, currentEntityId, ssoToken, userID);
FSUtils.debug.message("SOAP partner removed, case 3");
}
return;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Reached else part " + " currentSessionProvider " + "is null. nothing more to broadcast" + "\nNo more providers, destroy user" + "session call destroyPrincipalSession");
}
FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, sessionIndex, request, response);
if (response != null) {
returnAfterCompletion();
}
return;
}
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("GetCurrentProvider returns null HashMap" + " Clean session and return" + "\nNo live connections, destroy user" + " session call destroyPrincipalSession");
}
FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, sessionIndex, request, response);
if (response != null) {
returnAfterCompletion();
}
return;
}
} else {
FSUtils.debug.message("Reached else part in continuelogout");
// for SP does not logout local session in case IDP logout failed.
if (isSuccess || !isCurrentProviderIDPRole) {
FSUtils.debug.message("No live connections, destroy session");
FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, sessionIndex, request, response);
}
// Call SP Adapter postSingleLogoutSuccess for SP/SOAP
callPostSingleLogoutSuccess(respObj, IFSConstants.LOGOUT_SP_SOAP_PROFILE);
if (response != null) {
returnAfterCompletion();
}
return;
}
}
Also used :
FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner)
HashMap(java.util.HashMap)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
FSSession(com.sun.identity.federation.services.FSSession)
FSSessionManager(com.sun.identity.federation.services.FSSessionManager)
ServletException(javax.servlet.ServletException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAMLException(com.sun.identity.saml.common.SAMLException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
IOException(java.io.IOException)
FSMsgException(com.sun.identity.federation.message.common.FSMsgException)
Example 27 with ProviderDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType in project OpenAM by OpenRock.
the class FSPreLogoutHandler method returnToPostLogout.
/**
* Determines the return location and redirects based on
* logout Return URL of the provider that initially sent the logout request.
* If request was not sent by remote provider then the local logout-done
* page is thrown back to the user
*/
private void returnToPostLogout(String logoutStatus) {
FSUtils.debug.message("Entered FSPreLogoutHandler::returnToPostLogout");
boolean error = false;
boolean logoutSuccess = true;
if (!logoutStatus.equals(IFSConstants.SAML_SUCCESS)) {
logoutSuccess = false;
}
boolean multiProtocolInvoked = false;
boolean toInvokeMultiProtocol = false;
if (MultiProtocolUtils.isMultipleProtocolSession(request, SingleLogoutManager.IDFF) && hostedRole.equalsIgnoreCase(IFSConstants.IDP) && !MultiProtocolUtils.isMultiProtocolRelayState(relayState)) {
toInvokeMultiProtocol = true;
}
try {
String returnProviderId = "";
String relayState = "";
String gLogoutStatus = "";
String inResponseTo = "";
String retURL = null;
FSLogoutResponse responseLogout = new FSLogoutResponse();
FSReturnSessionManager mngInst = FSReturnSessionManager.getInstance(metaAlias);
HashMap providerMap = new HashMap();
if (mngInst != null) {
providerMap = mngInst.getUserProviderInfo(userID);
}
if (providerMap == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Return URL based on local postlogout URL" + "\nNo Source in ReturnMAP : rs=" + this.relayState);
}
if (toInvokeMultiProtocol) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPreLogHandler.retToPostLogout:" + " call MP HTTP, status=" + logoutStatus);
}
multiProtocolInvoked = true;
int retStatus = handleMultiProtocolLogout(logoutStatus, null);
if (retStatus == SingleLogoutManager.LOGOUT_REDIRECTED_STATUS) {
return;
} else {
if ((retStatus == SingleLogoutManager.LOGOUT_FAILED_STATUS) || (retStatus == SingleLogoutManager.LOGOUT_PARTIAL_STATUS)) {
logoutSuccess = false;
}
}
}
if ((this.relayState == null) || (this.relayState.length() == 0)) {
FSServiceUtils.returnLocallyAfterOperation(response, LOGOUT_DONE_URL, logoutSuccess, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
} else {
FSServiceUtils.returnLocallyAfterOperation(response, this.relayState, logoutSuccess, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
}
return;
}
returnProviderId = (String) providerMap.get(IFSConstants.PROVIDER);
ProviderDescriptorType descriptor = null;
if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
descriptor = metaManager.getSPDescriptor(realm, returnProviderId);
} else {
descriptor = metaManager.getIDPDescriptor(realm, returnProviderId);
}
retURL = descriptor.getSingleLogoutServiceReturnURL();
relayState = (String) providerMap.get(IFSConstants.LOGOUT_RELAY_STATE);
gLogoutStatus = (String) providerMap.get(IFSConstants.LOGOUT_STATUS);
inResponseTo = (String) providerMap.get(IFSConstants.RESPONSE_TO);
mngInst.removeUserProviderInfo(userID);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Deleted " + userID + " from return list");
}
responseLogout.setResponseTo(inResponseTo);
responseLogout.setRelayState(relayState);
responseLogout.setProviderId(hostedEntityId);
if (gLogoutStatus != null) {
responseLogout.setStatus(logoutStatus);
}
responseLogout.setID(IFSConstants.LOGOUTID);
responseLogout.setMinorVersion(FSServiceUtils.getMinorVersion(descriptor.getProtocolSupportEnumeration()));
// call multi-federation protocol processing
if (toInvokeMultiProtocol) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPreLogHandler.retToPostLogout:" + " call MP HTTP, response=" + responseLogout.toXMLString());
}
multiProtocolInvoked = true;
int retStatus = handleMultiProtocolLogout(logoutStatus, responseLogout.toXMLString(true, true));
if (retStatus == SingleLogoutManager.LOGOUT_REDIRECTED_STATUS) {
return;
} else {
if ((retStatus == SingleLogoutManager.LOGOUT_FAILED_STATUS) || (retStatus == SingleLogoutManager.LOGOUT_PARTIAL_STATUS)) {
logoutSuccess = false;
responseLogout.setStatus(IFSConstants.SAML_RESPONDER);
}
}
}
String urlEncodedResponse = responseLogout.toURLEncodedQueryString();
// Sign the request querystring
if (FSServiceUtils.isSigningOn()) {
String certAlias = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
if (certAlias == null || certAlias.length() == 0) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSBrowserArtifactConsumerHandler:: " + "signSAMLRequest:" + "couldn't obtain this site's cert alias.");
}
throw new SAMLResponderException(FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
}
urlEncodedResponse = FSSignatureUtil.signAndReturnQueryString(urlEncodedResponse, certAlias);
}
StringBuffer redirectURL = new StringBuffer();
redirectURL.append(retURL);
if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
redirectURL.append(IFSConstants.QUESTION_MARK);
} else {
redirectURL.append(IFSConstants.AMPERSAND);
}
redirectURL.append(urlEncodedResponse);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Response to be sent (3) : " + redirectURL.toString());
}
response.sendRedirect(redirectURL.toString());
return;
} catch (IOException e) {
FSUtils.debug.error("Unable to get LRURL. No location to redirect." + "processing completed:", e);
error = true;
} catch (IDFFMetaException e) {
FSUtils.debug.error("Unable to get LRURL. No location to redirect" + " processing completed:", e);
error = true;
} catch (Exception e) {
FSUtils.debug.error("FSPreLogoutHandler::General exception thrown :", e);
error = true;
}
if (error) {
String[] data = { FSUtils.bundle.getString(IFSConstants.LOGOUT_REDIRECT_FAILED) };
LogUtil.error(Level.INFO, LogUtil.LOGOUT_REDIRECT_FAILED, data, ssoToken);
logoutSuccess = false;
}
// call multi-federation protocol processing
if (toInvokeMultiProtocol && !multiProtocolInvoked) {
// invoke multiple federation protocol in exception case
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSPreLogHandler.retToPostLogout:" + " call MP HTTP, error=" + error);
}
multiProtocolInvoked = true;
int retStatus = handleMultiProtocolLogout(logoutStatus, null);
if (retStatus == SingleLogoutManager.LOGOUT_REDIRECTED_STATUS) {
return;
} else {
if ((retStatus == SingleLogoutManager.LOGOUT_FAILED_STATUS) || (retStatus == SingleLogoutManager.LOGOUT_PARTIAL_STATUS)) {
logoutSuccess = false;
}
}
}
FSServiceUtils.returnLocallyAfterOperation(response, LOGOUT_DONE_URL, logoutSuccess, IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
return;
}
Also used :
HashMap(java.util.HashMap)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
IOException(java.io.IOException)
FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
SessionException(com.sun.identity.plugin.session.SessionException)
IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException)
IOException(java.io.IOException)
SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException)
Example 28 with ProviderDescriptorType
use of com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType in project OpenAM by OpenRock.
the class FSSingleLogoutHandler method getProfileToCommunicateLogout.
/**
* Determines the profile to be used to communicate logout.
* @return String the liberty defined logout profile
*/
protected String getProfileToCommunicateLogout() {
FSUtils.debug.message("FSSingleLogoutHandler :: getProfileToCommunicateLogout...");
if (singleLogoutProtocol != null) {
return singleLogoutProtocol;
}
String retProfileType = "";
if (metaManager != null) {
ProviderDescriptorType descriptor = remoteDescriptor;
if (isCurrentProviderIDPRole) {
FSUtils.debug.message("Local provider is SP");
descriptor = hostedDescriptor;
} else {
FSUtils.debug.message("Local provider is IDP");
}
List profiles = descriptor.getSingleLogoutProtocolProfile();
if (profiles != null && !profiles.isEmpty()) {
retProfileType = (String) profiles.iterator().next();
}
}
return retProfileType;
}
Also used :
ProviderDescriptorType(com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)
List(java.util.List)
Aggregations
ProviderDescriptorType (com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType)28
IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)26
FSMsgException (com.sun.identity.federation.message.common.FSMsgException)14
BaseConfigType (com.sun.identity.federation.jaxb.entityconfig.BaseConfigType)12
SAMLException (com.sun.identity.saml.common.SAMLException)11
FSException (com.sun.identity.federation.common.FSException)10
IDFFMetaManager (com.sun.identity.federation.meta.IDFFMetaManager)9
HashMap (java.util.HashMap)8
SessionException (com.sun.identity.plugin.session.SessionException)6
List (java.util.List)6
FSLogoutResponse (com.sun.identity.federation.message.FSLogoutResponse)5
SAMLResponderException (com.sun.identity.saml.common.SAMLResponderException)5
SystemConfigurationException (com.sun.identity.common.SystemConfigurationException)4
FSSessionManager (com.sun.identity.federation.services.FSSessionManager)4
FSSessionPartner (com.sun.identity.federation.services.FSSessionPartner)4
IOException (java.io.IOException)4
Iterator (java.util.Iterator)4
SOAPException (javax.xml.soap.SOAPException)4
FSLogoutNotification (com.sun.identity.federation.message.FSLogoutNotification)3
FSNameRegistrationResponse (com.sun.identity.federation.message.FSNameRegistrationResponse)3
