use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class FSAssertionManager method createFSAssertion.
/**
* Creates an assertion artifact.
* @param id session ID
* @param artifact assertion artifact
* @param realm the realm under which the entity resides.
* @param spEntityID service provider's entity ID
* @param spHandle service provider issued <code>NameIdentifier</code>
* @param idpHandle identity provider issued <code>NameIdentifier</code>
* @param inResponseTo value to InResponseTo attribute. It's the request ID.
* @param assertionMinorVersion minor version the assertion should use
* @exception FSException,SAMLException if error occurrs
*/
public FSAssertion createFSAssertion(String id, AssertionArtifact artifact, String realm, String spEntityID, NameIdentifier spHandle, NameIdentifier idpHandle, String inResponseTo, int assertionMinorVersion) throws FSException, SAMLException {
FSUtils.debug.message("FSAssertionManager.createFSAssertion(id): Called");
// check input
if ((id == null) || (spEntityID == null)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager: null input for" + " method createFSAssertion.");
}
throw new FSException("nullInput", null);
}
String destID = spEntityID;
String authMethod = null;
String authnContextStatementRef = null;
String authnContextClassRef = null;
Date authInstant = null;
String securityDomain = null;
Object token = null;
String univId = null;
SubjectLocality authLocality = null;
FSSessionManager sessionManager = FSSessionManager.getInstance(metaAlias);
IDFFMetaManager metaManager = FSUtils.getIDFFMetaManager();
Map attributes = new HashMap();
if (metaManager != null) {
BaseConfigType idpConfig = null;
try {
idpConfig = metaManager.getIDPDescriptorConfig(realm, hostEntityId);
} catch (IDFFMetaException e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createFSAssertion: exception while" + " obtaining idp extended meta:", e);
}
idpConfig = null;
}
if (idpConfig != null) {
attributes = IDFFMetaUtils.getAttributes(idpConfig);
}
}
try {
SessionProvider sessionProvider = SessionManager.getProvider();
token = sessionProvider.getSession(id);
String[] strAuthInst = null;
try {
strAuthInst = sessionProvider.getProperty(token, SessionProvider.AUTH_INSTANT);
} catch (UnsupportedOperationException ue) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("FSAssertionManager.createFSAssertion(id):", ue);
}
} catch (SessionException se) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("FSAssertionManager.createFSAssertion(id):", se);
}
}
if ((strAuthInst != null) && (strAuthInst.length >= 1)) {
try {
authInstant = DateUtils.stringToDate(strAuthInst[0]);
} catch (ParseException ex) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager." + "createFSAssertion(id): AuthInstant not found" + "in the Token");
}
}
} else {
authInstant = new java.util.Date();
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createFSAssertion(id):AuthInstant = " + authInstant);
}
try {
String[] strAuthMethod = sessionProvider.getProperty(token, SessionProvider.AUTH_METHOD);
if ((strAuthMethod != null) && (strAuthMethod.length >= 1)) {
authMethod = strAuthMethod[0];
}
} catch (UnsupportedOperationException ue) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("FSAssertionManager.createFSAssertion(id):", ue);
}
} catch (SessionException se) {
if (FSUtils.debug.warningEnabled()) {
FSUtils.debug.warning("FSAssertionManager.createFSAssertion(id):", se);
}
}
String assertionIssuer = IDFFMetaUtils.getFirstAttributeValue(attributes, IFSConstants.ASSERTION_ISSUER);
if (assertionIssuer == null) {
assertionIssuer = SystemConfigurationUtil.getProperty("com.iplanet.am.server.host");
}
try {
String ipAddress = InetAddress.getByName(assertionIssuer).getHostAddress();
authLocality = new SubjectLocality(ipAddress, assertionIssuer);
} catch (UnknownHostException uhe) {
FSUtils.debug.error("FSAssertionManager.constructor: couldn't" + " obtain the localhost's ipaddress:", uhe);
}
try {
FSSession session = sessionManager.getSession(token);
authnContextClassRef = session.getAuthnContext();
authnContextStatementRef = authnContextClassRef;
} catch (Exception ex) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createFSAssertion" + "(id): AuthnContextStatement for the token is null" + " Assertion will not contain any " + " AuthenticationStatement");
}
authnContextStatementRef = null;
}
if (authnContextStatementRef != null) {
if (assertionMinorVersion == IFSConstants.FF_11_ASSERTION_MINOR_VERSION) {
authMethod = IFSConstants.AC_XML_NS;
} else {
authMethod = IFSConstants.AC_12_XML_NS;
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createFSAssertion(id):" + "AuthnContextStatement used for authenticating the user: " + authnContextStatementRef);
}
univId = sessionProvider.getPrincipalName(token);
securityDomain = hostEntityId;
} catch (Exception e) {
FSUtils.debug.error("FSAssertionManager.createAssertion(id):" + " exception retrieving info from the session: ", e);
throw new FSException("alliance_manager_no_local_descriptor", null, e);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Creating Authentication Assertion for user with" + "opaqueHandle= " + spHandle.getName() + " And SecurityDomain= " + securityDomain);
}
SubjectConfirmation subConfirmation = null;
String artString = null;
if (artifact != null) {
artString = artifact.getAssertionArtifact();
if (assertionMinorVersion == IFSConstants.FF_11_ASSERTION_MINOR_VERSION) {
subConfirmation = new SubjectConfirmation(SAMLConstants.DEPRECATED_CONFIRMATION_METHOD_ARTIFACT);
} else {
subConfirmation = new SubjectConfirmation(SAMLConstants.CONFIRMATION_METHOD_ARTIFACT);
}
subConfirmation.setSubjectConfirmationData(artString);
} else {
// set to bearer for POST profile
subConfirmation = new SubjectConfirmation(SAMLConstants.CONFIRMATION_METHOD_BEARER);
}
IDPProvidedNameIdentifier idpNi = null;
if (assertionMinorVersion == IFSConstants.FF_12_POST_ASSERTION_MINOR_VERSION || assertionMinorVersion == IFSConstants.FF_12_ART_ASSERTION_MINOR_VERSION) {
idpNi = new IDPProvidedNameIdentifier(idpHandle.getName(), idpHandle.getNameQualifier(), spHandle.getFormat());
idpNi.setMinorVersion(IFSConstants.FF_12_PROTOCOL_MINOR_VERSION);
} else {
idpNi = new IDPProvidedNameIdentifier(idpHandle.getNameQualifier(), idpHandle.getName());
}
FSSubject sub = new FSSubject(spHandle, subConfirmation, idpNi);
AuthnContext authnContext = new AuthnContext(authnContextClassRef, authnContextStatementRef);
authnContext.setMinorVersion(assertionMinorVersion);
FSAuthenticationStatement statement = new FSAuthenticationStatement(authMethod, authInstant, sub, authLocality, null, authnContext);
FSSession session = sessionManager.getSession(univId, id);
if (session == null) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id): " + "AssertionManager could not find a valid Session for" + "userId: " + univId + " SessionID: " + id);
}
return null;
}
String sessionIndex = session.getSessionIndex();
if (sessionIndex == null) {
sessionIndex = SAMLUtils.generateID();
session.setSessionIndex(sessionIndex);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id): SessionIndex: " + sessionIndex);
}
statement.setSessionIndex(sessionIndex);
//setReauthenticateOnOrAfter date
Date issueInstant = new Date();
// get this period from the config
FSUtils.debug.message("here before date");
Date notAfter;
if (artifact != null) {
notAfter = new Date(issueInstant.getTime() + artifactTimeout);
} else {
notAfter = new Date(issueInstant.getTime() + assertionTimeout);
}
FSUtils.debug.message("here after date");
statement.setReauthenticateOnOrAfter(notAfter);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Authentication Statement: " + statement.toXMLString());
}
Conditions cond = new Conditions(null, notAfter);
if ((destID != null) && (destID.length() != 0)) {
List targets = new ArrayList();
targets.add(destID);
cond.addAudienceRestrictionCondition(new AudienceRestrictionCondition(targets));
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Authentication Statement: " + statement.toXMLString());
}
/**
* This is added to create an attribute statement for the bootstrap
* information.
*/
AttributeStatement attribStatement = null;
Advice advice = null;
String generateBootstrapping = IDFFMetaUtils.getFirstAttributeValue(attributes, IFSConstants.GENERATE_BOOTSTRAPPING);
if (assertionMinorVersion != IFSConstants.FF_11_ASSERTION_MINOR_VERSION && (generateBootstrapping != null && generateBootstrapping.equals("true"))) {
AuthnContext authContext = new AuthnContext(null, authnContextStatementRef);
authContext.setMinorVersion(IFSConstants.FF_12_PROTOCOL_MINOR_VERSION);
try {
FSDiscoveryBootStrap bootStrap = new FSDiscoveryBootStrap(token, authContext, sub, univId, destID, realm);
attribStatement = bootStrap.getBootStrapStatement();
if (bootStrap.hasCredentials()) {
advice = bootStrap.getCredentials();
}
} catch (Exception e) {
FSUtils.debug.error("FSAssertionManager.createAssertion(id):" + "exception when generating bootstrapping resource " + "offering:", e);
}
}
AssertionIDReference aID = new AssertionIDReference();
Set statements = new HashSet();
statements.add(statement);
if (attribStatement != null) {
statements.add(attribStatement);
}
String attributePluginImpl = IDFFMetaUtils.getFirstAttributeValue(attributes, IFSConstants.ATTRIBUTE_PLUGIN);
if ((attributePluginImpl != null) && (attributePluginImpl.length() != 0)) {
try {
Object pluginClass = Thread.currentThread().getContextClassLoader().loadClass(attributePluginImpl).newInstance();
List attribStatements = null;
if (pluginClass instanceof FSRealmAttributePlugin) {
FSRealmAttributePlugin attributePlugin = (FSRealmAttributePlugin) pluginClass;
attribStatements = attributePlugin.getAttributeStatements(realm, hostEntityId, destID, sub, token);
} else if (pluginClass instanceof FSAttributePlugin) {
FSAttributePlugin attributePlugin = (FSAttributePlugin) pluginClass;
attribStatements = attributePlugin.getAttributeStatements(hostEntityId, destID, sub, token);
}
if ((attribStatements != null) && (attribStatements.size() != 0)) {
Iterator iter = attribStatements.iterator();
while (iter.hasNext()) {
statements.add((AttributeStatement) iter.next());
}
}
} catch (Exception ex) {
FSUtils.debug.error("FSAssertion.createAssertion(id):getAttributePlugin:", ex);
}
}
if (IDFFMetaUtils.isAutoFedEnabled(attributes)) {
AttributeStatement autoFedStatement = FSAttributeStatementHelper.getAutoFedAttributeStatement(realm, hostEntityId, sub, token);
statements.add(autoFedStatement);
}
FSAssertion assertion = new FSAssertion(aID.getAssertionIDReference(), hostEntityId, issueInstant, cond, advice, statements, inResponseTo);
assertion.setMinorVersion(assertionMinorVersion);
assertion.setID(aID.getAssertionIDReference());
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Assertion created successfully: " + assertion.toXMLString());
}
String aIDString = assertion.getAssertionID();
Entry entry = new Entry(assertion, destID, artString, token);
Integer maxNumber = null;
try {
int temp = Integer.parseInt(IDFFMetaUtils.getFirstAttributeValue(attributes, IFSConstants.ASSERTION_LIMIT));
maxNumber = new Integer(temp);
} catch (Exception ex) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Assertion MAX number configuration not found in " + "FSConfig. Using Default");
}
maxNumber = null;
}
if (maxNumber == null) {
maxNumber = new Integer(IFSConstants.ASSERTION_MAX_NUMBER_DEFAULT);
}
int maxValue = maxNumber.intValue();
if ((maxValue != 0) && (idEntryMap.size() > maxValue)) {
FSUtils.debug.error("FSAssertionManager.createAssertion: " + "reached maxNumber of assertions.");
throw new FSException("errorCreateAssertion", null);
}
Object oldEntry = null;
try {
synchronized (idEntryMap) {
oldEntry = idEntryMap.put(aIDString, entry);
}
if ((agent != null) && agent.isRunning() && (idffSvc != null)) {
idffSvc.setAssertions((long) idEntryMap.size());
}
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager: couldn't add " + "to idEntryMap.", e);
}
throw new FSException("errorCreateAssertion", null);
}
if (LogUtil.isAccessLoggable(Level.FINER)) {
String[] data = { assertion.toString() };
LogUtil.access(Level.FINER, LogUtil.CREATE_ASSERTION, data, token);
} else {
String[] data = { assertion.getAssertionID() };
LogUtil.access(Level.INFO, LogUtil.CREATE_ASSERTION, data, token);
}
if (artString != null) {
try {
synchronized (artIdMap) {
oldEntry = artIdMap.put(artString, aIDString);
}
if ((agent != null) && agent.isRunning() && (idffSvc != null)) {
idffSvc.setArtifacts((long) artIdMap.size());
}
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager: couldn't add " + "artifact to the artIdMap.", e);
}
throw new FSException("errorCreateArtifact", null);
}
if (oldEntry != null) {
artifactTimeoutRunnable.removeElement(aIDString);
}
artifactTimeoutRunnable.addElement(aIDString);
} else {
if (oldEntry != null) {
assertionTimeoutRunnable.removeElement(aIDString);
}
assertionTimeoutRunnable.addElement(aIDString);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSAssertionManager.createAssertion(id):" + " Returning Assertion: " + assertion.toXMLString());
}
return assertion;
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class FSDefaultAttributePlugin method getAttributeValue.
private String getAttributeValue(Object token, String attrName) {
if (attrName == null) {
FSUtils.debug.error("FSDefaultAttributePlugin.getAttribute" + "Value: attribute Name is null. Check the attribute map");
return null;
}
try {
SessionProvider sessionProvider = SessionManager.getProvider();
String userID = sessionProvider.getPrincipalName(token);
DataStoreProvider dsProvider = DataStoreProviderManager.getInstance().getDataStoreProvider(IFSConstants.IDFF);
Set attrValues = dsProvider.getAttribute(userID, attrName);
if (attrValues == null || attrValues.isEmpty()) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSDefaultAttributePlugin.getAttribute" + "Value: values not found for : " + attrName);
}
return null;
}
return (String) attrValues.iterator().next();
} catch (SessionException se) {
FSUtils.debug.error("FSDefaultAttributePlugin.getAttributeValue: exception:", se);
} catch (DataStoreProviderException dspe) {
FSUtils.debug.error("FSDefaultAttributePlugin.getAttributeValue: exception: ", dspe);
}
return null;
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class SAMLPOSTProfileServlet method doGet.
/**
* Initiates <code>SAML</code> web browser POST profile.
* This method takes in a TARGET in the request, creates a SAMLResponse,
* then redirects user to the destination site.
*
* @param request <code>HttpServletRequest</code> instance
* @param response <code>HttpServletResponse</code> instance
* @throws ServletException if there is an error.
* @throws IOException if there is an error.
*/
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
if ((request == null) || (response == null)) {
String[] data = { SAMLUtils.bundle.getString("nullInputParameter") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.NULL_PARAMETER, data);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "nullInputParameter", SAMLUtils.bundle.getString("nullInputParameter"));
return;
}
SAMLUtils.checkHTTPContentLength(request);
// get Session
Object token = getSession(request);
if (token == null) {
response.sendRedirect(SAMLUtils.getLoginRedirectURL(request));
return;
}
// obtain TARGET
String target = request.getParameter(SAMLConstants.POST_TARGET_PARAM);
if (target == null || target.length() == 0) {
String[] data = { SAMLUtils.bundle.getString("missingTargetSite") };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.MISSING_TARGET, data, token);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_BAD_REQUEST, "missingTargetSite", SAMLUtils.bundle.getString("missingTargetSite"));
return;
}
// Get the Destination site Entry
// find the destSite POST URL, which is the Receipient
SAMLServiceManager.SiteEntry destSite = getDestSite(target);
String destSiteUrl = null;
if ((destSite == null) || ((destSiteUrl = destSite.getPOSTUrl()) == null)) {
String[] data = { SAMLUtils.bundle.getString("targetForbidden"), target };
LogUtils.error(java.util.logging.Level.INFO, LogUtils.TARGET_FORBIDDEN, data, token);
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "targetForbidden", SAMLUtils.bundle.getString("targetForbidden") + " " + target);
return;
}
Response samlResponse = null;
try {
String version = destSite.getVersion();
int majorVersion = SAMLConstants.PROTOCOL_MAJOR_VERSION;
int minorVersion = SAMLConstants.PROTOCOL_MINOR_VERSION;
if (version != null) {
StringTokenizer st = new StringTokenizer(version, ".");
if (st.countTokens() == 2) {
majorVersion = Integer.parseInt(st.nextToken().trim());
minorVersion = Integer.parseInt(st.nextToken().trim());
}
}
// create assertion
AssertionManager am = AssertionManager.getInstance();
SessionProvider sessionProvider = SessionManager.getProvider();
Assertion assertion = am.createSSOAssertion(sessionProvider.getSessionID(token), null, request, response, destSite.getSourceID(), target, majorVersion + "." + minorVersion);
// create SAMLResponse
StatusCode statusCode = new StatusCode(SAMLConstants.STATUS_CODE_SUCCESS);
Status status = new Status(statusCode);
List contents = new ArrayList();
contents.add(assertion);
samlResponse = new Response(null, status, destSiteUrl, contents);
samlResponse.setMajorVersion(majorVersion);
samlResponse.setMinorVersion(minorVersion);
} catch (SessionException sse) {
SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "Couldn't get SessionProvider:", sse);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", sse.getMessage());
return;
} catch (NumberFormatException ne) {
SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when creating Response: ", ne);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", ne.getMessage());
return;
} catch (SAMLException se) {
SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when creating Response: ", se);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", se.getMessage());
return;
}
// sign the samlResponse
byte[] signedBytes = null;
try {
samlResponse.signXML();
if (SAMLUtils.debug.messageEnabled()) {
SAMLUtils.debug.message("SAMLPOSTProfileServlet.doGet: " + "signed samlResponse is" + samlResponse.toString(true, true, true));
}
signedBytes = SAMLUtils.getResponseBytes(samlResponse);
} catch (Exception e) {
SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when signing the response:", e);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "errorSigningResponse", SAMLUtils.bundle.getString("errorSigningResponse"));
return;
}
// base64 encode the signed samlResponse
String encodedResponse = null;
try {
encodedResponse = Base64.encode(signedBytes, true).trim();
} catch (Exception e) {
SAMLUtils.debug.error("SAMLPOSTProfileServlet.doGet: Exception " + "when encoding the response:", e);
SAMLUtils.sendError(request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "errorEncodeResponse", SAMLUtils.bundle.getString("errorEncodeResponse"));
return;
}
if (LogUtils.isAccessLoggable(java.util.logging.Level.FINE)) {
String[] data = { SAMLUtils.bundle.getString("redirectTo"), target, destSiteUrl, new String(signedBytes, "UTF-8") };
LogUtils.access(java.util.logging.Level.FINE, LogUtils.REDIRECT_TO_URL, data, token);
} else {
String[] data = { SAMLUtils.bundle.getString("redirectTo"), target, destSiteUrl };
LogUtils.access(java.util.logging.Level.INFO, LogUtils.REDIRECT_TO_URL, data, token);
}
response.setContentType("text/html; charset=UTF-8");
PrintWriter out = response.getWriter();
out.println("<HTML>");
out.println("<BODY Onload=\"document.forms[0].submit()\">");
out.println("<FORM METHOD=\"POST\" ACTION=\"" + destSiteUrl + "\">");
out.println("<INPUT TYPE=\"HIDDEN\" NAME=\"" + SAMLConstants.POST_SAML_RESPONSE_PARAM + "\" ");
out.println("VALUE=\"" + encodedResponse + "\">");
out.println("<INPUT TYPE=\"HIDDEN\" NAME=\"" + SAMLConstants.POST_TARGET_PARAM + "\" VALUE=\"" + target + "\"> </FORM>");
out.println("</BODY></HTML>");
out.close();
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class SAMLPOSTProfileServlet method getSession.
private Object getSession(HttpServletRequest request) {
Object token = null;
try {
SessionProvider sessionProvider = SessionManager.getProvider();
token = sessionProvider.getSession(request);
if (token == null) {
SAMLUtils.debug.error("SAMLPOSTProfileServlet.getSession: " + "Session is null.");
return null;
}
if (!sessionProvider.isValid(token)) {
SAMLUtils.debug.error("SAMLPOSTProfileServlet.getSession: " + "Session is invalid.");
return null;
}
} catch (SessionException se) {
SAMLUtils.debug.error("SAMLPOSTProfileServlet.getSession: " + "Exception when getting Session:", se);
return null;
}
return token;
}
use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.
the class WSFederationUtils method processMultiProtocolLogout.
/**
* Processes Single Logout cross multiple federation protocols
* @param request HttpServletRequest object.
* @param response HttpServletResponse object
*/
public static void processMultiProtocolLogout(HttpServletRequest request, HttpServletResponse response, Object userSession) {
debug.message("WSFederationUtils.processMPSingleLogout");
try {
String wreply = (String) request.getAttribute(WSFederationConstants.LOGOUT_WREPLY);
String realm = (String) request.getAttribute(WSFederationConstants.REALM_PARAM);
String idpEntityId = (String) request.getAttribute(WSFederationConstants.ENTITYID_PARAM);
Set sessSet = new HashSet();
sessSet.add(userSession);
String sessUser = SessionManager.getProvider().getPrincipalName(userSession);
// assume WS-Federation logout always succeed as there is not
// logout status from the specification
SingleLogoutManager manager = SingleLogoutManager.getInstance();
// TODO : find out spEntityID/logout request if any
int status = manager.doIDPSingleLogout(sessSet, sessUser, request, response, false, true, SingleLogoutManager.WS_FED, realm, idpEntityId, null, wreply, null, null, SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS);
if (status != SingleLogoutManager.LOGOUT_REDIRECTED_STATUS) {
response.sendRedirect(wreply);
}
} catch (SessionException ex) {
// ignore;
debug.message("WSFederationUtils.processMultiProtocolLogout", ex);
} catch (IOException ex) {
// ignore;
debug.message("WSFederationUtils.processMultiProtocolLogout", ex);
} catch (Exception ex) {
// ignore;
debug.message("WSFederationUtils.processMultiProtocolLogout", ex);
}
}
Aggregations