Search in sources :

Example 16 with SessionException

use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.

the class FSSSOAndFedHandler method processPreAuthnSSO.

/**
     * Handles authentication request.
     * @param authnRequest <code>FSAuthnRequest</code> object
     * @return <code>true</code> if the request is handled successfully;
     *  <code>false</code> otherwise.
     */
public boolean processPreAuthnSSO(FSAuthnRequest authnRequest) {
    FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: Called");
    String loginURL = null;
    List authenticationContextClassRef = null;
    String currentAuthnContextRef = null;
    String authType = null;
    FSAuthContextResult authnResult = null;
    FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
    if (authnRequest.getAuthnContext() != null) {
        authenticationContextClassRef = authnRequest.getAuthnContext().getAuthnContextClassRefList();
        if (authenticationContextClassRef == null) {
            String authCtxRefDefault = IFSConstants.DEFAULT_AUTHNCONTEXT_PASSWORD;
            authenticationContextClassRef = new ArrayList();
            authenticationContextClassRef.add(authCtxRefDefault);
        }
        authType = authnRequest.getAuthContextCompType();
        currentAuthnContextRef = null;
    }
    boolean authenticated = true;
    Object ssoToken = null;
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        ssoToken = sessionProvider.getSession(request);
        if (ssoToken == null) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "session is null. User is not authenticated.");
            }
            authenticated = false;
        } else if (!sessionProvider.isValid(ssoToken)) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "session is not valid. User is not authenticated.");
            }
            authenticated = false;
        } else {
            FSSession ssoSession = sessionMgr.getSession(ssoToken);
            if (ssoSession != null) {
                currentAuthnContextRef = ssoSession.getAuthnContext();
                if (currentAuthnContextRef != null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User has an existing " + "valid session with authnContext: " + currentAuthnContextRef);
                    }
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's authentication" + " context information not found using " + "default authentication context");
                    }
                    currentAuthnContextRef = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
                }
            } else {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.process" + "PreAuthnSSO: User's authenticated session " + "information is not present in FSSessionManager. " + "using default authentication context");
                }
                currentAuthnContextRef = IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT);
            }
            authenticated = true;
        }
        if (authenticated) {
            // added in case of multiple SPs
            try {
                sessionProvider.addListener(ssoToken, new FSTokenListener(metaAlias));
            } catch (Exception e) {
                if (FSUtils.debug.messageEnabled()) {
                    FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "Couldn't add listener to session:", e);
                }
            }
        }
    } catch (SessionException se) {
        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "SSOException Occured: User does not have session " + se.getMessage());
        authenticated = false;
    }
    //Initiate proxying
    if (!authenticated) {
        try {
            boolean isProxy = isIDPProxyEnabled(authnRequest);
            if (isProxy && !authnRequest.getFederate()) {
                String preferredIDP = getPreferredIDP(authnRequest);
                if (preferredIDP != null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.process" + "PreAuthnSSO:IDP to be proxied" + preferredIDP);
                    }
                    sendProxyAuthnRequest(authnRequest, preferredIDP);
                    return true;
                }
            //else continue for the local authentication.
            }
        } catch (FSRedirectException re) {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandle.processPreAuthnSSO:" + "Redirecting for the proxy handling.");
            }
            return true;
        } catch (Exception ex) {
            FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO:" + "Exception occured while processing for the proxy.", ex);
            return false;
        }
    }
    try {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "User's authentication status: " + authenticated);
        }
        FSAuthnDecisionHandler authnDecisionHandler = new FSAuthnDecisionHandler(realm, hostedEntityId, request);
        List defAuthnCxtList = new ArrayList();
        defAuthnCxtList.add(IDFFMetaUtils.getFirstAttributeValueFromConfig(hostedConfig, IFSConstants.DEFAULT_AUTHNCONTEXT));
        if (authnRequest.getIsPassive()) {
            if (authnRequest.getForceAuthn()) {
                if (FSUtils.debug.warningEnabled()) {
                    FSUtils.debug.warning("FSSSOAndFedHandler.PreAuthnSSO: " + "IDP is passive can't force authentication.");
                }
                return false;
            } else {
                if (authenticated) {
                    if (authenticationContextClassRef != null) {
                        authnResult = authnDecisionHandler.decideAuthnContext(authenticationContextClassRef, currentAuthnContextRef, authType);
                    } else {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication context is default");
                        }
                        authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList, authType);
                    }
                    if (authnResult == null) {
                        return false;
                    }
                    if (authnResult.getLoginURL() != null) {
                        // When it's not null.,
                        // we should show the login page
                        // may be it'asking for higher auth context.
                        loginURL = authnResult.getLoginURL();
                        loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
                        FSUtils.forwardRequest(request, response, loginURL);
                        return true;
                    } else {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is evaluated to be valid");
                        }
                        return processPostAuthnSSO(authnRequest);
                    }
                } else {
                    if (FSUtils.debug.warningEnabled()) {
                        FSUtils.debug.warning("FSSSOAndFedHandler.processPreAuthnSSO: " + "IDP is passive and user is not authenticated");
                    }
                    noFedStatus = new Status(new StatusCode("samlp:Responder", new StatusCode("lib:NoPassive", null)), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null);
                    return false;
                }
            }
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: AuthnRequest is active");
            }
            if (authnRequest.getForceAuthn()) {
                if (authenticationContextClassRef != null) {
                    authnResult = authnDecisionHandler.getURLForAuthnContext(authenticationContextClassRef, authType);
                } else {
                    authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList);
                }
                if (authnResult == null || authnResult.getLoginURL() == null || authnResult.getLoginURL().length() == 0) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO:" + "AuthnDecision engine failed to take a " + "authn decision");
                    }
                    return false;
                } else {
                    if (ssoToken != null) {
                        try {
                            SessionManager.getProvider().invalidateSession(ssoToken, request, response);
                        } catch (SessionException ssoe) {
                            FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO:" + "Unable to invalidate the sso session.");
                        }
                        ssoToken = null;
                    }
                    loginURL = authnResult.getLoginURL();
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "AuthnDecision engine returned: " + loginURL);
                    }
                }
                loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
                FSUtils.forwardRequest(request, response, loginURL);
                response.flushBuffer();
                return true;
            } else {
                if (authenticated) {
                    if (authenticationContextClassRef != null) {
                        authnResult = authnDecisionHandler.decideAuthnContext(authenticationContextClassRef, currentAuthnContextRef, authType);
                    } else {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is default");
                        }
                        authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList, authType);
                    }
                    if (authnResult == null) {
                        return false;
                    } else if (authnResult.getLoginURL() == null) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is evaluated to be valid");
                        }
                        return processPostAuthnSSO(authnRequest);
                    } else if (authnResult.getLoginURL().length() == 0) {
                        return false;
                    } else {
                        loginURL = authnResult.getLoginURL();
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO" + ": AuthnDecision engine returned: " + loginURL);
                        }
                    }
                    loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
                    FSUtils.forwardRequest(request, response, loginURL);
                    return true;
                } else {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: AuthnRequest is active");
                    }
                    //redirect for authentication authnContextRef
                    if (authenticationContextClassRef != null) {
                        authnResult = authnDecisionHandler.getURLForAuthnContext(authenticationContextClassRef, authType);
                    } else {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler." + "processPreAuthnSSO: User's " + "authentication " + "context is default");
                        }
                        authnResult = authnDecisionHandler.getURLForAuthnContext(defAuthnCxtList, authType);
                    }
                    if (authnResult == null || authnResult.getLoginURL() == null || authnResult.getLoginURL().length() == 0) {
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler. processPreAuthnSSO: " + " AuthnDecision engine" + " failed to take a decision");
                        }
                        noFedStatus = new Status(new StatusCode("samlp:Responder", new StatusCode("lib:NoAuthnContext", null)), FSUtils.bundle.getString("AuthnRequestProcessingFailed"), null);
                        return false;
                    } else {
                        loginURL = authnResult.getLoginURL();
                        if (FSUtils.debug.messageEnabled()) {
                            FSUtils.debug.message("FSSSOAndFedHandler.processPreAuthnSSO: " + "AuthnDecision engine returned: " + loginURL);
                        }
                    }
                    loginURL = formatLoginURL(loginURL, authnResult.getAuthContextRef());
                    FSUtils.forwardRequest(request, response, loginURL);
                    return true;
                }
            }
        }
    } catch (Exception e) {
        FSUtils.debug.error("FSSSOAndFedHandler.processPreAuthnSSO: " + "Exception occured");
        return processPostAuthnSSO(authnRequest);
    }
}
Also used : Status(com.sun.identity.saml.protocol.Status) ArrayList(java.util.ArrayList) FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) FSRedirectException(com.sun.identity.federation.common.FSRedirectException) StatusCode(com.sun.identity.saml.protocol.StatusCode) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) FSAccountMgmtException(com.sun.identity.federation.accountmgmt.FSAccountMgmtException) SAMLException(com.sun.identity.saml.common.SAMLException) FSException(com.sun.identity.federation.common.FSException) IOException(java.io.IOException) FSRedirectException(com.sun.identity.federation.common.FSRedirectException) FSAuthContextResult(com.sun.identity.federation.services.FSAuthContextResult) FSAuthnDecisionHandler(com.sun.identity.federation.services.FSAuthnDecisionHandler) List(java.util.List) ArrayList(java.util.ArrayList) FSTokenListener(com.sun.identity.federation.services.logout.FSTokenListener) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 17 with SessionException

use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.

the class FSLogoutUtil method getValidToken.

/**
     * Retrieves the session token from the Http Request, and
     * validates the token with the OpenAM session manager.
     * @param request <code>HTTPServletRequest</code> object containing the 
     *  session cookie information
     * @return session token if request contained valid
     *  session info; <code>false</code> otherwise.
     */
protected static Object getValidToken(HttpServletRequest request) {
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        Object ssoToken = sessionProvider.getSession(request);
        if ((ssoToken == null) || (!sessionProvider.isValid(ssoToken))) {
            FSUtils.debug.message("session is not valid,redirecting for authentication");
            return null;
        }
        return ssoToken;
    } catch (SessionException e) {
        if (FSUtils.debug.messageEnabled()) {
            FSUtils.debug.message("getValidToken: SessionException caught:", e);
        }
        return null;
    }
}
Also used : SessionException(com.sun.identity.plugin.session.SessionException) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 18 with SessionException

use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.

the class FSLogoutUtil method removeTokenFromSession.

/*
     * Cleans the FSSessionMap when the session token expires, idles out and/or 
     * when the user has closed his browser without actually performing a 
     * logout.
     * @param token the session token used to identify the user's 
     *  session
     * @param metaAlias the hosted provider performing logout
     */
public static void removeTokenFromSession(Object token, String metaAlias) {
    String univId = "";
    String tokenId = "";
    try {
        SessionProvider sessionProvider = SessionManager.getProvider();
        univId = sessionProvider.getPrincipalName(token);
        tokenId = sessionProvider.getSessionID(token);
    } catch (SessionException e) {
        if (FSUtils.debug.warningEnabled()) {
            FSUtils.debug.warning("SessionException in removeTokenFromSession", e);
        }
        return;
    }
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("Entered removeTokenFromSession for user: " + univId);
    }
    FSSessionManager sessionMgr = FSSessionManager.getInstance(metaAlias);
    FSSession currentSession = sessionMgr.getSession(univId, tokenId);
    if (currentSession != null) {
        sessionMgr.removeSession(univId, currentSession);
    }
}
Also used : FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) SessionProvider(com.sun.identity.plugin.session.SessionProvider)

Example 19 with SessionException

use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.

the class FSPreLogoutHandler method processHttpSingleLogoutRequest.

/**
     * Processes logout request received via HTTP redirect/GET.
     * @param request <code>HttpServletRequest</code> object from the user agent
     * @param response <code>HttpServletRsponse</code> to be sent back to the
     *  user agent
     * @param ssoToken used to identify the principal who wants to logout
     * @return <code>FSLogoutStatus</code> object to indicate the status of
     *  the logout process.
     */
public FSLogoutStatus processHttpSingleLogoutRequest(HttpServletRequest request, HttpServletResponse response, Object ssoToken) {
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("Entered FSPrelogoutHandler::" + "processSingleLogoutRequest HTTP Redirect");
    }
    this.request = request;
    this.locale = FSServiceUtils.getLocale(request);
    setLogoutURL();
    this.response = response;
    this.ssoToken = ssoToken;
    FSSessionManager sMgr = FSSessionManager.getInstance(metaAlias);
    FSSession session = sMgr.getSession(ssoToken);
    String sessionIndex = session.getSessionIndex();
    try {
        if (session != null && session.getOneTime()) {
            this.userID = SessionManager.getProvider().getPrincipalName(ssoToken);
            FSUtils.debug.message("FSPH:processSingleLogout: Onetime case");
        } else {
            this.userID = FSLogoutUtil.getUserFromRequest(reqLogout, realm, hostedEntityId, hostedRole, hostedConfig, metaAlias);
        }
    } catch (SessionException se) {
        FSUtils.debug.error("processSingleLogoutRequest", se);
        this.userID = null;
    }
    if (userID == null) {
        FSUtils.debug.message("FSPrelogoutHandler::User Not found");
        FSLogoutUtil.returnToSource(response, remoteDescriptor, IFSConstants.SAML_RESPONDER, COMMON_ERROR_URL, reqLogout.getMinorVersion(), hostedConfig, hostedEntityId, userID);
        return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
    }
    String acceptString = request.getHeader("Accept");
    if ((acceptString != null) && (acceptString.indexOf("text/vnd.wap.wml") != -1)) {
        isWMLAgent = true;
    }
    String relayState = reqLogout.getRelayState();
    FSLogoutUtil.cleanSessionMapPartnerList(userID, remoteEntityID, metaAlias, session);
    FSUtils.debug.message("FSPrelogoutHandler::calling getCurrentProvider");
    boolean bHasAnyOtherProvider = false;
    HashMap providerMap = new HashMap();
    FSSessionPartner sessionPartner = null;
    providerMap = FSLogoutUtil.getCurrentProvider(userID, metaAlias, ssoToken);
    if (providerMap != null) {
        sessionPartner = (FSSessionPartner) providerMap.get(IFSConstants.PARTNER_SESSION);
        sessionIndex = (String) providerMap.get(IFSConstants.SESSION_INDEX);
        if (sessionPartner != null) {
            bHasAnyOtherProvider = true;
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("bHasAnyOtherProvider = " + bHasAnyOtherProvider);
            }
            currentEntityId = sessionPartner.getPartner();
        }
    }
    if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message("bHasAnyOtherProvider other than source : " + bHasAnyOtherProvider);
    }
    // this is SP initiated HTTP based single logout
    FSUtils.debug.message("FSPreLogout::creating FSSingleLogoutHandler");
    FSSingleLogoutHandler handlerObj = new FSSingleLogoutHandler();
    handlerObj.setHostedDescriptor(hostedDescriptor);
    handlerObj.setHostedDescriptorConfig(hostedConfig);
    handlerObj.setRealm(realm);
    handlerObj.setHostedEntityId(hostedEntityId);
    handlerObj.setHostedProviderRole(hostedRole);
    handlerObj.setMetaAlias(metaAlias);
    handlerObj.setSingleLogoutProtocol(IFSConstants.LOGOUT_SP_REDIRECT_PROFILE);
    //handlerObj.setRemoteEntityId(remoteEntityID);
    return handlerObj.processHttpSingleLogoutRequest(response, request, reqLogout, sessionPartner, userID, ssoToken, remoteEntityID, sessionIndex, isWMLAgent, relayState, (hostedRole.equals(IFSConstants.SP) ? IFSConstants.IDP : IFSConstants.SP));
}
Also used : FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner) HashMap(java.util.HashMap) FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) FSSessionManager(com.sun.identity.federation.services.FSSessionManager)

Example 20 with SessionException

use of com.sun.identity.plugin.session.SessionException in project OpenAM by OpenRock.

the class FSPreLogoutHandler method handleSingleLogout.

/**
     * Initiates logout at this provider when the user has clicked on the
     * logout option.
     * @param request <code>HttPServletRequest</code> object from the user agent
     * @param response <code>HttPServletRsponse</code> to be sent back to the
     *  user agent
     * @param ssoToken used to identify the principal who wants to logout
     * @param sourceCheck where the logout coming from
     * @return <code>true</code> if the logout is successful; <code>false</code>
     *  otherwise.
     */
public FSLogoutStatus handleSingleLogout(HttpServletRequest request, HttpServletResponse response, Object ssoToken, String sourceCheck) {
    this.request = request;
    setLogoutURL();
    FSUtils.debug.message("Entered FSPreLogoutHandler::handleSingleLogout");
    try {
        this.response = response;
        this.ssoToken = ssoToken;
        this.userID = SessionManager.getProvider().getPrincipalName(ssoToken);
        String acceptString = request.getHeader("Accept");
        if ((acceptString != null) && (acceptString.indexOf("text/vnd.wap.wml") != -1)) {
            isWMLAgent = true;
        }
        FSSessionManager sMgr = FSSessionManager.getInstance(metaAlias);
        FSSession session = sMgr.getSession(ssoToken);
        String sessionIndex = null;
        List partners = null;
        if (session != null) {
            sessionIndex = session.getSessionIndex();
            partners = session.getSessionPartners();
        }
        if (FSUtils.debug.messageEnabled()) {
            if (partners != null && partners.size() != 0) {
                Iterator iter = partners.iterator();
                while (iter.hasNext()) {
                    FSSessionPartner partner = (FSSessionPartner) iter.next();
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("PARTNER:" + partner.getPartner());
                    }
                }
            }
        }
        if (FSLogoutUtil.liveConnectionsExist(userID, metaAlias)) {
            HashMap providerMap = FSLogoutUtil.getCurrentProvider(userID, metaAlias, ssoToken);
            if (providerMap != null) {
                FSSessionPartner currentSessionProvider = (FSSessionPartner) providerMap.get(IFSConstants.PARTNER_SESSION);
                sessionIndex = (String) providerMap.get(IFSConstants.SESSION_INDEX);
                if (currentSessionProvider != null) {
                    // this is IDP initiated based single logout
                    // HTTP or SOAP is based on metadata
                    FSUtils.debug.message("creating IDP handler");
                    FSSingleLogoutHandler handlerObj = new FSSingleLogoutHandler();
                    handlerObj.setHostedDescriptor(hostedDescriptor);
                    handlerObj.setHostedDescriptorConfig(hostedConfig);
                    handlerObj.setRealm(realm);
                    handlerObj.setHostedEntityId(hostedEntityId);
                    handlerObj.setHostedProviderRole(hostedRole);
                    handlerObj.setMetaAlias(metaAlias);
                    handlerObj.setRelayState(relayState);
                    return handlerObj.handleSingleLogout(response, request, currentSessionProvider, userID, sessionIndex, isWMLAgent, ssoToken);
                }
            }
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("No more providers, nothing to broadcast " + "\ndestroy user session call destroyPrincipalSession");
            }
            FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, sessionIndex, request, response);
            // control could come here when local login has happened
            // In this FSSessionmap will not have anything and so we destroy
            // the session based on ssoToken
            FSLogoutUtil.destroyLocalSession(ssoToken, request, response);
            returnToPostLogout(IFSConstants.SAML_SUCCESS);
            return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
        } else {
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message("No live connections, destroy user" + " session call destroyPrincipalSession. source=" + sourceCheck);
            }
            FSLogoutResponse logoutResponse = null;
            FederationSPAdapter spAdapter = null;
            // Call SP Adapter preSingleLogoutProcess for SP/HTTP
            if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP) && sourceCheck.equals("remote")) {
                spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
                if (spAdapter != null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSPreLogoutHandler, " + "call preSingleLogoutProcess, SP/HTTP");
                    }
                    try {
                        logoutResponse = FSLogoutResponse.parseURLEncodedRequest(request);
                        relayState = logoutResponse.getRelayState();
                        // unabled to access logoutRequest here
                        spAdapter.preSingleLogoutProcess(hostedEntityId, request, response, userID, null, logoutResponse, IFSConstants.LOGOUT_SP_REDIRECT_PROFILE);
                    } catch (Exception e) {
                        // ignore adapter error
                        FSUtils.debug.error("preSingleLogoutProcess.SP/HTTP", e);
                    }
                }
            }
            FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, sessionIndex, request, response);
            // the session based on ssoToken
            if (SessionManager.getProvider().isValid(ssoToken)) {
                FSLogoutUtil.destroyLocalSession(ssoToken, request, response);
            }
            // Call SP Adapter postSingleLogoutProcess for SP/HTTP
            if (hostedRole != null && hostedRole.equalsIgnoreCase(IFSConstants.SP) && sourceCheck.equals("remote")) {
                if (spAdapter != null) {
                    if (FSUtils.debug.messageEnabled()) {
                        FSUtils.debug.message("FSPreLogoutHandler, " + "call postSingleLogoutProcess, SP/HTTP");
                    }
                    try {
                        spAdapter.postSingleLogoutSuccess(hostedEntityId, request, response, userID, null, logoutResponse, IFSConstants.LOGOUT_SP_REDIRECT_PROFILE);
                    } catch (Exception e) {
                        // ignore adapter exception
                        FSUtils.debug.error("postSingleLogoutSuccess.SP/HTTP:", e);
                    }
                }
            }
            returnToPostLogout(IFSConstants.SAML_SUCCESS);
            return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
        }
    } catch (SessionException e) {
        FSUtils.debug.error("SessionException in liveConnectionsExist" + " So destroy self and exit");
        FSLogoutUtil.destroyPrincipalSession(userID, metaAlias, null, request, response);
        // cannot call FSLogoutUtil.destroyLocalSession(ssoToken)
        // since session exception has occurred
        returnToPostLogout(IFSConstants.SAML_SUCCESS);
        return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
    }
}
Also used : HashMap(java.util.HashMap) FSSession(com.sun.identity.federation.services.FSSession) SessionException(com.sun.identity.plugin.session.SessionException) FSLogoutResponse(com.sun.identity.federation.message.FSLogoutResponse) SAMLResponderException(com.sun.identity.saml.common.SAMLResponderException) SessionException(com.sun.identity.plugin.session.SessionException) IDFFMetaException(com.sun.identity.federation.meta.IDFFMetaException) IOException(java.io.IOException) FSSessionPartner(com.sun.identity.federation.services.FSSessionPartner) Iterator(java.util.Iterator) List(java.util.List) FSSessionManager(com.sun.identity.federation.services.FSSessionManager) FederationSPAdapter(com.sun.identity.federation.plugins.FederationSPAdapter)

Aggregations

SessionException (com.sun.identity.plugin.session.SessionException)121 SessionProvider (com.sun.identity.plugin.session.SessionProvider)55 List (java.util.List)40 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)35 IOException (java.io.IOException)28 ArrayList (java.util.ArrayList)28 Set (java.util.Set)24 SAMLException (com.sun.identity.saml.common.SAMLException)23 Iterator (java.util.Iterator)20 HashMap (java.util.HashMap)18 HashSet (java.util.HashSet)18 Map (java.util.Map)18 FSSession (com.sun.identity.federation.services.FSSession)17 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)17 FSSessionManager (com.sun.identity.federation.services.FSSessionManager)15 FSException (com.sun.identity.federation.common.FSException)13 IDFFMetaException (com.sun.identity.federation.meta.IDFFMetaException)12 SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)11 ServletException (javax.servlet.ServletException)10 DataStoreProviderException (com.sun.identity.plugin.datastore.DataStoreProviderException)9