Search in sources :

Example 26 with SingleLogoutServiceElement

use of com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement in project OpenAM by OpenRock.

the class LogoutUtil method getMostAppropriateSLOServiceLocation.

/**
     * Based on the preferred SAML binding this method tries to choose the most appropriate
     * {@link SingleLogoutServiceElement} that can be used to send the logout request to. The algorithm itself is
     * simple:
     * <ul>
     *  <li>When asynchronous binding was used with the initial logout request, it is preferred to use asynchronous
     *      bindings, but if they are not available, a synchronous binding should be used.</li>
     *  <li>When synchronous binding is used with the initial request, only synchronous bindings can be used for the
     *      rest of the entities.</li>
     * </ul>
     *
     * @param sloList The list of SLO endpoints for a given entity.
     * @param preferredBinding The binding that was used to initiate the logout request.
     * @return The most appropriate SLO service location that can be used for sending the logout request. If there is
     * no appropriate logout endpoint, null is returned.
     */
public static SingleLogoutServiceElement getMostAppropriateSLOServiceLocation(List<SingleLogoutServiceElement> sloList, String preferredBinding) {
    //shortcut for the case when SLO isn't supported at all
    if (sloList.isEmpty()) {
        return null;
    }
    Map<String, SingleLogoutServiceElement> sloBindings = new HashMap<String, SingleLogoutServiceElement>(sloList.size());
    for (SingleLogoutServiceElement sloEndpoint : sloList) {
        sloBindings.put(sloEndpoint.getBinding(), sloEndpoint);
    }
    SingleLogoutServiceElement endpoint = sloBindings.get(preferredBinding);
    if (endpoint == null) {
        //if the requested binding isn't supported let's try to find the most appropriate SLO endpoint
        if (preferredBinding.equals(SAML2Constants.HTTP_POST)) {
            endpoint = sloBindings.get(SAML2Constants.HTTP_REDIRECT);
        } else if (preferredBinding.equals(SAML2Constants.HTTP_REDIRECT)) {
            endpoint = sloBindings.get(SAML2Constants.HTTP_POST);
        }
        if (endpoint == null) {
            //we ran out of asynchronous bindings, so our only chance is to try to use SOAP binding
            //in case the preferred binding was SOAP from the beginning, then this code will just return null again
            endpoint = sloBindings.get(SAML2Constants.SOAP);
        }
    }
    return endpoint;
}
Also used : SingleLogoutServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement) HashMap(java.util.HashMap)

Aggregations

SingleLogoutServiceElement (com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement)25 ArrayList (java.util.ArrayList)9 List (java.util.List)8 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)7 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)6 HashMap (java.util.HashMap)6 SessionException (com.sun.identity.plugin.session.SessionException)5 SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)5 IOException (java.io.IOException)4 HashSet (java.util.HashSet)4 Iterator (java.util.Iterator)4 Map (java.util.Map)4 Set (java.util.Set)4 SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)3 IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)3 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)3 LogoutResponse (com.sun.identity.saml2.protocol.LogoutResponse)3 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)2 SingleLogoutManager (com.sun.identity.multiprotocol.SingleLogoutManager)2 SessionProvider (com.sun.identity.plugin.session.SessionProvider)2