Example 11 with LogoutRequest
use of com.sun.identity.saml2.protocol.LogoutRequest in project OpenAM by OpenRock.
the class IDPSingleLogoutServiceSOAP method doPost.
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
try {
// handle DOS attack
SAMLUtils.checkHTTPContentLength(req);
// Get IDP entity ID
String idpMetaAlias = SAML2MetaUtils.getMetaAliasByUri(req.getRequestURI());
String idpEntityID = SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(idpMetaAlias);
String realm = SAML2MetaUtils.getRealmByMetaAlias(idpMetaAlias);
if (!SAML2Utils.isIDPProfileBindingSupported(realm, idpEntityID, SAML2Constants.SLO_SERVICE, SAML2Constants.SOAP)) {
throw new SAML2Exception(SAML2Utils.bundle.getString("unsupportedBinding"));
}
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("IDPSLOSOAP.doPost : uri =" + req.getRequestURI() + ", idpMetaAlias=" + idpMetaAlias + ", idpEntityID=" + idpEntityID);
}
SOAPMessage msg = SOAPCommunicator.getInstance().getSOAPMessage(req);
Map aMap = IDPProxyUtil.getSessionPartners(msg);
List partners = (List) aMap.get(SAML2Constants.PARTNERS);
SOAPMessage reply = null;
reply = onMessage(msg, req, resp, idpEntityID, realm);
if (reply != null) {
// IDP Proxy case
if (partners != null && (!partners.isEmpty())) {
Element reqElem = SOAPCommunicator.getInstance().getSamlpElement(msg, "LogoutRequest");
LogoutRequest logoutReq = ProtocolFactory.getInstance().createLogoutRequest(reqElem);
IDPCache.SOAPMessageByLogoutRequestID.put(logoutReq.getID(), reply);
IDPProxyUtil.sendProxyLogoutRequestSOAP(req, resp, resp.getWriter(), reply, partners, (IDPSession) aMap.get(SAML2Constants.IDP_SESSION));
} else {
if (reply.saveRequired()) {
reply.saveChanges();
}
resp.setStatus(HttpServletResponse.SC_OK);
SAML2Utils.putHeaders(reply.getMimeHeaders(), resp);
// Write out the message on the response stream
OutputStream os = resp.getOutputStream();
reply.writeTo(os);
os.flush();
}
} else {
resp.setStatus(HttpServletResponse.SC_NO_CONTENT);
}
} catch (SAML2Exception ex) {
SAML2Utils.debug.error("IDPSingleLogoutServiceSOAP", ex);
SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "singleLogoutFailed", ex.getMessage());
return;
} catch (SOAPException soap) {
SAML2Utils.debug.error("IDPSingleLogoutServiceSOAP", soap);
SAMLUtils.sendError(req, resp, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "singleLogoutFailed", soap.getMessage());
return;
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Element(org.w3c.dom.Element)
OutputStream(java.io.OutputStream)
SOAPException(javax.xml.soap.SOAPException)
List(java.util.List)
LogoutRequest(com.sun.identity.saml2.protocol.LogoutRequest)
SOAPMessage(javax.xml.soap.SOAPMessage)
Map(java.util.Map)
Example 12 with LogoutRequest
use of com.sun.identity.saml2.protocol.LogoutRequest in project OpenAM by OpenRock.
the class SAML2PostAuthenticationPlugin method setupSingleLogOut.
private void setupSingleLogOut(SSOToken ssoToken, String metaAlias, String sessionIndex, String spEntityId, String idpEntityId, NameID nameId) throws SSOException, SAML2Exception, SessionException {
final SAML2MetaManager sm = new SAML2MetaManager();
final String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
final String relayState = ssoToken.getProperty(SAML2Constants.RELAY_STATE);
final String binding = SAML2Constants.HTTP_REDIRECT;
final IDPSSODescriptorElement idpsso = sm.getIDPSSODescriptor(realm, idpEntityId);
final List<EndpointType> slosList = idpsso.getSingleLogoutService();
EndpointType logoutEndpoint = null;
for (EndpointType endpoint : slosList) {
if (binding.equals(endpoint.getBinding())) {
logoutEndpoint = endpoint;
break;
}
}
if (logoutEndpoint == null) {
DEBUG.warning("Unable to determine SLO endpoint. Aborting SLO attempt. Please note this PAP " + "only supports HTTP-Redirect as a valid binding.");
return;
}
final LogoutRequest logoutReq = createLogoutRequest(metaAlias, realm, idpEntityId, logoutEndpoint, nameId, sessionIndex);
//survival time is one hours
//counted in seconds
final long sessionExpireTime = System.currentTimeMillis() / 1000 + SPCache.interval;
final String sloRequestXMLString = logoutReq.toXMLString(true, true);
final String redirect = getRedirectURL(sloRequestXMLString, relayState, realm, idpEntityId, logoutEndpoint.getLocation(), spEntityId);
if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
try {
SAML2FailoverUtils.saveSAML2TokenWithoutSecondaryKey(logoutReq.getID(), logoutReq, sessionExpireTime);
} catch (SAML2TokenRepositoryException e) {
DEBUG.warning("Unable to set SLO redirect location. Aborting SLO attempt.");
return;
}
} else {
SAML2Store.saveTokenWithKey(logoutReq.getID(), logoutReq);
}
ssoToken.setProperty(SLO_SESSION_LOCATION, logoutEndpoint.getLocation());
ssoToken.setProperty(SLO_SESSION_REFERENCE, redirect);
}
Also used :
EndpointType(com.sun.identity.saml2.jaxb.metadata.EndpointType)
LogoutRequest(com.sun.identity.saml2.protocol.LogoutRequest)
SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)
SAML2MetaManager(com.sun.identity.saml2.meta.SAML2MetaManager)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Example 13 with LogoutRequest
use of com.sun.identity.saml2.protocol.LogoutRequest in project OpenAM by OpenRock.
the class IDPSingleLogout method processLogoutRequest.
/**
* Gets and processes the Single <code>LogoutRequest</code> from SP
* and return <code>LogoutResponse</code>.
*
* @param logoutReq <code>LogoutRequest</code> from SP
* @param request the HttpServletRequest.
* @param response the HttpServletResponse.
* @param binding name of binding will be used for request processing.
* @param relayState the relay state.
* @param idpEntityID name of host entity ID.
* @param realm name of host entity.
* @param isVerified true if the request is verified already.
* @return LogoutResponse the target URL on successful
* <code>LogoutRequest</code>.
* @throws SAML2Exception if error processing
* <code>LogoutRequest</code>.
*/
public static LogoutResponse processLogoutRequest(LogoutRequest logoutReq, HttpServletRequest request, HttpServletResponse response, String binding, String relayState, String idpEntityID, String realm, boolean isVerified) throws SAML2Exception {
Status status = null;
String spEntity = logoutReq.getIssuer().getValue();
Object session = null;
String tmpStr = request.getParameter("isLBReq");
boolean isLBReq = (tmpStr == null || !tmpStr.equals("false"));
try {
do {
String requestId = logoutReq.getID();
SAML2Utils.verifyRequestIssuer(realm, idpEntityID, logoutReq.getIssuer(), requestId);
List siList = logoutReq.getSessionIndex();
if (siList == null) {
debug.error("IDPSingleLogout.processLogoutRequest: " + "session index are null in logout request");
status = SAML2Utils.generateStatus(SAML2Constants.REQUESTER, "");
break;
}
int numSI = siList.size();
// TODO : handle list of session index
Iterator siIter = siList.iterator();
String sessionIndex = null;
if (siIter.hasNext()) {
sessionIndex = (String) siIter.next();
}
if (debug.messageEnabled()) {
debug.message("IDPLogoutUtil.processLogoutRequest: " + "idpEntityID=" + idpEntityID + ", sessionIndex=" + sessionIndex);
}
if (sessionIndex == null) {
// this case won't happen
// according to the spec: SP has to send at least
// one sessionIndex, could be multiple (TODO: need
// to handle that above; but when IDP sends out
// logout request, it could omit sessionIndex list,
// which means all sessions on SP side, so SP side
// needs to care about this case
debug.error("IDPLogoutUtil.processLogoutRequest: " + "No session index in logout request");
status = SAML2Utils.generateStatus(SAML2Constants.REQUESTER, "");
break;
}
String remoteServiceURL = null;
if (isLBReq) {
// server id is the last two digit of the session index
String serverId = sessionIndex.substring(sessionIndex.length() - 2);
if (debug.messageEnabled()) {
debug.message("IDPSingleLogout.processLogoutRequest: " + "sessionIndex=" + sessionIndex + ", id=" + serverId);
}
// find out remote serice URL based on server id
remoteServiceURL = SAML2Utils.getRemoteServiceURL(serverId);
}
IDPSession idpSession = IDPCache.idpSessionsByIndices.get(sessionIndex);
if (idpSession == null && SAML2FailoverUtils.isSAML2FailoverEnabled()) {
// Read from SAML2 Token Repository
IDPSessionCopy idpSessionCopy = null;
try {
idpSessionCopy = (IDPSessionCopy) SAML2FailoverUtils.retrieveSAML2Token(sessionIndex);
} catch (SAML2TokenRepositoryException se) {
debug.error("IDPSingleLogout.processLogoutRequest: Error while deleting token from " + "SAML2 Token Repository for sessionIndex:" + sessionIndex, se);
}
// Copy back to IDPSession
if (idpSessionCopy != null) {
idpSession = new IDPSession(idpSessionCopy);
} else {
SAML2Utils.debug.error("IDPSessionCopy is NULL!!!");
}
}
if (idpSession == null) {
// peer then we have to route the request.
if (remoteServiceURL != null) {
boolean peerError = false;
String remoteLogoutURL = remoteServiceURL + SAML2Utils.removeDeployUri(request.getRequestURI());
String queryString = request.getQueryString();
if (queryString == null) {
remoteLogoutURL = remoteLogoutURL + "?isLBReq=false";
} else {
remoteLogoutURL = remoteLogoutURL + "?" + queryString + "&isLBReq=false";
}
LogoutResponse logoutRes = LogoutUtil.forwardToRemoteServer(logoutReq, remoteLogoutURL);
if ((logoutRes != null) && !isNameNotFound(logoutRes)) {
if ((isSuccess(logoutRes)) && (numSI > 0)) {
siList = LogoutUtil.getSessionIndex(logoutRes);
if (siList == null || siList.isEmpty()) {
peerError = false;
break;
}
}
} else {
peerError = true;
}
if (peerError || (siList != null && siList.size() > 0)) {
status = PARTIAL_LOGOUT_STATUS;
break;
} else {
status = SUCCESS_STATUS;
break;
}
} else {
debug.error("IDPLogoutUtil.processLogoutRequest: " + "IDP no longer has this session index " + sessionIndex);
status = SAML2Utils.generateStatus(SAML2Constants.RESPONDER, SAML2Utils.bundle.getString("invalidSessionIndex"));
break;
}
} else {
// signature.
if (!isVerified && !LogoutUtil.verifySLORequest(logoutReq, realm, logoutReq.getIssuer().getValue(), idpEntityID, SAML2Constants.IDP_ROLE)) {
throw new SAML2Exception(SAML2Utils.bundle.getString("invalidSignInRequest"));
}
}
session = idpSession.getSession();
// handle external application logout if configured
BaseConfigType idpConfig = SAML2Utils.getSAML2MetaManager().getIDPSSOConfig(realm, idpEntityID);
List appLogoutURL = (List) SAML2MetaUtils.getAttributes(idpConfig).get(SAML2Constants.APP_LOGOUT_URL);
if (debug.messageEnabled()) {
debug.message("IDPLogoutUtil.processLogoutRequest: " + "external app logout URL= " + appLogoutURL);
}
if ((appLogoutURL != null) && (appLogoutURL.size() != 0)) {
SAML2Utils.postToAppLogout(request, (String) appLogoutURL.get(0), session);
}
List<NameIDandSPpair> list = idpSession.getNameIDandSPpairs();
int n = list.size();
if (debug.messageEnabled()) {
debug.message("IDPLogoutUtil.processLogoutRequest: " + "NameIDandSPpair for " + sessionIndex + " is " + list + ", size=" + n);
}
NameIDandSPpair pair = null;
// remove sending SP from the list
String spIssuer = logoutReq.getIssuer().getValue();
for (int i = 0; i < n; i++) {
pair = list.get(i);
if (pair.getSPEntityID().equals(spIssuer)) {
list.remove(i);
removeTransientNameIDFromCache(pair.getNameID());
break;
}
}
List partners = idpSession.getSessionPartners();
boolean cleanUp = true;
if (partners != null && !partners.isEmpty()) {
cleanUp = false;
}
n = list.size();
if (n == 0) {
// this is the case where there is no other
// session participant
status = destroyTokenAndGenerateStatus(sessionIndex, idpSession.getSession(), request, response, cleanUp);
if (cleanUp) {
IDPCache.idpSessionsByIndices.remove(sessionIndex);
if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
saml2Svc.setIdpSessionCount((long) IDPCache.idpSessionsByIndices.size());
}
if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
try {
SAML2FailoverUtils.deleteSAML2Token(sessionIndex);
} catch (SAML2TokenRepositoryException se) {
debug.error("IDPSingleLogout.processLogoutRequest: Error while deleting token from " + "SAML2 Token Repository for sessionIndex:" + sessionIndex, se);
}
}
IDPCache.authnContextCache.remove(sessionIndex);
}
break;
}
//We should save the originally used request binding to make sure the response is sent back using the
//correct binding.
idpSession.setOriginatingLogoutRequestBinding(binding);
// there are other SPs to be logged out
if (binding.equals(SAML2Constants.HTTP_REDIRECT) || binding.equals(SAML2Constants.HTTP_POST)) {
idpSession.setOriginatingLogoutRequestID(logoutReq.getID());
idpSession.setOriginatingLogoutSPEntityID(logoutReq.getIssuer().getValue());
}
int soapFailCount = 0;
for (int i = 0; i < n; i++) {
pair = list.remove(0);
removeTransientNameIDFromCache(pair.getNameID());
String spEntityID = pair.getSPEntityID();
if (debug.messageEnabled()) {
debug.message("IDPSingleLogout.processLogoutRequest: SP for " + sessionIndex + " is " + spEntityID);
}
List<SingleLogoutServiceElement> slosList = getSPSLOServiceEndpoints(realm, spEntityID);
// get IDP entity config in case of SOAP,for basic auth info
SPSSOConfigElement spConfig = null;
spConfig = SAML2Utils.getSAML2MetaManager().getSPSSOConfig(realm, spEntityID);
String uri = request.getRequestURI();
String metaAlias = SAML2MetaUtils.getMetaAliasByUri(uri);
HashMap paramsMap = new HashMap();
paramsMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE);
StringBuffer requestID = null;
SingleLogoutServiceElement logoutEndpoint = LogoutUtil.getMostAppropriateSLOServiceLocation(slosList, idpSession.getOriginatingLogoutRequestBinding());
if (logoutEndpoint == null) {
continue;
}
try {
requestID = LogoutUtil.doLogout(metaAlias, spEntityID, null, logoutEndpoint, relayState, sessionIndex, pair.getNameID(), request, response, paramsMap, spConfig);
} catch (SAML2Exception ex) {
if (logoutEndpoint.getBinding().equals(SAML2Constants.SOAP)) {
debug.error("IDPSingleLogout.initiateLogoutRequest:", ex);
soapFailCount++;
continue;
} else {
throw ex;
}
}
String bindingUsed = logoutEndpoint.getBinding();
if (bindingUsed.equals(SAML2Constants.HTTP_REDIRECT) || bindingUsed.equals(SAML2Constants.HTTP_POST)) {
String requestIDStr = requestID.toString();
if (requestIDStr != null && requestIDStr.length() != 0) {
idpSession.setPendingLogoutRequestID(requestIDStr);
}
return null;
}
}
if (soapFailCount == n) {
throw new SAML2Exception(SAML2Utils.bundle.getString("sloFailed"));
} else if (soapFailCount > 0) {
throw new SAML2Exception(SAML2Utils.bundle.getString("partialLogout"));
}
spEntity = idpSession.getOriginatingLogoutSPEntityID();
if (binding.equals(SAML2Constants.HTTP_REDIRECT) || binding.equals(SAML2Constants.HTTP_POST)) {
sendLastResponse(idpSession, null, request, response, sessionIndex, session, realm, idpEntityID, relayState);
return null;
} else {
// binding is SOAP, generate logout response
// and send to initiating SP
status = destroyTokenAndGenerateStatus(sessionIndex, idpSession.getSession(), request, response, true);
if (cleanUp) {
IDPCache.idpSessionsByIndices.remove(sessionIndex);
if ((agent != null) && agent.isRunning() && (saml2Svc != null)) {
saml2Svc.setIdpSessionCount((long) IDPCache.idpSessionsByIndices.size());
}
if (SAML2FailoverUtils.isSAML2FailoverEnabled()) {
try {
SAML2FailoverUtils.deleteSAML2Token(sessionIndex);
} catch (SAML2TokenRepositoryException se) {
debug.error("IDPSingleLogout.processLogoutRequest: Error while deleting token from " + "SAML2 Token Repository for sessionIndex:" + sessionIndex, se);
}
}
IDPCache.authnContextCache.remove(sessionIndex);
}
}
} while (false);
} catch (SessionException ssoe) {
debug.error("IDPSingleLogout.processLogoutRequest: unable to get meta for ", ssoe);
status = SAML2Utils.generateStatus(idpEntityID, ssoe.toString());
} catch (SAML2Exception e) {
// show throw exception
e.printStackTrace();
SAML2Utils.debug.error("DB ERROR!!!");
}
// process multi-federation protocol
boolean isMultiProtocol = false;
try {
SessionProvider provider = SessionManager.getProvider();
if ((session != null) && (provider.isValid(session)) && MultiProtocolUtils.isMultipleProtocolSession(session, SingleLogoutManager.SAML2)) {
isMultiProtocol = true;
}
} catch (SessionException ex) {
//ignore
}
//here we are providing null for remote entity, because it's an unused variable in the method...
LogoutResponse logRes = LogoutUtil.generateResponse(status, logoutReq.getID(), SAML2Utils.createIssuer(idpEntityID), realm, SAML2Constants.IDP_ROLE, null);
if (!isMultiProtocol) {
return logRes;
} else {
try {
Set set = new HashSet();
set.add(session);
String sessUser = SessionManager.getProvider().getPrincipalName(session);
boolean isSOAPInitiated = binding.equals(SAML2Constants.SOAP);
SingleLogoutServiceElement endpoint = getLogoutResponseEndpoint(realm, spEntity, binding);
String location = getResponseLocation(endpoint);
logRes.setDestination(XMLUtils.escapeSpecialCharacters(location));
debug.message("IDPSingleLogout.processLogReq : call MP");
int retStat = SingleLogoutManager.getInstance().doIDPSingleLogout(set, sessUser, request, response, isSOAPInitiated, false, SingleLogoutManager.SAML2, realm, idpEntityID, spEntity, relayState, logoutReq.toXMLString(true, true), logRes.toXMLString(true, true), SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS);
if (retStat != SingleLogoutManager.LOGOUT_REDIRECTED_STATUS) {
logRes = updateLogoutResponse(logRes, retStat);
return logRes;
} else {
return null;
}
} catch (SessionException ex) {
debug.error("IDPSingleLogout.ProcessLogoutRequest: SP " + "initiated SOAP logout", ex);
throw new SAML2Exception(ex.getMessage());
} catch (Exception ex) {
debug.error("IDPSingleLogout.ProcessLogoutRequest: SP " + "initiated SOAP logout (MP)", ex);
throw new SAML2Exception(ex.getMessage());
}
}
}
Also used :
HashSet(java.util.HashSet)
Set(java.util.Set)
HashMap(java.util.HashMap)
SessionException(com.sun.identity.plugin.session.SessionException)
BaseConfigType(com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)
SingleLogoutServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement)
Iterator(java.util.Iterator)
List(java.util.List)
SessionProvider(com.sun.identity.plugin.session.SessionProvider)
HashSet(java.util.HashSet)
Status(com.sun.identity.saml2.protocol.Status)
LogoutResponse(com.sun.identity.saml2.protocol.LogoutResponse)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
SessionException(com.sun.identity.plugin.session.SessionException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)
IOException(java.io.IOException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)
Example 14 with LogoutRequest
use of com.sun.identity.saml2.protocol.LogoutRequest in project OpenAM by OpenRock.
the class IDPProxyUtil method initiateSPLogoutRequest.
/**
* Initiates the Single logout request by the IDP Proxy to the
* authenticating identity provider.
* @param request HttpServletRequest
* @param response HttpServletResponse
* @param out The print writer for writing out presentation.
* @param partner Authenticating identity provider
* @param spMetaAlias IDP proxy's meta alias acting as SP
* @param realm Realm
*/
public static void initiateSPLogoutRequest(HttpServletRequest request, HttpServletResponse response, PrintWriter out, String partner, String spMetaAlias, String realm, LogoutRequest logoutReq, SOAPMessage msg, IDPSession idpSession, String binding, String relayState) {
Object ssoToken = idpSession.getSession();
try {
if (ssoToken == null) {
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "nullSSOToken", SAML2Utils.bundle.getString("nullSSOToken"));
return;
}
String[] values = SessionManager.getProvider().getProperty(ssoToken, SAML2Constants.SP_METAALIAS);
String metaAlias = null;
if (values != null && values.length > 0) {
metaAlias = values[0];
}
if (metaAlias == null) {
metaAlias = spMetaAlias;
}
HashMap paramsMap = new HashMap();
paramsMap.put("spMetaAlias", metaAlias);
paramsMap.put("idpEntityID", partner);
paramsMap.put(SAML2Constants.ROLE, SAML2Constants.SP_ROLE);
paramsMap.put(SAML2Constants.BINDING, binding);
String dest = getLocation(realm, partner, binding);
if (dest != null && !dest.equals("")) {
paramsMap.put("Destination", dest);
} else {
throw new SAML2Exception(SAML2Utils.bundle.getString("sloResponseServiceLocationNotfound"));
}
paramsMap.put("Consent", request.getParameter("Consent"));
paramsMap.put("Extension", request.getParameter("Extension"));
if (relayState != null) {
paramsMap.put(SAML2Constants.RELAY_STATE, relayState);
}
idpSession.removeSessionPartner(partner);
SPSingleLogout.initiateLogoutRequest(request, response, out, binding, paramsMap, logoutReq, msg, ssoToken, null);
} catch (SAML2Exception sse) {
SAML2Utils.debug.error("Error sending Logout Request ", sse);
try {
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "LogoutRequestCreationError", SAML2Utils.bundle.getString("LogoutRequestCreationError"));
} catch (Exception se) {
SAML2Utils.debug.error("IDPProxyUtil." + "initiateSPLogoutRequest: ", se);
}
return;
} catch (Exception e) {
SAML2Utils.debug.error("Error initializing Request ", e);
try {
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST, "LogoutRequestCreationError", SAML2Utils.bundle.getString("LogoutRequestCreationError"));
} catch (Exception mme) {
SAML2Utils.debug.error("IDPProxyUtil." + "initiateSPLogoutRequest: ", mme);
}
return;
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
HashMap(java.util.HashMap)
SOAPException(javax.xml.soap.SOAPException)
SessionException(com.sun.identity.plugin.session.SessionException)
SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException)
SAML2TokenRepositoryException(org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)
IOException(java.io.IOException)
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Example 15 with LogoutRequest
use of com.sun.identity.saml2.protocol.LogoutRequest in project OpenAM by OpenRock.
the class IDPProxyUtil method getSessionPartners.
public static Map getSessionPartners(SOAPMessage message) {
try {
Map sessMap = new HashMap();
Element reqElem = SOAPCommunicator.getInstance().getSamlpElement(message, "LogoutRequest");
LogoutRequest logoutReq = ProtocolFactory.getInstance().createLogoutRequest(reqElem);
List siList = logoutReq.getSessionIndex();
int numSI = 0;
if (siList != null) {
numSI = siList.size();
if (debug.messageEnabled()) {
debug.message("Number of session indices in the logout request is " + numSI);
}
String sessionIndex = (String) siList.get(0);
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("getSessionPartners: " + "SessionIndex= " + sessionIndex);
}
IDPSession idpSession = (IDPSession) IDPCache.idpSessionsByIndices.get(sessionIndex);
if (idpSession == null) {
// session is in another server
return sessMap;
}
sessMap.put(SAML2Constants.SESSION_INDEX, sessionIndex);
sessMap.put(SAML2Constants.IDP_SESSION, idpSession);
Object session = idpSession.getSession();
String tokenId = sessionProvider.getSessionID(session);
IDPSession newIdpSession = (IDPSession) IDPCache.idpSessionsBySessionID.get(tokenId);
List partners = null;
if (newIdpSession != null) {
partners = newIdpSession.getSessionPartners();
}
if (SAML2Utils.debug.messageEnabled()) {
if (partners != null && !partners.isEmpty()) {
Iterator iter = partners.iterator();
while (iter.hasNext()) {
SAML2SessionPartner partner = (SAML2SessionPartner) iter.next();
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("SESSION PARTNER's Provider ID: " + partner.getPartner());
}
}
}
}
sessMap.put(SAML2Constants.PARTNERS, partners);
return sessMap;
} else {
if (SAML2Utils.debug.messageEnabled()) {
SAML2Utils.debug.message("getSessionPartners: Number of " + "session indices in the logout request is null");
}
return null;
}
} catch (SAML2Exception se) {
SAML2Utils.debug.error("getSessionPartners: ", se);
return null;
}
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
HashMap(java.util.HashMap)
SPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)
SingleSignOnServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleSignOnServiceElement)
SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)
IDPSSOConfigElement(com.sun.identity.saml2.jaxb.entityconfig.IDPSSOConfigElement)
Element(org.w3c.dom.Element)
IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)
Iterator(java.util.Iterator)
LogoutRequest(com.sun.identity.saml2.protocol.LogoutRequest)
List(java.util.List)
IDPList(com.sun.identity.saml2.protocol.IDPList)
ArrayList(java.util.ArrayList)
Map(java.util.Map)
HashMap(java.util.HashMap)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)23
LogoutRequest (com.sun.identity.saml2.protocol.LogoutRequest)13
List (java.util.List)12
SessionException (com.sun.identity.plugin.session.SessionException)9
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)9
LogoutResponse (com.sun.identity.saml2.protocol.LogoutResponse)9
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)8
SOAPException (javax.xml.soap.SOAPException)8
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)7
IOException (java.io.IOException)7
ArrayList (java.util.ArrayList)7
SOAPMessage (javax.xml.soap.SOAPMessage)6
Element (org.w3c.dom.Element)6
Issuer (com.sun.identity.saml2.assertion.Issuer)5
SingleLogoutServiceElement (com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement)5
Iterator (java.util.Iterator)5
SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)5
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)4
HashMap (java.util.HashMap)4
NameID (com.sun.identity.saml2.assertion.NameID)3
