a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: FSLogoutUtil.java,v 1.12 2008/11/10 22:56:58 veiming Exp $
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * Portions Copyrighted 2015 ForgeRock AS.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.federation.services.logout;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSLogoutNotification;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSLogoutResponse;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.accountmgmt.FSAccountManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.accountmgmt.FSAccountMgmtException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.accountmgmt.FSAccountFedInfoKey;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.accountmgmt.FSAccountFedInfo;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.FSSession;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.FSSessionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.FSSessionPartner;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.util.FSServiceUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.util.FSSignatureUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.IFSConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FSUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.jaxb.entityconfig.BaseConfigType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.meta.jaxb.AffiliationDescriptorType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.multiprotocol.MultiProtocolUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.multiprotocol.SingleLogoutManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionProvider;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLResponderException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Utility class for single logout.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Destroys the principal's session.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * In order to destroy the user's session the following things need
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * to be done
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * 1. Destroy the Federation Session cookie (eg. iPlanetDirectoryPro)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * 2. Clean the Session manager (FSSessionManager related API call)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param userID the principal whose session needs to be destroyed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias the hostedProvider's meta alias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param sessionIndex Session Index of the user session.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request HTTP Request Object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response HTTP Response Object.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>true</code> if session cleanup was successful;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>false</code> otherwise.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected static boolean destroyPrincipalSession(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Entered destroyPrincipalSession" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " for user : " + userID + " SessionIndex = " + sessionIndex);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Invalidate all such session ids
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // session manager cleanup
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster invalidateActiveSessionIds(sessionObjList, request, response);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (sessionObjList != null && sessionObjList.size() == 1))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster session = (FSSession)sessionObjList.elementAt(0);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // clean FSSession map
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("To call cleanSessionMap for user : "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Destroys local session.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param ssoToken session of the principal
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>true</code> if the local session is deleted;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>false</code> otherwise.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected static boolean destroyLocalSession(Object ssoToken,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster HttpServletRequest request, HttpServletResponse response)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLogoutUtil.destroyLocalSession, enter");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SessionProvider sessionProvider = SessionManager.getProvider();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLogoutUtil.destroyLocalSession, deleted");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SessionException in destroyLocalSession", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Destroys the principal's session information
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * maintained by <code>FSSessionManager</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param sessionObjList the Vector of <code>sessionId</code>s
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request <code>HttpServletRequest</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response <code>HttpServletResponse</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static void invalidateActiveSessionIds(Vector sessionObjList,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster HttpServletRequest request, HttpServletResponse response)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLogoutUtil.invalidateActiveSessionIds, start");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (sessionObjList != null && !sessionObjList.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " Active Session exists");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessionProvider = SessionManager.getProvider();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("invalidateActiveSessionIds:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster for (int i = 0; i < sessionObjList.size(); i++) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("To Invalidate session : "
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //Invalidate session
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object ssoToken = sessionProvider.getSession(sessionId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Completed Destroying token for sessionID :" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("invalidateActiveSessionIds : " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("No active Session exists");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Gets the list of the principal's active sessionID
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * that is maintained by <code>FSSessionManager</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param userDn the principal whose session needs to be destroyed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias the hosted Entity doing logout cleanup
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param sessionIndex index of the user's session
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return Vector list of active Session IDs
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Entered getSessionObjectList for user : " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster synchronized (sessionMgr) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List sessionList = sessionMgr.getSessionList(userDn);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Session list is not null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessionIndex.equals(sessionObj.getSessionIndex()))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Returning session list with number" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cleans the <code>FSSessionManager</code> maintained session
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * for the given principal, provider Id and removes all references to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the provider since logout notification has already been sent to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * that provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param userDN the principal whose session needs to be destroyed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param currentEntityId the provider to whom logout notification is
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * about to be sent
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias the hostedProvider doing logout cleanup
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param session Liberty session.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("In cleanSessionMapPartnerList for user : " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessionMgr.removeProvider(userDN, currentEntityId, session);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cleans the FSSessionManager maintained session for the given principal,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * provider Id and removes all references to the provider since logout
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * notification has already been sent to that provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param userDN the principal whose session needs to be destroyed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param currentEntityId the provider to whom logout notification is
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * about to be sent
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param the hostedProvider doing logout cleanup
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected static void cleanSessionWithNoPartners(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String userDN,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String currentEntityId,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String metaAlias)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSessionManager sessionMgr =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSessionManager.getInstance(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster synchronized (sessionMgr) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List sessionList = sessionMgr.getSessionList(userDN);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (sessionList != null){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Session list is not null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Iterator iter = sessionList.iterator();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSession sessionObj;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster while (iter.hasNext()){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessionObj = (FSSession)iter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((sessionObj.getSessionPartners()).isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessionMgr.removeSession(userDN, sessionObj);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Session list is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cleans the <code>FSSessionManager</code> maintained session
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * for the given principal. Logout notification has already been sent to all
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * providers that had live connections for this user
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If <code>FSSession</code> is null, then it cleans up the user's all
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param userDn the principal whose session needs to be destroyed
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias the hostedProvider doing logout cleanup
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param session Liberty session.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>true</code> if session map cleaning was successful;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>false</code> otherwise.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Entered cleanSessionMap");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster synchronized (sessionMgr) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Leaving cleanSessionMap");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Retrieves the session token from the Http Request, and
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * validates the token with the OpenAM session manager.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request <code>HTTPServletRequest</code> object containing the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * session cookie information
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return session token if request contained valid
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * session info; <code>false</code> otherwise.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected static Object getValidToken(HttpServletRequest request) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SessionProvider sessionProvider = SessionManager.getProvider();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Object ssoToken = sessionProvider.getSession(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((ssoToken == null) || (!sessionProvider.isValid(ssoToken))) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "session is not valid,redirecting for authentication");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("getValidToken: SessionException caught:",
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the <code>FSAccountFedInfo</code> object for the given
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * principal and provider Id.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param userID principal whose working account we want to retrieve
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityID the provider Id to whom logout notification needs to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias hosted provider's meta alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return account object for the given user, provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected static FSAccountFedInfo getCurrentWorkingAccount(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSAccountManager accountInst = FSAccountManager.getInstance(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm = IDFFMetaUtils.getRealmByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Set affiliates = metaManager.getAffiliateEntity(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (affiliates != null && !affiliates.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String affiliationID = desc.getAffiliationID();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLogoutUtil.getCurrent" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "WorkingAccount: No affiliations");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLogoutUtil.getCurrentWorking"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Account. No Affiliation for:" + entityID, ex);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster accountInst.readAccountFedInfo(userID, entityID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "getCurrentWorkingAccount after readAccountFedInfo");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSLogoutUtil::getCurrentWorkingAccount" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " readAccountFedInfo failed", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the information for the given principal and one of the live
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * connections (provider that received/issued assertion for this user)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * including <code>sessionIndex</code>, provider Id etc.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param userID principal who needs to be logged out
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias the hostedProvider doing logout cleanup
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return HashMap information about live connection provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return getCurrentProvider(userID, metaAlias, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return getCurrentProvider(userID, metaAlias, ssoToken, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Entered getCurrentProvider for user : " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSessionManager sessionMgr = FSSessionManager.getInstance(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSession session = sessionMgr.getSession(ssoToken);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLogoutUtil.getCurrentProvider:"+
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "No more session partners");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSLogoutUtil.getCurrentProvider:: Exception" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " in getting the current provider", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Finds out the role of the provider in live connection list
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (provider that received/issued assertion for user).
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param userID principal who needs to be logged out
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId to whom logout notification needs to be sent
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias the hostedProvider performing logout
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>true</code> if provider has IDP role;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * <code>false</code> otherwise.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static boolean getCurrentProviderRole(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String userID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String metaAlias)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (FSUtils.debug.messageEnabled()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Entered getCurrentProviderRole" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " for user : " + userID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSessionManager sessionMgr = FSSessionManager.getInstance(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster synchronized(sessionMgr) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List sessionList = sessionMgr.getSessionList(userID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (sessionList != null) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("sessionList is not null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Iterator iSessionIter = sessionList.iterator();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSession currentSession;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster while (iSessionIter.hasNext()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster currentSession = (FSSession)iSessionIter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List providerList = currentSession.getSessionPartners();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Iterator iProviderIter = providerList.iterator();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster while (iProviderIter.hasNext()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSessionPartner sessionPartner =
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (FSSessionPartner)iProviderIter.next();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (sessionPartner.isEquals(entityId)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return sessionPartner.getIsRoleIDP();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("sessionList is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Finds out if there is at least one more partner who should be notified
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param userID principal who needs to be logged out
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias ther provider performing logout
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>true</code> if any provider exists; <code>false</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * otherwise.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Entered liveConnectionsExist for user : " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster synchronized(sessionMgr) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("About to call getSessionList");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List sessionList = sessionMgr.getSessionList(userID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (sessionList != null && !sessionList.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Iterator iSessionIter = sessionList.iterator();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((sessionObj.getSessionPartners()).isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cleans the <code>FSSessionManager</code> maintained session
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * information for the user for the given list of sessions.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param userID principal who needs to be logged out
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param sessionList is the list of session Ids to be cleaned for the user
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias the provider performing logout
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return always return <code>true</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected static boolean cleanSessionMapProviders(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (String)sessionList.elementAt(i) + " from session map");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the list of all providers who want to be
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * notified of logout using HTTP GET profile.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param userID principal who needs to be logged out
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param entityId current provider who uses HTTP GET profile for logout
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param sessionIndex for the current provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm the realm in which the provider resides
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias the hosted provider performing logout
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return HashMap list of providers who indicate preference to be notified
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of logout using GET profile
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected static HashMap getLogoutGETProviders(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Entered FSLogoutUtil::getLogoutGETProviders");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSessionManager sessionMgr = FSSessionManager.getInstance(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster synchronized(sessionMgr) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("About to call getSessionList");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster List sessionList = sessionMgr.getSessionList(userID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (sessionList != null && !sessionList.isEmpty()) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Session List is not empty");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Iterator iSessionIter = sessionList.iterator();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((sessionObj.getSessionPartners()).isEmpty()){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String nSessionIndex = sessionObj.getSessionIndex();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Iterator iPartnerIter = sessionPartners.iterator();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Only SP can specify GET profile for logout
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "provider " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " Added for GET");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Session List is empty, returning " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "current provider from getLogoutGETProviders");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster retMap.put(IFSConstants.PROVIDER, providerVector);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster retMap.put(IFSConstants.SESSION_INDEX, sessionProvider);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("IDFFMetaException in function " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " getLogoutGETProviders", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Determines the user name from the logout request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param reqLogout the logout rerquest received
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm the realm under which the entity resides
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedEntityId the hosted provider performing logout
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedRole the role of the hosted provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedConfig extended meta config for hosted provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias hosted provider's meta alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return user id if the user is found; <code>null</code> otherwise.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static String getUserFromRequest(FSLogoutNotification reqLogout,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm, String hostedEntityId, String hostedRole,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster accountInst = FSAccountManager.getInstance(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("In FSAccountManagementException :: cannot" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // User Name needs to be figured from logout request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (reqLogout.getNameIdentifier()).getName().trim();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Name : " + opaqueHandle);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (reqLogout.getNameIdentifier().getNameQualifier()).trim();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Name Qualifier : " + associatedDomain);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster associatedDomain.equals(reqLogout.getProviderId()))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Get userDN
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // for SP, search local domain first, for IDP, search
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // remote domain(SP) first
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster env.put(IFSConstants.FS_USER_PROVIDER_ENV_LOGOUT_KEY, reqLogout);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String userID = accountInst.getUserID(acctkey, realm, env);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // could not find userDN, search using other domain
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // for backward compitability
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (hostedRole.equalsIgnoreCase(IFSConstants.SP)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster acctkey = new FSAccountFedInfoKey(reqLogout.getProviderId(),
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster userID = accountInst.getUserID(acctkey, realm, env);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("In FSAccountMgmtException :: ", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Cleans the FSSessionMap when the session token expires, idles out and/or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * when the user has closed his browser without actually performing a
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param token the session token used to identify the user's
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias the hosted provider performing logout
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SessionProvider sessionProvider = SessionManager.getProvider();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster univId = sessionProvider.getPrincipalName(token);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "SessionException in removeTokenFromSession", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Entered removeTokenFromSession for user: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSession currentSession = sessionMgr.getSession(univId, tokenId);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessionMgr.removeSession(univId, currentSession);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Builds signed logout response.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param retURL logout return url
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param bArgStatus logout status
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param minorVersion minor version of the response should be set to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedConfig hosted provider's extended meta
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedEntityId hosted provider's entity id
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param userID user id
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return signed logout response in string format
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // If userID exists read ReturnManager
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // If manager has entry use that ResponseTo field else default
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSLogoutResponse responseLogout = new FSLogoutResponse();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster providerMap = mngInst.getUserProviderInfo(userID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (String) providerMap.get(IFSConstants.RESPONSE_TO);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster providerMap.get(IFSConstants.LOGOUT_RELAY_STATE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (String) providerMap.get(IFSConstants.LOGOUT_STATUS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (String) providerMap.get(IFSConstants.RESPONSE_TO);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " from return list");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Sign the request querystring
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaUtils.getFirstAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (certAlias == null || certAlias.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSLogoutUtil::buildSignedResponse:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "couldn't obtain this site's cert alias.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster redirectURL.append(IFSConstants.QUESTION_MARK);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLogoutUtil : Response to be sent : " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Determines the return location and redirects based on
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * logout Return URL of the provider that sent the logout request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster retURL = remoteDescriptor.getSingleLogoutServiceReturnURL();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("returnToSource returns sendError" + "as source provider is unknown");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("returnToSource returns URL : " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Meta Manager instance is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.bundle.getString("unableToReturnToSource"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Redirect/sendError failed. Control halted", exx);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns the hosted provider's failure page to the user.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request the <code>HttpServletRequest</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response the <code>HttpServletResponse</code> object
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param providerAlias the provider alias corresponding to the hosted
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected static void sendErrorPage(HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm = IDFFMetaUtils.getRealmByMetaAlias(providerAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String hostedRole = metaManager.getProviderRoleByMetaAlias(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String hostedEntityId = metaManager.getEntityIDByMetaAlias(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedConfig = metaManager.getIDPDescriptorConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedConfig = metaManager.getSPDescriptorConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster StringBuffer finalReturnURL = new StringBuffer();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (retURL.indexOf(IFSConstants.QUESTION_MARK) < 0){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.sendRedirect(finalReturnURL.toString());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("Meta manager instance is null");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response.sendError(response.SC_INTERNAL_SERVER_ERROR,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.bundle.getString("failedToReadDataStore"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSingleLogoutServlet: IOException caught:", ex);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSSingleLogoutServlet:IDFFMetaException:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Removes current session partner from the session partner list.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias meta alias of the hosted provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param remoteEntityId id of the remote provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param ssoToken session object of the principal who presently login
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param userID id of the principal
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static void removeCurrentSessionPartner(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLogoutUtil.removeCSP, hosted=" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSession session = sessionManager.getSession(ssoToken);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Returns true if this is IDP initiated profiles, false otherwise.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param profile profile to be checked.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return true if specified profile is IDP initiated, false otherwise.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public static boolean isIDPInitiatedProfile(String profile) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSLogoutUtil.isIDPInitiatedProfile: proto="
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster ((profile.equals(IFSConstants.LOGOUT_IDP_REDIRECT_PROFILE) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (profile.equals(IFSConstants.LOGOUT_IDP_SOAP_PROFILE)) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (profile.equals(IFSConstants.LOGOUT_IDP_GET_PROFILE))))) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return false;