/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: FSPreLogoutHandler.java,v 1.11 2008/12/19 06:50:47 exu Exp $
*
*/
/**
* Pre logout handling.
*/
public class FSPreLogoutHandler {
protected boolean isCurrentProviderIDPRole = false;
protected boolean isWMLAgent = false;
/**
* Constructor.
* Initializes FSAccountManager, IDFFMetaManager instance.
*/
public FSPreLogoutHandler() {
"FSPreLogoutHandler::FSPreLogoutHandler Constructor");
}
/**
* Invoked to set some commonly used URLs based on hosted provider.
*/
protected void setLogoutURL() {
"\nCOMMON_ERROR_URL : " + COMMON_ERROR_URL);
}
}
/**
* Sets the value of <code>RelayState</code> attribute.
*
* @param relayState the value of <code>RelayState</code> attribute.
*/
this.relayState = relayState;
}
/**
* Sets the hosted provider details.
* @param hostedProviderDesc the descriptor of the hosted provider
* handling logout
*/
public void setHostedDescriptor(
{
this.hostedDescriptor = hostedProviderDesc;
}
/**
* Sets hosted provider's realm.
* @param realm the realm in which the provider resides
*/
}
/**
* Sets hosted provider entity id.
* @param hostedEntityId hosted provider's entity id to be set
*/
this.hostedEntityId = hostedEntityId;
}
/**
* Sets hosted provider's extended meta config.
* @param hostedConfig hosted provider's extended meta
*/
this.hostedConfig = hostedConfig;
}
/**
* Sets hosted provider's meta alias.
* @param metaAlias hosted provider's meta alias to be set
*/
}
/**
* Sets hosted provider's role.
* @param hostedRole hosted provider's role.
*/
this.hostedRole = hostedRole;
}
/**
* Sets remote provider's entity id.
*/
}
/**
* Sets the Remote Descriptor.
* @param remoteDesc Remote Provider Descriptor.
*/
this.remoteDescriptor = remoteDesc;
}
/*
* Sets the logout request received from remote provider.
* @param reqLogout the <code>FSLogoutNotification</code> request from
* remote provider
*/
}
/**
* Initiates logout at this provider when the user has clicked on the
* logout option.
* @param request <code>HttPServletRequest</code> object from the user agent
* @param response <code>HttPServletRsponse</code> to be sent back to the
* user agent
* @param ssoToken used to identify the principal who wants to logout
* @param sourceCheck where the logout coming from
* @return <code>true</code> if the logout is successful; <code>false</code>
* otherwise.
*/
{
setLogoutURL();
"Entered FSPreLogoutHandler::handleSingleLogout");
try {
this.userID =
if ((acceptString != null) &&
{
isWMLAgent = true;
}
}
}
}
}
}
{
if (providerMap != null) {
if (currentSessionProvider != null) {
// this is IDP initiated based single logout
// HTTP or SOAP is based on metadata
new FSSingleLogoutHandler();
return handlerObj.handleSingleLogout(
}
}
"No more providers, nothing to broadcast " +
"\ndestroy user session call destroyPrincipalSession");
}
// control could come here when local login has happened
// In this FSSessionmap will not have anything and so we destroy
// the session based on ssoToken
} else {
" session call destroyPrincipalSession. source=" +
}
if (hostedRole != null &&
{
}
try {
// unabled to access logoutRequest here
} catch (Exception e) {
// ignore adapter error
"preSingleLogoutProcess.SP/HTTP", e);
}
}
}
// control will come here when local login has happened
// In this FSSessionmap will not have anything and so we destroy
// the session based on ssoToken
}
if (hostedRole != null &&
{
}
try {
} catch (Exception e) {
// ignore adapter exception
"postSingleLogoutSuccess.SP/HTTP:", e);
}
}
}
}
} catch(SessionException e) {
+ " So destroy self and exit");
// cannot call FSLogoutUtil.destroyLocalSession(ssoToken)
// since session exception has occurred
}
}
/**
* @param request <code>HttpServletRequest</code> object from the user agent
* @param response <code>HttpServletRsponse</code> to be sent back to the
* user agent
* @param ssoToken used to identify the principal who wants to logout
* @return <code>FSLogoutStatus</code> object to indicate the status of
* the logout process.
*/
{
"processSingleLogoutRequest HTTP Redirect");
}
setLogoutURL();
try {
this.userID =
} else {
}
} catch (SessionException se) {
}
userID);
}
if ((acceptString != null) &&
{
isWMLAgent = true;
}
boolean bHasAnyOtherProvider = false;
if (providerMap != null) {
if (sessionPartner != null) {
bHasAnyOtherProvider = true;
}
}
}
}
// this is SP initiated HTTP based single logout
//handlerObj.setRemoteDescriptor(remoteDescriptor);
//handlerObj.setRemoteEntityId(remoteEntityID);
}
/**
* Processes logout request received via SOAP profile.
* @param reqLogout <code>FSLogoutNotification</code> request received from
* remote provider
* @return <code>FSLogoutStatus</code> object indicates the status of
* the logout process
*/
{
" processSingleLogoutRequest SOAP Profile");
}
// User DN needs to be figured from logout request
}
boolean bHasAnyOtherProvider = false;
if (providerMap != null) {
if (sessionPartner != null) {
bHasAnyOtherProvider = true;
}
}
}
}
// this is SP initiated SOAP based single logout
//handlerObj.setRemoteDescriptor(remoteDescriptor);
//handlerObj.setRemoteEntityId(remoteEntityID);
return handlerObj.processSingleLogoutRequest(
}
/**
* Determines the return location and redirects based on
* logout Return URL of the provider that initially sent the logout request.
* If request was not sent by remote provider then the local logout-done
* page is thrown back to the user
*/
boolean error = false;
boolean logoutSuccess = true;
logoutSuccess = false;
}
boolean multiProtocolInvoked = false;
boolean toInvokeMultiProtocol = false;
toInvokeMultiProtocol = true;
}
try {
}
if (providerMap == null) {
"Return URL based on local postlogout URL" +
"\nNo Source in ReturnMAP : rs=" + this.relayState);
}
if (toInvokeMultiProtocol) {
+ " call MP HTTP, status=" + logoutStatus);
}
multiProtocolInvoked = true;
int retStatus =
if (retStatus ==
return;
} else {
if ((retStatus ==
(retStatus ==
logoutSuccess = false;
}
}
}
if ((this.relayState == null) ||
} else {
}
return;
}
} else {
}
}
if (gLogoutStatus != null ) {
}
// call multi-federation protocol processing
if (toInvokeMultiProtocol) {
+ " call MP HTTP, response="
+ responseLogout.toXMLString());
}
multiProtocolInvoked = true;
responseLogout.toXMLString(true, true));
if (retStatus ==
return;
} else {
if ((retStatus ==
(retStatus ==
logoutSuccess = false;
}
}
}
// Sign the request querystring
if (FSServiceUtils.isSigningOn()) {
"FSBrowserArtifactConsumerHandler:: " +
"signSAMLRequest:" +
"couldn't obtain this site's cert alias.");
}
throw new SAMLResponderException(
}
}
} else {
}
redirectURL.toString());
}
return;
} catch (IOException e){
"Unable to get LRURL. No location to redirect." +
"processing completed:", e);
error = true;
} catch (IDFFMetaException e){
" processing completed:", e);
error = true;
} catch (Exception e) {
"FSPreLogoutHandler::General exception thrown :", e);
error = true;
}
if (error) {
ssoToken);
logoutSuccess = false;
}
// call multi-federation protocol processing
if (toInvokeMultiProtocol && !multiProtocolInvoked) {
// invoke multiple federation protocol in exception case
+ " call MP HTTP, error=" + error);
}
multiProtocolInvoked = true;
return;
} else {
logoutSuccess = false;
}
}
}
return;
}
}
try {
boolean isSOAPProfile = true;
isSOAPProfile = false;
}
}
} catch (Exception e) {
}
+ "return status = " + retStatus);
}
return retStatus;
}
}