/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: FSProcessLogoutServlet.java,v 1.7 2008/12/19 06:50:47 exu Exp $
*
*/
/**
* Handles <code>ID-FF</code> Single Logout request.
*/
/**
* Initializes the servlet.
* @param config the <code>ServletConfig</code> object that contains
* configutation information for this servlet.
* @exception ServletException if an exception occurs that interrupts
* the servlet's normal operation.
*/
throws ServletException
{
}
/**
* Handles the HTTP GET request.
*
* @param request an <code>HttpServletRequest</code> object that contains
* the request the client has made of the servlet.
* @param response an <code>HttpServletResponse</code> object that contains
* the response the servlet sends to the client.
* @exception ServletException if an input or output error is detected when
* the servlet handles the GET request
* @exception IOException if the request for the GET could not be handled
*/
throws ServletException, IOException
{
}
/**
* Handles the HTTP POST request.
*
* @param request an <code>HttpServletRequest</code> object that contains
* the request the client has made of the servlet.
* @param response an <code>HttpServletResponse</code> object that contains
* the response the servlet sends to the client.
* @exception ServletException if an input or output error is detected when
* the servlet handles the POST request
* @exception IOException if the request for the POST could not be handled
*/
throws ServletException, IOException
{
}
/**
* Handles single logout request.
* @param request an <code>HttpServletRequest</code> object that contains
* the request the client has made of the servlet.
* @param response an <code>HttpServletResponse</code> object that contains
* the response the servlet sends to the client.
* @exception ServletException if an input or output error is detected when
* the servlet handles the request
* @exception IOException if the request could not be handled
*/
throws ServletException, IOException
{
// Alias processing
}
+ "Cannot process request");
return;
}
if (metaManager == null) {
"Cannot process request");
return;
}
try {
if (hostedRole != null) {
}
}
if (hostedProviderDesc == null){
}
} catch (IDFFMetaException eam) {
"not process request", eam);
return;
}
"\ncommonErrorPage : " + commonErrorPage);
}
if (sourceCheck == null) {
}
if (sourceCheck != null) {
// need to redirect to LogoutDone.jsp with
// status=noSession
"control where Source is local");
}
response, logoutDoneURL, false,
return;
// logout return
"Control where Source is remote - not from app" +
"link but from other provider");
}
response, logoutDoneURL, true,
return;
// logout Get profile
"Control where Source is Http Get action - " +
"not from app link ");
}
response, logoutDoneURL, true,
return;
}
}
} else {
try {
userID =
} catch (SessionException ssoExp) {
}
}
if (sourceCheck != null) {
// initiate logout
"Control where Source is local - from applink");
return;
// logout return
"Control where Source is remote - not from app" +
"link but from other provider. Token valid");
}
return;
// logout Get profile
"Control where Source is Http Get action - not from"
+ " applink. Initiation will take care in "
+ "preLogouthandler ");
}
return;
}
}
}
// received logout request from remote provider
try {
} catch (FSMsgException e) {
// FSMsgException would mean that the request does not have the
// FSLogoutNotification message, so show error page
"Bad Logout request. calling showErrorPage");
return;
}
"Bad Logout request. calling showErrorPage");
} else {
ssoToken);
}
return;
}
/**
* Retrieves valid session from HTTP Request.
* @param request HTTP request object
* @return session if the session is valid; <code>null</code>
* otherwise.
*/
"Entered FSProcessLogoutServlet::getValidToken");
try {
"session is not valid, redirecting for authentication");
return null;
}
return ssoToken;
} catch (SessionException e){
}
return null;
}
}
/**
* Initiates logout request processing. It is called when a logout request
* is received from a remote provider.
* @param request <code>HTTPServletRequest</code> object received via a
* HTTP Redirect
* @param response <code>HTTPServletResponse</code> object to be sent back
* to user agent
* @param hostedDescriptor the provider for whom request is received
* @param hostedConfig hosted provider's extended meta config
* @param hostedRole hosted provider's role
* @param realm the realm in which the entity resides
* @param hostedEntityId hosted provider's entity id
* @param metaAlias hosted provider's meta alias
* @param reqLogout the single logout request
* @param commonErrorPage where to go if an error occurred
* @param userID user id
* @param ssoToken user session object
*/
private void doRequestProcessing(
{
"Entered FSProcessLogoutServlet::doRequestProcessing");
boolean isIDP = false;
try {
if (hostedRole != null) {
isIDP = true;
}
}
if (remoteDesc == null) {
}
} catch(IDFFMetaException e) {
return;
}
boolean bVerify = true;
if (FSServiceUtils.isSigningOn()) {
try {
} catch(FSException e) {
"FSProcessLogoutServlet::doRequestProcessing " +
"Signature on Logout request is invalid" +
"Cannot proceed federation Logout");
ssoToken);
return;
} catch(SAMLException e) {
"FSProcessLogoutServlet::doRequestProcessing(SAML) " +
"Signature on Logout request is invalid" +
"Cannot proceed federation Logout");
ssoToken);
return;
}
}
if (bVerify) {
// Check if trusted provider
{
//Object ssoToken = getValidToken(request);
// session is valid, start single logout
// Invoke Messaging APIs to get providerid from request
if (instSManager != null) {
"FSServiceManager Instance not null");
// Call SP Adapter preSingleLogoutProcess
if (handlerObj != null) {
return;
}
} else {
"FSServiceManager Instance null. Cannot" +
" continue logout");
}
userID);
return;
}
} else { // ssoToken is null
"Invalid session in request processing. " +
"Nothing to logout");
}
//Verify request,getUserDNcall destroyPrincipalSession
response);
// Here we need to send back to source
// provider's return URL
userID);
return;
}
}
} else {
}
} else {
"FSProcessLogoutServlet::doRequestProcesing " +
"Signature on Logout request is invalid" +
"Cannot proceed federation Logout");
}
return;
}
/**
* Initiates logout request processing. Called when a logout is to be
* initiated or when returned from a remote provider.
* @param request <code>HTTPServletRequest</code> object received via a
* HTTP Redirect
* @param response <code>HTTPServletResponse</code> object to be sent back
* to user agent
* @param hostedDescriptor the provider for whom request is received
* @param hostedConfig hosted provider's extended meta config
* @param realm the realm in which the provider resides
* @param hostedEntityId hosted provider's entity id
* @param metaAlias hosted provider's meta alias
* @param ssoToken session token of the user
* @param logoutDoneURL where to go when logout is done
* @param sourceCheck source check string. Possible value:
* <code>local</code> : single logout initiated from local host
* <code>remote</code> : single logout initiated from remmote host
* <code>logoutGet</code> : Http Get action.
*/
private void doLogoutInitiation(
{
+ relayState);
}
if (instSManager != null) {
if (handlerObj != null) {
return;
} else {
"FSPreLogoutHandler is null.Cannot continue logout");
}
} else {
"FSServiceManager Instance null. Cannot continue logout");
}
response, logoutDoneURL, false,
return;
}
/**
* Verifies logout request signature received from the remote end.
* @param request <code>HttpServletRequest</code> object containing the
* signed Logout request
* @param remoteDescriptor the remote Provider descriptor. Used to get cert
* @param remoteEntity Id the remote provider's entity id
* @return <code>true</code> if the signature is valid; <code>false</code>
* otherwise.
* @exception SAMLException, FSException if an error occurred during the
* process
*/
private boolean verifyLogoutSignature(
boolean isIDP
) throws SAMLException, FSException
{
"Entered FSProcessLogoutServlet::verifyLogoutSignature");
// Verify the signature on the request
"FSProcessLogoutServlet.verifyLogoutSignature: " +
"couldn't obtain this site's cert.");
}
throw new SAMLResponderException(
}
boolean isValidSign =
if (!isValidSign) {
return false;
} else {
return true;
}
}
private void callPreSingleLogoutProcess(
// Call SP Adapter preSingleLogout for remote IDP initated HTTP request
{
"call preSingleLogoutProcess");
}
try {
} catch (Exception e) {
// ignore adapter exception
}
}
}
}
} // FSProcessLogoutServlet