idpSingleLogoutPOST.jsp revision 0fdab8904a8fe223f6934b878769fe45e7651c60
45e9809aff7304721fddb95654901b32195c9c7avboxsync DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
45e9809aff7304721fddb95654901b32195c9c7avboxsync Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
45e9809aff7304721fddb95654901b32195c9c7avboxsync The contents of this file are subject to the terms
45e9809aff7304721fddb95654901b32195c9c7avboxsync of the Common Development and Distribution License
45e9809aff7304721fddb95654901b32195c9c7avboxsync (the License). You may not use this file except in
45e9809aff7304721fddb95654901b32195c9c7avboxsync compliance with the License.
45e9809aff7304721fddb95654901b32195c9c7avboxsync You can obtain a copy of the License at
45e9809aff7304721fddb95654901b32195c9c7avboxsync https://opensso.dev.java.net/public/CDDLv1.0.html or
45e9809aff7304721fddb95654901b32195c9c7avboxsync See the License for the specific language governing
45e9809aff7304721fddb95654901b32195c9c7avboxsync permission and limitations under the License.
45e9809aff7304721fddb95654901b32195c9c7avboxsync When distributing Covered Code, include this CDDL
45e9809aff7304721fddb95654901b32195c9c7avboxsync Header Notice in each file and include the License file
45e9809aff7304721fddb95654901b32195c9c7avboxsync If applicable, add the following below the CDDL Header,
45e9809aff7304721fddb95654901b32195c9c7avboxsync with the fields enclosed by brackets [] replaced by
45e9809aff7304721fddb95654901b32195c9c7avboxsync your own identifying information:
45e9809aff7304721fddb95654901b32195c9c7avboxsync "Portions Copyrighted [year] [name of copyright owner]"
45e9809aff7304721fddb95654901b32195c9c7avboxsync $Id: idpSingleLogoutPOST.jsp,v 1.5 2009/06/24 23:05:30 mrudulahg Exp $
45e9809aff7304721fddb95654901b32195c9c7avboxsync Portions Copyrighted 2013 ForgeRock AS
45e9809aff7304721fddb95654901b32195c9c7avboxsync<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
45e9809aff7304721fddb95654901b32195c9c7avboxsync<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
45e9809aff7304721fddb95654901b32195c9c7avboxsync<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
45e9809aff7304721fddb95654901b32195c9c7avboxsync<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
45e9809aff7304721fddb95654901b32195c9c7avboxsync<%@ page import="com.sun.identity.saml2.profile.IDPCache" %>
45e9809aff7304721fddb95654901b32195c9c7avboxsync<%@ page import="com.sun.identity.saml2.profile.IDPSingleLogout" %>
45e9809aff7304721fddb95654901b32195c9c7avboxsync<%@ page import="org.owasp.esapi.ESAPI" %>
45e9809aff7304721fddb95654901b32195c9c7avboxsync<%@ page import="java.io.PrintWriter" %>
45e9809aff7304721fddb95654901b32195c9c7avboxsync - receives the LogoutRequest and sends the LogoutResponse to
45e9809aff7304721fddb95654901b32195c9c7avboxsync Service Provider from the Identity Provider.
45e9809aff7304721fddb95654901b32195c9c7avboxsync - receives the LogoutResponse from the Service Provider.
45e9809aff7304721fddb95654901b32195c9c7avboxsync Required parameters to this jsp are :
45e9809aff7304721fddb95654901b32195c9c7avboxsync - RelayState - the target URL on successful Single Logout
45e9809aff7304721fddb95654901b32195c9c7avboxsync - SAMLRequest - the LogoutRequest
45e9809aff7304721fddb95654901b32195c9c7avboxsync - SAMLResponse - the LogoutResponse
45e9809aff7304721fddb95654901b32195c9c7avboxsync Check the SAML2 Documentation for supported parameters.
45e9809aff7304721fddb95654901b32195c9c7avboxsync // Retrieves the LogoutRequest or LogoutResponse
45e9809aff7304721fddb95654901b32195c9c7avboxsync //Retrieves :
45e9809aff7304721fddb95654901b32195c9c7avboxsync //- RelayState - the target URL on successful Single Logout
45e9809aff7304721fddb95654901b32195c9c7avboxsync //- SAMLRequest - the LogoutRequest
45e9809aff7304721fddb95654901b32195c9c7avboxsync //- SAMLResponse - the LogoutResponse
45e9809aff7304721fddb95654901b32195c9c7avboxsync String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
String tmpRs = (String) IDPCache.relayStateCache.remove(relayState);
if (!ESAPI.validator().isValidInput("HTTP Query String: " + relayState, relayState, "HTTPQueryString", 2000, true)) {
doRelayState = IDPSingleLogout.processLogoutResponse(
SAML2Utils.debug.error("Error processing LogoutResponse :",
SAML2Utils.bundle.getString("LogoutResponseProcessingError") +
" " + sse.getMessage());
SAML2Utils.debug.error("Error processing LogoutResponse ",e);
SAML2Utils.bundle.getString("LogoutResponseProcessingError") +
" " + e.getMessage());
if (relayState != null && SAML2Utils.isRelayStateURLValid(request, relayState, SAML2Constants.IDP_ROLE) &&
ESAPI.validator().isValidInput("HTTP URL Value: " + relayState, relayState, "URL", 2000, true)) {
if (relayState.indexOf("?") != -1) {
response.sendRedirect(relayState
response.sendRedirect(relayState
<jsp:forward page="/saml2/jsp/default.jsp?message=idpSloSuccess" />
IDPSingleLogout.processLogoutRequest(request,response, new PrintWriter(out, true),
SAML2Utils.debug.error("Error processing LogoutRequest :", sse);
SAML2Utils.bundle.getString("LogoutRequestProcessingError")
+ " " + sse.getMessage());
SAML2Utils.debug.error("Error processing LogoutRequest ",e);
SAML2Utils.bundle.getString("LogoutRequestProcessingError")
+ " " + e.getMessage());