idpSingleLogoutPOST.jsp revision 9740fa737ef2ed9453ab46d145777dbbbf6a747b
6033N/A<%--
6033N/A DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
6033N/A
6033N/A Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
6033N/A
6033N/A The contents of this file are subject to the terms
6033N/A of the Common Development and Distribution License
6033N/A (the License). You may not use this file except in
6033N/A compliance with the License.
6033N/A
6033N/A You can obtain a copy of the License at
6033N/A https://opensso.dev.java.net/public/CDDLv1.0.html or
6033N/A opensso/legal/CDDLv1.0.txt
6033N/A See the License for the specific language governing
6033N/A permission and limitations under the License.
6033N/A
6033N/A When distributing Covered Code, include this CDDL
6033N/A Header Notice in each file and include the License file
6033N/A at opensso/legal/CDDLv1.0.txt.
6033N/A If applicable, add the following below the CDDL Header,
6033N/A with the fields enclosed by brackets [] replaced by
6033N/A your own identifying information:
6033N/A "Portions Copyrighted [year] [name of copyright owner]"
6033N/A
6033N/A $Id: idpSingleLogoutPOST.jsp,v 1.5 2009/06/24 23:05:30 mrudulahg Exp $
6033N/A
6033N/A--%>
6033N/A
6033N/A<%--
6033N/A Portions Copyrighted 2013 ForgeRock AS
6033N/A--%>
6033N/A
6033N/A<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
6033N/A<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
6033N/A<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
6033N/A<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
6033N/A<%@ page import="com.sun.identity.saml2.profile.IDPCache" %>
6033N/A<%@ page import="com.sun.identity.saml2.profile.IDPSingleLogout" %>
6033N/A<%@ page import="org.owasp.esapi.ESAPI" %>
6033N/A
6033N/A<%--
6033N/A idpSingleLogoutPOST.jsp
6033N/A
6033N/A - receives the LogoutRequest and sends the LogoutResponse to
6033N/A Service Provider from the Identity Provider.
6033N/A OR
6033N/A - receives the LogoutResponse from the Service Provider.
6033N/A
6033N/A Required parameters to this jsp are :
6033N/A - RelayState - the target URL on successful Single Logout
6033N/A - SAMLRequest - the LogoutRequest
OR
- SAMLResponse - the LogoutResponse
Check the SAML2 Documentation for supported parameters.
--%>
<%
// Retrieves the LogoutRequest or LogoutResponse
//Retrieves :
//- RelayState - the target URL on successful Single Logout
//- SAMLRequest - the LogoutRequest
//OR
//- SAMLResponse - the LogoutResponse
String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
if (relayState != null) {
String tmpRs = (String) IDPCache.relayStateCache.remove(relayState);
if (tmpRs != null) {
relayState = tmpRs;
}
}
if (!ESAPI.validator().isValidInput("HTTP Parameter Value: " + relayState, relayState, "URL", 2000, true)) {
relayState = null;
}
String samlResponse = request.getParameter(SAML2Constants.SAML_RESPONSE);
if (samlResponse != null) {
boolean doRelayState = true;
try {
/**
* Gets and processes the Single <code>LogoutResponse</code> from SP,
* destroys the local session, checks response's issuer
* and inResponseTo.
*
* @param request the HttpServletRequest.
* @param response the HttpServletResponse.
* @param samlResponse <code>LogoutResponse</code> in the
* XML string format.
* @param relayState the target URL on successful
* <code>LogoutResponse</code>.
* @throws SAML2Exception if error processing
* <code>LogoutResponse</code>.
*/
doRelayState = IDPSingleLogout.processLogoutResponse(
request, response,samlResponse, relayState);
} catch (SAML2Exception sse) {
SAML2Utils.debug.error("Error processing LogoutResponse :",
sse);
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
"LogoutResponseProcessingError",
SAML2Utils.bundle.getString("LogoutResponseProcessingError") +
" " + sse.getMessage());
return;
} catch (Exception e) {
SAML2Utils.debug.error("Error processing LogoutResponse ",e);
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
"LogoutResponseProcessingError",
SAML2Utils.bundle.getString("LogoutResponseProcessingError") +
" " + e.getMessage());
return;
}
if (!doRelayState) {
if (relayState != null && SAML2Utils.isRelayStateURLValid(request, relayState, SAML2Constants.IDP_ROLE)) {
if (relayState.indexOf("?") != -1) {
response.sendRedirect(relayState
+ "&logoutStatus=logoutSuccess");
} else {
response.sendRedirect(relayState
+ "?logoutStatus=logoutSuccess");
}
} else {
%>
<jsp:forward page="/saml2/jsp/default.jsp?message=idpSloSuccess" />
<%
}
}
} else {
String samlRequest = request.getParameter(SAML2Constants.SAML_REQUEST);
if (samlRequest != null) {
try {
/**
* Gets and processes the Single <code>LogoutRequest</code> from SP.
*
* @param request the HttpServletRequest.
* @param response the HttpServletResponse.
* @param samlRequest <code>LogoutRequest</code> in the
* XML string format.
* @param relayState the target URL on successful
* <code>LogoutRequest</code>.
* @throws SAML2Exception if error processing
* <code>LogoutRequest</code>.
*/
IDPSingleLogout.processLogoutRequest(request,response,
samlRequest,relayState);
} catch (SAML2Exception sse) {
SAML2Utils.debug.error("Error processing LogoutRequest :", sse);
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
"LogoutRequestProcessingError",
SAML2Utils.bundle.getString("LogoutRequestProcessingError")
+ " " + sse.getMessage());
return;
} catch (Exception e) {
SAML2Utils.debug.error("Error processing LogoutRequest ",e);
SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
"LogoutRequestProcessingError",
SAML2Utils.bundle.getString("LogoutRequestProcessingError")
+ " " + e.getMessage());
return;
}
}
}
%>