saml2/jsp/spSingleLogoutInit.jsp

	spSingleLogoutInit.jsp revision 94b12520da26b40ef162d1c6ad4232eb5084f9e1
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb<%--
5e01956f3000408c2a2c5a08c8d0acf2c2a9d8eeGlenn Barry   DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb   Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb   The contents of this file are subject to the terms
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb   of the Common Development and Distribution License
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb   (the License). You may not use this file except in
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb   compliance with the License.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb   You can obtain a copy of the License at
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb   https://opensso.dev.java.net/public/CDDLv1.0.html or
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb   opensso/legal/CDDLv1.0.txt
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb   See the License for the specific language governing
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb   permission and limitations under the License.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb   When distributing Covered Code, include this CDDL
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb   Header Notice in each file and include the License file
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb   at opensso/legal/CDDLv1.0.txt.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb   If applicable, add the following below the CDDL Header,
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb   with the fields enclosed by brackets [] replaced by
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb   your own identifying information:
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb   "Portions Copyrighted [year] [name of copyright owner]"
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb   $Id: spSingleLogoutInit.jsp,v 1.13 2009/10/15 00:01:11 exu Exp $
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan--%>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb<%--
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb   Portions Copyrighted 2012-2014 ForgeRock AS
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb--%>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb<%@ page import="com.sun.identity.plugin.session.SessionManager" %>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb<%@ page import="com.sun.identity.plugin.session.SessionException" %>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb<%@ page import="com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement" %>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb<%@ page import="com.sun.identity.saml2.meta.SAML2MetaManager" %>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb<%@ page import="com.sun.identity.saml2.meta.SAML2MetaUtils" %>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan<%@ page import="com.sun.identity.saml2.profile.LogoutUtil" %>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb<%@ page import="com.sun.identity.saml2.profile.SPCache" %>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb<%@ page import="com.sun.identity.saml2.profile.SPSingleLogout" %>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb<%@ page import="java.util.HashMap" %>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb<%@ page import="java.util.List" %>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb<%@ page import="org.owasp.esapi.ESAPI" %>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb<%--
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    spSingleLogoutInit.jsp
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    - initiates the LogoutRequest at the Service Provider.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    Required parameters to this jsp are :
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    "binding" - binding used for this request
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    "NameIDValue" - NameID value for the user. Required in fedlet case.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    "SessionIndex" - Session that has this sessionIndex is to be single logout.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                     Required in fedlet case.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    "idpEntityID" - Identifier for identity provider. Required for fedlet case.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    If binding is not set, this parameter is used to find the
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    default binding.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    Some of the other optional parameters are :
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    "RelayState" - the target URL on successful Single Logout
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    "goto" - the target URL on successful Single Logout.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb             "RelayState" takes precedence to "goto" parameter.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    "Destination" - A URI Reference indicating the address to
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    which the request has been sent.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    "Consent" - Specifies a URI a SAML defined identifier
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                known as Consent Identifiers.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    "Extension" - Specifies a list of Extensions as list of
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                  String objects.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    "spEntityID" - Fedlet's entity ID. Used in fedlet case. When it is missing,
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                   first sp from metadata is used.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    Check the SAML2 Documentation for supported parameters.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb--%>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb<%
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    // Retrieves the Request Query Parameters
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    // Binding are the required query parameters
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    // binding - binding used for this request
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    try {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        String RelayState = request.getParameter(SAML2Constants.RELAY_STATE);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        if (RelayState == null || RelayState.isEmpty()) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            RelayState = request.getParameter(SAML2Constants.GOTO);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        if (!ESAPI.validator().isValidInput("RelayState", RelayState, "HTTPQueryString", 2000, true)) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            RelayState = null;
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        String metaAlias = null;
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        Object ssoToken = null;
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        try {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            ssoToken = SessionManager.getProvider().getSession(request);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        } catch (SessionException se) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            if (SAML2Utils.debug.messageEnabled()) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                SAML2Utils.debug.message("No session.");
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            ssoToken = null;
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        String spEntityID = null;
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        SAML2MetaManager manager = new SAML2MetaManager();
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        if (!SPCache.isFedlet) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            if (ssoToken == null) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                //There is no local session, so we can't perform the logout on the IdP,
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                //let's just return with HTTP 200
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                if (RelayState != null && !RelayState.isEmpty()
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                        && SAML2Utils.isRelayStateURLValid(request, RelayState, SAML2Constants.SP_ROLE)
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                        && ESAPI.validator().isValidInput("RelayState", RelayState, "URL", 2000, true)) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    response.sendRedirect(RelayState);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                } else {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    %>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                        <jsp:forward page="/saml2/jsp/default.jsp?message=spSloSuccess"/>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    <%
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                return;
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            String[] values = SessionManager.getProvider().
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                getProperty(ssoToken, SAML2Constants.SP_METAALIAS);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            if (values != null && values.length > 0) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                metaAlias = values[0];
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        } else {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            spEntityID = request.getParameter("spEntityID");
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            if ((spEntityID == null) || (spEntityID.length() == 0)) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                List spMetaAliases =
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    manager.getAllHostedServiceProviderMetaAliases("/");
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                if ((spMetaAliases != null) && !spMetaAliases.isEmpty()) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    // get first one
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    metaAlias = (String) spMetaAliases.get(0);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            } else {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                SPSSOConfigElement spConfig =
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    manager.getSPSSOConfig("/", spEntityID);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                if (spConfig != null) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    metaAlias = spConfig.getMetaAlias();
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        if (metaAlias == null) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            try {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                SessionManager.getProvider().invalidateSession(
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    ssoToken, request, response);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            } catch (SessionException se) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                if (SAML2Utils.debug.messageEnabled()) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    SAML2Utils.debug.message("No session.");
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            if (RelayState != null && SAML2Utils.isRelayStateURLValid(request, RelayState, SAML2Constants.SP_ROLE)
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    && ESAPI.validator().isValidInput("RelayState", RelayState, "URL", 2000, true)) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                response.sendRedirect(RelayState);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            } else {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                %>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                <jsp:forward page="/saml2/jsp/default.jsp?message=spSloSuccess"/>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                <%
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            return;
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        String idpEntityID = request.getParameter("idpEntityID");
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        String binding = LogoutUtil.getSLOBindingInfo(request, metaAlias,
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                                        SAML2Constants.SP_ROLE, idpEntityID);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        if (spEntityID == null) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            spEntityID = manager.getEntityByMetaAlias(metaAlias);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        if (!SAML2Utils.isSPProfileBindingSupported(
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            realm, spEntityID, SAML2Constants.SLO_SERVICE, binding))
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                "unsupportedBinding",
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                SAML2Utils.bundle.getString("unsupportedBinding"));
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            return;
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        /**
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        * Parses the request parameters and builds the Logout
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        * Request to be sent to the IDP.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        *
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        * @param request the HttpServletRequest.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        * @param response the HttpServletResponse.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        * @param metaAlias metaAlias of Service Provider. The format of
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        *               this parameter is /realm_name/SP_name.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        * @param binding binding used for this request.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        * @param paramsMap Map of all other parameters.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        *       Following parameters names with their respective
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        *       String values are allowed in this paramsMap.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        *       "RelayState" - the target URL on successful Single Logout
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        *       "Destination" - A URI Reference indicating the address to
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        *                       which the request has been sent.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        *       "Consent" - Specifies a URI a SAML defined identifier
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        *                   known as Consent Identifiers.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        *       "Extension" - Specifies a list of Extensions as list of
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        *                   String objects.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        * @throws SAML2Exception if error initiating request to IDP.
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        */
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        HashMap paramsMap = new HashMap();
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        if (SPCache.isFedlet) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            String sessionIndex = request.getParameter("SessionIndex");
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            if ((sessionIndex == null) || (sessionIndex.length() == 0)) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    "nullSessionIndex",
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    SAML2Utils.bundle.getString("nullSessionIndex"));
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                return;
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            } else {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                paramsMap.put("SessionIndex", sessionIndex);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            String nameID = request.getParameter("NameIDValue");
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            if ((nameID == null) || (nameID.length() == 0)) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    "nullNameID",
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    SAML2Utils.bundle.getString("nullNameID"));
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                return;
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            } else {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                if (spEntityID == null) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    if (manager == null) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                        manager = new SAML2MetaManager();
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    spEntityID = manager.getEntityByMetaAlias(metaAlias);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                if (idpEntityID == null) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    SAMLUtils.sendError(request, response,
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                        response.SC_BAD_REQUEST,
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                        "nullIDPEntityID",
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                        SAML2Utils.bundle.getString("nullIDPEntityID"));
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    return;
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                paramsMap.put(
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    "infoKey", spEntityID+ "|" + idpEntityID + "|" + nameID);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        paramsMap.put("metaAlias", metaAlias);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        paramsMap.put("idpEntityID", idpEntityID);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        paramsMap.put(SAML2Constants.ROLE, SAML2Constants.SP_ROLE);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        paramsMap.put(SAML2Constants.BINDING, binding);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        paramsMap.put("Destination", request.getParameter("Destination"));
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        paramsMap.put("Consent", request.getParameter("Consent"));
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        paramsMap.put("Extension", request.getParameter("Extension"));
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        if (RelayState == null || RelayState.isEmpty()) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            RelayState = SAML2Utils.getAttributeValueFromSSOConfig(
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                realm, spEntityID, SAML2Constants.SP_ROLE,
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                SAML2Constants.DEFAULT_RELAY_STATE);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        if (RelayState != null) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            paramsMap.put(SAML2Constants.RELAY_STATE, RelayState);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        String sessionIndex = request.getParameter("sessionIndex");
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        SPSingleLogout.initiateLogoutRequest( request,response,
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            binding,paramsMap);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        if (binding.equalsIgnoreCase(SAML2Constants.SOAP)) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            if (RelayState != null && !RelayState.isEmpty()
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    && SAML2Utils.isRelayStateURLValid(metaAlias, RelayState, SAML2Constants.SP_ROLE)
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                    && ESAPI.validator().isValidInput("RelayState", RelayState, "URL", 2000, true)) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                response.sendRedirect(RelayState);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            } else {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                %>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                <jsp:forward page="/saml2/jsp/default.jsp?message=spSloSuccess"/>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb                <%
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    } catch (SAML2Exception sse) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        SAML2Utils.debug.error("Error sending Logout Request " , sse);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            "LogoutRequestCreationError",
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            SAML2Utils.bundle.getString("LogoutRequestCreationError") + " " +
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            sse.getMessage());
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        return;
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    } catch (Exception e) {
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        SAML2Utils.debug.error("Error initializing Request ",e);
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            "LogoutRequestCreationError",
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            SAML2Utils.bundle.getString("LogoutRequestCreationError") + " " +
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb            e.getMessage());
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb        return;
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb    }
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb%>
ab9b2e153c3a9a2b1141fefa87925b1a9beb1236gtb