spSingleLogoutPOST.jsp revision 9740fa737ef2ed9453ab46d145777dbbbf6a747b
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync<%--
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync The contents of this file are subject to the terms
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync of the Common Development and Distribution License
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync (the License). You may not use this file except in
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync compliance with the License.
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync You can obtain a copy of the License at
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync https://opensso.dev.java.net/public/CDDLv1.0.html or
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync opensso/legal/CDDLv1.0.txt
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync See the License for the specific language governing
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync permission and limitations under the License.
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync When distributing Covered Code, include this CDDL
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync Header Notice in each file and include the License file
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync at opensso/legal/CDDLv1.0.txt.
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync If applicable, add the following below the CDDL Header,
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync with the fields enclosed by brackets [] replaced by
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync your own identifying information:
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync "Portions Copyrighted [year] [name of copyright owner]"
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync $Id: spSingleLogoutPOST.jsp,v 1.8 2009/06/24 23:05:31 mrudulahg Exp $
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync--%>
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync<%--
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync Portions Copyrighted 2013 ForgeRock AS
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync--%>
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync<%@ page import="com.sun.identity.sae.api.SecureAttrs" %>
c285785ffc9f35513e0c6e7e2a05df3090dc919cvboxsync<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync<%@ page import="com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement" %>
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync<%@ page import="com.sun.identity.saml2.meta.SAML2MetaUtils" %>
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync<%@ page import="com.sun.identity.saml2.meta.SAML2MetaManager" %>
bcf9fab594306cd97251f7f03b8319a158c29ea5vboxsync<%@ page import="com.sun.identity.saml2.profile.CacheObject" %>
bcf9fab594306cd97251f7f03b8319a158c29ea5vboxsync<%@ page import="com.sun.identity.saml2.profile.SPCache" %>
bcf9fab594306cd97251f7f03b8319a158c29ea5vboxsync<%@ page import="com.sun.identity.saml2.profile.SPSingleLogout" %>
bcf9fab594306cd97251f7f03b8319a158c29ea5vboxsync<%@ page import="com.sun.identity.saml2.profile.IDPCache" %>
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync<%@ page import="com.sun.identity.saml2.protocol.LogoutRequest" %>
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync<%@ page import="com.sun.identity.saml2.profile.IDPProxyUtil" %>
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync<%@ page import="java.util.HashMap" %>
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync<%@ page import="java.util.Map" %>
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync<%@ page import="java.util.Properties" %>
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync<%@ page import="org.owasp.esapi.ESAPI" %>
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync<%--
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync spSingleLogoutPOST.jsp
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync - receives the LogoutRequest and sends the LogoutResponse to
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync Identity Provider from the Service Provider.
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync OR
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync - receives the LogoutResponse from the Identity Provider.
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync Required parameters to this jsp are :
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync - RelayState - the target URL on successful Single Logout
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync - SAMLRequest - the LogoutRequest
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync OR
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync - SAMLResponse - the LogoutResponse
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync Check the SAML2 Documentation for supported parameters.
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync--%>
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync<%
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync // Retrieves the LogoutRequest or LogoutResponse
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync //Retrieves :
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync //- RelayState - the target URL on successful Single Logout
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync //- SAMLRequest - the LogoutRequest
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync //OR
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync //- SAMLResponse - the LogoutResponse
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync if (relayState != null) {
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync CacheObject tmpRs=
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync (CacheObject) SPCache.relayStateHash.remove(relayState);
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync if ((tmpRs != null)) {
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync relayState = (String) tmpRs.getObject();
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync }
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync }
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync if (!ESAPI.validator().isValidInput("HTTP Parameter Value: " + relayState, relayState, "URL", 2000, true)) {
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync relayState = null;
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync }
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync String samlResponse = request.getParameter(SAML2Constants.SAML_RESPONSE);
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync if (samlResponse != null) {
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync try {
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync /**
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync * Gets and processes the Single <code>LogoutResponse</code> from IDP,
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync * destroys the local session, checks response's issuer
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync * and inResponseTo.
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync *
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync * @param request the HttpServletRequest.
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync * @param response the HttpServletResponse.
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync * @param samlResponse <code>LogoutResponse</code> in the
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync * XML string format.
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync * @param relayState the target URL on successful
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync * <code>LogoutResponse</code>.
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync * @throws SAML2Exception if error processing
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync * <code>LogoutResponse</code>.
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync */
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync Map infoMap =
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync SPSingleLogout.processLogoutResponse(request,response,
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync samlResponse, relayState);
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync String inRes = (String) infoMap.get("inResponseTo");
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync LogoutRequest origLogoutRequest = (LogoutRequest)
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync IDPCache.proxySPLogoutReqCache.get(inRes);
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync if (origLogoutRequest != null && !origLogoutRequest.equals("")) {
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync IDPCache.proxySPLogoutReqCache.remove(inRes);
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync IDPProxyUtil.sendProxyLogoutResponse(response,
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync origLogoutRequest.getID(), infoMap,
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync origLogoutRequest.getIssuer().getValue(),
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync SAML2Constants.HTTP_POST);
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync return;
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync }
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync } catch (SAML2Exception sse) {
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync SAML2Utils.debug.error("Error processing LogoutResponse :", sse);
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync "LogoutResponseProcessingError",
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync SAML2Utils.bundle.getString("LogoutResponseProcessingError") +
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync " " + sse.getMessage());
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync return;
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync } catch (Exception e) {
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync SAML2Utils.debug.error("Error processing LogoutResponse ",e);
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync "LogoutResponseProcessingError",
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync SAML2Utils.bundle.getString("LogoutResponseProcessingError") +
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync " " + e.getMessage());
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync return;
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync }
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync
bcf9fab594306cd97251f7f03b8319a158c29ea5vboxsync if (relayState != null && !relayState.isEmpty() &&
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync SAML2Utils.isRelayStateURLValid(request, relayState, SAML2Constants.SP_ROLE)) {
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync try {
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync response.sendRedirect(relayState);
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync } catch (java.io.IOException ioe) {
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync if (SAML2Utils.debug.messageEnabled()) {
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync SAML2Utils.debug.message(
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync "Exception when redirecting to " +
bcf9fab594306cd97251f7f03b8319a158c29ea5vboxsync relayState, ioe);
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync }
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync }
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync } else {
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync %>
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync <jsp:forward page="/saml2/jsp/default.jsp?message=spSloSuccess" />
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync <%
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync }
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync } else {
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync String samlRequest = request.getParameter(SAML2Constants.SAML_REQUEST);
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync if (samlRequest != null) {
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync // Logout SP app via SAE first. App is obligated to redirect back
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync // to complete this SLO request.
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync if (!SPCache.isFedlet) {
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync if (processSAELogout(request, response)) {
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync return;
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync }
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync }
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync try {
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync /**
6370012ceb61956d3261edcd6781021cc975e364vboxsync * Gets and processes the Single <code>LogoutRequest</code> from
bcf9fab594306cd97251f7f03b8319a158c29ea5vboxsync * IDP.
6370012ceb61956d3261edcd6781021cc975e364vboxsync *
bcf9fab594306cd97251f7f03b8319a158c29ea5vboxsync * @param request the HttpServletRequest.
6370012ceb61956d3261edcd6781021cc975e364vboxsync * @param response the HttpServletResponse.
bcf9fab594306cd97251f7f03b8319a158c29ea5vboxsync * @param samlRequest <code>LogoutRequest</code> in the
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync * XML string format.
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync * @param relayState the target URL on successful
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync * <code>LogoutRequest</code>.
bcf9fab594306cd97251f7f03b8319a158c29ea5vboxsync * @throws SAML2Exception if error processing
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync * <code>LogoutRequest</code>.
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync */
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync SPSingleLogout.processLogoutRequest(request,response,
bcf9fab594306cd97251f7f03b8319a158c29ea5vboxsync samlRequest,relayState);
bcf9fab594306cd97251f7f03b8319a158c29ea5vboxsync } catch (SAML2Exception sse) {
6370012ceb61956d3261edcd6781021cc975e364vboxsync SAML2Utils.debug.error("Error processing LogoutRequest :", sse);
6370012ceb61956d3261edcd6781021cc975e364vboxsync SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync "LogoutRequestProcessingError",
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync SAML2Utils.bundle.getString("LogoutRequestProcessingError")
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync + " " + sse.getMessage());
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync return;
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync } catch (Exception e) {
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync SAML2Utils.debug.error("Error processing LogoutRequest ",e);
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync "LogoutRequestProcessingError",
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync SAML2Utils.bundle.getString("LogoutRequestProcessingError")
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync + " " + e.getMessage());
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync return;
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync }
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync }
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync }
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync%>
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync<%!
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsyncboolean processSAELogout(
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync HttpServletRequest request, HttpServletResponse response)
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync{
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync String saeData = request.getParameter(SecureAttrs.SAE_PARAM_APPRETURN);
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync if (saeData != null) { // App returned back.
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync return false;
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync }
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync try {
464697bd4c58e78f3b3eecc1d51904482bae27f8vboxsync String metaAlias =
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync SAML2MetaUtils.getMetaAliasByUri(request.getRequestURI()) ;
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync SAML2MetaManager mm = SAML2Utils.getSAML2MetaManager();
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync String entityId = mm.getEntityByMetaAlias(metaAlias);
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync SPSSOConfigElement spConfig = mm.getSPSSOConfig(realm, entityId);
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync String appSLOUrlStr = null;
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync if (spConfig != null) {
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync appSLOUrlStr = SAML2Utils.getAttributeValueFromSPSSOConfig(
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync spConfig, SAML2Constants.SAE_SP_LOGOUT_URL);
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync }
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync if (appSLOUrlStr == null) {
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync SAML2Utils.debug.message(
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync "spSLOPOST:SAE:appSLOUrl not configured.");
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync return false;
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync }
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync if (SAML2Utils.debug.messageEnabled()) {
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync SAML2Utils.debug.message(
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync "spSLOPOST:SAE:processing App SLO"+ appSLOUrlStr);
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync }
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync StringBuffer appSLOUrl = new StringBuffer(appSLOUrlStr);
1e4093b98e92fd2f47c3126f2dfb3ba33d7f77dcvboxsync Map hp = SAML2Utils.getSAEAttrs(
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync realm, entityId, SAML2Constants.SP_ROLE, appSLOUrlStr);
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync if (hp == null) {
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync SAML2Utils.debug.error(
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync "spSLOPOST:SAE:processing App SLO: getSAEAttrs returned null");
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync return false;
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync }
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync String cryptoType = (String) hp.get(SecureAttrs.SAE_CRYPTO_TYPE);
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync String secret = null;
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync String encSecret = null;
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync String encAlg = (String)hp.get(
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync SecureAttrs.SAE_CONFIG_DATA_ENCRYPTION_ALG);
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync String encStrength = (String)hp.get(
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync SecureAttrs.SAE_CONFIG_ENCRYPTION_KEY_STRENGTH);
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync if (SecureAttrs.SAE_CRYPTO_TYPE_SYM.equals(cryptoType)) {
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync // Shared secret between FM-IDP and IDPApp
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync secret = (String) hp.get(SecureAttrs.SAE_CONFIG_SHARED_SECRET );
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync encSecret = secret;
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync } else {
1e4093b98e92fd2f47c3126f2dfb3ba33d7f77dcvboxsync // IDPApp's public key
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync secret = (String) hp.get(SecureAttrs.SAE_CONFIG_PRIVATE_KEY_ALIAS);
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync encSecret =
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync (String) hp.get(SecureAttrs.SAE_CONFIG_PUBLIC_KEY_ALIAS);
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync }
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync if (secret == null || secret.length() == 0) {
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync SAML2Utils.debug.error(
c97d00f4828608e3ac87e48fee3dfa8bc4437bf1vboxsync "spSLOPOST:SAE:processing App SLO:getSAEAttrs no secret/key");
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync return false;
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync }
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync if (encAlg == null) {
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync encSecret = null;
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync }
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync String returnURL = request.getRequestURL()+
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync "?"+request.getQueryString()+"&"+
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync SecureAttrs.SAE_PARAM_APPRETURN+"=true";
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync HashMap map = new HashMap();
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync map.put(SecureAttrs.SAE_PARAM_CMD, SecureAttrs.SAE_CMD_LOGOUT);
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync map.put(SecureAttrs.SAE_PARAM_APPSLORETURNURL, returnURL);
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync String saInstanceName = cryptoType + "_" + encAlg + "_" + encStrength;
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync SecureAttrs sa = SecureAttrs.getInstance(saInstanceName);
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync if (sa == null) {
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync Properties prop = new Properties();
1e4093b98e92fd2f47c3126f2dfb3ba33d7f77dcvboxsync prop.setProperty(SecureAttrs.SAE_CONFIG_CERT_CLASS,
1e4093b98e92fd2f47c3126f2dfb3ba33d7f77dcvboxsync "com.sun.identity.sae.api.FMCerts");
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync if (encAlg != null) {
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync prop.setProperty(
1e4093b98e92fd2f47c3126f2dfb3ba33d7f77dcvboxsync SecureAttrs.SAE_CONFIG_DATA_ENCRYPTION_ALG, encAlg);
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync }
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync if (encStrength != null) {
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync prop.setProperty(
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync SecureAttrs.SAE_CONFIG_ENCRYPTION_KEY_STRENGTH,encStrength); }
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync SecureAttrs.init(saInstanceName, cryptoType, prop);
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync sa = SecureAttrs.getInstance(saInstanceName);
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync }
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync if (sa == null) {
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync SAML2Utils.debug.error(
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync "spSLOPOST:SAE:processing App SLO:null SecureAttrs instance");
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync return false;
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync }
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync String encodedString = sa.getEncodedString(map, secret, encSecret);
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync if (encodedString != null) {
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync if (appSLOUrl.indexOf("?") > 0) {
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync appSLOUrl.append("&").append(SecureAttrs.SAE_PARAM_DATA)
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync .append("=").append(encodedString);
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync } else {
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync appSLOUrl.append("?").append(SecureAttrs.SAE_PARAM_DATA)
2c709acd5e2f434e71614aa89020bf8d0776a1e9vboxsync .append("=").append(encodedString);
f73c68fe41a3db55167b7266efd6955e5dbd0b47vboxsync }
1fff175c9a0fea173ee52a209224dc6ecbd39572vboxsync if (SAML2Utils.debug.messageEnabled()) {
1fff175c9a0fea173ee52a209224dc6ecbd39572vboxsync SAML2Utils.debug.message("spSLOPOST:SAE:about to redirect"+
1fff175c9a0fea173ee52a209224dc6ecbd39572vboxsync appSLOUrl);
1fff175c9a0fea173ee52a209224dc6ecbd39572vboxsync }
1fff175c9a0fea173ee52a209224dc6ecbd39572vboxsync response.sendRedirect(appSLOUrl.toString());
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync return true;
80559ecb51cb45f6869d8450a1317ead0dd5129dvboxsync } else {
1fff175c9a0fea173ee52a209224dc6ecbd39572vboxsync SAML2Utils.debug.error(
1fff175c9a0fea173ee52a209224dc6ecbd39572vboxsync "spSLOPOST:SAE:SecureAttrs.getEncodedStr failed");
1fff175c9a0fea173ee52a209224dc6ecbd39572vboxsync }
1fff175c9a0fea173ee52a209224dc6ecbd39572vboxsync } catch (Exception ex) {
1fff175c9a0fea173ee52a209224dc6ecbd39572vboxsync SAML2Utils.debug.error("spSLOPOST:SAE:SecureAttrs.Fatal:",ex);
1fff175c9a0fea173ee52a209224dc6ecbd39572vboxsync }
1fff175c9a0fea173ee52a209224dc6ecbd39572vboxsync return false;
1fff175c9a0fea173ee52a209224dc6ecbd39572vboxsync}
1fff175c9a0fea173ee52a209224dc6ecbd39572vboxsync%>
1fff175c9a0fea173ee52a209224dc6ecbd39572vboxsync