idpSingleLogoutInit.jsp revision 984ea967792540448d05fba2ac6fad5dadf91fd6
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
0595fb660c93faf1fdbaad7e1300eb342b5baf31Mark de Reeper The contents of this file are subject to the terms
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper of the Common Development and Distribution License
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper (the License). You may not use this file except in
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper compliance with the License.
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper You can obtain a copy of the License at
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper https://opensso.dev.java.net/public/CDDLv1.0.html or
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper See the License for the specific language governing
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper permission and limitations under the License.
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper When distributing Covered Code, include this CDDL
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper Header Notice in each file and include the License file
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper If applicable, add the following below the CDDL Header,
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper with the fields enclosed by brackets [] replaced by
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper your own identifying information:
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper "Portions Copyrighted [year] [name of copyright owner]"
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper $Id: idpSingleLogoutInit.jsp,v 1.9 2009/10/15 00:00:41 exu Exp $
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper Portions Copyrighted 2010-2011 ForgeRock AS
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper<%@ page import="com.sun.identity.shared.debug.Debug" %>
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper<%@ page import="com.sun.identity.plugin.session.SessionManager" %>
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
0595fb660c93faf1fdbaad7e1300eb342b5baf31Mark de Reeper<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper<%@ page import="com.sun.identity.saml2.meta.SAML2MetaUtils" %>
0595fb660c93faf1fdbaad7e1300eb342b5baf31Mark de Reeper<%@ page import="com.sun.identity.saml2.profile.IDPSingleLogout" %>
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper<%@ page import="com.sun.identity.saml2.profile.LogoutUtil" %>
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper<%@ page import="java.util.HashMap" %>
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper<%@ page import="com.sun.identity.plugin.session.SessionException" %>
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper<%@ page import="com.iplanet.am.util.SystemProperties" %>
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper - initiates the LogoutRequest at the Identity Provider.
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper Required parameters to this jsp are :
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper - binding - binding used for this request
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper Some of the other optional parameters are :
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper "RelayState" - the target URL on successful Single Logout
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper "goto" - the target URL on successful Single Logout.
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper "RelayState" takes precedence to "goto" parameter.
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper "Destination" - A URI Reference indicating the address to
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper which the request has been sent.
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper "Consent" - Specifies a URI a SAML defined identifier
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper known as Consent Identifiers.
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper "Extension" - Specifies a list of Extensions as list of
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper String objects.
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper "logoutAll" - Specifies IDP sends slo request to SP without any session
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper Check the SAML2 Documentation for supported parameters.
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper // Retrieve the Request Query Parameters
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper // binding are the required query parameters
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper // binding - binding used for this request
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper String RelayState = request.getParameter(SAML2Constants.RELAY_STATE);
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper if ((RelayState == null) || (RelayState.length() == 0)) {
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper RelayState = request.getParameter(SAML2Constants.GOTO);
0595fb660c93faf1fdbaad7e1300eb342b5baf31Mark de Reeper Object ssoToken = null;
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper ssoToken = SessionManager.getProvider().getSession(request);
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper } catch (SessionException e) {
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper String intermmediatePage = SystemProperties.get(
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper "openam.idpsloinit.nosession.intermmediate.page", "");
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper if (RelayState != null) {
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper intermmediatePage = intermmediatePage + "?RelayState=" +
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper response.sendRedirect(intermmediatePage);
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper if (RelayState != null) {
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper page="/saml2/jsp/default.jsp?message=idpSloSuccess" />
0595fb660c93faf1fdbaad7e1300eb342b5baf31Mark de Reeper if (ssoToken == null) {
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
6406210b71fd4a97800f32f3613eea9b6a6a12ceMark de Reeper "nullSSOToken", SAML2Utils.bundle.getString("nullSSOToken"));
String[] values = SessionManager.getProvider().
getProperty(ssoToken, SAML2Constants.IDP_META_ALIAS);
if (values != null && values.length > 0) {
SessionManager.getProvider().invalidateSession(
response.sendRedirect(RelayState);
page="/saml2/jsp/default.jsp?message=idpSloSuccess" />
SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(metaAlias);
String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
String binding = LogoutUtil.getSLOBindingInfo(request, metaAlias,
SAML2Constants.SP_ROLE, idpEntityID);
realm, idpEntityID, SAML2Constants.SLO_SERVICE, binding))
SAML2Utils.bundle.getString("unsupportedBinding"));
paramsMap.put("metaAlias", metaAlias);
IDPSingleLogout.initiateLogoutRequest(request,response,
response.sendRedirect(RelayState);
page="/saml2/jsp/default.jsp?message=idpSloSuccess" />
SAML2Utils.debug.error("Error sending Logout Request " , sse);
SAML2Utils.bundle.getString("LogoutRequestProcessingError") + " " +
sse.getMessage());
SAML2Utils.debug.error("Error processing Request ",e);
SAML2Utils.bundle.getString("LogoutRequestProcessingError") + " " +
e.getMessage());