a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: FSPreLogoutHandler.java,v 1.11 2008/12/19 06:50:47 exu Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpackage com.sun.identity.federation.services.logout;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.FSSessionPartner;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.FSSession;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.FSSessionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.util.FSServiceUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.services.util.FSSignatureUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.FSUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.IFSConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.common.LogUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.jaxb.entityconfig.BaseConfigType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSLogoutResponse;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.message.FSLogoutNotification;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.meta.IDFFMetaUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.federation.plugins.FederationSPAdapter;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.multiprotocol.MultiProtocolUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.multiprotocol.SingleLogoutManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.saml.common.SAMLResponderException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Pre logout handling.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected ProviderDescriptorType hostedDescriptor = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected boolean isCurrentProviderIDPRole = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected FSLogoutNotification reqLogout = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected static String LOGOUT_DONE_URL = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected static String COMMON_ERROR_URL = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster protected ProviderDescriptorType remoteDescriptor = null;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Constructor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Initializes FSAccountManager, IDFFMetaManager instance.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSPreLogoutHandler::FSPreLogoutHandler Constructor");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Invoked to set some commonly used URLs based on hosted provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LOGOUT_DONE_URL = FSServiceUtils.getLogoutDonePageURL(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster COMMON_ERROR_URL = FSServiceUtils.getErrorPageURL(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("LOGOUT_DONE_URL : " + LOGOUT_DONE_URL +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the value of <code>RelayState</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param relayState the value of <code>RelayState</code> attribute.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the hosted provider details.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedProviderDesc the descriptor of the hosted provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * handling logout
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets hosted provider's realm.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param realm the realm in which the provider resides
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets hosted provider entity id.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedEntityId hosted provider's entity id to be set
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setHostedEntityId(String hostedEntityId) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets hosted provider's extended meta config.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedConfig hosted provider's extended meta
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setHostedDescriptorConfig(BaseConfigType hostedConfig) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets hosted provider's meta alias.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param metaAlias hosted provider's meta alias to be set
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets hosted provider's role.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param hostedRole hosted provider's role.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setHostedProviderRole(String hostedRole) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets remote provider's entity id.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setRemoteEntityId(String remoteEntityId) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the Remote Descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param remoteDesc Remote Provider Descriptor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setRemoteDescriptor(ProviderDescriptorType remoteDesc) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Sets the logout request received from remote provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param reqLogout the <code>FSLogoutNotification</code> request from
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * remote provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void setLogoutRequest(FSLogoutNotification reqLogout) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Initiates logout at this provider when the user has clicked on the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * logout option.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request <code>HttPServletRequest</code> object from the user agent
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response <code>HttPServletRsponse</code> to be sent back to the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * user agent
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param ssoToken used to identify the principal who wants to logout
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param sourceCheck where the logout coming from
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>true</code> if the logout is successful; <code>false</code>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * otherwise.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Entered FSPreLogoutHandler::handleSingleLogout");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SessionManager.getProvider().getPrincipalName(ssoToken);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String acceptString = request.getHeader("Accept");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (acceptString.indexOf("text/vnd.wap.wml") != -1))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSessionManager sMgr = FSSessionManager.getInstance(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (partners != null && partners.size() != 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster HashMap providerMap = FSLogoutUtil.getCurrentProvider(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (String)providerMap.get(IFSConstants.SESSION_INDEX);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // this is IDP initiated based single logout
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // HTTP or SOAP is based on metadata
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster handlerObj.setHostedDescriptor(hostedDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster handlerObj.setHostedDescriptorConfig(hostedConfig);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster response, request, currentSessionProvider, userID,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "No more providers, nothing to broadcast " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "\ndestroy user session call destroyPrincipalSession");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster userID, metaAlias, sessionIndex, request, response);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // control could come here when local login has happened
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // In this FSSessionmap will not have anything and so we destroy
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // the session based on ssoToken
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSLogoutUtil.destroyLocalSession(ssoToken, request, response);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("No live connections, destroy user" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " session call destroyPrincipalSession. source=" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Call SP Adapter preSingleLogoutProcess for SP/HTTP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedRole.equalsIgnoreCase(IFSConstants.SP) &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "call preSingleLogoutProcess, SP/HTTP");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // unabled to access logoutRequest here
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request, response, userID, null, logoutResponse,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // ignore adapter error
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster userID, metaAlias, sessionIndex, request, response);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // control will come here when local login has happened
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // In this FSSessionmap will not have anything and so we destroy
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // the session based on ssoToken
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (SessionManager.getProvider().isValid(ssoToken)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Call SP Adapter postSingleLogoutProcess for SP/HTTP
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedRole.equalsIgnoreCase(IFSConstants.SP) &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "call postSingleLogoutProcess, SP/HTTP");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request, response, userID, null, logoutResponse,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // ignore adapter exception
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("SessionException in liveConnectionsExist"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " So destroy self and exit");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // cannot call FSLogoutUtil.destroyLocalSession(ssoToken)
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // since session exception has occurred
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return new FSLogoutStatus(IFSConstants.SAML_SUCCESS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Processes logout request received via HTTP redirect/GET.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request <code>HttpServletRequest</code> object from the user agent
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response <code>HttpServletRsponse</code> to be sent back to the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * user agent
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param ssoToken used to identify the principal who wants to logout
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>FSLogoutStatus</code> object to indicate the status of
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the logout process.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public FSLogoutStatus processHttpSingleLogoutRequest(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Entered FSPrelogoutHandler::" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "processSingleLogoutRequest HTTP Redirect");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster this.locale = FSServiceUtils.getLocale(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSessionManager sMgr = FSSessionManager.getInstance(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String sessionIndex = session.getSessionIndex();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SessionManager.getProvider().getPrincipalName(ssoToken);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSPH:processSingleLogout: Onetime case");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster this.userID = FSLogoutUtil.getUserFromRequest(reqLogout,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster realm, hostedEntityId, hostedRole, hostedConfig, metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("processSingleLogoutRequest", se);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSPrelogoutHandler::User Not found");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return new FSLogoutStatus(IFSConstants.SAML_RESPONDER);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String acceptString = request.getHeader("Accept");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (acceptString.indexOf("text/vnd.wap.wml") != -1))
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSPrelogoutHandler::calling getCurrentProvider");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean bHasAnyOtherProvider = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessionPartner = (FSSessionPartner)providerMap.get(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessionIndex = (String)providerMap.get(IFSConstants.SESSION_INDEX);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("bHasAnyOtherProvider = " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("bHasAnyOtherProvider other than source : " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // this is SP initiated HTTP based single logout
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSPreLogout::creating FSSingleLogoutHandler");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSingleLogoutHandler handlerObj = new FSSingleLogoutHandler();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster handlerObj.setHostedDescriptor(hostedDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster handlerObj.setHostedDescriptorConfig(hostedConfig);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //handlerObj.setRemoteDescriptor(remoteDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //handlerObj.setRemoteEntityId(remoteEntityID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return handlerObj.processHttpSingleLogoutRequest(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessionPartner, userID, ssoToken, remoteEntityID, sessionIndex,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Processes logout request received via SOAP profile.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param reqLogout <code>FSLogoutNotification</code> request received from
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * remote provider
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @return <code>FSLogoutStatus</code> object indicates the status of
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * the logout process
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public FSLogoutStatus processSingleLogoutRequest(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Entered FSPreLogoutHandler::" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " processSingleLogoutRequest SOAP Profile");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // User DN needs to be figured from logout request
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster userID = FSLogoutUtil.getUserFromRequest(reqLogout, realm,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedEntityId, hostedRole, hostedConfig, metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("User does not exist. Invalid request");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return new FSLogoutStatus(IFSConstants.SAML_REQUESTER);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String sessionIndex = reqLogout.getSessionIndex();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessionManager.getSessionList(userID), sessionIndex);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean bHasAnyOtherProvider = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessionPartner = (FSSessionPartner)providerMap.get(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster sessionIndex = (String)providerMap.get(IFSConstants.SESSION_INDEX);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("bHasAnyOtherProvider = " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("bHasAnyOtherProvider other than source : " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // this is SP initiated SOAP based single logout
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("creating FSSingleLogoutHandler");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSSingleLogoutHandler handlerObj = new FSSingleLogoutHandler();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster handlerObj.setHostedDescriptor(hostedDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster handlerObj.setHostedDescriptorConfig(hostedConfig);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster handlerObj.setSingleLogoutProtocol(IFSConstants.LOGOUT_SP_SOAP_PROFILE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //handlerObj.setRemoteDescriptor(remoteDescriptor);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster //handlerObj.setRemoteEntityId(remoteEntityID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Determines the return location and redirects based on
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * logout Return URL of the provider that initially sent the logout request.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If request was not sent by remote provider then the local logout-done
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * page is thrown back to the user
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private void returnToPostLogout(String logoutStatus) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Entered FSPreLogoutHandler::returnToPostLogout");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean error = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean logoutSuccess = true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!logoutStatus.equals(IFSConstants.SAML_SUCCESS)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean multiProtocolInvoked = false;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (MultiProtocolUtils.isMultipleProtocolSession(request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedRole.equalsIgnoreCase(IFSConstants.IDP) &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster !MultiProtocolUtils.isMultiProtocolRelayState(relayState)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSLogoutResponse responseLogout = new FSLogoutResponse();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster providerMap = mngInst.getUserProviderInfo(userID);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Return URL based on local postlogout URL" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "\nNo Source in ReturnMAP : rs=" + this.relayState);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSPreLogHandler.retToPostLogout:"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SingleLogoutManager.LOGOUT_REDIRECTED_STATUS) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster returnProviderId = (String) providerMap.get(IFSConstants.PROVIDER);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (hostedRole.equalsIgnoreCase(IFSConstants.IDP)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster retURL = descriptor.getSingleLogoutServiceReturnURL();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (String) providerMap.get(IFSConstants.LOGOUT_RELAY_STATE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (String) providerMap.get(IFSConstants.LOGOUT_STATUS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (String) providerMap.get(IFSConstants.RESPONSE_TO);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Deleted " + userID +" from return list");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // call multi-federation protocol processing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSPreLogHandler.retToPostLogout:"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster + " call MP HTTP, response="
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster int retStatus = handleMultiProtocolLogout(logoutStatus,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster SingleLogoutManager.LOGOUT_REDIRECTED_STATUS) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster responseLogout.setStatus(IFSConstants.SAML_RESPONDER);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Sign the request querystring
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IDFFMetaUtils.getFirstAttributeValueFromConfig(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster hostedConfig, IFSConstants.SIGNING_CERT_ALIAS);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (certAlias == null || certAlias.length() == 0) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSBrowserArtifactConsumerHandler:: " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "signSAMLRequest:" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "couldn't obtain this site's cert alias.");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.bundle.getString(IFSConstants.NO_CERT_ALIAS));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster urlEncodedResponse = FSSignatureUtil.signAndReturnQueryString(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (retURL.indexOf(IFSConstants.QUESTION_MARK) == -1) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster redirectURL.append(IFSConstants.QUESTION_MARK);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("Response to be sent (3) : " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Unable to get LRURL. No location to redirect." +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "processing completed:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("Unable to get LRURL. No location to redirect" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster " processing completed:", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "FSPreLogoutHandler::General exception thrown :", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster {FSUtils.bundle.getString(IFSConstants.LOGOUT_REDIRECT_FAILED)};
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster LogUtil.error(Level.INFO,LogUtil.LOGOUT_REDIRECT_FAILED,data,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // call multi-federation protocol processing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (toInvokeMultiProtocol && !multiProtocolInvoked) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // invoke multiple federation protocol in exception case
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSPreLogHandler.retToPostLogout:"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster int retStatus = handleMultiProtocolLogout(logoutStatus, null);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (retStatus == SingleLogoutManager.LOGOUT_REDIRECTED_STATUS) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((retStatus == SingleLogoutManager.LOGOUT_FAILED_STATUS) ||
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster (retStatus == SingleLogoutManager.LOGOUT_PARTIAL_STATUS)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster IFSConstants.LOGOUT_SUCCESS, IFSConstants.LOGOUT_FAILURE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private int handleMultiProtocolLogout(String status, String responseXML) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster int currentStatus = SingleLogoutManager.LOGOUT_FAILED_STATUS;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((status != null) && status.equals(IFSConstants.SAML_SUCCESS)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster currentStatus = SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster int retStatus = SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster boolean isSOAPProfile = true;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] propVals = SessionManager.getProvider()
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster .getProperty(ssoToken, IFSConstants.IS_SOAP_PROFILE);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((propVals != null) && (propVals.length != 0) &&
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((finalRelayState == null) || (finalRelayState.length() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster doIDPSingleLogout(set, userID, request, response, isSOAPProfile,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster true, SingleLogoutManager.IDFF, realm, hostedEntityId,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster remoteEntityID, finalRelayState, requestXML, responseXML,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.error("FSSLOHandler.doIDPProfile: MP/SOAP", e);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster retStatus = SingleLogoutManager.LOGOUT_FAILED_STATUS;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster FSUtils.debug.message("FSSLOHandler.doIDPSoapProfile: "