a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * $Id: IPRPSignoutRequest.java,v 1.7 2009/10/28 23:59:00 exu Exp $
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.plugin.session.SessionException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.multiprotocol.MultiProtocolUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.multiprotocol.SingleLogoutManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.common.WSFederationConstants;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.common.WSFederationException;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.common.WSFederationUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.logging.LogUtil;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.meta.WSFederationMetaManager;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterimport com.sun.identity.wsfederation.meta.WSFederationMetaUtils;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * This class implements the sign-out request for both identity provider and
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * service provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Fosterpublic class IPRPSignoutRequest extends WSFederationAction {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster private static Debug debug = WSFederationUtils.debug;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Creates a new instance of <code>RPSigninRequest</code>.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param request HTTPServletRequest for this interaction
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param response HTTPServletResponse for this interaction
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * @param wreply Reply URL, to which control is to be transferred
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * on successful completion of sign-out. May be null, in which case, control
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * stays with the provider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public IPRPSignoutRequest(HttpServletRequest request,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Processes the sign-out request, returning a response via the
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * HttpServletResponse passed to the constructor.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster public void process() throws IOException, WSFederationException
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String classMethod = "IPRPSignoutRequest.process: ";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String metaAlias = WSFederationMetaUtils.getMetaAliasByUri(
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((metaAlias == null) || (metaAlias.trim().length() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error(classMethod + "Unable to get meta alias from request");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster WSFederationUtils.bundle.getString("MetaAliasNotFound"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String realm = WSFederationMetaUtils.getRealmByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((realm == null) || (realm.trim().length() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error(classMethod + "Unable to get realm from request");
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster WSFederationUtils.bundle.getString("nullRealm"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // retrieve entity id from meta alias
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String entityId = metaManager.getEntityByMetaAlias(metaAlias);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ((entityId == null) || (entityId.trim().length() == 0)) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.error(classMethod + "Unable to get Entity ID from metaAlias" +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster WSFederationUtils.bundle.getString("nullEntityID"));
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster session = WSFederationUtils.sessionProvider.getSession(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Session exception" + se.getLocalizedMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Don't care too much about session exceptions here - usual cause
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // is trying to log out after the session has expired
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Strategy here is to do logouts in parallel via iframes, provide a
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // link to wreply, if any
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if ( displayName == null || displayName.length() == 0 )
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request.setAttribute(WSFederationConstants.LOGOUT_DISPLAY_NAME,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request.setAttribute(WSFederationConstants.LOGOUT_WREPLY,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request.setAttribute(WSFederationConstants.REALM_PARAM, realm);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request.setAttribute(WSFederationConstants.ENTITYID_PARAM,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] idpList = WSFederationUtils.sessionProvider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getProperty(session, WSFederationConstants.SESSION_IDP);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster && idpList[0] != null && idpList[0].length()>0 )
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message(classMethod + "sending signout to " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String[] spList = WSFederationUtils.sessionProvider.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster getProperty(session, WSFederationConstants.SESSION_SP_LIST);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster displayName = WSFederationMetaUtils.getAttribute(config,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster debug.message(classMethod + "sending signout to " +
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Can't remove a session property, so just set it to
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // an empty string
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster WSFederationUtils.sessionProvider.setProperty(session,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request, response, SingleLogoutManager.WS_FED);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request.setAttribute(WSFederationConstants.LOGOUT_PROVIDER_LIST,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster request.getRequestDispatcher("/wsfederation/jsp/logout.jsp").
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Servlet exception" + se.getLocalizedMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster "Session exception" + se.getLocalizedMessage());
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster // Can't pass session, since we just invalidated it!