saml2/jsp/idpSingleLogoutInit.jsp

	idpSingleLogoutInit.jsp revision e8721886dbfd32e88cc7077cbee4b6bb1b44b443
1008N/A<%--
1008N/A   DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
1008N/A
1008N/A   Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
1008N/A
1008N/A   The contents of this file are subject to the terms
1008N/A   of the Common Development and Distribution License
1008N/A   (the License). You may not use this file except in
1008N/A   compliance with the License.
1008N/A
1008N/A   You can obtain a copy of the License at
1008N/A   https://opensso.dev.java.net/public/CDDLv1.0.html or
1008N/A   opensso/legal/CDDLv1.0.txt
1008N/A   See the License for the specific language governing
1008N/A   permission and limitations under the License.
1008N/A
1008N/A   When distributing Covered Code, include this CDDL
1008N/A   Header Notice in each file and include the License file
1008N/A   at opensso/legal/CDDLv1.0.txt.
1008N/A   If applicable, add the following below the CDDL Header,
1008N/A   with the fields enclosed by brackets [] replaced by
1008N/A   your own identifying information:
1008N/A   "Portions Copyrighted [year] [name of copyright owner]"
1008N/A
4990N/A   $Id: idpSingleLogoutInit.jsp,v 1.9 2009/10/15 00:00:41 exu Exp $
1008N/A
1008N/A--%>
1008N/A
1008N/A
1008N/A<%--
1008N/A   Portions Copyrighted 2010-2011 ForgeRock AS
1008N/A--%>
1008N/A
1008N/A
1008N/A<%@ page import="com.sun.identity.shared.debug.Debug" %>
1008N/A<%@ page import="com.sun.identity.plugin.session.SessionManager" %>
1008N/A<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
1008N/A<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
1008N/A<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
1008N/A<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
1008N/A<%@ page import="com.sun.identity.saml2.meta.SAML2MetaUtils" %>
1008N/A<%@ page import="com.sun.identity.saml2.profile.IDPSingleLogout" %>
1008N/A<%@ page import="com.sun.identity.saml2.profile.LogoutUtil" %>
1008N/A<%@ page import="java.util.HashMap" %>
1008N/A<%@ page import="com.sun.identity.plugin.session.SessionException" %>
1008N/A<%@ page import="com.iplanet.am.util.SystemProperties" %>
1008N/A
1008N/A<%--
1008N/A    idpSingleLogoutInit.jsp
1008N/A    - initiates the LogoutRequest at the Identity Provider.
1008N/A
1008N/A    Required parameters to this jsp are :
1008N/A    - binding - binding used for this request
1008N/A
1008N/A    Some of the other optional parameters are :
1008N/A    "RelayState" - the target URL on successful Single Logout
1008N/A    "goto" - the target URL on successful Single Logout.
1008N/A             "RelayState" takes precedence to "goto" parameter.
1008N/A    "Destination" - A URI Reference indicating the address to
1008N/A                    which the request has been sent.
1008N/A    "Consent" - Specifies a URI a SAML defined identifier
1008N/A                known as Consent Identifiers.
1008N/A    "Extension" - Specifies a list of Extensions as list of
1008N/A                 String objects.
1008N/A    "logoutAll" - Specifies IDP sends slo request to SP without any session
1008N/A                 index.
1008N/A
1008N/A    Check the SAML2 Documentation for supported parameters.
1008N/A
1008N/A--%>
1008N/A
1008N/A<%
1008N/A    // Retrieve the Request Query Parameters
1008N/A    // binding are the required query parameters
1008N/A    // binding - binding used for this request
1008N/A
1008N/A    try {
1008N/A        String RelayState = request.getParameter(SAML2Constants.RELAY_STATE);
1008N/A        if ((RelayState == null) || (RelayState.length() == 0)) {
1008N/A            RelayState = request.getParameter(SAML2Constants.GOTO);
1008N/A        }
1008N/A
1008N/A        Object ssoToken = null;
1008N/A        try {
1008N/A              ssoToken = SessionManager.getProvider().getSession(request);
1008N/A        } catch (SessionException e) {
2345N/A            String intermmediatePage = SystemProperties.get(
1008N/A                    "openam.idpsloinit.nosession.intermmediate.page", "");
2517N/A
2517N/A            if ( intermmediatePage.length() != 0 ) {
2345N/A               if (RelayState != null) {
2345N/A                   intermmediatePage = intermmediatePage + "?RelayState=" +
2345N/A                         RelayState;
2345N/A               }
2345N/A               response.sendRedirect(intermmediatePage);
1008N/A            } else {
1008N/A               if (RelayState != null) {
1548N/A                   response.sendRedirect(RelayState);
1548N/A               } else {
1548N/A                   %>
1548N/A                     <jsp:forward
1548N/A                        page="/saml2/jsp/default.jsp?message=idpSloSuccess" />
1548N/A                   <%
1565N/A               }
1565N/A            }
1548N/A            return;
1548N/A        }
1565N/A        if (ssoToken == null) {
1565N/A            SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
1548N/A                "nullSSOToken", SAML2Utils.bundle.getString("nullSSOToken"));
1565N/A            return;
1548N/A        }
1548N/A        String[] values = SessionManager.getProvider().
1008N/A            getProperty(ssoToken, SAML2Constants.IDP_META_ALIAS);
1008N/A        String metaAlias = null;
1008N/A        if (values != null && values.length > 0) {
1008N/A            metaAlias = values[0];
1008N/A        }
1008N/A        if (metaAlias == null) {
1008N/A            SessionManager.getProvider().invalidateSession(
1008N/A                ssoToken, request, response);
1008N/A            if (RelayState != null) {
1008N/A                response.sendRedirect(RelayState);
1008N/A            } else {
1008N/A                %>
1008N/A                <jsp:forward
1008N/A                    page="/saml2/jsp/default.jsp?message=idpSloSuccess" />
1008N/A                <%
1008N/A            }
1008N/A            return;
1008N/A        }
1008N/A
1008N/A        String idpEntityID =
1008N/A            SAML2Utils.getSAML2MetaManager().getEntityByMetaAlias(metaAlias);
1008N/A        String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
1008N/A
1008N/A        String binding = LogoutUtil.getSLOBindingInfo(request, metaAlias,
1008N/A                                        SAML2Constants.SP_ROLE, idpEntityID);
1008N/A        if (!SAML2Utils.isIDPProfileBindingSupported(
1008N/A            realm, idpEntityID, SAML2Constants.SLO_SERVICE, binding))
1008N/A        {
1008N/A            SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
1008N/A                "unsupportedBinding",
1008N/A                SAML2Utils.bundle.getString("unsupportedBinding"));
1008N/A            return;
1008N/A        }
1008N/A
1008N/A        String logoutAll = request.getParameter(SAML2Constants.LOGOUT_ALL);
1008N/A        /**
1008N/A        * Parses the request parameters and builds the Logout
1008N/A        * Request to be sent to the SP.
1008N/A        *
1008N/A        * @param request the HttpServletRequest.
1008N/A        * @param response the HttpServletResponse.
1008N/A        * @param binding binding used for this request.
2872N/A        * @param paramsMap Map of all other parameters.
2872N/A        *       Following parameters names with their respective
2872N/A        *       String values are allowed in this paramsMap.
2872N/A        *       "RelayState" - the target URL on successful Single Logout
2872N/A        *       "Destination" - A URI Reference indicating the address to
2872N/A        *                       which the request has been sent.
2872N/A        *       "Consent" - Specifies a URI a SAML defined identifier
2872N/A        *                   known as Consent Identifiers.
2872N/A        *       "Extension" - Specifies a list of Extensions as list of
2872N/A        *                   String objects.
2872N/A        * @throws SAML2Exception if error initiating request to SP.
2872N/A        */
2872N/A        HashMap paramsMap = new HashMap();
2872N/A        paramsMap.put("metaAlias", metaAlias);
2872N/A        paramsMap.put(SAML2Constants.ROLE, SAML2Constants.IDP_ROLE);
2872N/A        paramsMap.put(SAML2Constants.BINDING, binding);
2872N/A        paramsMap.put("Destination", request.getParameter("Destination"));
2872N/A        paramsMap.put("Consent", request.getParameter("Consent"));
2872N/A        paramsMap.put("Extension", request.getParameter("Extension"));
2872N/A        if (RelayState != null) {
1548N/A            paramsMap.put(SAML2Constants.RELAY_STATE, RelayState);
1548N/A        }
1548N/A
1548N/A        if (logoutAll != null) {
1548N/A            paramsMap.put(SAML2Constants.LOGOUT_ALL, logoutAll);
1548N/A        }
1565N/A
1565N/A        IDPSingleLogout.initiateLogoutRequest(request,response,
1565N/A            binding,paramsMap);
1548N/A        if (binding.equalsIgnoreCase(SAML2Constants.SOAP)) {
1548N/A            if (RelayState != null) {
1565N/A                response.sendRedirect(RelayState);
1565N/A            } else {
1548N/A                %>
1565N/A                <jsp:forward
1548N/A                    page="/saml2/jsp/default.jsp?message=idpSloSuccess" />
1548N/A                <%
2648N/A            }
2648N/A        }
2648N/A    } catch (SAML2Exception sse) {
2648N/A        SAML2Utils.debug.error("Error sending Logout Request " , sse);
2648N/A        SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
2648N/A            "LogoutRequestProcessingError",
2648N/A            SAML2Utils.bundle.getString("LogoutRequestProcessingError") + " " +
2648N/A            sse.getMessage());
2648N/A        return;
2648N/A    } catch (Exception e) {
2648N/A        SAML2Utils.debug.error("Error processing Request ",e);
2648N/A        SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
2648N/A            "LogoutRequestProcessingError",
2648N/A            SAML2Utils.bundle.getString("LogoutRequestProcessingError") + " " +
2648N/A            e.getMessage());
2648N/A        return;
2648N/A    }
2648N/A%>
2648N/A