idpSingleLogoutPOST.jsp revision 9740fa737ef2ed9453ab46d145777dbbbf6a747b
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync The contents of this file are subject to the terms
5c65eaa08f2ec993a19c9bef6e5463918e40e0ebvboxsync of the Common Development and Distribution License
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync (the License). You may not use this file except in
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync compliance with the License.
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync You can obtain a copy of the License at
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync https://opensso.dev.java.net/public/CDDLv1.0.html or
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync See the License for the specific language governing
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync permission and limitations under the License.
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync When distributing Covered Code, include this CDDL
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync Header Notice in each file and include the License file
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync If applicable, add the following below the CDDL Header,
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync with the fields enclosed by brackets [] replaced by
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync your own identifying information:
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync "Portions Copyrighted [year] [name of copyright owner]"
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync $Id: idpSingleLogoutPOST.jsp,v 1.5 2009/06/24 23:05:30 mrudulahg Exp $
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync Portions Copyrighted 2013 ForgeRock AS
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync<%@ page import="com.sun.identity.saml2.profile.IDPCache" %>
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync<%@ page import="com.sun.identity.saml2.profile.IDPSingleLogout" %>
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync<%@ page import="org.owasp.esapi.ESAPI" %>
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync - receives the LogoutRequest and sends the LogoutResponse to
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync Service Provider from the Identity Provider.
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync - receives the LogoutResponse from the Service Provider.
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync Required parameters to this jsp are :
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync - RelayState - the target URL on successful Single Logout
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync - SAMLRequest - the LogoutRequest
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync - SAMLResponse - the LogoutResponse
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync Check the SAML2 Documentation for supported parameters.
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync // Retrieves the LogoutRequest or LogoutResponse
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync //Retrieves :
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync //- RelayState - the target URL on successful Single Logout
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync //- SAMLRequest - the LogoutRequest
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync //- SAMLResponse - the LogoutResponse
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync String relayState = request.getParameter(SAML2Constants.RELAY_STATE);
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync if (relayState != null) {
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync String tmpRs = (String) IDPCache.relayStateCache.remove(relayState);
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync if (tmpRs != null) {
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync relayState = tmpRs;
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync if (!ESAPI.validator().isValidInput("HTTP Parameter Value: " + relayState, relayState, "URL", 2000, true)) {
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync relayState = null;
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync String samlResponse = request.getParameter(SAML2Constants.SAML_RESPONSE);
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync if (samlResponse != null) {
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync boolean doRelayState = true;
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync * Gets and processes the Single <code>LogoutResponse</code> from SP,
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync * destroys the local session, checks response's issuer
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync * and inResponseTo.
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync * @param request the HttpServletRequest.
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync * @param response the HttpServletResponse.
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync * @param samlResponse <code>LogoutResponse</code> in the
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync * XML string format.
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync * @param relayState the target URL on successful
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync * <code>LogoutResponse</code>.
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync * @throws SAML2Exception if error processing
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync * <code>LogoutResponse</code>.
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync doRelayState = IDPSingleLogout.processLogoutResponse(
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync request, response,samlResponse, relayState);
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync } catch (SAML2Exception sse) {
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync SAML2Utils.debug.error("Error processing LogoutResponse :",
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync "LogoutResponseProcessingError",
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync SAML2Utils.bundle.getString("LogoutResponseProcessingError") +
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync } catch (Exception e) {
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync SAML2Utils.debug.error("Error processing LogoutResponse ",e);
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync "LogoutResponseProcessingError",
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync SAML2Utils.bundle.getString("LogoutResponseProcessingError") +
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync if (!doRelayState) {
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync if (relayState != null && SAML2Utils.isRelayStateURLValid(request, relayState, SAML2Constants.IDP_ROLE)) {
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync if (relayState.indexOf("?") != -1) {
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync + "&logoutStatus=logoutSuccess");
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync + "?logoutStatus=logoutSuccess");
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync <jsp:forward page="/saml2/jsp/default.jsp?message=idpSloSuccess" />
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync String samlRequest = request.getParameter(SAML2Constants.SAML_REQUEST);
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync if (samlRequest != null) {
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync * Gets and processes the Single <code>LogoutRequest</code> from SP.
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync * @param request the HttpServletRequest.
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync * @param response the HttpServletResponse.
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync * @param samlRequest <code>LogoutRequest</code> in the
9a4748c9b04aa33bb54066d49bd27d4c9f0cf33evboxsync * XML string format.
IDPSingleLogout.processLogoutRequest(request,response,
SAML2Utils.debug.error("Error processing LogoutRequest :", sse);
SAML2Utils.bundle.getString("LogoutRequestProcessingError")
+ " " + sse.getMessage());
SAML2Utils.debug.error("Error processing LogoutRequest ",e);
SAML2Utils.bundle.getString("LogoutRequestProcessingError")
+ " " + e.getMessage());