saml2/jsp/spSingleLogoutInit.jsp

	spSingleLogoutInit.jsp revision e8721886dbfd32e88cc7077cbee4b6bb1b44b443
2122N/A<%--
2122N/A   DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
2122N/A
2122N/A   Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
2122N/A
2122N/A   The contents of this file are subject to the terms
2122N/A   of the Common Development and Distribution License
2122N/A   (the License). You may not use this file except in
2122N/A   compliance with the License.
2122N/A
2122N/A   You can obtain a copy of the License at
2122N/A   https://opensso.dev.java.net/public/CDDLv1.0.html or
2122N/A   opensso/legal/CDDLv1.0.txt
2122N/A   See the License for the specific language governing
2122N/A   permission and limitations under the License.
2122N/A
2122N/A   When distributing Covered Code, include this CDDL
2122N/A   Header Notice in each file and include the License file
2122N/A   at opensso/legal/CDDLv1.0.txt.
2122N/A   If applicable, add the following below the CDDL Header,
2122N/A   with the fields enclosed by brackets [] replaced by
2122N/A   your own identifying information:
2122N/A   "Portions Copyrighted [year] [name of copyright owner]"
2122N/A
2122N/A   $Id: spSingleLogoutInit.jsp,v 1.13 2009/10/15 00:01:11 exu Exp $
2122N/A
2122N/A--%>
2122N/A
2122N/A
2122N/A
2086N/A
2086N/A<%@ page import="com.sun.identity.shared.debug.Debug" %>
2122N/A<%@ page import="com.sun.identity.plugin.session.SessionManager" %>
2122N/A<%@ page import="com.sun.identity.plugin.session.SessionException" %>
2122N/A<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>
2122N/A<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>
2122N/A<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>
2122N/A<%@ page import="com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement" %>
2122N/A<%@ page import="com.sun.identity.saml2.meta.SAML2MetaManager" %>
2122N/A<%@ page import="com.sun.identity.saml2.meta.SAML2MetaUtils" %>
2122N/A<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>
2122N/A<%@ page import="com.sun.identity.saml2.profile.LogoutUtil" %>
2122N/A<%@ page import="com.sun.identity.saml2.profile.SPCache" %>
2122N/A<%@ page import="com.sun.identity.saml2.profile.SPSingleLogout" %>
2122N/A<%@ page import="java.util.HashMap" %>
2122N/A<%@ page import="java.util.List" %>
2122N/A
2122N/A<%--
2086N/A    spSingleLogoutInit.jsp
2086N/A    - initiates the LogoutRequest at the Service Provider.
2086N/A
2086N/A    Required parameters to this jsp are :
2086N/A    "binding" - binding used for this request
2086N/A    "NameIDValue" - NameID value for the user. Required in fedlet case.
2086N/A    "SessionIndex" - Session that has this sessionIndex is to be single logout.
2086N/A                     Required in fedlet case.
2086N/A    "idpEntityID" - Identifier for identity provider. Required for fedlet case.
2086N/A                    If binding is not set, this parameter is used to find the
2086N/A                    default binding.
2086N/A
2177N/A    Some of the other optional parameters are :
2086N/A    "RelayState" - the target URL on successful Single Logout
2177N/A    "goto" - the target URL on successful Single Logout.
2086N/A             "RelayState" takes precedence to "goto" parameter.
2086N/A    "Destination" - A URI Reference indicating the address to
2177N/A                    which the request has been sent.
2086N/A    "Consent" - Specifies a URI a SAML defined identifier
2086N/A                known as Consent Identifiers.
2086N/A    "Extension" - Specifies a list of Extensions as list of
2086N/A                  String objects.
2086N/A    "spEntityID" - Fedlet's entity ID. Used in fedlet case. When it is missing,
2086N/A                   first sp from metadata is used.
2086N/A    Check the SAML2 Documentation for supported parameters.
2086N/A--%>
2086N/A
2086N/A<%
2086N/A    // Retrieves the Request Query Parameters
2086N/A    // Binding are the required query parameters
2086N/A    // binding - binding used for this request
2086N/A
2086N/A    try {
2086N/A        String RelayState = request.getParameter(SAML2Constants.RELAY_STATE);
2086N/A        if ((RelayState == null) || (RelayState.length() == 0)) {
2086N/A            RelayState = request.getParameter(SAML2Constants.GOTO);
2086N/A        }
2086N/A
2086N/A        String metaAlias = null;
2086N/A
2086N/A        Object ssoToken = null;
2177N/A        try {
2177N/A            ssoToken = SessionManager.getProvider().getSession(request);
2177N/A        } catch (SessionException se) {
2177N/A            if (SAML2Utils.debug.messageEnabled()) {
2177N/A                SAML2Utils.debug.message("No session.");
2086N/A            }
2315N/A            ssoToken = null;
2315N/A        }
2315N/A
2315N/A        String spEntityID = null;
2315N/A        SAML2MetaManager manager = new SAML2MetaManager();
2315N/A        if (!SPCache.isFedlet) {
2315N/A            if (ssoToken == null) {
2315N/A                SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
2315N/A                    "nullSSOToken",SAML2Utils.bundle.getString("nullSSOToken"));
2315N/A                return;
2315N/A            }
2315N/A            String[] values = SessionManager.getProvider().
2315N/A                getProperty(ssoToken, SAML2Constants.SP_METAALIAS);
2315N/A            if (values != null && values.length > 0) {
2110N/A                metaAlias = values[0];
2110N/A            }
2110N/A        } else {
2110N/A            spEntityID = request.getParameter("spEntityID");
2110N/A            if ((spEntityID == null) || (spEntityID.length() == 0)) {
2086N/A                List spMetaAliases =
2086N/A                    manager.getAllHostedServiceProviderMetaAliases("/");
2086N/A                if ((spMetaAliases != null) && !spMetaAliases.isEmpty()) {
2287N/A                    // get first one
2287N/A                    metaAlias = (String) spMetaAliases.get(0);
2287N/A                }
2287N/A            } else {
2110N/A                SPSSOConfigElement spConfig =
2110N/A                    manager.getSPSSOConfig("/", spEntityID);
2110N/A                if (spConfig != null) {
2110N/A                    metaAlias = spConfig.getMetaAlias();
2086N/A                }
2086N/A            }
2086N/A        }
2086N/A        if (metaAlias == null) {
2110N/A            try {
2110N/A                SessionManager.getProvider().invalidateSession(
2110N/A                    ssoToken, request, response);
2110N/A            } catch (SessionException se) {
2110N/A                if (SAML2Utils.debug.messageEnabled()) {
2110N/A                    SAML2Utils.debug.message("No session.");
2110N/A                }
2110N/A            }
2086N/A            if (RelayState != null) {
2086N/A                response.sendRedirect(RelayState);
2086N/A            } else {
2086N/A                %>
2086N/A                <jsp:forward page="/saml2/jsp/default.jsp?message=spSloSuccess"/>
2086N/A                <%
2086N/A            }
2086N/A            return;
2086N/A        }
2086N/A
2315N/A        String idpEntityID = request.getParameter("idpEntityID");
2315N/A        String binding = LogoutUtil.getSLOBindingInfo(request, metaAlias,
2315N/A                                        SAML2Constants.SP_ROLE, idpEntityID);
2315N/A        if (spEntityID == null) {
2315N/A            spEntityID = manager.getEntityByMetaAlias(metaAlias);
2315N/A        }
2086N/A        String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
2086N/A        if (!SAML2Utils.isSPProfileBindingSupported(
2086N/A            realm, spEntityID, SAML2Constants.SLO_SERVICE, binding))
2315N/A        {
2315N/A            SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
2315N/A                "unsupportedBinding",
2315N/A                SAML2Utils.bundle.getString("unsupportedBinding"));
2315N/A            return;
2086N/A        }
2086N/A
2086N/A        /**
2086N/A        * Parses the request parameters and builds the Logout
2086N/A        * Request to be sent to the IDP.
2086N/A        *
2086N/A        * @param request the HttpServletRequest.
2086N/A        * @param response the HttpServletResponse.
2086N/A        * @param metaAlias metaAlias of Service Provider. The format of
2243N/A        *               this parameter is /realm_name/SP_name.
2243N/A        * @param binding binding used for this request.
2110N/A        * @param paramsMap Map of all other parameters.
2110N/A        *       Following parameters names with their respective
2360N/A        *       String values are allowed in this paramsMap.
2360N/A        *       "RelayState" - the target URL on successful Single Logout
2360N/A        *       "Destination" - A URI Reference indicating the address to
2360N/A        *                       which the request has been sent.
2360N/A        *       "Consent" - Specifies a URI a SAML defined identifier
2360N/A        *                   known as Consent Identifiers.
2360N/A        *       "Extension" - Specifies a list of Extensions as list of
2360N/A        *                   String objects.
2360N/A        * @throws SAML2Exception if error initiating request to IDP.
2360N/A        */
2360N/A        HashMap paramsMap = new HashMap();
2360N/A        if (SPCache.isFedlet) {
2360N/A            String sessionIndex = request.getParameter("SessionIndex");
2360N/A            if ((sessionIndex == null) || (sessionIndex.length() == 0)) {
2360N/A                SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
2360N/A                    "nullSessionIndex",
2086N/A                    SAML2Utils.bundle.getString("nullSessionIndex"));
2086N/A                return;
2177N/A            } else {
2177N/A                paramsMap.put("SessionIndex", sessionIndex);
2177N/A            }
2086N/A            String nameID = request.getParameter("NameIDValue");
2086N/A            if ((nameID == null) || (nameID.length() == 0)) {
2086N/A                SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
2086N/A                    "nullNameID",
2086N/A                    SAML2Utils.bundle.getString("nullNameID"));
2086N/A                return;
2086N/A            } else {
2086N/A                if (spEntityID == null) {
2086N/A                    if (manager == null) {
2086N/A                        manager = new SAML2MetaManager();
2086N/A                    }
2086N/A                    spEntityID = manager.getEntityByMetaAlias(metaAlias);
2086N/A                }
2086N/A                if (idpEntityID == null) {
2177N/A                    SAMLUtils.sendError(request, response,
2177N/A                        response.SC_BAD_REQUEST,
2086N/A                        "nullIDPEntityID",
2177N/A                        SAML2Utils.bundle.getString("nullIDPEntityID"));
2086N/A                    return;
2086N/A                }
2086N/A                paramsMap.put(
2086N/A                    "infoKey", spEntityID+ "|" + idpEntityID + "|" + nameID);
2086N/A            }
2086N/A
2086N/A        }
2086N/A        paramsMap.put("metaAlias", metaAlias);
2086N/A        paramsMap.put("idpEntityID", idpEntityID);
2086N/A        paramsMap.put(SAML2Constants.ROLE, SAML2Constants.SP_ROLE);
2086N/A        paramsMap.put(SAML2Constants.BINDING, binding);
2086N/A        paramsMap.put("Destination", request.getParameter("Destination"));
2086N/A        paramsMap.put("Consent", request.getParameter("Consent"));
2086N/A        paramsMap.put("Extension", request.getParameter("Extension"));
2086N/A        if ((RelayState == null) || (RelayState.equals(""))) {
2086N/A            RelayState = SAML2Utils.getAttributeValueFromSSOConfig(
2086N/A                realm, spEntityID, SAML2Constants.SP_ROLE,
2086N/A                SAML2Constants.DEFAULT_RELAY_STATE);
2086N/A        }
2086N/A        if (RelayState != null) {
2086N/A            paramsMap.put(SAML2Constants.RELAY_STATE, RelayState);
2086N/A        }
2086N/A
2086N/A        String sessionIndex = request.getParameter("sessionIndex");
2086N/A        SPSingleLogout.initiateLogoutRequest( request,response,
2086N/A            binding,paramsMap);
2086N/A
2086N/A        if (binding.equalsIgnoreCase(SAML2Constants.SOAP)) {
2086N/A            if (RelayState != null && (!RelayState.equals(""))) {
2086N/A                response.sendRedirect(RelayState);
2086N/A            } else {
2086N/A                %>
2086N/A                <jsp:forward page="/saml2/jsp/default.jsp?message=spSloSuccess"/>
2086N/A                <%
2086N/A            }
2086N/A        }
2086N/A    } catch (SAML2Exception sse) {
2086N/A        SAML2Utils.debug.error("Error sending Logout Request " , sse);
2086N/A        SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
2086N/A            "LogoutRequestCreationError",
2086N/A            SAML2Utils.bundle.getString("LogoutRequestCreationError") + " " +
2086N/A            sse.getMessage());
2086N/A        return;
2086N/A    } catch (Exception e) {
2086N/A        SAML2Utils.debug.error("Error initializing Request ",e);
2086N/A        SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
2086N/A            "LogoutRequestCreationError",
2086N/A            SAML2Utils.bundle.getString("LogoutRequestCreationError") + " " +
2086N/A            e.getMessage());
2086N/A        return;
2086N/A    }
2086N/A%>
2086N/A