ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%--

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov The contents of this file are subject to the terms

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov of the Common Development and Distribution License

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov (the License). You may not use this file except in

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov compliance with the License.

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov You can obtain a copy of the License at

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov https://opensso.dev.java.net/public/CDDLv1.0.html or

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov opensso/legal/CDDLv1.0.txt

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov See the License for the specific language governing

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov permission and limitations under the License.

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov When distributing Covered Code, include this CDDL

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov Header Notice in each file and include the License file

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov at opensso/legal/CDDLv1.0.txt.

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov If applicable, add the following below the CDDL Header,

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov with the fields enclosed by brackets [] replaced by

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov your own identifying information:

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov "Portions Copyrighted [year] [name of copyright owner]"

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov $Id: spSingleLogoutPOST.jsp,v 1.8 2009/06/24 23:05:31 mrudulahg Exp $

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov Portions Copyrighted 2013-2015 ForgeRock AS.

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov--%>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%@ page import="com.sun.identity.sae.api.SecureAttrs" %>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%@ page import="com.sun.identity.saml.common.SAMLUtils" %>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%@ page import="com.sun.identity.saml2.common.SAML2Utils" %>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%@ page import="com.sun.identity.saml2.common.SAML2Constants" %>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%@ page import="com.sun.identity.saml2.common.SAML2Exception" %>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%@ page import="com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement" %>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%@ page import="com.sun.identity.saml2.meta.SAML2MetaUtils" %>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%@ page import="com.sun.identity.saml2.meta.SAML2MetaManager" %>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%@ page import="com.sun.identity.saml2.profile.CacheObject" %>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%@ page import="com.sun.identity.saml2.profile.SPCache" %>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%@ page import="com.sun.identity.saml2.profile.SPSingleLogout" %>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%@ page import="com.sun.identity.saml2.profile.IDPCache" %>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%@ page import="com.sun.identity.saml2.protocol.LogoutRequest" %>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%@ page import="com.sun.identity.saml2.profile.IDPProxyUtil" %>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%@ page import="java.util.HashMap" %>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%@ page import="java.util.List" %>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%@ page import="java.util.Map" %>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%@ page import="java.util.Properties" %>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%@ page import="org.owasp.esapi.ESAPI" %>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%@ page import="java.io.PrintWriter" %>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%--

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov spSingleLogoutPOST.jsp

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov - receives the LogoutRequest and sends the LogoutResponse to

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov Identity Provider from the Service Provider.

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov OR

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov - receives the LogoutResponse from the Identity Provider.

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov Required parameters to this jsp are :

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov - RelayState - the target URL on successful Single Logout

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov - SAMLRequest - the LogoutRequest

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov OR

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov - SAMLResponse - the LogoutResponse

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov Check the SAML2 Documentation for supported parameters.

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov--%>

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov<%

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov // Retrieves the LogoutRequest or LogoutResponse

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov //Retrieves :

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov //- RelayState - the target URL on successful Single Logout

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov //- SAMLRequest - the LogoutRequest

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov //OR

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov //- SAMLResponse - the LogoutResponse

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov String relayState = request.getParameter(SAML2Constants.RELAY_STATE);

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov if (relayState != null) {

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov CacheObject tmpRs=

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov (CacheObject) SPCache.relayStateHash.remove(relayState);

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov if ((tmpRs != null)) {

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov relayState = (String) tmpRs.getObject();

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov }

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov }

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov if (!ESAPI.validator().isValidInput("HTTP Query String: " + relayState, relayState, "HTTPQueryString", 2000, true)) {

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov relayState = null;

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov }

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov String samlResponse = request.getParameter(SAML2Constants.SAML_RESPONSE);

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov if (samlResponse != null) {

ead9bb4b1be81d7bbf8ed86ee41d6c1e58b069a3Yuri Pankov try {

java.lang.NullPointerException