/******************************************************************************* * Copyright 2017 Graz University of Technology * EAAF-Core Components has been developed in a cooperation between EGIZ, * A-SIT+, A-SIT, and Graz University of Technology. * * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by * the European Commission - subsequent versions of the EUPL (the "Licence"); * You may not use this work except in compliance with the Licence. * You may obtain a copy of the Licence at: * https://joinup.ec.europa.eu/news/understanding-eupl-v12 * * Unless required by applicable law or agreed to in writing, software * distributed under the Licence is distributed on an "AS IS" basis, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the Licence for the specific language governing permissions and * limitations under the Licence. * * This product combines work with different licenses. See the "NOTICE" text * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ /******************************************************************************* *******************************************************************************/ /******************************************************************************* *******************************************************************************/ package at.gv.egiz.eaaf.core.api.idp.auth; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; import at.gv.egiz.eaaf.core.exceptions.EAAFSSOException; public interface ISSOManager { //TODO public static int EVENT_SSO_SESSION_INVALID = -1; public static int EVENT_SSO_SESSION_VALID = -1; public static final String PROCESS_ENGINE_SSO_CONSENTS_EVALUATION = "ssoconsentsevaluation"; public static final String AUTH_DATA_SSO_SESSIONID = "eaaf_authdata_sso_sessionId"; /** * Check if there is an active and valid SSO session for the current pending request. *
* If there is an active SSO session, the pending request will be populated with eID information from SSO session * * @param pendingReq Current incoming pending request * @param httpReq http Servlet request * @param httpResp http Servlet response * @return true if there is a valid SSO session, otherwise false * @throws EAAFSSOException */ public boolean checkAndValidateSSOSession(IRequest pendingReq, HttpServletRequest httpReq, HttpServletResponse httpResp) throws EAAFSSOException; /** * Populate service provider specific SSO settings * * Check if Single Sign-On is allowed for the current pending request and the requested service provider * * @param pendingReq Current incoming pending request * @param httpReq http Servlet request * @return true if SSO is allowed for this service provider, otherwise false */ public void isSSOAllowedForSP(IRequest pendingReq, HttpServletRequest httpReq); /** * Populate the current pending request with eID information from an existing SSO session * * @param pendingReq pending request that should be populated by SSO session * @throws EAAFSSOException if pending request contains no SSO information or population failed */ public void populatePendingRequestWithSSOInformation(IRequest pendingReq) throws EAAFSSOException; /** * Destroy an active SSO session on IDP site only * * @param httpReq http servlet request * @param httpResp http servlet response * @param pendingReq * @return true if a SSO session was closed successfully, otherwise false * @throws EAAFSSOException in case of an internal processing error */ public boolean destroySSOSessionOnIDPOnly(HttpServletRequest httpReq, HttpServletResponse httpResp, IRequest pendingReq) throws EAAFSSOException; /** * Create a new SSO session-cookie for a specific pendingRequest and add it into http response * * @param req http Request * @param resp http Response * @param pendingReq Current open PendingRequest * @return new created SSO identifier * @throws EAAFSSOException */ public String createNewSSOSessionCookie(HttpServletRequest req, HttpServletResponse resp, IRequest pendingReq) throws EAAFSSOException; /** * Create a new SSO session in database * * @param pendingReq * @param newSSOSessionId * @throws EAAFSSOException */ public void createNewSSOSession(IRequest pendingReq, String newSSOSessionId) throws EAAFSSOException; /** * Updateing an existing SSO session in database * * @param pendingReq * @param newSSOSessionId * @param sloInformation * @throws EAAFSSOException */ public void updateSSOSession(IRequest pendingReq, String newSSOSessionId, SLOInformationInterface sloInformation) throws EAAFSSOException; }