add timeout to frontchannel SLO

4 files changed, 107 insertions, 4 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 497c79c1e..b00989b42 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -33,7 +33,8 @@ public interface MOAIDAuthConstants {
   public static final String PARAM_SSO = "SSO";
   public static final String INTERFEDERATION_IDP = "interIDP";
   
-  public static final String PARAM_SLOSTATUS = "status";	
+  public static final String PARAM_SLOSTATUS = "status";
+  public static final String PARAM_SLORESTART = "restart";
   public static final String SLOSTATUS_SUCCESS = "success";
   public static final String SLOSTATUS_ERROR = "error";
   
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 536f3ee04..a7ec4dcb6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -29,17 +29,26 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.velocity.VelocityContext;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.metadata.SingleLogoutService;
 
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.data.SLOInformationContainer;
 import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
 import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
 import at.gv.egovernment.moa.id.storage.AssertionStorage;
 import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
 import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.URLEncoder;
 
 /**
  * @author tlenz
@@ -55,6 +64,8 @@ public class IDPSingleLogOutServlet extends AuthServlet {
 		SSOManager ssomanager = SSOManager.getInstance();		
 		String ssoid = ssomanager.getSSOSessionID(req);
 		
+		Object restartProcessObj = req.getParameter(PARAM_SLORESTART);
+		
 		Object tokkenObj = req.getParameter(PARAM_SLOSTATUS);
 		String tokken = null;
 		String status = null;
@@ -111,17 +122,87 @@ public class IDPSingleLogOutServlet extends AuthServlet {
 						e.printStackTrace();
 					}
 				}				
+			}
+			
+		} else if (restartProcessObj != null && restartProcessObj instanceof String) {
+			String restartProcess = (String) restartProcessObj;
+			if (MiscUtil.isNotEmpty(restartProcess)) {
+				Logger.info("Restart Single LogOut process after timeout ... ");
+					try {						
+						SLOInformationContainer sloContainer = AssertionStorage.getInstance().get(restartProcess, SLOInformationContainer.class);
+						if (sloContainer.hasFrontChannelOA())
+							sloContainer.putFailedOA("differntent OAs");
+							
+						String redirectURL = null;
+						if (sloContainer.getSloRequest() != null) {
+							//send SLO response to SLO request issuer
+							SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(sloContainer.getSloRequest());
+							LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
+							redirectURL = SingleLogOutBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, sloContainer.getSloRequest().getRequest().getRelayState());
+															
+						} else {
+							//print SLO information directly
+							redirectURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/idpSingleLogout";
+							
+							String artifact = Random.nextRandom();
+							
+					        String statusCode = null;
+							if (sloContainer.getSloFailedOAs() == null || 
+					        		sloContainer.getSloFailedOAs().size() == 0)							       							   							        	
+					        	statusCode  = SLOSTATUS_SUCCESS;
+					        else
+					        	statusCode  = SLOSTATUS_ERROR;
+
+							AssertionStorage.getInstance().put(artifact, statusCode);
+					        redirectURL = addURLParameter(redirectURL, PARAM_SLOSTATUS, artifact);
+					        
+						}								
+						//redirect to Redirect Servlet
+						String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet";
+						url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(redirectURL, "UTF-8"));
+						url = resp.encodeRedirectURL(url);
+					
+						resp.setContentType("text/html");
+						resp.setStatus(302);
+						resp.addHeader("Location", url);
+						return;	
+												
+					} catch (MOADatabaseException e) {
+						Logger.info("Find no SLO information with processingID " 
+								+ restartProcess);
+						
+					} catch (NoMetadataInformationException e) {
+						Logger.warn("Build SLO respone FAILED.", e);
+						
+					} catch (NOSLOServiceDescriptorException e) {
+						Logger.warn("Build SLO respone FAILED.", e);
+						
+					} catch (MOAIDException e) {
+						Logger.warn("Build SLO respone FAILED.", e);
+						
+					}
+					
+					VelocityContext context = new VelocityContext();
+					context.put("errorMsg", 
+							MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
+		                	
+					try {
+						ssomanager.printSingleLogOutInfo(context, resp);
+						
+					} catch (MOAIDException e) {
+						e.printStackTrace();
+					}
+					return;
 			}			
 		}
 		
 		VelocityContext context = new VelocityContext();
 		context.put("successMsg",
 				MOAIDMessageProvider.getInstance().getMessage("slo.02", null));
-		try {
+		try {			
 			ssomanager.printSingleLogOutInfo(context, resp);
 						
 		} catch (MOAIDException e) {
-			// TODO Auto-generated catch block
 			e.printStackTrace();
 		}
 					
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 9dddce4b0..8f9417096 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -59,6 +59,7 @@ import org.opensaml.ws.soap.common.SOAPException;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.SecurityException;
 
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
 import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder;
 import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
@@ -103,6 +104,7 @@ public class AuthenticationManager extends AuthServlet {
 	public static final String MOA_SESSION = "MoaAuthenticationSession";
 	public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
 
+	public static final int SLOTIMEOUT = 30 * 1000; //30 sec
 	
 	public static AuthenticationManager getInstance() {
 		if (instance == null) {
@@ -244,8 +246,14 @@ public class AuthenticationManager extends AuthServlet {
 				
 				AssertionStorage.getInstance().put(relayState, sloContainer);
 				
+				String timeOutURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix()
+						+ "/idpSingleLogout"
+						+ "?restart=" + relayState;
+				
 		        VelocityContext context = new VelocityContext();
 		        context.put("redirectURLs", sloReqList);
+		        context.put("$timeoutURL", timeOutURL);
+		        context.put("$timeout", SLOTIMEOUT);
 		        ssomanager.printSingleLogOutInfo(context, httpResp);
 				
 								
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
index a652855c4..88279ee96 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
@@ -375,11 +375,24 @@
       			                        
     </style> 
 
+	#if($timeoutURL)
+		<script type="text/javascript">
+			function sloTimeOut() {
+				window.location.href="$timeoutURL";
+			
+			}	
+	
+		</script>
+	#end
 
   <title>Single LogOut Vorgang ... </title>
 </head>
 
-<body>
+#if($timeoutURL)
+	<body onload='setTimeout(sloTimeOut(), $timeout);'>
+#else
+	<body>
+#end
   <noscript>
 		<p>
 			<strong>Note:</strong> Since your browser does not support