fix some problems with Single LogOut

author: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-08-21 12:09:00 +0200
committer: Thomas Lenz <tlenz@iaik.tugraz.at> 2014-08-21 12:09:00 +0200
commit: 5df1984c62b3f214ce9ed368beb9473bce0183e5 (patch)
tree: 4f1ea14ec277325111f6ebfe3c4a8ba315817b25
parent: 99d482d088850f5641d98b12de04cd1eefc030c0 (diff)
download: moa-id-spss-5df1984c62b3f214ce9ed368beb9473bce0183e5.tar.gz
moa-id-spss-5df1984c62b3f214ce9ed368beb9473bce0183e5.tar.bz2
moa-id-spss-5df1984c62b3f214ce9ed368beb9473bce0183e5.zip
5 files changed, 44 insertions, 18 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java
index 00d6850d3..dfcde4624 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java
@@ -197,11 +197,20 @@ public class SLOBasicServlet extends HttpServlet {
 			
 			
 		} else if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
-			log.info("Single LogOut process complete.");
-			request.getSession().setAttribute(Constants.SESSION_SLOSUCCESS, 
-					LanguageHelper.getErrorString("webpages.slo.success", request));
 			
-
+			if (sloResp.getStatus().getStatusCode().getStatusCode() != null && 
+					!sloResp.getStatus().getStatusCode().getStatusCode().equals(StatusCode.PARTIAL_LOGOUT_URI)) {			
+				log.info("Single LogOut process complete.");
+				request.getSession().setAttribute(Constants.SESSION_SLOSUCCESS, 
+						LanguageHelper.getErrorString("webpages.slo.success", request));
+				
+			} else {
+				log.warn("Single LogOut process is not completed.");
+				request.getSession().setAttribute(Constants.SESSION_SLOERROR, 
+						LanguageHelper.getErrorString("webpages.slo.error", request));
+				
+			}
+			
 		} else {
 			log.warn("Single LogOut response sends an unsupported statustype " + sloResp.getStatus().getStatusCode().getValue());
 			request.getSession().setAttribute(Constants.SESSION_SLOERROR, 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 8f9417096..daa70efce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -49,6 +49,7 @@ import org.opensaml.saml2.core.NameID;
 import org.opensaml.saml2.core.NameIDPolicy;
 import org.opensaml.saml2.core.NameIDType;
 import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.StatusCode;
 import org.opensaml.saml2.core.Subject;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.SingleLogoutService;
@@ -252,8 +253,8 @@ public class AuthenticationManager extends AuthServlet {
 				
 		        VelocityContext context = new VelocityContext();
 		        context.put("redirectURLs", sloReqList);
-		        context.put("$timeoutURL", timeOutURL);
-		        context.put("$timeout", SLOTIMEOUT);
+		        context.put("timeoutURL", timeOutURL);
+		        context.put("timeout", SLOTIMEOUT);
 		        ssomanager.printSingleLogOutInfo(context, httpResp);
 				
 								
@@ -284,7 +285,7 @@ public class AuthenticationManager extends AuthServlet {
 			Logger.error("MOA AssertionDatabase ERROR", e);
 			if (pvpReq != null) {
 				SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
-				LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+				LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
 				SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState);
 				
 			}else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index 46e02d048..b22941216 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -135,7 +135,7 @@ public class SingleLogOutAction implements IAction {
 					if (MiscUtil.isEmpty(ssoID)) {
 						Logger.warn("Can not find active Session. Single LogOut not possible!");
 						SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
-						LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+						LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
 						SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
 						return null;
 						
@@ -147,7 +147,7 @@ public class SingleLogOutAction implements IAction {
 						} catch (MOADatabaseException e) {
 							Logger.warn("Can not find active Session. Single LogOut not possible!");
 							SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
-							LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+							LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
 							SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
 							return null;
 							
@@ -162,7 +162,9 @@ public class SingleLogOutAction implements IAction {
 					((MOAResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
 				Logger.debug("Process Single LogOut response");
 				LogoutResponse logOutResp = (LogoutResponse) ((MOAResponse)pvpReq.getRequest()).getResponse();
-														
+
+				Transaction tx = null;
+				
 				try {					
 					String relayState = pvpReq.getRequest().getRelayState();
 					if (MiscUtil.isEmpty(relayState)) {
@@ -179,7 +181,7 @@ public class SingleLogOutAction implements IAction {
 					//TODO: add counter to prevent deadlock
 					
 					while (!storageSuccess) {
-						Transaction tx = session.beginTransaction();
+						tx = session.beginTransaction();
 						
 						List result;
 						Query query = session.getNamedQuery("getAssertionWithArtifact");
@@ -235,7 +237,7 @@ public class SingleLogOutAction implements IAction {
 								try {
 									session.delete(element);
 									tx.commit();
-
+									
 								} catch(HibernateException e) {
 									tx.rollback();								
 									Logger.error("SLOContainter could not deleted from database. ");
@@ -292,7 +294,14 @@ public class SingleLogOutAction implements IAction {
 					Logger.error("Finale SLO redirct not possible.", e);
 					throw new AuthenticationException("pvp2.13", new Object[]{});
 
+				} finally {
+					if (tx != null && !tx.wasCommitted()) {
+						tx.commit();
+						
+					}
 				}
+				
+				
 							
 			} else {
 				Logger.error("Process SingleLogOutAction but request is NOT of type LogoutRequest or LogoutResponse.");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index eeb1dd104..01139d95c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -213,12 +213,13 @@ public class SingleLogOutBuilder {
 			
 		}			
 
-		
+		DateTime now = new DateTime();
 		Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);		
 		issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
 		issuer.setFormat(NameID.ENTITY);
 		sloReq.setIssuer(issuer);		
-		sloReq.setIssueInstant(new DateTime());
+		sloReq.setIssueInstant(now);
+		sloReq.setNotOnOrAfter(now.plusMinutes(5));
 		
 		sloReq.setDestination(sloInfo.getServiceURL());
 		
@@ -230,14 +231,17 @@ public class SingleLogOutBuilder {
 		return sloReq;		
 	}
 	
-	public static LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException, MOAIDException {
+	public static LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest, String firstLevelStatusCode) throws ConfigurationException, MOAIDException {
 		LogoutResponse sloResp = buildBasicResponse(sloService, spRequest);
 		
 		Status status = SAML2Utils.createSAMLObject(Status.class);
 		StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
 		StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
-		statusCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+		statusCode.setValue(firstLevelStatusCode);
 		statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", null));
+		StatusCode secondLevelCode = SAML2Utils.createSAMLObject(StatusCode.class);
+		secondLevelCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+		statusCode.setStatusCode(secondLevelCode);
 		status.setStatusCode(statusCode);
 		status.setStatusMessage(statusMessage);
 		sloResp.setStatus(status);
@@ -255,8 +259,11 @@ public class SingleLogOutBuilder {
 			status = SAML2Utils.createSAMLObject(Status.class);
 			StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
 			StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
-			statusCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+			statusCode.setValue(StatusCode.SUCCESS_URI);			
 			statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", null));
+			StatusCode secondLevelCode = SAML2Utils.createSAMLObject(StatusCode.class);
+			secondLevelCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+			statusCode.setStatusCode(secondLevelCode);
 			status.setStatusCode(statusCode);
 			status.setStatusMessage(statusMessage);
 			
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java
index e890e2145..848f4ee07 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java
@@ -65,7 +65,7 @@ public class ConfigurationDBRead {
 
         List result;
         EntityManager session = ConfigurationDBUtils.getCurrentSession();
-
+        
         javax.persistence.Query query = session.createQuery(QUERIES.get("getActiveOnlineApplicationWithID"));
         //query.setParameter("id", id+"%");
         query.setParameter("id", StringEscapeUtils.escapeHtml(id));
author	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-08-21 12:09:00 +0200
committer	Thomas Lenz <tlenz@iaik.tugraz.at>	2014-08-21 12:09:00 +0200
commit	5df1984c62b3f214ce9ed368beb9473bce0183e5 (patch)
tree	4f1ea14ec277325111f6ebfe3c4a8ba315817b25
parent	99d482d088850f5641d98b12de04cd1eefc030c0 (diff)
download	moa-id-spss-5df1984c62b3f214ce9ed368beb9473bce0183e5.tar.gz moa-id-spss-5df1984c62b3f214ce9ed368beb9473bce0183e5.tar.bz2 moa-id-spss-5df1984c62b3f214ce9ed368beb9473bce0183e5.zip