aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-08-21 12:09:00 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-08-21 12:09:00 +0200
commit5df1984c62b3f214ce9ed368beb9473bce0183e5 (patch)
tree4f1ea14ec277325111f6ebfe3c4a8ba315817b25
parent99d482d088850f5641d98b12de04cd1eefc030c0 (diff)
downloadmoa-id-spss-5df1984c62b3f214ce9ed368beb9473bce0183e5.tar.gz
moa-id-spss-5df1984c62b3f214ce9ed368beb9473bce0183e5.tar.bz2
moa-id-spss-5df1984c62b3f214ce9ed368beb9473bce0183e5.zip
fix some problems with Single LogOut
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java17
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java2
5 files changed, 44 insertions, 18 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java
index 00d6850d3..dfcde4624 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java
@@ -197,11 +197,20 @@ public class SLOBasicServlet extends HttpServlet {
} else if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
- log.info("Single LogOut process complete.");
- request.getSession().setAttribute(Constants.SESSION_SLOSUCCESS,
- LanguageHelper.getErrorString("webpages.slo.success", request));
-
+ if (sloResp.getStatus().getStatusCode().getStatusCode() != null &&
+ !sloResp.getStatus().getStatusCode().getStatusCode().equals(StatusCode.PARTIAL_LOGOUT_URI)) {
+ log.info("Single LogOut process complete.");
+ request.getSession().setAttribute(Constants.SESSION_SLOSUCCESS,
+ LanguageHelper.getErrorString("webpages.slo.success", request));
+
+ } else {
+ log.warn("Single LogOut process is not completed.");
+ request.getSession().setAttribute(Constants.SESSION_SLOERROR,
+ LanguageHelper.getErrorString("webpages.slo.error", request));
+
+ }
+
} else {
log.warn("Single LogOut response sends an unsupported statustype " + sloResp.getStatus().getStatusCode().getValue());
request.getSession().setAttribute(Constants.SESSION_SLOERROR,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 8f9417096..daa70efce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -49,6 +49,7 @@ import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.NameIDPolicy;
import org.opensaml.saml2.core.NameIDType;
import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SingleLogoutService;
@@ -252,8 +253,8 @@ public class AuthenticationManager extends AuthServlet {
VelocityContext context = new VelocityContext();
context.put("redirectURLs", sloReqList);
- context.put("$timeoutURL", timeOutURL);
- context.put("$timeout", SLOTIMEOUT);
+ context.put("timeoutURL", timeOutURL);
+ context.put("timeout", SLOTIMEOUT);
ssomanager.printSingleLogOutInfo(context, httpResp);
@@ -284,7 +285,7 @@ public class AuthenticationManager extends AuthServlet {
Logger.error("MOA AssertionDatabase ERROR", e);
if (pvpReq != null) {
SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
- LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState);
}else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index 46e02d048..b22941216 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -135,7 +135,7 @@ public class SingleLogOutAction implements IAction {
if (MiscUtil.isEmpty(ssoID)) {
Logger.warn("Can not find active Session. Single LogOut not possible!");
SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
- LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
return null;
@@ -147,7 +147,7 @@ public class SingleLogOutAction implements IAction {
} catch (MOADatabaseException e) {
Logger.warn("Can not find active Session. Single LogOut not possible!");
SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
- LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
return null;
@@ -162,7 +162,9 @@ public class SingleLogOutAction implements IAction {
((MOAResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
Logger.debug("Process Single LogOut response");
LogoutResponse logOutResp = (LogoutResponse) ((MOAResponse)pvpReq.getRequest()).getResponse();
-
+
+ Transaction tx = null;
+
try {
String relayState = pvpReq.getRequest().getRelayState();
if (MiscUtil.isEmpty(relayState)) {
@@ -179,7 +181,7 @@ public class SingleLogOutAction implements IAction {
//TODO: add counter to prevent deadlock
while (!storageSuccess) {
- Transaction tx = session.beginTransaction();
+ tx = session.beginTransaction();
List result;
Query query = session.getNamedQuery("getAssertionWithArtifact");
@@ -235,7 +237,7 @@ public class SingleLogOutAction implements IAction {
try {
session.delete(element);
tx.commit();
-
+
} catch(HibernateException e) {
tx.rollback();
Logger.error("SLOContainter could not deleted from database. ");
@@ -292,7 +294,14 @@ public class SingleLogOutAction implements IAction {
Logger.error("Finale SLO redirct not possible.", e);
throw new AuthenticationException("pvp2.13", new Object[]{});
+ } finally {
+ if (tx != null && !tx.wasCommitted()) {
+ tx.commit();
+
+ }
}
+
+
} else {
Logger.error("Process SingleLogOutAction but request is NOT of type LogoutRequest or LogoutResponse.");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index eeb1dd104..01139d95c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -213,12 +213,13 @@ public class SingleLogOutBuilder {
}
-
+ DateTime now = new DateTime();
Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
issuer.setFormat(NameID.ENTITY);
sloReq.setIssuer(issuer);
- sloReq.setIssueInstant(new DateTime());
+ sloReq.setIssueInstant(now);
+ sloReq.setNotOnOrAfter(now.plusMinutes(5));
sloReq.setDestination(sloInfo.getServiceURL());
@@ -230,14 +231,17 @@ public class SingleLogOutBuilder {
return sloReq;
}
- public static LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException, MOAIDException {
+ public static LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest, String firstLevelStatusCode) throws ConfigurationException, MOAIDException {
LogoutResponse sloResp = buildBasicResponse(sloService, spRequest);
Status status = SAML2Utils.createSAMLObject(Status.class);
StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
- statusCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+ statusCode.setValue(firstLevelStatusCode);
statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", null));
+ StatusCode secondLevelCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ secondLevelCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+ statusCode.setStatusCode(secondLevelCode);
status.setStatusCode(statusCode);
status.setStatusMessage(statusMessage);
sloResp.setStatus(status);
@@ -255,8 +259,11 @@ public class SingleLogOutBuilder {
status = SAML2Utils.createSAMLObject(Status.class);
StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
- statusCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+ statusCode.setValue(StatusCode.SUCCESS_URI);
statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", null));
+ StatusCode secondLevelCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ secondLevelCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+ statusCode.setStatusCode(secondLevelCode);
status.setStatusCode(statusCode);
status.setStatusMessage(statusMessage);
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java
index e890e2145..848f4ee07 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java
@@ -65,7 +65,7 @@ public class ConfigurationDBRead {
List result;
EntityManager session = ConfigurationDBUtils.getCurrentSession();
-
+
javax.persistence.Query query = session.createQuery(QUERIES.get("getActiveOnlineApplicationWithID"));
//query.setParameter("id", id+"%");
query.setParameter("id", StringEscapeUtils.escapeHtml(id));