SSO Implementation

1 files changed, 137 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
new file mode 100644
index 000000000..571d4e738
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -0,0 +1,137 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.List;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import javax.swing.text.StyleContext.SmallAttributeSet;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.stork.CPEPS;
+import at.gv.egovernment.moa.id.config.stork.STORKConfig;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.StringUtils;
+import eu.stork.mw.messages.saml.STORKAuthnRequest;
+import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
+import eu.stork.vidp.messages.exception.SAMLException;
+import eu.stork.vidp.messages.exception.SAMLValidationException;
+import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
+import eu.stork.vidp.messages.stork.RequestedAttributes;
+
+public class LogOutServlet extends AuthServlet {
+
+	private static final long serialVersionUID = 3908001651893673395L;
+
+	private static final String REDIRECT_URL = "redirect";
+	
+  protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+    throws ServletException, IOException {
+
+	Logger.debug("receive LogOut Request");  
+
+	String redirectUrl = (String) req.getParameter(REDIRECT_URL);
+	
+	SSOManager ssomanager = SSOManager.getInstance();
+	
+	//get SSO token from request
+	String ssoid = ssomanager.getSSOSessionID(req);
+	
+	if (ssomanager.isValidSSOSession(ssoid, req)) {
+
+		//TODO: Single LogOut Implementation
+		
+		//delete SSO session and MOA session
+		AuthenticationManager authmanager = AuthenticationManager.getInstance();
+		authmanager.logout(req, resp);
+		Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
+	} else {
+		Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
+	}
+	
+	//Remove SSO token
+	ssomanager.deleteSSOSessionID(req, resp);
+	
+	//invalidate Session
+	req.getSession().invalidate();
+	
+	//Redirect to Application
+    resp.setStatus(301);
+    resp.addHeader("Location", redirectUrl);
+  }
+
+
+  protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+    throws ServletException, IOException {
+    
+    doGet(req, resp);
+  }
+  
+
+  /**
+   * Calls the web application initializer.
+   * 
+   * @see javax.servlet.Servlet#init(ServletConfig)
+   */
+  public void init(ServletConfig servletConfig) throws ServletException {
+  	try {
+      super.init(servletConfig);
+      MOAIDAuthInitializer.initialize();
+  		Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+  	}
+  	catch (Exception ex) {
+  		Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+  		throw new ServletException(ex);
+  	}
+  }  
+
+}