aboutsummaryrefslogtreecommitdiff
path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-02-25 12:17:29 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-02-25 12:17:29 +0100
commit19f91c16f69b97c70ffe9a290305737bd351aae8 (patch)
tree65b21e714879079d52d377c1c3310232fc43ffc8 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls
parent1f88acc4f47eb8b9e01ff3c9d8262871fe314b42 (diff)
downloadmoa-id-spss-19f91c16f69b97c70ffe9a290305737bd351aae8.tar.gz
moa-id-spss-19f91c16f69b97c70ffe9a290305737bd351aae8.tar.bz2
moa-id-spss-19f91c16f69b97c70ffe9a290305737bd351aae8.zip
solve problems with LogOut and Single LogOut
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java32
1 files changed, 22 insertions, 10 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 22561e435..d76c6d526 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -115,7 +115,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
public void performOnlyIDPLogOut(HttpServletRequest request,
HttpServletResponse response, String moaSessionID) {
- Logger.info("Logout");
+ Logger.info("Remove active user-session");
if(moaSessionID == null) {
moaSessionID = (String) request.getParameter(PARAM_SESSIONID);
@@ -440,6 +440,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
String pvpSLOIssuer = null;
String inboundRelayState = null;
+ Logger.debug("Start technical Single LogOut process ... ");
+
if (pvpReq != null) {
MOARequest samlReq = (MOARequest) pvpReq.getRequest();
LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest();
@@ -455,18 +457,25 @@ public class AuthenticationManager extends MOAIDAuthConstants {
sloContainer.setSloRequest(pvpReq);
sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer);
sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer);
-
+
+ Logger.debug("Active SSO Service-Provider: "
+ + " BackChannel:" + sloContainer.getActiveBackChannelOAs().size()
+ + " FrontChannel:" + sloContainer.getActiveFrontChannalOAs().size()
+ + " NO_SLO_Support:" + sloContainer.getSloFailedOAs().size());
+
//terminate MOASession
try {
authenticatedSessionStore.destroySession(session.getSessionID());
- ssoManager.deleteSSOSessionID(httpReq, httpResp);
-
+ ssoManager.deleteSSOSessionID(httpReq, httpResp);
+ Logger.debug("Active SSO Session on IDP is remove.");
+
} catch (MOADatabaseException e) {
Logger.warn("Delete MOASession FAILED.");
sloContainer.putFailedOA(pvpReq.getAuthURL());
}
+ Logger.trace("Starting Service-Provider logout process ... ");
//start service provider back channel logout process
Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA();
while (nextOAInterator.hasNext()) {
@@ -474,6 +483,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
LogoutRequest sloReq = sloBuilder.buildSLORequestMessage(sloDescr);
try {
+ Logger.trace("Send backchannel SLO Request to " + sloDescr.getSpEntityID());
List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq);
LogoutResponse sloResp = null;
@@ -483,9 +493,9 @@ public class AuthenticationManager extends MOAIDAuthConstants {
}
if (sloResp == null) {
- Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue()
+ Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+ " FAILED. NO LogOut response received.");
- sloContainer.putFailedOA(sloReq.getIssuer().getValue());
+ sloContainer.putFailedOA(sloDescr.getSpEntityID());
} else {
samlVerificationEngine.verifySLOResponse(sloResp,
@@ -496,14 +506,14 @@ public class AuthenticationManager extends MOAIDAuthConstants {
sloBuilder.checkStatusCode(sloContainer, sloResp);
} catch (SOAPException e) {
- Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue()
+ Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+ " FAILED.", e);
- sloContainer.putFailedOA(sloReq.getIssuer().getValue());
+ sloContainer.putFailedOA(sloDescr.getSpEntityID());
} catch (SecurityException | InvalidProtocolRequestException e) {
- Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue()
+ Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID()
+ " FAILED.", e);
- sloContainer.putFailedOA(sloReq.getIssuer().getValue());
+ sloContainer.putFailedOA(sloDescr.getSpEntityID());
}
}
@@ -516,6 +526,8 @@ public class AuthenticationManager extends MOAIDAuthConstants {
Collection<Entry<String, SLOInformationImpl>> sloDescr = sloContainer.getFrontChannelOASessionDescriptions();
List<String> sloReqList = new ArrayList<String>();
for (Entry<String, SLOInformationImpl> el : sloDescr) {
+ Logger.trace("Build frontChannel SLO Request for " + el.getValue().getSpEntityID());
+
LogoutRequest sloReq = sloBuilder.buildSLORequestMessage(el.getValue());
try {
sloReqList.add(sloBuilder.getFrontChannelSLOMessageURL(el.getValue().getServiceURL(), el.getValue().getBinding(),