diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-25 12:17:29 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-02-25 12:17:29 +0100 |
commit | 19f91c16f69b97c70ffe9a290305737bd351aae8 (patch) | |
tree | 65b21e714879079d52d377c1c3310232fc43ffc8 /id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls | |
parent | 1f88acc4f47eb8b9e01ff3c9d8262871fe314b42 (diff) | |
download | moa-id-spss-19f91c16f69b97c70ffe9a290305737bd351aae8.tar.gz moa-id-spss-19f91c16f69b97c70ffe9a290305737bd351aae8.tar.bz2 moa-id-spss-19f91c16f69b97c70ffe9a290305737bd351aae8.zip |
solve problems with LogOut and Single LogOut
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java | 32 |
1 files changed, 22 insertions, 10 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 22561e435..d76c6d526 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -115,7 +115,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { public void performOnlyIDPLogOut(HttpServletRequest request, HttpServletResponse response, String moaSessionID) { - Logger.info("Logout"); + Logger.info("Remove active user-session"); if(moaSessionID == null) { moaSessionID = (String) request.getParameter(PARAM_SESSIONID); @@ -440,6 +440,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { String pvpSLOIssuer = null; String inboundRelayState = null; + Logger.debug("Start technical Single LogOut process ... "); + if (pvpReq != null) { MOARequest samlReq = (MOARequest) pvpReq.getRequest(); LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest(); @@ -455,18 +457,25 @@ public class AuthenticationManager extends MOAIDAuthConstants { sloContainer.setSloRequest(pvpReq); sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer); sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer); - + + Logger.debug("Active SSO Service-Provider: " + + " BackChannel:" + sloContainer.getActiveBackChannelOAs().size() + + " FrontChannel:" + sloContainer.getActiveFrontChannalOAs().size() + + " NO_SLO_Support:" + sloContainer.getSloFailedOAs().size()); + //terminate MOASession try { authenticatedSessionStore.destroySession(session.getSessionID()); - ssoManager.deleteSSOSessionID(httpReq, httpResp); - + ssoManager.deleteSSOSessionID(httpReq, httpResp); + Logger.debug("Active SSO Session on IDP is remove."); + } catch (MOADatabaseException e) { Logger.warn("Delete MOASession FAILED."); sloContainer.putFailedOA(pvpReq.getAuthURL()); } + Logger.trace("Starting Service-Provider logout process ... "); //start service provider back channel logout process Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA(); while (nextOAInterator.hasNext()) { @@ -474,6 +483,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { LogoutRequest sloReq = sloBuilder.buildSLORequestMessage(sloDescr); try { + Logger.trace("Send backchannel SLO Request to " + sloDescr.getSpEntityID()); List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq); LogoutResponse sloResp = null; @@ -483,9 +493,9 @@ public class AuthenticationManager extends MOAIDAuthConstants { } if (sloResp == null) { - Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue() + Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID() + " FAILED. NO LogOut response received."); - sloContainer.putFailedOA(sloReq.getIssuer().getValue()); + sloContainer.putFailedOA(sloDescr.getSpEntityID()); } else { samlVerificationEngine.verifySLOResponse(sloResp, @@ -496,14 +506,14 @@ public class AuthenticationManager extends MOAIDAuthConstants { sloBuilder.checkStatusCode(sloContainer, sloResp); } catch (SOAPException e) { - Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue() + Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID() + " FAILED.", e); - sloContainer.putFailedOA(sloReq.getIssuer().getValue()); + sloContainer.putFailedOA(sloDescr.getSpEntityID()); } catch (SecurityException | InvalidProtocolRequestException e) { - Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue() + Logger.warn("Single LogOut for OA " + sloDescr.getSpEntityID() + " FAILED.", e); - sloContainer.putFailedOA(sloReq.getIssuer().getValue()); + sloContainer.putFailedOA(sloDescr.getSpEntityID()); } } @@ -516,6 +526,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { Collection<Entry<String, SLOInformationImpl>> sloDescr = sloContainer.getFrontChannelOASessionDescriptions(); List<String> sloReqList = new ArrayList<String>(); for (Entry<String, SLOInformationImpl> el : sloDescr) { + Logger.trace("Build frontChannel SLO Request for " + el.getValue().getSpEntityID()); + LogoutRequest sloReq = sloBuilder.buildSLORequestMessage(el.getValue()); try { sloReqList.add(sloBuilder.getFrontChannelSLOMessageURL(el.getValue().getServiceURL(), el.getValue().getBinding(), |