aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2014-06-13 14:05:47 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2014-06-13 14:05:47 +0200
commit39d7088511d0959a9453112b5471c1cf9fd99d88 (patch)
treec8b90b80927db9f21d12b1193c0bb56323072e39 /id
parent72b7bf07c9c070bc8aa4020568c849cb749c0dd8 (diff)
downloadmoa-id-spss-39d7088511d0959a9453112b5471c1cf9fd99d88.tar.gz
moa-id-spss-39d7088511d0959a9453112b5471c1cf9fd99d88.tar.bz2
moa-id-spss-39d7088511d0959a9453112b5471c1cf9fd99d88.zip
add timeout to frontchannel SLO
Diffstat (limited to 'id')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java85
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java8
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/slo_template.html15
4 files changed, 107 insertions, 4 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 497c79c1e..b00989b42 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -33,7 +33,8 @@ public interface MOAIDAuthConstants {
public static final String PARAM_SSO = "SSO";
public static final String INTERFEDERATION_IDP = "interIDP";
- public static final String PARAM_SLOSTATUS = "status";
+ public static final String PARAM_SLOSTATUS = "status";
+ public static final String PARAM_SLORESTART = "restart";
public static final String SLOSTATUS_SUCCESS = "success";
public static final String SLOSTATUS_ERROR = "error";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 536f3ee04..a7ec4dcb6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -29,17 +29,26 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.velocity.VelocityContext;
+import org.opensaml.saml2.core.LogoutResponse;
+import org.opensaml.saml2.metadata.SingleLogoutService;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.data.SLOInformationContainer;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.SSOManager;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.URLEncoder;
/**
* @author tlenz
@@ -55,6 +64,8 @@ public class IDPSingleLogOutServlet extends AuthServlet {
SSOManager ssomanager = SSOManager.getInstance();
String ssoid = ssomanager.getSSOSessionID(req);
+ Object restartProcessObj = req.getParameter(PARAM_SLORESTART);
+
Object tokkenObj = req.getParameter(PARAM_SLOSTATUS);
String tokken = null;
String status = null;
@@ -111,17 +122,87 @@ public class IDPSingleLogOutServlet extends AuthServlet {
e.printStackTrace();
}
}
+ }
+
+ } else if (restartProcessObj != null && restartProcessObj instanceof String) {
+ String restartProcess = (String) restartProcessObj;
+ if (MiscUtil.isNotEmpty(restartProcess)) {
+ Logger.info("Restart Single LogOut process after timeout ... ");
+ try {
+ SLOInformationContainer sloContainer = AssertionStorage.getInstance().get(restartProcess, SLOInformationContainer.class);
+ if (sloContainer.hasFrontChannelOA())
+ sloContainer.putFailedOA("differntent OAs");
+
+ String redirectURL = null;
+ if (sloContainer.getSloRequest() != null) {
+ //send SLO response to SLO request issuer
+ SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(sloContainer.getSloRequest());
+ LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs());
+ redirectURL = SingleLogOutBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, sloContainer.getSloRequest().getRequest().getRelayState());
+
+ } else {
+ //print SLO information directly
+ redirectURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/idpSingleLogout";
+
+ String artifact = Random.nextRandom();
+
+ String statusCode = null;
+ if (sloContainer.getSloFailedOAs() == null ||
+ sloContainer.getSloFailedOAs().size() == 0)
+ statusCode = SLOSTATUS_SUCCESS;
+ else
+ statusCode = SLOSTATUS_ERROR;
+
+ AssertionStorage.getInstance().put(artifact, statusCode);
+ redirectURL = addURLParameter(redirectURL, PARAM_SLOSTATUS, artifact);
+
+ }
+ //redirect to Redirect Servlet
+ String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet";
+ url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(redirectURL, "UTF-8"));
+ url = resp.encodeRedirectURL(url);
+
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", url);
+ return;
+
+ } catch (MOADatabaseException e) {
+ Logger.info("Find no SLO information with processingID "
+ + restartProcess);
+
+ } catch (NoMetadataInformationException e) {
+ Logger.warn("Build SLO respone FAILED.", e);
+
+ } catch (NOSLOServiceDescriptorException e) {
+ Logger.warn("Build SLO respone FAILED.", e);
+
+ } catch (MOAIDException e) {
+ Logger.warn("Build SLO respone FAILED.", e);
+
+ }
+
+ VelocityContext context = new VelocityContext();
+ context.put("errorMsg",
+ MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
+
+ try {
+ ssomanager.printSingleLogOutInfo(context, resp);
+
+ } catch (MOAIDException e) {
+ e.printStackTrace();
+ }
+ return;
}
}
VelocityContext context = new VelocityContext();
context.put("successMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.02", null));
- try {
+ try {
ssomanager.printSingleLogOutInfo(context, resp);
} catch (MOAIDException e) {
- // TODO Auto-generated catch block
e.printStackTrace();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 9dddce4b0..8f9417096 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -59,6 +59,7 @@ import org.opensaml.ws.soap.common.SOAPException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.SecurityException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
@@ -103,6 +104,7 @@ public class AuthenticationManager extends AuthServlet {
public static final String MOA_SESSION = "MoaAuthenticationSession";
public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
+ public static final int SLOTIMEOUT = 30 * 1000; //30 sec
public static AuthenticationManager getInstance() {
if (instance == null) {
@@ -244,8 +246,14 @@ public class AuthenticationManager extends AuthServlet {
AssertionStorage.getInstance().put(relayState, sloContainer);
+ String timeOutURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix()
+ + "/idpSingleLogout"
+ + "?restart=" + relayState;
+
VelocityContext context = new VelocityContext();
context.put("redirectURLs", sloReqList);
+ context.put("$timeoutURL", timeOutURL);
+ context.put("$timeout", SLOTIMEOUT);
ssomanager.printSingleLogOutInfo(context, httpResp);
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
index a652855c4..88279ee96 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
@@ -375,11 +375,24 @@
</style>
+ #if($timeoutURL)
+ <script type="text/javascript">
+ function sloTimeOut() {
+ window.location.href="$timeoutURL";
+
+ }
+
+ </script>
+ #end
<title>Single LogOut Vorgang ... </title>
</head>
-<body>
+#if($timeoutURL)
+ <body onload='setTimeout(sloTimeOut(), $timeout);'>
+#else
+ <body>
+#end
<noscript>
<p>
<strong>Note:</strong> Since your browser does not support