1 files changed, 14 insertions, 29 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 8ef047300..0285dd75b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -56,13 +56,11 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
-import at.gv.egovernment.moa.id.moduls.SSOManager;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -71,9 +69,11 @@ import at.gv.egovernment.moa.util.MiscUtil;
 public class LogOutServlet {
 	private static final String REDIRECT_URL = "redirect";
 	
-	@Autowired private SSOManager ssomanager;
-	@Autowired private AuthenticationManager authmanager;
-	@Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage;
+	@Autowired(required=true) private ISSOManager ssomanager;
+	//@Autowired(required=true) private IAuthenticationManager authmanager;
+	@Autowired(required=true) private IAuthenticationSessionStoreage authenticatedSessionStorage;
+	@Autowired(required=true) private AuthConfiguration authConfig;
+	
 	
 	@RequestMapping(value = "/LogOut", method = {RequestMethod.POST, RequestMethod.GET})
 	public void performLogOut(HttpServletRequest req, HttpServletResponse resp) throws IOException {
@@ -81,10 +81,7 @@ public class LogOutServlet {
 
 		String redirectUrl = (String) req.getParameter(REDIRECT_URL);
 				
-		try {
-			//get SSO token from request
-			String ssoid = ssomanager.getSSOSessionID(req);
-			
+		try {			
 			if (MiscUtil.isEmpty(redirectUrl)) {
 				//set default redirect Target
 				Logger.debug("Set default RedirectURL back to MOA-ID-Auth");
@@ -92,7 +89,7 @@ public class LogOutServlet {
 				
 			} else {
 				//return an error if RedirectURL is not a active Online-Applikation
-				IOAAuthParameters oa = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(redirectUrl);			
+				IOAAuthParameters oa = authConfig.getServiceProviderConfiguration(redirectUrl, IOAAuthParameters.class);			
 				if (oa == null) {		
 					Logger.info("RedirctURL does not match to OA configuration. Set default RedirectURL back to MOA-ID-Auth");
 					redirectUrl = HTTPUtils.extractAuthURLFromRequest(req);
@@ -101,23 +98,11 @@ public class LogOutServlet {
 				
 			}
 			
-			if (ssomanager.isValidSSOSession(ssoid, null)) {
-		
-				//TODO: Single LogOut Implementation
-		
-				//delete SSO session and MOA session
-				AuthenticationSession moasessionid = authenticatedSessionStorage.getInternalMOASessionWithSSOID(ssoid);
-				authmanager.performOnlyIDPLogOut(moasessionid);
-				
-				Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl);
-			} else {
+			if (ssomanager.destroySSOSessionOnIDPOnly(req, resp, null))
+				Logger.info("User with SSO is logged out and get redirect to "+ redirectUrl);				
+			else
 				Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl);
-				
-			}
-			
-			//Remove SSO token
-			ssomanager.deleteSSOSessionID(req, resp);
-			
+		
 		} catch (Exception e) {
 			resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Request not allowed.");
 			return;