diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls')
-rw-r--r-- | id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java | 56 |
1 files changed, 38 insertions, 18 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 1e064f24f..a1f2c6558 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -443,6 +443,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { HttpServletResponse httpResp, AuthenticationSession session, PVPTargetConfiguration pvpReq, String authURL) throws MOAIDException { String pvpSLOIssuer = null; String inboundRelayState = null; + String uniqueSessionIdentifier = "notSet"; + String uniqueTransactionIdentifier = "notSet"; Logger.debug("Start technical Single LogOut process ... "); @@ -451,14 +453,33 @@ public class AuthenticationManager extends MOAIDAuthConstants { LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest(); pvpSLOIssuer = logOutReq.getIssuer().getValue(); inboundRelayState = samlReq.getRelayState(); + uniqueSessionIdentifier = pvpReq.getUniqueSessionIdentifier(); + uniqueTransactionIdentifier = pvpReq.getUniqueTransactionIdentifier(); + } else { + AuthenticationSessionExtensions sessionExt; + try { + sessionExt = authenticatedSessionStore.getAuthenticationSessionExtensions(session.getSessionID()); + if (sessionExt != null) + uniqueSessionIdentifier = sessionExt.getUniqueSessionId(); + + } catch (MOADatabaseException e) { + Logger.error("Error during database communication. Can not evaluate 'uniqueSessionIdentifier'", e); + + } + uniqueTransactionIdentifier = Random.nextLongRandom(); + revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_IDP_SLO_REQUESTED); + } //store active OAs to SLOContaine List<OASessionStore> dbOAs = authenticatedSessionStore.getAllActiveOAFromMOASession(session); List<InterfederationSessionStore> dbIDPs = authenticatedSessionStore.getAllActiveIDPsFromMOASession(session); - SLOInformationContainer sloContainer = new SLOInformationContainer(); - sloContainer.setSloRequest(pvpReq); + SLOInformationContainer sloContainer = new SLOInformationContainer(); + sloContainer.setTransactionID(uniqueTransactionIdentifier); + sloContainer.setSessionID(uniqueSessionIdentifier); + sloContainer.setSloRequest(pvpReq); + sloBuilder.parseActiveIDPs(sloContainer, dbIDPs, pvpSLOIssuer); sloBuilder.parseActiveOAs(sloContainer, dbOAs, pvpSLOIssuer); @@ -468,19 +489,10 @@ public class AuthenticationManager extends MOAIDAuthConstants { + " NO_SLO_Support:" + sloContainer.getSloFailedOAs().size()); //terminate MOASession - try { - String uniqueSessionIdentifier = "notSet"; - AuthenticationSessionExtensions sessionExt = - authenticatedSessionStore.getAuthenticationSessionExtensions(session.getSessionID()); - if (sessionExt != null) - uniqueSessionIdentifier = sessionExt.getUniqueSessionId(); - + try { authenticatedSessionStore.destroySession(session.getSessionID()); ssoManager.deleteSSOSessionID(httpReq, httpResp); - if (pvpReq != null) - revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, pvpReq.getUniqueSessionIdentifier()); - else - revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier); + revisionsLogger.logEvent(MOAIDEventConstants.SESSION_DESTROYED, uniqueSessionIdentifier); Logger.debug("Active SSO Session on IDP is remove."); @@ -490,8 +502,9 @@ public class AuthenticationManager extends MOAIDAuthConstants { } - Logger.trace("Starting Service-Provider logout process ... "); - //start service provider back channel logout process + Logger.trace("Starting Service-Provider logout process ... "); + revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_STARTED); + //start service provider back channel logout process Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA(); while (nextOAInterator.hasNext()) { SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next()); @@ -592,13 +605,17 @@ public class AuthenticationManager extends MOAIDAuthConstants { null); if (sloContainer.getSloFailedOAs() == null || - sloContainer.getSloFailedOAs().size() == 0) + sloContainer.getSloFailedOAs().size() == 0) { + revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_ALL_VALID); config.putCustomParameter("successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.00", null)); - else + + } else { + revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); config.putCustomParameter("errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); - + + } guiBuilder.build(httpResp, config, "Single-LogOut GUI"); } @@ -615,6 +632,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { SingleLogoutService sloService = sloBuilder.getResponseSLODescriptor(pvpReq); LogoutResponse message = sloBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI); sloBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState); + + revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); }else { //print SLO information directly @@ -623,6 +642,7 @@ public class AuthenticationManager extends MOAIDAuthConstants { DefaultGUIFormBuilderConfiguration.VIEW_SINGLELOGOUT, null); + revisionsLogger.logEvent(uniqueSessionIdentifier, uniqueTransactionIdentifier, MOAIDEventConstants.AUTHPROCESS_SLO_NOT_ALL_VALID); config.putCustomParameter("errorMsg", MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); |