From 39d7088511d0959a9453112b5471c1cf9fd99d88 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 13 Jun 2014 14:05:47 +0200 Subject: add timeout to frontchannel SLO --- .../moa/id/auth/MOAIDAuthConstants.java | 3 +- .../id/auth/servlet/IDPSingleLogOutServlet.java | 85 +++++++++++++++++++++- .../moa/id/moduls/AuthenticationManager.java | 8 ++ .../resources/templates/slo_template.html | 15 +++- 4 files changed, 107 insertions(+), 4 deletions(-) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 497c79c1e..b00989b42 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -33,7 +33,8 @@ public interface MOAIDAuthConstants { public static final String PARAM_SSO = "SSO"; public static final String INTERFEDERATION_IDP = "interIDP"; - public static final String PARAM_SLOSTATUS = "status"; + public static final String PARAM_SLOSTATUS = "status"; + public static final String PARAM_SLORESTART = "restart"; public static final String SLOSTATUS_SUCCESS = "success"; public static final String SLOSTATUS_ERROR = "error"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java index 536f3ee04..a7ec4dcb6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java @@ -29,17 +29,26 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.velocity.VelocityContext; +import org.opensaml.saml2.core.LogoutResponse; +import org.opensaml.saml2.metadata.SingleLogoutService; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.data.SLOInformationContainer; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; import at.gv.egovernment.moa.id.storage.AssertionStorage; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moa.util.URLEncoder; /** * @author tlenz @@ -55,6 +64,8 @@ public class IDPSingleLogOutServlet extends AuthServlet { SSOManager ssomanager = SSOManager.getInstance(); String ssoid = ssomanager.getSSOSessionID(req); + Object restartProcessObj = req.getParameter(PARAM_SLORESTART); + Object tokkenObj = req.getParameter(PARAM_SLOSTATUS); String tokken = null; String status = null; @@ -111,17 +122,87 @@ public class IDPSingleLogOutServlet extends AuthServlet { e.printStackTrace(); } } + } + + } else if (restartProcessObj != null && restartProcessObj instanceof String) { + String restartProcess = (String) restartProcessObj; + if (MiscUtil.isNotEmpty(restartProcess)) { + Logger.info("Restart Single LogOut process after timeout ... "); + try { + SLOInformationContainer sloContainer = AssertionStorage.getInstance().get(restartProcess, SLOInformationContainer.class); + if (sloContainer.hasFrontChannelOA()) + sloContainer.putFailedOA("differntent OAs"); + + String redirectURL = null; + if (sloContainer.getSloRequest() != null) { + //send SLO response to SLO request issuer + SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(sloContainer.getSloRequest()); + LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, sloContainer.getSloRequest(), sloContainer.getSloFailedOAs()); + redirectURL = SingleLogOutBuilder.getFrontChannelSLOMessageURL(sloService, message, req, resp, sloContainer.getSloRequest().getRequest().getRelayState()); + + } else { + //print SLO information directly + redirectURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/idpSingleLogout"; + + String artifact = Random.nextRandom(); + + String statusCode = null; + if (sloContainer.getSloFailedOAs() == null || + sloContainer.getSloFailedOAs().size() == 0) + statusCode = SLOSTATUS_SUCCESS; + else + statusCode = SLOSTATUS_ERROR; + + AssertionStorage.getInstance().put(artifact, statusCode); + redirectURL = addURLParameter(redirectURL, PARAM_SLOSTATUS, artifact); + + } + //redirect to Redirect Servlet + String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet"; + url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(redirectURL, "UTF-8")); + url = resp.encodeRedirectURL(url); + + resp.setContentType("text/html"); + resp.setStatus(302); + resp.addHeader("Location", url); + return; + + } catch (MOADatabaseException e) { + Logger.info("Find no SLO information with processingID " + + restartProcess); + + } catch (NoMetadataInformationException e) { + Logger.warn("Build SLO respone FAILED.", e); + + } catch (NOSLOServiceDescriptorException e) { + Logger.warn("Build SLO respone FAILED.", e); + + } catch (MOAIDException e) { + Logger.warn("Build SLO respone FAILED.", e); + + } + + VelocityContext context = new VelocityContext(); + context.put("errorMsg", + MOAIDMessageProvider.getInstance().getMessage("slo.01", null)); + + try { + ssomanager.printSingleLogOutInfo(context, resp); + + } catch (MOAIDException e) { + e.printStackTrace(); + } + return; } } VelocityContext context = new VelocityContext(); context.put("successMsg", MOAIDMessageProvider.getInstance().getMessage("slo.02", null)); - try { + try { ssomanager.printSingleLogOutInfo(context, resp); } catch (MOAIDException e) { - // TODO Auto-generated catch block e.printStackTrace(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 9dddce4b0..8f9417096 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -59,6 +59,7 @@ import org.opensaml.ws.soap.common.SOAPException; import org.opensaml.xml.XMLObject; import org.opensaml.xml.security.SecurityException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder; import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; @@ -103,6 +104,7 @@ public class AuthenticationManager extends AuthServlet { public static final String MOA_SESSION = "MoaAuthenticationSession"; public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; + public static final int SLOTIMEOUT = 30 * 1000; //30 sec public static AuthenticationManager getInstance() { if (instance == null) { @@ -244,8 +246,14 @@ public class AuthenticationManager extends AuthServlet { AssertionStorage.getInstance().put(relayState, sloContainer); + String timeOutURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + + "/idpSingleLogout" + + "?restart=" + relayState; + VelocityContext context = new VelocityContext(); context.put("redirectURLs", sloReqList); + context.put("$timeoutURL", timeOutURL); + context.put("$timeout", SLOTIMEOUT); ssomanager.printSingleLogOutInfo(context, httpResp); diff --git a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html index a652855c4..88279ee96 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html @@ -375,11 +375,24 @@ + #if($timeoutURL) + + #end Single LogOut Vorgang ... - +#if($timeoutURL) + +#else + +#end