Package com.sun.identity.federation.services.logout

Class FSLogoutUtil

  • public class FSLogoutUtil
extends Object
    Utility class for single logout.

    • Constructor Detail

      • FSLogoutUtil

        public FSLogoutUtil()

    • Method Detail

      • destroyPrincipalSession

        protected static boolean destroyPrincipalSession​(String userID,
                                                 String metaAlias,
                                                 String sessionIndex,
                                                 jakarta.servlet.http.HttpServletRequest request,
                                                 jakarta.servlet.http.HttpServletResponse response)
        Destroys the principal's session. In order to destroy the user's session the following things need to be done 1. Destroy the Federation Session cookie (eg. iPlanetDirectoryPro) 2. Clean the Session manager (FSSessionManager related API call)
        Parameters:
        userID - the principal whose session needs to be destroyed
        metaAlias - the hostedProvider's meta alias.
        sessionIndex - Session Index of the user session.
        request - HTTP Request Object.
        response - HTTP Response Object.
        Returns:
        true if session cleanup was successful; false otherwise.

      • destroyLocalSession

        protected static boolean destroyLocalSession​(Object ssoToken,
                                             jakarta.servlet.http.HttpServletRequest request,
                                             jakarta.servlet.http.HttpServletResponse response)
        Destroys local session.
        Parameters:
        ssoToken - session of the principal
        Returns:
        true if the local session is deleted; false otherwise.

      • getSessionObjectList

        protected static Vector getSessionObjectList​(String userDn,
                                             String metaAlias,
                                             String sessionIndex)
        Gets the list of the principal's active sessionID that is maintained by FSSessionManager.
        Parameters:
        userDn - the principal whose session needs to be destroyed
        metaAlias - the hosted Entity doing logout cleanup
        sessionIndex - index of the user's session
        Returns:
        Vector list of active Session IDs

      • cleanSessionMapPartnerList

        public static void cleanSessionMapPartnerList​(String userDN,
                                              String currentEntityId,
                                              String metaAlias,
                                              FSSession session)
        Cleans the FSSessionManager maintained session for the given principal, provider Id and removes all references to the provider since logout notification has already been sent to that provider.
        Parameters:
        userDN - the principal whose session needs to be destroyed
        currentEntityId - the provider to whom logout notification is about to be sent
        metaAlias - the hostedProvider doing logout cleanup
        session - Liberty session.

      • cleanSessionMap

        protected static boolean cleanSessionMap​(String userDn,
                                         String metaAlias,
                                         FSSession session)
        Cleans the FSSessionManager maintained session for the given principal. Logout notification has already been sent to all providers that had live connections for this user If FSSession is null, then it cleans up the user's all sessions.
        Parameters:
        userDn - the principal whose session needs to be destroyed
        metaAlias - the hostedProvider doing logout cleanup
        session - Liberty session.
        Returns:
        true if session map cleaning was successful; false otherwise.

      • getValidToken

        protected static Object getValidToken​(jakarta.servlet.http.HttpServletRequest request)
        Retrieves the session token from the Http Request, and validates the token with the OpenAM session manager.
        Parameters:
        request - HTTPServletRequest object containing the session cookie information
        Returns:
        session token if request contained valid session info; false otherwise.

      • getCurrentWorkingAccount

        protected static FSAccountFedInfo getCurrentWorkingAccount​(String userID,
                                                           String entityID,
                                                           String metaAlias)
        Returns the FSAccountFedInfo object for the given principal and provider Id.
        Parameters:
        userID - principal whose working account we want to retrieve
        entityID - the provider Id to whom logout notification needs to be sent
        metaAlias - hosted provider's meta alias
        Returns:
        account object for the given user, provider

      • getCurrentProvider

        protected static HashMap getCurrentProvider​(String userID,
                                            String metaAlias)
        Returns the information for the given principal and one of the live connections (provider that received/issued assertion for this user) including sessionIndex, provider Id etc.
        Parameters:
        userID - principal who needs to be logged out
        metaAlias - the hostedProvider doing logout cleanup
        Returns:
        HashMap information about live connection provider

      • liveConnectionsExist

        public static boolean liveConnectionsExist​(String userID,
                                           String metaAlias)
        Finds out if there is at least one more partner who should be notified of logout
        Parameters:
        userID - principal who needs to be logged out
        metaAlias - ther provider performing logout
        Returns:
        true if any provider exists; false otherwise.

      • cleanSessionMapProviders

        protected static boolean cleanSessionMapProviders​(String userID,
                                                  Vector sessionList,
                                                  String metaAlias)
        Cleans the FSSessionManager maintained session information for the user for the given list of sessions.
        Parameters:
        userID - principal who needs to be logged out
        sessionList - is the list of session Ids to be cleaned for the user
        metaAlias - the provider performing logout
        Returns:
        always return true

      • getLogoutGETProviders

        protected static HashMap getLogoutGETProviders​(String userID,
                                               String entityId,
                                               String sessionIndex,
                                               String realm,
                                               String metaAlias)
        Returns the list of all providers who want to be notified of logout using HTTP GET profile.
        Parameters:
        userID - principal who needs to be logged out
        entityId - current provider who uses HTTP GET profile for logout
        sessionIndex - for the current provider
        realm - the realm in which the provider resides
        metaAlias - the hosted provider performing logout
        Returns:
        HashMap list of providers who indicate preference to be notified of logout using GET profile

      • getUserFromRequest

        public static String getUserFromRequest​(FSLogoutNotification reqLogout,
                                        String realm,
                                        String hostedEntityId,
                                        String hostedRole,
                                        com.sun.identity.federation.jaxb.entityconfig.BaseConfigType hostedConfig,
                                        String metaAlias)
        Determines the user name from the logout request.
        Parameters:
        reqLogout - the logout rerquest received
        realm - the realm under which the entity resides
        hostedEntityId - the hosted provider performing logout
        hostedRole - the role of the hosted provider
        hostedConfig - extended meta config for hosted provider
        metaAlias - hosted provider's meta alias
        Returns:
        user id if the user is found; null otherwise.

      • removeTokenFromSession

        public static void removeTokenFromSession​(Object token,
                                          String metaAlias)

      • returnToSource

        protected static void returnToSource​(jakarta.servlet.http.HttpServletResponse response,
                                     com.sun.identity.liberty.ws.meta.jaxb.ProviderDescriptorType remoteDescriptor,
                                     String bLogoutStatus,
                                     String commonErrorPage,
                                     int minorVersion,
                                     com.sun.identity.federation.jaxb.entityconfig.BaseConfigType hostedConfig,
                                     String hostedEntityId,
                                     String userID)
        Determines the return location and redirects based on logout Return URL of the provider that sent the logout request.

      • sendErrorPage

        protected static void sendErrorPage​(jakarta.servlet.http.HttpServletRequest request,
                                    jakarta.servlet.http.HttpServletResponse response,
                                    String providerAlias)
        Returns the hosted provider's failure page to the user.
        Parameters:
        request - the HttpServletRequest object
        response - the HttpServletResponse object
        providerAlias - the provider alias corresponding to the hosted provider

      • removeCurrentSessionPartner

        public static void removeCurrentSessionPartner​(String metaAlias,
                                               String remoteEntityId,
                                               Object ssoToken,
                                               String userID)
        Removes current session partner from the session partner list.
        Parameters:
        metaAlias - meta alias of the hosted provider
        remoteEntityId - id of the remote provider
        ssoToken - session object of the principal who presently login
        userID - id of the principal

      • isIDPInitiatedProfile

        public static boolean isIDPInitiatedProfile​(String profile)
        Returns true if this is IDP initiated profiles, false otherwise.
        Parameters:
        profile - profile to be checked.
        Returns:
        true if specified profile is IDP initiated, false otherwise.