com.sun.identity.multiprotocol

Interface SingleLogoutHandler

All Known Implementing Classes:

IDFFSingleLogoutHandler, SAML2SingleLogoutHandler, WSFederationSingleLogoutHandler

public interface SingleLogoutHandler

The interface SingleLogoutHandler is used to handle Single Logout for a specific protocol. This interface need to be implemented by ID-FF, SAMLv2 and WS-Federation protocol to enable single logout cross multiple federation protocols.

Method Summary

Modifier and Type

Method and Description

int

doIDPSingleLogout(Set userSession, String userID, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, boolean isSOAPInitiated, boolean isIDPInitiated, String protocol, String realm, String idpEntityID, String SPEntityID, String relayState, String singleLogoutRequestXML, String singleLogoutResponseXML, int currentStatus) Performs single logout for a specific protocol.

Method Detail

doIDPSingleLogout

int doIDPSingleLogout(Set userSession,
                      String userID,
                      javax.servlet.http.HttpServletRequest request,
                      javax.servlet.http.HttpServletResponse response,
                      boolean isSOAPInitiated,
                      boolean isIDPInitiated,
                      String protocol,
                      String realm,
                      String idpEntityID,
                      String SPEntityID,
                      String relayState,
                      String singleLogoutRequestXML,
                      String singleLogoutResponseXML,
                      int currentStatus)
               throws Exception

Performs single logout for a specific protocol. This method need to be implemented by each federation protocol, and will be invoked by other protocol to achieve cross federation protocol single logout. The local session shall not be destroyed by the SPI implementation. In cases of IDP proxying configuration, the implementation need to do single logout for the entity acting as both SP and IDP. Normally, there are three types of single logout to be supported: - logout single session (specified by userSession parameter) - logout a list of session (specified by userSession parameter) - logout all sessions for a specific user (specified by userID oarameter) As a single instance of the implementation class will be used internally in the SingleLogoutManager class, implementation of the method shall not maintain any states.

Parameters:

userSession - Set of user session objects (java.lang.Object) to be logout.

userID - Universal identifier of the user to be logout.

request - HTTP servlet request object of the request.

response - HTTP servlet response object of the request.

isSOAPInitiated - True means original single logout request is initiated using SOAP binding, false means the original single logout request is initiated using HTTP binding.

isIDPInitiated - True means this is identity provider initiated single logout, false means this is service provider initiated single logout.

protocol - The protocol of the original single logout. Possible values for this parameter: SingleLogoutManager.SAML2 - single logout initiated using SAMLv2 protocol SingleLogoutManager.IDFF - single logout initiated using ID-FF protocol SingleLogoutManager.WS_FED - single logout initiated using WS-Federation protocol

realm - Realm of the hosted entity.

idpEntityID - EntityID of the hosted identity provider in the original Single Logout request.

SPEntityID - EntityID of the remote service provider in the original Single Logout request.

relayState - A state information to be relayed back in response.

singleLogoutRequestXML - Original single logout request in XML string.

singleLogoutResponseXML - Logout response to be sent back to SP. This only apply to the case of SP initiated Single Logout, it will be null in case of IDP initiated single logout.

currentStatus - Current logout status, this is the accumulative single logout status for all protocols processed so far. Possible values: SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS SingleLogoutManager.LOGOUT_FAILED_STATUS SingleLogoutManager.LOGOUT_PARTIAL_STATUS

Returns:

the single logout status for this protocol, possible values: SingleLogoutManager.LOGOUT_SUCCEEDED_STATUS SingleLogoutManager.LOGOUT_FAILED_STATUS SingleLogoutManager.LOGOUT_PARTIAL_STATUS SingleLogoutManager.LOGOUT_REDIRECTED_STATUS

Throws:

Exception - if error occurs when processing the protocol.