Package com.sun.identity.multiprotocol

Class SingleLogoutManager

  • public class SingleLogoutManager
extends Object
    The SingleLogoutManager class provides methods to perform single logout cross multiple federation protocols. This method doIDPSingleLogout need to be invoked by identity providers after finishing processing its protocol specific single logout logics and before destroying the local session(s).

    • Field Detail

      • LOGOUT_SUCCEEDED_STATUS

        public static final int LOGOUT_SUCCEEDED_STATUS
        Status code for logout success
        See Also:
        Constant Field Values

      • LOGOUT_PARTIAL_STATUS

        public static final int LOGOUT_PARTIAL_STATUS
        Status code for partial logout success
        See Also:
        Constant Field Values

      • LOGOUT_FAILED_STATUS

        public static final int LOGOUT_FAILED_STATUS
        Status code for logout failure
        See Also:
        Constant Field Values

      • LOGOUT_REDIRECTED_STATUS

        public static final int LOGOUT_REDIRECTED_STATUS
        Status code for logout request being redirected
        See Also:
        Constant Field Values

      • LOGOUT_NO_ACTION_STATUS

        public static final int LOGOUT_NO_ACTION_STATUS
        Status code for no logout action performed. This is for the case that this protocol does not take part in the single logout process.
        See Also:
        Constant Field Values

    • Method Detail

      • getInstance

        public static SingleLogoutManager getInstance()
        Returns SingleLogoutManager singleton instance.
        Returns:
        manager instance.

      • doIDPSingleLogout

        public int doIDPSingleLogout​(Set userSession,
                             String userID,
                             jakarta.servlet.http.HttpServletRequest request,
                             jakarta.servlet.http.HttpServletResponse response,
                             boolean isSOAPInitiated,
                             boolean isIDPInitiated,
                             String protocol,
                             String realm,
                             String idpEntityID,
                             String spEntityID,
                             String relayState,
                             String singleLogoutRequestXML,
                             String singleLogoutResponseXML,
                             int currentStatus)
                      throws Exception
        Performs single logout cross multiple federation protocols. This method will invoke single logout processing for all the federation protocols. Normally, there are three types of single logout to be supported: - logout single session (specified by userSession parameter) - logout a list of session (specified by userSession parameter) - logout all sessions for a specific user (specified by userID parameter) As a single instance of the implementation class will be used internally in the SingleLogoutManager class, implementation of the method shall not maintain any states.
        Parameters:
        userSession - Set of user session objects (java.lang.Object) to be logout.
        userID - Universal identifier of the user to be logout.
        request - HTTP servlet request object of the request.
        response - HTTP servlet response object of the request.
        isSOAPInitiated - True means original single logout request is initiated using SOAP binding, false means the original single logout request is initiated using HTTP binding.
        isIDPInitiated - True means this is identity provider initiated single logout, false means this is service provider initiated single logout.
        protocol - The protocol of the original single logout. Possible values for this parameter: SAML2 - single logout initiated using SAMLv2 protocol IDFF - single logout initiated using ID-FF protocol WS_FED - single logout initiated using WS-Federation protocol
        realm - Realm of the hosted entity.
        idpEntityID - EntityID of the hosted identity provider in the original Single Logout request.
        spEntityID - EntityID of the remote service provider in the original Single Logout request.
        relayState - A state information to be relayed back in response.
        singleLogoutRequestXML - Original single logout request in XML string.
        singleLogoutResponseXML - Logout response to be sent back to SP. This only apply to the case of SP initiated Single Logout, it will be null in case of IDP initiated single logout.
        currentStatus - Current logout status, this is the single logout status for the federation protocol just processed. Possible values: LOGOUT_SUCCEEDED_STATUS - single logout succeeded. LOGOUT_FAILED_STATUS - single logout failed. LOGOUT_PARTIAL_STATUS - single logout partially succeeded.
        Returns:
        accumulative status of single logout for all protocols processed so far, or status indicating the logout request has been redirected for processing. Possible values: LOGOUT_SUCCEEDED_STATUS - single logout succeeded. LOGOUT_FAILED_STATUS - single logout failed. LOGOUT_PARTIAL_STATUS - single logout partially succeeded. LOGOUT_REDIRECTED_STATUS - single logout request redirected. LOGOUT_NO_ACTION_STATUS - single loglout not performed.
        Throws:
        Exception - if error occurs when processing the protocol.