private Pair<SessionId, AuthorizationGrant> endSession(
String idTokenHint,
String sessionId,
HttpServletRequest httpRequest,
HttpServletResponse httpResponse,
SecurityContext sec) {
EndSessionParamsValidator.validateParams(idTokenHint, errorResponseFactory);
AuthorizationGrant authorizationGrant =
authorizationGrantList.getAuthorizationGrantByIdToken(idTokenHint);
if (authorizationGrant == null) {
log.info("Failed to find out authorization grant for id_token_hing '{0}'", idTokenHint);
errorResponseFactory.throwUnauthorizedException(EndSessionErrorResponseType.INVALID_GRANT);
}
boolean isExternalLogoutPresent = false;
boolean externalLogoutResult = false;
SessionId ldapSessionId = removeSessionId(sessionId, httpRequest, httpResponse);
isExternalLogoutPresent = externalApplicationSessionService.isEnabled();
if (isExternalLogoutPresent) {
externalLogoutResult =
externalApplicationSessionService.executeExternalEndSessionMethods(
httpRequest, authorizationGrant);
log.info(
"End session result for '{0}': '{1}'",
authorizationGrant.getUser().getUserId(), "logout", externalLogoutResult);
}
boolean isGrantAndExternalLogoutSuccessful = isExternalLogoutPresent && externalLogoutResult;
if (isExternalLogoutPresent && !isGrantAndExternalLogoutSuccessful) {
errorResponseFactory.throwUnauthorizedException(EndSessionErrorResponseType.INVALID_GRANT);
}
authorizationGrant.revokeAllTokens();
return new Pair<SessionId, AuthorizationGrant>(ldapSessionId, authorizationGrant);
}
@Override
public Response requestEndSession(
String idTokenHint,
String postLogoutRedirectUri,
String state,
String sessionId,
HttpServletRequest httpRequest,
HttpServletResponse httpResponse,
SecurityContext sec) {
log.debug(
"Attempting to end session, idTokenHint: {0}, postLogoutRedirectUri: {1}, sessionId: {2}, Is Secure = {3}",
idTokenHint, postLogoutRedirectUri, sessionId, sec.isSecure());
Response.ResponseBuilder builder = Response.ok();
if (!EndSessionParamsValidator.validateParams(idTokenHint, postLogoutRedirectUri)) {
builder = Response.status(400);
builder.entity(
errorResponseFactory.getErrorAsJson(EndSessionErrorResponseType.INVALID_REQUEST));
} else {
AuthorizationGrant authorizationGrant =
authorizationGrantList.getAuthorizationGrantByIdToken(idTokenHint);
boolean isExternalAuthenticatorLogoutPresent = false;
boolean externalLogoutResult = false;
if (authorizationGrant != null) {
removeSessionId(sessionId, httpRequest, httpResponse);
isExternalAuthenticatorLogoutPresent = externalApplicationSessionService.isEnabled();
if (isExternalAuthenticatorLogoutPresent) {
externalLogoutResult =
externalApplicationSessionService.executeExternalEndSessionMethods(
httpRequest, authorizationGrant);
log.info(
"End session result for '{0}': '{1}'",
authorizationGrant.getUser().getUserId(), "logout", externalLogoutResult);
}
}
boolean isGrantAndNoExternalLogout =
authorizationGrant != null && !isExternalAuthenticatorLogoutPresent;
boolean isGrantAndExternalLogoutSuccessful =
authorizationGrant != null
&& isExternalAuthenticatorLogoutPresent
&& externalLogoutResult;
if (isGrantAndNoExternalLogout || isGrantAndExternalLogoutSuccessful) {
authorizationGrant.revokeAllTokens();
// Validate redirectUri
String redirectUri =
redirectionUriService.validatePostLogoutRedirectUri(
authorizationGrant.getClient().getClientId(), postLogoutRedirectUri);
if (StringUtils.isNotBlank(redirectUri)) {
RedirectUri redirectUriResponse = new RedirectUri(redirectUri);
if (StringUtils.isNotBlank(state)) {
redirectUriResponse.addResponseParameter(EndSessionResponseParam.STATE, state);
}
builder = RedirectUtil.getRedirectResponseBuilder(redirectUriResponse, httpRequest);
} else {
builder = Response.status(400);
builder.entity(
errorResponseFactory.getErrorAsJson(EndSessionErrorResponseType.INVALID_REQUEST));
}
} else {
builder = Response.status(401);
builder.entity(
errorResponseFactory.getErrorAsJson(EndSessionErrorResponseType.INVALID_GRANT));
}
}
return builder.build();
}
