/**
* Initiates the federation termination operation.
*
* @param request HTTP request
* @param response HTTP response
* @param ssoToken corresponding to the user's session
* @return <code>true</code> if the termination initiation operation is successful; <code>false
* </code> otherwise.
*/
public boolean handleFederationTermination(
HttpServletRequest request, HttpServletResponse response, Object ssoToken) {
FSUtils.debug.message("Entered FSFedTerminationHandler::handleFederationTermination");
this.request = request;
this.locale = FSServiceUtils.getLocale(request);
this.response = response;
this.ssoToken = ssoToken;
setTerminationURL();
if (managerInst == null) {
FSUtils.debug.error("FSSPFedTerminationHandler " + "Account Manager instance is null");
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message(
"FSSPFedTerminationHandler::handleFederationTermination"
+ "failed to get Account Manager instance");
}
FSServiceUtils.returnLocallyAfterOperation(
response,
termination_done_url,
false,
IFSConstants.TERMINATION_SUCCESS,
IFSConstants.TERMINATION_FAILURE);
return false;
}
try {
this.userID = SessionManager.getProvider().getPrincipalName(ssoToken);
} catch (SessionException e) {
FSUtils.debug.error("FSFedTerminationHandler::handleFederationTermination:", e);
// cannot proceed without user
LogUtil.error(Level.INFO, LogUtil.USER_NOT_FOUND, null, ssoToken);
return false;
}
boolean bStatus = updateAccountInformation(null);
FSUtils.debug.message("After updateAccountInformation");
if (!bStatus) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message(
"FSSPFedTerminationHandler::handleFederationTermination "
+ "Federation Termination failed locally. Cannot update "
+ "account");
}
String[] data = {userID};
LogUtil.error(Level.INFO, LogUtil.TERMINATION_FAILED, data, ssoToken);
FSServiceUtils.returnLocallyAfterOperation(
response,
termination_done_url,
false,
IFSConstants.TERMINATION_SUCCESS,
IFSConstants.TERMINATION_FAILURE);
return false;
}
FSUtils.debug.message("Status of local update true");
String[] data = {userID};
LogUtil.access(Level.INFO, LogUtil.TERMINATION_SUCCESS, data, ssoToken);
resetFederateCookie();
boolean bRemoteStatus = doFederationTermination(request, response, acctInfo);
return bRemoteStatus;
}
/**
* Processes the termination request received from a remote provider. Invoded when Http redirect
* profile is used.
*
* @param request HTTP request
* @param response HTTP response
* @param reqTermination the federation termination request received from remote provider
*/
public void processTerminationRequest(
HttpServletRequest request,
HttpServletResponse response,
FSFederationTerminationNotification reqTermination) {
FSUtils.debug.message("Entered FSFedTerminationHandler::processTerminationRequest...");
this.request = request;
this.locale = FSServiceUtils.getLocale(request);
this.response = response;
this.relayState = reqTermination.getRelayState();
setTerminationURL();
if (managerInst == null) {
FSUtils.debug.error(
"FSSPFedTerminationHandler "
+ FSUtils.bundle.getString(IFSConstants.FEDERATION_FAILED_ACCOUNT_INSTANCE));
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message(
"FSSPFedTerminationHandler::handleFederationTermination"
+ "failed to get Account Manager instance");
}
returnToSource();
return;
}
boolean bStatus = updateAccountInformation(reqTermination.getNameIdentifier());
if (!bStatus) {
FSUtils.debug.message("Termination request processing failed");
String[] data = {
FSUtils.bundle.getString(IFSConstants.TERMINATION_REQUEST_PROCESSING_FAILED)
};
LogUtil.error(Level.INFO, LogUtil.TERMINATION_FAILED, data, ssoToken);
returnToSource();
return;
}
FSUtils.debug.message("User sucessfully defederated");
String[] data = {FSUtils.bundle.getString(IFSConstants.TERMINATION_SUCCEEDED)};
LogUtil.access(Level.INFO, LogUtil.TERMINATION_SUCCESS, data, ssoToken);
// Call SP Adaper for remote IDP initiated HTTP profile
if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
FSUtils.debug.message("FSFedTerminationHandler.HTTP");
try {
spAdapter.postTerminationNotificationSuccess(
hostedEntityId,
request,
response,
userID,
reqTermination,
IFSConstants.TERMINATION_IDP_HTTP_PROFILE);
} catch (Exception e) {
// ignore adapter exception
FSUtils.debug.error("postTermNotification.IDP/HTTP", e);
}
}
}
returnToSource();
return;
}
/*
* Method to send the passed SOAPMessage to the SOAPEndpoint URL
* that is passed. The SOAP Message will then be sent across to the remote
* provider in order to perform federation termination.
* @param msg the <code>FSFederationTerminationNotification</code>
* SOAPMesage to be sent
* @param soapEndPoint the SOAPEndpoint URL of remote provider
* @return boolean true if successful else false
*/
public boolean sendTerminationMessage(SOAPMessage msg, String soapEndPoint) {
try {
FSUtils.debug.message("started in func sendTerminationMessage");
if (soapEndPoint == null) {
FSUtils.debug.error("createSOAPReceiverURL Error!");
String[] data = {FSUtils.bundle.getString("failCreateURLEndpoint")};
LogUtil.error(Level.INFO, LogUtil.FAILED_SOAP_URL_END_POINT_CREATION, data);
return false;
}
// Send the message to the provider using the connection.
ByteArrayOutputStream output = new ByteArrayOutputStream();
msg.writeTo(output);
if (FSUtils.debug.messageEnabled()) {
String xmlString = output.toString(IFSConstants.DEFAULT_ENCODING);
FSUtils.debug.message("SENDING message: \n " + xmlString);
FSUtils.debug.message("URLEndpoint :" + soapEndPoint);
}
SOAPConnection con = scf.createConnection();
SOAPMessage reply = con.call(msg, soapEndPoint);
FSUtils.debug.message("SOAP CALL COMPLETED");
return true;
} catch (Exception e) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("In catch of sendTerminationMessage", e);
}
return false;
}
}
/**
* Updates the user account information. After sucessful operation, the federation status
* corresponding to the user with the remote provider is set to inactive.
*
* @param ni <code>NameIdentifier</code> object corresponding to a user
* @return boolean containing the status of the update operation
*/
protected boolean updateAccountInformation(NameIdentifier ni) {
try {
FSUtils.debug.message("FSFedTerminationHandler::updateAccountInformation: start");
String searchDomain = remoteEntityId;
// get name identifier to remove it from federation info key
String nameId = null;
String nameQualifier = null;
if (ni != null) {
nameQualifier = ni.getNameQualifier();
if (nameQualifier != null
&& (nameQualifier.length() != 0)
&& !nameQualifier.equals(remoteEntityId)) {
searchDomain = nameQualifier;
}
nameId = ni.getName();
}
if (nameId == null && acctInfo != null) {
FSUtils.debug.message("FSAccountManager: getnameId in accInfo");
NameIdentifier temp = acctInfo.getLocalNameIdentifier();
if (temp != null) {
nameId = temp.getName();
nameQualifier = temp.getNameQualifier();
} else {
temp = acctInfo.getRemoteNameIdentifier();
if (temp != null) {
nameId = temp.getName();
nameQualifier = temp.getNameQualifier();
}
}
}
FSAccountFedInfoKey fedInfoKey = new FSAccountFedInfoKey(nameQualifier, nameId);
managerInst.removeAccountFedInfo(userID, fedInfoKey, searchDomain);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message(
"FSFedTerminationHandler:: "
+ "updateAccountInformation deactivate successfully completed");
}
} catch (FSAccountMgmtException e) {
FSUtils.debug.error(
"FSFedTerminationHandler::updateAccountInformation "
+ FSUtils.bundle.getString(IFSConstants.TERMINATION_LOCAL_FAILED));
String[] data = {userID};
LogUtil.error(Level.INFO, LogUtil.TERMINATION_FAILED, data, ssoToken);
return false;
}
// Clean SessionMap off the partner to be done here.
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Cleaning Session manager for user : "******"Cleaning Session manager for remote provider: " + remoteEntityId);
FSUtils.debug.message("Cleaning Session manager for hosted provider: " + hostedEntityId);
}
FSLogoutUtil.cleanSessionMapPartnerList(userID, remoteEntityId, metaAlias, null);
return true;
}
/*
* Sends a synchronous SOAPMessage to remote provider.
* @param response the http response object
* @param msg the <code>SOAPMessage</code> to be sent
* @param partnerDecriptor the remote provider meta descriptor
* @param needAuthn determines forced authn
* @return <code>SOAPMessage</code> corresponding to liberty
* request/response message
* @exception IOException, SOAPException if error occurrs
*/
public SOAPMessage doSyncCall(
HttpServletResponse response,
SOAPMessage msg,
ProviderDescriptorType partnerDecriptor,
boolean needAuthn)
throws IOException, SOAPException {
FSUtils.debug.message("FSSOAPService.doSyncCall: Called");
String soapURL = createSOAPReceiverUrl(response, partnerDecriptor, false);
if (soapURL == null) {
FSUtils.debug.error("FSSOAPService.doSyncCall: " + "createSOAPReceiverURL Error!");
String[] data = {FSUtils.bundle.getString("failCreateURLEndpoint")};
LogUtil.error(Level.INFO, LogUtil.FAILED_SOAP_URL_END_POINT_CREATION, data);
return null;
}
// Send the message to the provider using the connection.
ByteArrayOutputStream output = new ByteArrayOutputStream();
msg.writeTo(output);
String xmlString = output.toString(IFSConstants.DEFAULT_ENCODING);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPService.doSyncCall: SENDING message\n" + xmlString);
}
SOAPConnection con = scf.createConnection();
SOAPMessage reply = con.call(msg, soapURL);
if (reply == null) {
response.sendError(
response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("noReplyfromSOAPReceiver"));
return null;
}
// check the SOAP message for any SOAP related errors
// before passing control to SAML processor
output = new ByteArrayOutputStream();
reply.writeTo(output);
xmlString = output.toString(IFSConstants.DEFAULT_ENCODING);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("FSSOAPService.doSyncCall: REPLIED message:\n" + xmlString);
}
return reply;
}
/*
* Sends the passed SOAPMessage to the SOAPEndpoint URL
* that is passed.
* @param msg the <code>SOAPMessage</code> to be sent
* @param soapEndPoint the SOAPEndpoint URL of remote provider
* @return SOAPMessage response message from remote provider
* @exception IOException, SOAPException if error occurrs
*/
public SOAPMessage sendMessage(SOAPMessage msg, String soapEndPoint)
throws IOException, SOAPException {
try {
FSUtils.debug.message("just started in func sendMessage");
if (soapEndPoint == null) {
FSUtils.debug.error("createSOAPReceiverURL Error!");
String[] data = {soapEndPoint};
LogUtil.error(Level.INFO, LogUtil.FAILED_SOAP_URL_END_POINT_CREATION, data);
return null;
}
// Send the message to the provider using the connection.
ByteArrayOutputStream output = new ByteArrayOutputStream();
msg.writeTo(output);
String xmlString = output.toString(IFSConstants.DEFAULT_ENCODING);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message(
"SENDING message: \n " + xmlString + "\nURLEndpoint :" + soapEndPoint + "\nSOAP CALL");
}
SOAPConnection con = scf.createConnection();
SOAPMessage reply = con.call(msg, soapEndPoint);
FSUtils.debug.message("SOAP CALL COMPLETED");
if (reply == null) {
return null;
}
// check the SOAP message for any SOAP related errors
// before passing control to SAML processor
output = new ByteArrayOutputStream();
reply.writeTo(output);
xmlString = output.toString(IFSConstants.DEFAULT_ENCODING);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("REPLIED message: \n " + xmlString);
}
return reply;
} catch (Exception e) {
FSUtils.debug.error("In catch of sendMessage", e);
return null;
}
}
/*
* Method to construct the URLEndpoint depending on whether basic
* authentication of one provider to another is to be done. Otherwise the
* SOAPEndpoint of the remote provider is returned
* @param response the response object
* @param partnerDecriptor the remote provider descriptor
* @param needAuthn determines forced authn
* @return Element corresponding to liberty request/response
*/
public String createSOAPReceiverUrl(
HttpServletResponse response, ProviderDescriptorType partnerDecriptor, boolean needAuthn)
throws IOException {
// TODO: need to handle needAuthn correctly
// TODO: need to retrieve auth type, user name and password from meta
// basic authentication
String username = null;
String password = null;
String to = partnerDecriptor.getSoapEndpoint();
String authtype = null;
String soapURL = null;
if (needAuthn) {
int idnx = -1;
if ((idnx = to.indexOf("//")) == -1) {
FSUtils.debug.error(
"FSSOAPService.createSOAPReceiverUrl: "
+ "createSOAPReceiverUrl: SOAP-Receiver-URL illegal format.");
response.sendError(
response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("illegalFormatSOAPUrl"));
return null;
}
String protocol = to.substring(0, idnx - 1);
if (authtype.equalsIgnoreCase(IFSConstants.BASICAUTH)
|| authtype.equalsIgnoreCase(IFSConstants.NOAUTH)) {
if (!protocol.equals(IFSConstants.HTTP)) {
String[] data = {protocol, authtype};
LogUtil.error(Level.INFO, LogUtil.MISMATCH_AUTH_TYPE_AND_PROTOCOL, data);
response.sendError(
response.SC_INTERNAL_SERVER_ERROR,
FSUtils.bundle.getString("mismatchAuthTypeandProtocol"));
return null;
}
} else if (authtype.equalsIgnoreCase(IFSConstants.SSLWITHBASICAUTH)
|| authtype.equalsIgnoreCase(IFSConstants.SSL)) {
if (!protocol.equals(IFSConstants.HTTPS)) {
String[] data = {protocol, authtype};
LogUtil.error(Level.INFO, LogUtil.MISMATCH_AUTH_TYPE_AND_PROTOCOL, data);
response.sendError(
response.SC_INTERNAL_SERVER_ERROR,
FSUtils.bundle.getString("mismatchAuthTypeandProtocol"));
return null;
}
} else {
String[] data = {authtype};
LogUtil.error(Level.INFO, LogUtil.WRONG_AUTH_TYPE, data);
response.sendError(
response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("wrongAuthType"));
return null;
}
if (authtype.equalsIgnoreCase(IFSConstants.BASICAUTH)
|| authtype.equalsIgnoreCase(IFSConstants.SSLWITHBASICAUTH)) {
Map userMap = null; // partnerDecriptor.getAuthType();
username = (String) userMap.get(IFSConstants.USER);
password = (String) userMap.get(IFSConstants.PASSWORD);
if (username == null || password == null) {
FSUtils.debug.error(
"FSSOAPService.createSOAPReceiverUrl: "
+ "PartnerSite required basic authentication. But "
+ "the user name used for authentication is null.");
response.sendError(
response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("wrongConfigBasicAuth"));
return null;
}
StringBuffer toSOAP = new StringBuffer(100);
toSOAP
.append(to.substring(0, idnx + 2))
.append(username)
.append(":")
.append(password)
.append("@")
.append(to.substring(idnx + 2));
soapURL = toSOAP.toString();
}
return null;
} else {
soapURL = to;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message(
"FSSOAPService.createSOAPReceiverUrl: Sending message to URL: " + soapURL);
}
String[] data = {soapURL};
LogUtil.access(Level.FINER, "SOAP_RECEIVER_URL", data);
return soapURL;
}
