/**
* Finds the user based on the termination request received from a remote provider.
*
* @param reqTermination the termination request
* @return <code>true</code> if the user is found; <code>false</code> otherwise.
*/
public boolean setUserID(FSFederationTerminationNotification reqTermination) {
try {
// UserDN needs to be figured from termination request
String sourceProviderId = "";
if (managerInst != null) {
sourceProviderId = reqTermination.getProviderId();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("sourceProviderId : " + sourceProviderId);
}
String opaqueHandle = (reqTermination.getNameIdentifier()).getName().trim();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("processTerminationRequest Handle : " + opaqueHandle);
}
String associatedDomain = (reqTermination.getNameIdentifier().getNameQualifier()).trim();
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Name Qualifier : " + associatedDomain);
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Realm : " + realm);
}
String searchDomain = hostedEntityId;
if ((associatedDomain != null)
&& (associatedDomain.length() != 0)
&& (!sourceProviderId.equals(associatedDomain))) {
searchDomain = associatedDomain;
}
FSAccountFedInfoKey acctkey = new FSAccountFedInfoKey(searchDomain, opaqueHandle);
Map env = new HashMap();
env.put(IFSConstants.FS_USER_PROVIDER_ENV_TERMINATION_KEY, reqTermination);
this.userID = managerInst.getUserID(acctkey, realm, env);
if (this.userID == null) {
acctkey = new FSAccountFedInfoKey(remoteEntityId, opaqueHandle);
this.userID = managerInst.getUserID(acctkey, realm, env);
if (this.userID == null) {
FSUtils.debug.message("UserID is null");
return false;
}
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("user id is " + userID);
}
return true;
}
} catch (FSAccountMgmtException e) {
FSUtils.debug.error("In FSAccountMgmtException :: ", e);
}
this.userID = null;
return false;
}
/**
* Updates the user account information. After sucessful operation, the federation status
* corresponding to the user with the remote provider is set to inactive.
*
* @param ni <code>NameIdentifier</code> object corresponding to a user
* @return boolean containing the status of the update operation
*/
protected boolean updateAccountInformation(NameIdentifier ni) {
try {
FSUtils.debug.message("FSFedTerminationHandler::updateAccountInformation: start");
String searchDomain = remoteEntityId;
// get name identifier to remove it from federation info key
String nameId = null;
String nameQualifier = null;
if (ni != null) {
nameQualifier = ni.getNameQualifier();
if (nameQualifier != null
&& (nameQualifier.length() != 0)
&& !nameQualifier.equals(remoteEntityId)) {
searchDomain = nameQualifier;
}
nameId = ni.getName();
}
if (nameId == null && acctInfo != null) {
FSUtils.debug.message("FSAccountManager: getnameId in accInfo");
NameIdentifier temp = acctInfo.getLocalNameIdentifier();
if (temp != null) {
nameId = temp.getName();
nameQualifier = temp.getNameQualifier();
} else {
temp = acctInfo.getRemoteNameIdentifier();
if (temp != null) {
nameId = temp.getName();
nameQualifier = temp.getNameQualifier();
}
}
}
FSAccountFedInfoKey fedInfoKey = new FSAccountFedInfoKey(nameQualifier, nameId);
managerInst.removeAccountFedInfo(userID, fedInfoKey, searchDomain);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message(
"FSFedTerminationHandler:: "
+ "updateAccountInformation deactivate successfully completed");
}
} catch (FSAccountMgmtException e) {
FSUtils.debug.error(
"FSFedTerminationHandler::updateAccountInformation "
+ FSUtils.bundle.getString(IFSConstants.TERMINATION_LOCAL_FAILED));
String[] data = {userID};
LogUtil.error(Level.INFO, LogUtil.TERMINATION_FAILED, data, ssoToken);
return false;
}
// Clean SessionMap off the partner to be done here.
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Cleaning Session manager for user : "******"Cleaning Session manager for remote provider: " + remoteEntityId);
FSUtils.debug.message("Cleaning Session manager for hosted provider: " + hostedEntityId);
}
FSLogoutUtil.cleanSessionMapPartnerList(userID, remoteEntityId, metaAlias, null);
return true;
}
/**
* Sets hosted provider's meta alias.
*
* @param metaAlias hosted provider's meta alias
*/
public void setMetaAlias(String metaAlias) {
this.metaAlias = metaAlias;
try {
managerInst = FSAccountManager.getInstance(metaAlias);
} catch (Exception e) {
FSUtils.debug.error(
"FSFedTerminationHandler "
+ FSUtils.bundle.getString(IFSConstants.FEDERATION_FAILED_ACCOUNT_INSTANCE));
managerInst = null;
}
}
/**
* Resets ederate cookie when termination is done with one remote provider. If no active
* federations exists then the cookie is set to "no"; otherwise it is set to "yes".
*/
public void resetFederateCookie() {
try {
if (userID == null || userID.length() < 1) {
return;
} else {
Cookie fedCookie;
String cookieValue;
if (managerInst.hasAnyActiveFederation(userID)) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("User : "******" Federation Exists : " + IFSConstants.YES);
}
cookieValue = IFSConstants.YES;
} else {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("User : "******" Federation Exists : " + IFSConstants.NO);
}
cookieValue = IFSConstants.NO;
}
FSUtils.debug.message("Setting Path to /");
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Setting Age to " + IFSConstants.PERSISTENT_COOKIE_AGE + " Age");
}
Set<String> domains = SystemConfigurationUtil.getCookieDomainsForRequest(request);
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message("Provider cookie domain list is " + domains);
}
for (String domain : domains) {
CookieUtils.addCookieToResponse(
response,
CookieUtils.newCookie(
FEDERATE_COOKIE_NAME,
cookieValue,
IFSConstants.PERSISTENT_COOKIE_AGE,
"/",
domain));
}
}
} catch (FSAccountMgmtException e) {
FSUtils.debug.error("Unable to read user federation information", e);
return;
}
}