/**
   * Initiates the federation termination operation.
   *
   * @param request HTTP request
   * @param response HTTP response
   * @param ssoToken corresponding to the user's session
   * @return <code>true</code> if the termination initiation operation is successful; <code>false
   *     </code> otherwise.
   */
  public boolean handleFederationTermination(
      HttpServletRequest request, HttpServletResponse response, Object ssoToken) {
    FSUtils.debug.message("Entered FSFedTerminationHandler::handleFederationTermination");
    this.request = request;
    this.locale = FSServiceUtils.getLocale(request);
    this.response = response;
    this.ssoToken = ssoToken;
    setTerminationURL();
    if (managerInst == null) {
      FSUtils.debug.error("FSSPFedTerminationHandler " + "Account Manager instance is null");
      if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message(
            "FSSPFedTerminationHandler::handleFederationTermination"
                + "failed to get Account Manager instance");
      }
      FSServiceUtils.returnLocallyAfterOperation(
          response,
          termination_done_url,
          false,
          IFSConstants.TERMINATION_SUCCESS,
          IFSConstants.TERMINATION_FAILURE);
      return false;
    }

    try {
      this.userID = SessionManager.getProvider().getPrincipalName(ssoToken);
    } catch (SessionException e) {
      FSUtils.debug.error("FSFedTerminationHandler::handleFederationTermination:", e);
      // cannot proceed without user
      LogUtil.error(Level.INFO, LogUtil.USER_NOT_FOUND, null, ssoToken);
      return false;
    }
    boolean bStatus = updateAccountInformation(null);
    FSUtils.debug.message("After updateAccountInformation");
    if (!bStatus) {
      if (FSUtils.debug.messageEnabled()) {
        FSUtils.debug.message(
            "FSSPFedTerminationHandler::handleFederationTermination "
                + "Federation Termination failed locally. Cannot update "
                + "account");
      }
      String[] data = {userID};
      LogUtil.error(Level.INFO, LogUtil.TERMINATION_FAILED, data, ssoToken);
      FSServiceUtils.returnLocallyAfterOperation(
          response,
          termination_done_url,
          false,
          IFSConstants.TERMINATION_SUCCESS,
          IFSConstants.TERMINATION_FAILURE);
      return false;
    }
    FSUtils.debug.message("Status of local update true");
    String[] data = {userID};
    LogUtil.access(Level.INFO, LogUtil.TERMINATION_SUCCESS, data, ssoToken);
    resetFederateCookie();
    boolean bRemoteStatus = doFederationTermination(request, response, acctInfo);
    return bRemoteStatus;
  }
 /**
  * Processes the termination request received from a remote provider. Invoded when Http redirect
  * profile is used.
  *
  * @param request HTTP request
  * @param response HTTP response
  * @param reqTermination the federation termination request received from remote provider
  */
 public void processTerminationRequest(
     HttpServletRequest request,
     HttpServletResponse response,
     FSFederationTerminationNotification reqTermination) {
   FSUtils.debug.message("Entered FSFedTerminationHandler::processTerminationRequest...");
   this.request = request;
   this.locale = FSServiceUtils.getLocale(request);
   this.response = response;
   this.relayState = reqTermination.getRelayState();
   setTerminationURL();
   if (managerInst == null) {
     FSUtils.debug.error(
         "FSSPFedTerminationHandler "
             + FSUtils.bundle.getString(IFSConstants.FEDERATION_FAILED_ACCOUNT_INSTANCE));
     if (FSUtils.debug.messageEnabled()) {
       FSUtils.debug.message(
           "FSSPFedTerminationHandler::handleFederationTermination"
               + "failed to get Account Manager instance");
     }
     returnToSource();
     return;
   }
   boolean bStatus = updateAccountInformation(reqTermination.getNameIdentifier());
   if (!bStatus) {
     FSUtils.debug.message("Termination request processing failed");
     String[] data = {
       FSUtils.bundle.getString(IFSConstants.TERMINATION_REQUEST_PROCESSING_FAILED)
     };
     LogUtil.error(Level.INFO, LogUtil.TERMINATION_FAILED, data, ssoToken);
     returnToSource();
     return;
   }
   FSUtils.debug.message("User sucessfully defederated");
   String[] data = {FSUtils.bundle.getString(IFSConstants.TERMINATION_SUCCEEDED)};
   LogUtil.access(Level.INFO, LogUtil.TERMINATION_SUCCESS, data, ssoToken);
   // Call SP Adaper for remote IDP initiated HTTP profile
   if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
     FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
     if (spAdapter != null) {
       FSUtils.debug.message("FSFedTerminationHandler.HTTP");
       try {
         spAdapter.postTerminationNotificationSuccess(
             hostedEntityId,
             request,
             response,
             userID,
             reqTermination,
             IFSConstants.TERMINATION_IDP_HTTP_PROFILE);
       } catch (Exception e) {
         // ignore adapter exception
         FSUtils.debug.error("postTermNotification.IDP/HTTP", e);
       }
     }
   }
   returnToSource();
   return;
 }
Пример #3
0
  /*
   * Method to construct the URLEndpoint depending on whether basic
   * authentication of one provider to another is to be done. Otherwise the
   * SOAPEndpoint of the remote provider is returned
   * @param response the response object
   * @param partnerDecriptor the remote provider descriptor
   * @param needAuthn determines forced authn
   * @return Element corresponding to liberty request/response
   */
  public String createSOAPReceiverUrl(
      HttpServletResponse response, ProviderDescriptorType partnerDecriptor, boolean needAuthn)
      throws IOException {
    // TODO: need to handle needAuthn correctly
    // TODO: need to retrieve auth type, user name and password from meta
    // basic authentication
    String username = null;
    String password = null;
    String to = partnerDecriptor.getSoapEndpoint();
    String authtype = null;
    String soapURL = null;
    if (needAuthn) {
      int idnx = -1;
      if ((idnx = to.indexOf("//")) == -1) {
        FSUtils.debug.error(
            "FSSOAPService.createSOAPReceiverUrl: "
                + "createSOAPReceiverUrl: SOAP-Receiver-URL illegal format.");
        response.sendError(
            response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("illegalFormatSOAPUrl"));
        return null;
      }
      String protocol = to.substring(0, idnx - 1);
      if (authtype.equalsIgnoreCase(IFSConstants.BASICAUTH)
          || authtype.equalsIgnoreCase(IFSConstants.NOAUTH)) {
        if (!protocol.equals(IFSConstants.HTTP)) {
          String[] data = {protocol, authtype};
          LogUtil.error(Level.INFO, LogUtil.MISMATCH_AUTH_TYPE_AND_PROTOCOL, data);
          response.sendError(
              response.SC_INTERNAL_SERVER_ERROR,
              FSUtils.bundle.getString("mismatchAuthTypeandProtocol"));
          return null;
        }
      } else if (authtype.equalsIgnoreCase(IFSConstants.SSLWITHBASICAUTH)
          || authtype.equalsIgnoreCase(IFSConstants.SSL)) {
        if (!protocol.equals(IFSConstants.HTTPS)) {
          String[] data = {protocol, authtype};
          LogUtil.error(Level.INFO, LogUtil.MISMATCH_AUTH_TYPE_AND_PROTOCOL, data);
          response.sendError(
              response.SC_INTERNAL_SERVER_ERROR,
              FSUtils.bundle.getString("mismatchAuthTypeandProtocol"));
          return null;
        }
      } else {
        String[] data = {authtype};
        LogUtil.error(Level.INFO, LogUtil.WRONG_AUTH_TYPE, data);
        response.sendError(
            response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("wrongAuthType"));
        return null;
      }

      if (authtype.equalsIgnoreCase(IFSConstants.BASICAUTH)
          || authtype.equalsIgnoreCase(IFSConstants.SSLWITHBASICAUTH)) {
        Map userMap = null; // partnerDecriptor.getAuthType();
        username = (String) userMap.get(IFSConstants.USER);
        password = (String) userMap.get(IFSConstants.PASSWORD);
        if (username == null || password == null) {
          FSUtils.debug.error(
              "FSSOAPService.createSOAPReceiverUrl: "
                  + "PartnerSite required basic authentication. But "
                  + "the user name used for authentication is null.");
          response.sendError(
              response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("wrongConfigBasicAuth"));
          return null;
        }
        StringBuffer toSOAP = new StringBuffer(100);
        toSOAP
            .append(to.substring(0, idnx + 2))
            .append(username)
            .append(":")
            .append(password)
            .append("@")
            .append(to.substring(idnx + 2));
        soapURL = toSOAP.toString();
      }
      return null;
    } else {
      soapURL = to;
    }
    if (FSUtils.debug.messageEnabled()) {
      FSUtils.debug.message(
          "FSSOAPService.createSOAPReceiverUrl: Sending message to URL: " + soapURL);
    }
    String[] data = {soapURL};
    LogUtil.access(Level.FINER, "SOAP_RECEIVER_URL", data);
    return soapURL;
  }