/**
* Initiates the federation termination operation.
*
* @param request HTTP request
* @param response HTTP response
* @param ssoToken corresponding to the user's session
* @return <code>true</code> if the termination initiation operation is successful; <code>false
* </code> otherwise.
*/
public boolean handleFederationTermination(
HttpServletRequest request, HttpServletResponse response, Object ssoToken) {
FSUtils.debug.message("Entered FSFedTerminationHandler::handleFederationTermination");
this.request = request;
this.locale = FSServiceUtils.getLocale(request);
this.response = response;
this.ssoToken = ssoToken;
setTerminationURL();
if (managerInst == null) {
FSUtils.debug.error("FSSPFedTerminationHandler " + "Account Manager instance is null");
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message(
"FSSPFedTerminationHandler::handleFederationTermination"
+ "failed to get Account Manager instance");
}
FSServiceUtils.returnLocallyAfterOperation(
response,
termination_done_url,
false,
IFSConstants.TERMINATION_SUCCESS,
IFSConstants.TERMINATION_FAILURE);
return false;
}
try {
this.userID = SessionManager.getProvider().getPrincipalName(ssoToken);
} catch (SessionException e) {
FSUtils.debug.error("FSFedTerminationHandler::handleFederationTermination:", e);
// cannot proceed without user
LogUtil.error(Level.INFO, LogUtil.USER_NOT_FOUND, null, ssoToken);
return false;
}
boolean bStatus = updateAccountInformation(null);
FSUtils.debug.message("After updateAccountInformation");
if (!bStatus) {
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message(
"FSSPFedTerminationHandler::handleFederationTermination "
+ "Federation Termination failed locally. Cannot update "
+ "account");
}
String[] data = {userID};
LogUtil.error(Level.INFO, LogUtil.TERMINATION_FAILED, data, ssoToken);
FSServiceUtils.returnLocallyAfterOperation(
response,
termination_done_url,
false,
IFSConstants.TERMINATION_SUCCESS,
IFSConstants.TERMINATION_FAILURE);
return false;
}
FSUtils.debug.message("Status of local update true");
String[] data = {userID};
LogUtil.access(Level.INFO, LogUtil.TERMINATION_SUCCESS, data, ssoToken);
resetFederateCookie();
boolean bRemoteStatus = doFederationTermination(request, response, acctInfo);
return bRemoteStatus;
}
/**
* Processes the termination request received from a remote provider. Invoded when Http redirect
* profile is used.
*
* @param request HTTP request
* @param response HTTP response
* @param reqTermination the federation termination request received from remote provider
*/
public void processTerminationRequest(
HttpServletRequest request,
HttpServletResponse response,
FSFederationTerminationNotification reqTermination) {
FSUtils.debug.message("Entered FSFedTerminationHandler::processTerminationRequest...");
this.request = request;
this.locale = FSServiceUtils.getLocale(request);
this.response = response;
this.relayState = reqTermination.getRelayState();
setTerminationURL();
if (managerInst == null) {
FSUtils.debug.error(
"FSSPFedTerminationHandler "
+ FSUtils.bundle.getString(IFSConstants.FEDERATION_FAILED_ACCOUNT_INSTANCE));
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message(
"FSSPFedTerminationHandler::handleFederationTermination"
+ "failed to get Account Manager instance");
}
returnToSource();
return;
}
boolean bStatus = updateAccountInformation(reqTermination.getNameIdentifier());
if (!bStatus) {
FSUtils.debug.message("Termination request processing failed");
String[] data = {
FSUtils.bundle.getString(IFSConstants.TERMINATION_REQUEST_PROCESSING_FAILED)
};
LogUtil.error(Level.INFO, LogUtil.TERMINATION_FAILED, data, ssoToken);
returnToSource();
return;
}
FSUtils.debug.message("User sucessfully defederated");
String[] data = {FSUtils.bundle.getString(IFSConstants.TERMINATION_SUCCEEDED)};
LogUtil.access(Level.INFO, LogUtil.TERMINATION_SUCCESS, data, ssoToken);
// Call SP Adaper for remote IDP initiated HTTP profile
if (hostedProviderRole != null && hostedProviderRole.equalsIgnoreCase(IFSConstants.SP)) {
FederationSPAdapter spAdapter = FSServiceUtils.getSPAdapter(hostedEntityId, hostedConfig);
if (spAdapter != null) {
FSUtils.debug.message("FSFedTerminationHandler.HTTP");
try {
spAdapter.postTerminationNotificationSuccess(
hostedEntityId,
request,
response,
userID,
reqTermination,
IFSConstants.TERMINATION_IDP_HTTP_PROFILE);
} catch (Exception e) {
// ignore adapter exception
FSUtils.debug.error("postTermNotification.IDP/HTTP", e);
}
}
}
returnToSource();
return;
}
/*
* Method to construct the URLEndpoint depending on whether basic
* authentication of one provider to another is to be done. Otherwise the
* SOAPEndpoint of the remote provider is returned
* @param response the response object
* @param partnerDecriptor the remote provider descriptor
* @param needAuthn determines forced authn
* @return Element corresponding to liberty request/response
*/
public String createSOAPReceiverUrl(
HttpServletResponse response, ProviderDescriptorType partnerDecriptor, boolean needAuthn)
throws IOException {
// TODO: need to handle needAuthn correctly
// TODO: need to retrieve auth type, user name and password from meta
// basic authentication
String username = null;
String password = null;
String to = partnerDecriptor.getSoapEndpoint();
String authtype = null;
String soapURL = null;
if (needAuthn) {
int idnx = -1;
if ((idnx = to.indexOf("//")) == -1) {
FSUtils.debug.error(
"FSSOAPService.createSOAPReceiverUrl: "
+ "createSOAPReceiverUrl: SOAP-Receiver-URL illegal format.");
response.sendError(
response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("illegalFormatSOAPUrl"));
return null;
}
String protocol = to.substring(0, idnx - 1);
if (authtype.equalsIgnoreCase(IFSConstants.BASICAUTH)
|| authtype.equalsIgnoreCase(IFSConstants.NOAUTH)) {
if (!protocol.equals(IFSConstants.HTTP)) {
String[] data = {protocol, authtype};
LogUtil.error(Level.INFO, LogUtil.MISMATCH_AUTH_TYPE_AND_PROTOCOL, data);
response.sendError(
response.SC_INTERNAL_SERVER_ERROR,
FSUtils.bundle.getString("mismatchAuthTypeandProtocol"));
return null;
}
} else if (authtype.equalsIgnoreCase(IFSConstants.SSLWITHBASICAUTH)
|| authtype.equalsIgnoreCase(IFSConstants.SSL)) {
if (!protocol.equals(IFSConstants.HTTPS)) {
String[] data = {protocol, authtype};
LogUtil.error(Level.INFO, LogUtil.MISMATCH_AUTH_TYPE_AND_PROTOCOL, data);
response.sendError(
response.SC_INTERNAL_SERVER_ERROR,
FSUtils.bundle.getString("mismatchAuthTypeandProtocol"));
return null;
}
} else {
String[] data = {authtype};
LogUtil.error(Level.INFO, LogUtil.WRONG_AUTH_TYPE, data);
response.sendError(
response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("wrongAuthType"));
return null;
}
if (authtype.equalsIgnoreCase(IFSConstants.BASICAUTH)
|| authtype.equalsIgnoreCase(IFSConstants.SSLWITHBASICAUTH)) {
Map userMap = null; // partnerDecriptor.getAuthType();
username = (String) userMap.get(IFSConstants.USER);
password = (String) userMap.get(IFSConstants.PASSWORD);
if (username == null || password == null) {
FSUtils.debug.error(
"FSSOAPService.createSOAPReceiverUrl: "
+ "PartnerSite required basic authentication. But "
+ "the user name used for authentication is null.");
response.sendError(
response.SC_INTERNAL_SERVER_ERROR, FSUtils.bundle.getString("wrongConfigBasicAuth"));
return null;
}
StringBuffer toSOAP = new StringBuffer(100);
toSOAP
.append(to.substring(0, idnx + 2))
.append(username)
.append(":")
.append(password)
.append("@")
.append(to.substring(idnx + 2));
soapURL = toSOAP.toString();
}
return null;
} else {
soapURL = to;
}
if (FSUtils.debug.messageEnabled()) {
FSUtils.debug.message(
"FSSOAPService.createSOAPReceiverUrl: Sending message to URL: " + soapURL);
}
String[] data = {soapURL};
LogUtil.access(Level.FINER, "SOAP_RECEIVER_URL", data);
return soapURL;
}