/**
* In case request parameter of name "local" is set to true or there is no authenticated user only
* local logout will be performed and user will be redirected to the success page. Otherwise
* global logout procedure is initialized.
*
* @param request http request
* @param response http response
* @param chain chain
* @throws IOException error
* @throws ServletException error
*/
public void processLogout(
HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
if (requiresLogout(request, response)) {
try {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth != null && isGlobalLogout(request, auth)) {
Assert.isInstanceOf(
SAMLCredential.class,
auth.getCredentials(),
"Authentication object doesn't contain SAML credential, cannot perform global logout");
// Terminate the session first
for (LogoutHandler handler : globalHandlers) {
handler.logout(request, response, auth);
}
// Notify session participants using SAML Single Logout profile
SAMLCredential credential = (SAMLCredential) auth.getCredentials();
request.setAttribute(SAMLConstants.LOCAL_ENTITY_ID, credential.getLocalEntityID());
SAMLMessageContext context = contextProvider.getLocalEntity(request, response);
profile.sendLogoutRequest(context, credential);
samlLogger.log(SAMLConstants.LOGOUT_REQUEST, SAMLConstants.SUCCESS, context);
} else {
super.doFilter(request, response, chain);
}
} catch (SAMLException e1) {
throw new ServletException("Error initializing global logout", e1);
} catch (MetadataProviderException e1) {
throw new ServletException("Error processing metadata", e1);
} catch (MessageEncodingException e1) {
throw new ServletException("Error encoding outgoing message", e1);
}
} else {
chain.doFilter(request, response);
}
}
/*
* mapped to cas logout flow
*/
public void processLogoutPac4j(
HttpServletRequest request,
HttpServletResponse response,
org.springframework.security.core.Authentication auth)
throws IOException, ServletException {
try {
Assert.isInstanceOf(
SAMLCredential.class,
auth.getCredentials(),
"Authentication object doesn't contain SAML credential, cannot perform global logout");
if (auth != null) {
for (LogoutHandler handler : globalHandlers) {
// is cas logout flow work ?
// handler.logout(request, response, auth);
}
// Notify session participants using SAML Single Logout profile
// send assertion to SLO logoutServiceIDP
// idp send resp assertion to logout?action=SingleLogout
SAMLCredential credential = (SAMLCredential) auth.getCredentials();
// request.setAttribute(SAMLConstants.LOCAL_ENTITY_ID, credential.getLocalEntityID());
SAMLMessageContext context = contextProvider.getLocalEntity(request, response);
profile.sendLogoutRequest(context, credential);
samlLogger.log(SAMLConstants.LOGOUT_REQUEST, SAMLConstants.SUCCESS, context);
}
} catch (SAMLException e1) {
throw new ServletException("Error initializing global logout", e1);
} catch (MetadataProviderException e1) {
throw new ServletException("Error processing metadata", e1);
} catch (MessageEncodingException e1) {
throw new ServletException("Error encoding outgoing message", e1);
}
}
