@GET
 @Path("logout_response")
 public Response logoutResponse(@Context UriInfo uriInfo, @QueryParam("state") String state) {
   UserSessionModel userSession = session.sessions().getUserSession(realm, state);
   if (userSession == null) {
     logger.error("no valid user session");
     EventBuilder event = new EventBuilder(realm, session, clientConnection);
     event.event(EventType.LOGOUT);
     event.error(Errors.USER_SESSION_NOT_FOUND);
     return ErrorPage.error(session, Messages.IDENTITY_PROVIDER_UNEXPECTED_ERROR);
   }
   if (userSession.getState() != UserSessionModel.State.LOGGING_OUT) {
     logger.error("usersession in different state");
     EventBuilder event = new EventBuilder(realm, session, clientConnection);
     event.event(EventType.LOGOUT);
     event.error(Errors.USER_SESSION_NOT_FOUND);
     return ErrorPage.error(session, Messages.SESSION_NOT_ACTIVE);
   }
   return AuthenticationManager.finishBrowserLogout(
       session, realm, userSession, uriInfo, clientConnection, headers);
 }
示例#2
0
    protected Response handleSamlResponse(String samlResponse, String relayState) {
      event.event(EventType.LOGOUT);
      SAMLDocumentHolder holder = extractResponseDocument(samlResponse);
      StatusResponseType statusResponse = (StatusResponseType) holder.getSamlObject();
      // validate destination
      if (statusResponse.getDestination() != null
          && !uriInfo.getAbsolutePath().toString().equals(statusResponse.getDestination())) {
        event.detail(Details.REASON, "invalid_destination");
        event.error(Errors.INVALID_SAML_LOGOUT_RESPONSE);
        return ErrorPage.error(session, Messages.INVALID_REQUEST);
      }

      AuthenticationManager.AuthResult authResult =
          authManager.authenticateIdentityCookie(session, realm, false);
      if (authResult == null) {
        logger.warn("Unknown saml response.");
        event.event(EventType.LOGOUT);
        event.error(Errors.INVALID_TOKEN);
        return ErrorPage.error(session, Messages.INVALID_REQUEST);
      }
      // assume this is a logout response
      UserSessionModel userSession = authResult.getSession();
      if (userSession.getState() != UserSessionModel.State.LOGGING_OUT) {
        logger.warn("Unknown saml response.");
        logger.warn("UserSession is not tagged as logging out.");
        event.event(EventType.LOGOUT);
        event.error(Errors.INVALID_SAML_LOGOUT_RESPONSE);
        return ErrorPage.error(session, Messages.INVALID_REQUEST);
      }
      logger.debug("logout response");
      Response response =
          authManager.browserLogout(
              session, realm, userSession, uriInfo, clientConnection, headers);
      event.success();
      return response;
    }