edu.internet2.middleware.shibboleth.idp.profile.saml2

Class SLOProfileHandler

java.lang.Object

edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler<HTTPInTransport,HTTPOutTransport>

edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler<SAMLMDRelyingPartyConfigurationManager,Session>

edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler

edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler

edu.internet2.middleware.shibboleth.idp.profile.saml2.SLOProfileHandler

All Implemented Interfaces:

ProfileHandler<HTTPInTransport,HTTPOutTransport>

public class SLOProfileHandler
extends AbstractSAML2ProfileHandler

Profile handler for limited logout capability.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
class	SLOProfileHandler.SLORequestContext Represents the internal state of a Logout Request while it's being processed by the IdP.

Nested classes/interfaces inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler

AbstractSAML2ProfileHandler.SAML2AuditLogEntry

Field Summary

Fields

Modifier and Type	Field and Description
static String	HTTP_LOGOUT_BINDING_ATTRIBUTE Name of attribute for tracking logged out session.
static String	HTTP_LOGOUT_REQUEST_CONTEXT_ATTRIBUTE Name of attribute for accessing the SLORequestContext.
static String	LOCAL_LOGOUT_BINDING Binding identifier representing "local" logout.
private org.slf4j.Logger	log Class logger.
private SAMLObjectBuilder<LogoutResponse>	responseBuilder Builder of LogoutResponse objects.
private SAMLObjectBuilder<SingleLogoutService>	sloServiceBuilder Builder of SingleLogoutService objects.
private String	soapFaultResponseMessage Canned SOAP fault.
private String	templatePath Path to Velocity or JSP template for logout response to user.
private org.apache.velocity.app.VelocityEngine	velocity Velocity engine to use to render logout response to user.

Fields inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler

SAML_VERSION

Constructor Summary

Constructors

Constructor and Description
SLOProfileHandler(String newPath) Constructor.

Method Summary

Methods

Modifier and Type	Method and Description
protected LogoutResponse	buildLogoutResponse(SLOProfileHandler.SLORequestContext requestContext, Status status) Builds LogoutResponse.
protected void	decodeRequest(SLOProfileHandler.SLORequestContext requestContext, HTTPInTransport inTransport, HTTPOutTransport outTransport) Decodes an incoming request and populates a created request context with the resultant information.
protected void	destroySession(Session session) Destroy a session.
String	getProfileId()
org.apache.velocity.app.VelocityEngine	getVelocityEngine() Gets the VelocityEngine to use.
protected void	localLogout(Session indirect, HTTPInTransport inTransport, HTTPOutTransport outTransport, SLOProfileHandler.SLORequestContext requestContext) Handles clearing the active session, possibly an additional "indirect" session, and presenting a logout response to the client using a Velocity template.
protected void	populateAssertingPartyInformation(BaseSAMLProfileRequestContext requestContext) Populates the request context with information about the asserting party.
protected void	populateProfileInformation(BaseSAMLProfileRequestContext requestContext) Populates the request context with the information about the profile.
protected void	populateRelyingPartyInformation(BaseSAMLProfileRequestContext requestContext) Populates the request context with information about the relying party.
protected void	populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext) Populates the request context with information from the inbound SAML message.
protected void	processLogoutRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport) Process and respond to a SAML LogoutRequest message.
void	processRequest(HTTPInTransport inTransport, HTTPOutTransport outTransport)
protected Endpoint	selectEndpoint(BaseSAMLProfileRequestContext requestContext) Selects the appropriate endpoint for the relying party and stores it in the request context.
void	setVelocityEngine(org.apache.velocity.app.VelocityEngine newVelocity) Sets the VelocityEngine to use.

Methods inherited from class edu.internet2.middleware.shibboleth.idp.profile.saml2.AbstractSAML2ProfileHandler

buildAssertion, buildAttributeStatement, buildConditions, buildEntityIssuer, buildErrorResponse, buildNameId, buildResponse, buildStatus, buildSubject, buildSubjectConfirmation, checkSamlVersion, getEncrypter, getKeyEncryptionCredential, getSessionIndexFromNameID, isEncryptAssertion, isEncryptNameID, isRequestRequiresEncryptNameID, isSignAssertion, populateRequestContext, populateStatusResponse, populateUserInformation, postProcessAssertion, postProcessResponse, resolveAttributes, resolvePrincipal, signAssertion, writeAuditLogEntry

Methods inherited from class edu.internet2.middleware.shibboleth.idp.profile.AbstractSAMLProfileHandler

encodeResponse, filterNameIDAttributesByFormats, filterNameIDAttributesByProtocol, getAduitLog, getAuditLog, getEntitySupportedFormats, getIdGenerator, getInboundBinding, getInboundMessageDecoder, getMessageDecoders, getMessageEncoders, getMetadataCredentialResolver, getMetadataProvider, getOutboundMessageEncoder, getRelyingPartyConfiguration, getRequiredNameIDFormat, getSecurityPolicyResolver, getSupportedNameFormats, getSupportedOutboundBindings, getUserSession, getUserSession, isSignResponse, selectNameIDAttributeAndEncoder, selectNameIDAttributeAndEncoder, setIdGenerator, setInboundBinding, setMessageDecoders, setMessageEncoders, setSecurityPolicyResolver, setSupportedOutboundBindings

Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractShibbolethProfileHandler

getBuilderFactory, getParserPool, getProfileConfiguration, getRelyingPartyConfigurationManager, getSessionManager, getStorageService, setParserPool, setRelyingPartyConfigurationManager, setSessionManager, setStorageService

Methods inherited from class edu.internet2.middleware.shibboleth.common.profile.provider.AbstractRequestURIMappedProfileHandler

getRequestPaths, setRequestPaths

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOCAL_LOGOUT_BINDING

public static final String LOCAL_LOGOUT_BINDING

Binding identifier representing "local" logout.

See Also:

Constant Field Values

HTTP_LOGOUT_BINDING_ATTRIBUTE

public static final String HTTP_LOGOUT_BINDING_ATTRIBUTE

Name of attribute for tracking logged out session.

See Also:

Constant Field Values

HTTP_LOGOUT_REQUEST_CONTEXT_ATTRIBUTE

public static final String HTTP_LOGOUT_REQUEST_CONTEXT_ATTRIBUTE

Name of attribute for accessing the SLORequestContext.

See Also:

Constant Field Values

soapFaultResponseMessage

private final String soapFaultResponseMessage

Canned SOAP fault.

See Also:

Constant Field Values

log

private final org.slf4j.Logger log

Class logger.

sloServiceBuilder

private final SAMLObjectBuilder<SingleLogoutService> sloServiceBuilder

Builder of SingleLogoutService objects.

responseBuilder

private final SAMLObjectBuilder<LogoutResponse> responseBuilder

Builder of LogoutResponse objects.

velocity

private org.apache.velocity.app.VelocityEngine velocity

Velocity engine to use to render logout response to user.

templatePath

private String templatePath

Path to Velocity or JSP template for logout response to user.

Constructor Detail

SLOProfileHandler

public SLOProfileHandler(String newPath)

Constructor.

Parameters:

newPath - path to JSP or Velocity template

Method Detail

getVelocityEngine

public org.apache.velocity.app.VelocityEngine getVelocityEngine()

Gets the VelocityEngine to use.

Returns:

the VelocityEngine to use

setVelocityEngine

public void setVelocityEngine(org.apache.velocity.app.VelocityEngine newVelocity)

Sets the VelocityEngine to use.

Parameters:

newVelocity - the VelocityEngine to use

getProfileId

public String getProfileId()

Specified by:

getProfileId in class AbstractShibbolethProfileHandler<SAMLMDRelyingPartyConfigurationManager,Session>

processRequest

public void processRequest(HTTPInTransport inTransport,
                  HTTPOutTransport outTransport)
                    throws ProfileException

Throws:

ProfileException

localLogout

protected void localLogout(Session indirect,
               HTTPInTransport inTransport,
               HTTPOutTransport outTransport,
               SLOProfileHandler.SLORequestContext requestContext)
                    throws ProfileException

Handles clearing the active session, possibly an additional "indirect" session, and presenting a logout response to the client using a Velocity template.

Parameters:

indirect - additional session to clear during logout

inTransport - incoming transport object

outTransport - outgoing transport object

Throws:

ProfileException - if an error occurs during profile execution

processLogoutRequest

protected void processLogoutRequest(HTTPInTransport inTransport,
                        HTTPOutTransport outTransport)
                             throws ProfileException

Process and respond to a SAML LogoutRequest message. This is a very simplified version because it doesn't propagate the logout to any SPs. It just handles the IdP session(s) and then either responds to the client or to the SP depending on the async flag.

Parameters:

inTransport - incoming transport object

outTransport - outgoing transport object

Throws:

ProfileException - if an error occurs during profile execution

buildLogoutResponse

protected LogoutResponse buildLogoutResponse(SLOProfileHandler.SLORequestContext requestContext,
                                 Status status)
                                      throws ProfileException

Builds LogoutResponse. If status is null, the requestContext's failure status property will be used.

Parameters:

requestContext - context information for the current request

status - a Status to add to the response

Returns:

a new LogoutResponse message

Throws:

ProfileException - if an error occurs during profile execution

destroySession

protected void destroySession(Session session)

Destroy a session.

Parameters:

session - session to destroy

populateSAMLMessageInformation

protected void populateSAMLMessageInformation(BaseSAMLProfileRequestContext requestContext)
                                       throws ProfileException

Populates the request context with information from the inbound SAML message. Unless overridden, AbstractSAMLProfileHandler.populateRequestContext(BaseSAMLProfileRequestContext) has already invoked AbstractSAMLProfileHandler.populateRelyingPartyInformation(BaseSAMLProfileRequestContext),and AbstractSAMLProfileHandler.populateAssertingPartyInformation(BaseSAMLProfileRequestContext) have already been invoked and the properties they provide are available in the request context.

Specified by:

populateSAMLMessageInformation in class AbstractSAMLProfileHandler

Parameters:

requestContext - current request context

Throws:

ProfileException - thrown if there is a problem populating the request context with information

populateRelyingPartyInformation

protected void populateRelyingPartyInformation(BaseSAMLProfileRequestContext requestContext)
                                        throws ProfileException

Populates the request context with information about the relying party. This method requires the the following request context properties to be populated: inbound message issuer This methods populates the following request context properties: peer entityID, peer entity metadata, relying party configuration

Overrides:

populateRelyingPartyInformation in class AbstractSAMLProfileHandler

Parameters:

requestContext - current request context

Throws:

ProfileException - thrown if there is a problem looking up the relying party's metadata

populateAssertingPartyInformation

protected void populateAssertingPartyInformation(BaseSAMLProfileRequestContext requestContext)
                                          throws ProfileException

Populates the request context with information about the asserting party. Unless overridden, AbstractSAMLProfileHandler.populateRequestContext(BaseSAMLProfileRequestContext) has already invoked AbstractSAMLProfileHandler.populateRelyingPartyInformation(BaseSAMLProfileRequestContext) has already been invoked and the properties it provides are available in the request context. This method requires the the following request context properties to be populated: metadata provider, relying party configuration This methods populates the following request context properties: local entity ID, outbound message issuer, local entity metadata

Overrides:

populateAssertingPartyInformation in class AbstractSAMLProfileHandler

Parameters:

requestContext - current request context

Throws:

ProfileException - thrown if there is a problem looking up the asserting party's metadata

selectEndpoint

protected Endpoint selectEndpoint(BaseSAMLProfileRequestContext requestContext)
                           throws ProfileException

Selects the appropriate endpoint for the relying party and stores it in the request context.

Specified by:

selectEndpoint in class AbstractSAMLProfileHandler

Parameters:

requestContext - current request context

Returns:

Endpoint selected from the information provided in the request context

Throws:

ProfileException - thrown if there is a problem selecting a response endpoint

populateProfileInformation

protected void populateProfileInformation(BaseSAMLProfileRequestContext requestContext)
                                   throws ProfileException

Populates the request context with the information about the profile. Unless overridden, AbstractSAMLProfileHandler.populateRequestContext(BaseSAMLProfileRequestContext) has already invoked AbstractSAMLProfileHandler.populateRelyingPartyInformation(BaseSAMLProfileRequestContext), AbstractSAMLProfileHandler.populateAssertingPartyInformation(BaseSAMLProfileRequestContext), and AbstractSAMLProfileHandler.populateSAMLMessageInformation(BaseSAMLProfileRequestContext) have already been invoked and the properties they provide are available in the request context. This method requires the the following request context properties to be populated: relying party configuration This methods populates the following request context properties: communication profile ID, profile configuration, outbound message artifact type, peer entity endpoint

Overrides:

populateProfileInformation in class AbstractSAMLProfileHandler

Parameters:

requestContext - current request context

Throws:

ProfileException - thrown if there is a problem populating the profile information

decodeRequest

protected void decodeRequest(SLOProfileHandler.SLORequestContext requestContext,
                 HTTPInTransport inTransport,
                 HTTPOutTransport outTransport)
                      throws ProfileException

Decodes an incoming request and populates a created request context with the resultant information.

Parameters:

requestContext - request context to which decoded information should be added

inTransport - inbound message transport

outTransport - outbound message transport

Throws:

ProfileException - if there is a problem decoding the request