Hi Dimuthu,
> In the above case, in the session map what do you have? What we should be > storing is the Session Id even though the log says ContextId. Should the > log be modified? > > 1750291c-611b-4305-9fbc-40ba183d5878 --> > *9b8245d49407465772c9d25fef729bef3d00f07902b1c9d74d7795074557351d * > > Is it? > > Yes, the log need to be modified, but in the map we have session index (SAML) vs session id [1]. 1750291c-611b-4305-9fbc-40ba183d5878 --> *9b8245d49407465772c9d25fef729bef3d00f07902b1c9d74d7795074557351d* [1] https://github.com/Kanapriya/saml-sso-outbound/blob/master/ components/org.wso2.carbon.identity.application.authenticator.samlsso/src/ main/java/org/wso2/carbon/identity/application/authenticator/samlsso/ SAMLAuthenticationDataPublisher.java#L83 thanks, > Dimuthu > > On Fri, Jan 19, 2018 at 2:04 PM, Kanapriya Kuleswararajan < > [email protected]> wrote: > >> Hi Malithi, >> >> I have set the session as cookie in wrappped servlet request [1]. Now, it >> resolves the above mentioned error when I initiated a logout request from >> FIDP (avis.com). But with that also I couldn't logout the SP and I >> observed the following debug log in the console. >> >> [2018-01-19 13:27:12,126] ERROR {org.wso2.carbon.identity.appl >> ication.authenticator.samlsso.SAML2FederatedLogoutRequestHandler} - >> Recieved sessionIndex **************1750291c-611b-4305-9fbc-40ba183d5878 >> [2018-01-19 13:27:12,127] ERROR {org.wso2.carbon.identity.appl >> ication.authenticator.samlsso.SAML2FederatedLogoutRequestHandler} - >> *Recieved >> ContextId ************** >> 9b8245d49407465772c9d25fef729bef3d00f07902b1c9d74d7795074557351d* >> [2018-01-19 13:27:12,127] DEBUG {org.wso2.carbon.identity.appl >> ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator} >> - Initializing the flow >> [2018-01-19 13:27:12,127] DEBUG {org.wso2.carbon.identity.appl >> ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator} >> - Framework contextId: c694dedf-6893-4960-addb-9e5b5e1e6cad >> [2018-01-19 13:27:12,127] DEBUG {org.wso2.carbon.identity.appl >> ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator} >> - Starting a logout flow >> [2018-01-19 13:27:12,128] DEBUG {org.wso2.carbon.identity.appl >> ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator} >> - Outbound Query String: sessionDataKey=c694dedf-6893-4 >> 960-addb-9e5b5e1e6cad&relyingParty=travelocity.com&type=samlsso&sp= >> travelocity.com&isSaaSApp=false >> [2018-01-19 13:27:12,130] DEBUG {org.wso2.carbon.identity.appl >> ication.authentication.framework.handler.request.impl.DefaultLogoutRequestHandler} >> - Sending response back to: http://localhost:8080/traveloc >> ity.com/home.jsp... >> commonAuthLoggedOut : true >> sessionDataKey: null >> >> >> @ Dimuthu : I have checked IS cookie in the browser, but It's not the >> same as the cookie what I store in the map against the sessionIndex. Please >> find the screen shot below : >> >> [image: Inline image 1] >> >> [1] https://github.com/Kanapriya/saml-sso-outbound/blob/master/c >> omponents/org.wso2.carbon.identity.application.authenticator >> .samlsso/src/main/java/org/wso2/carbon/identity/application/ >> authenticator/samlsso/SAML2FederatedLogoutRequestHandler.java#L137 >> >> Am I missing anything ? How can I proceed with this further? >> >> Thanks, >> Kanapriya >> >> >> Kanapriya Kuleswararajan >> Software Engineer >> Mobile : - 0774894438 <077%20489%204438> >> Mail : - [email protected] >> LinkedIn : - https://www.linkedin.com/in/kanapriya-kules-94712685/ >> WSO2, Inc. >> lean . enterprise . middleware >> >> >> On Fri, Jan 19, 2018 at 8:27 AM, Dimuthu Leelarathne <[email protected]> >> wrote: >> >>> Hi Kanapriya, >>> >>> Also, pls check whether the IS cookie in the browser is the same as the >>> cookie you store in the map against the sessionIndex have the same value. >>> >>> thanks, >>> Dimuthu >>> >>> >>> On Fri, Jan 19, 2018 at 7:15 AM, Malithi Edirisinghe <[email protected]> >>> wrote: >>> >>>> You have to set the session as a cookie in the wrappped servlet >>>> request. Otherwise framework will not pick the session with respect to this >>>> flow. >>>> >>>> On Fri, Jan 19, 2018 at 12:22 AM, Kanapriya Kuleswararajan < >>>> [email protected]> wrote: >>>> >>>>> Hi Malithi, >>>>> >>>>> Thanks for the suggestion, I wrapped the relevant parameters which is >>>>> mentioned in the following endpoint [1] as per the off-line discussion and >>>>> directly invoke the Java API [2] instead of forward the wrapper object to >>>>> the common auth endpoint. Now I got an different error [3]. >>>>> >>>>> [1] >>>>> */commonauth?commonAuthLogout=true&type={type}&commonAuthCallerPath={some-url}&relyingParty={sp-name}* >>>>> >>>>> [2] https://github.com/Kanapriya/saml-sso-outbound/blob/master/c >>>>> omponents/org.wso2.carbon.identity.application.authenticator >>>>> .samlsso/src/main/java/org/wso2/carbon/identity/application/ >>>>> authenticator/samlsso/SAML2FederatedLogoutRequestHandler.java#L131 >>>>> >>>>> [3] >>>>> >>>>> [2018-01-19 00:10:36,771] DEBUG {org.wso2.carbon.identity.appl >>>>> ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator} >>>>> - retrieving authentication request from cache.. >>>>> [2018-01-19 00:10:36,772] ERROR {org.wso2.carbon.identity.appl >>>>> ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator} >>>>> - Exception in Authentication Framework >>>>> org.wso2.carbon.identity.application.authentication.framewor >>>>> k.exception.FrameworkException: Invalid authentication request. >>>>> Session data key : 23b80283629e8b46fff6978874f46c >>>>> f34664c78abd168d9d47dff7031dffde7e >>>>> at org.wso2.carbon.identity.application.authentication.framewor >>>>> k.handler.request.impl.DefaultRequestCoordinator.handle(Defa >>>>> ultRequestCoordinator.java:111) >>>>> at org.wso2.carbon.identity.application.authentication.framewor >>>>> k.CommonAuthenticationHandler.doPost(CommonAuthenticationHan >>>>> dler.java:46) >>>>> at org.wso2.carbon.identity.application.authentication.framewor >>>>> k.CommonAuthenticationHandler.doGet(CommonAuthenticationHand >>>>> ler.java:37) >>>>> at org.wso2.carbon.identity.application.authenticator.samlsso.S >>>>> AML2FederatedLogoutRequestHandler.initiateLogRequest(SAML2Fe >>>>> deratedLogoutRequestHandler.java:139) >>>>> at org.wso2.carbon.identity.application.authenticator.samlsso.S >>>>> AML2FederatedLogoutRequestHandler.doPost(SAML2FederatedLogou >>>>> tRequestHandler.java:82) >>>>> >>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) >>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se >>>>> rvice(ContextPathServletAdaptor.java:37) >>>>> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio >>>>> n.service(ServletRegistration.java:61) >>>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce >>>>> ssAlias(ProxyServlet.java:128) >>>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi >>>>> ce(ProxyServlet.java:60) >>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service >>>>> (DelegationServlet.java:68) >>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>> lter(ApplicationFilterChain.java:303) >>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>> licationFilterChain.java:208) >>>>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilte >>>>> r.java:52) >>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>> lter(ApplicationFilterChain.java:241) >>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>> licationFilterChain.java:208) >>>>> at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter >>>>> .java:72) >>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>> lter(ApplicationFilterChain.java:241) >>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>> licationFilterChain.java:208) >>>>> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilte >>>>> r(CharacterSetFilter.java:65) >>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>> lter(ApplicationFilterChain.java:241) >>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>> licationFilterChain.java:208) >>>>> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >>>>> r(HttpHeaderSecurityFilter.java:124) >>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>> lter(ApplicationFilterChain.java:241) >>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>> licationFilterChain.java:208) >>>>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar >>>>> dWrapperValve.java:219) >>>>> at org.apache.catalina.core.StandardContextValve.invoke(Standar >>>>> dContextValve.java:110) >>>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A >>>>> uthenticatorBase.java:506) >>>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo >>>>> stValve.java:169) >>>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo >>>>> rtValve.java:103) >>>>> at org.wso2.carbon.identity.context.rewrite.valve.TenantContext >>>>> RewriteValve.invoke(TenantContextRewriteValve.java:80) >>>>> at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invo >>>>> ke(AuthorizationValve.java:91) >>>>> at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invo >>>>> ke(AuthenticationValve.java:60) >>>>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv >>>>> ocation(CompositeValve.java:99) >>>>> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke >>>>> (CarbonTomcatValve.java:47) >>>>> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena >>>>> ntLazyLoaderValve.java:57) >>>>> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok >>>>> eValves(TomcatValveContainer.java:47) >>>>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp >>>>> ositeValve.java:62) >>>>> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection >>>>> Valve.invoke(CarbonStuckThreadDetectionValve.java:159) >>>>> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa >>>>> lve.java:962) >>>>> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. >>>>> invoke(CarbonContextCreatorValve.java:57) >>>>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard >>>>> EngineValve.java:116) >>>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd >>>>> apter.java:445) >>>>> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs >>>>> tractHttp11Processor.java:1115) >>>>> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler >>>>> .process(AbstractProtocol.java:637) >>>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun >>>>> (NioEndpoint.java:1775) >>>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(N >>>>> ioEndpoint.java:1734) >>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >>>>> Executor.java:1142) >>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >>>>> lExecutor.java:617) >>>>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r >>>>> un(TaskThread.java:61) >>>>> at java.lang.Thread.run(Thread.java:745) >>>>> >>>>> Appreciate your input on this. >>>>> >>>>> Thanks, >>>>> Kanapriya >>>>> >>>>> Kanapriya Kuleswararajan >>>>> Software Engineer >>>>> Mobile : - 0774894438 <077%20489%204438> >>>>> Mail : - [email protected] >>>>> LinkedIn : - https://www.linkedin.com/in/kanapriya-kules-94712685/ >>>>> WSO2, Inc. >>>>> lean . enterprise . middleware >>>>> >>>>> >>>>> On Thu, Jan 18, 2018 at 10:31 PM, Malithi Edirisinghe < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Kanapriya, >>>>>> >>>>>> So seems you have dispatched back to the servlet transport. With this >>>>>> you won't be able to respond back to the federated IdP as the response is >>>>>> committed. Instead, follow the approach at [1]. There you wrap request >>>>>> and >>>>>> response and directly invoke the Java API, which will return the request >>>>>> and response handled by the servlet endpoint. Then you can verify and >>>>>> respond back to the federated IdP. >>>>>> >>>>>> [1] https://github.com/wso2-extensions/identity-inbound-auth >>>>>> -saml/blob/5.3.x/components/org.wso2.carbon.identity.sso.sam >>>>>> l/src/main/java/org/wso2/carbon/identity/sso/saml/servlet/SA >>>>>> MLSSOProviderServlet.java#L1219 >>>>>> >>>>>> Thanks, >>>>>> Malithi. >>>>>> >>>>>> On Thu, Jan 18, 2018 at 7:29 PM, Kanapriya Kuleswararajan < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Please find the error log below : >>>>>>> >>>>>>> ERROR {org.apache.catalina.core.ApplicationDispatcher} - >>>>>>> Servlet.service() for servlet bridgeservlet threw exception >>>>>>> java.lang.StringIndexOutOfBoundsException: String index out of >>>>>>> range: -1 >>>>>>> at java.lang.String.substring(String.java:1967) >>>>>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi >>>>>>> ce(ProxyServlet.java:70) >>>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>>>>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service >>>>>>> (DelegationServlet.java:68) >>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>>> lter(ApplicationFilterChain.java:303) >>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>>> licationFilterChain.java:208) >>>>>>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilte >>>>>>> r.java:52) >>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>>> lter(ApplicationFilterChain.java:241) >>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>>> licationFilterChain.java:208) >>>>>>> at org.apache.catalina.core.ApplicationDispatcher.invoke(Applic >>>>>>> ationDispatcher.java:743) >>>>>>> at org.apache.catalina.core.ApplicationDispatcher.processReques >>>>>>> t(ApplicationDispatcher.java:485) >>>>>>> at org.apache.catalina.core.ApplicationDispatcher.doForward(App >>>>>>> licationDispatcher.java:410) >>>>>>> at org.apache.catalina.core.ApplicationDispatcher.forward(Appli >>>>>>> cationDispatcher.java:337) >>>>>>> at org.eclipse.equinox.http.servlet.internal.RequestDispatcherA >>>>>>> daptor.forward(RequestDispatcherAdaptor.java:30) >>>>>>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor$Re >>>>>>> questDispatcherAdaptor.forward(ContextPathServletAdaptor.java:362) >>>>>>> at org.wso2.carbon.identity.application.authenticator.samlsso.S >>>>>>> AML2FederatedLogoutRequestHandler.initiateLogRequest(SAML2Fe >>>>>>> deratedLogoutRequestHandler.java:136) >>>>>>> at org.wso2.carbon.identity.application.authenticator.samlsso.S >>>>>>> AML2FederatedLogoutRequestHandler.doPost(SAML2FederatedLogou >>>>>>> tRequestHandler.java:79) >>>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) >>>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>>>>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se >>>>>>> rvice(ContextPathServletAdaptor.java:37) >>>>>>> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio >>>>>>> n.service(ServletRegistration.java:61) >>>>>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce >>>>>>> ssAlias(ProxyServlet.java:128) >>>>>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi >>>>>>> ce(ProxyServlet.java:60) >>>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>>>>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service >>>>>>> (DelegationServlet.java:68) >>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>>> lter(ApplicationFilterChain.java:303) >>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>>> licationFilterChain.java:208) >>>>>>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilte >>>>>>> r.java:52) >>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>>> lter(ApplicationFilterChain.java:241) >>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>>> licationFilterChain.java:208) >>>>>>> at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter >>>>>>> .java:72) >>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>>> lter(ApplicationFilterChain.java:241) >>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>>> licationFilterChain.java:208) >>>>>>> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilte >>>>>>> r(CharacterSetFilter.java:65) >>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>>> lter(ApplicationFilterChain.java:241) >>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>>> licationFilterChain.java:208) >>>>>>> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >>>>>>> r(HttpHeaderSecurityFilter.java:124) >>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>>> lter(ApplicationFilterChain.java:241) >>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>>> licationFilterChain.java:208) >>>>>>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar >>>>>>> dWrapperValve.java:219) >>>>>>> at org.apache.catalina.core.StandardContextValve.invoke(Standar >>>>>>> dContextValve.java:110) >>>>>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A >>>>>>> uthenticatorBase.java:506) >>>>>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo >>>>>>> stValve.java:169) >>>>>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo >>>>>>> rtValve.java:103) >>>>>>> at org.wso2.carbon.identity.context.rewrite.valve.TenantContext >>>>>>> RewriteValve.invoke(TenantContextRewriteValve.java:80) >>>>>>> at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invo >>>>>>> ke(AuthorizationValve.java:91) >>>>>>> at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invo >>>>>>> ke(AuthenticationValve.java:60) >>>>>>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv >>>>>>> ocation(CompositeValve.java:99) >>>>>>> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke >>>>>>> (CarbonTomcatValve.java:47) >>>>>>> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena >>>>>>> ntLazyLoaderValve.java:57) >>>>>>> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok >>>>>>> eValves(TomcatValveContainer.java:47) >>>>>>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp >>>>>>> ositeValve.java:62) >>>>>>> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection >>>>>>> Valve.invoke(CarbonStuckThreadDetectionValve.java:159) >>>>>>> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa >>>>>>> lve.java:962) >>>>>>> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. >>>>>>> invoke(CarbonContextCreatorValve.java:57) >>>>>>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard >>>>>>> EngineValve.java:116) >>>>>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd >>>>>>> apter.java:445) >>>>>>> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs >>>>>>> tractHttp11Processor.java:1115) >>>>>>> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler >>>>>>> .process(AbstractProtocol.java:637) >>>>>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun >>>>>>> (NioEndpoint.java:1775) >>>>>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(N >>>>>>> ioEndpoint.java:1734) >>>>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >>>>>>> Executor.java:1142) >>>>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >>>>>>> lExecutor.java:617) >>>>>>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r >>>>>>> un(TaskThread.java:61) >>>>>>> at java.lang.Thread.run(Thread.java:745) >>>>>>> >>>>>>> Thanks, >>>>>>> Kanapriya >>>>>>> >>>>>>> Kanapriya Kuleswararajan >>>>>>> Software Engineer >>>>>>> Mobile : - 0774894438 <077%20489%204438> >>>>>>> Mail : - [email protected] >>>>>>> LinkedIn : - https://www.linkedin.com/in/kanapriya-kules-94712685/ >>>>>>> WSO2, Inc. >>>>>>> lean . enterprise . middleware >>>>>>> >>>>>>> >>>>>>> On Thu, Jan 18, 2018 at 7:27 PM, Kanapriya Kuleswararajan < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Hi All, >>>>>>>> >>>>>>>> >>>>>>>>>> b) - At number 5 in the diagram, i.e. when the logout request is >>>>>>>>>> received, we wrap the request and response and send over to our >>>>>>>>>> common-auth servelet. Here before invoking the common-auth servelet, >>>>>>>>>> we >>>>>>>>>> will retrieve session Id from the map (using the SAML Session Index) >>>>>>>>>> and >>>>>>>>>> set it in the wrapper object. >>>>>>>>>> >>>>>>>>> >>>>>>>>> Request which forwards to the commonauth endpoint will have a >>>>>>>>> format similar to following, >>>>>>>>> >>>>>>>>> */commonauth?commonAuthLogout=true&type={type}&commonAuthCallerPath={some-url}&relyingParty={sp-name}* >>>>>>>>> NOTE: Need to verify whether relyingParty parameter is required or >>>>>>>>> not. >>>>>>>>> >>>>>>>>> After logout from the framework, the saml-sso outbound >>>>>>>>> component will verify the response and will build a valid SAML2 logout >>>>>>>>> response and send back to the federated IdP. >>>>>>>>> >>>>>>>> >>>>>>>> I have created a Servlet endpoint [1] to access SAML logout request >>>>>>>> from FIDP and register this Servlet as service [2]. Here, I get the >>>>>>>> session >>>>>>>> id using the session index and set it inside wrapper object and forward >>>>>>>> that to the commonauth endpoint. When I sent a logout request from >>>>>>>> FIDP, >>>>>>>> FIDP is logged out but SP is is not getting logged out even we sent the >>>>>>>> sessionID to invalidate the session and observe the error [1] at the >>>>>>>> back >>>>>>>> end. >>>>>>>> >>>>>>>> Is there anything I need to do more than this? >>>>>>>> >>>>>>>> [1] https://github.com/Kanapriya/saml-sso-outbound/blob/master/c >>>>>>>> omponents/org.wso2.carbon.identity.application.authenticator >>>>>>>> .samlsso/src/main/java/org/wso2/carbon/identity/application/ >>>>>>>> authenticator/samlsso/SAML2FederatedLogoutRequestHandler.java >>>>>>>> >>>>>>>> [2] https://github.com/Kanapriya/saml-sso-outbound/blob/master/c >>>>>>>> omponents/org.wso2.carbon.identity.application.authenticator >>>>>>>> .samlsso/src/main/java/org/wso2/carbon/identity/application/ >>>>>>>> authenticator/samlsso/internal/SAMLSSOAuthenticatorServiceCo >>>>>>>> mponent.java#L74 >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Kanapriya >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> >>>>>>>>>> @Thanuja and Malithi: Please add anything that I have missed. And >>>>>>>>>> also appreciate code snippets for above (a) and (b). >>>>>>>>>> >>>>>>>>>> After the POC implementation, we will have another review. >>>>>>>>>> >>>>>>>>>> thank you, >>>>>>>>>> Dimuthu >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Dimuthu Leelarathne >>>>>>>>>> Director, Solutions Architecture >>>>>>>>>> >>>>>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>>>>> email: [email protected] >>>>>>>>>> Mobile: +94773661935 <+94%2077%20366%201935> >>>>>>>>>> Blog: http://muthulee.blogspot.com >>>>>>>>>> >>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>> >>>>>>>>> >>>>>>>>> [1] - https://github.com/wso2/carbon-identity-framework/blob/5.1 >>>>>>>>> 1.x/components/authentication-framework/org.wso2.carbon.iden >>>>>>>>> tity.application.authentication.framework/src/main/java/org/ >>>>>>>>> wso2/carbon/identity/application/authentication/framework/ut >>>>>>>>> il/FrameworkUtils.java#L1258 >>>>>>>>> >>>>>>>>> >>>>>>>>> <https://github.com/wso2/carbon-identity-framework/blob/5.11.x/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java#L1258>[2] >>>>>>>>> - https://github.com/wso2/carbon-identity-framework/blob/5.1 >>>>>>>>> 1.x/components/authentication-framework/org.wso2.carbon.iden >>>>>>>>> tity.application.authentication.framework/src/main/java/org/ >>>>>>>>> wso2/carbon/identity/application/authentication/framework/Au >>>>>>>>> thenticationDataPublisher.java >>>>>>>>> >>>>>>>>> [3] - https://github.com/wso2-extensions/identity-governance/blo >>>>>>>>> b/master/components/org.wso2.carbon.identity.captcha/src/mai >>>>>>>>> n/java/org/wso2/carbon/identity/captcha/validator/FailLoginA >>>>>>>>> ttemptValidator.java >>>>>>>>> >>>>>>>>> [4] - https://github.com/wso2/carbon-identity-framework/blob/5.1 >>>>>>>>> 1.x/components/authentication-framework/org.wso2.carbon.iden >>>>>>>>> tity.application.authentication.framework/src/main/java/org/ >>>>>>>>> wso2/carbon/identity/application/authentication/framework/mo >>>>>>>>> del/CommonAuthRequestWrapper.java >>>>>>>>> >>>>>>>>> [5] - https://github.com/wso2/carbon-identity-framework/blob/5.1 >>>>>>>>> 1.x/components/authentication-framework/org.wso2.carbon.iden >>>>>>>>> tity.application.authentication.framework/src/main/java/org/ >>>>>>>>> wso2/carbon/identity/application/authentication/framework/mo >>>>>>>>> del/CommonAuthResponseWrapper.java >>>>>>>>> >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Thanuja >>>>>>>>> -- >>>>>>>>> *Thanuja Lakmal* >>>>>>>>> Associate Technical Lead >>>>>>>>> WSO2 Inc. http://wso2.com/ >>>>>>>>> *lean.enterprise.middleware* >>>>>>>>> Mobile: +94715979891 >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> *Malithi Edirisinghe* >>>>>> Associate Technical Lead >>>>>> WSO2 Inc. >>>>>> >>>>>> Mobile : +94 (0) 718176807 >>>>>> [email protected] >>>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> >>>> *Malithi Edirisinghe* >>>> Associate Technical Lead >>>> WSO2 Inc. >>>> >>>> Mobile : +94 (0) 718176807 >>>> [email protected] >>>> >>> >>> >>> >>> -- >>> Dimuthu Leelarathne >>> Director, Solutions Architecture >>> >>> WSO2, Inc. (http://wso2.com) >>> email: [email protected] >>> Mobile: +94773661935 <+94%2077%20366%201935> >>> Blog: http://muthulee.blogspot.com >>> >>> Lean . Enterprise . Middleware >>> >> >> > > > -- > Dimuthu Leelarathne > Director, Solutions Architecture > > WSO2, Inc. (http://wso2.com) > email: [email protected] > Mobile: +94773661935 <+94%2077%20366%201935> > Blog: http://muthulee.blogspot.com > > Lean . Enterprise . Middleware >
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
