Hi Malithi/Thanuja/Kanapriya, Instead of registering a new servlet endpoint, can't we use the /identity endpoint and write just a inbound authenticator to do this task?
And also this new endpoint will only support SAML2 IdP right? Then for a OIDC IdP we need to introduce another endpoint? Then for each outbound protocol we support we need to introduce a new inbound endpoint? That doesn't seem scalable to me. Instead can't we handle everything through the /identity endpoint and have different inbound authenticators to support the different IdP protocols? May be we can have the common logic handled by an abstract authenticator and extend it for the protocol specific implementations. Did you find any problems in doing it the above way? That will be more extensible to be used by other protocols also. In addition, this approach should work for front channel and back channel logout requests sent by the IdP, because we are only relying on the sessionIndex value in the logout request. Is your understanding the same? Regards, Johann. On Fri, Jan 19, 2018 at 2:18 PM, Kanapriya Kuleswararajan < [email protected]> wrote: > Hi Dimuthu, > > > >> In the above case, in the session map what do you have? What we should be >> storing is the Session Id even though the log says ContextId. Should the >> log be modified? >> >> 1750291c-611b-4305-9fbc-40ba183d5878 --> >> *9b8245d49407465772c9d25fef729bef3d00f07902b1c9d74d7795074557351d * >> >> Is it? >> >> Yes, the log need to be modified, but in the map we have session index > (SAML) vs session id [1]. > > 1750291c-611b-4305-9fbc-40ba183d5878 --> > *9b8245d49407465772c9d25fef729bef3d00f07902b1c9d74d7795074557351d* > > [1] https://github.com/Kanapriya/saml-sso-outbound/blob/master/c > omponents/org.wso2.carbon.identity.application.authenticator > .samlsso/src/main/java/org/wso2/carbon/identity/application/ > authenticator/samlsso/SAMLAuthenticationDataPublisher.java#L83 > > > thanks, >> Dimuthu >> >> On Fri, Jan 19, 2018 at 2:04 PM, Kanapriya Kuleswararajan < >> [email protected]> wrote: >> >>> Hi Malithi, >>> >>> I have set the session as cookie in wrappped servlet request [1]. Now, >>> it resolves the above mentioned error when I initiated a logout request >>> from FIDP (avis.com). But with that also I couldn't logout the SP and I >>> observed the following debug log in the console. >>> >>> [2018-01-19 13:27:12,126] ERROR {org.wso2.carbon.identity.appl >>> ication.authenticator.samlsso.SAML2FederatedLogoutRequestHandler} - >>> Recieved sessionIndex **************1750291c-611b-4305-9fbc-40ba183d5878 >>> [2018-01-19 13:27:12,127] ERROR {org.wso2.carbon.identity.appl >>> ication.authenticator.samlsso.SAML2FederatedLogoutRequestHandler} - >>> *Recieved >>> ContextId ************** >>> 9b8245d49407465772c9d25fef729bef3d00f07902b1c9d74d7795074557351d* >>> [2018-01-19 13:27:12,127] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator} >>> - Initializing the flow >>> [2018-01-19 13:27:12,127] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator} >>> - Framework contextId: c694dedf-6893-4960-addb-9e5b5e1e6cad >>> [2018-01-19 13:27:12,127] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator} >>> - Starting a logout flow >>> [2018-01-19 13:27:12,128] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator} >>> - Outbound Query String: sessionDataKey=c694dedf-6893-4 >>> 960-addb-9e5b5e1e6cad&relyingParty=travelocity.com&type=samlsso&sp= >>> travelocity.com&isSaaSApp=false >>> [2018-01-19 13:27:12,130] DEBUG {org.wso2.carbon.identity.appl >>> ication.authentication.framework.handler.request.impl.DefaultLogoutRequestHandler} >>> - Sending response back to: http://localhost:8080/traveloc >>> ity.com/home.jsp... >>> commonAuthLoggedOut : true >>> sessionDataKey: null >>> >>> >>> @ Dimuthu : I have checked IS cookie in the browser, but It's not the >>> same as the cookie what I store in the map against the sessionIndex. Please >>> find the screen shot below : >>> >>> [image: Inline image 1] >>> >>> [1] https://github.com/Kanapriya/saml-sso-outbound/blob/master/c >>> omponents/org.wso2.carbon.identity.application.authenticator >>> .samlsso/src/main/java/org/wso2/carbon/identity/application/ >>> authenticator/samlsso/SAML2FederatedLogoutRequestHandler.java#L137 >>> >>> Am I missing anything ? How can I proceed with this further? >>> >>> Thanks, >>> Kanapriya >>> >>> >>> Kanapriya Kuleswararajan >>> Software Engineer >>> Mobile : - 0774894438 <077%20489%204438> >>> Mail : - [email protected] >>> LinkedIn : - https://www.linkedin.com/in/kanapriya-kules-94712685/ >>> WSO2, Inc. >>> lean . enterprise . middleware >>> >>> >>> On Fri, Jan 19, 2018 at 8:27 AM, Dimuthu Leelarathne <[email protected]> >>> wrote: >>> >>>> Hi Kanapriya, >>>> >>>> Also, pls check whether the IS cookie in the browser is the same as the >>>> cookie you store in the map against the sessionIndex have the same value. >>>> >>>> thanks, >>>> Dimuthu >>>> >>>> >>>> On Fri, Jan 19, 2018 at 7:15 AM, Malithi Edirisinghe <[email protected] >>>> > wrote: >>>> >>>>> You have to set the session as a cookie in the wrappped servlet >>>>> request. Otherwise framework will not pick the session with respect to >>>>> this >>>>> flow. >>>>> >>>>> On Fri, Jan 19, 2018 at 12:22 AM, Kanapriya Kuleswararajan < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Malithi, >>>>>> >>>>>> Thanks for the suggestion, I wrapped the relevant parameters which >>>>>> is mentioned in the following endpoint [1] as per the off-line discussion >>>>>> and directly invoke the Java API [2] instead of forward the wrapper >>>>>> object >>>>>> to the common auth endpoint. Now I got an different error [3]. >>>>>> >>>>>> [1] >>>>>> */commonauth?commonAuthLogout=true&type={type}&commonAuthCallerPath={some-url}&relyingParty={sp-name}* >>>>>> >>>>>> [2] https://github.com/Kanapriya/saml-sso-outbound/blob/master/c >>>>>> omponents/org.wso2.carbon.identity.application.authenticator >>>>>> .samlsso/src/main/java/org/wso2/carbon/identity/application/ >>>>>> authenticator/samlsso/SAML2FederatedLogoutRequestHandler.java#L131 >>>>>> >>>>>> [3] >>>>>> >>>>>> [2018-01-19 00:10:36,771] DEBUG {org.wso2.carbon.identity.appl >>>>>> ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator} >>>>>> - retrieving authentication request from cache.. >>>>>> [2018-01-19 00:10:36,772] ERROR {org.wso2.carbon.identity.appl >>>>>> ication.authentication.framework.handler.request.impl.DefaultRequestCoordinator} >>>>>> - Exception in Authentication Framework >>>>>> org.wso2.carbon.identity.application.authentication.framewor >>>>>> k.exception.FrameworkException: Invalid authentication request. >>>>>> Session data key : 23b80283629e8b46fff6978874f46c >>>>>> f34664c78abd168d9d47dff7031dffde7e >>>>>> at org.wso2.carbon.identity.application.authentication.framewor >>>>>> k.handler.request.impl.DefaultRequestCoordinator.handle(Defa >>>>>> ultRequestCoordinator.java:111) >>>>>> at org.wso2.carbon.identity.application.authentication.framewor >>>>>> k.CommonAuthenticationHandler.doPost(CommonAuthenticationHan >>>>>> dler.java:46) >>>>>> at org.wso2.carbon.identity.application.authentication.framewor >>>>>> k.CommonAuthenticationHandler.doGet(CommonAuthenticationHand >>>>>> ler.java:37) >>>>>> at org.wso2.carbon.identity.application.authenticator.samlsso.S >>>>>> AML2FederatedLogoutRequestHandler.initiateLogRequest(SAML2Fe >>>>>> deratedLogoutRequestHandler.java:139) >>>>>> at org.wso2.carbon.identity.application.authenticator.samlsso.S >>>>>> AML2FederatedLogoutRequestHandler.doPost(SAML2FederatedLogou >>>>>> tRequestHandler.java:82) >>>>>> >>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) >>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>>>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se >>>>>> rvice(ContextPathServletAdaptor.java:37) >>>>>> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio >>>>>> n.service(ServletRegistration.java:61) >>>>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce >>>>>> ssAlias(ProxyServlet.java:128) >>>>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi >>>>>> ce(ProxyServlet.java:60) >>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>>>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service >>>>>> (DelegationServlet.java:68) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>> lter(ApplicationFilterChain.java:303) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>> licationFilterChain.java:208) >>>>>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilte >>>>>> r.java:52) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>> lter(ApplicationFilterChain.java:241) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>> licationFilterChain.java:208) >>>>>> at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter >>>>>> .java:72) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>> lter(ApplicationFilterChain.java:241) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>> licationFilterChain.java:208) >>>>>> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilte >>>>>> r(CharacterSetFilter.java:65) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>> lter(ApplicationFilterChain.java:241) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>> licationFilterChain.java:208) >>>>>> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >>>>>> r(HttpHeaderSecurityFilter.java:124) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>> lter(ApplicationFilterChain.java:241) >>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>> licationFilterChain.java:208) >>>>>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar >>>>>> dWrapperValve.java:219) >>>>>> at org.apache.catalina.core.StandardContextValve.invoke(Standar >>>>>> dContextValve.java:110) >>>>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A >>>>>> uthenticatorBase.java:506) >>>>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo >>>>>> stValve.java:169) >>>>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo >>>>>> rtValve.java:103) >>>>>> at org.wso2.carbon.identity.context.rewrite.valve.TenantContext >>>>>> RewriteValve.invoke(TenantContextRewriteValve.java:80) >>>>>> at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invo >>>>>> ke(AuthorizationValve.java:91) >>>>>> at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invo >>>>>> ke(AuthenticationValve.java:60) >>>>>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv >>>>>> ocation(CompositeValve.java:99) >>>>>> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke >>>>>> (CarbonTomcatValve.java:47) >>>>>> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena >>>>>> ntLazyLoaderValve.java:57) >>>>>> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok >>>>>> eValves(TomcatValveContainer.java:47) >>>>>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp >>>>>> ositeValve.java:62) >>>>>> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection >>>>>> Valve.invoke(CarbonStuckThreadDetectionValve.java:159) >>>>>> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa >>>>>> lve.java:962) >>>>>> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. >>>>>> invoke(CarbonContextCreatorValve.java:57) >>>>>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard >>>>>> EngineValve.java:116) >>>>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd >>>>>> apter.java:445) >>>>>> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs >>>>>> tractHttp11Processor.java:1115) >>>>>> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler >>>>>> .process(AbstractProtocol.java:637) >>>>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun >>>>>> (NioEndpoint.java:1775) >>>>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(N >>>>>> ioEndpoint.java:1734) >>>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >>>>>> Executor.java:1142) >>>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >>>>>> lExecutor.java:617) >>>>>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r >>>>>> un(TaskThread.java:61) >>>>>> at java.lang.Thread.run(Thread.java:745) >>>>>> >>>>>> Appreciate your input on this. >>>>>> >>>>>> Thanks, >>>>>> Kanapriya >>>>>> >>>>>> Kanapriya Kuleswararajan >>>>>> Software Engineer >>>>>> Mobile : - 0774894438 <077%20489%204438> >>>>>> Mail : - [email protected] >>>>>> LinkedIn : - https://www.linkedin.com/in/kanapriya-kules-94712685/ >>>>>> WSO2, Inc. >>>>>> lean . enterprise . middleware >>>>>> >>>>>> >>>>>> On Thu, Jan 18, 2018 at 10:31 PM, Malithi Edirisinghe < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi Kanapriya, >>>>>>> >>>>>>> So seems you have dispatched back to the servlet transport. With >>>>>>> this you won't be able to respond back to the federated IdP as the >>>>>>> response >>>>>>> is committed. Instead, follow the approach at [1]. There you wrap >>>>>>> request >>>>>>> and response and directly invoke the Java API, which will return the >>>>>>> request and response handled by the servlet endpoint. Then you can >>>>>>> verify >>>>>>> and respond back to the federated IdP. >>>>>>> >>>>>>> [1] https://github.com/wso2-extensions/identity-inbound-auth >>>>>>> -saml/blob/5.3.x/components/org.wso2.carbon.identity.sso.sam >>>>>>> l/src/main/java/org/wso2/carbon/identity/sso/saml/servlet/SA >>>>>>> MLSSOProviderServlet.java#L1219 >>>>>>> >>>>>>> Thanks, >>>>>>> Malithi. >>>>>>> >>>>>>> On Thu, Jan 18, 2018 at 7:29 PM, Kanapriya Kuleswararajan < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Please find the error log below : >>>>>>>> >>>>>>>> ERROR {org.apache.catalina.core.ApplicationDispatcher} - >>>>>>>> Servlet.service() for servlet bridgeservlet threw exception >>>>>>>> java.lang.StringIndexOutOfBoundsException: String index out of >>>>>>>> range: -1 >>>>>>>> at java.lang.String.substring(String.java:1967) >>>>>>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi >>>>>>>> ce(ProxyServlet.java:70) >>>>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>>>>>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service >>>>>>>> (DelegationServlet.java:68) >>>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>>>> lter(ApplicationFilterChain.java:303) >>>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>>>> licationFilterChain.java:208) >>>>>>>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilte >>>>>>>> r.java:52) >>>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>>>> lter(ApplicationFilterChain.java:241) >>>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>>>> licationFilterChain.java:208) >>>>>>>> at org.apache.catalina.core.ApplicationDispatcher.invoke(Applic >>>>>>>> ationDispatcher.java:743) >>>>>>>> at org.apache.catalina.core.ApplicationDispatcher.processReques >>>>>>>> t(ApplicationDispatcher.java:485) >>>>>>>> at org.apache.catalina.core.ApplicationDispatcher.doForward(App >>>>>>>> licationDispatcher.java:410) >>>>>>>> at org.apache.catalina.core.ApplicationDispatcher.forward(Appli >>>>>>>> cationDispatcher.java:337) >>>>>>>> at org.eclipse.equinox.http.servlet.internal.RequestDispatcherA >>>>>>>> daptor.forward(RequestDispatcherAdaptor.java:30) >>>>>>>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor$Re >>>>>>>> questDispatcherAdaptor.forward(ContextPathServletAdaptor.java:362) >>>>>>>> at org.wso2.carbon.identity.application.authenticator.samlsso.S >>>>>>>> AML2FederatedLogoutRequestHandler.initiateLogRequest(SAML2Fe >>>>>>>> deratedLogoutRequestHandler.java:136) >>>>>>>> at org.wso2.carbon.identity.application.authenticator.samlsso.S >>>>>>>> AML2FederatedLogoutRequestHandler.doPost(SAML2FederatedLogou >>>>>>>> tRequestHandler.java:79) >>>>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:650) >>>>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>>>>>> at org.eclipse.equinox.http.helper.ContextPathServletAdaptor.se >>>>>>>> rvice(ContextPathServletAdaptor.java:37) >>>>>>>> at org.eclipse.equinox.http.servlet.internal.ServletRegistratio >>>>>>>> n.service(ServletRegistration.java:61) >>>>>>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.proce >>>>>>>> ssAlias(ProxyServlet.java:128) >>>>>>>> at org.eclipse.equinox.http.servlet.internal.ProxyServlet.servi >>>>>>>> ce(ProxyServlet.java:60) >>>>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731) >>>>>>>> at org.wso2.carbon.tomcat.ext.servlet.DelegationServlet.service >>>>>>>> (DelegationServlet.java:68) >>>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>>>> lter(ApplicationFilterChain.java:303) >>>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>>>> licationFilterChain.java:208) >>>>>>>> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilte >>>>>>>> r.java:52) >>>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>>>> lter(ApplicationFilterChain.java:241) >>>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>>>> licationFilterChain.java:208) >>>>>>>> at org.owasp.csrfguard.CsrfGuardFilter.doFilter(CsrfGuardFilter >>>>>>>> .java:72) >>>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>>>> lter(ApplicationFilterChain.java:241) >>>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>>>> licationFilterChain.java:208) >>>>>>>> at org.wso2.carbon.tomcat.ext.filter.CharacterSetFilter.doFilte >>>>>>>> r(CharacterSetFilter.java:65) >>>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>>>> lter(ApplicationFilterChain.java:241) >>>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>>>> licationFilterChain.java:208) >>>>>>>> at org.apache.catalina.filters.HttpHeaderSecurityFilter.doFilte >>>>>>>> r(HttpHeaderSecurityFilter.java:124) >>>>>>>> at org.apache.catalina.core.ApplicationFilterChain.internalDoFi >>>>>>>> lter(ApplicationFilterChain.java:241) >>>>>>>> at org.apache.catalina.core.ApplicationFilterChain.doFilter(App >>>>>>>> licationFilterChain.java:208) >>>>>>>> at org.apache.catalina.core.StandardWrapperValve.invoke(Standar >>>>>>>> dWrapperValve.java:219) >>>>>>>> at org.apache.catalina.core.StandardContextValve.invoke(Standar >>>>>>>> dContextValve.java:110) >>>>>>>> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(A >>>>>>>> uthenticatorBase.java:506) >>>>>>>> at org.apache.catalina.core.StandardHostValve.invoke(StandardHo >>>>>>>> stValve.java:169) >>>>>>>> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorRepo >>>>>>>> rtValve.java:103) >>>>>>>> at org.wso2.carbon.identity.context.rewrite.valve.TenantContext >>>>>>>> RewriteValve.invoke(TenantContextRewriteValve.java:80) >>>>>>>> at org.wso2.carbon.identity.authz.valve.AuthorizationValve.invo >>>>>>>> ke(AuthorizationValve.java:91) >>>>>>>> at org.wso2.carbon.identity.auth.valve.AuthenticationValve.invo >>>>>>>> ke(AuthenticationValve.java:60) >>>>>>>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.continueInv >>>>>>>> ocation(CompositeValve.java:99) >>>>>>>> at org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve$1.invoke >>>>>>>> (CarbonTomcatValve.java:47) >>>>>>>> at org.wso2.carbon.webapp.mgt.TenantLazyLoaderValve.invoke(Tena >>>>>>>> ntLazyLoaderValve.java:57) >>>>>>>> at org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer.invok >>>>>>>> eValves(TomcatValveContainer.java:47) >>>>>>>> at org.wso2.carbon.tomcat.ext.valves.CompositeValve.invoke(Comp >>>>>>>> ositeValve.java:62) >>>>>>>> at org.wso2.carbon.tomcat.ext.valves.CarbonStuckThreadDetection >>>>>>>> Valve.invoke(CarbonStuckThreadDetectionValve.java:159) >>>>>>>> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogVa >>>>>>>> lve.java:962) >>>>>>>> at org.wso2.carbon.tomcat.ext.valves.CarbonContextCreatorValve. >>>>>>>> invoke(CarbonContextCreatorValve.java:57) >>>>>>>> at org.apache.catalina.core.StandardEngineValve.invoke(Standard >>>>>>>> EngineValve.java:116) >>>>>>>> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAd >>>>>>>> apter.java:445) >>>>>>>> at org.apache.coyote.http11.AbstractHttp11Processor.process(Abs >>>>>>>> tractHttp11Processor.java:1115) >>>>>>>> at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler >>>>>>>> .process(AbstractProtocol.java:637) >>>>>>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun >>>>>>>> (NioEndpoint.java:1775) >>>>>>>> at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(N >>>>>>>> ioEndpoint.java:1734) >>>>>>>> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPool >>>>>>>> Executor.java:1142) >>>>>>>> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoo >>>>>>>> lExecutor.java:617) >>>>>>>> at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.r >>>>>>>> un(TaskThread.java:61) >>>>>>>> at java.lang.Thread.run(Thread.java:745) >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Kanapriya >>>>>>>> >>>>>>>> Kanapriya Kuleswararajan >>>>>>>> Software Engineer >>>>>>>> Mobile : - 0774894438 <077%20489%204438> >>>>>>>> Mail : - [email protected] >>>>>>>> LinkedIn : - https://www.linkedin.com/in/kanapriya-kules-94712685/ >>>>>>>> WSO2, Inc. >>>>>>>> lean . enterprise . middleware >>>>>>>> >>>>>>>> >>>>>>>> On Thu, Jan 18, 2018 at 7:27 PM, Kanapriya Kuleswararajan < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi All, >>>>>>>>> >>>>>>>>> >>>>>>>>>>> b) - At number 5 in the diagram, i.e. when the logout request is >>>>>>>>>>> received, we wrap the request and response and send over to our >>>>>>>>>>> common-auth servelet. Here before invoking the common-auth >>>>>>>>>>> servelet, we >>>>>>>>>>> will retrieve session Id from the map (using the SAML Session >>>>>>>>>>> Index) and >>>>>>>>>>> set it in the wrapper object. >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Request which forwards to the commonauth endpoint will have a >>>>>>>>>> format similar to following, >>>>>>>>>> >>>>>>>>>> */commonauth?commonAuthLogout=true&type={type}&commonAuthCallerPath={some-url}&relyingParty={sp-name}* >>>>>>>>>> NOTE: Need to verify whether relyingParty parameter is required >>>>>>>>>> or not. >>>>>>>>>> >>>>>>>>>> After logout from the framework, the saml-sso outbound >>>>>>>>>> component will verify the response and will build a valid SAML2 >>>>>>>>>> logout >>>>>>>>>> response and send back to the federated IdP. >>>>>>>>>> >>>>>>>>> >>>>>>>>> I have created a Servlet endpoint [1] to access SAML logout >>>>>>>>> request from FIDP and register this Servlet as service [2]. Here, I >>>>>>>>> get the >>>>>>>>> session id using the session index and set it inside wrapper object >>>>>>>>> and >>>>>>>>> forward that to the commonauth endpoint. When I sent a logout request >>>>>>>>> from >>>>>>>>> FIDP, FIDP is logged out but SP is is not getting logged out even we >>>>>>>>> sent >>>>>>>>> the sessionID to invalidate the session and observe the error [1] at >>>>>>>>> the >>>>>>>>> back end. >>>>>>>>> >>>>>>>>> Is there anything I need to do more than this? >>>>>>>>> >>>>>>>>> [1] https://github.com/Kanapriya/saml-sso-outbound/blob/master/c >>>>>>>>> omponents/org.wso2.carbon.identity.application.authenticator >>>>>>>>> .samlsso/src/main/java/org/wso2/carbon/identity/application/ >>>>>>>>> authenticator/samlsso/SAML2FederatedLogoutRequestHandler.java >>>>>>>>> >>>>>>>>> [2] https://github.com/Kanapriya/saml-sso-outbound/blob/master/c >>>>>>>>> omponents/org.wso2.carbon.identity.application.authenticator >>>>>>>>> .samlsso/src/main/java/org/wso2/carbon/identity/application/ >>>>>>>>> authenticator/samlsso/internal/SAMLSSOAuthenticatorServiceCo >>>>>>>>> mponent.java#L74 >>>>>>>>> >>>>>>>>> Thanks, >>>>>>>>> Kanapriya >>>>>>>>> >>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> @Thanuja and Malithi: Please add anything that I have missed. >>>>>>>>>>> And also appreciate code snippets for above (a) and (b). >>>>>>>>>>> >>>>>>>>>>> After the POC implementation, we will have another review. >>>>>>>>>>> >>>>>>>>>>> thank you, >>>>>>>>>>> Dimuthu >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Dimuthu Leelarathne >>>>>>>>>>> Director, Solutions Architecture >>>>>>>>>>> >>>>>>>>>>> WSO2, Inc. (http://wso2.com) >>>>>>>>>>> email: [email protected] >>>>>>>>>>> Mobile: +94773661935 <+94%2077%20366%201935> >>>>>>>>>>> Blog: http://muthulee.blogspot.com >>>>>>>>>>> >>>>>>>>>>> Lean . Enterprise . Middleware >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> [1] - https://github.com/wso2/carbon-identity-framework/blob/5.1 >>>>>>>>>> 1.x/components/authentication-framework/org.wso2.carbon.iden >>>>>>>>>> tity.application.authentication.framework/src/main/java/org/ >>>>>>>>>> wso2/carbon/identity/application/authentication/framework/ut >>>>>>>>>> il/FrameworkUtils.java#L1258 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> <https://github.com/wso2/carbon-identity-framework/blob/5.11.x/components/authentication-framework/org.wso2.carbon.identity.application.authentication.framework/src/main/java/org/wso2/carbon/identity/application/authentication/framework/util/FrameworkUtils.java#L1258>[2] >>>>>>>>>> - https://github.com/wso2/carbon-identity-framework/blob/5.1 >>>>>>>>>> 1.x/components/authentication-framework/org.wso2.carbon.iden >>>>>>>>>> tity.application.authentication.framework/src/main/java/org/ >>>>>>>>>> wso2/carbon/identity/application/authentication/framework/Au >>>>>>>>>> thenticationDataPublisher.java >>>>>>>>>> >>>>>>>>>> [3] - https://github.com/wso2-extensions/identity-governance/blo >>>>>>>>>> b/master/components/org.wso2.carbon.identity.captcha/src/mai >>>>>>>>>> n/java/org/wso2/carbon/identity/captcha/validator/FailLoginA >>>>>>>>>> ttemptValidator.java >>>>>>>>>> >>>>>>>>>> [4] - https://github.com/wso2/carbon-identity-framework/blob/5.1 >>>>>>>>>> 1.x/components/authentication-framework/org.wso2.carbon.iden >>>>>>>>>> tity.application.authentication.framework/src/main/java/org/ >>>>>>>>>> wso2/carbon/identity/application/authentication/framework/mo >>>>>>>>>> del/CommonAuthRequestWrapper.java >>>>>>>>>> >>>>>>>>>> [5] - https://github.com/wso2/carbon-identity-framework/blob/5.1 >>>>>>>>>> 1.x/components/authentication-framework/org.wso2.carbon.iden >>>>>>>>>> tity.application.authentication.framework/src/main/java/org/ >>>>>>>>>> wso2/carbon/identity/application/authentication/framework/mo >>>>>>>>>> del/CommonAuthResponseWrapper.java >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Thanks, >>>>>>>>>> Thanuja >>>>>>>>>> -- >>>>>>>>>> *Thanuja Lakmal* >>>>>>>>>> Associate Technical Lead >>>>>>>>>> WSO2 Inc. http://wso2.com/ >>>>>>>>>> *lean.enterprise.middleware* >>>>>>>>>> Mobile: +94715979891 >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> *Malithi Edirisinghe* >>>>>>> Associate Technical Lead >>>>>>> WSO2 Inc. >>>>>>> >>>>>>> Mobile : +94 (0) 718176807 >>>>>>> [email protected] >>>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> *Malithi Edirisinghe* >>>>> Associate Technical Lead >>>>> WSO2 Inc. >>>>> >>>>> Mobile : +94 (0) 718176807 >>>>> [email protected] >>>>> >>>> >>>> >>>> >>>> -- >>>> Dimuthu Leelarathne >>>> Director, Solutions Architecture >>>> >>>> WSO2, Inc. (http://wso2.com) >>>> email: [email protected] >>>> Mobile: +94773661935 <+94%2077%20366%201935> >>>> Blog: http://muthulee.blogspot.com >>>> >>>> Lean . Enterprise . Middleware >>>> >>> >>> >> >> >> -- >> Dimuthu Leelarathne >> Director, Solutions Architecture >> >> WSO2, Inc. (http://wso2.com) >> email: [email protected] >> Mobile: +94773661935 <+94%2077%20366%201935> >> Blog: http://muthulee.blogspot.com >> >> Lean . Enterprise . Middleware >> > > -- *Johann Dilantha Nallathamby* Senior Lead Solutions Engineer WSO2, Inc. lean.enterprise.middleware Mobile: *+94 77 7776950* LinkedIn: *http://www.linkedin.com/in/johann-nallathamby <http://www.linkedin.com/in/johann-nallathamby>* Medium: *https://medium.com/@johann_nallathamby <https://medium.com/@johann_nallathamby>* Twitter: *@dj_nallaa*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
