[Dev] SAML 2.0 Single Logout Profile Response handling for AS 6.0.0

Thu, 19 May 2016 06:13:09 -0700 

Hi,

I have been working on porting the past AS SAML 2.0 based single-sign-on
valve to the new AS version.

When refactoring and testing the already ported code, I came across the
following issue within the invoke() method of the SAML 2.0 SSO Tomcat Valve
[1].

In the group of if-then and if-then-else statements which handle the SAML
2.0 Web Browser SSO and Single-Logout Profiles, I find the following code
block which the program flow does not seem to enter within simple sign-in
and logout processes.

if (resolver.isSLORequest()) {

    if (log.isDebugEnabled()) {
        log.debug("Processing Single Log Out Request");
    }
    samlSSOManager = new SAML2SSOManager(ssoAgentConfig);
    samlSSOManager.doSLO(request);

} else if (resolver.isSAML2SSOResponse()) {


During debugging of the past AS 5.3.0 implementation and my current
implementation, I have experienced that this block is never executed.

In addition, the implementation of the resolver.isSLORequest() method in
[2] has changed in latest versions and the carbon-identity version 4.5.6
(used in AS 5.3.0) possesses an older implementation [3]. I tried adopting
the new implementation which leads to an error during handling of
Single-Logout responses from the side of Identity Server.

Are there any scenarios which led to the introduction of the above
mentioned logic when performing SSO? Any suggestions or ideas are highly
appreciated.

[1] - SAMLSSOValve.java
<https://github.com/wso2/carbon-deployment/blob/4.6.x/components/webapp-mgt/org.wso2.carbon.webapp.mgt/src/main/java/org/wso2/carbon/webapp/mgt/sso/SAMLSSOValve.java>
[2] - SSOAgentRequestResolver.java
<https://github.com/wso2-extensions/identity-agent-sso/blob/master/components/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentRequestResolver.java>
[3] - SSOAgentRequestResolver.java
<https://github.com/wso2/carbon-identity/blob/v4.5.6/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentRequestResolver.java>

-- 
Chiranga Alwis,
Software Engineering Intern,
+94 77 5930497
+94 77 6368208

_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to