On Thu, May 19, 2016 at 9:03 AM, Chiranga Alwis <[email protected]> wrote:
> Hi,
>
> I have been working on porting the past AS SAML 2.0 based single-sign-on
> valve to the new AS version.
>
> When refactoring and testing the already ported code, I came across the
> following issue within the invoke() method of the SAML 2.0 SSO Tomcat Valve
> [1].
>
> In the group of if-then and if-then-else statements which handle the SAML
> 2.0 Web Browser SSO and Single-Logout Profiles, I find the following code
> block which the program flow does not seem to enter within simple sign-in
> and logout processes.
>
> if (resolver.isSLORequest()) {
>
> if (log.isDebugEnabled()) {
> log.debug("Processing Single Log Out Request");
> }
> samlSSOManager = new SAML2SSOManager(ssoAgentConfig);
> samlSSOManager.doSLO(request);
>
> } else if (resolver.isSAML2SSOResponse()) {
>
>
> During debugging of the past AS 5.3.0 implementation and my current
> implementation, I have experienced that this block is never executed.
>
As per the offline chat, looks like we don't need this block. So +1 to
remove..
Pls double check if we are covered on the back channel requests.
thanks,
>
> In addition, the implementation of the resolver.isSLORequest() method in
> [2] has changed in latest versions and the carbon-identity version 4.5.6
> (used in AS 5.3.0) possesses an older implementation [3]. I tried adopting
> the new implementation which leads to an error during handling of
> Single-Logout responses from the side of Identity Server.
>
> Are there any scenarios which led to the introduction of the above
> mentioned logic when performing SSO? Any suggestions or ideas are highly
> appreciated.
>
> [1] - SAMLSSOValve.java
> <https://github.com/wso2/carbon-deployment/blob/4.6.x/components/webapp-mgt/org.wso2.carbon.webapp.mgt/src/main/java/org/wso2/carbon/webapp/mgt/sso/SAMLSSOValve.java>
> [2] - SSOAgentRequestResolver.java
> <https://github.com/wso2-extensions/identity-agent-sso/blob/master/components/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentRequestResolver.java>
> [3] - SSOAgentRequestResolver.java
> <https://github.com/wso2/carbon-identity/blob/v4.5.6/components/agents/org.wso2.carbon.identity.sso.agent/src/main/java/org/wso2/carbon/identity/sso/agent/SSOAgentRequestResolver.java>
>
> --
> Chiranga Alwis,
> Software Engineering Intern,
> +94 77 5930497
> +94 77 6368208
>
--
Supun Malinga,
Senior Software Engineer,
WSO2 Inc.
http://wso2.com
email: [email protected] <[email protected]>
mobile: +94 (0)71 56 91 321
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
