* @param nameid name identifier associated with the session(s) to terminate
* @param index index of session, or NULL for all sessions associated with other parameters
* @param application reference to Application that owns the session(s)
- * @return number of sessions removed
+ * @param sessions on exit, contains the IDs of the matching sessions removed
*/
- virtual unsigned int remove(
+ virtual void remove(
const opensaml::saml2md::EntityDescriptor& issuer,
const opensaml::saml2::NameID& nameid,
const char* index,
- const Application& application
+ const Application& application,
+ std::vector<std::string>& sessions
)=0;
#endif
*
* @param key session key
* @param application reference to Application that owns the Session
- * @param client_addr network address of client (if known)
*/
- virtual void remove(const char* key, const Application& application, const char* client_addr)=0;
+ virtual void remove(const char* key, const Application& application)=0;
};
#ifndef SHIBSP_LITE
~RemotedCache();\r
\r
Session* find(const char* key, const Application& application, const char* client_addr=NULL, time_t* timeout=NULL);\r
- void remove(const char* key, const Application& application, const char* client_addr);\r
+ void remove(const char* key, const Application& application);\r
\r
void cleanup();\r
\r
DDFJanitor jin(in);\r
in.structure();\r
in.addmember("key").string(key);\r
+ in.addmember("application_id").string(application.getId());\r
if (timeout && *timeout) {\r
// On 64-bit Windows, time_t doesn't fit in a long, so I'm using ISO timestamps. \r
#ifndef HAVE_GMTIME_R\r
}\r
catch (...) {\r
session->unlock();\r
- remove(key, application, client_addr);\r
+ remove(key, application);\r
throw;\r
}\r
\r
return session;\r
}\r
\r
-void RemotedCache::remove(const char* key, const Application& application, const char* client_addr)\r
+void RemotedCache::remove(const char* key, const Application& application)\r
{\r
// Take care of local copy.\r
dormant(key);\r
in.structure();\r
in.addmember("key").string(key);\r
in.addmember("application_id").string(application.getId());\r
- in.addmember("client_addr").string(client_addr);\r
\r
DDF out = application.getServiceProvider().getListenerService()->send(in);\r
out.destroy();\r
const multimap<string,Attribute*>* attributes=NULL\r
);\r
Session* find(const char* key, const Application& application, const char* client_addr=NULL, time_t* timeout=NULL);\r
- void remove(const char* key, const Application& application, const char* client_addr);\r
- unsigned int remove(\r
- const saml2md::EntityDescriptor& issuer, const saml2::NameID& nameid, const char* index, const Application& application\r
+ void remove(const char* key, const Application& application);\r
+ void remove(\r
+ const saml2md::EntityDescriptor& issuer,\r
+ const saml2::NameID& nameid,\r
+ const char* index,\r
+ const Application& application,\r
+ vector<string>& sessions\r
);\r
\r
Category& m_log;\r
m_log.debug("comparing client address %s against %s", client_addr, obj["client_addr"].string());\r
if (strcmp(obj["client_addr"].string(),client_addr)) {\r
m_log.warn("client address mismatch");\r
- remove(key, application, client_addr);\r
+ remove(key, application);\r
RetryableProfileException ex(\r
"Your IP address ($1) does not match the address recorded at the time the session was established.",\r
params(1,client_addr)\r
\r
if (timeout && *timeout > 0 && now - lastAccess >= *timeout) {\r
m_log.info("session timed out (ID: %s)", key);\r
- remove(key, application, client_addr);\r
+ remove(key, application);\r
RetryableProfileException ex("Your session has expired, and you must re-authenticate.");\r
string eid(obj["entity_id"].string());\r
obj.destroy();\r
iso.parseDateTime();\r
if (now > iso.getEpoch()) {\r
m_log.info("session expired (ID: %s)", key);\r
- remove(key, application, client_addr);\r
+ remove(key, application);\r
RetryableProfileException ex("Your session has expired, and you must re-authenticate.");\r
string eid(obj["entity_id"].string());\r
obj.destroy();\r
}\r
}\r
\r
-void SSCache::remove(const char* key, const Application& application, const char* client_addr)\r
+void SSCache::remove(const char* key, const Application& application)\r
{\r
#ifdef _DEBUG\r
xmltooling::NDC ndc("remove");\r
xlog->log.info("Destroyed session (applicationId: %s) (ID: %s)", application.getId(), key);\r
}\r
\r
-unsigned int SSCache::remove(\r
- const saml2md::EntityDescriptor& issuer, const saml2::NameID& nameid, const char* index, const Application& application\r
+void SSCache::remove(\r
+ const saml2md::EntityDescriptor& issuer,\r
+ const saml2::NameID& nameid,\r
+ const char* index,\r
+ const Application& application,\r
+ vector<string>& sessionsKilled\r
)\r
{\r
#ifdef _DEBUG\r
xmltooling::NDC ndc("remove");\r
#endif\r
\r
- unsigned int count = 0;\r
auto_ptr_char entityID(issuer.getEntityID());\r
auto_ptr_char name(nameid.getName());\r
\r
int ver = m_storage->readText("Logout", name.get(), &record);\r
if (ver == 0) {\r
m_log.debug("no active sessions to remove for supplied issuer and name identifier");\r
- return count;\r
+ return;\r
}\r
\r
DDF obj;\r
if (session->getEntityID() && !strcmp(session->getEntityID(), entityID.get())) {\r
// Same NameID?\r
if (stronglyMatches(issuer.getEntityID(), application.getXMLString("entityID").second, nameid, *session->getNameID())) {\r
- remove(key.string(), application, NULL); // let this throw to detect errors in case logout failed\r
- count++;\r
+ remove(key.string(), application); // let this throw to detect errors in case logout failed\r
+ sessionsKilled.push_back(key.string());\r
key.destroy();\r
}\r
else {\r
}\r
else {\r
// Session's gone, so...\r
+ sessionsKilled.push_back(key.string());\r
key.destroy();\r
}\r
key = sessions.next();\r
catch (exception& ex) {\r
m_log.error("error updating logout mapping record: %s", ex.what());\r
}\r
-\r
- return count;\r
}\r
\r
bool SSCache::stronglyMatches(const XMLCh* idp, const XMLCh* sp, const saml2::NameID& n1, const saml2::NameID& n2) const\r
if (!key)\r
throw ListenerException("Required parameters missing for session removal.");\r
\r
+ const Application* app = SPConfig::getConfig().getServiceProvider()->getApplication(in["application_id"].string());\r
+ if (!app)\r
+ throw ListenerException("Application not found, check configuration?");\r
+\r
// Do an unversioned read.\r
string record;\r
time_t lastAccess;\r
\r
if (timeout > 0 && now - lastAccess >= timeout) {\r
m_log.info("session timed out (ID: %s)", key);\r
- remove(key,*(SPConfig::getConfig().getServiceProvider()->getApplication("default")),NULL);\r
+ remove(key,*app);\r
throw RetryableProfileException("Your session has expired, and you must re-authenticate.");\r
} \r
\r
const char* key=in["key"].string();\r
if (!key)\r
throw ListenerException("Required parameter missing for session removal.");\r
- \r
- remove(key,*(SPConfig::getConfig().getServiceProvider()->getApplication("default")),NULL);\r
+\r
+ const Application* app = SPConfig::getConfig().getServiceProvider()->getApplication(in["application_id"].string());\r
+ if (!app)\r
+ throw ListenerException("Application not found, check configuration?");\r
+\r
+ remove(key,*app);\r
DDF ret(NULL);\r
DDFJanitor jan(ret);\r
out << ret;\r