From dc74f815450a82cba7bf06b9407259066b775469 Mon Sep 17 00:00:00 2001 From: Scott Cantor Date: Thu, 9 Aug 2007 17:57:32 +0000 Subject: [PATCH] Logging category cleanup. Clear session cookie during logout. --- shibsp/handler/LogoutHandler.h | 24 ++++++++++++------------ shibsp/handler/impl/ChainingLogoutInitiator.cpp | 2 +- shibsp/handler/impl/ChainingSessionInitiator.cpp | 2 +- shibsp/handler/impl/LocalLogoutInitiator.cpp | 6 +++++- shibsp/handler/impl/SAML2Logout.cpp | 14 +++++++++++++- shibsp/handler/impl/SAML2LogoutInitiator.cpp | 6 +++++- shibsp/handler/impl/SAML2SessionInitiator.cpp | 2 +- shibsp/handler/impl/SAMLDSSessionInitiator.cpp | 2 +- shibsp/handler/impl/Shib1SessionInitiator.cpp | 2 +- shibsp/handler/impl/WAYFSessionInitiator.cpp | 2 +- 10 files changed, 41 insertions(+), 21 deletions(-) diff --git a/shibsp/handler/LogoutHandler.h b/shibsp/handler/LogoutHandler.h index 8c79666..8246aae 100644 --- a/shibsp/handler/LogoutHandler.h +++ b/shibsp/handler/LogoutHandler.h @@ -94,18 +94,6 @@ namespace shibsp { ) const; /** - * Sends a response template to the user agent informing it of the results of a logout attempt. - * - * @param application the Application to use in determining the logout template - * @param response the HTTP response to use - * @param local true iff the logout operation was local to the SP, false iff global - * @param status optional logoutStatus key value to add to template - */ - std::pair sendLogoutPage( - const Application& application, xmltooling::HTTPResponse& response, bool local=true, const char* status=NULL - ) const; - - /** * Perform back-channel logout notifications for an Application. * * @param application the Application to notify @@ -117,6 +105,18 @@ namespace shibsp { bool notifyBackChannel( const Application& application, const char* requestURL, const std::vector& sessions, bool local ) const; + + /** + * Sends a response template to the user agent informing it of the results of a logout attempt. + * + * @param application the Application to use in determining the logout template + * @param response the HTTP response to use + * @param local true iff the logout operation was local to the SP, false iff global + * @param status optional logoutStatus key value to add to template + */ + std::pair sendLogoutPage( + const Application& application, xmltooling::HTTPResponse& response, bool local=true, const char* status=NULL + ) const; }; #if defined (_MSC_VER) diff --git a/shibsp/handler/impl/ChainingLogoutInitiator.cpp b/shibsp/handler/impl/ChainingLogoutInitiator.cpp index c81fdfa..0632262 100644 --- a/shibsp/handler/impl/ChainingLogoutInitiator.cpp +++ b/shibsp/handler/impl/ChainingLogoutInitiator.cpp @@ -80,7 +80,7 @@ namespace shibsp { }; ChainingLogoutInitiator::ChainingLogoutInitiator(const DOMElement* e, const char* appId) - : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".LogoutInitiator"), &g_LINFilter) + : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".LogoutInitiator.Chaining"), &g_LINFilter) { SPConfig& conf = SPConfig::getConfig(); diff --git a/shibsp/handler/impl/ChainingSessionInitiator.cpp b/shibsp/handler/impl/ChainingSessionInitiator.cpp index 803e776..951d790 100644 --- a/shibsp/handler/impl/ChainingSessionInitiator.cpp +++ b/shibsp/handler/impl/ChainingSessionInitiator.cpp @@ -80,7 +80,7 @@ namespace shibsp { }; ChainingSessionInitiator::ChainingSessionInitiator(const DOMElement* e, const char* appId) - : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator"), &g_SINFilter) + : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator.Chaining"), &g_SINFilter) { SPConfig& conf = SPConfig::getConfig(); diff --git a/shibsp/handler/impl/LocalLogoutInitiator.cpp b/shibsp/handler/impl/LocalLogoutInitiator.cpp index e048f0b..e541784 100644 --- a/shibsp/handler/impl/LocalLogoutInitiator.cpp +++ b/shibsp/handler/impl/LocalLogoutInitiator.cpp @@ -62,7 +62,7 @@ namespace shibsp { }; LocalLogoutInitiator::LocalLogoutInitiator(const DOMElement* e, const char* appId) - : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".LogoutInitiator")), m_appId(appId) + : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".LogoutInitiator.Local")), m_appId(appId) { pair loc = getString("Location"); if (loc.first) { @@ -102,6 +102,10 @@ pair LocalLogoutInitiator::run(SPRequest& request, bool isHandler) co return sendLogoutPage(request.getApplication(), request, true, "Partial logout failure."); } request.getServiceProvider().getSessionCache()->remove(session_id, request.getApplication()); + + // Clear the cookie. + pair shib_cookie=request.getApplication().getCookieNameProps("_shibsession_"); + request.setCookie(shib_cookie.first.c_str(), shib_cookie.second); } return sendLogoutPage(request.getApplication(), request, true, "Logout was successful."); diff --git a/shibsp/handler/impl/SAML2Logout.cpp b/shibsp/handler/impl/SAML2Logout.cpp index 0240946..3f863c6 100644 --- a/shibsp/handler/impl/SAML2Logout.cpp +++ b/shibsp/handler/impl/SAML2Logout.cpp @@ -242,8 +242,12 @@ pair SAML2Logout::doRequest( // This is returning from a front-channel notification, so we have to do the back-channel and then // respond. To do that, we need state from the original request. if (!request.getParameter("entityID")) { - if (session_id) + if (session_id) { cache->remove(session_id, application); + // Clear the cookie. + pair shib_cookie=application.getCookieNameProps("_shibsession_"); + response.setCookie(shib_cookie.first.c_str(), shib_cookie.second); + } throw FatalProfileException("Application notification loop did not return entityID for LogoutResponse."); } @@ -259,6 +263,10 @@ pair SAML2Logout::doRequest( catch (exception& ex) { m_log.error("error removing session (%s): %s", session_id, ex.what()); } + + // Clear the cookie. + pair shib_cookie=application.getCookieNameProps("_shibsession_"); + response.setCookie(shib_cookie.first.c_str(), shib_cookie.second); } else { worked1 = worked2 = true; @@ -461,6 +469,10 @@ pair SAML2Logout::doRequest( catch (exception& ex) { m_log.error("error removing active session (%s): %s", session_id, ex.what()); } + + // Clear the cookie. + pair shib_cookie=application.getCookieNameProps("_shibsession_"); + response.setCookie(shib_cookie.first.c_str(), shib_cookie.second); } return sendResponse( diff --git a/shibsp/handler/impl/SAML2LogoutInitiator.cpp b/shibsp/handler/impl/SAML2LogoutInitiator.cpp index 527ae3d..ceedd99 100644 --- a/shibsp/handler/impl/SAML2LogoutInitiator.cpp +++ b/shibsp/handler/impl/SAML2LogoutInitiator.cpp @@ -98,7 +98,7 @@ namespace shibsp { }; SAML2LogoutInitiator::SAML2LogoutInitiator(const DOMElement* e, const char* appId) - : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".LogoutInitiator")), m_appId(appId), + : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".LogoutInitiator.SAML2")), m_appId(appId), #ifndef SHIBSP_LITE m_outgoing(NULL), #endif @@ -270,6 +270,10 @@ pair SAML2LogoutInitiator::doRequest( return sendLogoutPage(application, response, true, "Partial logout failure."); } + // Clear the cookie. + pair shib_cookie=application.getCookieNameProps("_shibsession_"); + response.setCookie(shib_cookie.first.c_str(), shib_cookie.second); + #ifndef SHIBSP_LITE pair ret = make_pair(false,0); try { diff --git a/shibsp/handler/impl/SAML2SessionInitiator.cpp b/shibsp/handler/impl/SAML2SessionInitiator.cpp index 0992d4d..baa27cf 100644 --- a/shibsp/handler/impl/SAML2SessionInitiator.cpp +++ b/shibsp/handler/impl/SAML2SessionInitiator.cpp @@ -107,7 +107,7 @@ namespace shibsp { }; SAML2SessionInitiator::SAML2SessionInitiator(const DOMElement* e, const char* appId) - : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator")), m_appId(appId) + : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator.SAML2")), m_appId(appId) { #ifndef SHIBSP_LITE m_outgoing=NULL; diff --git a/shibsp/handler/impl/SAMLDSSessionInitiator.cpp b/shibsp/handler/impl/SAMLDSSessionInitiator.cpp index 42614f1..3d95f22 100644 --- a/shibsp/handler/impl/SAMLDSSessionInitiator.cpp +++ b/shibsp/handler/impl/SAMLDSSessionInitiator.cpp @@ -46,7 +46,7 @@ namespace shibsp { { public: SAMLDSSessionInitiator(const DOMElement* e, const char* appId) - : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator")), m_url(NULL), m_returnParam(NULL) { + : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator.SAMLDS")), m_url(NULL), m_returnParam(NULL) { pair url = getString("URL"); if (!url.first) throw ConfigurationException("SAMLDS SessionInitiator requires a URL property."); diff --git a/shibsp/handler/impl/Shib1SessionInitiator.cpp b/shibsp/handler/impl/Shib1SessionInitiator.cpp index e7564e9..6e122fb 100644 --- a/shibsp/handler/impl/Shib1SessionInitiator.cpp +++ b/shibsp/handler/impl/Shib1SessionInitiator.cpp @@ -54,7 +54,7 @@ namespace shibsp { { public: Shib1SessionInitiator(const DOMElement* e, const char* appId) - : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator")), m_appId(appId) { + : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator.Shib1")), m_appId(appId) { // If Location isn't set, defer address registration until the setParent call. pair loc = getString("Location"); if (loc.first) { diff --git a/shibsp/handler/impl/WAYFSessionInitiator.cpp b/shibsp/handler/impl/WAYFSessionInitiator.cpp index 03f0ea2..49f1242 100644 --- a/shibsp/handler/impl/WAYFSessionInitiator.cpp +++ b/shibsp/handler/impl/WAYFSessionInitiator.cpp @@ -47,7 +47,7 @@ namespace shibsp { { public: WAYFSessionInitiator(const DOMElement* e, const char* appId) - : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator")), m_url(NULL) { + : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".SessionInitiator.WAYF")), m_url(NULL) { pair url = getString("URL"); if (!url.first) throw ConfigurationException("WAYF SessionInitiator requires a URL property."); -- 2.1.4