}
}
//Get the sessions from the SessionPersistenceManager and prepare the logout responses
SSOSessionPersistenceManager ssoSessionPersistenceManager = SSOSessionPersistenceManager.getPersistenceManager();
SessionInfoData sessionInfoData = ssoSessionPersistenceManager.getSessionInfo(sessionId);
if (sessionInfoData == null) {
String message = "No Established Sessions corresponding to Session Indexes provided.";
log.error(message);
return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR,
message);
}
subject = sessionInfoData.getSubject();
String issuer = logoutRequest.getIssuer().getValue();
Map<String, SAMLSSOServiceProviderDO> sessionsList = sessionInfoData.getServiceProviderList();
SAMLSSOServiceProviderDO logoutReqIssuer = sessionsList.get(issuer);
// validate the signature, if it is set.
if(logoutReqIssuer.getCertAlias() != null){
boolean isSignatureValid = SAMLSSOUtil.validateAssertionSignature(logoutRequest, logoutReqIssuer.getCertAlias(),
MultitenantUtils.getTenantDomain(subject));
if (!isSignatureValid) {
String message = "The signature contained in the Assertion is not valid.";
log.error(message);
return buildErrorResponse(logoutRequest.getID(), SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR,
message);
}
}
SingleLogoutMessageBuilder logoutMsgBuilder = new SingleLogoutMessageBuilder();
Map<String, String> rpSessionsList = sessionInfoData.getRPSessionsList();
SingleLogoutRequestDTO[] singleLogoutReqDTOs = new SingleLogoutRequestDTO[sessionsList.size()-1];
LogoutRequest logoutReq = logoutMsgBuilder.buildLogoutRequest(subject, sessionId,
SAMLSSOConstants.SingleLogoutCodes.LOGOUT_USER);
String logoutReqString = SAMLSSOUtil.encode(SAMLSSOUtil.marshall(logoutReq));
int index = 0;