Restructured ColdFusion code. Added single logout code. Both single sign-on

and single logout work.

5 files changed, 170 insertions, 22 deletions

diff --git a/java/coldfusion/src/CFLassoSingleLogout.java b/java/coldfusion/src/CFLassoSingleLogout.java
new file mode 100644
index 00000000..588c97dd
--- /dev/null
+++ b/java/coldfusion/src/CFLassoSingleLogout.java
@@ -0,0 +1,98 @@
+/*
+ * ColdFusionLasso -- ColdFusion bindings for Lasso library
+ *
+ * Copyright (C) 2004 Entr'ouvert
+ * http://lasso.entrouvert.org
+ *
+ * Authors: Emmanuel Raviart <eraviart@entrouvert.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+
+import com.entrouvert.lasso.AuthnRequest;
+import com.entrouvert.lasso.Identity;
+import com.entrouvert.lasso.lassoConstants;
+import com.entrouvert.lasso.lasso;
+import com.entrouvert.lasso.Logout;
+import com.entrouvert.lasso.Server;
+import com.entrouvert.lasso.Session;
+
+
+public class CFLassoSingleLogout {
+    /* A simple service provider single logout */
+
+    protected Logout logout = null;
+    protected Server server = null;
+
+    public String idpProviderId = null;
+
+    public void buildRequestMsg() {
+	logout.buildRequestMsg();
+    }
+
+    public void configure(String metadataPath, String publicKeyPath, String privateKeyPath,
+			  String idpProviderId, String idpMetadataPath, String idpPublicKeyPath) {
+        server = new Server(metadataPath, publicKeyPath, privateKeyPath, null,
+			    lassoConstants.signatureMethodRsaSha1);
+	this.idpProviderId = idpProviderId;
+        server.addProvider(idpMetadataPath, idpPublicKeyPath, null);
+        logout = new Logout(server, lassoConstants.providerTypeSp);
+    }
+
+    public String getIdentityDump() {
+	Identity identity = logout.getIdentity();
+	if (identity != null)
+	    return identity.dump();
+	else
+	    return null;
+    }
+
+    public String getMsgBody() {
+	return logout.getMsgBody();
+    }
+
+    public String getMsgUrl() {
+	return logout.getMsgUrl();
+    }
+
+    public String getNameIdentifier() {
+	return logout.getNameIdentifier();
+    }
+
+    public String getSessionDump() {
+	Session session = logout.getSession();
+	if (session != null)
+	    return session.dump();
+	else
+	    return null;
+    }
+
+    public void initRequest() {
+	logout.initRequest(idpProviderId, lassoConstants.httpMethodAny);
+    }
+
+    public void processResponseMsg(String responseMsg) {
+	logout.processResponseMsg(responseMsg, lassoConstants.httpMethodSoap);
+    }
+
+    public void setIdentityFromDump(String identityDump) {
+	logout.setIdentityFromDump(identityDump);
+    }
+
+    public void setSessionFromDump(String sessionDump) {
+	logout.setSessionFromDump(sessionDump);
+    }
+}
diff --git a/java/coldfusion/src/CFLasso.java b/java/coldfusion/src/CFLassoSingleSignOn.java
index 9233379c..cfcff127 100644
--- a/java/coldfusion/src/CFLasso.java
+++ b/java/coldfusion/src/CFLassoSingleSignOn.java
@@ -26,14 +26,14 @@
  * Simple wrapper for JLasso, to ease its use by ColdFusion applications.
  *
  * To compile it:
- * $ javac -classpath ../../lasso.jar CFLasso.java
+ * $ javac -classpath ../../lasso.jar *.java
  *
  * To test it:
  * $ export LD_LIBRARY_PATH=../../.libs/
- * $ java -classpath ../../lasso.jar:. CFLasso
+ * $ java -classpath ../../lasso.jar:. CFLassoLogin
  *
  * To use it:
- * $ jar cf CFLasso.jar CFLasso.class
+ * $ jar cf CFLasso.jar *.class
  * edit ColdFusion file bin/jvm.config:
  *   - Add libjlasso.so directory to java.library.path variable.
  *   - Add lasso.jar & CFLasso.jar to java.class.path variable.
@@ -48,8 +48,8 @@ import com.entrouvert.lasso.Server;
 import com.entrouvert.lasso.Session;
 
 
-public class CFLasso {
-    /* A simple service provider */
+public class CFLassoSingleSignOn {
+    /* A simple service provider single sign-on */
 
     protected Login login = null;
     protected Server server = null;
@@ -60,9 +60,11 @@ public class CFLasso {
 	login.acceptSso();
     }
 
-    public void assertionConsumer(String queryString) {
-        login = new Login(server);
-	login.initRequest(queryString, lassoConstants.httpMethodRedirect);
+    public void buildAuthnRequestMsg() {
+        login.buildAuthnRequestMsg(idpProviderId);
+    }
+
+    public void buildRequestMsg() {
 	login.buildRequestMsg();
     }
 
@@ -72,6 +74,7 @@ public class CFLasso {
 			    lassoConstants.signatureMethodRsaSha1);
 	this.idpProviderId = idpProviderId;
         server.addProvider(idpMetadataPath, idpPublicKeyPath, null);
+        login = new Login(server);
     }
 
     public String getIdentityDump() {
@@ -106,11 +109,10 @@ public class CFLasso {
 	    return null;
     }
 
-    public String login(String relayState) {
+    public void initAuthnRequest(String relayState) {
 	AuthnRequest authnRequest;
 	String authnRequestUrl;
 
-        login = new Login(server);
         login.initAuthnRequest(lassoConstants.httpMethodRedirect);
 	authnRequest = login.getAuthnRequest();
         authnRequest.setIsPassive(false);
@@ -118,20 +120,23 @@ public class CFLasso {
         authnRequest.setConsent(lassoConstants.libConsentObtained);
 	if (relayState != null)
 	    authnRequest.setRelayState(relayState);
-        login.buildAuthnRequestMsg(idpProviderId);
-        authnRequestUrl = login.getMsgUrl();
-	return authnRequestUrl;
+    }
+
+    public void initRequest(String queryString) {
+	login.initRequest(queryString, lassoConstants.httpMethodRedirect);
     }
 
     static public void main(String [] args) {
-	CFLasso lasso = new CFLasso();
+	CFLassoSingleSignOn lasso = new CFLassoSingleSignOn();
 	lasso.configure("../../../tests/data/sp2-la/metadata.xml",
 			"../../../tests/data/sp2-la/public-key.pem",
 			"../../../tests/data/sp2-la/private-key-raw.pem",
 			"https://idp2/metadata",
 			"../../../tests/data/idp2-la/metadata.xml",
 			"../../../tests/data/idp2-la/public-key.pem");
-	String ssoUrl = lasso.login("data to get back");
+	lasso.initAuthnRequest("data-to-get-back");
+	lasso.buildAuthnRequestMsg();
+	String ssoUrl = lasso.getMsgUrl();
 	System.out.println("Test");
 	System.out.print("Identity provider single sign-on URL = ");
 	System.out.println(ssoUrl);
diff --git a/java/coldfusion/web/assertionConsumer.cfm b/java/coldfusion/web/assertionConsumer.cfm
index 37c2b878..d942318e 100644
--- a/java/coldfusion/web/assertionConsumer.cfm
+++ b/java/coldfusion/web/assertionConsumer.cfm
@@ -10,10 +10,11 @@
     <cfset properties=sys.getProperties()>
     <cfdump var="#properties#">
 -->
-    <cfobject action="create" type="Java" class="CFLasso" name="lasso">
+    <cfobject action="create" type="Java" class="CFLassoSingleSignOn" name="lasso">
     <cfset lasso.init()>
     <cfset lasso.configure("/opt/coldfusionmx/wwwroot/lasso/data/metadata.xml", "/opt/coldfusionmx/wwwroot/lasso/data/public-key-la.pem", "/opt/coldfusionmx/wwwroot/lasso/data/private-key-raw-la.pem", "https://idp2/metadata", "/opt/coldfusionmx/wwwroot/lasso/data/metadata-idp.xml", "/opt/coldfusionmx/wwwroot/lasso/data/idp2-la/public-key.pem")>
-    <cfset lasso.assertionConsumer(#QUERY_STRING#)>
+    <cfset lasso.initRequest(#QUERY_STRING#)>
+    <cfset lasso.buildRequestMsg()>
     <cfset soapUrl=lasso.getMsgUrl()>
     <cfset soapBody=lasso.getMsgBody()>
     <cfset relayState=lasso.getMsgRelayState()>
@@ -30,13 +31,15 @@
     <cfdump var="#cfhttp.fileContent#">
 -->
     <cfset lasso.processResponseMsg(#cfhttp.fileContent#)>
-    <!-- TODO: Retrieve identity dump and session dump in your users and sessions databases. --> 
+    <cfset nameIdentifier=lasso.getNameIdentifier()>
+    <!-- TODO: Retrieve identity dump and session dump in your users and sessions databases,
+         using nameIdentifier to retrieve user and session. --> 
     <!-- cfset lasso.setIdentityFromDump(#identityDump#) -->
     <!-- cfset lasso.setSessionFromDump(#sessionDump#) -->
     <cfset lasso.acceptSso()>
     <cfset identityDump=lasso.getIdentityDump()>
     <cfset sessionDump=lasso.getSessionDump()>
-    <!-- TODO: Store identity dump and session dump into your users and sessions databases.-->
+    <!-- TODO: Store identity dump and session dump into your users and sessions databases. -->
     <cfoutput>
       <p>User is now logged. RelayState = #relayState#</p>
     </cfoutput>
diff --git a/java/coldfusion/web/singleLogout.cfm b/java/coldfusion/web/singleLogout.cfm
new file mode 100644
index 00000000..f7928250
--- /dev/null
+++ b/java/coldfusion/web/singleLogout.cfm
@@ -0,0 +1,40 @@
+<html>
+  <head>
+    <title>Lasso Single Logout</title>
+  </head>
+  <body>
+    <h1>Lasso Single Logout</h1>
+    <cfobject action="create" type="Java" class="CFLassoSingleLogout" name="lasso">
+    <cfset lasso.init()>
+    <cfset lasso.configure("/opt/coldfusionmx/wwwroot/lasso/data/metadata.xml", "/opt/coldfusionmx/wwwroot/lasso/data/public-key-la.pem", "/opt/coldfusionmx/wwwroot/lasso/data/private-key-raw-la.pem", "https://idp2/metadata", "/opt/coldfusionmx/wwwroot/lasso/data/metadata-idp.xml", "/opt/coldfusionmx/wwwroot/lasso/data/idp2-la/public-key.pem")>
+    <!-- TODO: Retrieve identity dump and session dump in your users and sessions databases. --> 
+    <!-- cfset lasso.setIdentityFromDump(#identityDump#) -->
+    <!-- cfset lasso.setSessionFromDump(#sessionDump#) -->
+    <cfset lasso.initRequest()>
+    <cfset lasso.buildRequestMsg()>
+    <cfset soapUrl=lasso.getMsgUrl()>
+    <cfset soapBody=lasso.getMsgBody()>
+<!--
+    <cfdump var="#soapUrl#">
+    <cfdump var="#soapBody#">
+-->
+    <cfhttp method="POST" url="#soapUrl#">
+     <cfhttpparam type="XML" name="body" value="#soapBody#">
+    </cfhttp>
+<!--
+    <cfdump var="#cfhttp.statuscode#">
+    <cfdump var="#cfhttp.header#">
+    <cfdump var="#cfhttp.fileContent#">
+-->
+    <cfset lasso.processResponseMsg(#cfhttp.fileContent#)>
+    <cfset nameIdentifier=lasso.getNameIdentifier()>
+    <cfset identityDump=lasso.getIdentityDump()>
+    <cfset sessionDump=lasso.getSessionDump()>
+    <!-- TODO: Store identity dump in your users database and remove session dump from sessions
+         database. -->
+    <cfoutput>
+      <p>User is now unlogged.</p>
+    </cfoutput>
+  </body>
+</html>
+
diff --git a/java/coldfusion/web/singleSignOn.cfm b/java/coldfusion/web/singleSignOn.cfm
index dbd40644..12a3181f 100644
--- a/java/coldfusion/web/singleSignOn.cfm
+++ b/java/coldfusion/web/singleSignOn.cfm
@@ -9,11 +9,13 @@
     <cfset properties=sys.getProperties()>
     <cfdump var="#properties#">
 -->
-    <cfobject action="create" type="Java" class="CFLasso" name="lasso">
+    <cfobject action="create" type="Java" class="CFLassoSingleSignOn" name="lasso">
     <cfset lasso.init()>
     <cfset lasso.configure("/opt/coldfusionmx/wwwroot/lasso/data/metadata.xml", "/opt/coldfusionmx/wwwroot/lasso/data/public-key-la.pem", "/opt/coldfusionmx/wwwroot/lasso/data/private-key-raw-la.pem", "https://idp2/metadata", "/opt/coldfusionmx/wwwroot/lasso/data/metadata-idp.xml", "/opt/coldfusionmx/wwwroot/lasso/data/idp2-la/public-key.pem")>
-    <cfset ssoUrl=lasso.login("important")>
-    <cfoutput>Identity provider single sing-on URL to redirect to = #ssoUrl#</cfoutput>
+    <cfset lasso.initAuthnRequest("important-string")>
+    <cfset lasso.buildAuthnRequestMsg()>
+    <cfset ssoUrl=lasso.getMsgUrl()>
+    <cfoutput><p>Identity provider single sing-on URL to redirect to = #ssoUrl#</p></cfoutput>
     <cflocation url=#ssoUrl#>
   </body>
 </html>