This implementation handles the single logout requests from federated IdPs and responds back to the federated IdP. Identity servlet(/identity) is used to receive the logout requests from the federated IdPs.
Implemented a custom inbound authenticator by extending all classes introduced in the new inbound authenticator architecture.
This diagram illustrates the logout request handling process with the new custom inbound authenticator.
When a logout request sent by the federated IdP reaches the identity servlet, it will engage the appropriate inbound authenticator based on its logic (canhandle()) and pass it to the authenticator for protocol-specific tasks.
In the custom inbound authenticator, SAMLIdentityRequestFactory class takes the servlet request and converts the Http request to a common format (instance of SAMLLogoutRequest) and passes it to the SAMLLogoutRequestProcessor for protocol-specific tasks (such as validation). Then it'll call the framworkLogout() in-built method for framework logout and send FrameworkLogoutResponse to the framework. After receiving the response from the framework, SAMLLogoutRequestProcessor builds a SAMLLogoutResponse and sends to the SAMLLogoutResponseFactory. This class converts the common format response to the http response and response will be sent back to the federated IdP.
Description:
Resolves: wso2/product-is#5717
This implementation handles the single logout requests from federated IdPs and responds back to the federated IdP. Identity servlet(/identity) is used to receive the logout requests from the federated IdPs.
Implemented a custom inbound authenticator by extending all classes introduced in the new inbound authenticator architecture.
This diagram illustrates the logout request handling process with the new custom inbound authenticator.
When a logout request sent by the federated IdP reaches the identity servlet, it will engage the appropriate inbound authenticator based on its logic (canhandle()) and pass it to the authenticator for protocol-specific tasks.
In the custom inbound authenticator, SAMLIdentityRequestFactory class takes the servlet request and converts the Http request to a common format (instance of SAMLLogoutRequest) and passes it to the SAMLLogoutRequestProcessor for protocol-specific tasks (such as validation). Then it'll call the framworkLogout() in-built method for framework logout and send FrameworkLogoutResponse to the framework. After receiving the response from the framework, SAMLLogoutRequestProcessor builds a SAMLLogoutResponse and sends to the SAMLLogoutResponseFactory. This class converts the common format response to the http response and response will be sent back to the federated IdP.
Opensaml3 migration for the feature is done.
Added Unit test cases.