CarbonSSOSessionManager (WSO2 Carbon

java.lang.Object
- org.wso2.carbon.ui.CarbonSSOSessionManager

```
public class CarbonSSOSessionManager
extends Object
```
This class is used to maintain a mapping between the session indexes of the SSO Identity Provider end and the relying party end. When a user is authenticated and logged-in using SSO, an entry is added to the validSessionMap where Idp-session-index --> RP-Session-id. When he logs out from either of SSO relying party, a SAML2 LogoutRequest is sent to all the relying party service providers who have established sessions with the Identity Provider at that moment. When a relying party receives a logout request, it should validate the request and extract the IdP session index from the request. Then it should identify the sessionId of the corresponding user which represents the session established at the relying party end. Then it removes that session from the validSessionMap and includes it to the invalidSessionsMap. So when a user tries to do some activity thereafter he should be logged-out from the system. This class maintains two maps to maintain valid sessions and invalid sessions. This class is implemented as a singleton because there should be only one SSOSessionManager per instance.

Method Summary

Methods
Modifier and Type	Method and Description
`void`	`addSessionMapping(String idPSessionIndex, String localSessionId)` Add a new session mapping : IdpSessionIndex --> localSessionId
`static CarbonSSOSessionManager`	`getInstance()` Get the CarbonSSOSessionManager instance.
`String`	`getRequestedUrl(javax.servlet.http.HttpServletRequest request, CarbonUIAuthenticator uiAuthenticator)`
`boolean`	`isSessionValid(String localSessionId)` Check whether a particular session is valid.
`void`	`makeSessionInvalid(String idPSessionIndex)` make a session invalid after receiving the single logout request from the identity provider
`void`	`removeInvalidSession(String localSessionId)` Remove invalid session from the invalid session map.
`boolean`	`skipAuthentication(javax.servlet.http.HttpServletRequest request)` Skips authentication for given URI's.
`boolean`	`skipSSOSessionInvalidation(javax.servlet.http.HttpServletRequest request, CarbonUIAuthenticator uiAuthenticator)` This method checks whether the request is for a SSO authentication related page or servlet.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Method Detail
  - getInstance
```
public static CarbonSSOSessionManager getInstance()
```
    Get the CarbonSSOSessionManager instance.
    
    Returns:
    CarbonSSOSessionManager instance
  - addSessionMapping
```
public void addSessionMapping(String idPSessionIndex,
                     String localSessionId)
```
    Add a new session mapping : IdpSessionIndex --> localSessionId
    
    Parameters:
    idPSessionIndex - session index sent along in the SAML Response
    localSessionId - id of the current session established locally.
  - makeSessionInvalid
```
public void makeSessionInvalid(String idPSessionIndex)
```
    make a session invalid after receiving the single logout request from the identity provider
    
    Parameters:
    idPSessionIndex - session index established at the identity provider's end
  - isSessionValid
```
public boolean isSessionValid(String localSessionId)
```
    Check whether a particular session is valid.
    
    Parameters:
    localSessionId - session id established locally
    
    Returns:
    true, if the session is valid, false otherwise
  - removeInvalidSession
```
public void removeInvalidSession(String localSessionId)
```
    Remove invalid session from the invalid session map. This needs to be done before completing the sign out.
    
    Parameters:
    localSessionId - SessionId established locally
  - skipSSOSessionInvalidation
```
public boolean skipSSOSessionInvalidation(javax.servlet.http.HttpServletRequest request,
                                 CarbonUIAuthenticator uiAuthenticator)
```
    This method checks whether the request is for a SSO authentication related page or servlet. If it is so, the session invalidation should be skipped.
    
    Parameters:
    request - Request, HTTPServletRequest
    
    Returns:
    true, if session invalidation should be skipped.
  - skipAuthentication
```
public boolean skipAuthentication(javax.servlet.http.HttpServletRequest request)
```
    Skips authentication for given URI's.
    
    Parameters:
    request - The request to access a page.
    
    Returns:
    true if request doesnt need to authenticate, else false.
  - getRequestedUrl
```
public String getRequestedUrl(javax.servlet.http.HttpServletRequest request,
                     CarbonUIAuthenticator uiAuthenticator)
```
    Parameters:
    request -
    
    Returns:

Class CarbonSSOSessionManager

Method Summary

Methods inherited from class java.lang.Object

Method Detail

getInstance

addSessionMapping

makeSessionInvalid

isSessionValid

removeInvalidSession

skipSSOSessionInvalidation

skipAuthentication

getRequestedUrl