Search in sources :

Example 1 with SingleLogoutServiceElement

use of com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement in project OpenAM by OpenRock.

the class ValidateSAML2 method getSPBaseURL.

private String getSPBaseURL(List sloServiceList) {
    String url = null;
    if ((sloServiceList != null) && !sloServiceList.isEmpty()) {
        for (Iterator i = sloServiceList.iterator(); i.hasNext() && (url == null); ) {
            SingleLogoutServiceElement sso = (SingleLogoutServiceElement) i.next();
            if ((sso != null) && (sso.getBinding() != null)) {
                String ssoURL = sso.getLocation();
                int loc = ssoURL.indexOf("/metaAlias/");
                if (loc != -1) {
                    String tmp = ssoURL.substring(0, loc);
                    loc = tmp.lastIndexOf("/");
                    url = tmp.substring(0, loc);
                }
            }
        }
    }
    return url;
}
Also used : SingleLogoutServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement) Iterator(java.util.Iterator)

Example 2 with SingleLogoutServiceElement

use of com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement in project OpenAM by OpenRock.

the class IDPSingleLogout method sendAlreadyLogedOutResp.

/**
     * Generates a new Logout Response with Success Status saying that the user has already logged out.
     *
     * @param response The Servlet response.
     * @param logoutReq The SAML 2.0 Logout Request.
     * @param relayState The original relay state that came with the request.
     * @param realm The realm where the hosted entity has been defined.
     * @param idpEntityID The entity id of the hosted IdP.
     * @param spEntityID The entity id of the remote SP.
     * @param binding The binding that the IdP should reply with to the SP.
     *
     * @throws SAML2Exception If there was a problem while constructing/sending the Logout Response.
     */
private static void sendAlreadyLogedOutResp(HttpServletResponse response, HttpServletRequest request, LogoutRequest logoutReq, String relayState, String realm, String idpEntityID, String spEntityID, String binding) throws SAML2Exception {
    String classMethod = "IDPSingleLogout.sendAlreadyLogedOutResp";
    debug.message(classMethod + "No session in the IdP. " + "We are already logged out. Generating success logout");
    LogoutResponse logRes = LogoutUtil.generateResponse(ALREADY_LOGGEDOUT, logoutReq.getID(), SAML2Utils.createIssuer(idpEntityID), realm, SAML2Constants.IDP_ROLE, logoutReq.getIssuer().getSPProvidedID());
    SingleLogoutServiceElement endpoint = getLogoutResponseEndpoint(realm, spEntityID, binding);
    binding = endpoint.getBinding();
    String location = getResponseLocation(endpoint);
    debug.message(classMethod + "Location found: " + location + " for binding " + binding);
    logRes.setDestination(XMLUtils.escapeSpecialCharacters(location));
    LogoutUtil.sendSLOResponse(response, request, logRes, location, relayState, realm, idpEntityID, SAML2Constants.IDP_ROLE, spEntityID, binding);
}
Also used : LogoutResponse(com.sun.identity.saml2.protocol.LogoutResponse) SingleLogoutServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement)

Example 3 with SingleLogoutServiceElement

use of com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement in project OpenAM by OpenRock.

the class LogoutUtil method getSLOBindingInfo.

/**
     * Returns binding information of SLO Service for remote entity 
     * from request or meta configuration.
     *
     * @param request the HttpServletRequest.
     * @param metaAlias entityID of hosted entity.
     * @param hostEntityRole Role of hosted entity.
     * @param remoteEntityID entityID of remote entity.
     * @return return true if the processing is successful.
     * @throws SAML2Exception if no binding information is configured.
     */
public static String getSLOBindingInfo(HttpServletRequest request, String metaAlias, String hostEntityRole, String remoteEntityID) throws SAML2Exception {
    String binding = request.getParameter(SAML2Constants.BINDING);
    try {
        if (binding == null) {
            String realm = SAML2MetaUtils.getRealmByMetaAlias(metaAlias);
            SingleLogoutServiceElement sloService = getSLOServiceElement(realm, remoteEntityID, hostEntityRole, null);
            if (sloService != null) {
                binding = sloService.getBinding();
            }
        }
    } catch (SessionException e) {
        debug.error("Invalid SSOToken", e);
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    }
    if (binding == null) {
        debug.error("Incorrect configuration for SingleLogout Service.");
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    }
    return binding;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SingleLogoutServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement) SessionException(com.sun.identity.plugin.session.SessionException)

Example 4 with SingleLogoutServiceElement

use of com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement in project OpenAM by OpenRock.

the class LogoutUtil method getSPSLOConfig.

/**
     * Returns first SingleLogout configuration in an entity under
     * the realm.
     * @param realm The realm under which the entity resides.
     * @param entityId ID of the entity to be retrieved.
     * @param binding bind type need to has to be matched.
     * @return <code>SingleLogoutServiceElement</code> for the entity or null
     * @throws SAML2MetaException if unable to retrieve the first identity
     *                            provider's SSO configuration.
     * @throws SessionException invalid or expired single-sign-on session
     */
public static SingleLogoutServiceElement getSPSLOConfig(String realm, String entityId, String binding) throws SAML2MetaException, SessionException {
    SingleLogoutServiceElement slo = null;
    SPSSODescriptorElement spSSODesc = metaManager.getSPSSODescriptor(realm, entityId);
    if (spSSODesc == null) {
        return null;
    }
    List list = spSSODesc.getSingleLogoutService();
    if ((list != null) && !list.isEmpty()) {
        if (binding == null) {
            return (SingleLogoutServiceElement) list.get(0);
        }
        Iterator it = list.iterator();
        while (it.hasNext()) {
            slo = (SingleLogoutServiceElement) it.next();
            if (binding.equalsIgnoreCase(slo.getBinding())) {
                break;
            }
        }
    }
    return slo;
}
Also used : SingleLogoutServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement) SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) Iterator(java.util.Iterator) List(java.util.List) ArrayList(java.util.ArrayList)

Example 5 with SingleLogoutServiceElement

use of com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement in project OpenAM by OpenRock.

the class LogoutUtil method getSLOResponseServiceLocation.

/**
     * Gets Single Logout Response Service location URL.
     *
     * @param sloList list of configured <code>SingleLogoutElement</code>.
     * @param desiredBinding desired binding of SingleLogout.
     * @return url of desiredBinding.
     */
public static String getSLOResponseServiceLocation(List sloList, String desiredBinding) {
    String classMethod = "LogoutUtil.getSLOResponseServiceLocation: ";
    int n = sloList.size();
    if (debug.messageEnabled()) {
        debug.message(classMethod + "Number of single logout services = " + n);
    }
    SingleLogoutServiceElement slos = null;
    String resLocation = null;
    String binding = null;
    for (int i = 0; i < n; i++) {
        slos = (SingleLogoutServiceElement) sloList.get(i);
        if (slos != null) {
            binding = slos.getBinding();
        }
        if (debug.messageEnabled()) {
            debug.message(classMethod + "Single logout service binding = " + binding);
        }
        if ((binding != null) && (binding.equals(desiredBinding))) {
            resLocation = slos.getResponseLocation();
            if (debug.messageEnabled()) {
                debug.message(classMethod + "Found the single logout service " + "with the desired binding");
            }
            break;
        }
    }
    return resLocation;
}
Also used : SingleLogoutServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement)

Aggregations

SingleLogoutServiceElement (com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement)25 ArrayList (java.util.ArrayList)9 List (java.util.List)8 SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)7 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)6 HashMap (java.util.HashMap)6 SessionException (com.sun.identity.plugin.session.SessionException)5 SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)5 IOException (java.io.IOException)4 HashSet (java.util.HashSet)4 Iterator (java.util.Iterator)4 Map (java.util.Map)4 Set (java.util.Set)4 SPSSOConfigElement (com.sun.identity.saml2.jaxb.entityconfig.SPSSOConfigElement)3 IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)3 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)3 LogoutResponse (com.sun.identity.saml2.protocol.LogoutResponse)3 AMConsoleException (com.sun.identity.console.base.model.AMConsoleException)2 SingleLogoutManager (com.sun.identity.multiprotocol.SingleLogoutManager)2 SessionProvider (com.sun.identity.plugin.session.SessionProvider)2