Examples with LogoutRequest com.sun.identity.saml2.protocol.LogoutRequest used on opensource projects

Search in sources :

Example 21 with LogoutRequest

use of com.sun.identity.saml2.protocol.LogoutRequest in project OpenAM by OpenRock.

the class LogoutUtil method setNameIDForSLORequest.

public static void setNameIDForSLORequest(LogoutRequest request, NameID nameID, String realm, String hostEntity, String hostEntityRole, String remoteEntity) throws SAML2Exception, SessionException {
    String method = "setNameIDForSLORequest: ";
    boolean needEncryptIt = false;
    if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
        needEncryptIt = SAML2Utils.getWantNameIDEncrypted(realm, remoteEntity, SAML2Constants.SP_ROLE);
    } else {
        needEncryptIt = SAML2Utils.getWantNameIDEncrypted(realm, remoteEntity, SAML2Constants.IDP_ROLE);
    }
    if (needEncryptIt == false) {
        if (debug.messageEnabled()) {
            debug.message(method + "NamID doesn't need to be encrypted.");
        }
        request.setNameID(nameID);
        return;
    }
    EncInfo encryptInfo = null;
    KeyDescriptorType keyDescriptor = null;
    if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
        SPSSODescriptorElement spSSODesc = metaManager.getSPSSODescriptor(realm, remoteEntity);
        keyDescriptor = KeyUtil.getKeyDescriptor(spSSODesc, "encryption");
        encryptInfo = KeyUtil.getEncInfo(spSSODesc, remoteEntity, SAML2Constants.SP_ROLE);
    } else {
        IDPSSODescriptorElement idpSSODesc = metaManager.getIDPSSODescriptor(realm, remoteEntity);
        keyDescriptor = KeyUtil.getKeyDescriptor(idpSSODesc, "encryption");
        encryptInfo = KeyUtil.getEncInfo(idpSSODesc, remoteEntity, SAML2Constants.IDP_ROLE);
    }
    if (debug.messageEnabled()) {
        debug.message(method + "realm is : " + realm);
        debug.message(method + "hostEntity is : " + hostEntity);
        debug.message(method + "Host Entity role is : " + hostEntityRole);
        debug.message(method + "remoteEntity is : " + remoteEntity);
    }
    if (encryptInfo == null) {
        debug.error("NO meta data for encrypt Info.");
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    }
    X509Certificate certificate = KeyUtil.getCert(keyDescriptor);
    PublicKey recipientPublicKey = certificate.getPublicKey();
    EncryptedID encryptedID = nameID.encrypt(recipientPublicKey, encryptInfo.getDataEncAlgorithm(), encryptInfo.getDataEncStrength(), remoteEntity);
    request.setEncryptedID(encryptedID);
}
Also used : EncInfo(com.sun.identity.saml2.key.EncInfo) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) PublicKey(java.security.PublicKey) KeyDescriptorType(com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType) EncryptedID(com.sun.identity.saml2.assertion.EncryptedID) X509Certificate(java.security.cert.X509Certificate) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)

Example 22 with LogoutRequest

use of com.sun.identity.saml2.protocol.LogoutRequest in project OpenAM by OpenRock.

the class LogoutUtil method forwardToRemoteServer.

static LogoutResponse forwardToRemoteServer(LogoutRequest logoutReq, String remoteLogoutURL) {
    if (debug.messageEnabled()) {
        debug.message("LogoutUtil.forwardToRemoteServer: " + "remoteLogoutURL = " + remoteLogoutURL);
    }
    try {
        SOAPMessage resMsg = SOAPCommunicator.getInstance().sendSOAPMessage(logoutReq.toXMLString(true, true), remoteLogoutURL, true);
        // get the LogoutResponse element from SOAP message
        Element respElem = SOAPCommunicator.getInstance().getSamlpElement(resMsg, "LogoutResponse");
        return ProtocolFactory.getInstance().createLogoutResponse(respElem);
    } catch (Exception ex) {
        if (debug.messageEnabled()) {
            debug.message("LogoutUtil.forwardToRemoteServer:", ex);
        }
    }
    return null;
}
Also used : SingleLogoutServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement) SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) Element(org.w3c.dom.Element) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement) SOAPMessage(javax.xml.soap.SOAPMessage) SOAPException(javax.xml.soap.SOAPException) SessionException(com.sun.identity.plugin.session.SessionException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) IOException(java.io.IOException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)

Example 23 with LogoutRequest

use of com.sun.identity.saml2.protocol.LogoutRequest in project OpenAM by OpenRock.

the class LogoutUtil method getLogoutRequestFromPost.

static LogoutRequest getLogoutRequestFromPost(String samlRequest, HttpServletResponse response) throws SAML2Exception {
    if (samlRequest == null) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("missingLogoutRequest"));
    }
    LogoutRequest req = null;
    ByteArrayInputStream bis = null;
    try {
        byte[] raw = Base64.decode(samlRequest);
        if (raw != null) {
            bis = new ByteArrayInputStream(raw);
            Document doc = XMLUtils.toDOMDocument(bis, debug);
            if (doc != null) {
                req = ProtocolFactory.getInstance().createLogoutRequest(doc.getDocumentElement());
            }
        }
    } catch (Exception e) {
        debug.error("LogoutUtil.getLogoutRequestFromPost:", e);
    } finally {
        if (bis != null) {
            try {
                bis.close();
            } catch (Exception ie) {
                if (debug.messageEnabled()) {
                    debug.message("LogoutUtil.getLogoutRequestFromPost:", ie);
                }
            }
        }
    }
    if (req == null) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("errorGettingLogoutRequest"));
    }
    return req;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) ByteArrayInputStream(java.io.ByteArrayInputStream) LogoutRequest(com.sun.identity.saml2.protocol.LogoutRequest) Document(org.w3c.dom.Document) SOAPException(javax.xml.soap.SOAPException) SessionException(com.sun.identity.plugin.session.SessionException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) IOException(java.io.IOException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)

Example 24 with LogoutRequest

use of com.sun.identity.saml2.protocol.LogoutRequest in project OpenAM by OpenRock.

the class LogoutUtil method getNameIDFromSLORequest.

static NameID getNameIDFromSLORequest(LogoutRequest request, String realm, String hostEntity, String hostEntityRole) throws SAML2Exception {
    String method = "getNameIDFromSLORequest: ";
    boolean needDecryptIt = SAML2Utils.getWantNameIDEncrypted(realm, hostEntity, hostEntityRole);
    if (needDecryptIt == false) {
        if (debug.messageEnabled()) {
            debug.message(method + "NamID doesn't need to be decrypted.");
        }
        return request.getNameID();
    }
    if (debug.messageEnabled()) {
        debug.message(method + "realm is : " + realm);
        debug.message(method + "hostEntity is : " + hostEntity);
        debug.message(method + "Host Entity role is : " + hostEntityRole);
    }
    EncryptedID encryptedID = request.getEncryptedID();
    return encryptedID.decrypt(KeyUtil.getDecryptionKeys(realm, hostEntity, hostEntityRole));
}
Also used : EncryptedID(com.sun.identity.saml2.assertion.EncryptedID)

Example 25 with LogoutRequest

use of com.sun.identity.saml2.protocol.LogoutRequest in project OpenAM by OpenRock.

the class LogoutUtil method signSLORequest.

static void signSLORequest(LogoutRequest sloRequest, String realm, String hostEntity, String hostEntityRole, String remoteEntity, boolean includeCert) throws SAML2Exception {
    String method = "signSLORequest : ";
    boolean needRequestSign = false;
    if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
        needRequestSign = SAML2Utils.getWantLogoutRequestSigned(realm, remoteEntity, SAML2Constants.SP_ROLE);
    } else {
        needRequestSign = SAML2Utils.getWantLogoutRequestSigned(realm, remoteEntity, SAML2Constants.IDP_ROLE);
    }
    if (needRequestSign == false) {
        if (debug.messageEnabled()) {
            debug.message(method + "SLORequest doesn't need to be signed.");
        }
        return;
    }
    String alias = SAML2Utils.getSigningCertAlias(realm, hostEntity, hostEntityRole);
    String encryptedKeyPass = SAML2Utils.getSigningCertEncryptedKeyPass(realm, hostEntity, hostEntityRole);
    if (debug.messageEnabled()) {
        debug.message(method + "realm is : " + realm);
        debug.message(method + "hostEntity is : " + hostEntity);
        debug.message(method + "Host Entity role is : " + hostEntityRole);
        debug.message(method + "Cert Alias is : " + alias);
        debug.message(method + "SLO Request before sign : " + sloRequest.toXMLString(true, true));
        if (encryptedKeyPass != null && !encryptedKeyPass.isEmpty()) {
            debug.message(method + "Using provided Cert KeyPass");
        }
    }
    PrivateKey signingKey;
    if (encryptedKeyPass == null || encryptedKeyPass.isEmpty()) {
        signingKey = keyProvider.getPrivateKey(alias);
    } else {
        signingKey = keyProvider.getPrivateKey(alias, encryptedKeyPass);
    }
    X509Certificate signingCert = null;
    if (includeCert) {
        signingCert = keyProvider.getX509Certificate(alias);
    }
    if (signingKey != null) {
        sloRequest.sign(signingKey, signingCert);
    } else {
        debug.error("Incorrect configuration for Signing Certificate.");
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    }
    if (debug.messageEnabled()) {
        debug.message(method + "SLO Request after sign : " + sloRequest.toXMLString(true, true));
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) PrivateKey(java.security.PrivateKey) X509Certificate(java.security.cert.X509Certificate)

Aggregations

SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)23 LogoutRequest (com.sun.identity.saml2.protocol.LogoutRequest)13 List (java.util.List)12 SessionException (com.sun.identity.plugin.session.SessionException)9 IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)9 LogoutResponse (com.sun.identity.saml2.protocol.LogoutResponse)9 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)8 SOAPException (javax.xml.soap.SOAPException)8 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)7 IOException (java.io.IOException)7 ArrayList (java.util.ArrayList)7 SOAPMessage (javax.xml.soap.SOAPMessage)6 Element (org.w3c.dom.Element)6 Issuer (com.sun.identity.saml2.assertion.Issuer)5 SingleLogoutServiceElement (com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement)5 Iterator (java.util.Iterator)5 SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)5 BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)4 HashMap (java.util.HashMap)4 NameID (com.sun.identity.saml2.assertion.NameID)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial