Example 26 with LogoutRequest
use of com.sun.identity.saml2.protocol.LogoutRequest in project OpenAM by OpenRock.
the class SPSingleLogoutServiceSOAP method onMessage.
/**
* Process the incoming SOAP message containing the LogoutRequest and
* generates outgoing SOAP message containing the LogoutResponse on SP side.
* @param message incoming SOAP message.
* @param request HTTP servlet request.
* @param response HTTP servlet response.
* @param realm realm of the hosted SP.
* @param spEntityID Entity ID of the hosted SP.
* @return SOAP message containing the outgoing LogoutResponse.
*/
public SOAPMessage onMessage(SOAPMessage message, HttpServletRequest request, HttpServletResponse response, String realm, String spEntityID) {
SAML2Utils.debug.message("SPSLOServiceSOAP.onMessage: starting");
LogoutRequest logoutReq = null;
String tmpStr = request.getParameter("isLBReq");
boolean isLBReq = (tmpStr == null || !tmpStr.equals("false"));
try {
Element reqElem = SOAPCommunicator.getInstance().getSamlpElement(message, "LogoutRequest");
logoutReq = ProtocolFactory.getInstance().createLogoutRequest(reqElem);
// delay the signature validation until it finds the session
} catch (SAML2Exception se) {
SAML2Utils.debug.error("SPSingleLogoutServiceSOAP.onMessage: " + "unable to get LogoutRequest from message", se);
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "errorLogoutRequest", se.getMessage());
}
if (logoutReq == null) {
SAML2Utils.debug.error("SPSLOServiceSOAP.onMessage: null request");
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.CLIENT_FAULT, "nullLogoutRequest", null);
}
// process LogoutRequestElement
LogoutResponse loRes = SPSingleLogout.processLogoutRequest(logoutReq, spEntityID, realm, request, response, isLBReq, SAML2Constants.SOAP, false);
if (loRes == null) {
SAML2Utils.debug.error("SPSLOSOAP.onMessage: null LogoutResponse");
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "errorLogoutResponse", null);
}
SOAPMessage msg = null;
try {
LogoutUtil.signSLOResponse(loRes, realm, spEntityID, SAML2Constants.SP_ROLE, logoutReq.getIssuer().getValue());
msg = SOAPCommunicator.getInstance().createSOAPMessage(loRes.toXMLString(true, true), false);
} catch (SAML2Exception se) {
SAML2Utils.debug.error("SPSingleLogoutServiceSOAP.onMessage: " + "Unable to create SOAP message:", se);
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "errorLogoutResponseSOAP", se.getMessage());
} catch (SOAPException ex) {
SAML2Utils.debug.error("SPSingleLogoutServiceSOAP.onMessage: " + "Unable to create SOAP message:", ex);
return SOAPCommunicator.getInstance().createSOAPFault(SAML2Constants.SERVER_FAULT, "errorLogoutResponseSOAP", ex.getMessage());
}
return msg;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
LogoutResponse(com.sun.identity.saml2.protocol.LogoutResponse)
Element(org.w3c.dom.Element)
SOAPException(javax.xml.soap.SOAPException)
LogoutRequest(com.sun.identity.saml2.protocol.LogoutRequest)
SOAPMessage(javax.xml.soap.SOAPMessage)
Example 27 with LogoutRequest
use of com.sun.identity.saml2.protocol.LogoutRequest in project OpenAM by OpenRock.
the class SAML2PostAuthenticationPlugin method createLogoutRequest.
private LogoutRequest createLogoutRequest(String metaAlias, String realm, String idpEntityId, EndpointType logoutEndpoint, NameID nameId, String sessionIndex) throws SAML2Exception, SessionException {
// generate unique request ID
final String requestID = SAML2Utils.generateID();
if ((requestID == null) || (requestID.length() == 0)) {
DEBUG.warning("SAML2 PAP :: Unable to perform single logout, unable to generate request ID - {}", SAML2Utils.bundle.getString("cannotGenerateID"));
throw new SAML2Exception(SAML2Utils.BUNDLE_NAME, "cannotGenerateID", new Object[0]);
}
final String spEntityID = META_MANAGER.getEntityByMetaAlias(metaAlias);
final Issuer issuer = SAML2Utils.createIssuer(spEntityID);
final LogoutRequest logoutReq = ProtocolFactory.getInstance().createLogoutRequest();
logoutReq.setID(requestID);
logoutReq.setVersion(SAML2Constants.VERSION_2_0);
logoutReq.setIssueInstant(new Date());
logoutReq.setIssuer(issuer);
if (sessionIndex != null) {
logoutReq.setSessionIndex(Collections.singletonList(sessionIndex));
}
String location = logoutEndpoint.getLocation();
logoutReq.setDestination(XMLUtils.escapeSpecialCharacters(location));
LogoutUtil.setNameIDForSLORequest(logoutReq, nameId, realm, spEntityID, SAML2Constants.SP_ROLE, idpEntityId);
return logoutReq;
}
Also used :
SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)
Issuer(com.sun.identity.saml2.assertion.Issuer)
LogoutRequest(com.sun.identity.saml2.protocol.LogoutRequest)
Date(java.util.Date)
Aggregations
SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)23
LogoutRequest (com.sun.identity.saml2.protocol.LogoutRequest)13
List (java.util.List)12
SessionException (com.sun.identity.plugin.session.SessionException)9
IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)9
LogoutResponse (com.sun.identity.saml2.protocol.LogoutResponse)9
SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)8
SOAPException (javax.xml.soap.SOAPException)8
SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)7
IOException (java.io.IOException)7
ArrayList (java.util.ArrayList)7
SOAPMessage (javax.xml.soap.SOAPMessage)6
Element (org.w3c.dom.Element)6
Issuer (com.sun.identity.saml2.assertion.Issuer)5
SingleLogoutServiceElement (com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement)5
Iterator (java.util.Iterator)5
SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)5
BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)4
HashMap (java.util.HashMap)4
NameID (com.sun.identity.saml2.assertion.NameID)3
