Search in sources :

Example 21 with LogoutResponse

use of com.sun.identity.saml2.protocol.LogoutResponse in project OpenAM by OpenRock.

the class LogoutUtil method sendSLOResponseRedirect.

public static void sendSLOResponseRedirect(HttpServletResponse response, LogoutResponse sloResponse, String sloURL, String relayState, String realm, String hostEntity, String hostEntityRole, String remoteEntity) throws SAML2Exception {
    try {
        String logoutResXMLString = sloResponse.toXMLString(true, true);
        // encode the xml string
        String encodedXML = SAML2Utils.encodeForRedirect(logoutResXMLString);
        StringBuffer queryString = new StringBuffer().append(SAML2Constants.SAML_RESPONSE).append(SAML2Constants.EQUAL).append(encodedXML);
        if (relayState != null && relayState.length() > 0 && relayState.getBytes("UTF-8").length <= 80) {
            queryString.append("&").append(SAML2Constants.RELAY_STATE).append("=").append(URLEncDec.encode(relayState));
        }
        boolean needToSign = false;
        if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
            needToSign = SAML2Utils.getWantLogoutResponseSigned(realm, remoteEntity, SAML2Constants.SP_ROLE);
        } else {
            needToSign = SAML2Utils.getWantLogoutResponseSigned(realm, remoteEntity, SAML2Constants.IDP_ROLE);
        }
        String signedQueryString = queryString.toString();
        if (needToSign == true) {
            signedQueryString = SAML2Utils.signQueryString(signedQueryString, realm, hostEntity, hostEntityRole);
        }
        String redirectURL = sloURL + (sloURL.contains("?") ? "&" : "?") + signedQueryString;
        if (debug.messageEnabled()) {
            debug.message("redirectURL :" + redirectURL);
        }
        String[] data = { sloURL };
        LogUtil.access(Level.INFO, LogUtil.REDIRECT_TO_SP, data, null);
        response.sendRedirect(redirectURL);
    } catch (Exception e) {
        debug.error("Exception :", e);
        throw new SAML2Exception(SAML2Utils.bundle.getString("errorRedirectingLogoutResponse"));
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) SOAPException(javax.xml.soap.SOAPException) SessionException(com.sun.identity.plugin.session.SessionException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) IOException(java.io.IOException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)

Example 22 with LogoutResponse

use of com.sun.identity.saml2.protocol.LogoutResponse in project OpenAM by OpenRock.

the class LogoutUtil method generateResponse.

/**
    * Builds the <code>LogoutResponse</code> to be sent to IDP.
     *
     * @param status status of the response.
     * @param inResponseTo inResponseTo.
     * @param issuer issuer of the response, which is SP.
     * @param realm inResponseTo.
     * @param hostRole issuer of the response, which is SP.
     * @param remoteEntity will get this response.
     *
     * @return <code>LogoutResponse</code>
     *
     */
public static LogoutResponse generateResponse(Status status, String inResponseTo, Issuer issuer, String realm, String hostRole, String remoteEntity) {
    if (status == null) {
        status = SAML2Utils.generateStatus(SAML2Constants.SUCCESS, SAML2Utils.bundle.getString("requestSuccess"));
    }
    LogoutResponse logoutResponse = ProtocolFactory.getInstance().createLogoutResponse();
    String responseID = SAMLUtils.generateID();
    try {
        logoutResponse.setStatus(status);
        logoutResponse.setID(responseID);
        logoutResponse.setInResponseTo(inResponseTo);
        logoutResponse.setVersion(SAML2Constants.VERSION_2_0);
        logoutResponse.setIssueInstant(new Date());
        logoutResponse.setIssuer(issuer);
    } catch (SAML2Exception e) {
        debug.error("Error in generating LogoutResponse.", e);
    }
    return logoutResponse;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) LogoutResponse(com.sun.identity.saml2.protocol.LogoutResponse) Date(java.util.Date)

Example 23 with LogoutResponse

use of com.sun.identity.saml2.protocol.LogoutResponse in project OpenAM by OpenRock.

the class LogoutUtil method getSessionIndex.

static List getSessionIndex(LogoutResponse logoutRes) {
    StatusDetail statusDetail = logoutRes.getStatus().getStatusDetail();
    if (statusDetail == null) {
        return null;
    }
    List details = statusDetail.getAny();
    if (details == null || details.isEmpty()) {
        return null;
    }
    List sessionIndexList = new ArrayList();
    for (Iterator iter = details.iterator(); iter.hasNext(); ) {
        String detail = (String) iter.next();
        Document doc = XMLUtils.toDOMDocument(detail, debug);
        Element elem = doc.getDocumentElement();
        String localName = elem.getLocalName();
        if (SAML2Constants.SESSION_INDEX.equals(localName)) {
            sessionIndexList.add(XMLUtils.getElementString(elem));
        }
    }
    return sessionIndexList;
}
Also used : StatusDetail(com.sun.identity.saml2.protocol.StatusDetail) SingleLogoutServiceElement(com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement) SPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement) Element(org.w3c.dom.Element) IDPSSODescriptorElement(com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement) ArrayList(java.util.ArrayList) Iterator(java.util.Iterator) List(java.util.List) ArrayList(java.util.ArrayList) Document(org.w3c.dom.Document)

Example 24 with LogoutResponse

use of com.sun.identity.saml2.protocol.LogoutResponse in project OpenAM by OpenRock.

the class LogoutUtil method getLogoutResponseFromPost.

static LogoutResponse getLogoutResponseFromPost(String samlResponse, HttpServletResponse response) throws SAML2Exception {
    if (samlResponse == null) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("missingLogoutResponse"));
    }
    LogoutResponse resp = null;
    ByteArrayInputStream bis = null;
    try {
        byte[] raw = Base64.decode(samlResponse);
        if (raw != null) {
            bis = new ByteArrayInputStream(raw);
            Document doc = XMLUtils.toDOMDocument(bis, debug);
            if (doc != null) {
                resp = ProtocolFactory.getInstance().createLogoutResponse(doc.getDocumentElement());
            }
        }
    } catch (Exception e) {
        debug.error("LogoutUtil.getLogoutResponseFromPost:", e);
    } finally {
        if (bis != null) {
            try {
                bis.close();
            } catch (Exception ie) {
                if (debug.messageEnabled()) {
                    debug.message("LogoutUtil.getLogoutResponseFromPost:", ie);
                }
            }
        }
    }
    if (resp == null) {
        throw new SAML2Exception(SAML2Utils.bundle.getString("errorGettingLogoutResponse"));
    }
    return resp;
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) LogoutResponse(com.sun.identity.saml2.protocol.LogoutResponse) ByteArrayInputStream(java.io.ByteArrayInputStream) Document(org.w3c.dom.Document) SOAPException(javax.xml.soap.SOAPException) SessionException(com.sun.identity.plugin.session.SessionException) SAML2MetaException(com.sun.identity.saml2.meta.SAML2MetaException) IOException(java.io.IOException) SAML2Exception(com.sun.identity.saml2.common.SAML2Exception)

Example 25 with LogoutResponse

use of com.sun.identity.saml2.protocol.LogoutResponse in project OpenAM by OpenRock.

the class LogoutUtil method signSLOResponse.

static void signSLOResponse(LogoutResponse sloResponse, String realm, String hostEntity, String hostEntityRole, String remoteEntity, boolean includeCert) throws SAML2Exception {
    String method = "signSLOResponse : ";
    boolean needSignResponse = false;
    if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
        needSignResponse = SAML2Utils.getWantLogoutResponseSigned(realm, remoteEntity, SAML2Constants.SP_ROLE);
    } else {
        needSignResponse = SAML2Utils.getWantLogoutResponseSigned(realm, remoteEntity, SAML2Constants.IDP_ROLE);
    }
    if (needSignResponse == false) {
        if (debug.messageEnabled()) {
            debug.message(method + "SLOResponse doesn't need to be signed.");
        }
        return;
    }
    String alias = SAML2Utils.getSigningCertAlias(realm, hostEntity, hostEntityRole);
    String encryptedKeyPass = SAML2Utils.getSigningCertEncryptedKeyPass(realm, hostEntity, hostEntityRole);
    if (debug.messageEnabled()) {
        debug.message(method + "realm is : " + realm);
        debug.message(method + "hostEntity is : " + hostEntity);
        debug.message(method + "Host Entity role is : " + hostEntityRole);
        debug.message(method + "Cert Alias is : " + alias);
        if (encryptedKeyPass != null && !encryptedKeyPass.isEmpty()) {
            debug.message(method + "Using provided Cert KeyPass");
        }
    }
    PrivateKey signingKey;
    if (encryptedKeyPass == null || encryptedKeyPass.isEmpty()) {
        signingKey = keyProvider.getPrivateKey(alias);
    } else {
        signingKey = keyProvider.getPrivateKey(alias, encryptedKeyPass);
    }
    X509Certificate signingCert = null;
    if (includeCert) {
        signingCert = keyProvider.getX509Certificate(alias);
    }
    if (signingKey != null) {
        sloResponse.sign(signingKey, signingCert);
    } else {
        debug.error("Incorrect configuration for Signing Certificate.");
        throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
    }
}
Also used : SAML2Exception(com.sun.identity.saml2.common.SAML2Exception) PrivateKey(java.security.PrivateKey) X509Certificate(java.security.cert.X509Certificate)

Aggregations

SAML2Exception (com.sun.identity.saml2.common.SAML2Exception)19 LogoutResponse (com.sun.identity.saml2.protocol.LogoutResponse)14 List (java.util.List)9 SessionException (com.sun.identity.plugin.session.SessionException)8 SingleLogoutServiceElement (com.sun.identity.saml2.jaxb.metadata.SingleLogoutServiceElement)8 IDPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.IDPSSODescriptorElement)7 IOException (java.io.IOException)7 SPSSODescriptorElement (com.sun.identity.saml2.jaxb.metadata.SPSSODescriptorElement)6 SAML2MetaException (com.sun.identity.saml2.meta.SAML2MetaException)6 LogoutRequest (com.sun.identity.saml2.protocol.LogoutRequest)6 SOAPException (javax.xml.soap.SOAPException)6 Element (org.w3c.dom.Element)6 Status (com.sun.identity.saml2.protocol.Status)5 HashMap (java.util.HashMap)5 SAML2TokenRepositoryException (org.forgerock.openam.federation.saml2.SAML2TokenRepositoryException)5 Issuer (com.sun.identity.saml2.assertion.Issuer)4 ArrayList (java.util.ArrayList)4 SOAPMessage (javax.xml.soap.SOAPMessage)4 BaseConfigType (com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType)3 FedletAdapter (com.sun.identity.saml2.plugins.FedletAdapter)3