use of com.sun.identity.saml2.protocol.LogoutResponse in project OpenAM by OpenRock.
the class LogoutUtil method sendSLOResponseRedirect.
public static void sendSLOResponseRedirect(HttpServletResponse response, LogoutResponse sloResponse, String sloURL, String relayState, String realm, String hostEntity, String hostEntityRole, String remoteEntity) throws SAML2Exception {
try {
String logoutResXMLString = sloResponse.toXMLString(true, true);
// encode the xml string
String encodedXML = SAML2Utils.encodeForRedirect(logoutResXMLString);
StringBuffer queryString = new StringBuffer().append(SAML2Constants.SAML_RESPONSE).append(SAML2Constants.EQUAL).append(encodedXML);
if (relayState != null && relayState.length() > 0 && relayState.getBytes("UTF-8").length <= 80) {
queryString.append("&").append(SAML2Constants.RELAY_STATE).append("=").append(URLEncDec.encode(relayState));
}
boolean needToSign = false;
if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
needToSign = SAML2Utils.getWantLogoutResponseSigned(realm, remoteEntity, SAML2Constants.SP_ROLE);
} else {
needToSign = SAML2Utils.getWantLogoutResponseSigned(realm, remoteEntity, SAML2Constants.IDP_ROLE);
}
String signedQueryString = queryString.toString();
if (needToSign == true) {
signedQueryString = SAML2Utils.signQueryString(signedQueryString, realm, hostEntity, hostEntityRole);
}
String redirectURL = sloURL + (sloURL.contains("?") ? "&" : "?") + signedQueryString;
if (debug.messageEnabled()) {
debug.message("redirectURL :" + redirectURL);
}
String[] data = { sloURL };
LogUtil.access(Level.INFO, LogUtil.REDIRECT_TO_SP, data, null);
response.sendRedirect(redirectURL);
} catch (Exception e) {
debug.error("Exception :", e);
throw new SAML2Exception(SAML2Utils.bundle.getString("errorRedirectingLogoutResponse"));
}
}
use of com.sun.identity.saml2.protocol.LogoutResponse in project OpenAM by OpenRock.
the class LogoutUtil method generateResponse.
/**
* Builds the <code>LogoutResponse</code> to be sent to IDP.
*
* @param status status of the response.
* @param inResponseTo inResponseTo.
* @param issuer issuer of the response, which is SP.
* @param realm inResponseTo.
* @param hostRole issuer of the response, which is SP.
* @param remoteEntity will get this response.
*
* @return <code>LogoutResponse</code>
*
*/
public static LogoutResponse generateResponse(Status status, String inResponseTo, Issuer issuer, String realm, String hostRole, String remoteEntity) {
if (status == null) {
status = SAML2Utils.generateStatus(SAML2Constants.SUCCESS, SAML2Utils.bundle.getString("requestSuccess"));
}
LogoutResponse logoutResponse = ProtocolFactory.getInstance().createLogoutResponse();
String responseID = SAMLUtils.generateID();
try {
logoutResponse.setStatus(status);
logoutResponse.setID(responseID);
logoutResponse.setInResponseTo(inResponseTo);
logoutResponse.setVersion(SAML2Constants.VERSION_2_0);
logoutResponse.setIssueInstant(new Date());
logoutResponse.setIssuer(issuer);
} catch (SAML2Exception e) {
debug.error("Error in generating LogoutResponse.", e);
}
return logoutResponse;
}
use of com.sun.identity.saml2.protocol.LogoutResponse in project OpenAM by OpenRock.
the class LogoutUtil method getSessionIndex.
static List getSessionIndex(LogoutResponse logoutRes) {
StatusDetail statusDetail = logoutRes.getStatus().getStatusDetail();
if (statusDetail == null) {
return null;
}
List details = statusDetail.getAny();
if (details == null || details.isEmpty()) {
return null;
}
List sessionIndexList = new ArrayList();
for (Iterator iter = details.iterator(); iter.hasNext(); ) {
String detail = (String) iter.next();
Document doc = XMLUtils.toDOMDocument(detail, debug);
Element elem = doc.getDocumentElement();
String localName = elem.getLocalName();
if (SAML2Constants.SESSION_INDEX.equals(localName)) {
sessionIndexList.add(XMLUtils.getElementString(elem));
}
}
return sessionIndexList;
}
use of com.sun.identity.saml2.protocol.LogoutResponse in project OpenAM by OpenRock.
the class LogoutUtil method getLogoutResponseFromPost.
static LogoutResponse getLogoutResponseFromPost(String samlResponse, HttpServletResponse response) throws SAML2Exception {
if (samlResponse == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("missingLogoutResponse"));
}
LogoutResponse resp = null;
ByteArrayInputStream bis = null;
try {
byte[] raw = Base64.decode(samlResponse);
if (raw != null) {
bis = new ByteArrayInputStream(raw);
Document doc = XMLUtils.toDOMDocument(bis, debug);
if (doc != null) {
resp = ProtocolFactory.getInstance().createLogoutResponse(doc.getDocumentElement());
}
}
} catch (Exception e) {
debug.error("LogoutUtil.getLogoutResponseFromPost:", e);
} finally {
if (bis != null) {
try {
bis.close();
} catch (Exception ie) {
if (debug.messageEnabled()) {
debug.message("LogoutUtil.getLogoutResponseFromPost:", ie);
}
}
}
}
if (resp == null) {
throw new SAML2Exception(SAML2Utils.bundle.getString("errorGettingLogoutResponse"));
}
return resp;
}
use of com.sun.identity.saml2.protocol.LogoutResponse in project OpenAM by OpenRock.
the class LogoutUtil method signSLOResponse.
static void signSLOResponse(LogoutResponse sloResponse, String realm, String hostEntity, String hostEntityRole, String remoteEntity, boolean includeCert) throws SAML2Exception {
String method = "signSLOResponse : ";
boolean needSignResponse = false;
if (hostEntityRole.equalsIgnoreCase(SAML2Constants.IDP_ROLE)) {
needSignResponse = SAML2Utils.getWantLogoutResponseSigned(realm, remoteEntity, SAML2Constants.SP_ROLE);
} else {
needSignResponse = SAML2Utils.getWantLogoutResponseSigned(realm, remoteEntity, SAML2Constants.IDP_ROLE);
}
if (needSignResponse == false) {
if (debug.messageEnabled()) {
debug.message(method + "SLOResponse doesn't need to be signed.");
}
return;
}
String alias = SAML2Utils.getSigningCertAlias(realm, hostEntity, hostEntityRole);
String encryptedKeyPass = SAML2Utils.getSigningCertEncryptedKeyPass(realm, hostEntity, hostEntityRole);
if (debug.messageEnabled()) {
debug.message(method + "realm is : " + realm);
debug.message(method + "hostEntity is : " + hostEntity);
debug.message(method + "Host Entity role is : " + hostEntityRole);
debug.message(method + "Cert Alias is : " + alias);
if (encryptedKeyPass != null && !encryptedKeyPass.isEmpty()) {
debug.message(method + "Using provided Cert KeyPass");
}
}
PrivateKey signingKey;
if (encryptedKeyPass == null || encryptedKeyPass.isEmpty()) {
signingKey = keyProvider.getPrivateKey(alias);
} else {
signingKey = keyProvider.getPrivateKey(alias, encryptedKeyPass);
}
X509Certificate signingCert = null;
if (includeCert) {
signingCert = keyProvider.getX509Certificate(alias);
}
if (signingKey != null) {
sloResponse.sign(signingKey, signingCert);
} else {
debug.error("Incorrect configuration for Signing Certificate.");
throw new SAML2Exception(SAML2Utils.bundle.getString("metaDataError"));
}
}
Aggregations