Examples with SingleLogoutUrl org.apereo.cas.logout.slo.SingleLogoutUrl used on opensource projects

Example 1 with SingleLogoutUrl

use of org.apereo.cas.logout.slo.SingleLogoutUrl in project cas by apereo.

the class OidcSingleLogoutServiceMessageHandler method createLogoutRequests.

@Override
protected Collection<SingleLogoutRequestContext> createLogoutRequests(final String ticketId, final WebApplicationService selectedService, final RegisteredService registeredService, final Collection<SingleLogoutUrl> logoutUrls, final SingleLogoutExecutionRequest context) {
    return logoutUrls.stream().map(url -> {
        var newSloUrl = url;
        val logoutType = url.getLogoutType();
        if (logoutType == RegisteredServiceLogoutType.FRONT_CHANNEL) {
            var newUrl = CommonHelper.addParameter(url.getUrl(), ReservedClaimNames.ISSUER, issuerService.determineIssuer(Optional.empty()));
            newUrl = CommonHelper.addParameter(newUrl, OidcConstants.CLAIM_SESSION_ID, DigestUtils.sha(context.getTicketGrantingTicket().getId()));
            newSloUrl = new SingleLogoutUrl(newUrl, logoutType);
        }
        return createLogoutRequest(ticketId, selectedService, registeredService, newSloUrl, context);
    }).filter(Objects::nonNull).collect(Collectors.toList());
}

Example 2 with SingleLogoutUrl

use of org.apereo.cas.logout.slo.SingleLogoutUrl in project cas by apereo.

the class OidcLogoutEndpointController method handleRequestInternal.

/**
 * Handle request.
 *
 * @param postLogoutRedirectUrl the post logout redirect url
 * @param state                 the state
 * @param idToken               the id token
 * @param request               the request
 * @param response              the response
 * @return the response entity
 * @throws Exception the exception
 */
@GetMapping(value = { '/' + OidcConstants.BASE_OIDC_URL + '/' + OidcConstants.LOGOUT_URL, '/' + OidcConstants.BASE_OIDC_URL + "/logout", "/**/" + OidcConstants.LOGOUT_URL })
public ResponseEntity<HttpStatus> handleRequestInternal(@RequestParam(value = "post_logout_redirect_uri", required = false) final String postLogoutRedirectUrl, @RequestParam(value = "state", required = false) final String state, @RequestParam(value = "id_token_hint", required = false) final String idToken, final HttpServletRequest request, final HttpServletResponse response) throws Exception {
    val webContext = new JEEContext(request, response);
    if (!getConfigurationContext().getOidcRequestSupport().isValidIssuerForEndpoint(webContext, OidcConstants.LOGOUT_URL)) {
        return new ResponseEntity<>(HttpStatus.NOT_FOUND);
    }
    String clientId = null;
    if (StringUtils.isNotBlank(idToken)) {
        LOGGER.trace("Decoding logout id token [{}]", idToken);
        val configContext = getConfigurationContext();
        val claims = configContext.getIdTokenSigningAndEncryptionService().decode(idToken, Optional.empty());
        clientId = claims.getStringClaimValue(OAuth20Constants.CLIENT_ID);
        LOGGER.debug("Client id retrieved from id token is [{}]", clientId);
        val registeredService = OAuth20Utils.getRegisteredOAuthServiceByClientId(configContext.getServicesManager(), clientId);
        LOGGER.debug("Located registered service [{}]", registeredService);
        val service = configContext.getWebApplicationServiceServiceFactory().createService(clientId);
        val audit = AuditableContext.builder().service(service).registeredService(registeredService).build();
        val accessResult = configContext.getRegisteredServiceAccessStrategyEnforcer().execute(audit);
        accessResult.throwExceptionIfNeeded();
        WebUtils.putRegisteredService(request, Objects.requireNonNull(registeredService));
        val urls = configContext.getSingleLogoutServiceLogoutUrlBuilder().determineLogoutUrl(registeredService, service, Optional.of(request)).stream().map(SingleLogoutUrl::getUrl).collect(Collectors.toList());
        LOGGER.debug("Logout urls assigned to registered service are [{}]", urls);
        if (StringUtils.isNotBlank(postLogoutRedirectUrl) && registeredService.getMatchingStrategy() != null) {
            val matchResult = registeredService.matches(postLogoutRedirectUrl) || urls.stream().anyMatch(url -> postLogoutRedirectUrlMatcher.matches(postLogoutRedirectUrl, url));
            if (matchResult) {
                LOGGER.debug("Requested logout URL [{}] is authorized for redirects", postLogoutRedirectUrl);
                return new ResponseEntity<>(executeLogoutRedirect(Optional.ofNullable(StringUtils.trimToNull(state)), Optional.of(postLogoutRedirectUrl), Optional.of(clientId), request, response));
            }
        }
        val validURL = urls.stream().filter(urlValidator::isValid).findFirst();
        if (validURL.isPresent()) {
            return new ResponseEntity<>(executeLogoutRedirect(Optional.ofNullable(StringUtils.trimToNull(state)), validURL, Optional.of(clientId), request, response));
        }
        LOGGER.debug("No logout urls could be determined for registered service [{}]", registeredService.getName());
    }
    return new ResponseEntity<>(executeLogoutRedirect(Optional.ofNullable(StringUtils.trimToNull(state)), Optional.empty(), Optional.ofNullable(clientId), request, response));
}

Example 3 with SingleLogoutUrl

use of org.apereo.cas.logout.slo.SingleLogoutUrl in project cas by apereo.

the class SamlIdPSingleLogoutServiceLogoutUrlBuilder method finalizeSingleLogoutUrl.

private static SingleLogoutUrl finalizeSingleLogoutUrl(final SingleLogoutService sloService, final SamlRegisteredService service) {
    val location = StringUtils.isBlank(sloService.getResponseLocation()) ? sloService.getLocation() : sloService.getResponseLocation();
    val url = new SingleLogoutUrl(location, service.getLogoutType());
    url.getProperties().put(PROPERTY_NAME_SINGLE_LOGOUT_BINDING, sloService.getBinding());
    return url;
}