Examples with LogoutRequestType org.keycloak.dom.saml.v2.protocol.LogoutRequestType used on opensource projects

Example 6 with LogoutRequestType

use of org.keycloak.dom.saml.v2.protocol.LogoutRequestType in project keycloak by keycloak.

the class SAMLIdentityProvider method keycloakInitiatedBrowserLogout.

@Override
public Response keycloakInitiatedBrowserLogout(KeycloakSession session, UserSessionModel userSession, UriInfo uriInfo, RealmModel realm) {
    String singleLogoutServiceUrl = getConfig().getSingleLogoutServiceUrl();
    if (singleLogoutServiceUrl == null || singleLogoutServiceUrl.trim().equals(""))
        return null;
    if (getConfig().isBackchannelSupported()) {
        backchannelLogout(session, userSession, uriInfo, realm);
        return null;
    } else {
        try {
            LogoutRequestType logoutRequest = buildLogoutRequest(userSession, uriInfo, realm, singleLogoutServiceUrl);
            if (logoutRequest.getDestination() != null) {
                singleLogoutServiceUrl = logoutRequest.getDestination().toString();
            }
            JaxrsSAML2BindingBuilder binding = buildLogoutBinding(session, userSession, realm);
            if (getConfig().isPostBindingLogout()) {
                return binding.postBinding(SAML2Request.convert(logoutRequest)).request(singleLogoutServiceUrl);
            } else {
                return binding.redirectBinding(SAML2Request.convert(logoutRequest)).request(singleLogoutServiceUrl);
            }
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}

Example 7 with LogoutRequestType

use of org.keycloak.dom.saml.v2.protocol.LogoutRequestType in project keycloak by keycloak.

the class SAMLIdentityProvider method backchannelLogout.

@Override
public void backchannelLogout(KeycloakSession session, UserSessionModel userSession, UriInfo uriInfo, RealmModel realm) {
    String singleLogoutServiceUrl = getConfig().getSingleLogoutServiceUrl();
    if (singleLogoutServiceUrl == null || singleLogoutServiceUrl.trim().equals("") || !getConfig().isBackchannelSupported())
        return;
    JaxrsSAML2BindingBuilder binding = buildLogoutBinding(session, userSession, realm);
    try {
        LogoutRequestType logoutRequest = buildLogoutRequest(userSession, uriInfo, realm, singleLogoutServiceUrl);
        if (logoutRequest.getDestination() != null) {
            singleLogoutServiceUrl = logoutRequest.getDestination().toString();
        }
        int status = SimpleHttp.doPost(singleLogoutServiceUrl, session).param(GeneralConstants.SAML_REQUEST_KEY, binding.postBinding(SAML2Request.convert(logoutRequest)).encoded()).param(GeneralConstants.RELAY_STATE, userSession.getId()).asStatus();
        boolean success = status >= 200 && status < 400;
        if (!success) {
            logger.warn("Failed saml backchannel broker logout to: " + singleLogoutServiceUrl);
        }
    } catch (Exception e) {
        logger.warn("Failed saml backchannel broker logout to: " + singleLogoutServiceUrl, e);
    }
}

Example 8 with LogoutRequestType

use of org.keycloak.dom.saml.v2.protocol.LogoutRequestType in project keycloak by keycloak.

the class SamlDocumentStepBuilder method saml2Object2String.

public static String saml2Object2String(final SAML2Object transformed) {
    try {
        ByteArrayOutputStream bos = new ByteArrayOutputStream();
        XMLStreamWriter xmlStreamWriter = StaxUtil.getXMLStreamWriter(bos);
        if (transformed instanceof AuthnRequestType) {
            new SAMLRequestWriter(xmlStreamWriter).write((AuthnRequestType) transformed);
        } else if (transformed instanceof LogoutRequestType) {
            new SAMLRequestWriter(xmlStreamWriter).write((LogoutRequestType) transformed);
        } else if (transformed instanceof ArtifactResolveType) {
            new SAMLRequestWriter(xmlStreamWriter).write((ArtifactResolveType) transformed);
        } else if (transformed instanceof AttributeQueryType) {
            new SAMLRequestWriter(xmlStreamWriter).write((AttributeQueryType) transformed);
        } else if (transformed instanceof ResponseType) {
            new SAMLResponseWriter(xmlStreamWriter).write((ResponseType) transformed);
        } else if (transformed instanceof ArtifactResponseType) {
            new SAMLResponseWriter(xmlStreamWriter).write((ArtifactResponseType) transformed);
        } else if (transformed instanceof StatusResponseType) {
            new SAMLResponseWriter(xmlStreamWriter).write((StatusResponseType) transformed, SAMLProtocolQNames.LOGOUT_RESPONSE.getQName("samlp"));
        } else {
            Assert.assertNotNull("Unknown type: <null>", transformed);
            Assert.fail("Unknown type: " + transformed.getClass().getName());
        }
        return new String(bos.toByteArray(), GeneralConstants.SAML_CHARSET);
    } catch (ProcessingException ex) {
        throw new RuntimeException(ex);
    }
}

Example 9 with LogoutRequestType

use of org.keycloak.dom.saml.v2.protocol.LogoutRequestType in project keycloak by keycloak.

the class SOAPBindingTest method soapBindingLogoutWithSignatureMissingDestinationTest.

@Test
public void soapBindingLogoutWithSignatureMissingDestinationTest() {
    SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, POST).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().login().user(bburkeUser).build().processSamlResponse(POST).transformObject(this::extractNameIdAndSessionIndexAndTerminate).build().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_ECP_SP, SOAP).nameId(nameIdRef::get).sessionIndex(sessionIndexRef::get).signWith(SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).transformObject(logoutRequestType -> {
        logoutRequestType.setDestination(null);
        return logoutRequestType;
    }).build().executeAndTransform(POST::extractResponse);
    assertThat(response.getSamlObject(), instanceOf(StatusResponseType.class));
}

Example 10 with LogoutRequestType

use of org.keycloak.dom.saml.v2.protocol.LogoutRequestType in project keycloak by keycloak.

the class LogoutTest method testLogoutWithPostBindingUnsetRedirectBindingSet.

@Test
public void testLogoutWithPostBindingUnsetRedirectBindingSet() {
    // https://issues.jboss.org/browse/KEYCLOAK-4779
    adminClient.realm(REALM_NAME).clients().get(sales2Rep.getId()).update(ClientBuilder.edit(sales2Rep).frontchannelLogout(true).attribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE, "").attribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE, "http://url-to-sales-2").build());
    SAMLDocumentHolder samlResponse = prepareLogIntoTwoApps().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, POST).nameId(nameIdRef::get).sessionIndex(sessionIndexRef::get).build().processSamlResponse(REDIRECT).transformDocument(doc -> {
        // Expect logout request for sales-post2
        SAML2Object so = (SAML2Object) SAMLParser.getInstance().parse(new DOMSource(doc));
        assertThat(so, isSamlLogoutRequest("http://url-to-sales-2"));
        // Emulate successful logout response from sales-post2 logout
        return new SAML2LogoutResponseBuilder().destination(getAuthServerSamlEndpoint(REALM_NAME).toString()).issuer(SAML_CLIENT_ID_SALES_POST2).logoutRequestID(((LogoutRequestType) so).getID()).buildDocument();
    }).targetAttributeSamlResponse().targetUri(getAuthServerSamlEndpoint(REALM_NAME)).build().getSamlResponse(POST);
    // Expect final successful logout response from auth server signalling final successful logout
    assertThat(samlResponse.getSamlObject(), isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    assertThat(((StatusResponseType) samlResponse.getSamlObject()).getDestination(), is("http://url"));
    assertLogoutEvent(SAML_CLIENT_ID_SALES_POST2);
}