Example 1 with NodeGenerator
use of org.keycloak.saml.SamlProtocolExtensionsAwareBuilder.NodeGenerator in project keycloak by keycloak.
the class SamlProtocol method frontchannelLogout.
@Override
public Response frontchannelLogout(UserSessionModel userSession, AuthenticatedClientSessionModel clientSession) {
ClientModel client = clientSession.getClient();
SamlClient samlClient = new SamlClient(client);
try {
boolean postBinding = isLogoutPostBindingForClient(clientSession);
String bindingUri = getLogoutServiceUrl(session, client, postBinding ? SAML_POST_BINDING : SAML_REDIRECT_BINDING, false);
if (bindingUri == null) {
logger.warnf("Failed to logout client %s, skipping this client. Please configure the logout service url in the admin console for your client applications.", client.getClientId());
return null;
}
NodeGenerator[] extensions = new NodeGenerator[] {};
if (!postBinding) {
if (samlClient.requiresRealmSignature() && samlClient.addExtensionsElementWithKeyInfo()) {
KeyManager.ActiveRsaKey keys = session.keys().getActiveRsaKey(realm);
String keyName = samlClient.getXmlSigKeyInfoKeyNameTransformer().getKeyName(keys.getKid(), keys.getCertificate());
extensions = new NodeGenerator[] { new KeycloakKeySamlExtensionGenerator(keyName) };
}
}
LogoutRequestType logoutRequest = createLogoutRequest(bindingUri, clientSession, client, extensions);
JaxrsSAML2BindingBuilder binding = createBindingBuilder(samlClient, "true".equals(clientSession.getNote(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.get())));
// If this session uses artifact binding, send an artifact instead of the LogoutRequest
if ("true".equals(clientSession.getNote(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.get())) && useArtifactForLogout(client)) {
clientSession.setAction(CommonClientSessionModel.Action.LOGGING_OUT.name());
return buildArtifactAuthenticatedResponse(clientSession, bindingUri, logoutRequest, binding);
}
Document samlDocument = SAML2Request.convert(logoutRequest);
if (postBinding) {
// This is POST binding, hence KeyID is included in dsig:KeyInfo/dsig:KeyName, no need to add <samlp:Extensions> element
return binding.postBinding(samlDocument).request(bindingUri);
} else {
logger.debug("frontchannel redirect binding");
return binding.redirectBinding(samlDocument).request(bindingUri);
}
} catch (ConfigurationException | ProcessingException | IOException | ParsingException e) {
throw new RuntimeException(e);
}
}
Also used :
LogoutRequestType(org.keycloak.dom.saml.v2.protocol.LogoutRequestType)
IOException(java.io.IOException)
KeycloakKeySamlExtensionGenerator(org.keycloak.saml.processing.core.util.KeycloakKeySamlExtensionGenerator)
Document(org.w3c.dom.Document)
ClientModel(org.keycloak.models.ClientModel)
ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException)
ParsingException(org.keycloak.saml.common.exceptions.ParsingException)
KeyManager(org.keycloak.models.KeyManager)
NodeGenerator(org.keycloak.saml.SamlProtocolExtensionsAwareBuilder.NodeGenerator)
ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)
Example 2 with NodeGenerator
use of org.keycloak.saml.SamlProtocolExtensionsAwareBuilder.NodeGenerator in project keycloak by keycloak.
the class SAMLIdentityProvider method buildLogoutRequest.
protected LogoutRequestType buildLogoutRequest(UserSessionModel userSession, UriInfo uriInfo, RealmModel realm, String singleLogoutServiceUrl, NodeGenerator... extensions) throws ConfigurationException {
SAML2LogoutRequestBuilder logoutBuilder = new SAML2LogoutRequestBuilder().assertionExpiration(realm.getAccessCodeLifespan()).issuer(getEntityId(uriInfo, realm)).sessionIndex(userSession.getNote(SAMLEndpoint.SAML_FEDERATED_SESSION_INDEX)).nameId(NameIDType.deserializeFromString(userSession.getNote(SAMLEndpoint.SAML_FEDERATED_SUBJECT_NAMEID))).destination(singleLogoutServiceUrl);
LogoutRequestType logoutRequest = logoutBuilder.createLogoutRequest();
for (NodeGenerator extension : extensions) {
logoutBuilder.addExtension(extension);
}
for (Iterator<SamlAuthenticationPreprocessor> it = SamlSessionUtils.getSamlAuthenticationPreprocessorIterator(session); it.hasNext(); ) {
logoutRequest = it.next().beforeSendingLogoutRequest(logoutRequest, userSession, null);
}
return logoutRequest;
}
Also used :
LogoutRequestType(org.keycloak.dom.saml.v2.protocol.LogoutRequestType)
SamlAuthenticationPreprocessor(org.keycloak.protocol.saml.preprocessor.SamlAuthenticationPreprocessor)
SAML2LogoutRequestBuilder(org.keycloak.saml.SAML2LogoutRequestBuilder)
NodeGenerator(org.keycloak.saml.SamlProtocolExtensionsAwareBuilder.NodeGenerator)
Example 3 with NodeGenerator
use of org.keycloak.saml.SamlProtocolExtensionsAwareBuilder.NodeGenerator in project keycloak by keycloak.
the class SamlProtocol method createLogoutRequest.
protected LogoutRequestType createLogoutRequest(String logoutUrl, AuthenticatedClientSessionModel clientSession, ClientModel client, NodeGenerator... extensions) throws ConfigurationException {
// build userPrincipal with subject used at login
SAML2LogoutRequestBuilder logoutBuilder = new SAML2LogoutRequestBuilder().assertionExpiration(realm.getAccessCodeLifespan()).issuer(getResponseIssuer(realm)).userPrincipal(clientSession.getNote(SAML_NAME_ID), clientSession.getNote(SAML_NAME_ID_FORMAT)).destination(logoutUrl);
String sessionIndex = SamlSessionUtils.getSessionIndex(clientSession);
logoutBuilder.sessionIndex(sessionIndex);
for (NodeGenerator extension : extensions) {
logoutBuilder.addExtension(extension);
}
LogoutRequestType logoutRequest = logoutBuilder.createLogoutRequest();
for (Iterator<SamlAuthenticationPreprocessor> it = SamlSessionUtils.getSamlAuthenticationPreprocessorIterator(session); it.hasNext(); ) {
logoutRequest = it.next().beforeSendingLogoutRequest(logoutRequest, clientSession.getUserSession(), clientSession);
}
return logoutRequest;
}
Also used :
LogoutRequestType(org.keycloak.dom.saml.v2.protocol.LogoutRequestType)
SamlAuthenticationPreprocessor(org.keycloak.protocol.saml.preprocessor.SamlAuthenticationPreprocessor)
SAML2LogoutRequestBuilder(org.keycloak.saml.SAML2LogoutRequestBuilder)
NodeGenerator(org.keycloak.saml.SamlProtocolExtensionsAwareBuilder.NodeGenerator)
Aggregations
LogoutRequestType (org.keycloak.dom.saml.v2.protocol.LogoutRequestType)3
NodeGenerator (org.keycloak.saml.SamlProtocolExtensionsAwareBuilder.NodeGenerator)3
SamlAuthenticationPreprocessor (org.keycloak.protocol.saml.preprocessor.SamlAuthenticationPreprocessor)2
SAML2LogoutRequestBuilder (org.keycloak.saml.SAML2LogoutRequestBuilder)2
IOException (java.io.IOException)1
ClientModel (org.keycloak.models.ClientModel)1
KeyManager (org.keycloak.models.KeyManager)1
ConfigurationException (org.keycloak.saml.common.exceptions.ConfigurationException)1
ParsingException (org.keycloak.saml.common.exceptions.ParsingException)1
ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)1
KeycloakKeySamlExtensionGenerator (org.keycloak.saml.processing.core.util.KeycloakKeySamlExtensionGenerator)1
Document (org.w3c.dom.Document)1
