Example 6 with LogoutRequest
use of org.opensaml.saml.saml2.core.LogoutRequest in project ddf by codice.
the class SamlProtocolTest method testCreateLogoutRequest.
@Test
public void testCreateLogoutRequest() {
LogoutRequest logoutRequest = SamlProtocol.createLogoutRequest(SamlProtocol.createIssuer("myissuer"), SamlProtocol.createNameID("mynameid"), "myid");
assertEquals("myissuer", logoutRequest.getIssuer().getValue());
assertEquals("mynameid", logoutRequest.getNameID().getValue());
assertEquals("myid", logoutRequest.getID());
}
Also used :
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Test(org.junit.Test)
Example 7 with LogoutRequest
use of org.opensaml.saml.saml2.core.LogoutRequest in project ddf by codice.
the class LogoutRequestService method sendLogoutRequest.
@GET
@Path("/request")
public Response sendLogoutRequest(@QueryParam("EncryptedNameIdTime") String encryptedNameIdTime) {
String nameIdTime = encryptionService.decrypt(encryptedNameIdTime);
String[] nameIdTimeArray = StringUtils.split(nameIdTime, "\n");
if (nameIdTimeArray.length == 2) {
try {
String name = nameIdTimeArray[0];
Long time = Long.parseLong(nameIdTimeArray[1]);
if (System.currentTimeMillis() - time > logOutPageTimeOut) {
String msg = String.format("Logout request was older than %sms old so it was rejected. Please refresh page and request again.", logOutPageTimeOut);
LOGGER.info(msg);
return buildLogoutResponse(msg);
}
logout();
LogoutRequest logoutRequest = logoutMessage.buildLogoutRequest(name, getEntityId());
String relayState = relayStates.encode(name);
return getLogoutRequest(relayState, logoutRequest);
} catch (Exception e) {
String msg = "Failed to create logout request.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
}
} else {
String msg = "Failed to decrypt logout request params. Invalid number of params.";
LOGGER.info(msg);
return buildLogoutResponse(msg);
}
}
Also used :
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
URISyntaxException(java.net.URISyntaxException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
XMLStreamException(javax.xml.stream.XMLStreamException)
ValidationException(ddf.security.samlp.ValidationException)
IOException(java.io.IOException)
Path(javax.ws.rs.Path)
GET(javax.ws.rs.GET)
Example 8 with LogoutRequest
use of org.opensaml.saml.saml2.core.LogoutRequest in project ddf by codice.
the class LogoutRequestService method getSamlpPostLogoutRequest.
private Response getSamlpPostLogoutRequest(String relayState, LogoutRequest logoutRequest) throws SimpleSign.SignatureException, WSSecurityException {
LOGGER.debug("Configuring SAML LogoutRequest for POST.");
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
LOGGER.debug("Signing SAML POST LogoutRequest.");
simpleSign.signSamlObject(logoutRequest);
LOGGER.debug("Converting SAML Request to DOM");
String assertionResponse = DOM2Writer.nodeToString(OpenSAMLUtil.toDom(logoutRequest, doc));
String encodedSamlRequest = Base64.getEncoder().encodeToString(assertionResponse.getBytes(StandardCharsets.UTF_8));
String singleLogoutLocation = idpMetadata.getSingleLogoutLocation();
String submitFormUpdated = String.format(submitForm, singleLogoutLocation, SAML_REQUEST, encodedSamlRequest, relayState);
Response.ResponseBuilder ok = Response.ok(submitFormUpdated);
return ok.build();
}
Also used :
Response(javax.ws.rs.core.Response)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Document(org.w3c.dom.Document)
Example 9 with LogoutRequest
use of org.opensaml.saml.saml2.core.LogoutRequest in project ddf by codice.
the class LogoutRequestService method getSamlpRedirectLogoutRequest.
private Response getSamlpRedirectLogoutRequest(String relayState, LogoutRequest logoutRequest) throws IOException, SimpleSign.SignatureException, WSSecurityException, URISyntaxException {
LOGGER.debug("Configuring SAML Response for Redirect.");
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
URI location = logoutMessage.signSamlGetRequest(logoutRequest, new URI(idpMetadata.getSingleLogoutLocation()), relayState);
String redirectUpdated = String.format(redirectPage, location.toString());
Response.ResponseBuilder ok = Response.ok(redirectUpdated);
return ok.build();
}
Also used :
Response(javax.ws.rs.core.Response)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Document(org.w3c.dom.Document)
URI(java.net.URI)
Example 10 with LogoutRequest
use of org.opensaml.saml.saml2.core.LogoutRequest in project cas by apereo.
the class AbstractSamlSLOProfileHandlerController method handleSloProfileRequest.
/**
* Handle profile request.
*
* @param response the response
* @param request the request
* @param decoder the decoder
* @throws Exception the exception
*/
protected void handleSloProfileRequest(final HttpServletResponse response, final HttpServletRequest request, final BaseHttpServletRequestXMLMessageDecoder decoder) throws Exception {
if (singleLogoutCallbacksDisabled) {
LOGGER.info("Processing SAML IdP SLO requests is disabled");
return;
}
final Pair<? extends SignableSAMLObject, MessageContext> pair = decodeSamlContextFromHttpRequest(request, decoder, LogoutRequest.class);
final LogoutRequest logoutRequest = LogoutRequest.class.cast(pair.getKey());
final MessageContext ctx = pair.getValue();
if (this.forceSignedLogoutRequests && !SAMLBindingSupport.isMessageSigned(ctx)) {
throw new SAMLException("Logout request is not signed but should be.");
}
if (SAMLBindingSupport.isMessageSigned(ctx)) {
final MetadataResolver resolver = SamlIdPUtils.getMetadataResolverForAllSamlServices(this.servicesManager, SamlIdPUtils.getIssuerFromSamlRequest(logoutRequest), this.samlRegisteredServiceCachingMetadataResolver);
this.samlObjectSignatureValidator.verifySamlProfileRequestIfNeeded(logoutRequest, resolver, request, ctx);
}
SamlUtils.logSamlObject(this.configBean, logoutRequest);
response.sendRedirect(this.logoutUrl);
}
Also used :
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
MessageContext(org.opensaml.messaging.context.MessageContext)
SamlRegisteredServiceCachingMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)
MetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver)
SAMLException(org.opensaml.saml.common.SAMLException)
Aggregations
LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)13
LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)10
IOException (java.io.IOException)6
Response (javax.ws.rs.core.Response)6
Test (org.junit.Test)6
ValidationException (ddf.security.samlp.ValidationException)5
XMLStreamException (javax.xml.stream.XMLStreamException)5
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)4
Matchers.anyString (org.mockito.Matchers.anyString)4
GET (javax.ws.rs.GET)3
Path (javax.ws.rs.Path)3
LogoutRequest (org.opensaml.saml2.core.LogoutRequest)3
URI (java.net.URI)2
Cookie (javax.servlet.http.Cookie)2
POST (javax.ws.rs.POST)2
NewCookie (javax.ws.rs.core.NewCookie)2
DateTime (org.joda.time.DateTime)2
Document (org.w3c.dom.Document)2
SamlProtocol (ddf.security.samlp.SamlProtocol)1
EntityInformation (ddf.security.samlp.impl.EntityInformation)1
