Examples with LogoutRequest - org.opensaml.saml.saml2.core.LogoutRequest

Example 16 with LogoutRequest

use of org.opensaml.saml.saml2.core.LogoutRequest in project ddf by codice.

the class LogoutRequestServiceTest method testGetLogoutRequest.

@Test
public void testGetLogoutRequest() throws Exception {
    String signature = "signature";
    String signatureAlgorithm = "sha1";
    String relayState = UUID.randomUUID().toString();
    String deflatedSamlRequest = RestSecurity.deflateAndBase64Encode("deflatedSamlRequest");
    LogoutRequest logoutRequest = mock(LogoutRequest.class);
    when(logoutMessage.extractSamlLogoutRequest(eq("deflatedSamlRequest"))).thenReturn(logoutRequest);
    when(logoutMessage.signSamlGetResponse(any(LogoutRequest.class), any(URI.class), anyString())).thenReturn(new URI(redirectLogoutUrl));
    Response response = logoutRequestService.getLogoutRequest(deflatedSamlRequest, null, relayState, signatureAlgorithm, signature);
    assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
    assertTrue("Expected logout url of " + redirectLogoutUrl, response.getEntity().toString().contains(redirectLogoutUrl));
}

Also used : LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) Response(javax.ws.rs.core.Response) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Matchers.anyString(org.mockito.Matchers.anyString) URI(java.net.URI) Test(org.junit.Test)

Example 17 with LogoutRequest

use of org.opensaml.saml.saml2.core.LogoutRequest in project ddf by codice.

the class LogoutRequestService method postLogoutRequest.

@POST
@Produces(MediaType.APPLICATION_FORM_URLENCODED)
public Response postLogoutRequest(@FormParam(SAML_REQUEST) String encodedSamlRequest, @FormParam(SAML_REQUEST) String encodedSamlResponse, @FormParam(RELAY_STATE) String relayState) {
    if (encodedSamlRequest != null) {
        try {
            LogoutRequest logoutRequest = logoutMessage.extractSamlLogoutRequest(decodeBase64(encodedSamlRequest));
            if (logoutRequest == null) {
                String msg = "Unable to parse logout request.";
                LOGGER.debug(msg);
                return buildLogoutResponse(msg);
            }
            new SamlValidator.Builder(simpleSign).buildAndValidate(request.getRequestURL().toString(), SamlProtocol.Binding.HTTP_POST, logoutRequest);
            logout();
            LogoutResponse logoutResponse = logoutMessage.buildLogoutResponse(logoutRequest.getIssuer().getValue(), StatusCode.SUCCESS, logoutRequest.getID());
            return getLogoutResponse(relayState, logoutResponse);
        } catch (WSSecurityException e) {
            String msg = "Failed to sign logout response.";
            LOGGER.info(msg, e);
            return buildLogoutResponse(msg);
        } catch (ValidationException e) {
            String msg = "Unable to validate";
            LOGGER.info(msg, e);
            return buildLogoutResponse(msg);
        } catch (XMLStreamException e) {
            String msg = "Unable to parse logout request.";
            LOGGER.info(msg, e);
            return buildLogoutResponse(msg);
        }
    } else {
        try {
            LogoutResponse logoutResponse = logoutMessage.extractSamlLogoutResponse(decodeBase64(encodedSamlResponse));
            if (logoutResponse == null) {
                String msg = "Unable to parse logout response.";
                LOGGER.info(msg);
                return buildLogoutResponse(msg);
            }
            new SamlValidator.Builder(simpleSign).buildAndValidate(request.getRequestURL().toString(), SamlProtocol.Binding.HTTP_POST, logoutResponse);
        } catch (ValidationException e) {
            String msg = "Unable to validate";
            LOGGER.info(msg, e);
            return buildLogoutResponse(msg);
        } catch (WSSecurityException | XMLStreamException e) {
            String msg = "Unable to parse logout response.";
            LOGGER.info(msg, e);
            return buildLogoutResponse(msg);
        }
        String nameId = "You";
        String decodedValue;
        if (relayState != null && (decodedValue = relayStates.decode(relayState)) != null) {
            nameId = decodedValue;
        }
        return buildLogoutResponse(nameId + " logged out successfully.");
    }
}

Also used : ValidationException(ddf.security.samlp.ValidationException) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) XMLStreamException(javax.xml.stream.XMLStreamException) SamlValidator(ddf.security.samlp.impl.SamlValidator) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) POST(javax.ws.rs.POST) Produces(javax.ws.rs.Produces)

Example 18 with LogoutRequest

use of org.opensaml.saml.saml2.core.LogoutRequest in project ddf by codice.

the class LogoutRequestServiceTest method getPostLogoutRequest.

@Test
public void getPostLogoutRequest() throws Exception {
    String relayState = UUID.randomUUID().toString();
    String encodedSamlRequest = "encodedSamlRequest";
    String issuerStr = "issuer";
    LogoutRequest logoutRequest = mock(LogoutRequest.class);
    Issuer issuer = mock(Issuer.class);
    OpenSAMLUtil.initSamlEngine();
    LogoutResponse logoutResponse = new LogoutResponseBuilder().buildObject();
    when(logoutMessage.extractSamlLogoutRequest(any(String.class))).thenReturn(logoutRequest);
    when(logoutRequest.getIssuer()).thenReturn(issuer);
    when(logoutRequest.getIssueInstant()).thenReturn(new DateTime());
    when(logoutRequest.getVersion()).thenReturn(SAMLVersion.VERSION_20);
    when(logoutRequest.getID()).thenReturn("id");
    when(issuer.getValue()).thenReturn(issuerStr);
    when(logoutMessage.buildLogoutResponse(eq(issuerStr), eq(StatusCode.SUCCESS), anyString())).thenReturn(logoutResponse);
    when(idpMetadata.getSingleLogoutBinding()).thenReturn(SamlProtocol.POST_BINDING);
    when(idpMetadata.getSingleLogoutLocation()).thenReturn(postLogoutUrl);
    Response response = logoutRequestService.postLogoutRequest(encodedSamlRequest, null, relayState);
    assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
    assertTrue("Expected logout url of " + postLogoutUrl, response.getEntity().toString().contains(postLogoutUrl));
}

Also used : LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) Response(javax.ws.rs.core.Response) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) LogoutResponseBuilder(org.opensaml.saml.saml2.core.impl.LogoutResponseBuilder) Issuer(org.opensaml.saml.saml2.core.Issuer) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Matchers.anyString(org.mockito.Matchers.anyString) DateTime(org.joda.time.DateTime) Test(org.junit.Test)

Aggregations

LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)13 LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)10 IOException (java.io.IOException)6 Response (javax.ws.rs.core.Response)6 Test (org.junit.Test)6 ValidationException (ddf.security.samlp.ValidationException)5 XMLStreamException (javax.xml.stream.XMLStreamException)5 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)4 Matchers.anyString (org.mockito.Matchers.anyString)4 GET (javax.ws.rs.GET)3 Path (javax.ws.rs.Path)3 LogoutRequest (org.opensaml.saml2.core.LogoutRequest)3 URI (java.net.URI)2 Cookie (javax.servlet.http.Cookie)2 POST (javax.ws.rs.POST)2 NewCookie (javax.ws.rs.core.NewCookie)2 DateTime (org.joda.time.DateTime)2 Document (org.w3c.dom.Document)2 SamlProtocol (ddf.security.samlp.SamlProtocol)1 EntityInformation (ddf.security.samlp.impl.EntityInformation)1