Examples with LogoutResponse org.opensaml.saml.saml2.core.LogoutResponse used on opensource projects
Example 6 with LogoutResponse
use of org.opensaml.saml.saml2.core.LogoutResponse in project ddf by codice.
the class IdpEndpoint method processRedirectLogout.
/**
* aka HTTP-Redirect
*
* @param samlRequest the base64 encoded saml request
* @param samlResponse the base64 encoded saml response
* @param relayState the UUID that references the logout state
* @param signatureAlgorithm this signing algorithm
* @param signature the signature of the url
* @param request the http servlet request
* @return Response redirecting to an service provider
* @throws WSSecurityException
* @throws IdpException
*/
@Override
@GET
@Path("/logout")
public Response processRedirectLogout(@QueryParam(SAML_REQ) final String samlRequest, @QueryParam(SAML_RESPONSE) final String samlResponse, @QueryParam(RELAY_STATE) final String relayState, @QueryParam(SSOConstants.SIG_ALG) final String signatureAlgorithm, @QueryParam(SSOConstants.SIGNATURE) final String signature, @Context final HttpServletRequest request) throws WSSecurityException, IdpException {
LogoutState logoutState = getLogoutState(request);
Cookie cookie = getCookie(request);
try {
if (samlRequest != null) {
LogoutRequest logoutRequest = logoutMessage.extractSamlLogoutRequest(RestSecurity.inflateBase64(samlRequest));
validateRedirect(relayState, signatureAlgorithm, signature, request, samlRequest, logoutRequest, logoutRequest.getIssuer().getValue());
return handleLogoutRequest(cookie, logoutState, logoutRequest, SamlProtocol.Binding.HTTP_REDIRECT, relayState);
} else if (samlResponse != null) {
LogoutResponse logoutResponse = logoutMessage.extractSamlLogoutResponse(RestSecurity.inflateBase64(samlResponse));
String requestId = logoutState != null ? logoutState.getCurrentRequestId() : null;
validateRedirect(relayState, signatureAlgorithm, signature, request, samlResponse, logoutResponse, logoutResponse.getIssuer().getValue(), requestId);
return handleLogoutResponse(cookie, logoutState, logoutResponse, SamlProtocol.Binding.HTTP_REDIRECT);
}
} catch (XMLStreamException e) {
throw new IdpException("Unable to parse Saml Object.", e);
} catch (ValidationException e) {
throw new IdpException("Unable to validate Saml Object", e);
} catch (IOException e) {
throw new IdpException("Unable to deflate Saml Object", e);
}
throw new IdpException("Could not process logout");
}
Also used :
NewCookie(javax.ws.rs.core.NewCookie)
Cookie(javax.servlet.http.Cookie)
ValidationException(ddf.security.samlp.ValidationException)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
XMLStreamException(javax.xml.stream.XMLStreamException)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
IOException(java.io.IOException)
Path(javax.ws.rs.Path)
GET(javax.ws.rs.GET)
Example 7 with LogoutResponse
use of org.opensaml.saml.saml2.core.LogoutResponse in project ddf by codice.
the class SamlProtocolTest method testCreateLogoutResponse.
@Test
public void testCreateLogoutResponse() {
LogoutResponse logoutResponse = SamlProtocol.createLogoutResponse(SamlProtocol.createIssuer("myissuer"), SamlProtocol.createStatus("mystatus"), "inResponseTo", "myid");
assertEquals("myissuer", logoutResponse.getIssuer().getValue());
assertEquals("mystatus", logoutResponse.getStatus().getStatusCode().getValue());
assertEquals("inResponseTo", logoutResponse.getInResponseTo());
assertEquals("myid", logoutResponse.getID());
}
Also used :
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Test(org.junit.Test)
Example 8 with LogoutResponse
use of org.opensaml.saml.saml2.core.LogoutResponse in project ddf by codice.
the class LogoutRequestService method getLogoutRequest.
@GET
public Response getLogoutRequest(@QueryParam(SAML_REQUEST) String deflatedSamlRequest, @QueryParam(SAML_RESPONSE) String deflatedSamlResponse, @QueryParam(RELAY_STATE) String relayState, @QueryParam(SIG_ALG) String signatureAlgorithm, @QueryParam(SIGNATURE) String signature) {
if (deflatedSamlRequest != null) {
try {
LogoutRequest logoutRequest = logoutMessage.extractSamlLogoutRequest(RestSecurity.inflateBase64(deflatedSamlRequest));
if (logoutRequest == null) {
String msg = "Unable to parse logout request.";
return buildLogoutResponse(msg);
}
buildAndValidateSaml(deflatedSamlRequest, relayState, signatureAlgorithm, signature, logoutRequest);
logout();
String entityId = getEntityId();
LogoutResponse logoutResponse = logoutMessage.buildLogoutResponse(entityId, StatusCode.SUCCESS, logoutRequest.getID());
return getLogoutResponse(relayState, logoutResponse);
} catch (IOException e) {
String msg = "Unable to decode and inflate logout request.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (ValidationException e) {
String msg = "Unable to validate";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (WSSecurityException | XMLStreamException e) {
String msg = "Unable to parse logout request.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
}
} else {
try {
LogoutResponse logoutResponse = logoutMessage.extractSamlLogoutResponse(RestSecurity.inflateBase64(deflatedSamlResponse));
if (logoutResponse == null) {
String msg = "Unable to parse logout response.";
LOGGER.debug(msg);
return buildLogoutResponse(msg);
}
buildAndValidateSaml(deflatedSamlResponse, relayState, signatureAlgorithm, signature, logoutResponse);
String nameId = "You";
String decodedValue;
if (relayState != null && (decodedValue = relayStates.decode(relayState)) != null) {
nameId = decodedValue;
}
return buildLogoutResponse(nameId + " logged out successfully.");
} catch (IOException e) {
String msg = "Unable to decode and inflate logout response.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (ValidationException e) {
String msg = "Unable to validate";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (WSSecurityException | XMLStreamException e) {
String msg = "Unable to parse logout response.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
}
}
}
Also used :
ValidationException(ddf.security.samlp.ValidationException)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
XMLStreamException(javax.xml.stream.XMLStreamException)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
GET(javax.ws.rs.GET)
Example 9 with LogoutResponse
use of org.opensaml.saml.saml2.core.LogoutResponse in project ddf by codice.
the class LogoutRequestService method postLogoutRequest.
@POST
@Produces(MediaType.APPLICATION_FORM_URLENCODED)
public Response postLogoutRequest(@FormParam(SAML_REQUEST) String encodedSamlRequest, @FormParam(SAML_REQUEST) String encodedSamlResponse, @FormParam(RELAY_STATE) String relayState) {
if (encodedSamlRequest != null) {
try {
LogoutRequest logoutRequest = logoutMessage.extractSamlLogoutRequest(decodeBase64(encodedSamlRequest));
if (logoutRequest == null) {
String msg = "Unable to parse logout request.";
LOGGER.debug(msg);
return buildLogoutResponse(msg);
}
new SamlValidator.Builder(simpleSign).buildAndValidate(request.getRequestURL().toString(), SamlProtocol.Binding.HTTP_POST, logoutRequest);
logout();
LogoutResponse logoutResponse = logoutMessage.buildLogoutResponse(logoutRequest.getIssuer().getValue(), StatusCode.SUCCESS, logoutRequest.getID());
return getLogoutResponse(relayState, logoutResponse);
} catch (WSSecurityException e) {
String msg = "Failed to sign logout response.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (ValidationException e) {
String msg = "Unable to validate";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (XMLStreamException e) {
String msg = "Unable to parse logout request.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
}
} else {
try {
LogoutResponse logoutResponse = logoutMessage.extractSamlLogoutResponse(decodeBase64(encodedSamlResponse));
if (logoutResponse == null) {
String msg = "Unable to parse logout response.";
LOGGER.info(msg);
return buildLogoutResponse(msg);
}
new SamlValidator.Builder(simpleSign).buildAndValidate(request.getRequestURL().toString(), SamlProtocol.Binding.HTTP_POST, logoutResponse);
} catch (ValidationException e) {
String msg = "Unable to validate";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (WSSecurityException | XMLStreamException e) {
String msg = "Unable to parse logout response.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
}
String nameId = "You";
String decodedValue;
if (relayState != null && (decodedValue = relayStates.decode(relayState)) != null) {
nameId = decodedValue;
}
return buildLogoutResponse(nameId + " logged out successfully.");
}
}
Also used :
ValidationException(ddf.security.samlp.ValidationException)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
XMLStreamException(javax.xml.stream.XMLStreamException)
SamlValidator(ddf.security.samlp.impl.SamlValidator)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
Example 10 with LogoutResponse
use of org.opensaml.saml.saml2.core.LogoutResponse in project ddf by codice.
the class LogoutRequestServiceTest method testGetLogoutRequestResponseInvalidSignature.
@Test
public void testGetLogoutRequestResponseInvalidSignature() throws Exception {
String signature = "signature";
String signatureAlgorithm = "sha1";
String relayState = UUID.randomUUID().toString();
String deflatedSamlResponse = RestSecurity.deflateAndBase64Encode("deflatedSamlResponse");
LogoutResponse logoutResponse = mock(LogoutResponse.class);
when(logoutMessage.extractSamlLogoutResponse(eq("deflatedSamlResponse"))).thenReturn(logoutResponse);
LogoutRequestService lrs = new LogoutRequestService(simpleSign, idpMetadata, relayStates);
lrs.setEncryptionService(encryptionService);
lrs.setLogOutPageTimeOut(LOGOUT_PAGE_TIMEOUT);
lrs.setLogoutMessage(logoutMessage);
lrs.setRequest(request);
lrs.setSessionFactory(sessionFactory);
lrs.init();
Response response = lrs.getLogoutRequest(null, deflatedSamlResponse, relayState, signatureAlgorithm, signature);
assertEquals(Response.Status.SEE_OTHER.getStatusCode(), response.getStatus());
String msg = "Unable to validate".replaceAll(" ", "+");
assertTrue("Expected message containing " + msg, response.getLocation().getQuery().contains(msg));
}
Also used :
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Response(javax.ws.rs.core.Response)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
Matchers.anyString(org.mockito.Matchers.anyString)
Test(org.junit.Test)
Aggregations
LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)11
Test (org.junit.Test)6
LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)5
ValidationException (ddf.security.samlp.ValidationException)4
Response (javax.ws.rs.core.Response)4
XMLStreamException (javax.xml.stream.XMLStreamException)4
Matchers.anyString (org.mockito.Matchers.anyString)4
IOException (java.io.IOException)3
DateTime (org.joda.time.DateTime)3
Cookie (javax.servlet.http.Cookie)2
GET (javax.ws.rs.GET)2
POST (javax.ws.rs.POST)2
Path (javax.ws.rs.Path)2
NewCookie (javax.ws.rs.core.NewCookie)2
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)2
Issuer (org.opensaml.saml.saml2.core.Issuer)2
SamlValidator (ddf.security.samlp.impl.SamlValidator)1
Produces (javax.ws.rs.Produces)1
LogoutResponseBuilder (org.opensaml.saml.saml2.core.impl.LogoutResponseBuilder)1
