use of org.opensaml.saml2.core.LogoutRequest in project cloudstack by apache.
the class SAMLUtilsTest method testBuildLogoutRequest.
@Test
public void testBuildLogoutRequest() throws Exception {
String logoutUrl = "http://logoutUrl";
String spId = "cloudstack";
String nameId = "_12345";
LogoutRequest req = SAMLUtils.buildLogoutRequest(logoutUrl, spId, nameId);
assertEquals(req.getDestination(), logoutUrl);
assertEquals(req.getIssuer().getValue(), spId);
}
use of org.opensaml.saml2.core.LogoutRequest in project ddf by codice.
the class IdpEndpoint method processPostLogout.
@Override
@POST
@Path("/logout")
public Response processPostLogout(@FormParam(SAML_REQ) final String samlRequest, @FormParam(SAML_RESPONSE) final String samlResponse, @FormParam(RELAY_STATE) final String relayState, @Context final HttpServletRequest request) throws WSSecurityException, IdpException {
LogoutState logoutState = getLogoutState(request);
Cookie cookie = getCookie(request);
try {
if (samlRequest != null) {
LogoutRequest logoutRequest = logoutMessage.extractSamlLogoutRequest(RestSecurity.inflateBase64(samlRequest));
validatePost(request, logoutRequest);
return handleLogoutRequest(cookie, logoutState, logoutRequest, SamlProtocol.Binding.HTTP_POST, relayState);
} else if (samlResponse != null) {
LogoutResponse logoutResponse = logoutMessage.extractSamlLogoutResponse(RestSecurity.inflateBase64(samlResponse));
String requestId = logoutState != null ? logoutState.getCurrentRequestId() : null;
validatePost(request, logoutResponse, requestId);
return handleLogoutResponse(cookie, logoutState, logoutResponse, SamlProtocol.Binding.HTTP_POST);
}
} catch (IOException | XMLStreamException e) {
throw new IdpException("Unable to inflate Saml Object", e);
} catch (ValidationException e) {
throw new IdpException("Unable to validate Saml Object", e);
}
throw new IdpException("Unable to process logout");
}
use of org.opensaml.saml2.core.LogoutRequest in project ddf by codice.
the class IdpEndpoint method continueLogout.
private Response continueLogout(LogoutState logoutState, Cookie cookie, SamlProtocol.Binding incomingBinding) throws IdpException {
if (logoutState == null) {
throw new IdpException("Cannot continue a Logout that doesn't exist!");
}
try {
SignableSAMLObject logoutObject;
String relay = "";
String entityId = "";
SamlProtocol.Type samlType;
Optional<String> nextTarget = logoutState.getNextTarget();
if (nextTarget.isPresent()) {
// Another target exists, log them out
entityId = nextTarget.get();
if (logoutState.getOriginalIssuer().equals(entityId)) {
return continueLogout(logoutState, cookie, incomingBinding);
}
LogoutRequest logoutRequest = logoutMessage.buildLogoutRequest(logoutState.getNameId(), SystemBaseUrl.constructUrl("/idp/logout", true));
logoutState.setCurrentRequestId(logoutRequest.getID());
logoutObject = logoutRequest;
samlType = SamlProtocol.Type.REQUEST;
relay = "";
} else {
// No more targets, respond to original issuer
entityId = logoutState.getOriginalIssuer();
String status = logoutState.isPartialLogout() ? StatusCode.PARTIAL_LOGOUT : StatusCode.SUCCESS;
logoutObject = logoutMessage.buildLogoutResponse(SystemBaseUrl.constructUrl("/idp/logout", true), status, logoutState.getOriginalRequestId());
relay = logoutState.getInitialRelayState();
LogoutState decode = logoutStates.decode(cookie.getValue(), true);
samlType = SamlProtocol.Type.RESPONSE;
}
LOGGER.debug("Responding to [{}] with a [{}] and relay state [{}]", entityId, samlType, relay);
EntityInformation.ServiceInfo entityServiceInfo = serviceProviders.get(entityId).getLogoutService(incomingBinding);
if (entityServiceInfo == null) {
LOGGER.info("Could not find entity service info for {}", entityId);
return continueLogout(logoutState, cookie, incomingBinding);
}
switch(entityServiceInfo.getBinding()) {
case HTTP_REDIRECT:
return getSamlRedirectResponse(logoutObject, entityServiceInfo.getUrl(), relay, samlType);
case HTTP_POST:
return getSamlPostResponse(logoutObject, entityServiceInfo.getUrl(), relay, samlType);
default:
LOGGER.debug("No supported binding available for SP [{}].", entityId);
logoutState.setPartialLogout(true);
return continueLogout(logoutState, cookie, incomingBinding);
}
} catch (WSSecurityException | SimpleSign.SignatureException | IOException e) {
LOGGER.debug("Error while processing logout", e);
}
throw new IdpException("Server error while processing logout");
}
use of org.opensaml.saml2.core.LogoutRequest in project ddf by codice.
the class LogoutRequestServiceTest method testGetLogoutRequestInvalidSignature.
@Test
public void testGetLogoutRequestInvalidSignature() throws Exception {
String signature = "signature";
String signatureAlgorithm = "sha1";
String relayState = UUID.randomUUID().toString();
String deflatedSamlRequest = RestSecurity.deflateAndBase64Encode("deflatedSamlRequest");
LogoutRequest logoutRequest = mock(LogoutRequest.class);
when(logoutMessage.extractSamlLogoutRequest(eq("deflatedSamlRequest"))).thenReturn(logoutRequest);
LogoutRequestService lrs = new LogoutRequestService(simpleSign, idpMetadata, relayStates);
lrs.setEncryptionService(encryptionService);
lrs.setLogOutPageTimeOut(LOGOUT_PAGE_TIMEOUT);
lrs.setLogoutMessage(logoutMessage);
lrs.setRequest(request);
lrs.setSessionFactory(sessionFactory);
lrs.init();
Response response = lrs.getLogoutRequest(deflatedSamlRequest, null, relayState, signatureAlgorithm, signature);
assertEquals(Response.Status.SEE_OTHER.getStatusCode(), response.getStatus());
String msg = "Unable to validate".replaceAll(" ", "+");
assertTrue("Expected message containing " + msg, response.getLocation().getQuery().contains(msg));
}
use of org.opensaml.saml2.core.LogoutRequest in project ddf by codice.
the class LogoutRequestServiceTest method testSendLogoutRequestGetPostRequest.
@Test
public void testSendLogoutRequestGetPostRequest() throws Exception {
String encryptedNameIdWithTime = nameId + "\n" + time;
when(encryptionService.decrypt(any(String.class))).thenReturn(nameId + "\n" + time);
when(idpMetadata.getSingleLogoutBinding()).thenReturn(SamlProtocol.POST_BINDING);
when(idpMetadata.getSingleLogoutLocation()).thenReturn(postLogoutUrl);
LogoutRequest logoutRequest = new LogoutRequestBuilder().buildObject();
when(logoutMessage.buildLogoutRequest(eq(nameId), anyString())).thenReturn(logoutRequest);
Response response = logoutRequestService.sendLogoutRequest(encryptedNameIdWithTime);
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
assertTrue("Expected logout url of " + postLogoutUrl, response.getEntity().toString().contains(postLogoutUrl));
}
Aggregations