Examples with LogoutRequest org.opensaml.saml2.core.LogoutRequest used on opensource projects

Example 1 with LogoutRequest

use of org.opensaml.saml2.core.LogoutRequest in project cloudstack by apache.

the class SAMLUtilsTest method testBuildLogoutRequest.

@Test
public void testBuildLogoutRequest() throws Exception {
    String logoutUrl = "http://logoutUrl";
    String spId = "cloudstack";
    String nameId = "_12345";
    LogoutRequest req = SAMLUtils.buildLogoutRequest(logoutUrl, spId, nameId);
    assertEquals(req.getDestination(), logoutUrl);
    assertEquals(req.getIssuer().getValue(), spId);
}

Example 2 with LogoutRequest

use of org.opensaml.saml2.core.LogoutRequest in project ddf by codice.

the class IdpEndpoint method processPostLogout.

@Override
@POST
@Path("/logout")
public Response processPostLogout(@FormParam(SAML_REQ) final String samlRequest, @FormParam(SAML_RESPONSE) final String samlResponse, @FormParam(RELAY_STATE) final String relayState, @Context final HttpServletRequest request) throws WSSecurityException, IdpException {
    LogoutState logoutState = getLogoutState(request);
    Cookie cookie = getCookie(request);
    try {
        if (samlRequest != null) {
            LogoutRequest logoutRequest = logoutMessage.extractSamlLogoutRequest(RestSecurity.inflateBase64(samlRequest));
            validatePost(request, logoutRequest);
            return handleLogoutRequest(cookie, logoutState, logoutRequest, SamlProtocol.Binding.HTTP_POST, relayState);
        } else if (samlResponse != null) {
            LogoutResponse logoutResponse = logoutMessage.extractSamlLogoutResponse(RestSecurity.inflateBase64(samlResponse));
            String requestId = logoutState != null ? logoutState.getCurrentRequestId() : null;
            validatePost(request, logoutResponse, requestId);
            return handleLogoutResponse(cookie, logoutState, logoutResponse, SamlProtocol.Binding.HTTP_POST);
        }
    } catch (IOException | XMLStreamException e) {
        throw new IdpException("Unable to inflate Saml Object", e);
    } catch (ValidationException e) {
        throw new IdpException("Unable to validate Saml Object", e);
    }
    throw new IdpException("Unable to process logout");
}

Example 3 with LogoutRequest

use of org.opensaml.saml2.core.LogoutRequest in project ddf by codice.

the class IdpEndpoint method continueLogout.

private Response continueLogout(LogoutState logoutState, Cookie cookie, SamlProtocol.Binding incomingBinding) throws IdpException {
    if (logoutState == null) {
        throw new IdpException("Cannot continue a Logout that doesn't exist!");
    }
    try {
        SignableSAMLObject logoutObject;
        String relay = "";
        String entityId = "";
        SamlProtocol.Type samlType;
        Optional<String> nextTarget = logoutState.getNextTarget();
        if (nextTarget.isPresent()) {
            // Another target exists, log them out
            entityId = nextTarget.get();
            if (logoutState.getOriginalIssuer().equals(entityId)) {
                return continueLogout(logoutState, cookie, incomingBinding);
            }
            LogoutRequest logoutRequest = logoutMessage.buildLogoutRequest(logoutState.getNameId(), SystemBaseUrl.constructUrl("/idp/logout", true));
            logoutState.setCurrentRequestId(logoutRequest.getID());
            logoutObject = logoutRequest;
            samlType = SamlProtocol.Type.REQUEST;
            relay = "";
        } else {
            // No more targets, respond to original issuer
            entityId = logoutState.getOriginalIssuer();
            String status = logoutState.isPartialLogout() ? StatusCode.PARTIAL_LOGOUT : StatusCode.SUCCESS;
            logoutObject = logoutMessage.buildLogoutResponse(SystemBaseUrl.constructUrl("/idp/logout", true), status, logoutState.getOriginalRequestId());
            relay = logoutState.getInitialRelayState();
            LogoutState decode = logoutStates.decode(cookie.getValue(), true);
            samlType = SamlProtocol.Type.RESPONSE;
        }
        LOGGER.debug("Responding to [{}] with a [{}] and relay state [{}]", entityId, samlType, relay);
        EntityInformation.ServiceInfo entityServiceInfo = serviceProviders.get(entityId).getLogoutService(incomingBinding);
        if (entityServiceInfo == null) {
            LOGGER.info("Could not find entity service info for {}", entityId);
            return continueLogout(logoutState, cookie, incomingBinding);
        }
        switch(entityServiceInfo.getBinding()) {
            case HTTP_REDIRECT:
                return getSamlRedirectResponse(logoutObject, entityServiceInfo.getUrl(), relay, samlType);
            case HTTP_POST:
                return getSamlPostResponse(logoutObject, entityServiceInfo.getUrl(), relay, samlType);
            default:
                LOGGER.debug("No supported binding available for SP [{}].", entityId);
                logoutState.setPartialLogout(true);
                return continueLogout(logoutState, cookie, incomingBinding);
        }
    } catch (WSSecurityException | SimpleSign.SignatureException | IOException e) {
        LOGGER.debug("Error while processing logout", e);
    }
    throw new IdpException("Server error while processing logout");
}

Example 4 with LogoutRequest

use of org.opensaml.saml2.core.LogoutRequest in project ddf by codice.

the class LogoutRequestServiceTest method testGetLogoutRequestInvalidSignature.

@Test
public void testGetLogoutRequestInvalidSignature() throws Exception {
    String signature = "signature";
    String signatureAlgorithm = "sha1";
    String relayState = UUID.randomUUID().toString();
    String deflatedSamlRequest = RestSecurity.deflateAndBase64Encode("deflatedSamlRequest");
    LogoutRequest logoutRequest = mock(LogoutRequest.class);
    when(logoutMessage.extractSamlLogoutRequest(eq("deflatedSamlRequest"))).thenReturn(logoutRequest);
    LogoutRequestService lrs = new LogoutRequestService(simpleSign, idpMetadata, relayStates);
    lrs.setEncryptionService(encryptionService);
    lrs.setLogOutPageTimeOut(LOGOUT_PAGE_TIMEOUT);
    lrs.setLogoutMessage(logoutMessage);
    lrs.setRequest(request);
    lrs.setSessionFactory(sessionFactory);
    lrs.init();
    Response response = lrs.getLogoutRequest(deflatedSamlRequest, null, relayState, signatureAlgorithm, signature);
    assertEquals(Response.Status.SEE_OTHER.getStatusCode(), response.getStatus());
    String msg = "Unable to validate".replaceAll(" ", "+");
    assertTrue("Expected message containing " + msg, response.getLocation().getQuery().contains(msg));
}

Example 5 with LogoutRequest

use of org.opensaml.saml2.core.LogoutRequest in project ddf by codice.

the class LogoutRequestServiceTest method testSendLogoutRequestGetPostRequest.

@Test
public void testSendLogoutRequestGetPostRequest() throws Exception {
    String encryptedNameIdWithTime = nameId + "\n" + time;
    when(encryptionService.decrypt(any(String.class))).thenReturn(nameId + "\n" + time);
    when(idpMetadata.getSingleLogoutBinding()).thenReturn(SamlProtocol.POST_BINDING);
    when(idpMetadata.getSingleLogoutLocation()).thenReturn(postLogoutUrl);
    LogoutRequest logoutRequest = new LogoutRequestBuilder().buildObject();
    when(logoutMessage.buildLogoutRequest(eq(nameId), anyString())).thenReturn(logoutRequest);
    Response response = logoutRequestService.sendLogoutRequest(encryptedNameIdWithTime);
    assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
    assertTrue("Expected logout url of " + postLogoutUrl, response.getEntity().toString().contains(postLogoutUrl));
}