Example 6 with LogoutRequest
use of org.opensaml.saml2.core.LogoutRequest in project ddf by codice.
the class SamlProtocolTest method testCreateLogoutRequest.
@Test
public void testCreateLogoutRequest() {
LogoutRequest logoutRequest = SamlProtocol.createLogoutRequest(SamlProtocol.createIssuer("myissuer"), SamlProtocol.createNameID("mynameid"), "myid");
assertEquals("myissuer", logoutRequest.getIssuer().getValue());
assertEquals("mynameid", logoutRequest.getNameID().getValue());
assertEquals("myid", logoutRequest.getID());
}
Also used :
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Test(org.junit.Test)
Example 7 with LogoutRequest
use of org.opensaml.saml2.core.LogoutRequest in project ddf by codice.
the class LogoutRequestService method sendLogoutRequest.
@GET
@Path("/request")
public Response sendLogoutRequest(@QueryParam("EncryptedNameIdTime") String encryptedNameIdTime) {
String nameIdTime = encryptionService.decrypt(encryptedNameIdTime);
String[] nameIdTimeArray = StringUtils.split(nameIdTime, "\n");
if (nameIdTimeArray.length == 2) {
try {
String name = nameIdTimeArray[0];
Long time = Long.parseLong(nameIdTimeArray[1]);
if (System.currentTimeMillis() - time > logOutPageTimeOut) {
String msg = String.format("Logout request was older than %sms old so it was rejected. Please refresh page and request again.", logOutPageTimeOut);
LOGGER.info(msg);
return buildLogoutResponse(msg);
}
logout();
LogoutRequest logoutRequest = logoutMessage.buildLogoutRequest(name, getEntityId());
String relayState = relayStates.encode(name);
return getLogoutRequest(relayState, logoutRequest);
} catch (Exception e) {
String msg = "Failed to create logout request.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
}
} else {
String msg = "Failed to decrypt logout request params. Invalid number of params.";
LOGGER.info(msg);
return buildLogoutResponse(msg);
}
}
Also used :
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
URISyntaxException(java.net.URISyntaxException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
XMLStreamException(javax.xml.stream.XMLStreamException)
ValidationException(ddf.security.samlp.ValidationException)
IOException(java.io.IOException)
Path(javax.ws.rs.Path)
GET(javax.ws.rs.GET)
Example 8 with LogoutRequest
use of org.opensaml.saml2.core.LogoutRequest in project cas by apereo.
the class AbstractSamlSLOProfileHandlerController method handleSloProfileRequest.
/**
* Handle profile request.
*
* @param response the response
* @param request the request
* @param decoder the decoder
* @throws Exception the exception
*/
protected void handleSloProfileRequest(final HttpServletResponse response, final HttpServletRequest request, final BaseHttpServletRequestXMLMessageDecoder decoder) throws Exception {
if (singleLogoutCallbacksDisabled) {
LOGGER.info("Processing SAML IdP SLO requests is disabled");
return;
}
final Pair<? extends SignableSAMLObject, MessageContext> pair = decodeSamlContextFromHttpRequest(request, decoder, LogoutRequest.class);
final LogoutRequest logoutRequest = LogoutRequest.class.cast(pair.getKey());
final MessageContext ctx = pair.getValue();
if (this.forceSignedLogoutRequests && !SAMLBindingSupport.isMessageSigned(ctx)) {
throw new SAMLException("Logout request is not signed but should be.");
}
if (SAMLBindingSupport.isMessageSigned(ctx)) {
final MetadataResolver resolver = SamlIdPUtils.getMetadataResolverForAllSamlServices(this.servicesManager, SamlIdPUtils.getIssuerFromSamlRequest(logoutRequest), this.samlRegisteredServiceCachingMetadataResolver);
this.samlObjectSignatureValidator.verifySamlProfileRequestIfNeeded(logoutRequest, resolver, request, ctx);
}
SamlUtils.logSamlObject(this.configBean, logoutRequest);
response.sendRedirect(this.logoutUrl);
}
Also used :
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
MessageContext(org.opensaml.messaging.context.MessageContext)
SamlRegisteredServiceCachingMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)
MetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver)
SAMLException(org.opensaml.saml.common.SAMLException)
Example 9 with LogoutRequest
use of org.opensaml.saml2.core.LogoutRequest in project cloudstack by apache.
the class SAMLUtils method buildLogoutRequest.
public static LogoutRequest buildLogoutRequest(String logoutUrl, String spId, String nameIdString) {
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue(spId);
NameID nameID = new NameIDBuilder().buildObject();
nameID.setValue(nameIdString);
LogoutRequest logoutRequest = new LogoutRequestBuilder().buildObject();
logoutRequest.setID(generateSecureRandomId());
logoutRequest.setDestination(logoutUrl);
logoutRequest.setVersion(SAMLVersion.VERSION_20);
logoutRequest.setIssueInstant(new DateTime());
logoutRequest.setIssuer(issuer);
logoutRequest.setNameID(nameID);
return logoutRequest;
}
Also used :
NameIDBuilder(org.opensaml.saml2.core.impl.NameIDBuilder)
LogoutRequestBuilder(org.opensaml.saml2.core.impl.LogoutRequestBuilder)
Issuer(org.opensaml.saml2.core.Issuer)
NameID(org.opensaml.saml2.core.NameID)
LogoutRequest(org.opensaml.saml2.core.LogoutRequest)
IssuerBuilder(org.opensaml.saml2.core.impl.IssuerBuilder)
DateTime(org.joda.time.DateTime)
Example 10 with LogoutRequest
use of org.opensaml.saml2.core.LogoutRequest in project cloudstack by apache.
the class SAML2LogoutAPIAuthenticatorCmd method authenticate.
@Override
public String authenticate(String command, Map<String, Object[]> params, HttpSession session, InetAddress remoteAddress, String responseType, StringBuilder auditTrailSb, final HttpServletRequest req, final HttpServletResponse resp) throws ServerApiException {
auditTrailSb.append("=== SAML SLO Logging out ===");
LogoutCmdResponse response = new LogoutCmdResponse();
response.setDescription("success");
response.setResponseName(getCommandName());
String responseString = ApiResponseSerializer.toSerializedString(response, responseType);
if (session == null) {
try {
resp.sendRedirect(SAML2AuthManager.SAMLCloudStackRedirectionUrl.value());
} catch (IOException ignored) {
s_logger.info("[ignored] sending redirected failed.", ignored);
}
return responseString;
}
try {
DefaultBootstrap.bootstrap();
} catch (ConfigurationException | FactoryConfigurationError e) {
s_logger.error("OpenSAML Bootstrapping error: " + e.getMessage());
throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.ACCOUNT_ERROR.getHttpCode(), "OpenSAML Bootstrapping error while creating SP MetaData", params, responseType));
}
if (params != null && params.containsKey("SAMLResponse")) {
try {
final String samlResponse = ((String[]) params.get(SAMLPluginConstants.SAML_RESPONSE))[0];
Response processedSAMLResponse = SAMLUtils.decodeSAMLResponse(samlResponse);
String statusCode = processedSAMLResponse.getStatus().getStatusCode().getValue();
if (!statusCode.equals(StatusCode.SUCCESS_URI)) {
throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.INTERNAL_ERROR.getHttpCode(), "SAML SLO LogoutResponse status is not Success", params, responseType));
}
} catch (ConfigurationException | FactoryConfigurationError | ParserConfigurationException | SAXException | IOException | UnmarshallingException e) {
s_logger.error("SAMLResponse processing error: " + e.getMessage());
}
try {
resp.sendRedirect(SAML2AuthManager.SAMLCloudStackRedirectionUrl.value());
} catch (IOException ignored) {
s_logger.info("[ignored] second redirected sending failed.", ignored);
}
return responseString;
}
String idpId = (String) session.getAttribute(SAMLPluginConstants.SAML_IDPID);
SAMLProviderMetadata idpMetadata = _samlAuthManager.getIdPMetadata(idpId);
String nameId = (String) session.getAttribute(SAMLPluginConstants.SAML_NAMEID);
if (idpMetadata == null || nameId == null || nameId.isEmpty()) {
try {
resp.sendRedirect(SAML2AuthManager.SAMLCloudStackRedirectionUrl.value());
} catch (IOException ignored) {
s_logger.info("[ignored] final redirected failed.", ignored);
}
return responseString;
}
LogoutRequest logoutRequest = SAMLUtils.buildLogoutRequest(idpMetadata.getSloUrl(), _samlAuthManager.getSPMetadata().getEntityId(), nameId);
try {
String redirectUrl = idpMetadata.getSloUrl() + "?SAMLRequest=" + SAMLUtils.encodeSAMLRequest(logoutRequest);
resp.sendRedirect(redirectUrl);
} catch (MarshallingException | IOException e) {
s_logger.error("SAML SLO error: " + e.getMessage());
throw new ServerApiException(ApiErrorCode.ACCOUNT_ERROR, _apiServer.getSerializedApiError(ApiErrorCode.ACCOUNT_ERROR.getHttpCode(), "SAML Single Logout Error", params, responseType));
}
return responseString;
}
Also used :
IOException(java.io.IOException)
SAXException(org.xml.sax.SAXException)
Response(org.opensaml.saml2.core.Response)
LogoutCmdResponse(org.apache.cloudstack.api.response.LogoutCmdResponse)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ServerApiException(org.apache.cloudstack.api.ServerApiException)
MarshallingException(org.opensaml.xml.io.MarshallingException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
ConfigurationException(org.opensaml.xml.ConfigurationException)
LogoutRequest(org.opensaml.saml2.core.LogoutRequest)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
SAMLProviderMetadata(org.apache.cloudstack.saml.SAMLProviderMetadata)
LogoutCmdResponse(org.apache.cloudstack.api.response.LogoutCmdResponse)
FactoryConfigurationError(javax.xml.stream.FactoryConfigurationError)
UnmarshallingException(org.opensaml.xml.io.UnmarshallingException)
Aggregations
LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)13
LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)8
IOException (java.io.IOException)6
Test (org.junit.Test)6
ValidationException (ddf.security.samlp.ValidationException)5
XMLStreamException (javax.xml.stream.XMLStreamException)5
Response (javax.ws.rs.core.Response)4
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)4
Matchers.anyString (org.mockito.Matchers.anyString)4
GET (javax.ws.rs.GET)3
Path (javax.ws.rs.Path)3
LogoutRequest (org.opensaml.saml2.core.LogoutRequest)3
Cookie (javax.servlet.http.Cookie)2
POST (javax.ws.rs.POST)2
NewCookie (javax.ws.rs.core.NewCookie)2
DateTime (org.joda.time.DateTime)2
SamlProtocol (ddf.security.samlp.SamlProtocol)1
EntityInformation (ddf.security.samlp.impl.EntityInformation)1
SamlValidator (ddf.security.samlp.impl.SamlValidator)1
URI (java.net.URI)1
