Example 11 with Saml2LogoutRequest
use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.
the class Saml2LogoutResponseFilter method doFilterInternal.
/**
* {@inheritDoc}
*/
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
if (!this.logoutRequestMatcher.matches(request)) {
chain.doFilter(request, response);
return;
}
if (request.getParameter(Saml2ParameterNames.SAML_RESPONSE) == null) {
chain.doFilter(request, response);
return;
}
Saml2LogoutRequest logoutRequest = this.logoutRequestRepository.removeLogoutRequest(request, response);
if (logoutRequest == null) {
this.logger.trace("Did not process logout response since could not find associated LogoutRequest");
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Failed to find associated LogoutRequest");
return;
}
RelyingPartyRegistration registration = this.relyingPartyRegistrationResolver.resolve(request, logoutRequest.getRelyingPartyRegistrationId());
if (registration == null) {
this.logger.trace("Did not process logout request since failed to find associated RelyingPartyRegistration");
Saml2Error error = new Saml2Error(Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND, "Failed to find associated RelyingPartyRegistration");
response.sendError(HttpServletResponse.SC_BAD_REQUEST, error.toString());
return;
}
if (registration.getSingleLogoutServiceResponseLocation() == null) {
this.logger.trace("Did not process logout response since RelyingPartyRegistration has not been configured with a logout response endpoint");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
if (!isCorrectBinding(request, registration)) {
this.logger.trace("Did not process logout request since used incorrect binding");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
String serialized = request.getParameter(Saml2ParameterNames.SAML_RESPONSE);
Saml2LogoutResponse logoutResponse = Saml2LogoutResponse.withRelyingPartyRegistration(registration).samlResponse(serialized).relayState(request.getParameter(Saml2ParameterNames.RELAY_STATE)).binding(registration.getSingleLogoutServiceBinding()).location(registration.getSingleLogoutServiceResponseLocation()).parameters((params) -> params.put(Saml2ParameterNames.SIG_ALG, request.getParameter(Saml2ParameterNames.SIG_ALG))).parameters((params) -> params.put(Saml2ParameterNames.SIGNATURE, request.getParameter(Saml2ParameterNames.SIGNATURE))).build();
Saml2LogoutResponseValidatorParameters parameters = new Saml2LogoutResponseValidatorParameters(logoutResponse, logoutRequest, registration);
Saml2LogoutValidatorResult result = this.logoutResponseValidator.validate(parameters);
if (result.hasErrors()) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, result.getErrors().iterator().next().toString());
this.logger.debug(LogMessage.format("Failed to validate LogoutResponse: %s", result.getErrors()));
return;
}
this.logoutSuccessHandler.onLogoutSuccess(request, response, null);
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
Saml2Error(org.springframework.security.saml2.core.Saml2Error)
Saml2ErrorCodes(org.springframework.security.saml2.core.Saml2ErrorCodes)
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver)
FilterChain(jakarta.servlet.FilterChain)
Saml2Error(org.springframework.security.saml2.core.Saml2Error)
OncePerRequestFilter(org.springframework.web.filter.OncePerRequestFilter)
IOException(java.io.IOException)
ServletException(jakarta.servlet.ServletException)
Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse)
RequestMatcher(org.springframework.security.web.util.matcher.RequestMatcher)
Saml2LogoutResponseValidatorParameters(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidatorParameters)
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)
LogMessage(org.springframework.core.log.LogMessage)
Saml2LogoutValidatorResult(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult)
Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames)
Saml2LogoutResponseValidator(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidator)
LogoutSuccessHandler(org.springframework.security.web.authentication.logout.LogoutSuccessHandler)
Log(org.apache.commons.logging.Log)
HttpServletResponse(jakarta.servlet.http.HttpServletResponse)
LogFactory(org.apache.commons.logging.LogFactory)
Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)
AntPathRequestMatcher(org.springframework.security.web.util.matcher.AntPathRequestMatcher)
Assert(org.springframework.util.Assert)
Saml2LogoutValidatorResult(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult)
Saml2LogoutResponseValidatorParameters(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponseValidatorParameters)
Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)
Saml2LogoutResponse(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutResponse)
Example 12 with Saml2LogoutRequest
use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.
the class Saml2RelyingPartyInitiatedLogoutSuccessHandler method onLogoutSuccess.
/**
* Produce and send a SAML 2.0 Logout Response based on the SAML 2.0 Logout Request
* received from the asserting party
* @param request the HTTP request
* @param response the HTTP response
* @param authentication the current principal details
* @throws IOException when failing to write to the response
*/
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException {
Saml2LogoutRequest logoutRequest = this.logoutRequestResolver.resolve(request, authentication);
if (logoutRequest == null) {
this.logger.trace("Returning 401 since no logout request generated");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return;
}
this.logoutRequestRepository.saveLogoutRequest(logoutRequest, request, response);
if (logoutRequest.getBinding() == Saml2MessageBinding.REDIRECT) {
doRedirect(request, response, logoutRequest);
} else {
doPost(response, logoutRequest);
}
}
Also used :
Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)
Example 13 with Saml2LogoutRequest
use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.
the class HttpSessionLogoutRequestRepository method loadLogoutRequest.
/**
* {@inheritDoc}
*/
@Override
public Saml2LogoutRequest loadLogoutRequest(HttpServletRequest request) {
Assert.notNull(request, "request cannot be null");
HttpSession session = request.getSession(false);
if (session == null) {
return null;
}
Saml2LogoutRequest logoutRequest = (Saml2LogoutRequest) session.getAttribute(DEFAULT_LOGOUT_REQUEST_ATTR_NAME);
if (stateParameterEquals(request, logoutRequest)) {
return logoutRequest;
}
return null;
}
Also used :
HttpSession(jakarta.servlet.http.HttpSession)
Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)
Example 14 with Saml2LogoutRequest
use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.
the class OpenSamlLogoutRequestResolverTests method resolvePostWhenAuthenticatedThenIncludesName.
@Test
public void resolvePostWhenAuthenticatedThenIncludesName() {
RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().assertingPartyDetails((party) -> party.singleLogoutServiceBinding(Saml2MessageBinding.POST)).build();
Saml2Authentication authentication = authentication(registration);
HttpServletRequest request = new MockHttpServletRequest();
given(this.relyingPartyRegistrationResolver.resolve(any(), any())).willReturn(registration);
Saml2LogoutRequest saml2LogoutRequest = this.logoutRequestResolver.resolve(request, authentication);
assertThat(saml2LogoutRequest.getParameter(Saml2ParameterNames.SIG_ALG)).isNull();
assertThat(saml2LogoutRequest.getParameter(Saml2ParameterNames.SIGNATURE)).isNull();
assertThat(saml2LogoutRequest.getParameter(Saml2ParameterNames.RELAY_STATE)).isNotNull();
Saml2MessageBinding binding = registration.getAssertingPartyDetails().getSingleLogoutServiceBinding();
LogoutRequest logoutRequest = getLogoutRequest(saml2LogoutRequest.getSamlRequest(), binding);
assertThat(logoutRequest.getNameID().getValue()).isEqualTo(authentication.getName());
assertThat(logoutRequest.getSessionIndexes()).hasSize(1);
assertThat(logoutRequest.getSessionIndexes().get(0).getSessionIndex()).isEqualTo("session-index");
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
ArgumentMatchers.any(org.mockito.ArgumentMatchers.any)
Arrays(java.util.Arrays)
DefaultSaml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal)
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
Assertions.assertThat(org.assertj.core.api.Assertions.assertThat)
HashMap(java.util.HashMap)
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
ArrayList(java.util.ArrayList)
Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
ByteArrayInputStream(java.io.ByteArrayInputStream)
BDDMockito.given(org.mockito.BDDMockito.given)
Document(org.w3c.dom.Document)
Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)
RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver)
Saml2Exception(org.springframework.security.saml2.Saml2Exception)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
StandardCharsets(java.nio.charset.StandardCharsets)
XMLObjectProviderRegistrySupport(org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport)
Test(org.junit.jupiter.api.Test)
Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames)
Element(org.w3c.dom.Element)
Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)
TestRelyingPartyRegistrations(org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations)
Mockito.mock(org.mockito.Mockito.mock)
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)
Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)
Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)
Test(org.junit.jupiter.api.Test)
Example 15 with Saml2LogoutRequest
use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.
the class OpenSamlLogoutRequestResolverTests method resolveRedirectWhenAuthenticatedThenIncludesName.
@Test
public void resolveRedirectWhenAuthenticatedThenIncludesName() {
RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().build();
Saml2Authentication authentication = authentication(registration);
HttpServletRequest request = new MockHttpServletRequest();
given(this.relyingPartyRegistrationResolver.resolve(any(), any())).willReturn(registration);
Saml2LogoutRequest saml2LogoutRequest = this.logoutRequestResolver.resolve(request, authentication);
assertThat(saml2LogoutRequest.getParameter(Saml2ParameterNames.SIG_ALG)).isNotNull();
assertThat(saml2LogoutRequest.getParameter(Saml2ParameterNames.SIGNATURE)).isNotNull();
assertThat(saml2LogoutRequest.getParameter(Saml2ParameterNames.RELAY_STATE)).isNotNull();
Saml2MessageBinding binding = registration.getAssertingPartyDetails().getSingleLogoutServiceBinding();
LogoutRequest logoutRequest = getLogoutRequest(saml2LogoutRequest.getSamlRequest(), binding);
assertThat(logoutRequest.getNameID().getValue()).isEqualTo(authentication.getName());
}
Also used :
RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)
HttpServletRequest(jakarta.servlet.http.HttpServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)
Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)
Saml2Authentication(org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)
Test(org.junit.jupiter.api.Test)
Aggregations
Test (org.junit.jupiter.api.Test)40
Saml2LogoutRequest (org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)34
RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)31
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)27
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)22
LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)15
Authentication (org.springframework.security.core.Authentication)12
Saml2MessageBinding (org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)12
Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)10
TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)10
Saml2Authentication (org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)10
TestRelyingPartyRegistrations (org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations)10
StandardCharsets (java.nio.charset.StandardCharsets)9
ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)8
BDDMockito.given (org.mockito.BDDMockito.given)8
Saml2ParameterNames (org.springframework.security.saml2.core.Saml2ParameterNames)7
DefaultSaml2AuthenticatedPrincipal (org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal)7
HttpServletRequest (jakarta.servlet.http.HttpServletRequest)6
AfterEach (org.junit.jupiter.api.AfterEach)5
BeforeEach (org.junit.jupiter.api.BeforeEach)5
