Examples with Saml2LogoutRequest org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest used on opensource projects

Search in sources :

Example 31 with Saml2LogoutRequest

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.

the class HttpSessionLogoutRequestRepository method removeLogoutRequest.

/**
 * {@inheritDoc}
 */
@Override
public Saml2LogoutRequest removeLogoutRequest(HttpServletRequest request, HttpServletResponse response) {
    Assert.notNull(request, "request cannot be null");
    Assert.notNull(response, "response cannot be null");
    Saml2LogoutRequest logoutRequest = loadLogoutRequest(request);
    if (logoutRequest == null) {
        return null;
    }
    request.getSession().removeAttribute(DEFAULT_LOGOUT_REQUEST_ATTR_NAME);
    return logoutRequest;
}
Also used : Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)

Example 32 with Saml2LogoutRequest

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.

the class OpenSamlLogoutRequestResolver method resolve.

Saml2LogoutRequest resolve(HttpServletRequest request, Authentication authentication, BiConsumer<RelyingPartyRegistration, LogoutRequest> logoutRequestConsumer) {
    String registrationId = getRegistrationId(authentication);
    RelyingPartyRegistration registration = this.relyingPartyRegistrationResolver.resolve(request, registrationId);
    if (registration == null) {
        return null;
    }
    if (registration.getAssertingPartyDetails().getSingleLogoutServiceLocation() == null) {
        return null;
    }
    LogoutRequest logoutRequest = this.logoutRequestBuilder.buildObject();
    logoutRequest.setDestination(registration.getAssertingPartyDetails().getSingleLogoutServiceLocation());
    Issuer issuer = this.issuerBuilder.buildObject();
    issuer.setValue(registration.getEntityId());
    logoutRequest.setIssuer(issuer);
    NameID nameId = this.nameIdBuilder.buildObject();
    nameId.setValue(authentication.getName());
    logoutRequest.setNameID(nameId);
    if (authentication.getPrincipal() instanceof Saml2AuthenticatedPrincipal) {
        Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
        for (String index : principal.getSessionIndexes()) {
            SessionIndex sessionIndex = this.sessionIndexBuilder.buildObject();
            sessionIndex.setSessionIndex(index);
            logoutRequest.getSessionIndexes().add(sessionIndex);
        }
    }
    logoutRequestConsumer.accept(registration, logoutRequest);
    if (logoutRequest.getID() == null) {
        logoutRequest.setID("LR" + UUID.randomUUID());
    }
    String relayState = UUID.randomUUID().toString();
    Saml2LogoutRequest.Builder result = Saml2LogoutRequest.withRelyingPartyRegistration(registration).id(logoutRequest.getID());
    if (registration.getAssertingPartyDetails().getSingleLogoutServiceBinding() == Saml2MessageBinding.POST) {
        String xml = serialize(OpenSamlSigningUtils.sign(logoutRequest, registration));
        String samlRequest = Saml2Utils.samlEncode(xml.getBytes(StandardCharsets.UTF_8));
        return result.samlRequest(samlRequest).relayState(relayState).build();
    } else {
        String xml = serialize(logoutRequest);
        String deflatedAndEncoded = Saml2Utils.samlEncode(Saml2Utils.samlDeflate(xml));
        result.samlRequest(deflatedAndEncoded);
        QueryParametersPartial partial = OpenSamlSigningUtils.sign(registration).param(Saml2ParameterNames.SAML_REQUEST, deflatedAndEncoded).param(Saml2ParameterNames.RELAY_STATE, relayState);
        return result.parameters((params) -> params.putAll(partial.parameters())).build();
    }
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) QueryParametersPartial(org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSamlSigningUtils.QueryParametersPartial) HttpServletRequest(jakarta.servlet.http.HttpServletRequest) OpenSamlInitializationService(org.springframework.security.saml2.core.OpenSamlInitializationService) LogoutRequestMarshaller(org.opensaml.saml.saml2.core.impl.LogoutRequestMarshaller) XMLObjectProviderRegistry(org.opensaml.core.xml.config.XMLObjectProviderRegistry) RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Saml2MessageBinding(org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) SerializeSupport(net.shibboleth.utilities.java.support.xml.SerializeSupport) BiConsumer(java.util.function.BiConsumer) MarshallingException(org.opensaml.core.xml.io.MarshallingException) QueryParametersPartial(org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSamlSigningUtils.QueryParametersPartial) RelyingPartyRegistrationResolver(org.springframework.security.saml2.provider.service.web.RelyingPartyRegistrationResolver) SessionIndexBuilder(org.opensaml.saml.saml2.core.impl.SessionIndexBuilder) Saml2Exception(org.springframework.security.saml2.Saml2Exception) ConfigurationService(org.opensaml.core.config.ConfigurationService) UUID(java.util.UUID) LogoutRequestBuilder(org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder) StandardCharsets(java.nio.charset.StandardCharsets) IssuerBuilder(org.opensaml.saml.saml2.core.impl.IssuerBuilder) NameIDBuilder(org.opensaml.saml.saml2.core.impl.NameIDBuilder) SessionIndex(org.opensaml.saml.saml2.core.SessionIndex) Saml2ParameterNames(org.springframework.security.saml2.core.Saml2ParameterNames) Element(org.w3c.dom.Element) Issuer(org.opensaml.saml.saml2.core.Issuer) Log(org.apache.commons.logging.Log) LogFactory(org.apache.commons.logging.LogFactory) Authentication(org.springframework.security.core.Authentication) Saml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) NameID(org.opensaml.saml.saml2.core.NameID) Assert(org.springframework.util.Assert) Issuer(org.opensaml.saml.saml2.core.Issuer) NameID(org.opensaml.saml.saml2.core.NameID) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) SessionIndex(org.opensaml.saml.saml2.core.SessionIndex) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) Saml2AuthenticatedPrincipal(org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticatedPrincipal)

Example 33 with Saml2LogoutRequest

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.

the class OpenSamlLogoutRequestValidator method validate.

/**
 * {@inheritDoc}
 */
@Override
public Saml2LogoutValidatorResult validate(Saml2LogoutRequestValidatorParameters parameters) {
    Saml2LogoutRequest request = parameters.getLogoutRequest();
    RelyingPartyRegistration registration = parameters.getRelyingPartyRegistration();
    Authentication authentication = parameters.getAuthentication();
    byte[] b = Saml2Utils.samlDecode(request.getSamlRequest());
    LogoutRequest logoutRequest = parse(inflateIfRequired(request, b));
    return Saml2LogoutValidatorResult.withErrors().errors(verifySignature(request, logoutRequest, registration)).errors(validateRequest(logoutRequest, registration, authentication)).build();
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Authentication(org.springframework.security.core.Authentication) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)

Example 34 with Saml2LogoutRequest

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.

the class OpenSamlLogoutResponseValidator method validate.

/**
 * {@inheritDoc}
 */
@Override
public Saml2LogoutValidatorResult validate(Saml2LogoutResponseValidatorParameters parameters) {
    Saml2LogoutResponse response = parameters.getLogoutResponse();
    Saml2LogoutRequest request = parameters.getLogoutRequest();
    RelyingPartyRegistration registration = parameters.getRelyingPartyRegistration();
    byte[] b = Saml2Utils.samlDecode(response.getSamlResponse());
    LogoutResponse logoutResponse = parse(inflateIfRequired(response, b));
    return Saml2LogoutValidatorResult.withErrors().errors(verifySignature(response, logoutResponse, registration)).errors(validateRequest(logoutResponse, registration)).errors(validateLogoutRequest(logoutResponse, request.getId())).build();
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)

Example 35 with Saml2LogoutRequest

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest in project spring-security by spring-projects.

the class Saml2LogoutResponseFilterTests method doFilterWhenSamlResponseRedirectThenLogout.

@Test
public void doFilterWhenSamlResponseRedirectThenLogout() throws Exception {
    Authentication authentication = new TestingAuthenticationToken("user", "password");
    SecurityContextHolder.getContext().setAuthentication(authentication);
    MockHttpServletRequest request = new MockHttpServletRequest("GET", "/logout/saml2/slo");
    request.setServletPath("/logout/saml2/slo");
    request.setParameter(Saml2ParameterNames.SAML_RESPONSE, "response");
    MockHttpServletResponse response = new MockHttpServletResponse();
    RelyingPartyRegistration registration = TestRelyingPartyRegistrations.full().singleLogoutServiceBinding(Saml2MessageBinding.REDIRECT).build();
    given(this.relyingPartyRegistrationResolver.resolve(request, "registration-id")).willReturn(registration);
    Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration).samlRequest("request").build();
    given(this.logoutRequestRepository.removeLogoutRequest(request, response)).willReturn(logoutRequest);
    given(this.logoutResponseValidator.validate(any())).willReturn(Saml2LogoutValidatorResult.success());
    this.logoutResponseProcessingFilter.doFilterInternal(request, response, new MockFilterChain());
    verify(this.logoutResponseValidator).validate(any());
    verify(this.logoutSuccessHandler).onLogoutSuccess(any(), any(), any());
}
Also used : RelyingPartyRegistration(org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration) Authentication(org.springframework.security.core.Authentication) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Saml2LogoutRequest(org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest) TestingAuthenticationToken(org.springframework.security.authentication.TestingAuthenticationToken) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Aggregations

Test (org.junit.jupiter.api.Test)40 Saml2LogoutRequest (org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest)34 RelyingPartyRegistration (org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration)31 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)27 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)22 LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)15 Authentication (org.springframework.security.core.Authentication)12 Saml2MessageBinding (org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding)12 Assertions.assertThat (org.assertj.core.api.Assertions.assertThat)10 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)10 Saml2Authentication (org.springframework.security.saml2.provider.service.authentication.Saml2Authentication)10 TestRelyingPartyRegistrations (org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations)10 StandardCharsets (java.nio.charset.StandardCharsets)9 ArgumentMatchers.any (org.mockito.ArgumentMatchers.any)8 BDDMockito.given (org.mockito.BDDMockito.given)8 Saml2ParameterNames (org.springframework.security.saml2.core.Saml2ParameterNames)7 DefaultSaml2AuthenticatedPrincipal (org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal)7 HttpServletRequest (jakarta.servlet.http.HttpServletRequest)6 AfterEach (org.junit.jupiter.api.AfterEach)5 BeforeEach (org.junit.jupiter.api.BeforeEach)5
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial