Examples with Saml2LogoutValidatorResult org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult used on opensource projects

Example 6 with Saml2LogoutValidatorResult

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult in project spring-security by spring-projects.

the class OpenSamlLogoutRequestValidatorTests method handleWhenPostBindingThenValidates.

@Test
public void handleWhenPostBindingThenValidates() {
    RelyingPartyRegistration registration = registration().build();
    LogoutRequest logoutRequest = TestOpenSamlObjects.assertingPartyLogoutRequest(registration);
    sign(logoutRequest, registration);
    Saml2LogoutRequest request = post(logoutRequest, registration);
    Saml2LogoutRequestValidatorParameters parameters = new Saml2LogoutRequestValidatorParameters(request, registration, authentication(registration));
    Saml2LogoutValidatorResult result = this.manager.validate(parameters);
    assertThat(result.hasErrors()).isFalse();
}

Example 7 with Saml2LogoutValidatorResult

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult in project spring-security by spring-projects.

the class Saml2LogoutResponseFilter method doFilterInternal.

/**
 * {@inheritDoc}
 */
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
    if (!this.logoutRequestMatcher.matches(request)) {
        chain.doFilter(request, response);
        return;
    }
    if (request.getParameter(Saml2ParameterNames.SAML_RESPONSE) == null) {
        chain.doFilter(request, response);
        return;
    }
    Saml2LogoutRequest logoutRequest = this.logoutRequestRepository.removeLogoutRequest(request, response);
    if (logoutRequest == null) {
        this.logger.trace("Did not process logout response since could not find associated LogoutRequest");
        response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Failed to find associated LogoutRequest");
        return;
    }
    RelyingPartyRegistration registration = this.relyingPartyRegistrationResolver.resolve(request, logoutRequest.getRelyingPartyRegistrationId());
    if (registration == null) {
        this.logger.trace("Did not process logout request since failed to find associated RelyingPartyRegistration");
        Saml2Error error = new Saml2Error(Saml2ErrorCodes.RELYING_PARTY_REGISTRATION_NOT_FOUND, "Failed to find associated RelyingPartyRegistration");
        response.sendError(HttpServletResponse.SC_BAD_REQUEST, error.toString());
        return;
    }
    if (registration.getSingleLogoutServiceResponseLocation() == null) {
        this.logger.trace("Did not process logout response since RelyingPartyRegistration has not been configured with a logout response endpoint");
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
        return;
    }
    if (!isCorrectBinding(request, registration)) {
        this.logger.trace("Did not process logout request since used incorrect binding");
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
        return;
    }
    String serialized = request.getParameter(Saml2ParameterNames.SAML_RESPONSE);
    Saml2LogoutResponse logoutResponse = Saml2LogoutResponse.withRelyingPartyRegistration(registration).samlResponse(serialized).relayState(request.getParameter(Saml2ParameterNames.RELAY_STATE)).binding(registration.getSingleLogoutServiceBinding()).location(registration.getSingleLogoutServiceResponseLocation()).parameters((params) -> params.put(Saml2ParameterNames.SIG_ALG, request.getParameter(Saml2ParameterNames.SIG_ALG))).parameters((params) -> params.put(Saml2ParameterNames.SIGNATURE, request.getParameter(Saml2ParameterNames.SIGNATURE))).build();
    Saml2LogoutResponseValidatorParameters parameters = new Saml2LogoutResponseValidatorParameters(logoutResponse, logoutRequest, registration);
    Saml2LogoutValidatorResult result = this.logoutResponseValidator.validate(parameters);
    if (result.hasErrors()) {
        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, result.getErrors().iterator().next().toString());
        this.logger.debug(LogMessage.format("Failed to validate LogoutResponse: %s", result.getErrors()));
        return;
    }
    this.logoutSuccessHandler.onLogoutSuccess(request, response, null);
}

Example 8 with Saml2LogoutValidatorResult

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult in project spring-security by spring-projects.

the class OpenSamlLogoutRequestValidator method validate.

/**
 * {@inheritDoc}
 */
@Override
public Saml2LogoutValidatorResult validate(Saml2LogoutRequestValidatorParameters parameters) {
    Saml2LogoutRequest request = parameters.getLogoutRequest();
    RelyingPartyRegistration registration = parameters.getRelyingPartyRegistration();
    Authentication authentication = parameters.getAuthentication();
    byte[] b = Saml2Utils.samlDecode(request.getSamlRequest());
    LogoutRequest logoutRequest = parse(inflateIfRequired(request, b));
    return Saml2LogoutValidatorResult.withErrors().errors(verifySignature(request, logoutRequest, registration)).errors(validateRequest(logoutRequest, registration, authentication)).build();
}

Example 9 with Saml2LogoutValidatorResult

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult in project spring-security by spring-projects.

the class OpenSamlLogoutResponseValidator method validate.

/**
 * {@inheritDoc}
 */
@Override
public Saml2LogoutValidatorResult validate(Saml2LogoutResponseValidatorParameters parameters) {
    Saml2LogoutResponse response = parameters.getLogoutResponse();
    Saml2LogoutRequest request = parameters.getLogoutRequest();
    RelyingPartyRegistration registration = parameters.getRelyingPartyRegistration();
    byte[] b = Saml2Utils.samlDecode(response.getSamlResponse());
    LogoutResponse logoutResponse = parse(inflateIfRequired(response, b));
    return Saml2LogoutValidatorResult.withErrors().errors(verifySignature(response, logoutResponse, registration)).errors(validateRequest(logoutResponse, registration)).errors(validateLogoutRequest(logoutResponse, request.getId())).build();
}

Example 10 with Saml2LogoutValidatorResult

use of org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutValidatorResult in project spring-security by spring-projects.

the class OpenSamlLogoutResponseValidatorTests method handleWhenStatusNotSuccessThenInvalidResponseError.

@Test
public void handleWhenStatusNotSuccessThenInvalidResponseError() {
    RelyingPartyRegistration registration = registration().build();
    Saml2LogoutRequest logoutRequest = Saml2LogoutRequest.withRelyingPartyRegistration(registration).id("id").build();
    LogoutResponse logoutResponse = TestOpenSamlObjects.assertingPartyLogoutResponse(registration);
    logoutResponse.getStatus().getStatusCode().setValue(StatusCode.UNKNOWN_PRINCIPAL);
    sign(logoutResponse, registration);
    Saml2LogoutResponse response = post(logoutResponse, registration);
    Saml2LogoutResponseValidatorParameters parameters = new Saml2LogoutResponseValidatorParameters(response, logoutRequest, registration);
    Saml2LogoutValidatorResult result = this.manager.validate(parameters);
    assertThat(result.hasErrors()).isTrue();
    assertThat(result.getErrors().iterator().next().getErrorCode()).isEqualTo(Saml2ErrorCodes.INVALID_RESPONSE);
}