protected AuthOutcome handleLogoutResponse(SAMLDocumentHolder holder, StatusResponseType responseType, String relayState) { boolean loggedIn = sessionStore.isLoggedIn(); if (!loggedIn || !"logout".equals(relayState)) { return AuthOutcome.NOT_ATTEMPTED; } sessionStore.logoutAccount(); return AuthOutcome.LOGGED_OUT; }
@Override public boolean challenge(HttpFacade httpFacade) { try { SAML2AuthnRequestBuilder authnRequestBuilder = buildSaml2AuthnRequestBuilder(deployment); BaseSAML2BindingBuilder binding = createSaml2Binding(deployment); sessionStore.saveRequest(); sendAuthnRequest(httpFacade, authnRequestBuilder, binding); sessionStore.setCurrentAction(SamlSessionStore.CurrentAction.LOGGING_IN); } catch (Exception e) { throw new RuntimeException("Could not create authentication request.", e); } return true; }
sessionStore.setCurrentAction(SamlSessionStore.CurrentAction.NONE); if (sessionStore.isLoggingOut()) { try { if (deployment.getIDP().getSingleLogoutService().validateResponseSignature()) { sessionStore.setCurrentAction(SamlSessionStore.CurrentAction.NONE); } else if (sessionStore.isLoggingIn()) { return AuthOutcome.FAILED; } finally { sessionStore.setCurrentAction(SamlSessionStore.CurrentAction.NONE);
@Override public void invoke(Request request, Response response) throws IOException, ServletException { log.trace("*********************** SAML ************"); CatalinaHttpFacade facade = new CatalinaHttpFacade(response, request); SamlDeployment deployment = deploymentContext.resolveDeployment(facade); if (request.getRequestURI().substring(request.getContextPath().length()).endsWith("/saml")) { if (deployment != null && deployment.isConfigured()) { SamlSessionStore tokenStore = getSessionStore(request, facade, deployment); SamlAuthenticator authenticator = new CatalinaSamlEndpoint(facade, deployment, tokenStore); executeAuthenticator(request, response, facade, deployment, authenticator); return; } } try { getSessionStore(request, facade, deployment).isLoggedIn(); // sets request UserPrincipal if logged in. we do this so that the UserPrincipal is available on unsecured, unconstrainted URLs super.invoke(request, response); } finally { } }
protected void logoutInternal(Request request) { CatalinaHttpFacade facade = new CatalinaHttpFacade(null, request); SamlDeployment deployment = deploymentContext.resolveDeployment(facade); SamlSessionStore tokenStore = getSessionStore(request, facade, deployment); tokenStore.logoutAccount(); request.setUserPrincipal(null); }
@Override protected AuthOutcome logoutRequest(LogoutRequestType request, String relayState) { if (request.getSessionIndex() == null || request.getSessionIndex().isEmpty()) { sessionStore.logoutByPrincipal(request.getNameID().getValue()); } else { sessionStore.logoutBySsoId(request.getSessionIndex());
final String sessionIndex = index; SamlSession account = new SamlSession(principal, roles, sessionIndex); sessionStore.saveAccount(account); onCreateSession.onSessionCreated(account); String redirectUri = sessionStore.getRedirectUri(); if (redirectUri != null) { facade.getResponse().setHeader("Location", redirectUri);
private AuthOutcome globalLogout() { SamlSession account = sessionStore.getAccount(); if (account == null) { return AuthOutcome.NOT_ATTEMPTED; sessionStore.setCurrentAction(SamlSessionStore.CurrentAction.LOGGING_OUT); } catch (Exception e) { log.error("Could not send global logout SAML request", e);
public AuthOutcome doHandle(SamlInvocationContext context, OnSessionCreated onCreateSession) { String samlRequest = context.getSamlRequest(); String samlResponse = context.getSamlResponse(); String relayState = context.getRelayState(); if (samlRequest != null) { return handleSamlRequest(samlRequest, relayState); } else if (samlResponse != null) { return handleSamlResponse(samlResponse, relayState, onCreateSession); } else if (sessionStore.isLoggedIn()) { if (verifySSL()) return AuthOutcome.FAILED; log.debug("AUTHENTICATED: was cached"); return handleRequest(); } return initiateLogin(); }