private LogoutRequest getLogoutRequest(String destination, String issuerId) { final LogoutRequest logoutRequest = build(LogoutRequest.DEFAULT_ELEMENT_NAME); logoutRequest.setID(requestIdManager.newId()); logoutRequest.setDestination(destination); final Issuer issuer = build(Issuer.DEFAULT_ELEMENT_NAME); issuer.setValue(issuerId); logoutRequest.setIssuer(issuer); logoutRequest.setIssueInstant(DateTime.now()); final NameID nameID = build(NameID.DEFAULT_ELEMENT_NAME); nameID.setFormat(SamlNameIdFormat.EMAIL.urn()); logoutRequest.setNameID(nameID); return logoutRequest; }
private SamlIdentityProviderConfig validateAndGetIdPConfig(LogoutRequest logoutRequest, String endpointUri) { final String issuer = logoutRequest.getIssuer().getValue(); if (issuer == null) { throw new SamlException("no issuer found from the logout request: " + logoutRequest.getID()); } if (!endpointUri.equals(logoutRequest.getDestination())) { throw new SamlException("unexpected destination: " + logoutRequest.getDestination()); } final SamlIdentityProviderConfig config = idpConfigs.get(issuer); if (config == null) { throw new SamlException("unexpected identity provider: " + issuer); } return config; }
public static LogoutRequest createLogoutRequest( Issuer issuer, NameID nameId, String id, List<String> sessionIndexes) { LogoutRequest logoutRequest = logoutRequestBuilder.buildObject(); logoutRequest.setID(id); logoutRequest.setIssuer(issuer); logoutRequest.setNameID(nameId); logoutRequest.setIssueInstant(DateTime.now()); logoutRequest.setVersion(SAMLVersion.VERSION_20); SessionIndexBuilder builder = new SessionIndexBuilder(); for (String index : sessionIndexes) { SessionIndex sessionIndexObject = builder.buildObject(); sessionIndexObject.setSessionIndex(index); logoutRequest.getSessionIndexes().add(sessionIndexObject); } return logoutRequest; }
logoutRequest.setID("_" + SecureRandomUtils.generateRandomUUID().toString()); logoutRequest.setDestination(idp.getSLOLocation(idp.getBindingType()).getLocation()); logoutRequest.setIssueInstant(now); logoutRequest.setNotOnOrAfter(now.plusMinutes(5)); logoutRequest.setIssuer(issuer); logoutRequest.setNameID(nameID); logoutRequest.getSessionIndexes().add(sessionIndex); requestTO.setIdpServiceAddress(logoutRequest.getDestination()); requestTO.setBindingType(idp.getBindingType()); try { Pair<String, Date> relayState = accessTokenDataBinder.generateJWT( SecureRandomUtils.generateRandomUUID().toString(), logoutRequest.getID(), JWT_RELAY_STATE_DURATION, claims); requestTO.setRelayState(relayState.getLeft());
@SuppressWarnings("unchecked") public static LogoutRequest createLogoutRequest( SAMLVersion version, Issuer issuer, String destination, String consent, Date notOnOrAfter, String reason, NameID nameID ) { if (logoutRequestBuilder == null) { logoutRequestBuilder = (SAMLObjectBuilder<LogoutRequest>) builderFactory.getBuilder(LogoutRequest.DEFAULT_ELEMENT_NAME); } LogoutRequest logoutRequest = logoutRequestBuilder.buildObject(); logoutRequest.setID("_" + UUID.randomUUID()); logoutRequest.setVersion(version); logoutRequest.setIssueInstant(new DateTime()); logoutRequest.setDestination(destination); logoutRequest.setConsent(consent); logoutRequest.setIssuer(issuer); if (notOnOrAfter != null) { logoutRequest.setNotOnOrAfter(new DateTime(notOnOrAfter.getTime())); } logoutRequest.setReason(reason); logoutRequest.setNameID(nameID); return logoutRequest; }
logoutRequest.setID(SSOUtils.createID()); logoutRequest.setIssueInstant(issueInstant); logoutRequest.setDestination(serverConfiguration.getIdpURL()); logoutRequest.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + (5 * 60 * 1000))); logoutRequest.setIssuer(issuer); logoutRequest.setNameID(nameId); logoutRequest.getSessionIndexes().add(sessionIndexElement); logoutRequest.setReason("Single Logout");
protected org.opensaml.saml.saml2.core.LogoutRequest internalToXml(LogoutRequest request) { org.opensaml.saml.saml2.core.LogoutRequest lr = buildSAMLObject(org.opensaml.saml.saml2.core.LogoutRequest.class); lr.setDestination(request.getDestination().getLocation()); lr.setID(request.getId()); lr.setVersion(SAMLVersion.VERSION_20); org.opensaml.saml.saml2.core.Issuer issuer = buildSAMLObject(org.opensaml.saml.saml2.core.Issuer.class); issuer.setValue(request.getIssuer().getValue()); issuer.setNameQualifier(request.getIssuer().getNameQualifier()); issuer.setSPNameQualifier(request.getIssuer().getSpNameQualifier()); lr.setIssuer(issuer); lr.setIssueInstant(request.getIssueInstant()); lr.setNotOnOrAfter(request.getNotOnOrAfter()); NameID nameID = buildSAMLObject(NameID.class); nameID.setFormat(request.getNameId().getFormat().toString()); nameID.setValue(request.getNameId().getValue()); nameID.setSPNameQualifier(request.getNameId().getSpNameQualifier()); nameID.setNameQualifier(request.getNameId().getNameQualifier()); lr.setNameID(nameID); if (request.getSigningKey() != null) { signObject(lr, request.getSigningKey(), request.getAlgorithm(), request.getDigest()); } return lr; }
protected LogoutRequest resolveLogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest request, List<SimpleKey> verificationKeys, List<SimpleKey> localKeys) { LogoutRequest result = new LogoutRequest() .setId(request.getID()) .setConsent(request.getConsent()) .setVersion(request.getVersion().toString()) .setNotOnOrAfter(request.getNotOnOrAfter()) .setIssueInstant(request.getIssueInstant()) .setReason(LogoutReason.fromUrn(request.getReason())) .setIssuer(getIssuer(request.getIssuer())) .setDestination(new Endpoint().setLocation(request.getDestination())); NameID nameID = getNameID(request.getNameID(), request.getEncryptedID(), localKeys); result.setNameId(getNameIdPrincipal(nameID)); return result; }
/** {@inheritDoc} */ protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject) throws UnmarshallingException { LogoutRequest req = (LogoutRequest) parentSAMLObject; if (childSAMLObject instanceof BaseID) { req.setBaseID((BaseID) childSAMLObject); } else if (childSAMLObject instanceof NameID) { req.setNameID((NameID) childSAMLObject); } else if (childSAMLObject instanceof EncryptedID) { req.setEncryptedID((EncryptedID) childSAMLObject); } else if (childSAMLObject instanceof SessionIndex) { req.getSessionIndexes().add((SessionIndex) childSAMLObject); } else { super.processChildElement(parentSAMLObject, childSAMLObject); } } }
/** * Validates the SAML logout request. * * @param logoutRequest the logout request * @param context the context * @param engine the signature engine */ protected void validateLogoutRequest(final LogoutRequest logoutRequest, final SAML2MessageContext context, final SignatureTrustEngine engine) { validateSignatureIfItExists(logoutRequest.getSignature(), context, engine); // don't check because of CAS v5 //validateIssueInstant(logoutRequest.getIssueInstant()); validateIssuerIfItExists(logoutRequest.getIssuer(), context); final EncryptedID encryptedID = logoutRequest.getEncryptedID(); if (encryptedID != null) { decryptEncryptedId(encryptedID, decrypter); } final List<SessionIndex> sessionIndexes = logoutRequest.getSessionIndexes(); if (sessionIndexes == null || sessionIndexes.size() != 1) { throw new SAMLException("We must have one session index in the logout request"); } String sessionIndex = sessionIndexes.get(0).getSessionIndex(); final String bindingUri = context.getSAMLBindingContext().getBindingUri(); if (SAMLConstants.SAML2_SOAP11_BINDING_URI.equals(bindingUri)) { logoutHandler.destroySessionBack(context.getWebContext(), sessionIndex); } else { logoutHandler.destroySessionFront(context.getWebContext(), sessionIndex); } }
if (!saml2Session.getId().equals(logoutRequest.getIssuer().getValue())) { return false; relyingParty = relyingPartyLookupStrategy.apply(profileRequestContext); if (!SAML2ObjectSupport.areNameIDsEquivalent(logoutRequest.getNameID(), saml2Session.getNameID(), assertingParty, relyingParty)) { return false; } else if (!SAML2ObjectSupport.areNameIDsEquivalent(logoutRequest.getNameID(), saml2Session.getNameID())) { return false; if (logoutRequest.getSessionIndexes().isEmpty()) { return true; for (final SessionIndex index : logoutRequest.getSessionIndexes()) { if (index.getSessionIndex() != null && index.getSessionIndex().equals(saml2Session.getSessionIndex())) {
/** * Encrypt a {@link NameID} found in a LogoutRequest and replace it with the result. * * @param request request to operate on * * @throws EncryptionException if an error occurs */ private void processLogoutRequest(@Nonnull final LogoutRequest request) throws EncryptionException { if (shouldEncrypt(request.getNameID())) { log.debug("{} Encrypting NameID in LogoutRequest", getLogPrefix()); final EncryptedID encrypted = getEncrypter().encrypt(request.getNameID()); request.setEncryptedID(encrypted); request.setNameID(null); } }
/** * Decrypt any {@link EncryptedID} found in a LogoutRequest and replace it with the result. * * @param profileRequestContext current profile request context * @param request request to operate on * * @throws DecryptionException if an error occurs */ private void processLogoutRequest(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final LogoutRequest request) throws DecryptionException { if (request.getEncryptedID() != null) { log.debug("{} Decrypting EncryptedID in LogoutRequest", getLogPrefix()); final NameID decrypted = processEncryptedID(profileRequestContext, request.getEncryptedID()); if (decrypted != null) { request.setNameID(decrypted); request.setEncryptedID(null); } } }
@Override public CriteriaSet apply(final ProfileRequestContext input) { if (logoutRequest != null && logoutRequest.getIssuer() != null && logoutRequest.getNameID() != null) { return new CriteriaSet(new SPSessionCriterion(logoutRequest.getIssuer().getValue(), logoutRequest.getNameID().getValue())); } else { return new CriteriaSet(); } } };
for (final SessionIndex index : ((LogoutRequest) message).getSessionIndexes()) { if (index != null && index.getSessionIndex() != null) { indexes.add(index.getSessionIndex());
/** {@inheritDoc} */ protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException { LogoutRequest req = (LogoutRequest) samlObject; if (attribute.getLocalName().equals(LogoutRequest.REASON_ATTRIB_NAME)) { req.setReason(attribute.getValue()); } else if (attribute.getLocalName().equals(LogoutRequest.NOT_ON_OR_AFTER_ATTRIB_NAME) && !Strings.isNullOrEmpty(attribute.getValue())) { req.setNotOnOrAfter(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC())); } else { super.processAttribute(samlObject, attribute); } }
private String[] getAuditResourceFromSamlLogoutRequest(final LogoutRequest returnValue) { val result = new ToStringBuilder(this, ToStringStyle.NO_CLASS_NAME_STYLE) .append("issuer", returnValue.getIssuer().getValue()) .toString(); return new String[]{result}; }
object.setID(idGenerator.generateIdentifier()); object.setIssueInstant(new DateTime(ISOChronology.getInstanceUTC())); object.setVersion(SAMLVersion.VERSION_20); object.setNameID(nameId); } catch (final MarshallingException|UnmarshallingException e) { log.error("{} Error cloning NameID for use in LogoutRequest for {}", getLogPrefix(), final Issuer issuer = issuerBuilder.buildObject(); issuer.setValue(issuerId); object.setIssuer(issuer); } else { log.debug("{} No issuer value available, leaving Issuer unset", getLogPrefix()); final SessionIndex index = indexBuilder.buildObject(); index.setSessionIndex(saml2Session.getSessionIndex()); object.getSessionIndexes().add(index);
logoutRequest.getSessionIndexes() .stream() .findFirst()
request.setID(SAML2Utils.generateID()); request.setIssuer(getIssuer(selfContext.getEntityId())); request.setIssueInstant(DateTime.now(DateTimeZone.UTC).plusSeconds(this.issueInstantSkewSeconds)); request.setVersion(SAMLVersion.VERSION_20); request.setDestination(ssoService.getLocation()); nameId.setSPNameQualifier(profile.getSamlNameIdSpNameQualifier()); nameId.setSPProvidedID(profile.getSamlNameIdSpProviderId()); request.setNameID(nameId); final SessionIndex sessionIdx = sessionIndexBuilder.buildObject(); sessionIdx.setSessionIndex(sessIdx); request.getSessionIndexes().add(sessionIdx);