/** * <p>This method populate the request and session with a logout requests to start a global logout from the IdP.</p> * @param request * @param userPrincipal */ private HttpServletRequestWrapper prepareLocalGlobalLogoutRequest(HttpServletRequest request, Principal userPrincipal) { try { SAML2Request saml2Request = new SAML2Request(); LogoutRequestType lort = saml2Request.createLogoutRequest(getIdentityURL()); NameIDType nameID = new NameIDType(); nameID.setValue(userPrincipal.getName()); nameID.setFormat(URI.create(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get())); lort.setNameID(nameID); lort.setDestination(URI.create(getIdentityURL())); byte[] responseBytes = DocumentUtil.getDocumentAsString(saml2Request.convert(lort)).getBytes("UTF-8"); final String samlRequest = RedirectBindingUtil.deflateBase64Encode(responseBytes); return new HttpServletRequestWrapper(request) { @Override public String getParameter(String name) { if (SAML_REQUEST_KEY.equals(name)) { return samlRequest; } return super.getParameter(name); } }; } catch (Exception e) { throw new RuntimeException("Could not perform IdP Initiated Single Logout.", e); } }
StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), logOutRequest.getID()); StaxUtil.writeAttribute(writer, JBossSAMLConstants.VERSION.get(), logOutRequest.getVersion()); StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), logOutRequest.getIssueInstant() .toString()); URI destination = logOutRequest.getDestination(); if (destination != null) String consent = logOutRequest.getConsent(); if (StringUtil.isNotNull(consent)) StaxUtil.writeAttribute(writer, JBossSAMLConstants.CONSENT.get(), consent); NameIDType issuer = logOutRequest.getIssuer(); write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get(), ASSERTION_PREFIX)); NameIDType nameID = logOutRequest.getNameID(); if (nameID != null)
public LogoutRequestType createLogoutRequest(SeamSamlPrincipal principal) throws ConfigurationException { ObjectFactory objectFactory = new ObjectFactory(); org.picketlink.identity.federation.saml.v2.assertion.ObjectFactory assertionObjectFactory = new org.picketlink.identity.federation.saml.v2.assertion.ObjectFactory(); LogoutRequestType logoutRequest = objectFactory.createLogoutRequestType(); logoutRequest.setID(generateId()); logoutRequest.setIssueInstant(generateIssueInstant()); NameIDType issuer = assertionObjectFactory.createNameIDType(); issuer.setValue(serviceProvider.getSamlConfiguration().getEntityId()); logoutRequest.setIssuer(issuer); NameIDType nameID = JBossSAMLBaseFactory.createNameID(); nameID.setValue(principal.getNameId().getValue()); logoutRequest.setNameID(nameID); logoutRequest.setVersion(JBossSAMLConstants.VERSION_2_0.get()); logoutRequest.getSessionIndex().add(principal.getSessionIndex()); return logoutRequest; }
/** * Create a Logout Request * * @param issuer * @return * @throws ConfigurationException */ public LogoutRequestType createLogoutRequest(String issuer) throws ConfigurationException { LogoutRequestType lrt = new LogoutRequestType(IDGenerator.create("ID_"), XMLTimeUtil.getIssueInstant()); // Create an issuer NameIDType issuerNameID = new NameIDType(); issuerNameID.setValue(issuer); lrt.setIssuer(issuerNameID); return lrt; }
/** * Parse the attributes at the log out request element * @param startElement * @return * @throws ParsingException */ private LogoutRequestType parseBaseAttributes(StartElement startElement) throws ParsingException { super.parseRequiredAttributes(startElement); LogoutRequestType logoutRequest = new LogoutRequestType(id, issueInstant); //Let us get the attributes super.parseBaseAttributes(startElement, logoutRequest); Attribute reason = startElement.getAttributeByName(new QName(JBossSAMLConstants.REASON.get())); if (reason != null) logoutRequest.setReason(StaxParserUtil.getAttributeValue(reason)); Attribute notOnOrAfter = startElement.getAttributeByName(new QName(JBossSAMLConstants.NOT_ON_OR_AFTER.get())); if (notOnOrAfter != null) logoutRequest.setNotOnOrAfter(XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(notOnOrAfter))); return logoutRequest; } }
StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), logOutRequest.getID()); StaxUtil.writeAttribute(writer, JBossSAMLConstants.VERSION.get(), logOutRequest.getVersion()); StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), logOutRequest.getIssueInstant().toString()); URI destination = logOutRequest.getDestination(); if (destination != null) { StaxUtil.writeAttribute(writer, JBossSAMLConstants.DESTINATION.get(), destination.toASCIIString()); String consent = logOutRequest.getConsent(); if (StringUtil.isNotNull(consent)) StaxUtil.writeAttribute(writer, JBossSAMLConstants.CONSENT.get(), consent); NameIDType issuer = logOutRequest.getIssuer(); write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get(), ASSERTION_PREFIX)); Element signature = logOutRequest.getSignature(); if (signature != null) { StaxUtil.writeDOMElement(writer, signature); NameIDType nameID = logOutRequest.getNameID(); if (nameID != null) { write(nameID, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX)); List<String> sessionIndexes = logOutRequest.getSessionIndex();
String issuer = logOutRequest.getIssuer().getValue(); try { SAML2Request saml2Request = new SAML2Request(); server.stack().pop(sessionID); generateSuccessStatusResponseType(logOutRequest.getID(), request, response, originalIssuer); lort.setNameID(nameID); lort.setNotOnOrAfter(XMLTimeUtil.add(lort.getIssueInstant(), assertionValidity)); lort.setDestination(URI.create(participant));
private LogoutRequestType createLogoutRequest(SAML2HandlerRequest request, String participant) throws ConfigurationException, ProcessingException { HTTPContext httpContext = (HTTPContext) request.getContext(); HttpServletRequest httpServletRequest = httpContext.getRequest(); LogoutRequestType lort = new SAML2Request().createLogoutRequest(request.getIssuer().getValue()); Principal userPrincipal = httpServletRequest.getUserPrincipal(); if (userPrincipal == null) { throw logger.samlHandlerPrincipalNotFoundError(); } NameIDType nameID = new NameIDType(); nameID.setValue(userPrincipal.getName()); //Deal with NameID Format String nameIDFormat = (String) handlerConfig.getParameter(GeneralConstants.NAMEID_FORMAT); if (StringUtil.isNullOrEmpty(nameIDFormat)) { nameIDFormat = JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get(); } nameID.setFormat(URI.create(nameIDFormat)); lort.setNameID(nameID); long assertionValidity = PicketLinkCoreSTS.instance().getConfiguration().getIssuedTokenTimeout(); lort.setNotOnOrAfter(XMLTimeUtil.add(lort.getIssueInstant(), assertionValidity)); lort.setDestination(URI.create(participant)); return lort; }
checkDestination(logOutRequest.getDestination(), spConfiguration.getServiceURL()); SessionManager sessionManager = SessionManager.get(session.getServletContext()); final String pricipalName = logOutRequest.getNameID().getValue(); statusResponse.setInResponseTo(logOutRequest.getID()); response.setDestination(logOutRequest.getIssuer().getValue()); } else { response.setDestination(logoutResponseLocation);
logoutRequest.getSessionIndex().add(StaxParserUtil.getElementText(xmlEventReader)); logoutRequest.setNameID(nameID);
logoutRequest.addSessionIndex(StaxParserUtil.getElementText(xmlEventReader)); } else if (JBossSAMLConstants.NAMEID.get().equals(elementName)) { NameIDType nameID = SAMLParserUtil.parseNameIDType(xmlEventReader); logoutRequest.setNameID(nameID); } else if (JBossSAMLConstants.ISSUER.get().equals(elementName)) { continue;
public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse response) throws ProcessingException { HTTPContext httpContext = (HTTPContext) request.getContext(); HttpServletRequest httpServletRequest = httpContext.getRequest(); HttpSession session = httpServletRequest.getSession(false); String relayState = httpContext.getRequest().getParameter(GeneralConstants.RELAY_STATE); LogoutRequestType logOutRequest = (LogoutRequestType) request.getSAML2Object(); checkDestination(logOutRequest.getDestination(), getProviderconfig().getIdentityURL()); String issuer = logOutRequest.getIssuer().getValue(); try { String originalIssuer = (relayState == null) ? issuer : relayState; if (getIdentityServer(session.getServletContext()) == null) throw logger.samlHandlerIdentityServerNotFoundError(); if (isBackChannelLogout()) { performBackChannelLogout(request, originalIssuer); } else { performFrontChannelLogout(request, response, logOutRequest, originalIssuer, relayState); } } catch (ParserConfigurationException pe) { throw logger.processingError(pe); } catch (ConfigurationException pe) { throw logger.processingError(pe); } catch (ParsingException e) { throw logger.processingError(e); } return; }
public void sendSingleLogoutRequestToIDP(HttpServletRequest request, HttpServletResponse response, Identity identity) { SeamSamlPrincipal principal = (SeamSamlPrincipal) identity.getPrincipal(); SamlIdentityProvider idp = (SamlIdentityProvider) principal.getIdentityProvider(); LogoutRequestType logoutRequest; try { logoutRequest = samlMessageFactory.createLogoutRequest(principal); requests.addRequest(logoutRequest.getID(), idp, null); } catch (ConfigurationException e) { throw new RuntimeException(e); } samlMessageSender.sendRequestToIDP(request, response, idp, SamlProfile.SINGLE_LOGOUT, logoutRequest); } }
StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), logOutRequest.getID()); StaxUtil.writeAttribute(writer, JBossSAMLConstants.VERSION.get(), logOutRequest.getVersion()); StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), logOutRequest.getIssueInstant().toString()); URI destination = logOutRequest.getDestination(); if (destination != null) { StaxUtil.writeAttribute(writer, JBossSAMLConstants.DESTINATION.get(), destination.toASCIIString()); String consent = logOutRequest.getConsent(); if (StringUtil.isNotNull(consent)) StaxUtil.writeAttribute(writer, JBossSAMLConstants.CONSENT.get(), consent); NameIDType issuer = logOutRequest.getIssuer(); write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get(), ASSERTION_PREFIX)); Element signature = logOutRequest.getSignature(); if (signature != null) { StaxUtil.writeDOMElement(writer, signature); NameIDType nameID = logOutRequest.getNameID(); if (nameID != null) { write(nameID, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX)); List<String> sessionIndexes = logOutRequest.getSessionIndex();
String issuer = logOutRequest.getIssuer().getValue(); try isPost = Boolean.TRUE; generateSuccessStatusResponseType(logOutRequest.getID(), request, response, originalIssuer); response.setPostBindingForResponse(isPost.booleanValue()); response.setSendRequest(false); lort.setNotOnOrAfter(XMLTimeUtil.add(lort.getIssueInstant(), assertionValidity)); lort.setDestination(URI.create(participant));
private LogoutRequestType createLogoutRequest(SAML2HandlerRequest request, String participant) throws ConfigurationException, ProcessingException { HTTPContext httpContext = (HTTPContext) request.getContext(); HttpServletRequest httpServletRequest = httpContext.getRequest(); LogoutRequestType lort = new SAML2Request().createLogoutRequest(request.getIssuer().getValue()); Principal userPrincipal = httpServletRequest.getUserPrincipal(); if (userPrincipal == null) { throw logger.samlHandlerPrincipalNotFoundError(); } NameIDType nameID = new NameIDType(); nameID.setValue(userPrincipal.getName()); //Deal with NameID Format String nameIDFormat = (String) handlerConfig.getParameter(GeneralConstants.NAMEID_FORMAT); if (StringUtil.isNullOrEmpty(nameIDFormat)) { nameIDFormat = JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get(); } nameID.setFormat(URI.create(nameIDFormat)); lort.setNameID(nameID); long assertionValidity = PicketLinkCoreSTS.instance().getConfiguration().getIssuedTokenTimeout(); lort.setNotOnOrAfter(XMLTimeUtil.add(lort.getIssueInstant(), assertionValidity)); lort.setDestination(URI.create(participant)); return lort; }
/** * Parse the attributes at the log out request element * * @param startElement * @return * @throws ParsingException */ private LogoutRequestType parseBaseAttributes(StartElement startElement) throws ParsingException { super.parseRequiredAttributes(startElement); LogoutRequestType logoutRequest = new LogoutRequestType(id, issueInstant); // Let us get the attributes super.parseBaseAttributes(startElement, logoutRequest); Attribute reason = startElement.getAttributeByName(new QName(JBossSAMLConstants.REASON.get())); if (reason != null) logoutRequest.setReason(StaxParserUtil.getAttributeValue(reason)); Attribute notOnOrAfter = startElement.getAttributeByName(new QName(JBossSAMLConstants.NOT_ON_OR_AFTER.get())); if (notOnOrAfter != null) logoutRequest.setNotOnOrAfter(XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(notOnOrAfter))); return logoutRequest; } }
checkDestination(logOutRequest.getDestination(), spConfiguration.getServiceURL()); SessionManager sessionManager = SessionManager.get(session.getServletContext()); final String pricipalName = logOutRequest.getNameID().getValue(); statusResponse.setInResponseTo(logOutRequest.getID()); response.setDestination(logOutRequest.getIssuer().getValue()); } else { response.setDestination(logoutResponseLocation);