org.opensaml.saml.saml2.core.SessionIndex Java Examples
The following examples show how to use
org.opensaml.saml.saml2.core.SessionIndex.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: LogoutRequestBuilder.java From carbon-apimgt with Apache License 2.0 | 6 votes |
|
/**
* Build the logout request
* @param subject name of the user
* @param reason reason for generating logout request.
* @return LogoutRequest object
*/
public LogoutRequest buildLogoutRequest(String subject,String sessionIndexId, String reason,
String issuerId, String nameIdFormat) {
Util.doBootstrap();
LogoutRequest logoutReq = new org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder().buildObject();
logoutReq.setID(Util.createID());
DateTime issueInstant = new DateTime();
logoutReq.setIssueInstant(issueInstant);
logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(issuerId);
logoutReq.setIssuer(issuer);
logoutReq.setNameID(Util.buildNameID(nameIdFormat, subject));
SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
sessionIndex.setSessionIndex(sessionIndexId);
logoutReq.getSessionIndexes().add(sessionIndex);
logoutReq.setReason(reason);
return logoutReq;
}
Example #2
| Source File: LogoutRequestBuilder.java From carbon-apimgt with Apache License 2.0 | 5 votes |
|
/**
* Build the logout request
* @param subject name of the user
* @param reason reason for generating logout request.
* @return LogoutRequest object
*/
public LogoutRequest buildSignedLogoutRequest(String subject,String sessionIndexId, String reason,
String issuerId, int tenantId, String tenantDomain, String destination, String nameIdFormat)
throws SSOHostObjectException {
Util.doBootstrap();
LogoutRequest logoutReq = new org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder().buildObject();
logoutReq.setID(Util.createID());
DateTime issueInstant = new DateTime();
logoutReq.setIssueInstant(issueInstant);
logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(issuerId);
logoutReq.setIssuer(issuer);
logoutReq.setNameID(Util.buildNameID(nameIdFormat, subject));
SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
sessionIndex.setSessionIndex(sessionIndexId);
logoutReq.getSessionIndexes().add(sessionIndex);
logoutReq.setReason(reason);
logoutReq.setDestination(destination);
SSOAgentCarbonX509Credential ssoAgentCarbonX509Credential =
new SSOAgentCarbonX509Credential(tenantId, tenantDomain);
setSignature(logoutReq, SignatureConstants.ALGO_ID_SIGNATURE_RSA,
new X509CredentialImpl(ssoAgentCarbonX509Credential));
return logoutReq;
}
Example #3
| Source File: SamlpRequestComponentBuilder.java From cxf-fediz with Apache License 2.0 | 5 votes |
|
@SuppressWarnings("unchecked")
public static LogoutRequest createLogoutRequest(
Issuer issuer,
String reason,
NameID nameId,
List<String> sessionIndices
) {
if (logoutRequestBuilder == null) {
logoutRequestBuilder = (SAMLObjectBuilder<LogoutRequest>)
builderFactory.getBuilder(LogoutRequest.DEFAULT_ELEMENT_NAME);
}
if (sessionIndexBuilder == null) {
sessionIndexBuilder = (SAMLObjectBuilder<SessionIndex>)
builderFactory.getBuilder(SessionIndex.DEFAULT_ELEMENT_NAME);
}
LogoutRequest logoutRequest = logoutRequestBuilder.buildObject();
logoutRequest.setID("_" + UUID.randomUUID().toString());
logoutRequest.setIssueInstant(new DateTime());
if (reason != null) {
logoutRequest.setReason(reason);
}
if (nameId != null) {
logoutRequest.setNameID(nameId);
}
if (sessionIndices != null && !sessionIndices.isEmpty()) {
for (String sessionIndex : sessionIndices) {
SessionIndex sessionIndexObj = sessionIndexBuilder.buildObject();
sessionIndexObj.setSessionIndex(sessionIndex);
logoutRequest.getSessionIndexes().add(sessionIndexObj);
}
}
logoutRequest.setIssuer(issuer);
return logoutRequest;
}
Example #4
| Source File: SAML2SPLogic.java From syncope with Apache License 2.0 | 4 votes |
|
@PreAuthorize("isAuthenticated() and not(hasRole('" + IdRepoEntitlement.ANONYMOUS + "'))")
public SAML2RequestTO createLogoutRequest(final String accessToken, final String spEntityID) {
check();
// 1. fetch the current JWT used for Syncope authentication
JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(accessToken);
if (!consumer.verifySignatureWith(jwsSignatureVerifier)) {
throw new IllegalArgumentException("Invalid signature found in Access Token");
}
// 2. look for IdP
String idpEntityID = (String) consumer.getJwtClaims().getClaim(JWT_CLAIM_IDP_ENTITYID);
if (idpEntityID == null) {
throw new NotFoundException("No SAML 2.0 IdP information found in the access token");
}
SAML2IdPEntity idp = cache.get(idpEntityID);
if (idp == null) {
throw new NotFoundException("SAML 2.0 IdP '" + idpEntityID + '\'');
}
if (idp.getSLOLocation(idp.getBindingType()) == null) {
throw new IllegalArgumentException("No SingleLogoutService available for " + idp.getId());
}
// 3. create LogoutRequest
LogoutRequest logoutRequest = new LogoutRequestBuilder().buildObject();
logoutRequest.setID('_' + SecureRandomUtils.generateRandomUUID().toString());
logoutRequest.setDestination(idp.getSLOLocation(idp.getBindingType()).getLocation());
DateTime now = new DateTime();
logoutRequest.setIssueInstant(now);
logoutRequest.setNotOnOrAfter(now.plusMinutes(5));
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue(spEntityID);
logoutRequest.setIssuer(issuer);
NameID nameID = new NameIDBuilder().buildObject();
nameID.setFormat((String) consumer.getJwtClaims().getClaim(JWT_CLAIM_NAMEID_FORMAT));
nameID.setValue((String) consumer.getJwtClaims().getClaim(JWT_CLAIM_NAMEID_VALUE));
logoutRequest.setNameID(nameID);
SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
sessionIndex.setSessionIndex((String) consumer.getJwtClaims().getClaim(JWT_CLAIM_SESSIONINDEX));
logoutRequest.getSessionIndexes().add(sessionIndex);
SAML2RequestTO requestTO = new SAML2RequestTO();
requestTO.setIdpServiceAddress(logoutRequest.getDestination());
requestTO.setBindingType(idp.getBindingType());
try {
// 3. generate relay state as JWT
Map<String, Object> claims = new HashMap<>();
claims.put(JWT_CLAIM_IDP_DEFLATE,
idp.getBindingType() == SAML2BindingType.REDIRECT ? true : idp.isUseDeflateEncoding());
Pair<String, Date> relayState = accessTokenDataBinder.generateJWT(
SecureRandomUtils.generateRandomUUID().toString(),
logoutRequest.getID(), JWT_RELAY_STATE_DURATION, claims);
requestTO.setRelayState(relayState.getLeft());
// 4. sign and encode AuthnRequest
switch (idp.getBindingType()) {
case REDIRECT:
requestTO.setContent(SAML2ReaderWriter.encode(logoutRequest, true));
requestTO.setSignAlg(saml2rw.getSigAlgo());
requestTO.setSignature(saml2rw.sign(requestTO.getContent(), requestTO.getRelayState()));
break;
case POST:
default:
saml2rw.sign(logoutRequest);
requestTO.setContent(SAML2ReaderWriter.encode(logoutRequest, idp.isUseDeflateEncoding()));
}
} catch (Exception e) {
LOG.error("While generating LogoutRequest", e);
SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
sce.getElements().add(e.getMessage());
throw sce;
}
return requestTO;
}
