org.opensaml.saml2.core.LogoutRequest Java Examples
The following examples show how to use
org.opensaml.saml2.core.LogoutRequest.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: SSOAgentUtils.java From carbon-identity with Apache License 2.0 | 7 votes |
|
/**
* Sign the SAML AuthnRequest message
*
* @param logoutRequest
* @param signatureAlgorithm
* @param cred
* @return
* @throws SSOAgentException
*/
public static LogoutRequest setSignature(LogoutRequest logoutRequest, String signatureAlgorithm,
X509Credential cred) throws SSOAgentException {
try {
Signature signature = setSignatureRaw(signatureAlgorithm,cred);
logoutRequest.setSignature(signature);
List<Signature> signatureList = new ArrayList<Signature>();
signatureList.add(signature);
// Marshall and Sign
MarshallerFactory marshallerFactory =
org.opensaml.xml.Configuration.getMarshallerFactory();
Marshaller marshaller = marshallerFactory.getMarshaller(logoutRequest);
marshaller.marshall(logoutRequest);
org.apache.xml.security.Init.init();
Signer.signObjects(signatureList);
return logoutRequest;
} catch (Exception e) {
throw new SSOAgentException("Error while signing the Logout Request message", e);
}
}
Example #2
| Source File: LogoutRequestSchemaValidator.java From lams with GNU General Public License v2.0 | 6 votes |
|
/**
* Validate the Identifier child types (BaseID, NameID, EncryptedID).
*
* @param request the request being processed
* @throws ValidationException thrown if the identifiers present are not valid
*/
protected void validateIdentifiers(LogoutRequest request) throws ValidationException {
int idCount = 0;
if (request.getBaseID() != null) {
idCount++;
}
if (request.getNameID() != null) {
idCount++;
}
if (request.getEncryptedID() != null) {
idCount++;
}
if (idCount != 1) {
throw new ValidationException("LogoutRequest must contain exactly one of: BaseID, NameID, EncryptedID");
}
}
Example #3
| Source File: LogoutRequestUnmarshaller.java From lams with GNU General Public License v2.0 | 6 votes |
|
/** {@inheritDoc} */
protected void processChildElement(XMLObject parentSAMLObject, XMLObject childSAMLObject)
throws UnmarshallingException {
LogoutRequest req = (LogoutRequest) parentSAMLObject;
if (childSAMLObject instanceof BaseID) {
req.setBaseID((BaseID) childSAMLObject);
} else if (childSAMLObject instanceof NameID) {
req.setNameID((NameID) childSAMLObject);
} else if (childSAMLObject instanceof EncryptedID) {
req.setEncryptedID((EncryptedID) childSAMLObject);
} else if (childSAMLObject instanceof SessionIndex) {
req.getSessionIndexes().add((SessionIndex) childSAMLObject);
} else {
super.processChildElement(parentSAMLObject, childSAMLObject);
}
}
Example #4
| Source File: DefaultSAML2SSOManager.java From carbon-identity with Apache License 2.0 | 6 votes |
|
/**
* This method handles the logout requests from the IdP
* Any request for the defined logout URL is handled here
*
* @param request
* @throws javax.servlet.ServletException
* @throws IOException
*/
public void doSLO(HttpServletRequest request) throws SAMLSSOException {
doBootstrap();
XMLObject samlObject = null;
if (request.getParameter(SSOConstants.HTTP_POST_PARAM_SAML2_AUTH_REQ) != null) {
samlObject = unmarshall(new String(Base64.decode(request.getParameter(
SSOConstants.HTTP_POST_PARAM_SAML2_AUTH_REQ))));
}
if (samlObject == null) {
samlObject = unmarshall(new String(Base64.decode(request.getParameter(
SSOConstants.HTTP_POST_PARAM_SAML2_RESP))));
}
if (samlObject instanceof LogoutRequest) {
LogoutRequest logoutRequest = (LogoutRequest) samlObject;
String sessionIndex = logoutRequest.getSessionIndexes().get(0).getSessionIndex();
} else if (samlObject instanceof LogoutResponse) {
request.getSession().invalidate();
} else {
throw new SAMLSSOException("Invalid Single Logout SAML Request");
}
}
Example #5
| Source File: SSOAssertionConsumerService.java From carbon-identity with Apache License 2.0 | 6 votes |
|
/**
* This method is used to handle the single logout requests sent by the Identity Provider
*
* @param req Corresponding HttpServletRequest
* @param resp Corresponding HttpServletResponse
*/
private void handleSingleLogoutRequest(HttpServletRequest req, HttpServletResponse resp) {
String logoutReqStr = req.getParameter(SAML2SSOAuthenticatorConstants.HTTP_POST_PARAM_SAML2_AUTH_REQ);
XMLObject samlObject = null;
try {
samlObject = Util.unmarshall(Util.decode(logoutReqStr));
} catch (SAML2SSOUIAuthenticatorException e) {
log.error("Error handling the single logout request", e);
}
if (samlObject instanceof LogoutRequest) {
LogoutRequest logoutRequest = (LogoutRequest) samlObject;
// There can be only one session index entry.
List<SessionIndex> sessionIndexList = logoutRequest.getSessionIndexes();
if (sessionIndexList.size() > 0) {
SSOSessionManager.getInstance().handleLogout(
sessionIndexList.get(0).getSessionIndex());
}
}
}
Example #6
| Source File: SAMLUtilsTest.java From cloudstack with Apache License 2.0 | 5 votes |
|
@Test
public void testBuildLogoutRequest() throws Exception {
String logoutUrl = "http://logoutUrl";
String spId = "cloudstack";
String nameId = "_12345";
LogoutRequest req = SAMLUtils.buildLogoutRequest(logoutUrl, spId, nameId);
assertEquals(req.getDestination(), logoutUrl);
assertEquals(req.getIssuer().getValue(), spId);
}
Example #7
| Source File: SAMLUtils.java From cloudstack with Apache License 2.0 | 5 votes |
|
public static LogoutRequest buildLogoutRequest(String logoutUrl, String spId, String nameIdString) {
Issuer issuer = new IssuerBuilder().buildObject();
issuer.setValue(spId);
NameID nameID = new NameIDBuilder().buildObject();
nameID.setValue(nameIdString);
LogoutRequest logoutRequest = new LogoutRequestBuilder().buildObject();
logoutRequest.setID(generateSecureRandomId());
logoutRequest.setDestination(logoutUrl);
logoutRequest.setVersion(SAMLVersion.VERSION_20);
logoutRequest.setIssueInstant(new DateTime());
logoutRequest.setIssuer(issuer);
logoutRequest.setNameID(nameID);
return logoutRequest;
}
Example #8
| Source File: SAMLSSORelyingPartyObject.java From carbon-commons with Apache License 2.0 | 5 votes |
|
/**
* Invalidate current browser authenticated session based on SAML log out request session index value.
*
* @param cx
* @param thisObj
* @param args
* @param funObj
* @throws Exception
*/
public static void jsFunction_invalidateSessionBySAMLResponse(Context cx, Scriptable thisObj,
Object[] args,
Function funObj)
throws Exception {
int argLength = args.length;
if (argLength != 1 || !(args[0] instanceof String)) {
throw new ScriptException("Invalid argument. SAML log out request is missing.");
}
String decodedString = Util.decode((String) args[0]);
SAMLSSORelyingPartyObject relyingPartyObject = (SAMLSSORelyingPartyObject) thisObj;
XMLObject samlObject = Util.unmarshall(decodedString);
String sessionIndex = null;
if (samlObject instanceof LogoutRequest) {
// if log out request
LogoutRequest samlLogoutRequest = (LogoutRequest) samlObject;
List<SessionIndex> sessionIndexes = samlLogoutRequest.getSessionIndexes();
if (sessionIndexes != null && sessionIndexes.size() > 0) {
sessionIndex = sessionIndexes.get(0).getSessionIndex();
}
}
if (sessionIndex == null) {
throw new Exception("Failed to get session index from session indexes in SAML logout request.");
}
relyingPartyObject.invalidateSessionBySessionIndex(sessionIndex);
// this is to invalidate relying party object after user log out. To release memory allocations.
invalidateRelyingPartyObject(relyingPartyObject.getSSOProperty(SSOConstants.ISSUER_ID));
}
Example #9
| Source File: SAMLSSORelyingPartyObject.java From carbon-commons with Apache License 2.0 | 5 votes |
|
/**
* @param cx
* @param thisObj
* @param args -args[0]-Logout request xml as a string.
* @param funObj
* @return
* @throws Exception
*/
public static boolean jsFunction_isLogoutRequest(Context cx, Scriptable thisObj, Object[] args,
Function funObj)
throws Exception {
int argLength = args.length;
if (argLength != 1 || !(args[0] instanceof String)) {
throw new ScriptException("Invalid argument. Logout request xml is missing.");
}
String decodedString = Util.decode((String) args[0]);
XMLObject samlObject = Util.unmarshall(decodedString);
return samlObject instanceof LogoutRequest;
}
Example #10
| Source File: LogoutRequestBuilder.java From carbon-commons with Apache License 2.0 | 5 votes |
|
/**
* Build the logout request
* @param subject name of the user
* @param reason reason for generating logout request.
* @return LogoutRequest object
*/
public LogoutRequest buildLogoutRequest(String subject,String sessionIndexId, String reason,
String issuerId) {
Util.doBootstrap();
LogoutRequest logoutReq = new org.opensaml.saml2.core.impl.LogoutRequestBuilder().buildObject();
logoutReq.setID(Util.createID());
DateTime issueInstant = new DateTime();
logoutReq.setIssueInstant(issueInstant);
logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(issuerId);
logoutReq.setIssuer(issuer);
NameID nameId = new NameIDBuilder().buildObject();
nameId.setFormat(SSOConstants.SAML2_NAME_ID_POLICY);
nameId.setValue(subject);
logoutReq.setNameID(nameId);
SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
sessionIndex.setSessionIndex(sessionIndexId);
logoutReq.getSessionIndexes().add(sessionIndex);
logoutReq.setReason(reason);
return logoutReq;
}
Example #11
| Source File: SAML2SSOManager.java From carbon-identity with Apache License 2.0 | 5 votes |
|
protected LogoutRequest buildLogoutRequest(String user, String sessionIdx) throws SSOAgentException {
LogoutRequest logoutReq = new LogoutRequestBuilder().buildObject();
logoutReq.setID(SSOAgentUtils.createID());
logoutReq.setDestination(ssoAgentConfig.getSAML2().getIdPURL());
DateTime issueInstant = new DateTime();
logoutReq.setIssueInstant(issueInstant);
logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(ssoAgentConfig.getSAML2().getSPEntityId());
logoutReq.setIssuer(issuer);
NameID nameId = new NameIDBuilder().buildObject();
nameId.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
nameId.setValue(user);
logoutReq.setNameID(nameId);
SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
sessionIndex.setSessionIndex(sessionIdx);
logoutReq.getSessionIndexes().add(sessionIndex);
logoutReq.setReason("Single Logout");
return logoutReq;
}
Example #12
| Source File: SAMLSSOService.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* Validates the SAMLRquest, the request can be the type AuthnRequest or
* LogoutRequest. The SigAlg and Signature parameter will be used only with
* the HTTP Redirect binding. With HTTP POST binding these values are null.
* If the user already having a SSO session then the Response
* will be returned if not only the validation results will be returned.
*
* @param samlReq
* @param queryString
* @param sessionId
* @param rpSessionId
* @param authnMode
* @return
* @throws IdentityException
*/
public SAMLSSOReqValidationResponseDTO validateSPInitSSORequest(String samlReq, String queryString,
String sessionId, String rpSessionId,
String authnMode, boolean isPost)
throws IdentityException {
XMLObject request;
if (isPost) {
request = SAMLSSOUtil.unmarshall(SAMLSSOUtil.decodeForPost(samlReq));
} else {
request = SAMLSSOUtil.unmarshall(SAMLSSOUtil.decode(samlReq));
}
if (request instanceof AuthnRequest) {
SSOAuthnRequestValidator authnRequestValidator =
SAMLSSOUtil.getSPInitSSOAuthnRequestValidator((AuthnRequest) request);
SAMLSSOReqValidationResponseDTO validationResp = authnRequestValidator.validate();
validationResp.setRequestMessageString(samlReq);
validationResp.setQueryString(queryString);
validationResp.setRpSessionId(rpSessionId);
validationResp.setIdPInitSSO(false);
return validationResp;
} else if (request instanceof LogoutRequest) {
SPInitLogoutRequestProcessor logoutReqProcessor = SAMLSSOUtil.getSPInitLogoutRequestProcessor();
SAMLSSOReqValidationResponseDTO validationResponseDTO =
logoutReqProcessor.process((LogoutRequest) request,
sessionId,
queryString);
return validationResponseDTO;
}
return null;
}
Example #13
| Source File: SAMLSSOUtil.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* Validates the signature of the LogoutRequest message.
* TODO : for stratos deployment, super tenant key should be used
* @param logoutRequest
* @param alias
* @param subject
* @param queryString
* @return
* @throws IdentityException
*/
public static boolean validateLogoutRequestSignature(LogoutRequest logoutRequest, String alias,
String subject, String queryString) throws IdentityException {
String domainName = getTenantDomainFromThreadLocal();
if (queryString != null) {
return validateDeflateSignature(queryString, logoutRequest.getIssuer().getValue(), alias, domainName);
} else {
return validateXMLSignature(logoutRequest, alias, domainName);
}
}
Example #14
| Source File: LogoutRequestBuilder.java From carbon-identity with Apache License 2.0 | 5 votes |
|
/**
* Build the logout request
*
* @param subject name of the user
* @param reason reason for generating logout request.
* @return LogoutRequest object
* @throws Exception
*/
public LogoutRequest buildLogoutRequest(String subject, String reason, String sessionIndexStr) throws Exception {
log.info("Building logout request");
Util.doBootstrap();
LogoutRequest logoutReq = new org.opensaml.saml2.core.impl.LogoutRequestBuilder().buildObject();
logoutReq.setID(Util.createID());
logoutReq.setDestination(Util.getIdentityProviderSSOServiceURL());
DateTime issueInstant = new DateTime();
logoutReq.setIssueInstant(issueInstant);
logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(Util.getServiceProviderId());
logoutReq.setIssuer(issuer);
NameID nameId = new NameIDBuilder().buildObject();
nameId.setFormat(SAML2SSOAuthenticatorConstants.SAML2_NAME_ID_POLICY_TRANSIENT);
nameId.setValue(subject);
logoutReq.setNameID(nameId);
SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
sessionIndex.setSessionIndex(sessionIndexStr);
logoutReq.getSessionIndexes().add(sessionIndex);
logoutReq.setReason(reason);
Util.setSignature(logoutReq, XMLSignature.ALGO_ID_SIGNATURE_RSA, new SignKeyDataHolder());
return logoutReq;
}
Example #15
| Source File: LogoutRequestUnmarshaller.java From lams with GNU General Public License v2.0 | 5 votes |
|
/** {@inheritDoc} */
protected void processAttribute(XMLObject samlObject, Attr attribute) throws UnmarshallingException {
LogoutRequest req = (LogoutRequest) samlObject;
if (attribute.getLocalName().equals(LogoutRequest.REASON_ATTRIB_NAME)) {
req.setReason(attribute.getValue());
} else if (attribute.getLocalName().equals(LogoutRequest.NOT_ON_OR_AFTER_ATTRIB_NAME)
&& !DatatypeHelper.isEmpty(attribute.getValue())) {
req.setNotOnOrAfter(new DateTime(attribute.getValue(), ISOChronology.getInstanceUTC()));
} else {
super.processAttribute(samlObject, attribute);
}
}
Example #16
| Source File: LogoutRequestMarshaller.java From lams with GNU General Public License v2.0 | 5 votes |
|
/** {@inheritDoc} */
protected void marshallAttributes(XMLObject samlObject, Element domElement) throws MarshallingException {
LogoutRequest req = (LogoutRequest) samlObject;
if (req.getReason() != null) {
domElement.setAttributeNS(null, LogoutRequest.REASON_ATTRIB_NAME, req.getReason());
}
if (req.getNotOnOrAfter() != null) {
String noaStr = Configuration.getSAMLDateFormatter().print(req.getNotOnOrAfter());
domElement.setAttributeNS(null, LogoutRequest.NOT_ON_OR_AFTER_ATTRIB_NAME, noaStr);
}
super.marshallAttributes(samlObject, domElement);
}
Example #17
| Source File: SingleLogoutMessageBuilder.java From carbon-identity with Apache License 2.0 | 4 votes |
|
public LogoutRequest buildLogoutRequest(String subject, String sessionId, String reason, String destination,
String nameIDFormat, String tenantDomain, String
requestsigningAlgorithmUri, String requestDigestAlgoUri) throws
IdentityException {
LogoutRequest logoutReq = new LogoutRequestBuilder().buildObject();
logoutReq.setID(SAMLSSOUtil.createID());
DateTime issueInstant = new DateTime();
logoutReq.setIssueInstant(issueInstant);
logoutReq.setIssuer(SAMLSSOUtil.getIssuerFromTenantDomain(tenantDomain));
logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));
NameID nameId = new NameIDBuilder().buildObject();
nameId.setFormat(nameIDFormat);
nameId.setValue(subject);
logoutReq.setNameID(nameId);
SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
sessionIndex.setSessionIndex(sessionId);
logoutReq.getSessionIndexes().add(sessionIndex);
if (destination != null) {
logoutReq.setDestination(destination);
}
logoutReq.setReason(reason);
int tenantId;
if (StringUtils.isEmpty(tenantDomain) || "null".equals(tenantDomain)) {
tenantDomain = MultitenantConstants.SUPER_TENANT_DOMAIN_NAME;
tenantId = MultitenantConstants.SUPER_TENANT_ID;
} else {
try {
tenantId = SAMLSSOUtil.getRealmService().getTenantManager().getTenantId(tenantDomain);
} catch (UserStoreException e) {
throw IdentityException.error("Error occurred while retrieving tenant id from tenant domain", e);
}
if(MultitenantConstants.INVALID_TENANT_ID == tenantId) {
throw IdentityException.error("Invalid tenant domain - '" + tenantDomain + "'" );
}
}
try {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantDomain(tenantDomain);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(tenantId);
SAMLSSOUtil.setSignature(logoutReq, requestsigningAlgorithmUri, requestDigestAlgoUri, new
SignKeyDataHolder(null));
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
return logoutReq;
}
Example #18
| Source File: SAML2SSOManager.java From carbon-identity with Apache License 2.0 | 4 votes |
|
/**
* Handles the request for http post binding
*
* @param request The HTTP request with SAML2 message
* @param response The HTTP response
* @param isLogout Whether the request is a logout request
* @throws SSOAgentException
*/
public String buildPostRequest(HttpServletRequest request, HttpServletResponse response,
boolean isLogout) throws SSOAgentException {
RequestAbstractType requestMessage = null;
if (!isLogout) {
requestMessage = buildAuthnRequest(request);
if (ssoAgentConfig.getSAML2().isRequestSigned()) {
requestMessage = SSOAgentUtils.setSignature((AuthnRequest) requestMessage,
XMLSignature.ALGO_ID_SIGNATURE_RSA,
new X509CredentialImpl(ssoAgentConfig.getSAML2().getSSOAgentX509Credential()));
}
} else {
LoggedInSessionBean sessionBean = (LoggedInSessionBean) request.getSession(false).
getAttribute(SSOAgentConstants.SESSION_BEAN_NAME);
if (sessionBean != null) {
requestMessage = buildLogoutRequest(sessionBean.getSAML2SSO()
.getSubjectId(), sessionBean.getSAML2SSO().getSessionIndex());
if (ssoAgentConfig.getSAML2().isRequestSigned()) {
requestMessage = SSOAgentUtils.setSignature((LogoutRequest) requestMessage,
XMLSignature.ALGO_ID_SIGNATURE_RSA,
new X509CredentialImpl(ssoAgentConfig.getSAML2().getSSOAgentX509Credential()));
}
} else {
throw new SSOAgentException("SLO Request can not be built. SSO Session is null");
}
}
String encodedRequestMessage = encodeRequestMessage(requestMessage, SAMLConstants.SAML2_POST_BINDING_URI);
Map<String, String[]> paramsMap = new HashMap<String, String[]>();
paramsMap.put(SSOAgentConstants.SAML2SSO.HTTP_POST_PARAM_SAML2_AUTH_REQ,
new String[]{encodedRequestMessage});
if (ssoAgentConfig.getSAML2().getRelayState() != null) {
paramsMap.put(RelayState.DEFAULT_ELEMENT_LOCAL_NAME,
new String[]{ssoAgentConfig.getSAML2().getRelayState()});
}
//Add any additional parameters defined
if (ssoAgentConfig.getQueryParams() != null && !ssoAgentConfig.getQueryParams().isEmpty()) {
paramsMap.putAll(ssoAgentConfig.getQueryParams());
}
StringBuilder htmlParams = new StringBuilder();
for (Map.Entry<String, String[]> entry : paramsMap.entrySet()) {
if (entry.getKey() != null && entry.getValue() != null && entry.getValue().length > 0) {
for (String param : entry.getValue()) {
htmlParams.append("<input type='hidden' name='").append(entry.getKey())
.append("' value='").append(param).append("'>\n");
}
}
}
String htmlPayload = ssoAgentConfig.getSAML2().getPostBindingRequestHTMLPayload();
if (htmlPayload == null || !htmlPayload.contains("<!--$saml_params-->")) {
htmlPayload = "<html>\n" +
"<body>\n" +
"<p>You are now redirected back to " + ssoAgentConfig.getSAML2().getIdPURL() + " \n" +
"If the redirection fails, please click the post button.</p>\n" +
"<form method='post' action='" + ssoAgentConfig.getSAML2().getIdPURL() + "'>\n" +
"<p>\n" +
htmlParams.toString() +
"<button type='submit'>POST</button>\n" +
"</p>\n" +
"</form>\n" +
"<script type='text/javascript'>\n" +
"document.forms[0].submit();\n" +
"</script>\n" +
"</body>\n" +
"</html>";
} else {
htmlPayload = htmlPayload.replace("<!--$saml_params-->",
htmlParams.toString());
}
return htmlPayload;
}
Example #19
| Source File: DefaultSAML2SSOManager.java From carbon-identity with Apache License 2.0 | 4 votes |
|
private LogoutRequest buildLogoutRequest(String user, String sessionIndexStr, String idpUrl, String nameQualifier, String spNameQualifier)
throws SAMLSSOException {
LogoutRequest logoutReq = new LogoutRequestBuilder().buildObject();
logoutReq.setID(SSOUtils.createID());
logoutReq.setDestination(idpUrl);
DateTime issueInstant = new DateTime();
logoutReq.setIssueInstant(issueInstant);
logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
String spEntityId = properties.get(IdentityApplicationConstants.Authenticator.SAML2SSO.SP_ENTITY_ID);
if (spEntityId != null && !spEntityId.isEmpty()) {
issuer.setValue(spEntityId);
} else {
issuer.setValue("carbonServer");
}
logoutReq.setIssuer(issuer);
NameID nameId = new NameIDBuilder().buildObject();
nameId.setFormat(NameIDType.UNSPECIFIED);
nameId.setValue(user);
nameId.setNameQualifier(nameQualifier);
nameId.setSPNameQualifier(spNameQualifier);
logoutReq.setNameID(nameId);
SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
if (sessionIndexStr != null) {
sessionIndex.setSessionIndex(sessionIndexStr);
} else {
sessionIndex.setSessionIndex(UUID.randomUUID().toString());
}
logoutReq.getSessionIndexes().add(sessionIndex);
logoutReq.setReason("Single Logout");
return logoutReq;
}
Example #20
| Source File: LogoutRequestBuilder.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
public LogoutRequest buildObject(String namespaceURI, String localName, String namespacePrefix) {
return new LogoutRequestImpl(namespaceURI, localName, namespacePrefix);
}
Example #21
| Source File: LogoutRequestBuilder.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
public LogoutRequest buildObject() {
return buildObject(SAMLConstants.SAML20P_NS, LogoutRequest.DEFAULT_ELEMENT_LOCAL_NAME,
SAMLConstants.SAML20P_PREFIX);
}
Example #22
| Source File: LogoutRequestSchemaValidator.java From lams with GNU General Public License v2.0 | 4 votes |
|
/** {@inheritDoc} */
public void validate(LogoutRequest request) throws ValidationException {
super.validate(request);
validateIdentifiers(request);
}
Example #23
| Source File: SAMLSSOUtil.java From carbon-identity with Apache License 2.0 | 2 votes |
|
/**
* Sign SAML Logout Request message
*
* @param request
* @param signatureAlgorithm
* @param digestAlgorithm
* @param cred
* @return
* @throws IdentityException
*/
public static LogoutRequest setSignature(LogoutRequest request, String signatureAlgorithm, String
digestAlgorithm, X509Credential cred) throws IdentityException {
return (LogoutRequest) doSetSignature(request, signatureAlgorithm, digestAlgorithm, cred);
}
Example #24
| Source File: SPInitSSOLogoutRequestProcessor.java From carbon-identity with Apache License 2.0 | 2 votes |
|
/**
* Processes the logout request according to SAML SSO Web Browser Specification
*
* @return SAMLSSOSignInResponseDTO : includes processing outputs
* @throws IdentityException
*/
SAMLSSOReqValidationResponseDTO process(LogoutRequest logoutRequest, String sessionId,
String queryString) throws IdentityException;
