Java Code Examples for org.opensaml.saml.saml2.core.LogoutRequest#setIssuer()

The following examples show how to use org.opensaml.saml.saml2.core.LogoutRequest#setIssuer() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: SamlServiceProviderTest.java    From armeria with Apache License 2.0 6 votes vote down vote up
private static LogoutRequest getLogoutRequest(String destination, String issuerId) {
    final LogoutRequest logoutRequest = build(LogoutRequest.DEFAULT_ELEMENT_NAME);

    logoutRequest.setID(requestIdManager.newId());
    logoutRequest.setDestination(destination);

    final Issuer issuer = build(Issuer.DEFAULT_ELEMENT_NAME);
    issuer.setValue(issuerId);
    logoutRequest.setIssuer(issuer);
    logoutRequest.setIssueInstant(DateTime.now());

    final NameID nameID = build(NameID.DEFAULT_ELEMENT_NAME);
    nameID.setFormat(SamlNameIdFormat.EMAIL.urn());

    logoutRequest.setNameID(nameID);

    return logoutRequest;
}
 
Example 2
Source File: LogoutRequestBuilder.java    From carbon-apimgt with Apache License 2.0 6 votes vote down vote up
/**
 * Build the logout request
 * @param subject name of the user
 * @param reason reason for generating logout request.
 * @return LogoutRequest object
 */
public LogoutRequest buildLogoutRequest(String subject,String sessionIndexId, String reason,
                                        String issuerId, String nameIdFormat) {
    Util.doBootstrap();
    LogoutRequest logoutReq = new org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder().buildObject();
    logoutReq.setID(Util.createID());

    DateTime issueInstant = new DateTime();
    logoutReq.setIssueInstant(issueInstant);
    logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));

    IssuerBuilder issuerBuilder = new IssuerBuilder();
    Issuer issuer = issuerBuilder.buildObject();
    issuer.setValue(issuerId);
    logoutReq.setIssuer(issuer);

    logoutReq.setNameID(Util.buildNameID(nameIdFormat, subject));

    SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
    sessionIndex.setSessionIndex(sessionIndexId);
    logoutReq.getSessionIndexes().add(sessionIndex);

    logoutReq.setReason(reason);

    return logoutReq;
}
 
Example 3
Source File: LogoutRequestBuilder.java    From carbon-apimgt with Apache License 2.0 6 votes vote down vote up
/**
 * Overload Logout request for sessionIndexId is not exist case
 *
 * @param subject Subject
 * @param reason Reason for logout
 * @param issuerId id of issuer
 * @return SAML logout request
 */
public LogoutRequest buildLogoutRequest(String subject, String reason,
                                        String issuerId, String nameIdFormat) {
    Util.doBootstrap();
    LogoutRequest logoutReq = new org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder().buildObject();
    logoutReq.setID(Util.createID());

    DateTime issueInstant = new DateTime();
    logoutReq.setIssueInstant(issueInstant);
    logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));

    IssuerBuilder issuerBuilder = new IssuerBuilder();
    Issuer issuer = issuerBuilder.buildObject();
    issuer.setValue(issuerId);
    logoutReq.setIssuer(issuer);

    logoutReq.setNameID(Util.buildNameID(nameIdFormat, subject));

    logoutReq.setReason(reason);

    return logoutReq;
}
 
Example 4
Source File: LogoutRequestBuilder.java    From carbon-apimgt with Apache License 2.0 5 votes vote down vote up
/**
 * Build the logout request
 * @param subject name of the user
 * @param reason reason for generating logout request.
 * @return LogoutRequest object
 */
public LogoutRequest buildSignedLogoutRequest(String subject,String sessionIndexId, String reason,
        String issuerId, int tenantId, String tenantDomain, String destination, String nameIdFormat)
        throws SSOHostObjectException {
    Util.doBootstrap();
    LogoutRequest logoutReq = new org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder().buildObject();
    logoutReq.setID(Util.createID());

    DateTime issueInstant = new DateTime();
    logoutReq.setIssueInstant(issueInstant);
    logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));

    IssuerBuilder issuerBuilder = new IssuerBuilder();
    Issuer issuer = issuerBuilder.buildObject();
    issuer.setValue(issuerId);
    logoutReq.setIssuer(issuer);

    logoutReq.setNameID(Util.buildNameID(nameIdFormat, subject));

    SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
    sessionIndex.setSessionIndex(sessionIndexId);
    logoutReq.getSessionIndexes().add(sessionIndex);

    logoutReq.setReason(reason);
    logoutReq.setDestination(destination);

    SSOAgentCarbonX509Credential ssoAgentCarbonX509Credential =
            new SSOAgentCarbonX509Credential(tenantId, tenantDomain);
    setSignature(logoutReq, SignatureConstants.ALGO_ID_SIGNATURE_RSA,
            new X509CredentialImpl(ssoAgentCarbonX509Credential));

    return logoutReq;
}
 
Example 5
Source File: LogoutRequestBuilder.java    From carbon-apimgt with Apache License 2.0 5 votes vote down vote up
/**
 * Overload Logout request for sessionIndexId is not exist case
 *
 * @param subject Subject
 * @param reason Reason for logout
 * @param issuerId id of issuer
 * @return Signed SAML logout request
 */
public LogoutRequest buildSignedLogoutRequest(String subject, String reason,
        String issuerId, int tenantId, String tenantDomain, String destination, String nameIdFormat)
        throws SSOHostObjectException {
    Util.doBootstrap();
    LogoutRequest logoutReq = new org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder().buildObject();
    logoutReq.setID(Util.createID());

    DateTime issueInstant = new DateTime();
    logoutReq.setIssueInstant(issueInstant);
    logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));

    IssuerBuilder issuerBuilder = new IssuerBuilder();
    Issuer issuer = issuerBuilder.buildObject();
    issuer.setValue(issuerId);
    logoutReq.setIssuer(issuer);

    logoutReq.setNameID(Util.buildNameID(nameIdFormat, subject));

    logoutReq.setReason(reason);
    logoutReq.setDestination(destination);

    SSOAgentCarbonX509Credential ssoAgentCarbonX509Credential =
            new SSOAgentCarbonX509Credential(tenantId, tenantDomain);
    setSignature(logoutReq, SignatureConstants.ALGO_ID_SIGNATURE_RSA,
            new X509CredentialImpl(ssoAgentCarbonX509Credential));

    return logoutReq;
}
 
Example 6
Source File: SamlpRequestComponentBuilder.java    From cxf with Apache License 2.0 5 votes vote down vote up
@SuppressWarnings("unchecked")
public static LogoutRequest createLogoutRequest(
    SAMLVersion version,
    Issuer issuer,
    String destination,
    String consent,
    Date notOnOrAfter,
    String reason,
    NameID nameID
) {
    if (logoutRequestBuilder == null) {
        logoutRequestBuilder = (SAMLObjectBuilder<LogoutRequest>)
            builderFactory.getBuilder(LogoutRequest.DEFAULT_ELEMENT_NAME);
    }
    LogoutRequest logoutRequest = logoutRequestBuilder.buildObject();
    logoutRequest.setID("_" + UUID.randomUUID());
    logoutRequest.setVersion(version);
    logoutRequest.setIssueInstant(new DateTime());
    logoutRequest.setDestination(destination);
    logoutRequest.setConsent(consent);
    logoutRequest.setIssuer(issuer);
    if (notOnOrAfter != null) {
        logoutRequest.setNotOnOrAfter(new DateTime(notOnOrAfter.getTime()));
    }
    logoutRequest.setReason(reason);
    logoutRequest.setNameID(nameID);

    return logoutRequest;
}
 
Example 7
Source File: SamlpRequestComponentBuilder.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
@SuppressWarnings("unchecked")
public static LogoutRequest createLogoutRequest(
    Issuer issuer,
    String reason,
    NameID nameId,
    List<String> sessionIndices
) {
    if (logoutRequestBuilder == null) {
        logoutRequestBuilder = (SAMLObjectBuilder<LogoutRequest>)
            builderFactory.getBuilder(LogoutRequest.DEFAULT_ELEMENT_NAME);
    }
    if (sessionIndexBuilder == null) {
        sessionIndexBuilder = (SAMLObjectBuilder<SessionIndex>)
            builderFactory.getBuilder(SessionIndex.DEFAULT_ELEMENT_NAME);
    }

    LogoutRequest logoutRequest = logoutRequestBuilder.buildObject();

    logoutRequest.setID("_" + UUID.randomUUID().toString());
    logoutRequest.setIssueInstant(new DateTime());

    if (reason != null) {
        logoutRequest.setReason(reason);
    }
    if (nameId != null) {
        logoutRequest.setNameID(nameId);
    }

    if (sessionIndices != null && !sessionIndices.isEmpty()) {
        for (String sessionIndex : sessionIndices) {
            SessionIndex sessionIndexObj = sessionIndexBuilder.buildObject();
            sessionIndexObj.setSessionIndex(sessionIndex);
            logoutRequest.getSessionIndexes().add(sessionIndexObj);
        }
    }

    logoutRequest.setIssuer(issuer);

    return logoutRequest;
}
 
Example 8
Source File: SAML2SPLogic.java    From syncope with Apache License 2.0 4 votes vote down vote up
@PreAuthorize("isAuthenticated() and not(hasRole('" + IdRepoEntitlement.ANONYMOUS + "'))")
public SAML2RequestTO createLogoutRequest(final String accessToken, final String spEntityID) {
    check();

    // 1. fetch the current JWT used for Syncope authentication
    JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(accessToken);
    if (!consumer.verifySignatureWith(jwsSignatureVerifier)) {
        throw new IllegalArgumentException("Invalid signature found in Access Token");
    }

    // 2. look for IdP
    String idpEntityID = (String) consumer.getJwtClaims().getClaim(JWT_CLAIM_IDP_ENTITYID);
    if (idpEntityID == null) {
        throw new NotFoundException("No SAML 2.0 IdP information found in the access token");
    }
    SAML2IdPEntity idp = cache.get(idpEntityID);
    if (idp == null) {
        throw new NotFoundException("SAML 2.0 IdP '" + idpEntityID + '\'');
    }
    if (idp.getSLOLocation(idp.getBindingType()) == null) {
        throw new IllegalArgumentException("No SingleLogoutService available for " + idp.getId());
    }

    // 3. create LogoutRequest
    LogoutRequest logoutRequest = new LogoutRequestBuilder().buildObject();
    logoutRequest.setID('_' + SecureRandomUtils.generateRandomUUID().toString());
    logoutRequest.setDestination(idp.getSLOLocation(idp.getBindingType()).getLocation());

    DateTime now = new DateTime();
    logoutRequest.setIssueInstant(now);
    logoutRequest.setNotOnOrAfter(now.plusMinutes(5));

    Issuer issuer = new IssuerBuilder().buildObject();
    issuer.setValue(spEntityID);
    logoutRequest.setIssuer(issuer);

    NameID nameID = new NameIDBuilder().buildObject();
    nameID.setFormat((String) consumer.getJwtClaims().getClaim(JWT_CLAIM_NAMEID_FORMAT));
    nameID.setValue((String) consumer.getJwtClaims().getClaim(JWT_CLAIM_NAMEID_VALUE));
    logoutRequest.setNameID(nameID);

    SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
    sessionIndex.setSessionIndex((String) consumer.getJwtClaims().getClaim(JWT_CLAIM_SESSIONINDEX));
    logoutRequest.getSessionIndexes().add(sessionIndex);

    SAML2RequestTO requestTO = new SAML2RequestTO();
    requestTO.setIdpServiceAddress(logoutRequest.getDestination());
    requestTO.setBindingType(idp.getBindingType());
    try {
        // 3. generate relay state as JWT
        Map<String, Object> claims = new HashMap<>();
        claims.put(JWT_CLAIM_IDP_DEFLATE,
                idp.getBindingType() == SAML2BindingType.REDIRECT ? true : idp.isUseDeflateEncoding());
        Pair<String, Date> relayState = accessTokenDataBinder.generateJWT(
                SecureRandomUtils.generateRandomUUID().toString(),
                logoutRequest.getID(), JWT_RELAY_STATE_DURATION, claims);
        requestTO.setRelayState(relayState.getLeft());

        // 4. sign and encode AuthnRequest
        switch (idp.getBindingType()) {
            case REDIRECT:
                requestTO.setContent(SAML2ReaderWriter.encode(logoutRequest, true));
                requestTO.setSignAlg(saml2rw.getSigAlgo());
                requestTO.setSignature(saml2rw.sign(requestTO.getContent(), requestTO.getRelayState()));
                break;

            case POST:
            default:
                saml2rw.sign(logoutRequest);
                requestTO.setContent(SAML2ReaderWriter.encode(logoutRequest, idp.isUseDeflateEncoding()));
        }
    } catch (Exception e) {
        LOG.error("While generating LogoutRequest", e);
        SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unknown);
        sce.getElements().add(e.getMessage());
        throw sce;
    }

    return requestTO;
}