/** * Decrypt any {@link EncryptedID} found in a LogoutRequest and replace it with the result. * * @param profileRequestContext current profile request context * @param request request to operate on * * @throws DecryptionException if an error occurs */ private void processLogoutRequest(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final LogoutRequest request) throws DecryptionException { if (request.getEncryptedID() != null) { log.debug("{} Decrypting EncryptedID in LogoutRequest", getLogPrefix()); final NameID decrypted = processEncryptedID(profileRequestContext, request.getEncryptedID()); if (decrypted != null) { request.setNameID(decrypted); request.setEncryptedID(null); } } }
/** * Validates the SAML logout request. * * @param logoutRequest the logout request * @param context the context * @param engine the signature engine */ protected void validateLogoutRequest(final LogoutRequest logoutRequest, final SAML2MessageContext context, final SignatureTrustEngine engine) { validateSignatureIfItExists(logoutRequest.getSignature(), context, engine); // don't check because of CAS v5 //validateIssueInstant(logoutRequest.getIssueInstant()); validateIssuerIfItExists(logoutRequest.getIssuer(), context); final EncryptedID encryptedID = logoutRequest.getEncryptedID(); if (encryptedID != null) { decryptEncryptedId(encryptedID, decrypter); } final List<SessionIndex> sessionIndexes = logoutRequest.getSessionIndexes(); if (sessionIndexes == null || sessionIndexes.size() != 1) { throw new SAMLException("We must have one session index in the logout request"); } String sessionIndex = sessionIndexes.get(0).getSessionIndex(); final String bindingUri = context.getSAMLBindingContext().getBindingUri(); if (SAMLConstants.SAML2_SOAP11_BINDING_URI.equals(bindingUri)) { logoutHandler.destroySessionBack(context.getWebContext(), sessionIndex); } else { logoutHandler.destroySessionFront(context.getWebContext(), sessionIndex); } }
protected LogoutRequest resolveLogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest request, List<SimpleKey> verificationKeys, List<SimpleKey> localKeys) { LogoutRequest result = new LogoutRequest() .setId(request.getID()) .setConsent(request.getConsent()) .setVersion(request.getVersion().toString()) .setNotOnOrAfter(request.getNotOnOrAfter()) .setIssueInstant(request.getIssueInstant()) .setReason(LogoutReason.fromUrn(request.getReason())) .setIssuer(getIssuer(request.getIssuer())) .setDestination(new Endpoint().setLocation(request.getDestination())); NameID nameID = getNameID(request.getNameID(), request.getEncryptedID(), localKeys); result.setNameId(getNameIdPrincipal(nameID)); return result; }