private SamlIdentityProviderConfig validateAndGetIdPConfig(LogoutRequest logoutRequest, String endpointUri) { final String issuer = logoutRequest.getIssuer().getValue(); if (issuer == null) { throw new SamlException("no issuer found from the logout request: " + logoutRequest.getID()); } if (!endpointUri.equals(logoutRequest.getDestination())) { throw new SamlException("unexpected destination: " + logoutRequest.getDestination()); } final SamlIdentityProviderConfig config = idpConfigs.get(issuer); if (config == null) { throw new SamlException("unexpected identity provider: " + issuer); } return config; }
private String[] getAuditResourceFromSamlLogoutRequest(final LogoutRequest returnValue) { val result = new ToStringBuilder(this, ToStringStyle.NO_CLASS_NAME_STYLE) .append("issuer", returnValue.getIssuer().getValue()) .toString(); return new String[]{result}; }
@Override public CriteriaSet apply(final ProfileRequestContext input) { if (logoutRequest != null && logoutRequest.getIssuer() != null && logoutRequest.getNameID() != null) { return new CriteriaSet(new SPSessionCriterion(logoutRequest.getIssuer().getValue(), logoutRequest.getNameID().getValue())); } else { return new CriteriaSet(); } } };
private SamlIdentityProviderConfig validateAndGetIdPConfig(LogoutRequest logoutRequest, String endpointUri) { final String issuer = logoutRequest.getIssuer().getValue(); if (issuer == null) { throw new SamlException("no issuer found from the logout request: " + logoutRequest.getID()); } if (!endpointUri.equals(logoutRequest.getDestination())) { throw new SamlException("unexpected destination: " + logoutRequest.getDestination()); } final SamlIdentityProviderConfig config = idpConfigs.get(issuer); if (config == null) { throw new SamlException("unexpected identity provider: " + issuer); } return config; }
if (!saml2Session.getId().equals(logoutRequest.getIssuer().getValue())) { return false;
/** * Validates the SAML logout request. * * @param logoutRequest the logout request * @param context the context * @param engine the signature engine */ protected void validateLogoutRequest(final LogoutRequest logoutRequest, final SAML2MessageContext context, final SignatureTrustEngine engine) { validateSignatureIfItExists(logoutRequest.getSignature(), context, engine); // don't check because of CAS v5 //validateIssueInstant(logoutRequest.getIssueInstant()); validateIssuerIfItExists(logoutRequest.getIssuer(), context); final EncryptedID encryptedID = logoutRequest.getEncryptedID(); if (encryptedID != null) { decryptEncryptedId(encryptedID, decrypter); } final List<SessionIndex> sessionIndexes = logoutRequest.getSessionIndexes(); if (sessionIndexes == null || sessionIndexes.size() != 1) { throw new SAMLException("We must have one session index in the logout request"); } String sessionIndex = sessionIndexes.get(0).getSessionIndex(); final String bindingUri = context.getSAMLBindingContext().getBindingUri(); if (SAMLConstants.SAML2_SOAP11_BINDING_URI.equals(bindingUri)) { logoutHandler.destroySessionBack(context.getWebContext(), sessionIndex); } else { logoutHandler.destroySessionFront(context.getWebContext(), sessionIndex); } }
protected LogoutRequest resolveLogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest request, List<SimpleKey> verificationKeys, List<SimpleKey> localKeys) { LogoutRequest result = new LogoutRequest() .setId(request.getID()) .setConsent(request.getConsent()) .setVersion(request.getVersion().toString()) .setNotOnOrAfter(request.getNotOnOrAfter()) .setIssueInstant(request.getIssueInstant()) .setReason(LogoutReason.fromUrn(request.getReason())) .setIssuer(getIssuer(request.getIssuer())) .setDestination(new Endpoint().setLocation(request.getDestination())); NameID nameID = getNameID(request.getNameID(), request.getEncryptedID(), localKeys); result.setNameId(getNameIdPrincipal(nameID)); return result; }