/** * Validates the SAML logout request. * * @param logoutRequest the logout request * @param context the context * @param engine the signature engine */ protected void validateLogoutRequest(final LogoutRequest logoutRequest, final SAML2MessageContext context, final SignatureTrustEngine engine) { validateSignatureIfItExists(logoutRequest.getSignature(), context, engine); // don't check because of CAS v5 //validateIssueInstant(logoutRequest.getIssueInstant()); validateIssuerIfItExists(logoutRequest.getIssuer(), context); final EncryptedID encryptedID = logoutRequest.getEncryptedID(); if (encryptedID != null) { decryptEncryptedId(encryptedID, decrypter); } final List<SessionIndex> sessionIndexes = logoutRequest.getSessionIndexes(); if (sessionIndexes == null || sessionIndexes.size() != 1) { throw new SAMLException("We must have one session index in the logout request"); } String sessionIndex = sessionIndexes.get(0).getSessionIndex(); final String bindingUri = context.getSAMLBindingContext().getBindingUri(); if (SAMLConstants.SAML2_SOAP11_BINDING_URI.equals(bindingUri)) { logoutHandler.destroySessionBack(context.getWebContext(), sessionIndex); } else { logoutHandler.destroySessionFront(context.getWebContext(), sessionIndex); } }
@Override protected void doEncode() throws MessageEncodingException { val messageContext = new MessageContext(); if (logoutRequest.isSigned()) { val signingContext = messageContext.getSubcontext(SecurityParametersContext.class, true); val signingParams = new SignatureSigningParameters(); val signature = logoutRequest.getSignature(); signingParams.setSigningCredential(signature.getSigningCredential()); signingParams.setSignatureAlgorithm(signature.getSignatureAlgorithm()); signingContext.setSignatureSigningParameters(signingParams); } removeSignature(logoutRequest); val encodedMessage = deflateAndBase64Encode(logoutRequest); messageContext.setMessage(logoutRequest); this.redirectUrl = buildRedirectURL(messageContext, endpointUrl, encodedMessage); }