public void exec() { try { EndSessionRequest req = new EndSessionRequest(idTokenHint, postLogoutRedirectUri, state); String authorizationRequest = endSessionEndpoint + "?" + req.getQueryString(); FacesContext.getCurrentInstance().getExternalContext().redirect(authorizationRequest); } catch (Exception e) { log.error(e.getMessage(), e); } }
/** * Executes the call to the REST Service requesting to end session and processes the response. * * @param idTokenHint The issued ID Token. * @param postLogoutRedirectUri The URL to which the RP is requesting that the End-User's User-Agent be redirected * after a logout has been performed. * @param state The state. * @return The service response. */ public EndSessionResponse execEndSession(String idTokenHint, String postLogoutRedirectUri, String state) { setRequest(new EndSessionRequest(idTokenHint, postLogoutRedirectUri, state)); return exec(); }
@Parameters({"endSessionPath", "postLogoutRedirectUri"}) @Test(dependsOnMethods = "requestEndSessionStep2") public void requestEndSessionStep3(final String endSessionPath, final String postLogoutRedirectUri) throws Exception { String state = UUID.randomUUID().toString(); EndSessionRequest endSessionRequest = new EndSessionRequest(idToken, postLogoutRedirectUri, state); endSessionRequest.setSessionId(sessionId); Builder request = ResteasyClientBuilder.newClient() .target(url.toString() + endSessionPath + "?" + endSessionRequest.getQueryString()).request(); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); Response response = request.get(); String entity = response.readEntity(String.class); showResponse("requestEndSessionStep3", response, entity); assertEquals(response.getStatus(), 200, "Unexpected response code."); assertNotNull(entity, "Unexpected html."); assertTrue(entity.contains(postLogoutRedirectUri)); assertTrue(entity.contains(postLogoutRedirectUri)); }
@Override public String getLogoutRedirectionUrl(WebContext context) { init(); final String state = RandomStringUtils.randomAlphanumeric(10); final String postLogoutRedirectUri = this.appConfiguration.getOpenIdPostLogoutRedirectUri(); String idToken = (String) context.getSessionAttribute(getName() + SESSION_ID_TOKEN_PARAMETER); // Allow to send logout request if session is expired if (idToken == null) { idToken = ""; } final EndSessionRequest endSessionRequest = new EndSessionRequest(idToken, postLogoutRedirectUri, state); final String redirectionUrl = this.openIdConfiguration.getEndSessionEndpoint() + "?" + endSessionRequest.getQueryString(); logger.debug("oxAuth redirection Url: '{}'", redirectionUrl); return redirectionUrl; }
@Parameters({"endSessionPath"}) @Test(enabled = true) // switched off test : WebApplicationException seems to not translated correctly into response by container and results in 500 error. See org.xdi.oxauth.session.ws.rs.EndSessionRestWebServiceImpl.endSession() public void requestEndSessionFail1(final String endSessionPath) throws Exception { EndSessionRequest endSessionRequest = new EndSessionRequest(null, null, null); Builder request = ResteasyClientBuilder.newClient() .target(url.toString() + endSessionPath + "?" + endSessionRequest.getQueryString()).request(); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); Response response = request.get(); String entity = response.readEntity(String.class); showResponse("requestEndSessionFail1", response, entity); assertEquals(response.getStatus(), 400, "Unexpected response code."); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("error"), "The error type is null"); assertTrue(jsonObj.has("error_description"), "The error description is null"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
@Parameters({"endSessionPath", "postLogoutRedirectUri"}) @Test public void requestEndSessionFail2(final String endSessionPath, final String postLogoutRedirectUri) { String endSessionId = UUID.randomUUID().toString(); EndSessionRequest endSessionRequest = new EndSessionRequest("INVALID_ACCESS_TOKEN", postLogoutRedirectUri, endSessionId); Builder request = ResteasyClientBuilder.newClient() .target(url.toString() + endSessionPath + "?" + endSessionRequest.getQueryString()).request(); request.header("Content-Type", MediaType.APPLICATION_FORM_URLENCODED); Response response = request.get(); String entity = response.readEntity(String.class); showResponse("requestEndSessionFail2", response, entity); // we can get bad request or redirect to RP according to https://github.com/GluuFederation/oxAuth/issues/575 assertTrue(response.getStatus() == 400 || response.getStatus() == 307, "Unexpected response code."); assertNotNull(entity, "Unexpected result: " + entity); try { JSONObject jsonObj = new JSONObject(entity); assertTrue(jsonObj.has("error"), "The error type is null"); assertTrue(jsonObj.has("error_description"), "The error description is null"); } catch (JSONException e) { e.printStackTrace(); fail(e.getMessage() + "\nResponse was: " + entity); } }
EndSessionRequest endSessionRequest1 = new EndSessionRequest(null, postLogoutRedirectUri, endSessionId1); endSessionRequest1.setSessionId(authorizationResponse.getSessionId()); EndSessionRequest endSessionRequest2 = new EndSessionRequest(null, postLogoutRedirectUri, endSessionId2); endSessionRequest2.setSessionId(authorizationResponse.getSessionId());
EndSessionRequest endSessionRequest1 = new EndSessionRequest(idToken, postLogoutRedirectUri, endSessionId1); endSessionRequest1.setSessionId(authorizationResponse.getSessionId()); EndSessionRequest endSessionRequest2 = new EndSessionRequest(idToken, postLogoutRedirectUri, endSessionId2); endSessionRequest2.setSessionId(authorizationResponse.getSessionId());
EndSessionRequest endSessionRequest = new EndSessionRequest(idToken, postLogoutRedirectUri, endSessionId); endSessionRequest.setSessionId(authorizationResponse.getSessionId());