protected LogoutRequest buildLogoutRequest(String user, String sessionIdx)
throws SSOAgentException {
LogoutRequest logoutReq = new LogoutRequestBuilder().buildObject();
logoutReq.setID(SSOAgentUtils.createID());
logoutReq.setDestination(ssoAgentConfig.getSAML2().getIdPURL());
DateTime issueInstant = new DateTime();
logoutReq.setIssueInstant(issueInstant);
logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
issuer.setValue(ssoAgentConfig.getSAML2().getSPEntityId());
logoutReq.setIssuer(issuer);
NameID nameId = new NameIDBuilder().buildObject();
nameId.setFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:entity");
nameId.setValue(user);
logoutReq.setNameID(nameId);
SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
sessionIndex.setSessionIndex(sessionIdx);
logoutReq.getSessionIndexes().add(sessionIndex);
logoutReq.setReason("Single Logout");
return logoutReq;
}
private LogoutRequest buildLogoutRequest(
String user,
String sessionIndexStr,
String idpUrl,
String nameQualifier,
String spNameQualifier)
throws SAMLSSOException {
LogoutRequest logoutReq = new LogoutRequestBuilder().buildObject();
logoutReq.setID(SSOUtils.createID());
logoutReq.setDestination(idpUrl);
DateTime issueInstant = new DateTime();
logoutReq.setIssueInstant(issueInstant);
logoutReq.setNotOnOrAfter(new DateTime(issueInstant.getMillis() + 5 * 60 * 1000));
IssuerBuilder issuerBuilder = new IssuerBuilder();
Issuer issuer = issuerBuilder.buildObject();
String spEntityId =
properties.get(IdentityApplicationConstants.Authenticator.SAML2SSO.SP_ENTITY_ID);
if (spEntityId != null && !spEntityId.isEmpty()) {
issuer.setValue(spEntityId);
} else {
issuer.setValue("carbonServer");
}
logoutReq.setIssuer(issuer);
NameID nameId = new NameIDBuilder().buildObject();
nameId.setFormat(NameIDType.UNSPECIFIED);
nameId.setValue(user);
nameId.setNameQualifier(nameQualifier);
nameId.setSPNameQualifier(spNameQualifier);
logoutReq.setNameID(nameId);
SessionIndex sessionIndex = new SessionIndexBuilder().buildObject();
if (sessionIndexStr != null) {
sessionIndex.setSessionIndex(sessionIndexStr);
} else {
sessionIndex.setSessionIndex(UUID.randomUUID().toString());
}
logoutReq.getSessionIndexes().add(sessionIndex);
logoutReq.setReason("Single Logout");
return logoutReq;
}
/**
* Returns logout request message ready to be sent to the IDP.
*
* @param context message context
* @param credential information about assertions used to log current user in
* @param bindingService service used to deliver the request
* @return logoutRequest to be sent to IDP
* @throws SAMLException error creating the message
* @throws MetadataProviderException error retrieving metadata
*/
protected LogoutRequest getLogoutRequest(
SAMLMessageContext context, SAMLCredential credential, Endpoint bindingService)
throws SAMLException, MetadataProviderException {
SAMLObjectBuilder<LogoutRequest> builder =
(SAMLObjectBuilder<LogoutRequest>)
builderFactory.getBuilder(LogoutRequest.DEFAULT_ELEMENT_NAME);
LogoutRequest request = builder.buildObject();
buildCommonAttributes(context.getLocalEntityId(), request, bindingService);
// Add session indexes
SAMLObjectBuilder<SessionIndex> sessionIndexBuilder =
(SAMLObjectBuilder<SessionIndex>)
builderFactory.getBuilder(SessionIndex.DEFAULT_ELEMENT_NAME);
for (AuthnStatement statement : credential.getAuthenticationAssertion().getAuthnStatements()) {
SessionIndex index = sessionIndexBuilder.buildObject();
index.setSessionIndex(statement.getSessionIndex());
request.getSessionIndexes().add(index);
}
if (request.getSessionIndexes().size() == 0) {
throw new SAMLException("No session indexes to logout user for were found");
}
SAMLObjectBuilder<NameID> nameIDBuilder =
(SAMLObjectBuilder<NameID>) builderFactory.getBuilder(NameID.DEFAULT_ELEMENT_NAME);
NameID nameID = nameIDBuilder.buildObject();
nameID.setFormat(credential.getNameID().getFormat());
nameID.setNameQualifier(credential.getNameID().getNameQualifier());
nameID.setSPNameQualifier(credential.getNameID().getSPNameQualifier());
nameID.setSPProvidedID(credential.getNameID().getSPProvidedID());
nameID.setValue(credential.getNameID().getValue());
request.setNameID(nameID);
return request;
}
