Package com.sun.identity.saml2.profile

Class LogoutUtil

  • public class LogoutUtil
extends Object
    This class constructs the LogoutRequest and executes the required processing logic for sending LogoutRequest from SP to IDP.

    • Constructor Detail

      • LogoutUtil

        public LogoutUtil()

    • Method Detail

      • doLogout

        public static StringBuffer doLogout​(String metaAlias,
                                    String recipientEntityID,
                                    List<EndpointType> recipientSLOList,
                                    List extensionsList,
                                    String binding,
                                    String relayState,
                                    String sessionIndex,
                                    NameID nameID,
                                    jakarta.servlet.http.HttpServletRequest request,
                                    jakarta.servlet.http.HttpServletResponse response,
                                    Map paramsMap,
                                    BaseConfigType config)
                             throws SAML2Exception,
                                    SessionException
        Builds the LogoutRequest and executes the required processing logic for sending LogoutRequest from SP to IDP.
        Parameters:
        metaAlias - the requester's metaAlais.
        recipientEntityID - the recipient's entity ID.
        recipientSLOList - recipient's Single Logout Service location URL list.
        extensionsList - Extension list for request.
        binding - binding used for this request.
        relayState - the target URL on successful Single Logout.
        sessionIndex - sessionIndex of the Assertion generated by the Identity Provider or Service Provider.
        nameID - NameID of the Provider.
        response - the HttpServletResponse.
        paramsMap - Map of all other parameters. Following parameters names with their respective String values are allowed in this paramsMap. "realm" - MetaAlias for Service Provider. The format of this parameter is /realm_name/SP name. "RelayState" - the target URL on successful Single Logout "Destination" - A URI Reference indicating the address to which the request has been sent. "Consent" - Specifies a URI a SAML defined identifier known as Consent Identifiers.
        config - entity base config for basic auth.
        Returns:
        Logout request ID
        Throws:
        SAML2Exception - if error initiating request to IDP.
        SessionException - if error initiating request to IDP.

      • getMostAppropriateSLOServiceLocation

        public static SingleLogoutServiceElement getMostAppropriateSLOServiceLocation​(List<SingleLogoutServiceElement> sloList,
                                                                              String preferredBinding)
        Based on the preferred SAML binding this method tries to choose the most appropriate SingleLogoutServiceElement that can be used to send the logout request to. The algorithm itself is simple:
        • When asynchronous binding was used with the initial logout request, it is preferred to use asynchronous bindings, but if they are not available, a synchronous binding should be used.
        • When synchronous binding is used with the initial request, only synchronous bindings can be used for the rest of the entities.
        Parameters:
        sloList - The list of SLO endpoints for a given entity.
        preferredBinding - The binding that was used to initiate the logout request.
        Returns:
        The most appropriate SLO service location that can be used for sending the logout request. If there is no appropriate logout endpoint, null is returned.

      • getSLOServiceLocation

        public static String getSLOServiceLocation​(List sloList,
                                           String desiredBinding)
        Gets Single Logout Service location URL.
        Parameters:
        sloList - list of configured SingleLogoutElement.
        desiredBinding - desired binding of SingleLogout.
        Returns:
        url of desiredBinding.

      • getSLOResponseServiceLocation

        public static String getSLOResponseServiceLocation​(List sloList,
                                                   String desiredBinding)
        Gets Single Logout Response Service location URL.
        Parameters:
        sloList - list of configured SingleLogoutElement.
        desiredBinding - desired binding of SingleLogout.
        Returns:
        url of desiredBinding.

      • generateResponse

        public static LogoutResponse generateResponse​(Status status,
                                              String inResponseTo,
                                              Issuer issuer,
                                              String realm,
                                              String hostRole,
                                              String remoteEntity)
        Builds the LogoutResponse to be sent to IDP.
        Parameters:
        status - status of the response.
        inResponseTo - inResponseTo.
        issuer - issuer of the response, which is SP.
        realm - inResponseTo.
        hostRole - issuer of the response, which is SP.
        remoteEntity - will get this response.
        Returns:
        LogoutResponse

      • signSLORequest

        public static void signSLORequest​(LogoutRequest sloRequest,
                                  String realm,
                                  String hostEntity,
                                  String hostEntityRole,
                                  String remoteEntity)
                           throws SAML2Exception
        Sign LogoutRequest.
        Parameters:
        sloRequest - SLO request will be signed.
        realm - realm of host entity.
        hostEntity - entity ID of host entity.
        hostEntityRole - role of host entity.
        remoteEntity - entity ID of remote host entity.
        Throws:
        SAML2Exception - if error in signing the request.

      • verifySLORequest

        public static boolean verifySLORequest​(LogoutRequest sloRequest,
                                       String realm,
                                       String remoteEntity,
                                       String hostEntity,
                                       String hostEntityRole)
                                throws SAML2Exception,
                                       SessionException
        Verify the signature in LogoutRequest.
        Parameters:
        sloRequest - SLO request will be verified.
        realm - realm of host entity.
        remoteEntity - entity ID of remote host entity.
        hostEntity - entity ID of host entity.
        hostEntityRole - role of host entity.
        Returns:
        returns true if signature is valid.
        Throws:
        SAML2Exception - if error in verifying the signature.
        SessionException - if error in verifying the signature.

      • signSLOResponse

        public static void signSLOResponse​(LogoutResponse sloResponse,
                                   String realm,
                                   String hostEntity,
                                   String hostEntityRole,
                                   String remoteEntity)
                            throws SAML2Exception
        Sign LogoutResponse.
        Parameters:
        sloResponse - SLO response will be signed.
        realm - realm of host entity.
        hostEntity - entity ID of host entity.
        hostEntityRole - role of host entity.
        remoteEntity - entity ID of remote host entity.
        Throws:
        SAML2Exception - if error in signing the request.

      • verifySLOResponse

        public static boolean verifySLOResponse​(LogoutResponse sloResponse,
                                        String realm,
                                        String remoteEntity,
                                        String hostEntity,
                                        String hostEntityRole)
                                 throws SAML2Exception,
                                        SessionException
        Verify the signature in LogoutResponse.
        Parameters:
        sloResponse - SLO response will be verified.
        realm - realm of host entity.
        remoteEntity - entity ID of remote host entity.
        hostEntity - entity ID of host entity.
        hostEntityRole - role of host entity.
        Returns:
        returns true if signature is valid.
        Throws:
        SAML2Exception - if error in verifying the signature.
        SessionException - if error in verifying the signature.

      • getSLOBindingInfo

        public static String getSLOBindingInfo​(jakarta.servlet.http.HttpServletRequest request,
                                       String metaAlias,
                                       String hostEntityRole,
                                       String remoteEntityID)
                                throws SAML2Exception
        Returns binding information of SLO Service for remote entity from request or meta configuration.
        Parameters:
        request - the HttpServletRequest.
        metaAlias - entityID of hosted entity.
        hostEntityRole - Role of hosted entity.
        remoteEntityID - entityID of remote entity.
        Returns:
        return true if the processing is successful.
        Throws:
        SAML2Exception - if no binding information is configured.

      • getIDPSLOConfig

        public static SingleLogoutServiceElement getIDPSLOConfig​(String realm,
                                                         String entityId,
                                                         String binding)
                                                  throws SAML2MetaException,
                                                         SessionException
        Returns first SingleLogout configuration in an entity under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - ID of the entity to be retrieved.
        binding - bind type need to has to be matched.
        Returns:
        SingleLogoutServiceElement for the entity or null
        Throws:
        SAML2MetaException - if unable to retrieve the first identity provider's SSO configuration.
        SessionException - invalid or expired single-sign-on session

      • getSPSLOConfig

        public static SingleLogoutServiceElement getSPSLOConfig​(String realm,
                                                        String entityId,
                                                        String binding)
                                                 throws SAML2MetaException,
                                                        SessionException
        Returns first SingleLogout configuration in an entity under the realm.
        Parameters:
        realm - The realm under which the entity resides.
        entityId - ID of the entity to be retrieved.
        binding - bind type need to has to be matched.
        Returns:
        SingleLogoutServiceElement for the entity or null
        Throws:
        SAML2MetaException - if unable to retrieve the first identity provider's SSO configuration.
        SessionException - invalid or expired single-sign-on session

      • getExtensionsList

        public static List getExtensionsList​(Map paramsMap)
        Returns the extensions list
        Parameters:
        paramsMap - request paramsMap has extensions
        Returns:
        List for extensions params