Saml 20 Logout

maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml/common/SignatureSecurityPolicyRule.java

@@ -101,7 +101,6 @@ public class SignatureSecurityPolicyRule  implements InitializingBean, SecurityP
 	private void checkMessageSignature(MessageContext messageContext,SignableSAMLObject samlMessage) throws SecurityPolicyException {
 		CriteriaSet criteriaSet = new CriteriaSet();
 		logger.debug("Inbound issuer is {}", messageContext.getInboundMessageIssuer());
-		// System.out.println("Inbound issuer is {} "+ messageContext.getInboundMessageIssuer());
 		//https://localhost-dev-ed.my.salesforce.com
 		criteriaSet.add( new EntityIDCriteria(messageContext.getInboundMessageIssuer()));	
 		//criteriaSet.add( new EntityIDCriteria("https://localhost-dev-ed.my.salesforce.com"));

maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/LogoutSamlEndpoint.java

@@ -0,0 +1,67 @@
+package org.maxkey.authz.saml20.provider.endpoint;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.maxkey.authz.saml20.binding.ExtractBindingAdapter;
+import org.maxkey.authz.saml20.xml.SAML2ValidatorSuite;
+import org.maxkey.web.WebContext;
+import org.opensaml.common.binding.SAMLMessageContext;
+import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.validation.ValidationException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.servlet.ModelAndView;
+
+@Controller
+public class LogoutSamlEndpoint {
+    private final static Logger logger = LoggerFactory.getLogger(LogoutSamlEndpoint.class);
+    
+    @Autowired
+    @Qualifier("extractRedirectBindingAdapter")
+    private ExtractBindingAdapter extractRedirectBindingAdapter;
+    
+    @Autowired
+    @Qualifier("samlValidaotrSuite")
+    private SAML2ValidatorSuite validatorSuite;
+    
+    
+    @SuppressWarnings("rawtypes")
+    @RequestMapping(value = "/logout/saml", method=RequestMethod.GET)
+    public ModelAndView samlRedirectLogout(
+                HttpServletRequest request,
+                HttpServletResponse response)throws Exception {
+             SAMLMessageContext messageContext;
+             logger.debug("extract SAML Message .");
+             try {
+                 
+                 messageContext = extractRedirectBindingAdapter.extractSAMLMessageContext(request);
+                 logger.debug("validate SAML LogoutRequest .");
+                 LogoutRequest logoutRequest = (LogoutRequest) messageContext.getInboundSAMLMessage();
+                 validatorSuite.validate(logoutRequest);
+                 logger.debug("LogoutRequest ID "+logoutRequest.getID());
+                 logger.debug("LogoutRequest Issuer "+logoutRequest.getIssuer());
+                 logger.debug("LogoutRequest IssueInstant "+logoutRequest.getIssueInstant());
+                 logger.debug("LogoutRequest Destination "+logoutRequest.getDestination());
+                 logger.debug("LogoutRequest NameID "+logoutRequest.getNameID().getValue());
+                 return WebContext.redirect("/logout");
+                 
+             } catch (MessageDecodingException e1) {
+                 logger.error("Exception decoding SAML MessageDecodingException", e1);
+             } catch (SecurityException e1) {
+                 logger.error("Exception decoding SAML SecurityException", e1);
+             }catch (ValidationException ve) {
+                 logger.warn("logoutRequest Message failed Validation", ve);
+             }
+             
+             return WebContext.redirect("/login");
+        }
+       
+}

maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/SingleSignOnEndpoint.java

@@ -122,58 +122,68 @@ public class SingleSignOnEndpoint {
 		extractBindingAdapter.buildSecurityPolicyResolver(trustKeyStore);
 	}
 	
-	
+
+	   
 	@SuppressWarnings("rawtypes")
 	public void extractSAMLMessage(ExtractBindingAdapter extractBindingAdapter,HttpServletRequest request) throws Exception{
-		SAMLMessageContext messageContext;
+		
+	    SAMLMessageContext messageContext;
 		logger.debug("extract SAML Message .");
+		
 		try {
 			messageContext = extractBindingAdapter.extractSAMLMessageContext(request);
+			logger.debug("validate SAML AuthnRequest .");
+	        AuthnRequest authnRequest = (AuthnRequest) messageContext.getInboundSAMLMessage();
+	        logger.debug("AuthnRequest ProtocolBinding "+authnRequest.getProtocolBinding());
+	        logger.debug("InboundSAMLMessage Id "+messageContext.getInboundSAMLMessageId());
+	        logger.debug("AuthnRequest AssertionConsumerServiceURL "+authnRequest.getAssertionConsumerServiceURL());
+	        logger.debug("InboundMessage Issuer "+messageContext.getInboundMessageIssuer());
+	        logger.debug("InboundSAMLMessage IssueInstant "+messageContext.getInboundSAMLMessageIssueInstant());
+	        logger.debug("InboundSAMLMessage RelayState "+messageContext.getRelayState());      
+	        logger.debug("AuthnRequest isPassive "+authnRequest.isPassive());
+	        logger.debug("AuthnRequest ForceAuthn "+authnRequest.isForceAuthn());
+	        
+	        validatorSuite.validate(authnRequest);
+	        
+
+	        logger.debug("Select Authz  Binding.");
+	        String binding=extractBindingAdapter.getSaml20Detail().getBinding();
+	        
+	        if(binding.endsWith("PostSimpleSign")){
+	            bindingAdapter=postSimpleSignBindingAdapter;
+	            logger.debug("Authz POST Binding is  use PostSimpleSign .");
+	        }else{
+	            bindingAdapter=postBindingAdapter;
+	            logger.debug("Authz POST Binding is  use Post .");
+	        }
+	        
+	        
+	        AuthnRequestInfo authnRequestInfo = new AuthnRequestInfo(
+	                                authnRequest.getAssertionConsumerServiceURL(),
+	                                authnRequest.getID());
+	        
+	        logger.debug("AuthnRequest vefified.  Forwarding to AuthnResponder",authnRequestInfo);
+	        
+	        bindingAdapter.setAuthnRequestInfo(authnRequestInfo);
+	        
+	        bindingAdapter.setExtractBindingAdapter(extractBindingAdapter);
+	        
+	        String relayState=request.getParameter("RelayState");
+	        if (relayState != null) {
+	            bindingAdapter.setRelayState(relayState);
+	            logger.debug("RelayState : ",relayState);
+	        }
+	        
 		} catch (MessageDecodingException e1) {
 			logger.error("Exception decoding SAML MessageDecodingException", e1);
 			throw new Exception(e1);
 		} catch (SecurityException e1) {
 			logger.error("Exception decoding SAML SecurityException", e1);
 			throw new Exception(e1);
-		}
-		
-		logger.debug("validate SAML AuthnRequest .");
-		AuthnRequest authnRequest = (AuthnRequest) messageContext.getInboundSAMLMessage();
-
-		try {
-			validatorSuite.validate(authnRequest);
-		} catch (ValidationException ve) {
-			logger.warn("AuthnRequest Message failed Validation", ve);
-			throw new Exception(ve);
-		}
-
-		logger.debug("Select Authz  Binding.");
-		String binding=extractBindingAdapter.getSaml20Detail().getBinding();
-		
-		if(binding.endsWith("PostSimpleSign")){
-			bindingAdapter=postSimpleSignBindingAdapter;
-			logger.debug("Authz POST Binding is  use PostSimpleSign .");
-		}else{
-			bindingAdapter=postBindingAdapter;
-			logger.debug("Authz POST Binding is  use Post .");
-		}
-		
-		
-		AuthnRequestInfo authnRequestInfo = new AuthnRequestInfo(
-								authnRequest.getAssertionConsumerServiceURL(),
-								authnRequest.getID());
-		
-		logger.debug("AuthnRequest vefified.  Forwarding to AuthnResponder",authnRequestInfo);
-		
-		bindingAdapter.setAuthnRequestInfo(authnRequestInfo);
-		
-		bindingAdapter.setExtractBindingAdapter(extractBindingAdapter);
-		
-		String relayState=request.getParameter("RelayState");
-		if (relayState != null) {
-			bindingAdapter.setRelayState(relayState);
-			logger.debug("RelayState : ",relayState);
-		}
+		}catch (ValidationException ve) {
+            logger.warn("AuthnRequest Message failed Validation", ve);
+            throw new Exception(ve);
+        }
 		
 	}