metal-hed/onelogin.diff

## onelogin.diff
commit 2b652b56b9ac0468c881007b6bc22ae76a6239c5
Author: metal-hed
Date:   Tue Sep 13 11:57:25 2016 -0400

    Update SAML library to optionally use a LogoutResponse URL which is different from the LogoutRequest URL

diff --git a/src/main/java/com/onelogin/saml2/Auth.java b/src/main/java/com/onelogin/saml2/Auth.java
index d1ea696..10b38ac 100644
--- a/src/main/java/com/onelogin/saml2/Auth.java
+++ b/src/main/java/com/onelogin/saml2/Auth.java
@@ -327,6 +327,13 @@ public class Auth {
 	}

 	/**
+     * @return The url of the Single Logout Service Response.
+     */
+	public String getSLOResponseUrl() {
+		return settings.getIdpSingleLogoutServiceResponseUrl().toString();
+	}
+
+	/**
      * Process the SAML Response sent by the IdP.
      *
      * @param requestId
@@ -386,6 +393,7 @@ public class Auth {
 		String samlResponseParameter = request.getParameter("SAMLResponse");

 		if (samlResponseParameter != null) {
+			// SP Initiated SLO
 			LogoutResponse logoutResponse = new LogoutResponse(settings, request);
 			if (!logoutResponse.isValid(requestId)) {
 				errors.add("invalid_logout_response");
@@ -406,6 +414,7 @@ public class Auth {
 				}
 			}
 		} else if (samlRequestParameter != null) {
+			// IdP initiated SLO
 			LogoutRequest logoutRequest = new LogoutRequest(settings, request);

 			if (!logoutRequest.isValid()) {
@@ -441,7 +450,14 @@ public class Auth {
 					parameters.put("Signature", signature);
 				}

-				String sloUrl = getSLOurl();
+				String sloUrl;
+
+				if (getSLOResponseUrl() == null) {
+					sloUrl = getSLOurl();
+				} else {
+					sloUrl = getSLOResponseUrl();
+				}
+
 				LOGGER.debug("Logout response sent to " + sloUrl + " --> " + samlLogoutResponse);
 				Util.sendRedirect(response, sloUrl, parameters);
 			}
diff --git a/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java b/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java
index edff0bd..659d1b3 100644
--- a/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java
+++ b/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java
@@ -314,7 +314,12 @@ public class LogoutResponse {
 		valueMap.put("issueInstant", issueInstantString);

 		String destinationStr = "";
-		URL slo =  settings.getIdpSingleLogoutServiceUrl();
+		URL slo =  settings.getIdpSingleLogoutServiceResponseUrl();
+
+		if (slo == null) {
+			slo = settings.getIdpSingleLogoutServiceUrl();
+		}
+
 		if (slo != null) {
 			destinationStr = " Destination=\"" + slo.toString() + "\"";
 		}
diff --git a/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java b/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java
index 8162127..9ac351a 100644
--- a/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java
+++ b/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java
@@ -49,6 +49,7 @@ public class Saml2Settings {
 	private URL idpSingleSignOnServiceUrl = null;
 	private String idpSingleSignOnServiceBinding = Constants.BINDING_HTTP_REDIRECT;
 	private URL idpSingleLogoutServiceUrl = null;
+	private URL idpSingleLogoutServiceResponseUrl = null;
 	private String idpSingleLogoutServiceBinding = Constants.BINDING_HTTP_REDIRECT;
 	private X509Certificate idpx509cert = null;
 	private String idpCertFingerprint = null;
@@ -166,6 +167,14 @@ public class Saml2Settings {
 		return idpSingleLogoutServiceUrl;
 	}

+
+	/**
+	 * @return the idpSingleLogoutServiceResponseUrl setting value
+	 */
+	public final URL getIdpSingleLogoutServiceResponseUrl() {
+		return idpSingleLogoutServiceResponseUrl;
+	}
+
 	/**
 	 * @return the idpSingleLogoutServiceBinding setting value
 	 */
@@ -453,6 +462,19 @@ public class Saml2Settings {
 		this.idpSingleLogoutServiceUrl = idpSingleLogoutServiceUrl;
 	}

+
+	/**
+	 * Set the idpSingleLogoutServiceUrl setting value
+	 *
+	 * @param idpSingleLogoutServiceResponseUrl
+	 *            the idpSingleLogoutServiceUrl value to be set
+	 */
+	protected final void setIdpSingleLogoutServiceResponseUrl(URL idpSingleLogoutServiceResponseUrl) {
+		this.idpSingleLogoutServiceResponseUrl = idpSingleLogoutServiceResponseUrl;
+	}
+
+
+
 	/**
 	 * Set the idpSingleLogoutServiceBinding setting value
 	 *
diff --git a/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java b/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java
index d2ca654..cf76394 100644
--- a/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java
+++ b/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java
@@ -60,6 +60,7 @@ public class SettingsBuilder {
 	public final static String IDP_SINGLE_SIGN_ON_SERVICE_URL_PROPERTY_KEY = "onelogin.saml2.idp.single_sign_on_service.url";
 	public final static String IDP_SINGLE_SIGN_ON_SERVICE_BINDING_PROPERTY_KEY = "onelogin.saml2.idp.single_sign_on_service.binding";
 	public final static String IDP_SINGLE_LOGOUT_SERVICE_URL_PROPERTY_KEY = "onelogin.saml2.idp.single_logout_service.url";
+	public final static String IDP_SINGLE_LOGOUT_SERVICE_RESPONSE_URL_PROPERTY_KEY = "onelogin.saml2.idp.single_logout_service.response.url";
 	public final static String IDP_SINGLE_LOGOUT_SERVICE_BINDING_PROPERTY_KEY = "onelogin.saml2.idp.single_logout_service.binding";

 	public final static String IDP_X509CERT_PROPERTY_KEY = "onelogin.saml2.idp.x509cert";
@@ -191,6 +192,10 @@ public class SettingsBuilder {
 		if (idpSingleLogoutServiceUrl != null)
 			saml2Setting.setIdpSingleLogoutServiceUrl(idpSingleLogoutServiceUrl);

+		URL idpSingleLogoutServiceResponseUrl = loadURLProperty(IDP_SINGLE_LOGOUT_SERVICE_RESPONSE_URL_PROPERTY_KEY);
+		if (idpSingleLogoutServiceResponseUrl != null)
+			saml2Setting.setIdpSingleLogoutServiceResponseUrl(idpSingleLogoutServiceResponseUrl);
+
 		String idpSingleLogoutServiceBinding = loadStringProperty(IDP_SINGLE_LOGOUT_SERVICE_BINDING_PROPERTY_KEY);
 		if (idpSingleLogoutServiceBinding != null)
 			saml2Setting.setIdpSingleLogoutServiceBinding(idpSingleLogoutServiceBinding);
	commit 2b652b56b9ac0468c881007b6bc22ae76a6239c5
	Author: metal-hed
	Date: Tue Sep 13 11:57:25 2016 -0400

	Update SAML library to optionally use a LogoutResponse URL which is different from the LogoutRequest URL

	diff --git a/src/main/java/com/onelogin/saml2/Auth.java b/src/main/java/com/onelogin/saml2/Auth.java
	index d1ea696..10b38ac 100644
	--- a/src/main/java/com/onelogin/saml2/Auth.java
	+++ b/src/main/java/com/onelogin/saml2/Auth.java
	@@ -327,6 +327,13 @@ public class Auth {
	}

	/**
	+ * @return The url of the Single Logout Service Response.
	+ */
	+ public String getSLOResponseUrl() {
	+ return settings.getIdpSingleLogoutServiceResponseUrl().toString();
	+ }
	+
	+ /**
	* Process the SAML Response sent by the IdP.
	*
	* @param requestId
	@@ -386,6 +393,7 @@ public class Auth {
	String samlResponseParameter = request.getParameter("SAMLResponse");

	if (samlResponseParameter != null) {
	+ // SP Initiated SLO
	LogoutResponse logoutResponse = new LogoutResponse(settings, request);
	if (!logoutResponse.isValid(requestId)) {
	errors.add("invalid_logout_response");
	@@ -406,6 +414,7 @@ public class Auth {
	}
	}
	} else if (samlRequestParameter != null) {
	+ // IdP initiated SLO
	LogoutRequest logoutRequest = new LogoutRequest(settings, request);

	if (!logoutRequest.isValid()) {
	@@ -441,7 +450,14 @@ public class Auth {
	parameters.put("Signature", signature);
	}

	- String sloUrl = getSLOurl();
	+ String sloUrl;
	+
	+ if (getSLOResponseUrl() == null) {
	+ sloUrl = getSLOurl();
	+ } else {
	+ sloUrl = getSLOResponseUrl();
	+ }
	+
	LOGGER.debug("Logout response sent to " + sloUrl + " --> " + samlLogoutResponse);
	Util.sendRedirect(response, sloUrl, parameters);
	}
	diff --git a/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java b/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java
	index edff0bd..659d1b3 100644
	--- a/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java
	+++ b/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java
	@@ -314,7 +314,12 @@ public class LogoutResponse {
	valueMap.put("issueInstant", issueInstantString);

	String destinationStr = "";
	- URL slo = settings.getIdpSingleLogoutServiceUrl();
	+ URL slo = settings.getIdpSingleLogoutServiceResponseUrl();
	+
	+ if (slo == null) {
	+ slo = settings.getIdpSingleLogoutServiceUrl();
	+ }
	+
	if (slo != null) {
	destinationStr = " Destination=\"" + slo.toString() + "\"";
	}
	diff --git a/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java b/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java
	index 8162127..9ac351a 100644
	--- a/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java
	+++ b/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java
	@@ -49,6 +49,7 @@ public class Saml2Settings {
	private URL idpSingleSignOnServiceUrl = null;
	private String idpSingleSignOnServiceBinding = Constants.BINDING_HTTP_REDIRECT;
	private URL idpSingleLogoutServiceUrl = null;
	+ private URL idpSingleLogoutServiceResponseUrl = null;
	private String idpSingleLogoutServiceBinding = Constants.BINDING_HTTP_REDIRECT;
	private X509Certificate idpx509cert = null;
	private String idpCertFingerprint = null;
	@@ -166,6 +167,14 @@ public class Saml2Settings {
	return idpSingleLogoutServiceUrl;
	}

	+
	+ /**
	+ * @return the idpSingleLogoutServiceResponseUrl setting value
	+ */
	+ public final URL getIdpSingleLogoutServiceResponseUrl() {
	+ return idpSingleLogoutServiceResponseUrl;
	+ }
	+
	/**
	* @return the idpSingleLogoutServiceBinding setting value
	*/
	@@ -453,6 +462,19 @@ public class Saml2Settings {
	this.idpSingleLogoutServiceUrl = idpSingleLogoutServiceUrl;
	}

	+
	+ /**
	+ * Set the idpSingleLogoutServiceUrl setting value
	+ *
	+ * @param idpSingleLogoutServiceResponseUrl
	+ * the idpSingleLogoutServiceUrl value to be set
	+ */
	+ protected final void setIdpSingleLogoutServiceResponseUrl(URL idpSingleLogoutServiceResponseUrl) {
	+ this.idpSingleLogoutServiceResponseUrl = idpSingleLogoutServiceResponseUrl;
	+ }
	+
	+
	+
	/**
	* Set the idpSingleLogoutServiceBinding setting value
	*
	diff --git a/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java b/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java
	index d2ca654..cf76394 100644
	--- a/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java
	+++ b/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java
	@@ -60,6 +60,7 @@ public class SettingsBuilder {
	public final static String IDP_SINGLE_SIGN_ON_SERVICE_URL_PROPERTY_KEY = "onelogin.saml2.idp.single_sign_on_service.url";
	public final static String IDP_SINGLE_SIGN_ON_SERVICE_BINDING_PROPERTY_KEY = "onelogin.saml2.idp.single_sign_on_service.binding";
	public final static String IDP_SINGLE_LOGOUT_SERVICE_URL_PROPERTY_KEY = "onelogin.saml2.idp.single_logout_service.url";
	+ public final static String IDP_SINGLE_LOGOUT_SERVICE_RESPONSE_URL_PROPERTY_KEY = "onelogin.saml2.idp.single_logout_service.response.url";
	public final static String IDP_SINGLE_LOGOUT_SERVICE_BINDING_PROPERTY_KEY = "onelogin.saml2.idp.single_logout_service.binding";

	public final static String IDP_X509CERT_PROPERTY_KEY = "onelogin.saml2.idp.x509cert";
	@@ -191,6 +192,10 @@ public class SettingsBuilder {
	if (idpSingleLogoutServiceUrl != null)
	saml2Setting.setIdpSingleLogoutServiceUrl(idpSingleLogoutServiceUrl);

	+ URL idpSingleLogoutServiceResponseUrl = loadURLProperty(IDP_SINGLE_LOGOUT_SERVICE_RESPONSE_URL_PROPERTY_KEY);
	+ if (idpSingleLogoutServiceResponseUrl != null)
	+ saml2Setting.setIdpSingleLogoutServiceResponseUrl(idpSingleLogoutServiceResponseUrl);
	+
	String idpSingleLogoutServiceBinding = loadStringProperty(IDP_SINGLE_LOGOUT_SERVICE_BINDING_PROPERTY_KEY);
	if (idpSingleLogoutServiceBinding != null)
	saml2Setting.setIdpSingleLogoutServiceBinding(idpSingleLogoutServiceBinding);