Skip to content

Instantly share code, notes, and snippets.

@metal-hed
Created September 16, 2016 14:52
Show Gist options
  • Save metal-hed/85932b301233edd5a22d2d5ffd0085b0 to your computer and use it in GitHub Desktop.
Save metal-hed/85932b301233edd5a22d2d5ffd0085b0 to your computer and use it in GitHub Desktop.
commit 2b652b56b9ac0468c881007b6bc22ae76a6239c5
Author: metal-hed
Date: Tue Sep 13 11:57:25 2016 -0400
Update SAML library to optionally use a LogoutResponse URL which is different from the LogoutRequest URL
diff --git a/src/main/java/com/onelogin/saml2/Auth.java b/src/main/java/com/onelogin/saml2/Auth.java
index d1ea696..10b38ac 100644
--- a/src/main/java/com/onelogin/saml2/Auth.java
+++ b/src/main/java/com/onelogin/saml2/Auth.java
@@ -327,6 +327,13 @@ public class Auth {
}
/**
+ * @return The url of the Single Logout Service Response.
+ */
+ public String getSLOResponseUrl() {
+ return settings.getIdpSingleLogoutServiceResponseUrl().toString();
+ }
+
+ /**
* Process the SAML Response sent by the IdP.
*
* @param requestId
@@ -386,6 +393,7 @@ public class Auth {
String samlResponseParameter = request.getParameter("SAMLResponse");
if (samlResponseParameter != null) {
+ // SP Initiated SLO
LogoutResponse logoutResponse = new LogoutResponse(settings, request);
if (!logoutResponse.isValid(requestId)) {
errors.add("invalid_logout_response");
@@ -406,6 +414,7 @@ public class Auth {
}
}
} else if (samlRequestParameter != null) {
+ // IdP initiated SLO
LogoutRequest logoutRequest = new LogoutRequest(settings, request);
if (!logoutRequest.isValid()) {
@@ -441,7 +450,14 @@ public class Auth {
parameters.put("Signature", signature);
}
- String sloUrl = getSLOurl();
+ String sloUrl;
+
+ if (getSLOResponseUrl() == null) {
+ sloUrl = getSLOurl();
+ } else {
+ sloUrl = getSLOResponseUrl();
+ }
+
LOGGER.debug("Logout response sent to " + sloUrl + " --> " + samlLogoutResponse);
Util.sendRedirect(response, sloUrl, parameters);
}
diff --git a/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java b/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java
index edff0bd..659d1b3 100644
--- a/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java
+++ b/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java
@@ -314,7 +314,12 @@ public class LogoutResponse {
valueMap.put("issueInstant", issueInstantString);
String destinationStr = "";
- URL slo = settings.getIdpSingleLogoutServiceUrl();
+ URL slo = settings.getIdpSingleLogoutServiceResponseUrl();
+
+ if (slo == null) {
+ slo = settings.getIdpSingleLogoutServiceUrl();
+ }
+
if (slo != null) {
destinationStr = " Destination=\"" + slo.toString() + "\"";
}
diff --git a/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java b/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java
index 8162127..9ac351a 100644
--- a/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java
+++ b/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java
@@ -49,6 +49,7 @@ public class Saml2Settings {
private URL idpSingleSignOnServiceUrl = null;
private String idpSingleSignOnServiceBinding = Constants.BINDING_HTTP_REDIRECT;
private URL idpSingleLogoutServiceUrl = null;
+ private URL idpSingleLogoutServiceResponseUrl = null;
private String idpSingleLogoutServiceBinding = Constants.BINDING_HTTP_REDIRECT;
private X509Certificate idpx509cert = null;
private String idpCertFingerprint = null;
@@ -166,6 +167,14 @@ public class Saml2Settings {
return idpSingleLogoutServiceUrl;
}
+
+ /**
+ * @return the idpSingleLogoutServiceResponseUrl setting value
+ */
+ public final URL getIdpSingleLogoutServiceResponseUrl() {
+ return idpSingleLogoutServiceResponseUrl;
+ }
+
/**
* @return the idpSingleLogoutServiceBinding setting value
*/
@@ -453,6 +462,19 @@ public class Saml2Settings {
this.idpSingleLogoutServiceUrl = idpSingleLogoutServiceUrl;
}
+
+ /**
+ * Set the idpSingleLogoutServiceUrl setting value
+ *
+ * @param idpSingleLogoutServiceResponseUrl
+ * the idpSingleLogoutServiceUrl value to be set
+ */
+ protected final void setIdpSingleLogoutServiceResponseUrl(URL idpSingleLogoutServiceResponseUrl) {
+ this.idpSingleLogoutServiceResponseUrl = idpSingleLogoutServiceResponseUrl;
+ }
+
+
+
/**
* Set the idpSingleLogoutServiceBinding setting value
*
diff --git a/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java b/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java
index d2ca654..cf76394 100644
--- a/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java
+++ b/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java
@@ -60,6 +60,7 @@ public class SettingsBuilder {
public final static String IDP_SINGLE_SIGN_ON_SERVICE_URL_PROPERTY_KEY = "onelogin.saml2.idp.single_sign_on_service.url";
public final static String IDP_SINGLE_SIGN_ON_SERVICE_BINDING_PROPERTY_KEY = "onelogin.saml2.idp.single_sign_on_service.binding";
public final static String IDP_SINGLE_LOGOUT_SERVICE_URL_PROPERTY_KEY = "onelogin.saml2.idp.single_logout_service.url";
+ public final static String IDP_SINGLE_LOGOUT_SERVICE_RESPONSE_URL_PROPERTY_KEY = "onelogin.saml2.idp.single_logout_service.response.url";
public final static String IDP_SINGLE_LOGOUT_SERVICE_BINDING_PROPERTY_KEY = "onelogin.saml2.idp.single_logout_service.binding";
public final static String IDP_X509CERT_PROPERTY_KEY = "onelogin.saml2.idp.x509cert";
@@ -191,6 +192,10 @@ public class SettingsBuilder {
if (idpSingleLogoutServiceUrl != null)
saml2Setting.setIdpSingleLogoutServiceUrl(idpSingleLogoutServiceUrl);
+ URL idpSingleLogoutServiceResponseUrl = loadURLProperty(IDP_SINGLE_LOGOUT_SERVICE_RESPONSE_URL_PROPERTY_KEY);
+ if (idpSingleLogoutServiceResponseUrl != null)
+ saml2Setting.setIdpSingleLogoutServiceResponseUrl(idpSingleLogoutServiceResponseUrl);
+
String idpSingleLogoutServiceBinding = loadStringProperty(IDP_SINGLE_LOGOUT_SERVICE_BINDING_PROPERTY_KEY);
if (idpSingleLogoutServiceBinding != null)
saml2Setting.setIdpSingleLogoutServiceBinding(idpSingleLogoutServiceBinding);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment