Created
September 16, 2016 14:52
-
-
Save metal-hed/85932b301233edd5a22d2d5ffd0085b0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit 2b652b56b9ac0468c881007b6bc22ae76a6239c5 | |
Author: metal-hed | |
Date: Tue Sep 13 11:57:25 2016 -0400 | |
Update SAML library to optionally use a LogoutResponse URL which is different from the LogoutRequest URL | |
diff --git a/src/main/java/com/onelogin/saml2/Auth.java b/src/main/java/com/onelogin/saml2/Auth.java | |
index d1ea696..10b38ac 100644 | |
--- a/src/main/java/com/onelogin/saml2/Auth.java | |
+++ b/src/main/java/com/onelogin/saml2/Auth.java | |
@@ -327,6 +327,13 @@ public class Auth { | |
} | |
/** | |
+ * @return The url of the Single Logout Service Response. | |
+ */ | |
+ public String getSLOResponseUrl() { | |
+ return settings.getIdpSingleLogoutServiceResponseUrl().toString(); | |
+ } | |
+ | |
+ /** | |
* Process the SAML Response sent by the IdP. | |
* | |
* @param requestId | |
@@ -386,6 +393,7 @@ public class Auth { | |
String samlResponseParameter = request.getParameter("SAMLResponse"); | |
if (samlResponseParameter != null) { | |
+ // SP Initiated SLO | |
LogoutResponse logoutResponse = new LogoutResponse(settings, request); | |
if (!logoutResponse.isValid(requestId)) { | |
errors.add("invalid_logout_response"); | |
@@ -406,6 +414,7 @@ public class Auth { | |
} | |
} | |
} else if (samlRequestParameter != null) { | |
+ // IdP initiated SLO | |
LogoutRequest logoutRequest = new LogoutRequest(settings, request); | |
if (!logoutRequest.isValid()) { | |
@@ -441,7 +450,14 @@ public class Auth { | |
parameters.put("Signature", signature); | |
} | |
- String sloUrl = getSLOurl(); | |
+ String sloUrl; | |
+ | |
+ if (getSLOResponseUrl() == null) { | |
+ sloUrl = getSLOurl(); | |
+ } else { | |
+ sloUrl = getSLOResponseUrl(); | |
+ } | |
+ | |
LOGGER.debug("Logout response sent to " + sloUrl + " --> " + samlLogoutResponse); | |
Util.sendRedirect(response, sloUrl, parameters); | |
} | |
diff --git a/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java b/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java | |
index edff0bd..659d1b3 100644 | |
--- a/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java | |
+++ b/src/main/java/com/onelogin/saml2/logout/LogoutResponse.java | |
@@ -314,7 +314,12 @@ public class LogoutResponse { | |
valueMap.put("issueInstant", issueInstantString); | |
String destinationStr = ""; | |
- URL slo = settings.getIdpSingleLogoutServiceUrl(); | |
+ URL slo = settings.getIdpSingleLogoutServiceResponseUrl(); | |
+ | |
+ if (slo == null) { | |
+ slo = settings.getIdpSingleLogoutServiceUrl(); | |
+ } | |
+ | |
if (slo != null) { | |
destinationStr = " Destination=\"" + slo.toString() + "\""; | |
} | |
diff --git a/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java b/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java | |
index 8162127..9ac351a 100644 | |
--- a/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java | |
+++ b/src/main/java/com/onelogin/saml2/settings/Saml2Settings.java | |
@@ -49,6 +49,7 @@ public class Saml2Settings { | |
private URL idpSingleSignOnServiceUrl = null; | |
private String idpSingleSignOnServiceBinding = Constants.BINDING_HTTP_REDIRECT; | |
private URL idpSingleLogoutServiceUrl = null; | |
+ private URL idpSingleLogoutServiceResponseUrl = null; | |
private String idpSingleLogoutServiceBinding = Constants.BINDING_HTTP_REDIRECT; | |
private X509Certificate idpx509cert = null; | |
private String idpCertFingerprint = null; | |
@@ -166,6 +167,14 @@ public class Saml2Settings { | |
return idpSingleLogoutServiceUrl; | |
} | |
+ | |
+ /** | |
+ * @return the idpSingleLogoutServiceResponseUrl setting value | |
+ */ | |
+ public final URL getIdpSingleLogoutServiceResponseUrl() { | |
+ return idpSingleLogoutServiceResponseUrl; | |
+ } | |
+ | |
/** | |
* @return the idpSingleLogoutServiceBinding setting value | |
*/ | |
@@ -453,6 +462,19 @@ public class Saml2Settings { | |
this.idpSingleLogoutServiceUrl = idpSingleLogoutServiceUrl; | |
} | |
+ | |
+ /** | |
+ * Set the idpSingleLogoutServiceUrl setting value | |
+ * | |
+ * @param idpSingleLogoutServiceResponseUrl | |
+ * the idpSingleLogoutServiceUrl value to be set | |
+ */ | |
+ protected final void setIdpSingleLogoutServiceResponseUrl(URL idpSingleLogoutServiceResponseUrl) { | |
+ this.idpSingleLogoutServiceResponseUrl = idpSingleLogoutServiceResponseUrl; | |
+ } | |
+ | |
+ | |
+ | |
/** | |
* Set the idpSingleLogoutServiceBinding setting value | |
* | |
diff --git a/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java b/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java | |
index d2ca654..cf76394 100644 | |
--- a/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java | |
+++ b/src/main/java/com/onelogin/saml2/settings/SettingsBuilder.java | |
@@ -60,6 +60,7 @@ public class SettingsBuilder { | |
public final static String IDP_SINGLE_SIGN_ON_SERVICE_URL_PROPERTY_KEY = "onelogin.saml2.idp.single_sign_on_service.url"; | |
public final static String IDP_SINGLE_SIGN_ON_SERVICE_BINDING_PROPERTY_KEY = "onelogin.saml2.idp.single_sign_on_service.binding"; | |
public final static String IDP_SINGLE_LOGOUT_SERVICE_URL_PROPERTY_KEY = "onelogin.saml2.idp.single_logout_service.url"; | |
+ public final static String IDP_SINGLE_LOGOUT_SERVICE_RESPONSE_URL_PROPERTY_KEY = "onelogin.saml2.idp.single_logout_service.response.url"; | |
public final static String IDP_SINGLE_LOGOUT_SERVICE_BINDING_PROPERTY_KEY = "onelogin.saml2.idp.single_logout_service.binding"; | |
public final static String IDP_X509CERT_PROPERTY_KEY = "onelogin.saml2.idp.x509cert"; | |
@@ -191,6 +192,10 @@ public class SettingsBuilder { | |
if (idpSingleLogoutServiceUrl != null) | |
saml2Setting.setIdpSingleLogoutServiceUrl(idpSingleLogoutServiceUrl); | |
+ URL idpSingleLogoutServiceResponseUrl = loadURLProperty(IDP_SINGLE_LOGOUT_SERVICE_RESPONSE_URL_PROPERTY_KEY); | |
+ if (idpSingleLogoutServiceResponseUrl != null) | |
+ saml2Setting.setIdpSingleLogoutServiceResponseUrl(idpSingleLogoutServiceResponseUrl); | |
+ | |
String idpSingleLogoutServiceBinding = loadStringProperty(IDP_SINGLE_LOGOUT_SERVICE_BINDING_PROPERTY_KEY); | |
if (idpSingleLogoutServiceBinding != null) | |
saml2Setting.setIdpSingleLogoutServiceBinding(idpSingleLogoutServiceBinding); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment