SAMLUtils: add logout request utility for saml slo

Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com>


Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/230e9705
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/230e9705
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/230e9705

Branch: refs/heads/master
Commit: 230e9705692705c5ec06d8f822c91892a4a026fc
Parents: b401828
Author: Rohit Yadav <rohit.ya...@shapeblue.com>
Authored: Mon Aug 25 01:50:47 2014 +0200
Committer: Rohit Yadav <rohit.ya...@shapeblue.com>
Committed: Thu Aug 28 19:45:25 2014 +0200

----------------------------------------------------------------------
 .../apache/cloudstack/utils/auth/SAMLUtils.java | 38 ++++++++++++++++++--
 1 file changed, 36 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cloudstack/blob/230e9705/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
----------------------------------------------------------------------
diff --git a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java 
b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
index 8a2f93b..9eafe55 100644
--- a/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
+++ b/utils/src/org/apache/cloudstack/utils/auth/SAMLUtils.java
@@ -29,16 +29,22 @@ import org.opensaml.saml2.core.AuthnContextClassRef;
 import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
 import org.opensaml.saml2.core.AuthnRequest;
 import org.opensaml.saml2.core.Issuer;
+import org.opensaml.saml2.core.LogoutRequest;
+import org.opensaml.saml2.core.NameID;
 import org.opensaml.saml2.core.NameIDPolicy;
 import org.opensaml.saml2.core.NameIDType;
 import org.opensaml.saml2.core.RequestedAuthnContext;
 import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.SessionIndex;
 import org.opensaml.saml2.core.impl.AuthnContextClassRefBuilder;
 import org.opensaml.saml2.core.impl.AuthnRequestBuilder;
 import org.opensaml.saml2.core.impl.IssuerBuilder;
+import org.opensaml.saml2.core.impl.LogoutRequestBuilder;
 import org.opensaml.saml2.core.impl.NameIDPolicyBuilder;
 import org.opensaml.saml2.core.impl.RequestedAuthnContextBuilder;
+import org.opensaml.saml2.core.impl.SessionIndexBuilder;
 import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.io.Marshaller;
 import org.opensaml.xml.io.MarshallingException;
 import org.opensaml.xml.io.Unmarshaller;
@@ -57,7 +63,9 @@ import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.StringWriter;
+import java.math.BigInteger;
 import java.net.URLEncoder;
+import java.security.SecureRandom;
 import java.util.zip.Deflater;
 import java.util.zip.DeflaterOutputStream;
 
@@ -65,6 +73,8 @@ public class SAMLUtils {
     public static final Logger s_logger = Logger.getLogger(SAMLUtils.class);
 
     public static final String SAML_NS = "saml://";
+    public static final String SAML_NAMEID = "SAML_NAMEID";
+    public static final String SAML_SESSION = "SAML_SESSION";
 
     public static final String CERTIFICATE_NAME = "SAMLSP_CERTIFICATE";
 
@@ -76,7 +86,12 @@ public class SAMLUtils {
         return uuid.startsWith(SAML_NS);
     }
 
-    public static AuthnRequest buildAuthnRequestObject(String authnId, String 
spId, String idpUrl, String consumerUrl) {
+    public static String generateSecureRandomId() {
+        return new BigInteger(130, new SecureRandom()).toString(32);
+    }
+
+    public static AuthnRequest buildAuthnRequestObject(String spId, String 
idpUrl, String consumerUrl) {
+        String authnId = generateSecureRandomId();
         // Issuer object
         IssuerBuilder issuerBuilder = new IssuerBuilder();
         Issuer issuer = issuerBuilder.buildObject();
@@ -123,7 +138,26 @@ public class SAMLUtils {
         return authnRequest;
     }
 
-    public static String encodeSAMLRequest(AuthnRequest authnRequest)
+    public static LogoutRequest buildLogoutRequest(String logoutUrl, String 
spId, NameID nameId, String sessionIndex) {
+        IssuerBuilder issuerBuilder = new IssuerBuilder();
+        Issuer issuer = issuerBuilder.buildObject();
+        issuer.setValue(spId);
+
+        SessionIndex sessionIndexElement = new 
SessionIndexBuilder().buildObject();
+        sessionIndexElement.setSessionIndex(sessionIndex);
+
+        LogoutRequest logoutRequest = new LogoutRequestBuilder().buildObject();
+        logoutRequest.setID(generateSecureRandomId());
+        logoutRequest.setDestination(logoutUrl);
+        logoutRequest.setVersion(SAMLVersion.VERSION_20);
+        logoutRequest.setIssueInstant(new DateTime());
+        logoutRequest.setIssuer(issuer);
+        logoutRequest.getSessionIndexes().add(sessionIndexElement);
+        logoutRequest.setNameID(nameId);
+        return logoutRequest;
+    }
+
+    public static String encodeSAMLRequest(XMLObject authnRequest)
             throws MarshallingException, IOException {
         Marshaller marshaller = Configuration.getMarshallerFactory()
                 .getMarshaller(authnRequest);

Reply via email to