LiRuochen_WorkFlow/MaxKey
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Saml 20 Logout

Browse Source
This commit is contained in:
Crystal.Sea
2020-11-21 16:32:08 +08:00
parent a99ecf16f5
commit f69e192a50
3 changed files with 118 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml/common/SignatureSecurityPolicyRule.java
View File

@@ -101,7 +101,6 @@ public class SignatureSecurityPolicyRule implements InitializingBean, SecurityP
private void checkMessageSignature(MessageContext messageContext,SignableSAMLObject samlMessage) throws SecurityPolicyException {
CriteriaSet criteriaSet = new CriteriaSet();
logger.debug("Inbound issuer is {}", messageContext.getInboundMessageIssuer());
// System.out.println("Inbound issuer is {} "+ messageContext.getInboundMessageIssuer());
//https://localhost-dev-ed.my.salesforce.com
criteriaSet.add( new EntityIDCriteria(messageContext.getInboundMessageIssuer()));
//criteriaSet.add( new EntityIDCriteria("https://localhost-dev-ed.my.salesforce.com"));

67
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/LogoutSamlEndpoint.java Normal file
View File

@@ -0,0 +1,67 @@
package org.maxkey.authz.saml20.provider.endpoint;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authz.saml20.binding.ExtractBindingAdapter;
import org.maxkey.authz.saml20.xml.SAML2ValidatorSuite;
import org.maxkey.web.WebContext;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.validation.ValidationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class LogoutSamlEndpoint {
private final static Logger logger = LoggerFactory.getLogger(LogoutSamlEndpoint.class);
@Autowired
@Qualifier("extractRedirectBindingAdapter")
private ExtractBindingAdapter extractRedirectBindingAdapter;
@Autowired
@Qualifier("samlValidaotrSuite")
private SAML2ValidatorSuite validatorSuite;
@SuppressWarnings("rawtypes")
@RequestMapping(value = "/logout/saml", method=RequestMethod.GET)
public ModelAndView samlRedirectLogout(
HttpServletRequest request,
HttpServletResponse response)throws Exception {
SAMLMessageContext messageContext;
logger.debug("extract SAML Message .");
try {
messageContext = extractRedirectBindingAdapter.extractSAMLMessageContext(request);
logger.debug("validate SAML LogoutRequest .");
LogoutRequest logoutRequest = (LogoutRequest) messageContext.getInboundSAMLMessage();
validatorSuite.validate(logoutRequest);
logger.debug("LogoutRequest ID "+logoutRequest.getID());
logger.debug("LogoutRequest Issuer "+logoutRequest.getIssuer());
logger.debug("LogoutRequest IssueInstant "+logoutRequest.getIssueInstant());
logger.debug("LogoutRequest Destination "+logoutRequest.getDestination());
logger.debug("LogoutRequest NameID "+logoutRequest.getNameID().getValue());
return WebContext.redirect("/logout");
} catch (MessageDecodingException e1) {
logger.error("Exception decoding SAML MessageDecodingException", e1);
} catch (SecurityException e1) {
logger.error("Exception decoding SAML SecurityException", e1);
}catch (ValidationException ve) {
logger.warn("logoutRequest Message failed Validation", ve);
}
return WebContext.redirect("/login");
}
}

92
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/SingleSignOnEndpoint.java
View File

@@ -122,58 +122,68 @@ public class SingleSignOnEndpoint {
extractBindingAdapter.buildSecurityPolicyResolver(trustKeyStore);
}
@SuppressWarnings("rawtypes")
public void extractSAMLMessage(ExtractBindingAdapter extractBindingAdapter,HttpServletRequest request) throws Exception{
SAMLMessageContext messageContext;
SAMLMessageContext messageContext;
logger.debug("extract SAML Message .");
try {
messageContext = extractBindingAdapter.extractSAMLMessageContext(request);
logger.debug("validate SAML AuthnRequest .");
AuthnRequest authnRequest = (AuthnRequest) messageContext.getInboundSAMLMessage();
logger.debug("AuthnRequest ProtocolBinding "+authnRequest.getProtocolBinding());
logger.debug("InboundSAMLMessage Id "+messageContext.getInboundSAMLMessageId());
logger.debug("AuthnRequest AssertionConsumerServiceURL "+authnRequest.getAssertionConsumerServiceURL());
logger.debug("InboundMessage Issuer "+messageContext.getInboundMessageIssuer());
logger.debug("InboundSAMLMessage IssueInstant "+messageContext.getInboundSAMLMessageIssueInstant());
logger.debug("InboundSAMLMessage RelayState "+messageContext.getRelayState());
logger.debug("AuthnRequest isPassive "+authnRequest.isPassive());
logger.debug("AuthnRequest ForceAuthn "+authnRequest.isForceAuthn());
validatorSuite.validate(authnRequest);
logger.debug("Select Authz Binding.");
String binding=extractBindingAdapter.getSaml20Detail().getBinding();
if(binding.endsWith("PostSimpleSign")){
bindingAdapter=postSimpleSignBindingAdapter;
logger.debug("Authz POST Binding is use PostSimpleSign .");
}else{
bindingAdapter=postBindingAdapter;
logger.debug("Authz POST Binding is use Post .");
}
AuthnRequestInfo authnRequestInfo = new AuthnRequestInfo(
authnRequest.getAssertionConsumerServiceURL(),
authnRequest.getID());
logger.debug("AuthnRequest vefified. Forwarding to AuthnResponder",authnRequestInfo);
bindingAdapter.setAuthnRequestInfo(authnRequestInfo);
bindingAdapter.setExtractBindingAdapter(extractBindingAdapter);
String relayState=request.getParameter("RelayState");
if (relayState != null) {
bindingAdapter.setRelayState(relayState);
logger.debug("RelayState : ",relayState);
}
} catch (MessageDecodingException e1) {
logger.error("Exception decoding SAML MessageDecodingException", e1);
throw new Exception(e1);
} catch (SecurityException e1) {
logger.error("Exception decoding SAML SecurityException", e1);
throw new Exception(e1);
}
logger.debug("validate SAML AuthnRequest .");
AuthnRequest authnRequest = (AuthnRequest) messageContext.getInboundSAMLMessage();
try {
validatorSuite.validate(authnRequest);
} catch (ValidationException ve) {
logger.warn("AuthnRequest Message failed Validation", ve);
throw new Exception(ve);
}
logger.debug("Select Authz Binding.");
String binding=extractBindingAdapter.getSaml20Detail().getBinding();
if(binding.endsWith("PostSimpleSign")){
bindingAdapter=postSimpleSignBindingAdapter;
logger.debug("Authz POST Binding is use PostSimpleSign .");
}else{
bindingAdapter=postBindingAdapter;
logger.debug("Authz POST Binding is use Post .");
}
AuthnRequestInfo authnRequestInfo = new AuthnRequestInfo(
authnRequest.getAssertionConsumerServiceURL(),
authnRequest.getID());
logger.debug("AuthnRequest vefified. Forwarding to AuthnResponder",authnRequestInfo);
bindingAdapter.setAuthnRequestInfo(authnRequestInfo);
bindingAdapter.setExtractBindingAdapter(extractBindingAdapter);
String relayState=request.getParameter("RelayState");
if (relayState != null) {
bindingAdapter.setRelayState(relayState);
logger.debug("RelayState : ",relayState);
}
}catch (ValidationException ve) {
logger.warn("AuthnRequest Message failed Validation", ve);
throw new Exception(ve);
}
}