Spring Security SAML

org.springframework.security.saml.websso
Interface SingleLogoutProfile

All Known Implementing Classes:
SingleLogoutProfileImpl

public interface SingleLogoutProfile

Implementing class must contain SAML Single Logout functionality according to SAML 2.0 Profiles specification.

Author:
Vladimir Schaefer

Method Summary
 boolean processLogoutRequest(SAMLMessageContext context, SAMLCredential credential)
          Implementer must ensure that the incoming LogoutRequest stored in the context is verified and return true if local logout should be executed.
 void processLogoutResponse(SAMLMessageContext context)
          Implementer is responsible for processing of LogoutResponse message present in the context.
 void sendLogoutRequest(SAMLMessageContext context, SAMLCredential credential)
          Call to the method must ensure that LogoutRequest SAML message is sent to the IDP requesting global logout of all known sessions.
 

Method Detail

sendLogoutRequest

void sendLogoutRequest(SAMLMessageContext context,
                       SAMLCredential credential)
                       throws org.opensaml.common.SAMLException,
                              org.opensaml.saml2.metadata.provider.MetadataProviderException,
                              org.opensaml.ws.message.encoder.MessageEncodingException
Call to the method must ensure that LogoutRequest SAML message is sent to the IDP requesting global logout of all known sessions.

Parameters:
context - processing context
credential - credential of the currently logged user
Throws:
org.opensaml.common.SAMLException - in case logout request can't be created
org.opensaml.saml2.metadata.provider.MetadataProviderException - in case idp metadata can't be resolved
org.opensaml.ws.message.encoder.MessageEncodingException - in case message can't be sent using given binding

processLogoutRequest

boolean processLogoutRequest(SAMLMessageContext context,
                             SAMLCredential credential)
                             throws org.opensaml.common.SAMLException,
                                    org.opensaml.saml2.metadata.provider.MetadataProviderException,
                                    org.opensaml.ws.message.encoder.MessageEncodingException
Implementer must ensure that the incoming LogoutRequest stored in the context is verified and return true if local logout should be executed. Method must send LogoutResponse message to the sender in any case.

Parameters:
context - context containing SAML message being processed
credential - credential of the currently logged user
Returns:
true if local logout should be performed
Throws:
org.opensaml.common.SAMLException - in case message is invalid and response can't be sent back
org.opensaml.saml2.metadata.provider.MetadataProviderException - in case there are problems with determining idp metadata
org.opensaml.ws.message.encoder.MessageEncodingException - in case message can't be sent

processLogoutResponse

void processLogoutResponse(SAMLMessageContext context)
                           throws org.opensaml.common.SAMLException,
                                  org.opensaml.xml.security.SecurityException,
                                  org.opensaml.xml.validation.ValidationException
Implementer is responsible for processing of LogoutResponse message present in the context. In case the message is invalid exception should be raised, although this doesn't mean any problem to the processing, as logout has already been executed.

Parameters:
context - context containing processed SAML message
Throws:
org.opensaml.common.SAMLException - in case the received SAML message is malformed or invalid
org.opensaml.xml.security.SecurityException - in case the signature of the message is not trusted
org.opensaml.xml.validation.ValidationException - in case the signature of the message is invalid

Spring Security SAML