Spring Security SAML

org.springframework.security.saml.websso
Interface SingleLogoutProfile

All Known Implementing Classes:
SingleLogoutProfileImpl

public interface SingleLogoutProfile

Implementing class must contain SAML Single Logout functionality according to SAML 2.0 Profiles specification.

Author:
Vladimir Schaefer

Method Summary
 boolean processLogoutRequest(SAMLMessageContext context, SAMLCredential credential)
          Implementer must ensure that the incoming LogoutRequest stored in the context is verified and return true if local logout should be executed.
 void processLogoutResponse(SAMLMessageContext context)
          Implementer is responsible for processing of LogoutResponse message present in the context.
 void sendLogoutRequest(SAMLMessageContext context, SAMLCredential credential)
          Call to the method must ensure that LogoutRequest SAML message is sent to the IDP requesting global logout of all known sessions.
 void sendLogoutResponse(SAMLMessageContext context, String statusCode, String statusMessage)
          Method sends logout response message constructed with the given status code to the peer entity.
 

Method Detail

sendLogoutRequest

void sendLogoutRequest(SAMLMessageContext context,
                       SAMLCredential credential)
                       throws org.opensaml.common.SAMLException,
                              org.opensaml.saml2.metadata.provider.MetadataProviderException,
                              org.opensaml.ws.message.encoder.MessageEncodingException
Call to the method must ensure that LogoutRequest SAML message is sent to the IDP requesting global logout of all known sessions.

Parameters:
context - processing context
credential - credential of the currently logged user
Throws:
org.opensaml.common.SAMLException - in case logout request can't be created
org.opensaml.saml2.metadata.provider.MetadataProviderException - in case idp metadata can't be resolved
org.opensaml.ws.message.encoder.MessageEncodingException - in case message can't be sent using given binding

sendLogoutResponse

void sendLogoutResponse(SAMLMessageContext context,
                        String statusCode,
                        String statusMessage)
                        throws org.opensaml.saml2.metadata.provider.MetadataProviderException,
                               org.opensaml.common.SAMLException,
                               org.opensaml.ws.message.encoder.MessageEncodingException
Method sends logout response message constructed with the given status code to the peer entity.

Parameters:
context - processing context
statusCode - status code to respond with
statusMessage - status message to respond with
Throws:
org.opensaml.common.SAMLException - in case logout request can't be created
org.opensaml.saml2.metadata.provider.MetadataProviderException - in case idp metadata can't be resolved
org.opensaml.ws.message.encoder.MessageEncodingException - in case message can't be sent using given binding

processLogoutRequest

boolean processLogoutRequest(SAMLMessageContext context,
                             SAMLCredential credential)
                             throws org.opensaml.common.SAMLException
Implementer must ensure that the incoming LogoutRequest stored in the context is verified and return true if local logout should be executed. Method either returns true, in case local logout should be performed or false when local logout should be skipped. In both cases system should respond with successful logout response. In case an exception is raised system should reply with logout response with an error status code.

Parameters:
context - context containing SAML message being processed
credential - credential of the currently authenticated user
Returns:
true if local logout should be performed, false if it should be skipped
Throws:
org.opensaml.common.SAMLException - in case message is invalid

processLogoutResponse

void processLogoutResponse(SAMLMessageContext context)
                           throws org.opensaml.common.SAMLException,
                                  org.opensaml.xml.security.SecurityException,
                                  org.opensaml.xml.validation.ValidationException
Implementer is responsible for processing of LogoutResponse message present in the context. In case the message is invalid exception should be raised, although this doesn't mean any problem to the processing, as logout has already been executed.

Parameters:
context - context containing processed SAML message
Throws:
org.opensaml.common.SAMLException - in case the received SAML message is malformed or invalid
org.opensaml.xml.security.SecurityException - in case the signature of the message is not trusted
org.opensaml.xml.validation.ValidationException - in case the signature of the message is invalid

Spring Security SAML