org.springframework.security.saml.websso
Interface SingleLogoutProfile

All Known Implementing Classes:

SingleLogoutProfileImpl

public interface SingleLogoutProfile

Implementing class must contain SAML Single Logout functionality according to SAML 2.0 Profiles specification.

Author:

Vladimir Schaefer

Method Summary

boolean	processLogoutRequest(SAMLMessageContext context, SAMLCredential credential) Implementer must ensure that the incoming LogoutRequest stored in the context is verified and return true if local logout should be executed.
void	processLogoutResponse(SAMLMessageContext context) Implementer is responsible for processing of LogoutResponse message present in the context.
void	sendLogoutRequest(SAMLMessageContext context, SAMLCredential credential) Call to the method must ensure that LogoutRequest SAML message is sent to the IDP requesting global logout of all known sessions.

Method Detail

sendLogoutRequest

void sendLogoutRequest(SAMLMessageContext context,
                       SAMLCredential credential)
                       throws org.opensaml.common.SAMLException,
                              org.opensaml.saml2.metadata.provider.MetadataProviderException,
                              org.opensaml.ws.message.encoder.MessageEncodingException

Call to the method must ensure that LogoutRequest SAML message is sent to the IDP requesting global logout of all known sessions.

Parameters:

context - processing context

credential - credential of the currently logged user

Throws:

org.opensaml.common.SAMLException - in case logout request can't be created

org.opensaml.saml2.metadata.provider.MetadataProviderException - in case idp metadata can't be resolved

org.opensaml.ws.message.encoder.MessageEncodingException - in case message can't be sent using given binding

processLogoutRequest

boolean processLogoutRequest(SAMLMessageContext context,
                             SAMLCredential credential)
                             throws org.opensaml.common.SAMLException,
                                    org.opensaml.saml2.metadata.provider.MetadataProviderException,
                                    org.opensaml.ws.message.encoder.MessageEncodingException

Implementer must ensure that the incoming LogoutRequest stored in the context is verified and return true if local logout should be executed. Method must send LogoutResponse message to the sender in any case.

Parameters:

context - context containing SAML message being processed

credential - credential of the currently logged user

Returns:

true if local logout should be performed

Throws:

org.opensaml.common.SAMLException - in case message is invalid and response can't be sent back

org.opensaml.saml2.metadata.provider.MetadataProviderException - in case there are problems with determining idp metadata

org.opensaml.ws.message.encoder.MessageEncodingException - in case message can't be sent

processLogoutResponse

void processLogoutResponse(SAMLMessageContext context)
                           throws org.opensaml.common.SAMLException,
                                  org.opensaml.xml.security.SecurityException,
                                  org.opensaml.xml.validation.ValidationException

Implementer is responsible for processing of LogoutResponse message present in the context. In case the message is invalid exception should be raised, although this doesn't mean any problem to the processing, as logout has already been executed.

Parameters:

context - context containing processed SAML message

Throws:

org.opensaml.common.SAMLException - in case the received SAML message is malformed or invalid

org.opensaml.xml.security.SecurityException - in case the signature of the message is not trusted

org.opensaml.xml.validation.ValidationException - in case the signature of the message is invalid