SingleLogoutProfileImpl (Spring Security SAML 1.0.10.RELEASE API)

java.lang.Object
- org.springframework.security.saml.websso.AbstractProfileBase
- - org.springframework.security.saml.websso.SingleLogoutProfileImpl

All Implemented Interfaces:

org.springframework.beans.factory.InitializingBean, SingleLogoutProfile
```
public class SingleLogoutProfileImpl
extends AbstractProfileBase
implements SingleLogoutProfile
```
Implementation of the SAML 2.0 Single Logout profile.

Author:

Vladimir Schaefer

Field Summary
- Fields inherited from class org.springframework.security.saml.websso.AbstractProfileBase
  artifactMap, builderFactory, log, metadata, processor, uriComparator

Constructor Summary

Constructors
Constructor and Description

SingleLogoutProfileImpl()

Constructors
Constructor and Description
`SingleLogoutProfileImpl()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected org.opensaml.saml2.core.LogoutRequest`	`getLogoutRequest(SAMLMessageContext context, SAMLCredential credential, org.opensaml.saml2.metadata.Endpoint bindingService)` Returns logout request message ready to be sent to the IDP.
`protected org.opensaml.saml2.core.NameID`	`getNameID(SAMLMessageContext context, org.opensaml.saml2.core.LogoutRequest request)`
`String`	`getProfileIdentifier()` Implementation are expected to provide an unique identifier for the profile this class implements.
`boolean`	`processLogoutRequest(SAMLMessageContext context, SAMLCredential credential)` Implementer must ensure that the incoming LogoutRequest stored in the context is verified and return true if local logout should be executed.
`void`	`processLogoutResponse(SAMLMessageContext context)` Implementer is responsible for processing of LogoutResponse message present in the context.
`void`	`sendLogoutRequest(SAMLMessageContext context, SAMLCredential credential)` Call to the method must ensure that LogoutRequest SAML message is sent to the IDP requesting global logout of all known sessions.
`void`	`sendLogoutResponse(SAMLMessageContext context, String statusCode, String statusMessage)` Method sends logout response message constructed with the given status code to the peer entity.

Methods inherited from class org.springframework.security.saml.websso.AbstractProfileBase
afterPropertiesSet, buildCommonAttributes, generateID, getEndpointBinding, getIssuer, getMaxAssertionTime, getResponseSkew, getStatus, isEndpointMatching, sendMessage, sendMessage, setArtifactMap, setMaxAssertionTime, setMetadata, setProcessor, setResponseSkew, verifyEndpoint, verifyIssuer, verifySignature

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - SingleLogoutProfileImpl
```
public SingleLogoutProfileImpl()
```
- Method Detail
  - getProfileIdentifier
```
public String getProfileIdentifier()
```
    Description copied from class: AbstractProfileBase
    
    Implementation are expected to provide an unique identifier for the profile this class implements.
    
    Specified by:
    
    getProfileIdentifier in class AbstractProfileBase
    
    Returns:
    
    profile name
  - sendLogoutRequest
```
public void sendLogoutRequest(SAMLMessageContext context,
                              SAMLCredential credential)
                       throws org.opensaml.common.SAMLException,
                              org.opensaml.saml2.metadata.provider.MetadataProviderException,
                              org.opensaml.ws.message.encoder.MessageEncodingException
```
    Description copied from interface: SingleLogoutProfile
    
    Call to the method must ensure that LogoutRequest SAML message is sent to the IDP requesting global logout of all known sessions.
    
    Specified by:
    
    sendLogoutRequest in interface SingleLogoutProfile
    
    Parameters:
    
    context - processing context
    
    credential - credential of the currently logged user
    
    Throws:
    
    org.opensaml.common.SAMLException - in case logout request can't be created
    
    org.opensaml.saml2.metadata.provider.MetadataProviderException - in case idp metadata can't be resolved
    
    org.opensaml.ws.message.encoder.MessageEncodingException - in case message can't be sent using given binding
  - getLogoutRequest
```
protected org.opensaml.saml2.core.LogoutRequest getLogoutRequest(SAMLMessageContext context,
                                                                 SAMLCredential credential,
                                                                 org.opensaml.saml2.metadata.Endpoint bindingService)
                                                          throws org.opensaml.common.SAMLException,
                                                                 org.opensaml.saml2.metadata.provider.MetadataProviderException
```
    Returns logout request message ready to be sent to the IDP.
    
    Parameters:
    
    context - message context
    
    credential - information about assertions used to log current user in
    
    bindingService - service used to deliver the request
    
    Returns:
    
    logoutRequest to be sent to IDP
    
    Throws:
    
    org.opensaml.common.SAMLException - error creating the message
    
    org.opensaml.saml2.metadata.provider.MetadataProviderException - error retrieving metadata
  - processLogoutRequest
```
public boolean processLogoutRequest(SAMLMessageContext context,
                                    SAMLCredential credential)
                             throws org.opensaml.common.SAMLException
```
    Description copied from interface: SingleLogoutProfile
    
    Implementer must ensure that the incoming LogoutRequest stored in the context is verified and return true if local logout should be executed. Method either returns true, in case local logout should be performed or false when local logout should be skipped. In both cases system should respond with successful logout response. In case an exception is raised system should reply with logout response with an error status code.
    
    Specified by:
    
    processLogoutRequest in interface SingleLogoutProfile
    
    Parameters:
    
    context - context containing SAML message being processed
    
    credential - credential of the currently authenticated user
    
    Returns:
    
    true if local logout should be performed, false if it should be skipped
    
    Throws:
    
    org.opensaml.common.SAMLException - in case message is invalid
  - sendLogoutResponse
```
public void sendLogoutResponse(SAMLMessageContext context,
                               String statusCode,
                               String statusMessage)
                        throws org.opensaml.saml2.metadata.provider.MetadataProviderException,
                               org.opensaml.common.SAMLException,
                               org.opensaml.ws.message.encoder.MessageEncodingException
```
    Description copied from interface: SingleLogoutProfile
    
    Method sends logout response message constructed with the given status code to the peer entity.
    
    Specified by:
    
    sendLogoutResponse in interface SingleLogoutProfile
    
    Parameters:
    
    context - processing context
    
    statusCode - status code to respond with
    
    statusMessage - status message to respond with
    
    Throws:
    
    org.opensaml.saml2.metadata.provider.MetadataProviderException - in case idp metadata can't be resolved
    
    org.opensaml.common.SAMLException - in case logout request can't be created
    
    org.opensaml.ws.message.encoder.MessageEncodingException - in case message can't be sent using given binding
  - getNameID
```
protected org.opensaml.saml2.core.NameID getNameID(SAMLMessageContext context,
                                                   org.opensaml.saml2.core.LogoutRequest request)
                                            throws org.opensaml.xml.encryption.DecryptionException
```
    Throws:
    
    org.opensaml.xml.encryption.DecryptionException
  - processLogoutResponse
```
public void processLogoutResponse(SAMLMessageContext context)
                           throws org.opensaml.common.SAMLException,
                                  org.opensaml.xml.security.SecurityException,
                                  org.opensaml.xml.validation.ValidationException
```
    Description copied from interface: SingleLogoutProfile
    
    Implementer is responsible for processing of LogoutResponse message present in the context. In case the message is invalid exception should be raised, although this doesn't mean any problem to the processing, as logout has already been executed.
    
    Specified by:
    
    processLogoutResponse in interface SingleLogoutProfile
    
    Parameters:
    
    context - context containing processed SAML message
    
    Throws:
    
    org.opensaml.common.SAMLException - in case the received SAML message is malformed or invalid
    
    org.opensaml.xml.security.SecurityException - in case the signature of the message is not trusted
    
    org.opensaml.xml.validation.ValidationException - in case the signature of the message is invalid

Class SingleLogoutProfileImpl

Field Summary

Fields inherited from class org.springframework.security.saml.websso.AbstractProfileBase

Constructor Summary

Method Summary

Methods inherited from class org.springframework.security.saml.websso.AbstractProfileBase

Methods inherited from class java.lang.Object

Constructor Detail

SingleLogoutProfileImpl

Method Detail

getProfileIdentifier

sendLogoutRequest

getLogoutRequest

processLogoutRequest

sendLogoutResponse

getNameID

processLogoutResponse