Class OpenSamlLogoutRequestValidatorParametersResolver
- All Implemented Interfaces:
Saml2LogoutRequestValidatorParametersResolver
Saml2LogoutRequestValidatorParametersResolver
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionresolve
(jakarta.servlet.http.HttpServletRequest request, Authentication authentication) Construct the parameters necessary for validating an asserting party's<saml2:LogoutRequest>
based on the givenHttpServletRequest
void
setRequestMatcher
(RequestMatcher requestMatcher) The request matcher to use to identify a request to process a<saml2:LogoutRequest>
.
-
Constructor Details
-
OpenSamlLogoutRequestValidatorParametersResolver
public OpenSamlLogoutRequestValidatorParametersResolver(RelyingPartyRegistrationRepository registrations) Constructs aOpenSamlLogoutRequestValidator
-
-
Method Details
-
resolve
public Saml2LogoutRequestValidatorParameters resolve(jakarta.servlet.http.HttpServletRequest request, Authentication authentication) Construct the parameters necessary for validating an asserting party's<saml2:LogoutRequest>
based on the givenHttpServletRequest
Uses the configured
RequestMatcher
to identify the processing request, including looking for any indicatedregistrationId
.If a
registrationId
is found in the request, it will attempt to use that, erroring if noRelyingPartyRegistration
is found.If no
registrationId
is found in the request, it will look for a currently logged-in user and use the associatedregistrationId
.In the event that neither the URL nor any logged in user could determine a
registrationId
, this code then will try and derive aRelyingPartyRegistration
given the<saml2:LogoutRequest>
'sIssuer
value.- Specified by:
resolve
in interfaceSaml2LogoutRequestValidatorParametersResolver
- Parameters:
request
- the HTTP requestauthentication
- the current user, if any; may be null- Returns:
- a
Saml2LogoutRequestValidatorParameters
instance, ornull
if one could not be resolved - Throws:
Saml2AuthenticationException
- if theRequestMatcher
specifies a non-existentregistrationId
-
setRequestMatcher
The request matcher to use to identify a request to process a<saml2:LogoutRequest>
. By default, checks for/logout/saml2/slo
and/logout/saml2/slo/{registrationId}
.Generally speaking, the URL does not need to have a
registrationId
in it since either it can be looked up from the active logged in user or it can be derived through theIssuer
in the<saml2:LogoutRequest>
.- Parameters:
requestMatcher
- theRequestMatcher
to use
-