Package org.springframework.security.saml2.provider.service.web.authentication.logout

Class OpenSamlLogoutRequestValidatorParametersResolver

java.lang.Object

org.springframework.security.saml2.provider.service.web.authentication.logout.OpenSamlLogoutRequestValidatorParametersResolver

All Implemented Interfaces:

Saml2LogoutRequestValidatorParametersResolver

public final class OpenSamlLogoutRequestValidatorParametersResolver
extends Object
implements Saml2LogoutRequestValidatorParametersResolver

An OpenSAML-based implementation of Saml2LogoutRequestValidatorParametersResolver

Constructor Summary

Constructors

Constructor	Description
OpenSamlLogoutRequestValidatorParametersResolver(RelyingPartyRegistrationRepository registrations)	Constructs a OpenSamlLogoutRequestValidator

Method Summary

Modifier and Type	Method	Description
Saml2LogoutRequestValidatorParameters	resolve(jakarta.servlet.http.HttpServletRequest request, Authentication authentication)	Construct the parameters necessary for validating an asserting party's <saml2:LogoutRequest> based on the given HttpServletRequest
void	setRequestMatcher(RequestMatcher requestMatcher)	The request matcher to use to identify a request to process a <saml2:LogoutRequest>.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

OpenSamlLogoutRequestValidatorParametersResolver

public OpenSamlLogoutRequestValidatorParametersResolver(RelyingPartyRegistrationRepository registrations)

Constructs a OpenSamlLogoutRequestValidator

Method Details

resolve

public Saml2LogoutRequestValidatorParameters resolve(jakarta.servlet.http.HttpServletRequest request,
 Authentication authentication)

Construct the parameters necessary for validating an asserting party's <saml2:LogoutRequest> based on the given HttpServletRequest

Uses the configured RequestMatcher to identify the processing request, including looking for any indicated registrationId.

If a registrationId is found in the request, it will attempt to use that, erroring if no RelyingPartyRegistration is found.

If no registrationId is found in the request, it will look for a currently logged-in user and use the associated registrationId.

In the event that neither the URL nor any logged in user could determine a registrationId, this code then will try and derive a RelyingPartyRegistration given the <saml2:LogoutRequest>'s Issuer value.

Specified by:

resolve in interface Saml2LogoutRequestValidatorParametersResolver

Parameters:

request - the HTTP request

authentication - the current user, if any; may be null

Returns:

a Saml2LogoutRequestValidatorParameters instance, or null if one could not be resolved

Throws:

Saml2AuthenticationException - if the RequestMatcher specifies a non-existent registrationId

setRequestMatcher

public void setRequestMatcher(RequestMatcher requestMatcher)

The request matcher to use to identify a request to process a <saml2:LogoutRequest>. By default, checks for /logout/saml2/slo and /logout/saml2/slo/{registrationId}.

Generally speaking, the URL does not need to have a registrationId in it since either it can be looked up from the active logged in user or it can be derived through the Issuer in the <saml2:LogoutRequest>.

Parameters:

requestMatcher - the RequestMatcher to use