From 7af9d603860dab1b618de7981ae3f0a27ea130db Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 20 Aug 2014 16:47:11 +0200
Subject: solve SLO bug

---
 .../moa/id/demoOA/servlet/pvp2/SingleLogOut.java   | 26 ++++++----------------
 .../protocols/pvp2x/binding/RedirectBinding.java   |  8 +++----
 2 files changed, 11 insertions(+), 23 deletions(-)

diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java
index 11cc020ff..b87865989 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java
@@ -43,6 +43,7 @@ import org.opensaml.common.binding.BasicSAMLMessageContext;
 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 import org.opensaml.common.xml.SAMLConstants;
 import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
+import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
 import org.opensaml.saml2.core.AuthnContextClassRef;
 import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
 import org.opensaml.saml2.core.AuthnRequest;
@@ -163,7 +164,7 @@ public class SingleLogOut extends HttpServlet {
 					idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleLogoutServices()) {
 				
 				//Get the service address for the binding you wish to use
-				if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { 
+				if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { 
 					redirectEndpoint = sss;  
 				}  
 			}
@@ -182,28 +183,15 @@ public class SingleLogOut extends HttpServlet {
 			signer.setSigningCredential(authcredential);
 			sloReq.setSignature(signer);
 
-			//generate Http-POST Binding message
-			VelocityEngine engine = new VelocityEngine();
-			engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
-			engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
-			engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
-			engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
-			engine.setProperty("classpath.resource.loader.class",
-					"org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
-			engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
-					"org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
-			engine.init();
-
-			HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
-					"templates/pvp_postbinding_template.html");
+			HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
 			HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
-					response, true);
+					response
+					, true);
 			BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
 			SingleSignOnService service = new SingleSignOnServiceBuilder()
 					.buildObject();
-			service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
-			service.setLocation(redirectEndpoint.getLocation());;
-			
+			service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+			service.setLocation(redirectEndpoint.getLocation());
 			context.setOutboundSAMLMessageSigningCredential(authcredential);
 			context.setPeerEntityEndpoint(service);
 			context.setOutboundSAMLMessage(sloReq);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index f11561c14..587d8e935 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -143,11 +143,11 @@ public class RedirectBinding implements IDecoder, IEncoder {
 			//set metadata descriptor type
 			if (isSPEndPoint) {
 				messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-				decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSOPostService()));
+				decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSORedirectService()));
 				
 			} else {
 				messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-				decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService()));
+				decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService()));
 			}
 		
 		} catch (ConfigurationException e) {
@@ -206,8 +206,8 @@ public class RedirectBinding implements IDecoder, IEncoder {
 	}
 
 	public boolean handleDecode(String action, HttpServletRequest req) {
-		return (action.equals(PVP2XProtocol.REDIRECT) && req.getMethod()
-				.equals("GET"));
+		return ((action.equals(PVP2XProtocol.REDIRECT) || action.equals(PVP2XProtocol.SINGLELOGOUT)) 
+				&& req.getMethod().equals("GET"));
 	}
 	
 	public String getSAML2BindingName() {
-- 
cgit v1.2.3