From 5c3841139097ce9de9c4fc7aa666df36b8d50214 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 9 May 2014 08:57:12 +0200 Subject: add SLO information into SAML2 metadata (actually not active code) --- .../moa/id/protocols/pvp2x/MetadataAction.java | 51 +++++++++++++++++++--- 1 file changed, 44 insertions(+), 7 deletions(-) (limited to 'id/server/idserverlib/src') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index 5333a58ab..01f7e18ba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -50,6 +50,7 @@ import org.opensaml.saml2.metadata.NameIDFormat; import org.opensaml.saml2.metadata.RoleDescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.saml2.metadata.ServiceName; +import org.opensaml.saml2.metadata.SingleLogoutService; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.xml.io.Marshaller; import org.opensaml.xml.security.SecurityException; @@ -236,7 +237,8 @@ public class MetadataAction implements IAction { unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); - + + //add assertion consumer services AssertionConsumerService postassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); postassertionConsumerService.setIndex(0); @@ -245,8 +247,7 @@ public class MetadataAction implements IAction { .getInstance().getIDPSSOPostService()); postassertionConsumerService.setIsDefault(true); spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); - - + AssertionConsumerService redirectassertionConsumerService = SAML2Utils.createSAMLObject(AssertionConsumerService.class); redirectassertionConsumerService.setIndex(1); @@ -255,6 +256,25 @@ public class MetadataAction implements IAction { .getInstance().getIDPSSORedirectService()); spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService); + + //add SLO descriptor +// SingleLogoutService postSLOService = +// SAML2Utils.createSAMLObject(SingleLogoutService.class); +// postSLOService.setLocation(PVPConfiguration +// .getInstance().getIDPSSOPostService()); +// postSLOService +// .setBinding(SAMLConstants.SAML2_POST_BINDING_URI); +// spSSODescriptor.getSingleLogoutServices().add(postSLOService); +// +// SingleLogoutService redirectSLOService = +// SAML2Utils.createSAMLObject(SingleLogoutService.class); +// redirectSLOService.setLocation(PVPConfiguration +// .getInstance().getIDPSSOPostService()); +// redirectSLOService +// .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); +// spSSODescriptor.getSingleLogoutServices().add(redirectSLOService); + + spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); AttributeConsumingService attributeService = @@ -302,29 +322,46 @@ public class MetadataAction implements IAction { idpSSODescriptor.setWantAuthnRequestsSigned(true); if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) { + //add SSO descriptor SingleSignOnService postSingleSignOnService = SAML2Utils .createSAMLObject(SingleSignOnService.class); - postSingleSignOnService.setLocation(PVPConfiguration .getInstance().getIDPSSOPostService()); postSingleSignOnService .setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - idpSSODescriptor.getSingleSignOnServices().add( postSingleSignOnService); + + //add SLO descriptor +// SingleLogoutService postSLOService = +// SAML2Utils.createSAMLObject(SingleLogoutService.class); +// postSLOService.setLocation(PVPConfiguration +// .getInstance().getIDPSSOPostService()); +// postSLOService +// .setBinding(SAMLConstants.SAML2_POST_BINDING_URI); +// idpSSODescriptor.getSingleLogoutServices().add(postSLOService); + } if (PVPConfiguration.getInstance().getIDPSSORedirectService() != null) { + //add SSO descriptor SingleSignOnService redirectSingleSignOnService = SAML2Utils .createSAMLObject(SingleSignOnService.class); - redirectSingleSignOnService.setLocation(PVPConfiguration .getInstance().getIDPSSORedirectService()); redirectSingleSignOnService .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - idpSSODescriptor.getSingleSignOnServices().add( redirectSingleSignOnService); + + //add SLO descriptor +// SingleLogoutService redirectSLOService = +// SAML2Utils.createSAMLObject(SingleLogoutService.class); +// redirectSLOService.setLocation(PVPConfiguration +// .getInstance().getIDPSSOPostService()); +// redirectSLOService +// .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); +// idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService); } /*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) { -- cgit v1.2.3