diff --git a/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java b/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java index d57fad85..da64ce46 100644 --- a/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java +++ b/core/src/main/java/com/onelogin/saml2/authn/AuthnRequest.java @@ -42,26 +42,6 @@ public class AuthnRequest { */ private final Saml2Settings settings; - /** - * When true the AuthNRequest will set the ForceAuthn='true' - */ - private final boolean forceAuthn; - - /** - * When true the AuthNRequest will set the IsPassive='true' - */ - private final boolean isPassive; - - /** - * When true the AuthNReuqest will set a nameIdPolicy - */ - private final boolean setNameIdPolicy; - - /** - * Indicates to the IdP the subject that should be authenticated - */ - private final String nameIdValueReq; - /** * Time stamp that indicates when the AuthNRequest was created */ @@ -72,55 +52,73 @@ public class AuthnRequest { * * @param settings * OneLogin_Saml2_Settings + * @see #AuthnRequest(Saml2Settings, AuthnRequestParams) */ public AuthnRequest(Saml2Settings settings) { - this(settings, false, false, true); + this(settings, new AuthnRequestParams(false, false, true)); } /** * Constructs the AuthnRequest object. * * @param settings - * OneLogin_Saml2_Settings + * OneLogin_Saml2_Settings * @param forceAuthn - * When true the AuthNReuqest will set the ForceAuthn='true' + * When true the AuthNReuqest will set the ForceAuthn='true' * @param isPassive - * When true the AuthNReuqest will set the IsPassive='true' + * When true the AuthNReuqest will set the IsPassive='true' * @param setNameIdPolicy - * When true the AuthNReuqest will set a nameIdPolicy + * When true the AuthNReuqest will set a nameIdPolicy * @param nameIdValueReq - * Indicates to the IdP the subject that should be authenticated + * Indicates to the IdP the subject that should be authenticated + * @deprecated use {@link #AuthnRequest(Saml2Settings, AuthnRequestParams)} with + * {@link AuthnRequestParams#AuthnRequestParams(boolean, boolean, boolean, String)} + * instead */ + @Deprecated public AuthnRequest(Saml2Settings settings, boolean forceAuthn, boolean isPassive, boolean setNameIdPolicy, String nameIdValueReq) { - this.id = Util.generateUniqueID(settings.getUniqueIDPrefix()); - issueInstant = Calendar.getInstance(); - this.isPassive = isPassive; - this.settings = settings; - this.forceAuthn = forceAuthn; - this.setNameIdPolicy = setNameIdPolicy; - this.nameIdValueReq = nameIdValueReq; - - StrSubstitutor substitutor = generateSubstitutor(settings); - authnRequestString = postProcessXml(substitutor.replace(getAuthnRequestTemplate()), settings); - LOGGER.debug("AuthNRequest --> " + authnRequestString); + this(settings, new AuthnRequestParams(forceAuthn, isPassive, setNameIdPolicy, nameIdValueReq)); } - + /** * Constructs the AuthnRequest object. * * @param settings - * OneLogin_Saml2_Settings + * OneLogin_Saml2_Settings * @param forceAuthn - * When true the AuthNReuqest will set the ForceAuthn='true' + * When true the AuthNReuqest will set the ForceAuthn='true' * @param isPassive - * When true the AuthNReuqest will set the IsPassive='true' + * When true the AuthNReuqest will set the IsPassive='true' * @param setNameIdPolicy - * When true the AuthNReuqest will set a nameIdPolicy + * When true the AuthNReuqest will set a nameIdPolicy + * @deprecated use {@link #AuthnRequest(Saml2Settings, AuthnRequestParams)} with + * {@link AuthnRequestParams#AuthnRequestParams(boolean, boolean, boolean)} + * instead */ + @Deprecated public AuthnRequest(Saml2Settings settings, boolean forceAuthn, boolean isPassive, boolean setNameIdPolicy) { this(settings, forceAuthn, isPassive, setNameIdPolicy, null); } + /** + * Constructs the AuthnRequest object. + * + * @param settings + * OneLogin_Saml2_Settings + * @param params + * a set of authentication request input parameters that shape the + * request to create + */ + public AuthnRequest(Saml2Settings settings, AuthnRequestParams params) { + this.id = Util.generateUniqueID(settings.getUniqueIDPrefix()); + issueInstant = Calendar.getInstance(); + this.settings = settings; + + StrSubstitutor substitutor = generateSubstitutor(params, settings); + authnRequestString = postProcessXml(substitutor.replace(getAuthnRequestTemplate()), params, settings); + LOGGER.debug("AuthNRequest --> " + authnRequestString); + } + /** * Allows for an extension class to post-process the AuthnRequest XML generated * for this request, in order to customize the result. @@ -132,15 +130,17 @@ public AuthnRequest(Saml2Settings settings, boolean forceAuthn, boolean isPassiv * @param authnRequestXml * the XML produced for this AuthnRequest by the standard * implementation provided by {@link AuthnRequest} + * @param params + * the authentication request input parameters * @param settings * the settings * @return the post-processed XML for this AuthnRequest, which will then be * returned by any call to {@link #getAuthnRequestXml()} */ - protected String postProcessXml(final String authnRequestXml, final Saml2Settings settings) { + protected String postProcessXml(final String authnRequestXml, final AuthnRequestParams params, final Saml2Settings settings) { return authnRequestXml; } - + /** * @return the base64 encoded unsigned AuthnRequest (deflated or not) * @@ -181,22 +181,24 @@ public String getAuthnRequestXml() { /** * Substitutes AuthnRequest variables within a string by values. * + * @param params + * the authentication request input parameters * @param settings * Saml2Settings object. Setting data * * @return the StrSubstitutor object of the AuthnRequest */ - private StrSubstitutor generateSubstitutor(Saml2Settings settings) { + private StrSubstitutor generateSubstitutor(AuthnRequestParams params, Saml2Settings settings) { Map valueMap = new HashMap(); String forceAuthnStr = ""; - if (forceAuthn) { + if (params.isForceAuthn()) { forceAuthnStr = " ForceAuthn=\"true\""; } String isPassiveStr = ""; - if (isPassive) { + if (params.isPassive()) { isPassiveStr = " IsPassive=\"true\""; } @@ -211,6 +213,7 @@ private StrSubstitutor generateSubstitutor(Saml2Settings settings) { valueMap.put("destinationStr", destinationStr); String subjectStr = ""; + String nameIdValueReq = params.getNameIdValueReq(); if (nameIdValueReq != null && !nameIdValueReq.isEmpty()) { String nameIDFormat = settings.getSpNameIDFormat(); subjectStr = ""; @@ -221,7 +224,7 @@ private StrSubstitutor generateSubstitutor(Saml2Settings settings) { valueMap.put("subjectStr", subjectStr); String nameIDPolicyStr = ""; - if (setNameIdPolicy) { + if (params.isSetNameIdPolicy()) { String nameIDPolicyFormat = settings.getSpNameIDFormat(); if (settings.getWantNameIdEncrypted()) { nameIDPolicyFormat = Constants.NAMEID_ENCRYPTED; diff --git a/core/src/main/java/com/onelogin/saml2/authn/AuthnRequestParams.java b/core/src/main/java/com/onelogin/saml2/authn/AuthnRequestParams.java new file mode 100644 index 00000000..6aec5a54 --- /dev/null +++ b/core/src/main/java/com/onelogin/saml2/authn/AuthnRequestParams.java @@ -0,0 +1,105 @@ +package com.onelogin.saml2.authn; + +/** + * Input parameters for a SAML 2 authentication request. + */ +public class AuthnRequestParams { + + /** + * When true the AuthNRequest will set the ForceAuthn='true' + */ + private final boolean forceAuthn; + /** + * When true the AuthNRequest will set the IsPassive='true' + */ + private final boolean isPassive; + /** + * When true the AuthNReuqest will set a nameIdPolicy + */ + private final boolean setNameIdPolicy; + /** + * Indicates to the IdP the subject that should be authenticated + */ + private final String nameIdValueReq; + + /** + * Create a set of authentication request input parameters. + * + * @param forceAuthn + * whether the ForceAuthn attribute should be set to + * true + * @param isPassive + * whether the isPassive attribute should be set to + * true + * @param setNameIdPolicy + * whether a NameIDPolicy should be set + */ + public AuthnRequestParams(boolean forceAuthn, boolean isPassive, boolean setNameIdPolicy) { + this(forceAuthn, isPassive, setNameIdPolicy, null); + } + + /** + * Create a set of authentication request input parameters. + * + * @param forceAuthn + * whether the ForceAuthn attribute should be set to + * true + * @param isPassive + * whether the isPassive attribute should be set to + * true + * @param setNameIdPolicy + * whether a NameIDPolicy should be set + * @param nameIdValueReq + * the subject that should be authenticated + */ + public AuthnRequestParams(boolean forceAuthn, boolean isPassive, boolean setNameIdPolicy, String nameIdValueReq) { + this.forceAuthn = forceAuthn; + this.isPassive = isPassive; + this.setNameIdPolicy = setNameIdPolicy; + this.nameIdValueReq = nameIdValueReq; + } + + /** + * Create a set of authentication request input parameters, by copying them from + * another set. + * + * @param source + * the source set of authentication request input parameters + */ + protected AuthnRequestParams(AuthnRequestParams source) { + this.forceAuthn = source.isForceAuthn(); + this.isPassive = source.isPassive(); + this.setNameIdPolicy = source.isSetNameIdPolicy(); + this.nameIdValueReq = source.getNameIdValueReq(); + } + + /** + * @return whether the ForceAuthn attribute should be set to + * true + */ + protected boolean isForceAuthn() { + return forceAuthn; + } + + /** + * @return whether the isPassive attribute should be set to + * true + */ + protected boolean isPassive() { + return isPassive; + } + + /** + * @return whether a NameIDPolicy should be set + */ + protected boolean isSetNameIdPolicy() { + return setNameIdPolicy; + } + + /** + * @return the subject that should be authenticated + */ + protected String getNameIdValueReq() { + return nameIdValueReq; + } +} \ No newline at end of file diff --git a/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java b/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java index f41c9266..234b89ac 100644 --- a/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java +++ b/core/src/main/java/com/onelogin/saml2/logout/LogoutRequest.java @@ -21,7 +21,6 @@ import org.w3c.dom.NodeList; import com.onelogin.saml2.exception.ValidationError; -import com.onelogin.saml2.exception.XMLEntityException; import com.onelogin.saml2.exception.SettingsException; import com.onelogin.saml2.http.HttpRequest; import com.onelogin.saml2.settings.Saml2Settings; @@ -60,31 +59,6 @@ public class LogoutRequest { */ private final HttpRequest request; - /** - * NameID. - */ - private String nameId; - - /** - * NameID Format. - */ - private String nameIdFormat; - - /** - * nameId NameQualifier - */ - private String nameIdNameQualifier; - - /** - * nameId SP NameQualifier - */ - private String nameIdSPNameQualifier; - - /** - * SessionIndex. When the user is logged, this stored it from the AuthnStatement of the SAML Response - */ - private String sessionIndex; - /** * URL of the current host + current view */ @@ -106,18 +80,27 @@ public class LogoutRequest { * @param settings * OneLogin_Saml2_Settings * @param request - * the HttpRequest object to be processed (Contains GET and POST parameters, request URL, ...). + * the HttpRequest object to be processed (Contains GET and POST + * parameters, request URL, ...). * @param nameId * The NameID that will be set in the LogoutRequest. * @param sessionIndex - * The SessionIndex (taken from the SAML Response in the SSO process). + * The SessionIndex (taken from the SAML Response in the SSO + * process). * @param nameIdFormat * The nameIdFormat that will be set in the LogoutRequest. * @param nameIdNameQualifier - * The NameID NameQualifier that will be set in the LogoutRequest. + * The NameID NameQualifier that will be set in the LogoutRequest. * @param nameIdSPNameQualifier - * The SP Name Qualifier that will be set in the LogoutRequest. + * The SP Name Qualifier that will be set in the LogoutRequest. + * + * @deprecated use {@link #LogoutRequest(Saml2Settings, HttpRequest)} to build a + * received request from the HTTP request, or + * {@link #LogoutRequest(Saml2Settings, LogoutRequestParams)} with + * {@link LogoutRequestParams#LogoutRequestParams(String, String, String, String, String)} + * to build a new request to be sent */ + @Deprecated public LogoutRequest(Saml2Settings settings, HttpRequest request, String nameId, String sessionIndex, String nameIdFormat, String nameIdNameQualifier, String nameIdSPNameQualifier) { this.settings = settings; this.request = request; @@ -130,16 +113,12 @@ public LogoutRequest(Saml2Settings settings, HttpRequest request, String nameId, } if (samlLogoutRequest == null) { + LogoutRequestParams params = new LogoutRequestParams(sessionIndex, nameId, nameIdFormat, nameIdNameQualifier, nameIdSPNameQualifier); id = Util.generateUniqueID(settings.getUniqueIDPrefix()); issueInstant = Calendar.getInstance(); - this.nameId = nameId; - this.nameIdFormat = nameIdFormat; - this.nameIdNameQualifier = nameIdNameQualifier; - this.nameIdSPNameQualifier = nameIdSPNameQualifier; - this.sessionIndex = sessionIndex; - StrSubstitutor substitutor = generateSubstitutor(settings); - logoutRequestString = postProcessXml(substitutor.replace(getLogoutRequestTemplate()), settings); + StrSubstitutor substitutor = generateSubstitutor(params, settings); + logoutRequestString = postProcessXml(substitutor.replace(getLogoutRequestTemplate()), params, settings); } else { logoutRequestString = Util.base64decodedInflated(samlLogoutRequest); Document doc = Util.loadXML(logoutRequestString); @@ -154,16 +133,25 @@ public LogoutRequest(Saml2Settings settings, HttpRequest request, String nameId, * @param settings * OneLogin_Saml2_Settings * @param request - * the HttpRequest object to be processed (Contains GET and POST parameters, request URL, ...). + * the HttpRequest object to be processed (Contains GET and POST + * parameters, request URL, ...). * @param nameId * The NameID that will be set in the LogoutRequest. * @param sessionIndex - * The SessionIndex (taken from the SAML Response in the SSO process). + * The SessionIndex (taken from the SAML Response in the SSO + * process). * @param nameIdFormat * The nameIdFormat that will be set in the LogoutRequest. * @param nameIdNameQualifier - * The NameID NameQualifier will be set in the LogoutRequest. + * The NameID NameQualifier will be set in the LogoutRequest. + * + * @deprecated use {@link #LogoutRequest(Saml2Settings, HttpRequest)} to build a + * received request from the HTTP request, or + * {@link #LogoutRequest(Saml2Settings, LogoutRequestParams)} with + * {@link LogoutRequestParams#LogoutRequestParams(String, String, String, String)} + * to build a new request to be sent */ + @Deprecated public LogoutRequest(Saml2Settings settings, HttpRequest request, String nameId, String sessionIndex, String nameIdFormat, String nameIdNameQualifier) { this(settings, request, nameId, sessionIndex, nameIdFormat, nameIdNameQualifier, null); } @@ -174,14 +162,23 @@ public LogoutRequest(Saml2Settings settings, HttpRequest request, String nameId, * @param settings * OneLogin_Saml2_Settings * @param request - * the HttpRequest object to be processed (Contains GET and POST parameters, request URL, ...). + * the HttpRequest object to be processed (Contains GET and POST + * parameters, request URL, ...). * @param nameId * The NameID that will be set in the LogoutRequest. * @param sessionIndex - * The SessionIndex (taken from the SAML Response in the SSO process). + * The SessionIndex (taken from the SAML Response in the SSO + * process). * @param nameIdFormat * The nameIdFormat that will be set in the LogoutRequest. + * + * @deprecated use {@link #LogoutRequest(Saml2Settings, HttpRequest)} to build a + * received request from the HTTP request, or + * {@link #LogoutRequest(Saml2Settings, LogoutRequestParams)} with + * {@link LogoutRequestParams#LogoutRequestParams(String, String, String)} + * to build a new request to be sent */ + @Deprecated public LogoutRequest(Saml2Settings settings, HttpRequest request, String nameId, String sessionIndex, String nameIdFormat) { this(settings, request, nameId, sessionIndex, nameIdFormat, null); } @@ -192,38 +189,72 @@ public LogoutRequest(Saml2Settings settings, HttpRequest request, String nameId, * @param settings * OneLogin_Saml2_Settings * @param request - * the HttpRequest object to be processed (Contains GET and POST parameters, request URL, ...). + * the HttpRequest object to be processed (Contains GET and POST + * parameters, request URL, ...). * @param nameId * The NameID that will be set in the LogoutRequest. * @param sessionIndex - * The SessionIndex (taken from the SAML Response in the SSO process). + * The SessionIndex (taken from the SAML Response in the SSO + * process). + * + * @deprecated use {@link #LogoutRequest(Saml2Settings, HttpRequest)} to build a + * received request from the HTTP request, or + * {@link #LogoutRequest(Saml2Settings, LogoutRequestParams)} with + * {@link LogoutRequestParams#LogoutRequestParams(String, String)} + * to build a new request to be sent */ + @Deprecated public LogoutRequest(Saml2Settings settings, HttpRequest request, String nameId, String sessionIndex) { this(settings, request, nameId, sessionIndex, null); } /** - * Constructs the LogoutRequest object. + * Constructs a LogoutRequest object when a new request should be generated and + * sent. * * @param settings - * OneLogin_Saml2_Settings + * OneLogin_Saml2_Settings + * + * @see #LogoutRequest(Saml2Settings, LogoutRequestParams) */ public LogoutRequest(Saml2Settings settings) { - this(settings, null, null, null); + this(settings, new LogoutRequestParams()); } /** - * Constructs the LogoutRequest object. + * Constructs the LogoutRequest object when a received request should be + * extracted from the HTTP request and parsed. * * @param settings - * OneLogin_Saml2_Settings + * OneLogin_Saml2_Settings * @param request - * the HttpRequest object to be processed (Contains GET and POST parameters, request URL, ...). + * the HttpRequest object to be processed (Contains GET and POST + * parameters, request URL, ...). */ public LogoutRequest(Saml2Settings settings, HttpRequest request) { this(settings, request, null, null); } + /** + * Constructs the LogoutRequest object when a new request should be generated + * and sent. + * + * @param settings + * OneLogin_Saml2_Settings + * @param params + * a set of authentication request input parameters that shape the + * request to create + */ + public LogoutRequest(Saml2Settings settings, LogoutRequestParams params) { + this.settings = settings; + this.request = null; + id = Util.generateUniqueID(settings.getUniqueIDPrefix()); + issueInstant = Calendar.getInstance(); + + StrSubstitutor substitutor = generateSubstitutor(params, settings); + logoutRequestString = postProcessXml(substitutor.replace(getLogoutRequestTemplate()), params, settings); + } + /** * Allows for an extension class to post-process the LogoutRequest XML generated * for this request, in order to customize the result. @@ -237,12 +268,14 @@ public LogoutRequest(Saml2Settings settings, HttpRequest request) { * @param logoutRequestXml * the XML produced for this LogoutRequest by the standard * implementation provided by {@link LogoutRequest} + * @param params + * the logout request input parameters * @param settings * the settings * @return the post-processed XML for this LogoutRequest, which will then be * returned by any call to {@link #getLogoutRequestXml()} */ - protected String postProcessXml(final String logoutRequestXml, final Saml2Settings settings) { + protected String postProcessXml(final String logoutRequestXml, final LogoutRequestParams params, final Saml2Settings settings) { return logoutRequestXml; } @@ -286,12 +319,14 @@ public String getLogoutRequestXml() { /** * Substitutes LogoutRequest variables within a string by values. * + * @param params + * the logout request input parameters * @param settings - * Saml2Settings object. Setting data + * Saml2Settings object. Setting data * - * @return the StrSubstitutor object of the LogoutRequest + * @return the StrSubstitutor object of the LogoutRequest */ - private StrSubstitutor generateSubstitutor(Saml2Settings settings) { + private StrSubstitutor generateSubstitutor(LogoutRequestParams params, Saml2Settings settings) { Map valueMap = new HashMap(); valueMap.put("id", Util.toXml(id)); @@ -308,14 +343,16 @@ private StrSubstitutor generateSubstitutor(Saml2Settings settings) { valueMap.put("issuer", Util.toXml(settings.getSpEntityId())); + String nameId = params.getNameId(); + String requestedNameIdFormat = params.getNameIdFormat(); String nameIdFormat = null; - String spNameQualifier = this.nameIdSPNameQualifier; - String nameQualifier = this.nameIdNameQualifier; + String spNameQualifier = params.getNameIdSPNameQualifier(); + String nameQualifier = params.getNameIdNameQualifier(); if (nameId != null) { - if (this.nameIdFormat == null && !settings.getSpNameIDFormat().equals(Constants.NAMEID_UNSPECIFIED)) { + if (requestedNameIdFormat == null && !settings.getSpNameIDFormat().equals(Constants.NAMEID_UNSPECIFIED)) { nameIdFormat = settings.getSpNameIDFormat(); } else { - nameIdFormat = this.nameIdFormat; + nameIdFormat = requestedNameIdFormat; } } else { nameId = settings.getIdpEntityId(); @@ -348,6 +385,7 @@ private StrSubstitutor generateSubstitutor(Saml2Settings settings) { valueMap.put("nameIdStr", nameIdStr); String sessionIndexStr = ""; + String sessionIndex = params.getSessionIndex(); if (sessionIndex != null) { sessionIndexStr = " " + Util.toXml(sessionIndex) + ""; } diff --git a/core/src/main/java/com/onelogin/saml2/logout/LogoutRequestParams.java b/core/src/main/java/com/onelogin/saml2/logout/LogoutRequestParams.java new file mode 100644 index 00000000..ce95626f --- /dev/null +++ b/core/src/main/java/com/onelogin/saml2/logout/LogoutRequestParams.java @@ -0,0 +1,162 @@ +package com.onelogin.saml2.logout; + +/** + * Input parameters for a SAML 2 logout request. + */ +public class LogoutRequestParams { + + /** + * SessionIndex. When the user is logged, this stored it from the AuthnStatement + * of the SAML Response + */ + private String sessionIndex; + + /** + * NameID. + */ + private String nameId; + + /** + * NameID Format. + */ + private String nameIdFormat; + + /** + * nameId NameQualifier + */ + private String nameIdNameQualifier; + + /** + * nameId SP NameQualifier + */ + private String nameIdSPNameQualifier; + + /** Create an empty set of logout request input parameters. */ + public LogoutRequestParams() { + } + + /** + * Create a set of logout request input parameters. + * + * @param sessionIndex + * the session index + * @param nameId + * the name id of the user to log out + */ + public LogoutRequestParams(String sessionIndex, String nameId) { + this(sessionIndex, nameId, null, null, null); + } + + /** + * Create a set of logout request input parameters. + * + * @param sessionIndex + * the session index + * @param nameId + * the name id of the user to log out + * @param nameIdFormat + * the name id format + */ + public LogoutRequestParams(String sessionIndex, String nameId, String nameIdFormat) { + this(sessionIndex, nameId, nameIdFormat, null, null); + } + + /** + * Create a set of logout request input parameters. + * + * @param sessionIndex + * the session index + * @param nameId + * the name id of the user to log out + * @param nameIdFormat + * the name id format + * @param nameIdNameQualifier + * the name id qualifier + */ + public LogoutRequestParams(String sessionIndex, String nameId, String nameIdFormat, String nameIdNameQualifier) { + this(sessionIndex, nameId, nameIdFormat, nameIdNameQualifier, null); + } + + /** + * Create a set of logout request input parameters. + * + * @param sessionIndex + * the session index + * @param nameId + * the name id of the user to log out + * @param nameIdFormat + * the name id format + * @param nameIdNameQualifier + * the name id qualifier + * @param nameIdSPNameQualifier + * the name id SP qualifier + */ + public LogoutRequestParams(String sessionIndex, String nameId, String nameIdFormat, String nameIdNameQualifier, + String nameIdSPNameQualifier) { + this.sessionIndex = sessionIndex; + this.nameId = nameId; + this.nameIdFormat = nameIdFormat; + this.nameIdNameQualifier = nameIdNameQualifier; + this.nameIdSPNameQualifier = nameIdSPNameQualifier; + } + + /** + * Create a set of logout request input parameters, by copying them from another + * set. + * + * @param source + * the source set of logout request input parameters + */ + protected LogoutRequestParams(LogoutRequestParams source) { + this.sessionIndex = source.getSessionIndex(); + this.nameId = source.getNameId(); + this.nameIdFormat = source.getNameIdFormat(); + this.nameIdNameQualifier = source.getNameIdNameQualifier(); + this.nameIdSPNameQualifier = source.getNameIdSPNameQualifier(); + } + + /** + * @return the name ID + */ + protected String getNameId() { + return nameId; + } + + /** + * Sets the name ID + * + * @param nameId + * the name ID to set + */ + protected void setNameId(String nameId) { + this.nameId = nameId; + } + + /** + * @return the name ID format + */ + protected String getNameIdFormat() { + return nameIdFormat; + } + + /** + * @return the name ID name qualifier + */ + protected String getNameIdNameQualifier() { + return nameIdNameQualifier; + } + + /** + * @return the name ID SP name qualifier + */ + protected String getNameIdSPNameQualifier() { + return nameIdSPNameQualifier; + } + + /** + * @return the session index + */ + protected String getSessionIndex() { + return sessionIndex; + } +} \ No newline at end of file diff --git a/core/src/main/java/com/onelogin/saml2/settings/Metadata.java b/core/src/main/java/com/onelogin/saml2/settings/Metadata.java index a4760097..5ed070a6 100644 --- a/core/src/main/java/com/onelogin/saml2/settings/Metadata.java +++ b/core/src/main/java/com/onelogin/saml2/settings/Metadata.java @@ -1,7 +1,5 @@ package com.onelogin.saml2.settings; -import static com.onelogin.saml2.util.Util.toXml; - import java.net.URL; import java.util.Arrays; import java.util.Calendar; diff --git a/core/src/test/java/com/onelogin/saml2/test/authn/AuthnRequestTest.java b/core/src/test/java/com/onelogin/saml2/test/authn/AuthnRequestTest.java index 253c86c5..3212fb4c 100644 --- a/core/src/test/java/com/onelogin/saml2/test/authn/AuthnRequestTest.java +++ b/core/src/test/java/com/onelogin/saml2/test/authn/AuthnRequestTest.java @@ -17,6 +17,7 @@ import org.junit.Test; import com.onelogin.saml2.authn.AuthnRequest; +import com.onelogin.saml2.authn.AuthnRequestParams; import com.onelogin.saml2.settings.Saml2Settings; import com.onelogin.saml2.settings.SettingsBuilder; import com.onelogin.saml2.util.Util; @@ -164,13 +165,13 @@ public void testForceAuthN() throws Exception { assertThat(authnRequestStr, containsString("")); settings = new SettingsBuilder().fromFile("config/config.emailaddressformat.properties").build(); - authnRequest = new AuthnRequest(settings, false, false, false, "testuser@example.com"); + authnRequest = new AuthnRequest(settings, new AuthnRequestParams(false, false, false, "testuser@example.com")); authnRequestStringBase64 = authnRequest.getEncodedAuthnRequest(); authnRequestStr = Util.base64decodedInflated(authnRequestStringBase64); assertThat(authnRequestStr, containsString("", null); + LogoutRequest logoutRequest = new LogoutRequest(settings, new LogoutRequestParams(null, "")); String logoutRequestStringBase64 = logoutRequest.getEncodedLogoutRequest(); String logoutRequestStr = Util.base64decodedInflated(logoutRequestStringBase64); assertThat(logoutRequestStr, containsString("<ONELOGIN_1e442c129e1f822c8096086a1103c5ee2c7cae1c>")); assertThat(logoutRequestStr, not(containsString("SPNameQualifier"))); - logoutRequest = new LogoutRequest(settings, null, null, null); + logoutRequest = new LogoutRequest(settings, new LogoutRequestParams(null, null)); logoutRequestStringBase64 = logoutRequest.getEncodedLogoutRequest(); logoutRequestStr = Util.base64decodedInflated(logoutRequestStringBase64); assertThat(logoutRequestStr, containsString("null, - * otherwise no relayState at all will be appended if an empty - * string is provided - * @param forceAuthn When true the AuthNRequest will set the - * ForceAuthn='true' - * @param isPassive When true the AuthNRequest will set the - * IsPassive='true' - * @param setNameIdPolicy When true the AuthNRequest will set a nameIdPolicy - * @param stay True if we want to stay (returns the url string) False - * to execute redirection - * @param nameIdValueReq Indicates to the IdP the subject that should be - * authenticated + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the authenticated user should be + * redirected after the authentication response has been received + * back from the Identity Provider and validated correctly with + * {@link #processResponse()}; please note that SAML 2.0 + * specification imposes a limit of max 80 characters for this + * relayState data and that protection strategies against tampering + * should better be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided + * @param forceAuthn + * When true the AuthNRequest will set the ForceAuthn='true' + * @param isPassive + * When true the AuthNRequest will set the IsPassive='true' + * @param setNameIdPolicy + * When true the AuthNRequest will set a nameIdPolicy + * @param stay + * True if we want to stay (returns the url string) False to + * execute redirection + * @param nameIdValueReq + * Indicates to the IdP the subject that should be authenticated * * @return the SSO URL with the AuthNRequest if stay = True * * @throws IOException * @throws SettingsException + * @deprecated use {@link #login(String, AuthnRequestParams, Boolean)} with + * {@link AuthnRequestParams#AuthnRequestParams(boolean, boolean, boolean, String)} + * instead */ + @Deprecated public String login(String relayState, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy, Boolean stay, String nameIdValueReq) throws IOException, SettingsException { Map parameters = new HashMap(); - return login(relayState, forceAuthn, isPassive, setNameIdPolicy, stay, - nameIdValueReq, parameters); + return login(relayState, new AuthnRequestParams(forceAuthn, isPassive, setNameIdPolicy, nameIdValueReq), stay, + parameters); } /** * Initiates the SSO process. * - * @param relayState a state information to pass forth and back between - * the Service Provider and the Identity Provider; - * in the most simple case, it may be a URL to which - * the authenticated user should be redirected after the - * authentication response has been received back from the - * Identity Provider and validated correctly with - * {@link #processResponse()}; please note that SAML 2.0 - * specification imposes a limit of max 80 characters for - * this relayState data and that protection strategies - * against tampering should better be implemented; - * it will be a self-routed URL when null, - * otherwise no relayState at all will be appended if an empty - * string is provided - * @param forceAuthn When true the AuthNRequest will set the - * ForceAuthn='true' - * @param isPassive When true the AuthNRequest will set the - * IsPassive='true' - * @param setNameIdPolicy When true the AuthNRequest will set a nameIdPolicy - * @param stay True if we want to stay (returns the url string) False - * to execute redirection - * @param nameIdValueReq Indicates to the IdP the subject that should be - * authenticated - * @param parameters Use it to send extra parameters in addition to the AuthNRequest + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the authenticated user should be + * redirected after the authentication response has been received + * back from the Identity Provider and validated correctly with + * {@link #processResponse()}; please note that SAML 2.0 + * specification imposes a limit of max 80 characters for this + * relayState data and that protection strategies against tampering + * should better be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided + * @param forceAuthn + * When true the AuthNRequest will set the ForceAuthn='true' + * @param isPassive + * When true the AuthNRequest will set the IsPassive='true' + * @param setNameIdPolicy + * When true the AuthNRequest will set a nameIdPolicy + * @param stay + * True if we want to stay (returns the url string) False to + * execute redirection + * @param nameIdValueReq + * Indicates to the IdP the subject that should be authenticated + * @param parameters + * Use it to send extra parameters in addition to the AuthNRequest * * @return the SSO URL with the AuthNRequest if stay = True * * @throws IOException * @throws SettingsException + * @deprecated use {@link #login(String, AuthnRequestParams, Boolean, Map)} with + * {@link AuthnRequestParams#AuthnRequestParams(boolean, boolean, boolean, String)} + * instead */ + @Deprecated public String login(String relayState, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy, Boolean stay, String nameIdValueReq, Map parameters) throws IOException, SettingsException { - AuthnRequest authnRequest = new AuthnRequest(settings, forceAuthn, isPassive, setNameIdPolicy, nameIdValueReq); + return login(relayState, new AuthnRequestParams(forceAuthn, isPassive, setNameIdPolicy, nameIdValueReq), stay, + parameters); + } + + /** + * Initiates the SSO process. + * + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the authenticated user should be + * redirected after the authentication response has been received + * back from the Identity Provider and validated correctly with + * {@link #processResponse()}; please note that SAML 2.0 + * specification imposes a limit of max 80 characters for this + * relayState data and that protection strategies against tampering + * should better be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided + * @param forceAuthn + * When true the AuthNRequest will set the ForceAuthn='true' + * @param isPassive + * When true the AuthNRequest will set the IsPassive='true' + * @param setNameIdPolicy + * When true the AuthNRequest will set a nameIdPolicy + * @param stay + * True if we want to stay (returns the url string) False to + * execute redirection + * + * @return the SSO URL with the AuthNRequest if stay = True + * + * @throws IOException + * @throws SettingsException + * @deprecated use {@link #login(String, AuthnRequestParams, Boolean)} with + * {@link AuthnRequestParams#AuthnRequestParams(boolean, boolean, boolean)} + * instead + */ + @Deprecated + public String login(String relayState, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy, Boolean stay) + throws IOException, SettingsException { + return login(relayState, new AuthnRequestParams(forceAuthn, isPassive, setNameIdPolicy), stay, null); + } + + /** + * Initiates the SSO process. + * + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the authenticated user should be + * redirected after the authentication response has been received + * back from the Identity Provider and validated correctly with + * {@link #processResponse()}; please note that SAML 2.0 + * specification imposes a limit of max 80 characters for this + * relayState data and that protection strategies against tampering + * should better be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided + * @param forceAuthn + * When true the AuthNRequest will set the ForceAuthn='true' + * @param isPassive + * When true the AuthNRequest will set the IsPassive='true' + * @param setNameIdPolicy + * When true the AuthNRequest will set a nameIdPolicy + * + * @throws IOException + * @throws SettingsException + * @deprecated use {@link #login(String, AuthnRequestParams)} with + * {@link AuthnRequestParams#AuthnRequestParams(boolean, boolean, boolean)} + * instead + */ + @Deprecated + public void login(String relayState, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy) + throws IOException, SettingsException { + login(relayState, new AuthnRequestParams(forceAuthn, isPassive, setNameIdPolicy), false); + } + + /** + * Initiates the SSO process. + * + * @throws IOException + * @throws SettingsException + */ + public void login() throws IOException, SettingsException { + login(null, new AuthnRequestParams(false, false, true)); + } + /** + * Initiates the SSO process. + * + * @param authnRequestParams + * the authentication request input parameters + * + * @throws IOException + * @throws SettingsException + */ + public void login(AuthnRequestParams authnRequestParams) throws IOException, SettingsException { + login(null, authnRequestParams); + } + + /** + * Initiates the SSO process. + * + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the authenticated user should be + * redirected after the authentication response has been received + * back from the Identity Provider and validated correctly with + * {@link #processResponse()}; please note that SAML 2.0 + * specification imposes a limit of max 80 characters for this + * relayState data and that protection strategies against tampering + * should better be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided + * + * @throws IOException + * @throws SettingsException + */ + public void login(String relayState) throws IOException, SettingsException { + login(relayState, new AuthnRequestParams(false, false, true)); + } + + /** + * Initiates the SSO process. + * + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the authenticated user should be + * redirected after the authentication response has been received + * back from the Identity Provider and validated correctly with + * {@link #processResponse()}; please note that SAML 2.0 + * specification imposes a limit of max 80 characters for this + * relayState data and that protection strategies against tampering + * should better be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided + * @param authnRequestParams + * the authentication request input parameters + * + * @throws IOException + * @throws SettingsException + */ + public void login(String relayState, AuthnRequestParams authnRequestParams) throws IOException, SettingsException { + login(relayState, authnRequestParams, false); + } + + /** + * Initiates the SSO process. + * + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the authenticated user should be + * redirected after the authentication response has been received + * back from the Identity Provider and validated correctly with + * {@link #processResponse()}; please note that SAML 2.0 + * specification imposes a limit of max 80 characters for this + * relayState data and that protection strategies against tampering + * should better be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided + * @param authnRequestParams + * the authentication request input parameters + * @param stay + * True if we want to stay (returns the url string) False to + * execute redirection + * + * @return the SSO URL with the AuthNRequest if stay = True + * + * @throws IOException + * @throws SettingsException + */ + public String login(String relayState, AuthnRequestParams authnRequestParams, Boolean stay) throws IOException, SettingsException { + return login(relayState, authnRequestParams, stay, new HashMap<>()); + } + + /** + * Initiates the SSO process. + * + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the authenticated user should be + * redirected after the authentication response has been received + * back from the Identity Provider and validated correctly with + * {@link #processResponse()}; please note that SAML 2.0 + * specification imposes a limit of max 80 characters for this + * relayState data and that protection strategies against tampering + * should better be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided + * @param authnRequestParams + * the authentication request input parameters + * @param stay + * True if we want to stay (returns the url string) False to + * execute redirection + * @param parameters + * Use it to send extra parameters in addition to the AuthNRequest + * + * @return the SSO URL with the AuthNRequest if stay = True + * + * @throws IOException + * @throws SettingsException + */ + public String login(String relayState, AuthnRequestParams authnRequestParams, Boolean stay, Map parameters) throws IOException, SettingsException { + AuthnRequest authnRequest = new AuthnRequest(settings, authnRequestParams); + if (parameters == null) { parameters = new HashMap(); } - + String samlRequest = authnRequest.getEncodedAuthnRequest(); parameters.put("SAMLRequest", samlRequest); @@ -402,7 +622,7 @@ public String login(String relayState, Boolean forceAuthn, Boolean isPassive, Bo if (relayState == null) { relayState = ServletUtils.getSelfRoutedURLNoQuery(request); } - + if (!relayState.isEmpty()) { parameters.put("RelayState", relayState); } @@ -427,190 +647,145 @@ public String login(String relayState, Boolean forceAuthn, Boolean isPassive, Bo } /** - * Initiates the SSO process. + * Initiates the SLO process. * - * @param relayState a state information to pass forth and back between - * the Service Provider and the Identity Provider; - * in the most simple case, it may be a URL to which - * the authenticated user should be redirected after the - * authentication response has been received back from the - * Identity Provider and validated correctly with - * {@link #processResponse()}; please note that SAML 2.0 - * specification imposes a limit of max 80 characters for - * this relayState data and that protection strategies - * against tampering should better be implemented; - * it will be a self-routed URL when null, - * otherwise no relayState at all will be appended if an empty - * string is provided - * @param forceAuthn When true the AuthNRequest will set the - * ForceAuthn='true' - * @param isPassive When true the AuthNRequest will set the - * IsPassive='true' - * @param setNameIdPolicy When true the AuthNRequest will set a nameIdPolicy - * @param stay True if we want to stay (returns the url string) False - * to execute redirection + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the logged out user should be redirected + * after the logout response has been received back from the + * Identity Provider and validated correctly with + * {@link #processSLO()}; please note that SAML 2.0 specification + * imposes a limit of max 80 characters for this relayState data + * and that protection strategies against tampering should better + * be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided + * @param stay + * True if we want to stay (returns the url string) False to + * execute redirection + * @param logoutRequestParams + * the logout request input parameters * - * @return the SSO URL with the AuthNRequest if stay = True + * @return the SLO URL with the LogoutRequest if stay = True * * @throws IOException * @throws SettingsException */ - public String login(String relayState, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy, Boolean stay) + public String logout(String relayState, LogoutRequestParams logoutRequestParams, Boolean stay) throws IOException, SettingsException { - return login(relayState, forceAuthn, isPassive, setNameIdPolicy, stay, null); + Map parameters = new HashMap(); + return logout(relayState, logoutRequestParams, stay, parameters); } /** - * Initiates the SSO process. + * Initiates the SLO process. * - * @param relayState a state information to pass forth and back between - * the Service Provider and the Identity Provider; - * in the most simple case, it may be a URL to which - * the authenticated user should be redirected after the - * authentication response has been received back from the - * Identity Provider and validated correctly with - * {@link #processResponse()}; please note that SAML 2.0 - * specification imposes a limit of max 80 characters for - * this relayState data and that protection strategies - * against tampering should better be implemented; - * it will be a self-routed URL when null, - * otherwise no relayState at all will be appended if an empty - * string is provided - * @param forceAuthn When true the AuthNRequest will set the - * ForceAuthn='true' - * @param isPassive When true the AuthNRequest will set the - * IsPassive='true' - * @param setNameIdPolicy When true the AuthNRequest will set a nameIdPolicy + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the logged out user should be redirected + * after the logout response has been received back from the + * Identity Provider and validated correctly with + * {@link #processSLO()}; please note that SAML 2.0 specification + * imposes a limit of max 80 characters for this relayState data + * and that protection strategies against tampering should better + * be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided + * @param logoutRequestParams + * the logout request input parameters * * @throws IOException * @throws SettingsException */ - public void login(String relayState, Boolean forceAuthn, Boolean isPassive, Boolean setNameIdPolicy) + public void logout(String relayState, LogoutRequestParams logoutRequestParams) throws IOException, SettingsException { - login(relayState, forceAuthn, isPassive, setNameIdPolicy, false); - } - - /** - * Initiates the SSO process. - * - * @throws IOException - * @throws SettingsException - */ - public void login() throws IOException, SettingsException { - login(null, false, false, true); - } - - /** - * Initiates the SSO process. - * - * @param relayState a state information to pass forth and back between - * the Service Provider and the Identity Provider; - * in the most simple case, it may be a URL to which - * the authenticated user should be redirected after the - * authentication response has been received back from the - * Identity Provider and validated correctly with - * {@link #processResponse()}; please note that SAML 2.0 - * specification imposes a limit of max 80 characters for - * this relayState data and that protection strategies - * against tampering should better be implemented; - * it will be a self-routed URL when null, - * otherwise no relayState at all will be appended if an empty - * string is provided - * - * @throws IOException - * @throws SettingsException - */ - public void login(String relayState) throws IOException, SettingsException { - login(relayState, false, false, true); + logout(relayState, logoutRequestParams, false); } /** * Initiates the SLO process. * - * @param relayState a state information to pass forth and back between - * the Service Provider and the Identity Provider; - * in the most simple case, it may be a URL to which - * the logged out user should be redirected after the - * logout response has been received back from the - * Identity Provider and validated correctly with - * {@link #processSLO()}; please note that SAML 2.0 - * specification imposes a limit of max 80 characters for - * this relayState data and that protection strategies - * against tampering should better be implemented; - * it will be a self-routed URL when null, - * otherwise no relayState at all will be appended if an empty - * string is provided - * @param nameId The NameID that will be set in the - * LogoutRequest. - * @param sessionIndex The SessionIndex (taken from the SAML Response - * in the SSO process). - * @param stay True if we want to stay (returns the url string) - * False to execute redirection - * @param nameidFormat The NameID Format that will be set in the - * LogoutRequest. - * @param nameIdNameQualifier The NameID NameQualifier that will be set in the - * LogoutRequest. - * @param nameIdSPNameQualifier The NameID SP Name Qualifier that will be set in - * the LogoutRequest. + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the logged out user should be redirected + * after the logout response has been received back from the + * Identity Provider and validated correctly with + * {@link #processSLO()}; please note that SAML 2.0 specification + * imposes a limit of max 80 characters for this relayState data + * and that protection strategies against tampering should better + * be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided + * @param nameId + * The NameID that will be set in the LogoutRequest. + * @param sessionIndex + * The SessionIndex (taken from the SAML Response in the SSO + * process). + * @param stay + * True if we want to stay (returns the url string) False to + * execute redirection + * @param nameidFormat + * The NameID Format that will be set in the LogoutRequest. + * @param nameIdNameQualifier + * The NameID NameQualifier that will be set in the LogoutRequest. + * @param nameIdSPNameQualifier + * The NameID SP Name Qualifier that will be set in the + * LogoutRequest. * * @return the SLO URL with the LogoutRequest if stay = True * * @throws IOException * @throws SettingsException + * @deprecated use {@link #logout(String, LogoutRequestParams, Boolean)} with + * {@link LogoutRequestParams#LogoutRequestParams(String, String, String, String, String)} + * instead */ public String logout(String relayState, String nameId, String sessionIndex, Boolean stay, String nameidFormat, String nameIdNameQualifier, String nameIdSPNameQualifier) throws IOException, SettingsException { Map parameters = new HashMap(); - return logout(relayState, nameId, sessionIndex, stay, nameidFormat, - nameIdNameQualifier, nameIdSPNameQualifier, parameters); + return logout(relayState, new LogoutRequestParams(sessionIndex, nameId, nameidFormat, nameIdNameQualifier, nameIdSPNameQualifier), stay, parameters); } /** * Initiates the SLO process. * - * @param relayState a state information to pass forth and back between - * the Service Provider and the Identity Provider; - * in the most simple case, it may be a URL to which - * the logged out user should be redirected after the - * logout response has been received back from the - * Identity Provider and validated correctly with - * {@link #processSLO()}; please note that SAML 2.0 - * specification imposes a limit of max 80 characters for - * this relayState data and that protection strategies - * against tampering should better be implemented; - * it will be a self-routed URL when null, - * otherwise no relayState at all will be appended if an empty - * string is provided - * @param nameId The NameID that will be set in the - * LogoutRequest. - * @param sessionIndex The SessionIndex (taken from the SAML Response - * in the SSO process). - * @param stay True if we want to stay (returns the url string) - * False to execute redirection - * @param nameidFormat The NameID Format that will be set in the - * LogoutRequest. - * @param nameIdNameQualifier The NameID NameQualifier that will be set in the - * LogoutRequest. - * @param nameIdSPNameQualifier The NameID SP Name Qualifier that will be set in - * the LogoutRequest. - * @param parameters Use it to send extra parameters in addition to the LogoutRequest + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the logged out user should be redirected + * after the logout response has been received back from the + * Identity Provider and validated correctly with + * {@link #processSLO()}; please note that SAML 2.0 specification + * imposes a limit of max 80 characters for this relayState data + * and that protection strategies against tampering should better + * be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided + * @param logoutRequestParams + * the logout request input parameters + * @param stay + * True if we want to stay (returns the url string) False to + * execute redirection + * @param parameters + * Use it to send extra parameters in addition to the LogoutRequest * * @return the SLO URL with the LogoutRequest if stay = True * * @throws IOException * @throws SettingsException */ - public String logout(String relayState, String nameId, String sessionIndex, Boolean stay, String nameidFormat, - String nameIdNameQualifier, String nameIdSPNameQualifier, Map parameters) + public String logout(String relayState, LogoutRequestParams logoutRequestParams, Boolean stay, Map parameters) throws IOException, SettingsException { if (parameters == null) { parameters = new HashMap(); } - LogoutRequest logoutRequest = new LogoutRequest(settings, null, nameId, sessionIndex, nameidFormat, - nameIdNameQualifier, nameIdSPNameQualifier); + LogoutRequest logoutRequest = new LogoutRequest(settings, logoutRequestParams); String samlLogoutRequest = logoutRequest.getEncodedLogoutRequest(); parameters.put("SAMLRequest", samlLogoutRequest); @@ -644,225 +819,314 @@ public String logout(String relayState, String nameId, String sessionIndex, Bool /** * Initiates the SLO process. * - * @param relayState a state information to pass forth and back between - * the Service Provider and the Identity Provider; - * in the most simple case, it may be a URL to which - * the logged out user should be redirected after the - * logout response has been received back from the - * Identity Provider and validated correctly with - * {@link #processSLO()}; please note that SAML 2.0 - * specification imposes a limit of max 80 characters for - * this relayState data and that protection strategies - * against tampering should better be implemented; - * it will be a self-routed URL when null, - * otherwise no relayState at all will be appended if an empty - * string is provided - * @param nameId The NameID that will be set in the LogoutRequest. - * @param sessionIndex The SessionIndex (taken from the SAML Response in - * the SSO process). - * @param stay True if we want to stay (returns the url string) - * False to execute redirection - * @param nameidFormat The NameID Format will be set in the - * LogoutRequest. - * @param nameIdNameQualifier The NameID NameQualifier will be set in the - * LogoutRequest. + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the logged out user should be redirected + * after the logout response has been received back from the + * Identity Provider and validated correctly with + * {@link #processSLO()}; please note that SAML 2.0 specification + * imposes a limit of max 80 characters for this relayState data + * and that protection strategies against tampering should better + * be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided + * @param nameId + * The NameID that will be set in the LogoutRequest. + * @param sessionIndex + * The SessionIndex (taken from the SAML Response in the SSO + * process). + * @param stay + * True if we want to stay (returns the url string) False to + * execute redirection + * @param nameidFormat + * The NameID Format that will be set in the LogoutRequest. + * @param nameIdNameQualifier + * The NameID NameQualifier that will be set in the LogoutRequest. + * @param nameIdSPNameQualifier + * The NameID SP Name Qualifier that will be set in the + * LogoutRequest. + * @param parameters + * Use it to send extra parameters in addition to the LogoutRequest * * @return the SLO URL with the LogoutRequest if stay = True * * @throws IOException * @throws SettingsException + * @deprecated use {@link #logout(String, LogoutRequestParams, Boolean, Map)} + * with + * {@link LogoutRequestParams#LogoutRequestParams(String, String, String, String, String)} + * instead */ + @Deprecated + public String logout(String relayState, String nameId, String sessionIndex, Boolean stay, String nameidFormat, + String nameIdNameQualifier, String nameIdSPNameQualifier, Map parameters) + throws IOException, SettingsException { + return logout(relayState, new LogoutRequestParams(sessionIndex, nameId, nameidFormat, nameIdNameQualifier, nameIdSPNameQualifier), stay, parameters); + } + + /** + * Initiates the SLO process. + * + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the logged out user should be redirected + * after the logout response has been received back from the + * Identity Provider and validated correctly with + * {@link #processSLO()}; please note that SAML 2.0 specification + * imposes a limit of max 80 characters for this relayState data + * and that protection strategies against tampering should better + * be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided + * @param nameId + * The NameID that will be set in the LogoutRequest. + * @param sessionIndex + * The SessionIndex (taken from the SAML Response in the SSO + * process). + * @param stay + * True if we want to stay (returns the url string) False to + * execute redirection + * @param nameidFormat + * The NameID Format will be set in the LogoutRequest. + * @param nameIdNameQualifier + * The NameID NameQualifier will be set in the LogoutRequest. + * + * @return the SLO URL with the LogoutRequest if stay = True + * + * @throws IOException + * @throws SettingsException + * @deprecated use {@link #logout(String, LogoutRequestParams, Boolean)} with + * {@link LogoutRequestParams#LogoutRequestParams(String, String, String, String)} + * instead + */ + @Deprecated public String logout(String relayState, String nameId, String sessionIndex, Boolean stay, String nameidFormat, String nameIdNameQualifier) throws IOException, SettingsException { - return logout(relayState, nameId, sessionIndex, stay, nameidFormat, nameIdNameQualifier, null); + return logout(relayState, new LogoutRequestParams(sessionIndex, nameId, nameidFormat, nameIdNameQualifier), stay, null); } /** * Initiates the SLO process. * - * @param relayState a state information to pass forth and back between - * the Service Provider and the Identity Provider; - * in the most simple case, it may be a URL to which - * the logged out user should be redirected after the - * logout response has been received back from the - * Identity Provider and validated correctly with - * {@link #processSLO()}; please note that SAML 2.0 - * specification imposes a limit of max 80 characters for - * this relayState data and that protection strategies - * against tampering should better be implemented; - * it will be a self-routed URL when null, - * otherwise no relayState at all will be appended if an empty - * string is provided - * @param nameId The NameID that will be set in the LogoutRequest. - * @param sessionIndex The SessionIndex (taken from the SAML Response in the SSO - * process). - * @param stay True if we want to stay (returns the url string) False to - * execute redirection - * @param nameidFormat The NameID Format will be set in the LogoutRequest. + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the logged out user should be redirected + * after the logout response has been received back from the + * Identity Provider and validated correctly with + * {@link #processSLO()}; please note that SAML 2.0 specification + * imposes a limit of max 80 characters for this relayState data + * and that protection strategies against tampering should better + * be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided + * @param nameId + * The NameID that will be set in the LogoutRequest. + * @param sessionIndex + * The SessionIndex (taken from the SAML Response in the SSO + * process). + * @param stay + * True if we want to stay (returns the url string) False to + * execute redirection + * @param nameidFormat + * The NameID Format will be set in the LogoutRequest. * * @return the SLO URL with the LogoutRequest if stay = True * * @throws IOException * @throws SettingsException + * @deprecated use {@link #logout(String, LogoutRequestParams, Boolean)} with + * {@link LogoutRequestParams#LogoutRequestParams(String, String, String)} + * instead */ + @Deprecated public String logout(String relayState, String nameId, String sessionIndex, Boolean stay, String nameidFormat) throws IOException, SettingsException { - return logout(relayState, nameId, sessionIndex, stay, nameidFormat, null); + return logout(relayState, new LogoutRequestParams(sessionIndex, nameId, nameidFormat), stay, null); } /** * Initiates the SLO process. * - * @param relayState a state information to pass forth and back between - * the Service Provider and the Identity Provider; - * in the most simple case, it may be a URL to which - * the logged out user should be redirected after the - * logout response has been received back from the - * Identity Provider and validated correctly with - * {@link #processSLO()}; please note that SAML 2.0 - * specification imposes a limit of max 80 characters for - * this relayState data and that protection strategies - * against tampering should better be implemented; - * it will be a self-routed URL when null, - * otherwise no relayState at all will be appended if an empty - * string is provided - * @param nameId The NameID that will be set in the LogoutRequest. - * @param sessionIndex The SessionIndex (taken from the SAML Response in the SSO - * process). - * @param stay True if we want to stay (returns the url string) False to - * execute redirection + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the logged out user should be redirected + * after the logout response has been received back from the + * Identity Provider and validated correctly with + * {@link #processSLO()}; please note that SAML 2.0 specification + * imposes a limit of max 80 characters for this relayState data + * and that protection strategies against tampering should better + * be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided + * @param nameId + * The NameID that will be set in the LogoutRequest. + * @param sessionIndex + * The SessionIndex (taken from the SAML Response in the SSO + * process). + * @param stay + * True if we want to stay (returns the url string) False to + * execute redirection * * @return the SLO URL with the LogoutRequest if stay = True * * @throws IOException * @throws SettingsException + * @deprecated use {@link #logout(String, LogoutRequestParams, Boolean)} with + * {@link LogoutRequestParams#LogoutRequestParams(String, String)} + * instead */ + @Deprecated public String logout(String relayState, String nameId, String sessionIndex, Boolean stay) throws IOException, SettingsException { - return logout(relayState, nameId, sessionIndex, stay, null); + return logout(relayState, new LogoutRequestParams(sessionIndex, nameId), stay, null); } /** * Initiates the SLO process. * - * @param relayState a state information to pass forth and back between - * the Service Provider and the Identity Provider; - * in the most simple case, it may be a URL to which - * the logged out user should be redirected after the - * logout response has been received back from the - * Identity Provider and validated correctly with - * {@link #processSLO()}; please note that SAML 2.0 - * specification imposes a limit of max 80 characters for - * this relayState data and that protection strategies - * against tampering should better be implemented; - * it will be a self-routed URL when null, - * otherwise no relayState at all will be appended if an empty - * string is provided - * @param nameId The NameID that will be set in the - * LogoutRequest. - * @param sessionIndex The SessionIndex (taken from the SAML Response - * in the SSO process). - * @param nameidFormat The NameID Format will be set in the - * LogoutRequest. - * @param nameIdNameQualifier The NameID NameQualifier that will be set in the - * LogoutRequest. - * @param nameIdSPNameQualifier The NameID SP Name Qualifier that will be set in - * the LogoutRequest. + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the logged out user should be redirected + * after the logout response has been received back from the + * Identity Provider and validated correctly with + * {@link #processSLO()}; please note that SAML 2.0 specification + * imposes a limit of max 80 characters for this relayState data + * and that protection strategies against tampering should better + * be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided + * @param nameId + * The NameID that will be set in the LogoutRequest. + * @param sessionIndex + * The SessionIndex (taken from the SAML Response in the SSO + * process). + * @param nameidFormat + * The NameID Format will be set in the LogoutRequest. + * @param nameIdNameQualifier + * The NameID NameQualifier that will be set in the LogoutRequest. + * @param nameIdSPNameQualifier + * The NameID SP Name Qualifier that will be set in the + * LogoutRequest. * @throws IOException * @throws SettingsException + * @deprecated use {@link #logout(String, LogoutRequestParams)} with + * {@link LogoutRequestParams#LogoutRequestParams(String, String, String, String, String)} + * instead */ + @Deprecated public void logout(String relayState, String nameId, String sessionIndex, String nameidFormat, String nameIdNameQualifier, String nameIdSPNameQualifier) throws IOException, SettingsException { - logout(relayState, nameId, sessionIndex, false, nameidFormat, nameIdNameQualifier, nameIdSPNameQualifier); + logout(relayState, new LogoutRequestParams(sessionIndex, nameId, nameidFormat, nameIdNameQualifier, nameIdSPNameQualifier), false); } /** * Initiates the SLO process. * - * @param relayState a state information to pass forth and back between - * the Service Provider and the Identity Provider; - * in the most simple case, it may be a URL to which - * the logged out user should be redirected after the - * logout response has been received back from the - * Identity Provider and validated correctly with - * {@link #processSLO()}; please note that SAML 2.0 - * specification imposes a limit of max 80 characters for - * this relayState data and that protection strategies - * against tampering should better be implemented; - * it will be a self-routed URL when null, - * otherwise no relayState at all will be appended if an empty - * string is provided - * @param nameId The NameID that will be set in the LogoutRequest. - * @param sessionIndex The SessionIndex (taken from the SAML Response in - * the SSO process). - * @param nameidFormat The NameID Format will be set in the - * LogoutRequest. - * @param nameIdNameQualifier The NameID NameQualifier will be set in the - * LogoutRequest. + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the logged out user should be redirected + * after the logout response has been received back from the + * Identity Provider and validated correctly with + * {@link #processSLO()}; please note that SAML 2.0 specification + * imposes a limit of max 80 characters for this relayState data + * and that protection strategies against tampering should better + * be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided + * @param nameId + * The NameID that will be set in the LogoutRequest. + * @param sessionIndex + * The SessionIndex (taken from the SAML Response in the SSO + * process). + * @param nameidFormat + * The NameID Format will be set in the LogoutRequest. + * @param nameIdNameQualifier + * The NameID NameQualifier will be set in the LogoutRequest. * * @throws IOException * @throws SettingsException + * @deprecated use {@link #logout(String, LogoutRequestParams)} with + * {@link LogoutRequestParams#LogoutRequestParams(String, String, String, String)} + * instead */ + @Deprecated public void logout(String relayState, String nameId, String sessionIndex, String nameidFormat, String nameIdNameQualifier) throws IOException, SettingsException { - logout(relayState, nameId, sessionIndex, false, nameidFormat, nameIdNameQualifier); + logout(relayState, new LogoutRequestParams(sessionIndex, nameId, nameidFormat, nameIdNameQualifier), false); } /** * Initiates the SLO process. * - * @param relayState a state information to pass forth and back between - * the Service Provider and the Identity Provider; - * in the most simple case, it may be a URL to which - * the logged out user should be redirected after the - * logout response has been received back from the - * Identity Provider and validated correctly with - * {@link #processSLO()}; please note that SAML 2.0 - * specification imposes a limit of max 80 characters for - * this relayState data and that protection strategies - * against tampering should better be implemented; - * it will be a self-routed URL when null, - * otherwise no relayState at all will be appended if an empty - * string is provided - * @param nameId The NameID that will be set in the LogoutRequest. - * @param sessionIndex The SessionIndex (taken from the SAML Response in the SSO - * process). - * @param nameidFormat The NameID Format will be set in the LogoutRequest. + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the logged out user should be redirected + * after the logout response has been received back from the + * Identity Provider and validated correctly with + * {@link #processSLO()}; please note that SAML 2.0 specification + * imposes a limit of max 80 characters for this relayState data + * and that protection strategies against tampering should better + * be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided + * @param nameId + * The NameID that will be set in the LogoutRequest. + * @param sessionIndex + * The SessionIndex (taken from the SAML Response in the SSO + * process). + * @param nameidFormat + * The NameID Format will be set in the LogoutRequest. * @throws IOException * @throws SettingsException + * @deprecated use {@link #logout(String, LogoutRequestParams)} with + * {@link LogoutRequestParams#LogoutRequestParams(String, String, String)} + * instead */ + @Deprecated public void logout(String relayState, String nameId, String sessionIndex, String nameidFormat) throws IOException, SettingsException { - logout(relayState, nameId, sessionIndex, false, nameidFormat); + logout(relayState, new LogoutRequestParams(sessionIndex, nameId, nameidFormat), false); } /** * Initiates the SLO process. * - * @param relayState a state information to pass forth and back between - * the Service Provider and the Identity Provider; - * in the most simple case, it may be a URL to which - * the logged out user should be redirected after the - * logout response has been received back from the - * Identity Provider and validated correctly with - * {@link #processSLO()}; please note that SAML 2.0 - * specification imposes a limit of max 80 characters for - * this relayState data and that protection strategies - * against tampering should better be implemented; - * it will be a self-routed URL when null, - * otherwise no relayState at all will be appended if an empty - * string is provided - * @param nameId The NameID that will be set in the LogoutRequest. - * @param sessionIndex The SessionIndex (taken from the SAML Response in the SSO - * process). + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the logged out user should be redirected + * after the logout response has been received back from the + * Identity Provider and validated correctly with + * {@link #processSLO()}; please note that SAML 2.0 specification + * imposes a limit of max 80 characters for this relayState data + * and that protection strategies against tampering should better + * be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided + * @param nameId + * The NameID that will be set in the LogoutRequest. + * @param sessionIndex + * The SessionIndex (taken from the SAML Response in the SSO + * process). * * @throws IOException * @throws SettingsException + * @deprecated use {@link #logout(String, LogoutRequestParams)} with + * {@link LogoutRequestParams#LogoutRequestParams(String, String)} + * instead */ + @Deprecated public void logout(String relayState, String nameId, String sessionIndex) throws IOException, SettingsException { - logout(relayState, nameId, sessionIndex, false, null); + logout(relayState, new LogoutRequestParams(sessionIndex, nameId), false, null); } /** @@ -872,31 +1136,30 @@ public void logout(String relayState, String nameId, String sessionIndex) * @throws SettingsException */ public void logout() throws IOException, SettingsException { - logout(null, null, null, false); + logout(null, new LogoutRequestParams(), false); } /** * Initiates the SLO process. * - * @param relayState a state information to pass forth and back between - * the Service Provider and the Identity Provider; - * in the most simple case, it may be a URL to which - * the logged out user should be redirected after the - * logout response has been received back from the - * Identity Provider and validated correctly with - * {@link #processSLO()}; please note that SAML 2.0 - * specification imposes a limit of max 80 characters for - * this relayState data and that protection strategies - * against tampering should better be implemented; - * it will be a self-routed URL when null, - * otherwise no relayState at all will be appended if an empty - * string is provided + * @param relayState + * a state information to pass forth and back between the Service + * Provider and the Identity Provider; in the most simple case, it + * may be a URL to which the logged out user should be redirected + * after the logout response has been received back from the + * Identity Provider and validated correctly with + * {@link #processSLO()}; please note that SAML 2.0 specification + * imposes a limit of max 80 characters for this relayState data + * and that protection strategies against tampering should better + * be implemented; it will be a self-routed URL when + * null, otherwise no relayState at all will be + * appended if an empty string is provided * * @throws IOException * @throws SettingsException */ public void logout(String relayState) throws IOException, SettingsException { - logout(relayState, null, null); + logout(relayState, new LogoutRequestParams(), false); } /** diff --git a/toolkit/src/test/java/com/onelogin/saml2/test/AuthTest.java b/toolkit/src/test/java/com/onelogin/saml2/test/AuthTest.java index e0426f6c..ff8f1e54 100644 --- a/toolkit/src/test/java/com/onelogin/saml2/test/AuthTest.java +++ b/toolkit/src/test/java/com/onelogin/saml2/test/AuthTest.java @@ -43,21 +43,22 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; +import org.mockito.ArgumentCaptor; +import org.w3c.dom.Document; import com.onelogin.saml2.Auth; +import com.onelogin.saml2.authn.AuthnRequestParams; import com.onelogin.saml2.exception.Error; -import com.onelogin.saml2.exception.ValidationError; import com.onelogin.saml2.exception.SettingsException; +import com.onelogin.saml2.exception.ValidationError; import com.onelogin.saml2.exception.XMLEntityException; +import com.onelogin.saml2.logout.LogoutRequestParams; import com.onelogin.saml2.model.KeyStoreSettings; import com.onelogin.saml2.settings.Saml2Settings; import com.onelogin.saml2.settings.SettingsBuilder; import com.onelogin.saml2.util.Constants; import com.onelogin.saml2.util.Util; -import org.mockito.ArgumentCaptor; -import org.w3c.dom.Document; - public class AuthTest { @Rule @@ -1381,7 +1382,7 @@ public void testLoginWithExtraParameters() throws IOException, SettingsException Auth auth = new Auth(settings, request, response); Map extraParameters = new HashMap(); extraParameters.put("parameter1", "xxx"); - String target = auth.login("", false, false, false, true, null, extraParameters); + String target = auth.login("", new AuthnRequestParams(false, false, false), true, extraParameters); assertThat(target, startsWith("https://pitbulk.no-ip.org/simplesaml/saml2/idp/SSOService.php?SAMLRequest=")); assertThat(target, containsString("¶meter1=xxx")); } @@ -1410,12 +1411,12 @@ public void testLoginStay() throws IOException, SettingsException, URISyntaxExce settings.setAuthnRequestsSigned(false); Auth auth = new Auth(settings, request, response); - String target = auth.login("", false, false, false, true); + String target = auth.login("", new AuthnRequestParams(false, false, false), true); assertThat(target, startsWith("https://pitbulk.no-ip.org/simplesaml/saml2/idp/SSOService.php?SAMLRequest=")); assertThat(target, not(containsString("&RelayState="))); String relayState = "http://localhost:8080/expected.jsp"; - target = auth.login(relayState, false, false, false, true); + target = auth.login(relayState, new AuthnRequestParams(false, false, false), true); assertThat(target, startsWith("https://pitbulk.no-ip.org/simplesaml/saml2/idp/SSOService.php?SAMLRequest=")); assertThat(target, containsString("&RelayState=http%3A%2F%2Flocalhost%3A8080%2Fexpected.jsp")); } @@ -1443,13 +1444,13 @@ public void testLoginSubject() throws IOException, SettingsException, URISyntaxE Saml2Settings settings = new SettingsBuilder().fromFile("config/config.min.properties").build(); Auth auth = new Auth(settings, request, response); - String target = auth.login("", false, false, false, true); + String target = auth.login("", new AuthnRequestParams(false, false, false), true); assertThat(target, startsWith("http://idp.example.com/simplesaml/saml2/idp/SSOService.php?SAMLRequest=")); String authNRequestStr = getSAMLRequestFromURL(target); assertThat(authNRequestStr, containsString(" extraParameters = new HashMap(); extraParameters.put("parameter1", "xxx"); - String target = auth.logout("", null, null, true, null, null, null, extraParameters); + String target = auth.logout("", new LogoutRequestParams(), true, extraParameters); assertThat(target, startsWith("https://pitbulk.no-ip.org/simplesaml/saml2/idp/SingleLogoutService.php?SAMLRequest=")); assertThat(target, containsString("¶meter1=xxx")); } @@ -1677,12 +1678,12 @@ public void testLogoutStay() throws IOException, SettingsException, XMLEntityExc settings.setLogoutRequestSigned(false); Auth auth = new Auth(settings, request, response); - String target = auth.logout("", null, null, true); + String target = auth.logout("", new LogoutRequestParams(), true); assertThat(target, startsWith("https://pitbulk.no-ip.org/simplesaml/saml2/idp/SingleLogoutService.php?SAMLRequest=")); assertThat(target, not(containsString("&RelayState="))); String relayState = "http://localhost:8080/expected.jsp"; - target = auth.logout(relayState, null, null, true); + target = auth.logout(relayState, new LogoutRequestParams(), true); assertThat(target, startsWith("https://pitbulk.no-ip.org/simplesaml/saml2/idp/SingleLogoutService.php?SAMLRequest=")); assertThat(target, containsString("&RelayState=http%3A%2F%2Flocalhost%3A8080%2Fexpected.jsp")); } @@ -2086,7 +2087,7 @@ public void testGetLastAuthNRequest() throws IOException, SettingsException, Err Saml2Settings settings = new SettingsBuilder().fromFile("config/config.min.properties").build(); Auth auth = new Auth(settings, request, response); - String targetSSOURL = auth.login(null, false, false, false, true); + String targetSSOURL = auth.login(null, new AuthnRequestParams(false, false, false), true); String authNRequestXML = auth.getLastRequestXML(); assertThat(targetSSOURL, containsString(Util.urlEncoder(Util.deflatedBase64encoded(authNRequestXML)))); @@ -2112,7 +2113,7 @@ public void testGetLastLogoutRequestSent() throws IOException, SettingsException Saml2Settings settings = new SettingsBuilder().fromFile("config/config.min.properties").build(); Auth auth = new Auth(settings, request, response); - String targetSLOURL = auth.logout(null, null, null, true); + String targetSLOURL = auth.logout(null, new LogoutRequestParams(), true); String logoutRequestXML = auth.getLastRequestXML(); assertThat(targetSLOURL, containsString(Util.urlEncoder(Util.deflatedBase64encoded(logoutRequestXML))));