Single Log Out with OpenSAML
To logout an user from the SP an LogoutRequest is sent. The data needed about the user is the SessionIndex and NameID from the data recived at login. I my case in the Assertion in the Artifact Resolve Response.
//IPR Ergogroup AS public static void doSynchronousLogout(final HttpSession sessionToLogout, final SAMLMetaData metaData) throws SOAPException, SecurityException, ValidationException, IllegalArgumentException, java.lang.SecurityException, IllegalAccessException, MarshallingException, SignatureException { NameID nameId = (NameID)sessionToLogout.getAttribute("SAMLNameID"); String sessionIndex = (String)sessionToLogout.getAttribute("SAMLSessionIndex"); Body body = buildSAMLObjectWithDefaultName(Body.class); LogoutRequest logoutRequest = genererateLogoutRequest(nameId, sessionIndex, metaData); signLogoutRequest(logoutRequest); body.getUnknownXMLObjects().add(logoutRequest); nameId.detach(); Envelope envelope = buildSAMLObjectWithDefaultName(Envelope.class); envelope.setBody(body); SAMLUtil.logSAMLObject(envelope); BasicSOAPMessageContext soapContext = new BasicSOAPMessageContext(); soapContext.setOutboundMessage(envelope); HttpClientBuilder clientBuilder = new HttpClientBuilder(); HttpSOAPClient soapClient = new HttpSOAPClient(clientBuilder.buildClient(), new BasicParserPool()); String sloServiceURL = null; for (SingleLogoutService sls : metaData.getIdpEntityDescriptor().getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleLogoutServices()) { if (sls.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) { sloServiceURL = sls.getLocation(); } } soapClient.send(sloServiceURL, soapContext); Envelope soapResponse = (Envelope)soapContext.getInboundMessage(); SAMLUtil.logSAMLObject(soapResponse); validateSLOResponse(soapResponse, logoutRequest.getID()); verifySLOResponseSignature(soapResponse); processSLOResponse(soapResponse); } private static LogoutRequest genererateLogoutRequest(final NameID nameId, final String sessionIndex, final SAMLMetaData metaData) throws IllegalArgumentException, java.lang.SecurityException, IllegalAccessException { LogoutRequest logoutRequest = buildSAMLObjectWithDefaultName(LogoutRequest.class); logoutRequest.setID(SAMLUtil.getSecureRandomIdentifier()); for (SingleLogoutService sls : metaData.getIdpEntityDescriptor().getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleLogoutServices()) { if (sls.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) { logoutRequest.setDestination(sls.getLocation()); } } logoutRequest.setIssueInstant(new DateTime()); Issuer issuer = buildSAMLObjectWithDefaultName(Issuer.class); issuer.setValue(EvoteProperties.getProperty("SPEntityId")); logoutRequest.setIssuer(issuer); SessionIndex sessionIndexElement = buildSAMLObjectWithDefaultName(SessionIndex.class); sessionIndexElement.setSessionIndex(sessionIndex); logoutRequest.getSessionIndexes().add(sessionIndexElement); logoutRequest.setNameID(nameId); return logoutRequest; }
LogoutRequest sent:
my-alias Sn7qX8Yf4Pcs6SLl4Yn0NyEx6P0= cE3wgjeM+45uk/XVNQl+1NZKeRwRzFnJN9xaL/36vnXqu6eLBqs8eqdQ2a+yY9UkZz0gU1NrTqUMQgIANw1WfkL2a+sxQqqu2p4ggXKNwHiMWbyfPEUkxQM4wSwr3ECObjyVqrgPDA+4TiDyqPj2NBtZGo8WU3fvpOGQkQN19f0= MIIBrzCCARigAwIBAgIETTWluTANBgkqhkiG9w0BAQUFADAcMRowGAYDVQQDExFzdGVyYXMuZXZh bGcuZXJnbzAeFw0xMTAxMTgxNDM3NDVaFw0yMTAxMTUxNDM3NDVaMBwxGjAYBgNVBAMTEXN0ZXJh cy5ldmFsZy5lcmdvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCy96UiOiuQcDQMVNorHKWC u8lAqHCpdgL8SEKsBven1e9Bek5VSspQdyh8Q/t8hmISZq0oEEvtcbZivV1hGQKQIWjTU/utSxGl ZDbPNweuxNH6JHiNzDSzbNiMkdBJcy/Szfdx8HGpbnpXrpU+ICNnQl5Ee2V48hlkcH7jwlCMzwID AQABMA0GCSqGSIb3DQEBBQUAA4GBABxQKfXHtomdAlXd+umpCyUUOgcs5shu4HHXr9m48H+YPCXs kLwqzDe49WWaX9h7cLClVsHviAccno52Pj7mQfjKgvg1J3JHhTLINTrbgZ1e7mNtiJ9Lez2awbIt v7RKU+R2AyiU6wHsjPGN+CQuiT9lZNWQMOih1R+yHT04kkl8 puEYi51x6aylfgXbBJTLSTTxOqck s2ce6f528812bbf545358af381cc864c575e9cb901
This is the resulting LogoutResponse in my case:
idp-alias CDFFLlD2FX8fjlPJLKpJZRusnx0= cKgVEfLR48x7urpH+TV+V1gHYnVhc/ErkMhwp17rjAMfjHKHk0EPgH2+aOV7Z83udbfr0RPKF5Zd Mg0zq1KIm29RsqUsUYNKKNiYPlEkBIoHPcc2AhftpA/VNRjea7q2W9+y6XV2YWjzGnArrfflv1KM 1t5C89Vz/VB0jQdJvMU= Request is done successfully
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 基于Microsoft.Extensions.AI核心库实现RAG应用
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· 震惊!C++程序真的从main开始吗?99%的程序员都答错了
· 【硬核科普】Trae如何「偷看」你的代码?零基础破解AI编程运行原理
· 单元测试从入门到精通
· 上周热点回顾(3.3-3.9)
· winform 绘制太阳,地球,月球 运作规律