public RedirectionResponse createSignOutRequest()

in plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java [608:676]

• 54 lines of code
• 9 McCabe index (conditional complexity)

    public RedirectionResponse createSignOutRequest(HttpServletRequest request,
                                                    SamlAssertionWrapper token,
                                                    FedizContext config)
        throws ProcessingException {

        try {
            if (!(config.getProtocol() instanceof SAMLProtocol)) {
                LOG.error("Unsupported protocol");
                throw new IllegalStateException("Unsupported protocol");
            }

            String redirectURL = ((SAMLProtocol)config.getProtocol()).getIssuerLogoutURL();
            if (redirectURL == null) {
                String issuerURL = resolveIssuer(request, config);
                LOG.info("Issuer url: " + issuerURL);
                if (issuerURL != null && !issuerURL.isEmpty()) {
                    redirectURL = issuerURL;
                }
            }
            if (redirectURL == null) {
                LOG.debug("No issuerLogoutURL or issuer parameter specified for logout");
                throw new ProcessingException("Failed to create SignOutRequest");
            }

            SAMLPRequestBuilder samlpRequestBuilder =
                ((SAMLProtocol)config.getProtocol()).getSAMLPRequestBuilder();

            Document doc = DOMUtils.createDocument();
            doc.appendChild(doc.createElement("root"));

            // Create the LogoutRequest
            String realm = resolveWTRealm(request, config);
            String reason = "urn:oasis:names:tc:SAML:2.0:logout:user";
            LogoutRequest logoutRequest =
                samlpRequestBuilder.createLogoutRequest(realm, reason, token);

            if (((SAMLProtocol)config.getProtocol()).isSignRequest()) {
                logoutRequest.setDestination(redirectURL);
            }

            Element logoutRequestElement = OpenSAMLUtil.toDom(logoutRequest, doc);
            String logoutRequestEncoded = encodeAuthnRequest(logoutRequestElement);

            String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8");

            String urlEncodedRequest =
                URLEncoder.encode(logoutRequestEncoded, "UTF-8");

            StringBuilder sb = new StringBuilder(SAMLSSOConstants.SAML_REQUEST).append('=').append(urlEncodedRequest)
                .append('&').append(SAMLSSOConstants.RELAY_STATE).append('=').append(relayState);

            if (((SAMLProtocol)config.getProtocol()).isSignRequest()) {
                String signature = signRequest(config, sb);
                sb.append('&').append(SAMLSSOConstants.SIGNATURE).append('=').append(signature);
            }

            RedirectionResponse response = new RedirectionResponse();
            response.addHeader("Cache-Control", "no-cache, no-store");
            response.addHeader("Pragma", "no-cache");
            response.setState(relayState);

            response.setRedirectionURL(redirectURL + '?' + sb.toString());

            return response;
        } catch (Exception ex) {
            LOG.error("Failed to create SignOutRequest", ex);
            throw new ProcessingException("Failed to create SignOutRequest");
        }
    }