UaaSamlLogoutFilter.java

package org.cloudfoundry.identity.uaa.authentication;

import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SingleLogoutService;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.saml.SAMLConstants;
import org.springframework.security.saml.SAMLCredential;
import org.springframework.security.saml.SAMLLogoutFilter;
import org.springframework.security.saml.context.SAMLMessageContext;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.util.Assert;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.List;

public class UaaSamlLogoutFilter extends SAMLLogoutFilter {


    public UaaSamlLogoutFilter(LogoutSuccessHandler logoutSuccessHandler, LogoutHandler... handlers) {
        super(logoutSuccessHandler, handlers, handlers);
        setFilterProcessesUrl("/logout.do");
    }

    @Override
    protected boolean isGlobalLogout(HttpServletRequest request, Authentication auth) {
        SAMLMessageContext context;
        try {
            SAMLCredential credential = (SAMLCredential) auth.getCredentials();
            request.setAttribute(SAMLConstants.LOCAL_ENTITY_ID, credential.getLocalEntityID());
            request.setAttribute(SAMLConstants.PEER_ENTITY_ID, credential.getRemoteEntityID());
            context = contextProvider.getLocalAndPeerEntity(request, null);
            IDPSSODescriptor idp = (IDPSSODescriptor) context.getPeerEntityRoleMetadata();
            List<SingleLogoutService> singleLogoutServices = idp.getSingleLogoutServices();
            return singleLogoutServices.size() != 0;
        } catch (MetadataProviderException e) {
            logger.debug("Error processing metadata", e);
            return false;
        }
    }

    @Override
    protected boolean requiresLogout(HttpServletRequest request, HttpServletResponse response) {
        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
        return auth != null && auth.getCredentials() instanceof SAMLCredential && super.requiresLogout(request, response);
    }
}