Fix parameter name for SAML authn delegation logout call

apereo · Jan 24, 2025 · 8a96918 · 8a96918
1 parent a19b932
commit 8a96918
Show file tree

Hide file tree

Showing 7 changed files with 30 additions and 15 deletions.
diff --git a/api/cas-server-core-api-protocol/src/main/java/org/apereo/cas/CasProtocolConstants.java b/api/cas-server-core-api-protocol/src/main/java/org/apereo/cas/CasProtocolConstants.java
@@ -120,6 +120,11 @@ public interface CasProtocolConstants {
      */
     String PARAMETER_PROXY_GRANTING_TICKET_URL = "pgtUrl";
 
+    /**
+     * Constant representing the logout parameter in the request.
+     */
+    String PARAMETER_LOGOUT_REQUEST = "logoutRequest";
+
     /* CAS Protocol Error Codes. **/
 
     /**

diff --git a/core/cas-server-core-logout-api/src/main/java/org/apereo/cas/logout/LogoutHttpMessage.java b/core/cas-server-core-logout-api/src/main/java/org/apereo/cas/logout/LogoutHttpMessage.java
@@ -1,5 +1,7 @@
 package org.apereo.cas.logout;
 
+import org.apereo.cas.CasProtocolConstants;
+import org.apereo.cas.services.RegisteredService;
 import org.apereo.cas.util.http.HttpMessage;
 
 import lombok.Getter;
@@ -20,21 +22,23 @@
 @Getter
 public class LogoutHttpMessage extends HttpMessage {
 
-    /**
-     * The parameter name that contains the logout request.
-     */
-    public static final String LOGOUT_REQUEST_PARAMETER = "logoutRequest";
-
     @Serial
     private static final long serialVersionUID = 399581521957873727L;
 
-    public LogoutHttpMessage(final URL url, final String message, final boolean asynchronous) {
+    private final String logoutParameter;
+
+    public LogoutHttpMessage(final RegisteredService registeredService, final URL url, final String message, final boolean asynchronous) {
         super(url, message, asynchronous);
         setContentType(MediaType.APPLICATION_FORM_URLENCODED_VALUE);
+        if ("SAML2 Service Provider".equals(registeredService.getFriendlyName())) {
+            this.logoutParameter = "SAMLRequest";
+        } else {
+            this.logoutParameter = CasProtocolConstants.PARAMETER_LOGOUT_REQUEST;
+        }
     }
 
     @Override
     protected String formatOutputMessageInternal(final String message) {
-        return LOGOUT_REQUEST_PARAMETER + '=' + super.formatOutputMessageInternal(message);
+        return logoutParameter + '=' + super.formatOutputMessageInternal(message);
     }
 }
diff --git a/...ut-api/src/main/java/org/apereo/cas/logout/slo/BaseSingleLogoutServiceMessageHandler.java b/...ut-api/src/main/java/org/apereo/cas/logout/slo/BaseSingleLogoutServiceMessageHandler.java
@@ -220,6 +220,6 @@ protected boolean sendMessageToEndpoint(final LogoutHttpMessage msg,
      * @return the logout http message to send
      */
     protected LogoutHttpMessage getLogoutHttpMessageToSend(final SingleLogoutRequestContext request, final SingleLogoutMessage logoutMessage) {
-        return new LogoutHttpMessage(request.getLogoutUrl(), logoutMessage.getPayload(), this.asynchronous);
+        return new LogoutHttpMessage(request.getRegisteredService(), request.getLogoutUrl(), logoutMessage.getPayload(), this.asynchronous);
     }
 }
diff --git a/core/cas-server-core-logout/src/test/java/org/apereo/cas/logout/LogoutHttpMessageTests.java b/core/cas-server-core-logout/src/test/java/org/apereo/cas/logout/LogoutHttpMessageTests.java
@@ -1,5 +1,8 @@
 package org.apereo.cas.logout;
 
+import org.apereo.cas.CasProtocolConstants;
+import org.apereo.cas.services.CasRegisteredService;
+
 import lombok.val;
 import org.junit.jupiter.api.Tag;
 import org.junit.jupiter.api.Test;
@@ -18,7 +21,7 @@
 class LogoutHttpMessageTests {
     @Test
     void verifyOperation() throws Throwable {
-        val message = new LogoutHttpMessage(new URI("https://github.com").toURL(), "LogoutMessage", false);
-        assertTrue(message.getMessage().startsWith(LogoutHttpMessage.LOGOUT_REQUEST_PARAMETER));
+        val message = new LogoutHttpMessage(new CasRegisteredService(), new URI("https://github.com").toURL(), "LogoutMessage", false);
+        assertTrue(message.getMessage().startsWith(CasProtocolConstants.PARAMETER_LOGOUT_REQUEST));
     }
 }
diff --git a/...t-actions-core/src/main/java/org/apereo/cas/web/flow/logout/FrontChannelLogoutAction.java b/...t-actions-core/src/main/java/org/apereo/cas/web/flow/logout/FrontChannelLogoutAction.java
@@ -65,7 +65,7 @@ protected Event doInternalExecute(final RequestContext context) {
                     .map(Unchecked.function(handler -> handler.createSingleLogoutMessage(url)))
                     .forEach(logoutMessage -> {
                         LOGGER.debug("Front-channel logout message to send to [{}] is [{}]", url.getLogoutUrl(), logoutMessage);
-                        val msg = new LogoutHttpMessage(url.getLogoutUrl(), logoutMessage.getPayload(), true);
+                        val msg = new LogoutHttpMessage(url.getRegisteredService(), url.getLogoutUrl(), logoutMessage.getPayload(), true);
                         logoutUrls.put(url, msg);
                         url.setStatus(LogoutRequestStatus.SUCCESS);
                         url.getService().setLoggedOutAlready(true);

diff --git a/...rc/main/java/org/apereo/cas/web/flow/actions/logout/DelegatedSaml2ClientLogoutAction.java b/...rc/main/java/org/apereo/cas/web/flow/actions/logout/DelegatedSaml2ClientLogoutAction.java
@@ -1,9 +1,10 @@
 package org.apereo.cas.web.flow.actions.logout;
 
+import org.apereo.cas.CasProtocolConstants;
 import org.apereo.cas.authentication.principal.ClientCredential;
-import org.apereo.cas.logout.LogoutHttpMessage;
 import org.apereo.cas.logout.slo.SingleLogoutRequestExecutor;
 import org.apereo.cas.support.pac4j.authentication.DelegatedAuthenticationClientLogoutRequest;
+import org.apereo.cas.support.saml.SamlProtocolConstants;
 import org.apereo.cas.ticket.InvalidTicketException;
 import org.apereo.cas.ticket.TicketGrantingTicket;
 import org.apereo.cas.ticket.TransientSessionTicket;
@@ -91,6 +92,8 @@ protected Event doExecuteInternal(final RequestContext requestContext) throws Th
     }
 
     protected boolean isDirectLogoutRequest(final HttpServletRequest request) {
-        return HttpMethod.POST.matches(request.getMethod()) || request.getParameter(LogoutHttpMessage.LOGOUT_REQUEST_PARAMETER) != null;
+        return HttpMethod.POST.matches(request.getMethod())
+            || request.getParameter(CasProtocolConstants.PARAMETER_LOGOUT_REQUEST) != null
+            || request.getParameter(SamlProtocolConstants.PARAMETER_SAML_REQUEST) != null;
     }
 }
diff --git a/...4j-saml/src/test/java/org/apereo/cas/web/saml2/DelegatedSaml2ClientLogoutActionTests.java b/...4j-saml/src/test/java/org/apereo/cas/web/saml2/DelegatedSaml2ClientLogoutActionTests.java
@@ -1,8 +1,8 @@
 package org.apereo.cas.web.saml2;
 
+import org.apereo.cas.CasProtocolConstants;
 import org.apereo.cas.authentication.CoreAuthenticationTestUtils;
 import org.apereo.cas.authentication.principal.ClientCredential;
-import org.apereo.cas.logout.LogoutHttpMessage;
 import org.apereo.cas.support.pac4j.authentication.DelegatedAuthenticationClientLogoutRequest;
 import org.apereo.cas.test.CasTestExtension;
 import org.apereo.cas.ticket.TicketFactory;
@@ -116,7 +116,7 @@ void verifyOperationLogoutRequestParameter() throws Exception {
 
         val context = MockRequestContext.create(applicationContext);
         context.setMethod(HttpMethod.GET);
-        context.setParameter(LogoutHttpMessage.LOGOUT_REQUEST_PARAMETER, "adirectlogoutrequesttotreat");
+        context.setParameter(CasProtocolConstants.PARAMETER_LOGOUT_REQUEST, "adirectlogoutrequesttotreat");
         val webContext = new JEEContext(context.getHttpServletRequest(), context.getHttpServletResponse());
         val manager = new ProfileManager(webContext, delegatedClientDistributedSessionStore);
         val profile = new CommonProfile();