Single Log Out with OpenSAML

To logout an user from the SP an LogoutRequest is sent. The data needed about the user is the SessionIndex and NameID from the data recived at login. I my case in the Assertion in the Artifact Resolve Response.

//IPR Ergogroup AS
public static void doSynchronousLogout(final HttpSession sessionToLogout, final SAMLMetaData metaData) throws SOAPException, SecurityException, ValidationException, IllegalArgumentException, java.lang.SecurityException, IllegalAccessException, MarshallingException, SignatureException {

  NameID nameId = (NameID)sessionToLogout.getAttribute("SAMLNameID");
  String sessionIndex = (String)sessionToLogout.getAttribute("SAMLSessionIndex");

  
   Body body = buildSAMLObjectWithDefaultName(Body.class);

   LogoutRequest logoutRequest = genererateLogoutRequest(nameId, sessionIndex, metaData);
   signLogoutRequest(logoutRequest);
   body.getUnknownXMLObjects().add(logoutRequest);
   nameId.detach();
   Envelope envelope = buildSAMLObjectWithDefaultName(Envelope.class);
   envelope.setBody(body);

   SAMLUtil.logSAMLObject(envelope);

   BasicSOAPMessageContext soapContext = new BasicSOAPMessageContext();

   soapContext.setOutboundMessage(envelope);

   HttpClientBuilder clientBuilder = new HttpClientBuilder();

   HttpSOAPClient soapClient = new HttpSOAPClient(clientBuilder.buildClient(), new BasicParserPool());

    String sloServiceURL = null;
    for (SingleLogoutService sls : metaData.getIdpEntityDescriptor().getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleLogoutServices()) {
     if (sls.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) {
      sloServiceURL = sls.getLocation();
     }
    }
    soapClient.send(sloServiceURL, soapContext);

    Envelope soapResponse = (Envelope)soapContext.getInboundMessage();

    SAMLUtil.logSAMLObject(soapResponse);

    validateSLOResponse(soapResponse, logoutRequest.getID());
    verifySLOResponseSignature(soapResponse);
    processSLOResponse(soapResponse);
  
 }

 
 private static LogoutRequest genererateLogoutRequest(final NameID nameId, final String sessionIndex, final SAMLMetaData metaData) throws IllegalArgumentException, java.lang.SecurityException, IllegalAccessException {
  LogoutRequest logoutRequest = buildSAMLObjectWithDefaultName(LogoutRequest.class);

  logoutRequest.setID(SAMLUtil.getSecureRandomIdentifier());

  for (SingleLogoutService sls : metaData.getIdpEntityDescriptor().getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleLogoutServices()) {
   if (sls.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) {
    logoutRequest.setDestination(sls.getLocation());
   }
  }

  logoutRequest.setIssueInstant(new DateTime());

  Issuer issuer = buildSAMLObjectWithDefaultName(Issuer.class);
  issuer.setValue(EvoteProperties.getProperty("SPEntityId"));
  logoutRequest.setIssuer(issuer);

  SessionIndex sessionIndexElement = buildSAMLObjectWithDefaultName(SessionIndex.class);

  sessionIndexElement.setSessionIndex(sessionIndex);
  logoutRequest.getSessionIndexes().add(sessionIndexElement);

  logoutRequest.setNameID(nameId);
  return logoutRequest;
 }

LogoutRequest sent:

my-alias


Sn7qX8Yf4Pcs6SLl4Yn0NyEx6P0=


cE3wgjeM+45uk/XVNQl+1NZKeRwRzFnJN9xaL/36vnXqu6eLBqs8eqdQ2a+yY9UkZz0gU1NrTqUMQgIANw1WfkL2a+sxQqqu2p4ggXKNwHiMWbyfPEUkxQM4wSwr3ECObjyVqrgPDA+4TiDyqPj2NBtZGo8WU3fvpOGQkQN19f0=


MIIBrzCCARigAwIBAgIETTWluTANBgkqhkiG9w0BAQUFADAcMRowGAYDVQQDExFzdGVyYXMuZXZh
bGcuZXJnbzAeFw0xMTAxMTgxNDM3NDVaFw0yMTAxMTUxNDM3NDVaMBwxGjAYBgNVBAMTEXN0ZXJh
cy5ldmFsZy5lcmdvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCy96UiOiuQcDQMVNorHKWC
u8lAqHCpdgL8SEKsBven1e9Bek5VSspQdyh8Q/t8hmISZq0oEEvtcbZivV1hGQKQIWjTU/utSxGl
ZDbPNweuxNH6JHiNzDSzbNiMkdBJcy/Szfdx8HGpbnpXrpU+ICNnQl5Ee2V48hlkcH7jwlCMzwID
AQABMA0GCSqGSIb3DQEBBQUAA4GBABxQKfXHtomdAlXd+umpCyUUOgcs5shu4HHXr9m48H+YPCXs
kLwqzDe49WWaX9h7cLClVsHviAccno52Pj7mQfjKgvg1J3JHhTLINTrbgZ1e7mNtiJ9Lez2awbIt
v7RKU+R2AyiU6wHsjPGN+CQuiT9lZNWQMOih1R+yHT04kkl8



puEYi51x6aylfgXbBJTLSTTxOqck
s2ce6f528812bbf545358af381cc864c575e9cb901

This is the resulting LogoutResponse in my case:

idp-alias


CDFFLlD2FX8fjlPJLKpJZRusnx0=


cKgVEfLR48x7urpH+TV+V1gHYnVhc/ErkMhwp17rjAMfjHKHk0EPgH2+aOV7Z83udbfr0RPKF5Zd
Mg0zq1KIm29RsqUsUYNKKNiYPlEkBIoHPcc2AhftpA/VNRjea7q2W9+y6XV2YWjzGnArrfflv1KM
1t5C89Vz/VB0jQdJvMU=


Request is done successfully