Fix Logout errors

sgrampone · sgrampone · commit 3fde14b72a83 · 2025-08-21T17:27:18.000-03:00
diff --git a/gamsaml20/src/main/java/com/genexus/saml20/utils/DSig.java b/gamsaml20/src/main/java/com/genexus/saml20/utils/DSig.java
@@ -56,25 +56,10 @@ public static String validateSignatures(Document xmlDoc, String certPath, String
 				return "";
 			}
 		}
-		return buildXml(assertions, xmlDoc);
+		return SamlAssertionUtils.isLogout(xmlDoc) ? SamlAssertionUtils.buildXmlLogout(assertions) : SamlAssertionUtils.buildXmlLogin(assertions, xmlDoc);
 	}
 
-	public static String buildXml(List<Element> assertions, Document xmlDoc){
-		//security meassure against assertion manipulation, it assures that every assertion to be used on the app has been signed and verified
-		Element element = xmlDoc.getDocumentElement();
-		Node response  = element.cloneNode(false);
 
-		NodeList status = element.getElementsByTagNameNS("urn:oasis:names:tc:SAML:2.0:protocol", "Status");
-		response.appendChild(status.item(0));
-
-		for(Element elem: assertions){
-			if(!elem.getLocalName().equals("Response")){
-				Node node = elem.cloneNode(true);
-				response.appendChild(node);
-			}
-		}
-		return Encoding.elementToString((Element) response);
-	}
 
 	private static boolean verifySignatureAlgorithm(Element elem) {
 		logger.trace("verifySignatureAlgorithm");
diff --git a/gamsaml20/src/main/java/com/genexus/saml20/utils/SamlAssertionUtils.java b/gamsaml20/src/main/java/com/genexus/saml20/utils/SamlAssertionUtils.java
@@ -49,6 +49,37 @@ public static Document loadDocument(String xml) {
 		}
 	}
 
+	public static String buildXmlLogin(List<org.w3c.dom.Element> assertions, Document xmlDoc){
+		//security meassure against assertion manipulation, it assures that every assertion to be used on the app has been signed and verified
+		org.w3c.dom.Element element = xmlDoc.getDocumentElement();
+		Node response  = element.cloneNode(false);
+
+		NodeList status = element.getElementsByTagNameNS(_saml_protocolNS, "Status");
+		response.appendChild(status.item(0));
+
+		for(org.w3c.dom.Element elem: assertions){
+			if(!elem.getLocalName().equals("Response")){
+				Node node = elem.cloneNode(true);
+				response.appendChild(node);
+			}
+		}
+		return Encoding.elementToString((org.w3c.dom.Element) response);
+	}
+
+	public static String buildXmlLogout(List<org.w3c.dom.Element> assertions){
+		if(assertions.isEmpty())
+		{
+			return "";
+		}
+		org.w3c.dom.Element element =  assertions.get(0);
+		Node logoutResponse = element.cloneNode(false);
+		NodeList status = element.getElementsByTagNameNS(_saml_protocolNS, "Status");
+		logoutResponse.appendChild(status.item(0));
+		NodeList issuer = element.getElementsByTagNameNS(_saml_assertionNS, "Issuer");
+		logoutResponse.appendChild(issuer.item(0));
+		return Encoding.elementToString((org.w3c.dom.Element) logoutResponse);
+	}
+
 	public static boolean isLogout(Document xmlDoc){
 		logger.trace("isLogout");
 		try {
