From 0203e62de4242ede62d2be6fe7e49bb79105c489 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Fri, 8 Feb 2008 19:15:48 +0000
Subject: [PATCH] Improved error handling in saml 2.0 initslo, as well as
graceful fallback when cookie is lost for some reason
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@274 44740490-163a-0410-bde0-09ae8108e29a
---
www/saml2/sp/initSLO.php | 42 ++++++++++++++++------------------------
1 file changed, 17 insertions(+), 25 deletions(-)
diff --git a/www/saml2/sp/initSLO.php b/www/saml2/sp/initSLO.php
index 6a331cfc0..e64c36f63 100644
--- a/www/saml2/sp/initSLO.php
+++ b/www/saml2/sp/initSLO.php
@@ -8,8 +8,6 @@ require_once('SimpleSAML/Session.php');
require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php');
require_once('SimpleSAML/XML/SAML20/LogoutRequest.php');
require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
-//require_once('SimpleSAML/Bindings/SAML20/HTTPPost.php');
-
$config = SimpleSAML_Configuration::getInstance();
@@ -19,53 +17,47 @@ $session = SimpleSAML_Session::getInstance();
$logger = new SimpleSAML_Logger();
-$idpentityid = $session->getIdP();
-// isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $config->getValue('default-saml20-idp') ;
-$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
-
-$logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'SP.initSLO', 'EVENT', 'Access',
- 'Accessing SAML 2.0 SP initSLO script');
-
-
if (isset($session) ) {
try {
- $lr = new SimpleSAML_XML_SAML20_LogoutRequest($config, $metadata);
- // ($issuer, $receiver, $nameid, $sessionindex, $mode) {
+ $idpentityid = $session->getIdP();
+ $spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
+
+ $logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'SP.initSLO', 'EVENT', 'Access',
+ 'Accessing SAML 2.0 SP initSLO script');
+
+ /**
+ * Create a logout request
+ */
+ $lr = new SimpleSAML_XML_SAML20_LogoutRequest($config, $metadata);
$req = $lr->generate($spentityid, $idpentityid, $session->getNameID(), $session->getSessionIndex(), 'SP');
$httpredirect = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata);
$relayState = SimpleSAML_Utilities::selfURL();
- if (isset($_GET['RelayState'])) {
- $relayState = $_GET['RelayState'];
+ if (isset($_REQUEST['RelayState'])) {
+ $relayState = $_REQUEST['RelayState'];
}
$logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.initSLO', 'LogoutRequest', 'N/A',
'SP (' . $spentityid . ') is sending logout request to IdP (' . $idpentityid . ')');
- //$request, $remoteentityid, $relayState = null, $endpoint = 'SingleLogoutService', $direction = 'SAMLRequest', $mode = 'SP'
$httpredirect->sendMessage($req, $spentityid, $idpentityid, $relayState, 'SingleLogoutService', 'SAMLRequest', 'SP');
} catch(Exception $exception) {
-
- $et = new SimpleSAML_XHTML_Template($config, 'error.php');
-
- $et->data['message'] = 'Some error occured when trying to issue the logout request to the IdP.';
- $et->data['e'] = $exception;
-
- $et->show();
-
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'CREATEREQUEST', $exception);
}
} else {
+ if (!isset($_REQUEST['RelayState']))
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
- $relaystate = $session->getRelayState();
+ $relaystate = $_REQUEST['RelayState'];
- $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.initSLO', 'AlreadyLoggedOut', 'N/A',
+ $logger->log(LOG_NOTICE, 'NA', 'SAML2.0', 'SP.initSLO', 'AlreadyLoggedOut', 'N/A',
'User is already logged out. Go back to relaystate');
SimpleSAML_Utilities::redirect($relaystate);
--
GitLab