Skip to content
Snippets Groups Projects
Commit 0203e62d authored by Andreas Åkre Solberg's avatar Andreas Åkre Solberg
Browse files

Improved error handling in saml 2.0 initslo, as well as graceful fallback when...

Improved error handling in saml 2.0 initslo, as well as graceful fallback when cookie is lost for some reason

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@274 44740490-163a-0410-bde0-09ae8108e29a
parent ba591492
No related branches found
No related tags found
No related merge requests found
...@@ -8,8 +8,6 @@ require_once('SimpleSAML/Session.php'); ...@@ -8,8 +8,6 @@ require_once('SimpleSAML/Session.php');
require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php'); require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php');
require_once('SimpleSAML/XML/SAML20/LogoutRequest.php'); require_once('SimpleSAML/XML/SAML20/LogoutRequest.php');
require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php'); require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
//require_once('SimpleSAML/Bindings/SAML20/HTTPPost.php');
$config = SimpleSAML_Configuration::getInstance(); $config = SimpleSAML_Configuration::getInstance();
...@@ -19,53 +17,47 @@ $session = SimpleSAML_Session::getInstance(); ...@@ -19,53 +17,47 @@ $session = SimpleSAML_Session::getInstance();
$logger = new SimpleSAML_Logger(); $logger = new SimpleSAML_Logger();
$idpentityid = $session->getIdP();
// isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $config->getValue('default-saml20-idp') ;
$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
$logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'SP.initSLO', 'EVENT', 'Access',
'Accessing SAML 2.0 SP initSLO script');
if (isset($session) ) { if (isset($session) ) {
try { try {
$lr = new SimpleSAML_XML_SAML20_LogoutRequest($config, $metadata);
// ($issuer, $receiver, $nameid, $sessionindex, $mode) { $idpentityid = $session->getIdP();
$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
$logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'SP.initSLO', 'EVENT', 'Access',
'Accessing SAML 2.0 SP initSLO script');
/**
* Create a logout request
*/
$lr = new SimpleSAML_XML_SAML20_LogoutRequest($config, $metadata);
$req = $lr->generate($spentityid, $idpentityid, $session->getNameID(), $session->getSessionIndex(), 'SP'); $req = $lr->generate($spentityid, $idpentityid, $session->getNameID(), $session->getSessionIndex(), 'SP');
$httpredirect = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata); $httpredirect = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata);
$relayState = SimpleSAML_Utilities::selfURL(); $relayState = SimpleSAML_Utilities::selfURL();
if (isset($_GET['RelayState'])) { if (isset($_REQUEST['RelayState'])) {
$relayState = $_GET['RelayState']; $relayState = $_REQUEST['RelayState'];
} }
$logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.initSLO', 'LogoutRequest', 'N/A', $logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.initSLO', 'LogoutRequest', 'N/A',
'SP (' . $spentityid . ') is sending logout request to IdP (' . $idpentityid . ')'); 'SP (' . $spentityid . ') is sending logout request to IdP (' . $idpentityid . ')');
//$request, $remoteentityid, $relayState = null, $endpoint = 'SingleLogoutService', $direction = 'SAMLRequest', $mode = 'SP'
$httpredirect->sendMessage($req, $spentityid, $idpentityid, $relayState, 'SingleLogoutService', 'SAMLRequest', 'SP'); $httpredirect->sendMessage($req, $spentityid, $idpentityid, $relayState, 'SingleLogoutService', 'SAMLRequest', 'SP');
} catch(Exception $exception) { } catch(Exception $exception) {
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'CREATEREQUEST', $exception);
$et = new SimpleSAML_XHTML_Template($config, 'error.php');
$et->data['message'] = 'Some error occured when trying to issue the logout request to the IdP.';
$et->data['e'] = $exception;
$et->show();
} }
} else { } else {
if (!isset($_REQUEST['RelayState']))
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
$relaystate = $session->getRelayState(); $relaystate = $_REQUEST['RelayState'];
$logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.initSLO', 'AlreadyLoggedOut', 'N/A', $logger->log(LOG_NOTICE, 'NA', 'SAML2.0', 'SP.initSLO', 'AlreadyLoggedOut', 'N/A',
'User is already logged out. Go back to relaystate'); 'User is already logged out. Go back to relaystate');
SimpleSAML_Utilities::redirect($relaystate); SimpleSAML_Utilities::redirect($relaystate);
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment