Improved error handling in saml 2.0 initslo, as well as graceful fallback when...

Improved error handling in saml 2.0 initslo, as well as graceful fallback when cookie is lost for some reason git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@274 44740490-163a-0410-bde0-09ae8108e29a

Improved error handling in saml 2.0 initslo, as well as graceful fallback when...
0203e62d · Andreas Åkre Solberg · ba591492 · 0203e62d
Commit 0203e62d authored 17 years ago by Andreas Åkre Solberg
--- a/www/saml2/sp/initSLO.php
+++ b/www/saml2/sp/initSLO.php
@@ -8,8 +8,6 @@ require_once('SimpleSAML/Session.php');
 require_once('SimpleSAML/Metadata/MetaDataStorageHandler.php');
 require_once('SimpleSAML/XML/SAML20/LogoutRequest.php');
 require_once('SimpleSAML/Bindings/SAML20/HTTPRedirect.php');
-//require_once('SimpleSAML/Bindings/SAML20/HTTPPost.php');
 $config = SimpleSAML_Configuration::getInstance();
@@ -19,53 +17,47 @@ $session = SimpleSAML_Session::getInstance();
 $logger = new SimpleSAML_Logger();
-$idpentityid = $session->getIdP();
-//	isset($_GET['idpentityid']) ? $_GET['idpentityid'] : $config->getValue('default-saml20-idp') ;
-$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
-$logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'SP.initSLO', 'EVENT', 'Access', 
-	'Accessing SAML 2.0 SP initSLO script');
 if (isset($session) ) {
 	try {
-		$lr = new SimpleSAML_XML_SAML20_LogoutRequest($config, $metadata);
-		// ($issuer, $receiver, $nameid, $sessionindex, $mode) {
+		$idpentityid = $session->getIdP();
+		$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
+		$logger->log(LOG_INFO, $session->getTrackID(), 'SAML2.0', 'SP.initSLO', 'EVENT', 'Access', 
+			'Accessing SAML 2.0 SP initSLO script');
+		/**
+		 * Create a logout request
+		 */
+		$lr = new SimpleSAML_XML_SAML20_LogoutRequest($config, $metadata);
 		$req = $lr->generate($spentityid, $idpentityid, $session->getNameID(), $session->getSessionIndex(), 'SP');
 		$httpredirect = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata);
 		$relayState = SimpleSAML_Utilities::selfURL();
-		if (isset($_GET['RelayState'])) {
+		if (isset($_REQUEST['RelayState'])) {
-			$relayState = $_GET['RelayState'];
+			$relayState = $_REQUEST['RelayState'];
 		}
 		$logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.initSLO', 'LogoutRequest', 'N/A', 
 			'SP (' . $spentityid . ') is sending logout request to IdP (' . $idpentityid . ')');
-		//$request, $remoteentityid, $relayState = null, $endpoint = 'SingleLogoutService', $direction = 'SAMLRequest', $mode = 'SP'
 		$httpredirect->sendMessage($req, $spentityid, $idpentityid, $relayState, 'SingleLogoutService', 'SAMLRequest', 'SP');
 	} catch(Exception $exception) {
+		SimpleSAML_Utilities::fatalError($session->getTrackID(), 'CREATEREQUEST', $exception);
-		$et = new SimpleSAML_XHTML_Template($config, 'error.php');
-		$et->data['message'] = 'Some error occured when trying to issue the logout request to the IdP.';
-		$et->data['e'] = $exception;
-		$et->show();
 	}
 } else {
+	if (!isset($_REQUEST['RelayState']))
+		SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');		
-	$relaystate = $session->getRelayState();
+	$relaystate = $_REQUEST['RelayState'];
-	$logger->log(LOG_NOTICE, $session->getTrackID(), 'SAML2.0', 'SP.initSLO', 'AlreadyLoggedOut', 'N/A', 
+	$logger->log(LOG_NOTICE, 'NA', 'SAML2.0', 'SP.initSLO', 'AlreadyLoggedOut', 'N/A', 
 		'User is already logged out. Go back to relaystate');
 	SimpleSAML_Utilities::redirect($relaystate);