saml2/idp: Deprecate iframe versions of SingleLogoutService endpoints.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2143 44740490-163a-0410-bde0-09ae8108e29a

docs/simplesamlphp-idp-more.txt

@@ -17,7 +17,6 @@ If you have read about the AJAX iFrame Single Log-Out approach at Andreas' blog
 
 	'logouttype' => 'iframe',
 
-Notice that when setting this option after already having shared metadata with Service Providers, you need to send new metadata. The automatically genereated metadata will change.
 
 Attribute Release Consent
 -------------------------

lib/SimpleSAML/Metadata/MetaDataStorageHandler.php

@@ -74,7 +74,7 @@ class SimpleSAML_Metadata_MetaDataStorageHandler {
 	 * @param $set  The set we the property comes from.
 	 * @return The autogenerated metadata property.
 	 */
-	public function getGenerated($property, $set = 'saml20-sp-hosted', $options = array() ) {
+	public function getGenerated($property, $set = 'saml20-sp-hosted') {
 
 		/* First we check if the user has overridden this property in the metadata. */
 		try {
@@ -102,38 +102,13 @@ class SimpleSAML_Metadata_MetaDataStorageHandler {
 					return $baseurl . 'saml2/sp/SingleLogoutService.php';					
 			}
 		} elseif($set == 'saml20-idp-hosted') {
-			
-			$logouttype = 'traditional';
-			if (array_key_exists('logouttype', $options)) $logouttype = $options['logouttype'];
-			if (!in_array($logouttype, array('traditional', 'iframe'))) 
-				throw new Exception('Invalid logout type [' . $logouttype . '] in IdP Hosted Metadata');
 
 			switch ($property) {				
 				case 'SingleSignOnService' : 
 					return $baseurl . 'saml2/idp/SSOService.php';
 
 				case 'SingleLogoutService' : 
-					
-					switch ($logouttype) {
-						case 'iframe' : 
-							return $baseurl . 'saml2/idp/SingleLogoutServiceiFrame.php';
-						
-						case 'traditional' :
-						default :
-							return $baseurl . 'saml2/idp/SingleLogoutService.php';			
-					}
-				
-				case 'SingleLogoutServiceResponse' : 
-
-					switch ($logouttype) {
-						case 'iframe' : 
-							return $baseurl . 'saml2/idp/SingleLogoutServiceiFrameResponse.php';
-						
-						case 'traditional' :
-						default :
-							return $baseurl . 'saml2/idp/SingleLogoutService.php';			
-					}
-				
+					return $baseurl . 'saml2/idp/SingleLogoutService.php';
 			}
 		} elseif($set == 'shib13-sp-hosted') {
 			switch ($property) {				

www/saml2/idp/SingleLogoutServiceiFrame.php

 <?php
 
-/**
- * This SAML 2.0 endpoint can receive incoming LogoutRequests. It will also send LogoutResponses, 
- * and LogoutRequests and also receive LogoutResponses. It is implemeting SLO at the SAML 2.0 IdP.
+/*
+ * This endpoint is provided for backwards compatibility,
+ * and should not be used.
  *
- * @author Andreas Åkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
- * @package simpleSAMLphp
- * @version $Id$
+ * Use SingleLogoutService.php instead.
  */
-
 require_once('../../_include.php');
 
 SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutServiceiFrame: Accessing SAML 2.0 IdP endpoint SingleLogoutService (iFrame version)');

www/saml2/idp/SingleLogoutServiceiFrameResponse.php

 <?php
 
-
-/**
- * This SAML 2.0 endpoint can receive incoming LogoutResponses. 
+/*
+ * This endpoint is provided for backwards compatibility,
+ * and should not be used.
  *
- * @author Andreas Åkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
- * @package simpleSAMLphp
- * @version $Id$
+ * Use SingleLogoutService.php instead.
  */
-
 require_once('../../_include.php');
 
 SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutServiceiFrameResponse: Accessing SAML 2.0 IdP endpoint SingleLogoutServiceResponse (iFrame version)');

www/saml2/idp/idpInitSingleLogoutServiceiFrame.php

 <?php
 
-/**
- * IdP Initiated Single Log-Out. Requires one parameter: RelayState.
+/*
+ * This endpoint is provided for backwards compatibility,
+ * and should not be used.
  *
- * @author Andreas Åkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
- * @package simpleSAMLphp
- * @version $Id$
+ * Use SingleLogoutService.php?ReturnTo=... instead.
  */
-
 require_once('../../_include.php');
 
 $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();

www/saml2/idp/metadata.php

@@ -28,25 +28,14 @@ try {
 		$certFingerprint = $certFingerprint[0];
 	}
 
-	$logouttype = 'traditional';
-	if (array_key_exists('logouttype', $idpmeta)) $logouttype = $idpmeta['logouttype'];
-
-	$urlSLO = $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted', array('logouttype' => $logouttype));
-	$urlSLOr = $metadata->getGenerated('SingleLogoutServiceResponse', 'saml20-idp-hosted', array('logouttype' => $logouttype));
-
 	$metaArray = array(
 		'metadata-set' => 'saml20-idp-remote',
 		'entityid' => $idpentityid,
-		'SingleSignOnService' => $metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted', array()),
-		'SingleLogoutService' => $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted', array('logouttype' => $logouttype)),
-		'SingleLogoutServiceResponse'  => $metadata->getGenerated('SingleLogoutServiceResponse', 'saml20-idp-hosted', array('logouttype' => $logouttype)),
+		'SingleSignOnService' => $metadata->getGenerated('SingleSignOnService', 'saml20-idp-hosted'),
+		'SingleLogoutService' => $metadata->getGenerated('SingleLogoutService', 'saml20-idp-hosted'),
 		'certFingerprint' => $certFingerprint,
 	);
 
-	if ($metaArray['SingleLogoutServiceResponse'] === $metaArray['SingleLogoutService']) {
-		unset($metaArray['SingleLogoutServiceResponse']);
-	}
-
 	if (isset($idpmeta['saml20.sendartifact']) && $idpmeta['saml20.sendartifact'] === TRUE) {
 		/* Artifact sending enabled. */
 		$metaArray['ArtifactResolutionService'][] = array(