diff --git a/templates/logout-iframe.php b/templates/logout-iframe.php
index 5f8ab0e205caa1cf38cd68fe0a2ca1f8eb1de278..52751f97e6846c30f1b00452f58f4882dc536226 100644
--- a/templates/logout-iframe.php
+++ b/templates/logout-iframe.php
@@ -50,6 +50,7 @@ function startslo() {
$("#hiddeniframecontainer").html("' . str_replace('"', '\"', $iframehtml) . '");
$("table#slostatustable tr.onhold").removeClass("onhold").addClass("inprogress");
/* $("div.completedButWarnings").show(); */
+' . ($iframehtml === '' ? 'sendResponse();' : '') . '
setTimeout("toolong()", 16000);
}
@@ -64,7 +65,7 @@ function slocompletesp($entityhash) {
function slocompleted() {
/* $("div.completedButWarnings").show(); */
$("div#interrupt").hide();
-' . ($nologoutSPs ? ' ' : 'setTimeout("sendResponse()", 2000);') . '
+ setTimeout("sendResponse()", 2000);
}
function sendResponse() {
diff --git a/www/saml2/idp/SingleLogoutServiceiFrame.php b/www/saml2/idp/SingleLogoutServiceiFrame.php
index b394474d577a1ccdb775e3fc5739c2f2e7baa2ed..c27ce3a84267b8b60dc2d40f6f93b756c024b93c 100644
--- a/www/saml2/idp/SingleLogoutServiceiFrame.php
+++ b/www/saml2/idp/SingleLogoutServiceiFrame.php
@@ -104,7 +104,30 @@ function updateslostatus() {
$templistofsps = $session->get_sp_list(SimpleSAML_Session::STATE_ONLINE);
$listofsps = array();
foreach ($templistofsps AS $spentityid) {
- if (!empty($_COOKIE['spstate-' . sha1($spentityid)])) $listofsps[] = $spentityid;
+ if (!empty($_COOKIE['spstate-' . sha1($spentityid)])) {
+ $listofsps[] = $spentityid;
+ continue;
+ }
+
+ try {
+ $spmetadata = $metadata->getMetaData($spentityid, 'saml20-sp-remote');
+ } catch (Exception $e) {
+ /*
+ * For some reason, the metadata for this SP is no longer available. Most
+ * likely it was deleted from the IdP while the user had a session to it.
+ * In any case - skip this SP.
+ */
+ $listofsps[] = $spentityid;
+ continue;
+ }
+
+ if (!isset($spmetadata['SingleLogoutService'])) {
+ /* No logout endpoint. */
+ $listofsps[] = $spentityid;
+ continue;
+ }
+
+ /* This SP isn't ready yet. */
}
SimpleSAML_Logger::debug('SAML2.0 - IdP.SingleLogoutServiceiFrame: templistofsps ' . join(',', $templistofsps));
SimpleSAML_Logger::debug('SAML2.0 - IdP.SingleLogoutServiceiFrame: listofsps ' . join(',', $listofsps));
diff --git a/www/saml2/idp/idpInitSingleLogoutServiceiFrame.php b/www/saml2/idp/idpInitSingleLogoutServiceiFrame.php
index c75dcdcf0620470b068163e5509035f0b535ff84..3db8a69ac3a48fd5da857f86865ccf6c42efd5ae 100644
--- a/www/saml2/idp/idpInitSingleLogoutServiceiFrame.php
+++ b/www/saml2/idp/idpInitSingleLogoutServiceiFrame.php
@@ -97,7 +97,30 @@ function updateslostatus() {
$templistofsps = $session->get_sp_list(SimpleSAML_Session::STATE_ONLINE);
$listofsps = array();
foreach ($templistofsps AS $spentityid) {
- if (!empty($_COOKIE['spstate-' . sha1($spentityid)])) $listofsps[] = $spentityid;
+ if (!empty($_COOKIE['spstate-' . sha1($spentityid)])) {
+ $listofsps[] = $spentityid;
+ continue;
+ }
+
+ try {
+ $spmetadata = $metadata->getMetaData($spentityid, 'saml20-sp-remote');
+ } catch (Exception $e) {
+ /*
+ * For some reason, the metadata for this SP is no longer available. Most
+ * likely it was deleted from the IdP while the user had a session to it.
+ * In any case - skip this SP.
+ */
+ $listofsps[] = $spentityid;
+ continue;
+ }
+
+ if (!isset($spmetadata['SingleLogoutService'])) {
+ /* No logout endpoint. */
+ $listofsps[] = $spentityid;
+ continue;
+ }
+
+ /* This SP isn't ready yet. */
}
SimpleSAML_Logger::debug('SAML2.0 - IdP.SingleLogoutServiceiFrame: templistofsps ' . join(',', $templistofsps));
SimpleSAML_Logger::debug('SAML2.0 - IdP.SingleLogoutServiceiFrame: listofsps ' . join(',', $listofsps));
@@ -224,7 +247,7 @@ SimpleSAML_Logger::debug('SAML2.0 - SP Counter. other SPs with SLO support (' .
/*
* If the user is not logged into any other SPs.
*/
-if (count($sparray) === 0) {
+if (count($sparray) + count($sparrayNoLogout) === 0) {
SimpleSAML_Utilities::redirect($relayState);
exit;
}