From 207764e77a683a51573b4c7a9672a3d4a248b806 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Tue, 30 Sep 2008 13:48:13 +0000
Subject: [PATCH] Adding graceful non-javascript support to iframe based SLO
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@905 44740490-163a-0410-bde0-09ae8108e29a
---
templates/default/logout-iframe.php | 109 ++++++++++++------
www/saml2/idp/SingleLogoutServiceiFrame.php | 24 +++-
.../SingleLogoutServiceiFrameNoJavascript.php | 88 ++++++++++++++
.../idp/SingleLogoutServiceiFrameResponse.php | 8 +-
4 files changed, 185 insertions(+), 44 deletions(-)
create mode 100644 www/saml2/idp/SingleLogoutServiceiFrameNoJavascript.php
diff --git a/templates/default/logout-iframe.php b/templates/default/logout-iframe.php
index 7ca0408d3..5abe09d3b 100644
--- a/templates/default/logout-iframe.php
+++ b/templates/default/logout-iframe.php
@@ -1,17 +1,37 @@
<?php
-
- $this->data['head'] .= '<script type="text/javascript" language="JavaScript">
-// use pre-formatted output for this multiplication table
-var j; // loop variables
+
+ $this->data['head'] .= '
+<script type="text/javascript" src="/' . $this->data['baseurlpath']. 'resources/script.js"></script>
+<script type="text/javascript" language="JavaScript">
-xajax_updateslostatus();
-for (j=1; j<=10; j++) {
- setTimeout(\'xajax_updateslostatus()\',j*1000)
+function showdiv(id) {
+ //safe function to show an element with a specified id
+
+ if (document.getElementById) { // DOM3 = IE5, NS6
+ document.getElementById(id).style.display = \'block\';
+ }
+ else {
+ if (document.layers) { // Netscape 4
+ document.id.display = \'block\';
+ }
+ else { // IE 4
+ document.all.id.style.display = \'block\';
+ }
+ }
}
-</script>';
+function init_updateslostatus() {
+ // use pre-formatted output for this multiplication table
+ var j; // loop variables
+ for (j=1; j<=10; j++) {
+ setTimeout(\'xajax_updateslostatus()\',j*1000)
+ }
+}
+</script>';
+ $this->data['onLoad'] = ' init_updateslostatus();';
+
$this->includeAtTemplateBase('includes/header.php');
# $this->includeLanguageFile('consent.php');
@@ -19,40 +39,59 @@ for (j=1; j<=10; j++) {
# $this->includeInlineTranslation('IDPNAME', $this->data['idp_name']);
?>
- <div id="content">
- <?php
-
- $requestername = is_array($this->data['requesterName']) ?
- $this->getTranslation($this->data['requesterName']) : $this->data['requesterName'];
+
+ <div id="a" style="display: none; background: blue; width: 10px; height: 10px">Poot</div>
- ?>
- <p>You have initiated a <strong>global logout</strong> from the service <strong><?php echo $requestername; ?></strong>. Global logout means you will be logged out from all services connected to this identity provider. This page will show the status of the logout proccess for all of the services you are logged into.</p>
+ <div id="content">
- <?php
-
-
- foreach ($this->data['sparray'] AS $sp) {
- echo '<iframe class="hiddeniframe" style="border: 1px solid #888; width: 80%; height: 100px" src="' . $sp['url'] . '" ></iframe>';
- }
+ <noscript>
+ <div id="nojavascriptframe">
+ <iframe style="margin: 1em; width: 90%; height: 5em; border: 1px solid #eee" src="SingleLogoutServiceiFrameNoJavascript.php?response=<?php echo urlencode($this->data['logoutresponse']); ?>"></iframe>
+ </div>
+ </noscript>
+ <div id="requirejavascript" style="display: none">
+
+ <noscript><div style="background: #500; color: white; border: 1px solod #300">Ignore the logout indicators below. They will not be updated as your browser do not support javascript. Logout will still work.</div></noscript>
+
+ <?php
- foreach ($this->data['sparray'] AS $spentityid => $sp) {
+ $requestername = is_array($this->data['requesterName']) ?
+ $this->getTranslation($this->data['requesterName']) : $this->data['requesterName'];
- $spname = is_array($sp['name']) ? $this->getTranslation($sp['name']) : $sp['name'];
- echo '<div class="inprogress" id="' . $spentityid . '">
- <img style="float: left; margin: 3px" src="/' . $this->data['baseurlpath'] . 'resources/progress.gif" />Wait... is logging out from <strong>' . $spname . '</strong></div>';
- }
+ ?>
+ <p>You have initiated a <strong>global logout</strong> from the service <strong><?php echo $requestername; ?></strong>. Global logout means you will be logged out from all services connected to this identity provider. This page will show the status of the logout proccess for all of the services you are logged into.</p>
+
+
+ <?php
+
+ foreach ($this->data['sparray'] AS $sp) {
+ echo '<iframe class="hiddeniframe" style="border: 1px solid #888; width: 80%; height: 100px" src="' . $sp['url'] . '" ></iframe>' . "\n";
+ }
+
+ foreach ($this->data['sparray'] AS $spentityid => $sp) {
+
+ $spname = is_array($sp['name']) ? $this->getTranslation($sp['name']) : $sp['name'];
+ echo '<div class="inprogress" id="e' . sha1($spentityid) . '">
+ <img style="float: left; margin: 3px" src="/' . $this->data['baseurlpath'] . 'resources/progress.gif" alt="Progress bar" />Wait... is logging out from <strong>' . $spname . '</strong></div>' . "\n";
+ }
+
+ ?>
- ?>
+ <div id="interrupt">[ <a href="<?php echo $this->data['logoutresponse']; ?>">Interrupt logging out and go back to service</a> ]</div>
+ <div id="iscompleted">You have successfully logged out from all services listed above.
+ <!-- form method="get" action="<?php echo $this->data['logoutresponse']; ?>">
+ <input type="submit" name="s" value="OK, continue back to <?php echo $this->data['requesterName']; ?> to complete the logout process." />
+ </form -->
+ <br />[ <a href="<?php echo $this->data['logoutresponse']; ?>">OK, continue back to <?php echo $requestername; ?> to complete the logout process.</a> ]
+ </div>
+
- <div id="interrupt">[ <a href="<?php echo $this->data['logoutresponse']; ?>">Interrupt logging out and go back to service</a> ]</div>
- <div id="iscompleted">You have successfully logged out from all services listed above.
- <!-- form method="get" action="<?php echo $this->data['logoutresponse']; ?>">
- <input type="submit" name="s" value="OK, continue back to <?php echo $this->data['requesterName']; ?> to complete the logout process." />
- </form -->
- <br />[ <a href="<?php echo $this->data['logoutresponse']; ?>">OK, continue back to <?php echo $requestername; ?> to complete the logout process.</a> ]
</div>
- </div>
+
+ <script type="text/javascript" language="JavaScript">
+ showdiv('requirejavascript');
+ </script>
-<?php $this->includeAtTemplateBase('includes/footer.php'); ?>
+<?php $this->includeAtTemplateBase('includes/footer.php'); ?>
\ No newline at end of file
diff --git a/www/saml2/idp/SingleLogoutServiceiFrame.php b/www/saml2/idp/SingleLogoutServiceiFrame.php
index 514d7e46a..1142ae0a8 100644
--- a/www/saml2/idp/SingleLogoutServiceiFrame.php
+++ b/www/saml2/idp/SingleLogoutServiceiFrame.php
@@ -117,8 +117,8 @@ function updateslostatus() {
$spname = is_array($name) ? $t->getTranslation($name) : $name;
- $objResponse->addAssign($spentityid, "className", 'loggedout');
- $objResponse->addAssign($spentityid, "innerHTML", 'Logging out from <strong>' . $spname . '</strong> successfully completed');
+ $objResponse->addAssign('e' . sha1($spentityid), "className", 'loggedout');
+ $objResponse->addAssign('e' . sha1($spentityid), "innerHTML", 'Logging out from <strong>' . $spname . '</strong> successfully completed');
}
@@ -373,6 +373,26 @@ if (array_key_exists('name', $spmeta)) $spname = $spmeta['name'];
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
$et = new SimpleSAML_XHTML_Template($config, 'logout-iframe.php');
diff --git a/www/saml2/idp/SingleLogoutServiceiFrameNoJavascript.php b/www/saml2/idp/SingleLogoutServiceiFrameNoJavascript.php
new file mode 100644
index 000000000..e7035c546
--- /dev/null
+++ b/www/saml2/idp/SingleLogoutServiceiFrameNoJavascript.php
@@ -0,0 +1,88 @@
+<?php
+
+/**
+ * This SAML 2.0 endpoint can receive incomming LogoutRequests. It will also send LogoutResponses,
+ * and LogoutRequests and also receive LogoutResponses. It is implemeting SLO at the SAML 2.0 IdP.
+ *
+ * @author Andreas Ă…kre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
+ * @package simpleSAMLphp
+ * @version $Id$
+ */
+
+require_once('../../_include.php');
+
+$config = SimpleSAML_Configuration::getInstance();
+$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+$session = SimpleSAML_Session::getInstance();
+
+SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutServiceiFrame: Accessing SAML 2.0 IdP endpoint SingleLogoutService (iFrame version)');
+
+if (!$config->getValue('enable.saml20-idp', false))
+ SimpleSAML_Utilities::fatalError(isset($session) ? $session->getTrackID() : null, 'NOACCESS');
+
+try {
+ $idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+} catch (Exception $exception) {
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'METADATA', $exception);
+}
+
+SimpleSAML_Logger::debug('SAML2.0 - IdP.SingleLogoutServiceiFrame: Got IdP entity id: ' . $idpentityid);
+
+
+
+$logouttype = 'traditional';
+$idpmeta = $metadata->getMetaDataCurrent('saml20-idp-hosted');
+if (array_key_exists('logouttype', $idpmeta)) $logouttype = $idpmeta['logouttype'];
+
+if ($logouttype !== 'iframe')
+ SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS', new Exception('This IdP is configured to use logout type [' . $logouttype . '], but this endpoint is only available for IdP using logout type [iframe]'));
+
+
+
+SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutServiceiFrameNoJavascript: Accessing SAML 2.0 IdP endpoint SingleLogoutService (iFrame version without javascript support) ');
+
+$config = SimpleSAML_Configuration::getInstance();
+$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+$session = SimpleSAML_Session::getInstance();
+
+$idpentityid = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted');
+
+
+if ($session->sp_logout_completed() === TRUE) {
+
+
+ echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+ <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+ <title>Logout Update notificator for Non-Javascript Single Log-Out</title>
+</head>
+<body>
+ <p>You are successfully logged out. [ <a target="_top" href="' . htmlentities($_REQUEST['response']) . '">Continue</a> ]</p>
+</body>
+</html>
+';
+
+
+
+} else {
+ echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+ <meta http-equiv="content-type" content="text/html; charset=utf-8" />
+ <meta http-equiv="refresh" content="3;url=SingleLogoutServiceiFrameNoJavascript.php?response=' . urlencode($_REQUEST['response']) . '" />
+ <title>Logout Update notificator for Non-Javascript Single Log-Out</title>
+</head>
+<body>
+ <p>
+ <img style="float: left; margin: 3px" src="/' . $config->getBaseURL() . 'resources/progress.gif" alt="Progress bar" />
+ Logout in progress. [ <a target="_top" href="' . htmlentities($_REQUEST['response']) . '">Interrupt</a> ]</p>
+</body>
+</html>
+';
+}
+
+
+?>
\ No newline at end of file
diff --git a/www/saml2/idp/SingleLogoutServiceiFrameResponse.php b/www/saml2/idp/SingleLogoutServiceiFrameResponse.php
index c9157aefb..d11956a6f 100644
--- a/www/saml2/idp/SingleLogoutServiceiFrameResponse.php
+++ b/www/saml2/idp/SingleLogoutServiceiFrameResponse.php
@@ -4,19 +4,13 @@
/**
* This SAML 2.0 endpoint can receive incomming LogoutResponses.
*
- * @author Andreas kre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
+ * @author Andreas Ă…Âkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
* @package simpleSAMLphp
* @version $Id$
*/
require_once('../../_include.php');
-
-
-sleep(max(0, rand(-3,5)));
-
-
-
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$session = SimpleSAML_Session::getInstance();
--
GitLab