From 33abe3642ea1acecfad2f96f473734b4babf1c23 Mon Sep 17 00:00:00 2001 From: Hans Zandbelt <hans.zandbelt@surfnet.nl> Date: Wed, 17 Feb 2010 19:13:41 +0000 Subject: [PATCH] fixes for global logout so the right $idp variable is passed to handlers git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2186 44740490-163a-0410-bde0-09ae8108e29a --- lib/SimpleSAML/IdP.php | 29 +++++++++++++++--------- lib/SimpleSAML/IdP/LogoutIFrame.php | 3 ++- lib/SimpleSAML/IdP/LogoutTraditional.php | 3 ++- modules/core/www/idp/logout-iframe.php | 3 ++- 4 files changed, 24 insertions(+), 14 deletions(-) diff --git a/lib/SimpleSAML/IdP.php b/lib/SimpleSAML/IdP.php index 89b44f7e8..5d9134f95 100644 --- a/lib/SimpleSAML/IdP.php +++ b/lib/SimpleSAML/IdP.php @@ -145,20 +145,24 @@ class SimpleSAML_IdP { public function getSPName($assocId) { assert('is_string($assocId)'); - if (substr($assocId, 0, 5) !== 'saml:') { - return NULL; - } - - $spEntityId = substr($assocId, 5); + $prefix = substr($assocId, 0, 4); + $spEntityId = substr($assocId, strlen($prefix) + 1); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); - try { - $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote'); - } catch (Exception $e) { + + if ($prefix === 'saml') { try { - $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'shib13-sp-remote'); + $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote'); } catch (Exception $e) { - return NULL; + try { + $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'shib13-sp-remote'); + } catch (Exception $e) { + return NULL; + } } + } else if ($prefix === 'adfs') { + $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'adfs-sp-remote'); + } else { + return NULL; } if ($spMetadata->hasValue('name')) { @@ -180,6 +184,8 @@ class SimpleSAML_IdP { assert('isset($association["id"])'); assert('isset($association["Handler"])'); + $association['core:IdP'] = $this->id; + $session = SimpleSAML_Session::getInstance(); $session->addAssociation($this->associationGroup, $association); } @@ -431,7 +437,8 @@ class SimpleSAML_IdP { public function finishLogout(array &$state) { assert('isset($state["Responder"])'); - call_user_func($state['Responder'], $this, $state); + $idp = SimpleSAML_IdP::getByState($state); + call_user_func($state['Responder'], $idp, $state); assert('FALSE'); } diff --git a/lib/SimpleSAML/IdP/LogoutIFrame.php b/lib/SimpleSAML/IdP/LogoutIFrame.php index da99deed8..695c344a5 100644 --- a/lib/SimpleSAML/IdP/LogoutIFrame.php +++ b/lib/SimpleSAML/IdP/LogoutIFrame.php @@ -24,7 +24,8 @@ class SimpleSAML_IdP_LogoutIFrame extends SimpleSAML_IdP_LogoutHandler { } foreach ($associations as $id => &$association) { - $association['core:Logout-IFrame:Name'] = $this->idp->getSPName($id); + $idp = SimpleSAML_IdP::getByState($association); + $association['core:Logout-IFrame:Name'] = $idp->getSPName($id); $association['core:Logout-IFrame:State'] = 'onhold'; } $state['core:Logout-IFrame:Associations'] = $associations; diff --git a/lib/SimpleSAML/IdP/LogoutTraditional.php b/lib/SimpleSAML/IdP/LogoutTraditional.php index 0db49e275..bdef21c54 100644 --- a/lib/SimpleSAML/IdP/LogoutTraditional.php +++ b/lib/SimpleSAML/IdP/LogoutTraditional.php @@ -28,7 +28,8 @@ class SimpleSAML_IdP_LogoutTraditional extends SimpleSAML_IdP_LogoutHandler { SimpleSAML_Logger::info('Logging out of ' . var_export($id, TRUE) . '.'); try { - $url = call_user_func(array($association['Handler'], 'getLogoutURL'), $this->idp, $association, $relayState); + $idp = SimpleSAML_IdP::getByState($association); + $url = call_user_func(array($association['Handler'], 'getLogoutURL'), $idp, $association, $relayState); SimpleSAML_Utilities::redirect($url); } catch (Exception $e) { SimpleSAML_Logger::warning('Unable to initialize logout to ' . var_export($id, TRUE) . '.'); diff --git a/modules/core/www/idp/logout-iframe.php b/modules/core/www/idp/logout-iframe.php index 4caa4b47a..e4942b8d3 100644 --- a/modules/core/www/idp/logout-iframe.php +++ b/modules/core/www/idp/logout-iframe.php @@ -79,7 +79,8 @@ if ($type === 'js' || $type === 'nojs') { } try { - $url = call_user_func(array($sp['Handler'], 'getLogoutURL'), $idp, $sp, NULL); + $assocIdP = SimpleSAML_IdP::getByState($sp); + $url = call_user_func(array($sp['Handler'], 'getLogoutURL'), $assocIdP, $sp, NULL); $sp['core:Logout-IFrame:URL'] = $url; } catch (Exception $e) { $sp['core:Logout-IFrame:State'] = 'failed'; -- GitLab