From 6e95042bcaf87ffcc158664c56f412ed3c963ef1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20=C3=85kre=20Solberg?= <andreas.solberg@uninett.no>
Date: Thu, 1 Jan 2009 15:28:31 +0000
Subject: [PATCH] iFrame SLO: Removed some unused code. Added code for
 immediate redirect back to service when only logged into one service

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1076 44740490-163a-0410-bde0-09ae8108e29a
---
 www/saml2/idp/SingleLogoutServiceiFrame.php | 58 +++++++--------------
 1 file changed, 18 insertions(+), 40 deletions(-)

diff --git a/www/saml2/idp/SingleLogoutServiceiFrame.php b/www/saml2/idp/SingleLogoutServiceiFrame.php
index ee6f8063d..49f26b476 100644
--- a/www/saml2/idp/SingleLogoutServiceiFrame.php
+++ b/www/saml2/idp/SingleLogoutServiceiFrame.php
@@ -183,34 +183,6 @@ if (isset($_GET['SAMLRequest'])) {
 	SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutService: got Logoutrequest from ' . $logoutrequest->getIssuer());
 	SimpleSAML_Logger::stats('saml20-idp-SLO spinit ' . $requester . ' ' . $responder);
 	
-	/* Check if we have a valid session. */
-	if($session === NULL) {
-	
-		/* Invalid session. To prevent the user from being unable to
-		 * log out from the service provider, we should just return a
-		 * LogoutResponse pretending that the logout was successful to
-		 * the SP that sent the LogoutRequest.
-		 */
-
-		SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutService: Did not find a session here, but we are returning a LogoutResponse anyway.');
-
-		$spentityid = $logoutrequest->getIssuer();
-
-		/* Generate the response. */
-		$response = new SimpleSAML_XML_SAML20_LogoutResponse($config, $metadata);
-		$responseText = $response->generate($idpentityid, $spentityid, $logoutrequest->getRequestID(), 'IdP');
-
-		/* Retrieve the relay state from the request. */
-		$relayState = $logoutrequest->getRelayState();
-
-		/* Send the response using the HTTP-Redirect binding. */
-		$binding = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config,
-		$metadata);
-		$binding->sendMessage($responseText, $idpentityid, $spentityid, $relayState,
-			'SingleLogoutService', 'SAMLResponse', 'IdP');
-		exit;
-	}
-
 
 	$session->doLogout();
 
@@ -223,12 +195,10 @@ if (isset($_GET['SAMLRequest'])) {
 	if($relayState !== NULL) {
 		$logoutInfo['RelayState'] = $relayState;
 	}
-
 		
 	SimpleSAML_Logger::debug('SAML2.0 - IDP.SingleLogoutService: Setting cached request with issuer ' . $logoutrequest->getIssuer());
 	
 	$session->set_sp_logout_completed($logoutrequest->getIssuer());
-	
 
 
 /*
@@ -257,7 +227,7 @@ $session->dump_sp_sessions();
 
 
 /*
- * Generate a list of all service providers, and creat a LogoutRequest message for all these SPs.
+ * Generate a list of all service providers, and create a LogoutRequest message for all these SPs.
  */
 $listofsps = $session->get_sp_list();
 $sparray = array();
@@ -293,6 +263,9 @@ foreach ($listofsps AS $spentityid) {
 }
 
 
+SimpleSAML_Logger::debug('SAML2.0 - SP Counter. other SPs with SLO support (' . count($sparray) . ')  without SLO support (' . count($sparrayNoLogout) . ')');
+
+
 #print_r($sparray);
 
 
@@ -328,8 +301,16 @@ try {
 		// Find the relaystate if cached.
 		$relayState = isset($logoutInfo['RelayState']) ? $logoutInfo['RelayState'] : null;
 	
-		// Parameters: $request, $remoteentityid, $relayState = null, $endpoint = 'SingleLogoutService', $direction = 'SAMLRequest', $mode = 'SP'
-		$logoutresponse = $httpredirect->getRedirectURL($logoutResponseXML, $idpentityid, $logoutInfo['Issuer'], $relayState, 'SingleLogoutService', 'SAMLResponse', 'IdP');
+		$logoutresponse = NULL;
+		/*
+		 * If the user is not logged into any other SPs, send the LogoutResponse immediately
+		 */
+		if (count($sparray) === 0) {
+			$httpredirect->sendMessage($logoutResponseXML, $idpentityid, $logoutInfo['Issuer'], $relayState, 'SingleLogoutService', 'SAMLResponse', 'IdP');
+			exit;
+		} else {
+			$logoutresponse = $httpredirect->getRedirectURL($logoutResponseXML, $idpentityid, $logoutInfo['Issuer'], $relayState, 'SingleLogoutService', 'SAMLResponse', 'IdP');
+		}
 
 		
 	} elseif (array_key_exists('RelayState', $logoutInfo)) {
@@ -350,13 +331,7 @@ try {
 }
 
 
-
-
-
-$spmeta = $metadata->getMetaData($requester, 'saml20-sp-remote');
-$spname = $requester;
-if (array_key_exists('name', $spmeta)) $spname = $spmeta['name'];
-
+#SimpleSAML_Logger::debug('SAML2.0 - SP Counter. other SPs with SLO support (' . count($sparray) . ')  without SLO support (' . count($sparrayNoLogout) . ')');
 
 
 
@@ -364,6 +339,9 @@ if (array_key_exists('name', $spmeta)) $spname = $spmeta['name'];
 
 
 
+$spmeta = $metadata->getMetaData($requester, 'saml20-sp-remote');
+$spname = $requester;
+if (array_key_exists('name', $spmeta)) $spname = $spmeta['name'];
 
 
 
-- 
GitLab