Skip to content
Snippets Groups Projects
Commit 6e95042b authored by Andreas Åkre Solberg's avatar Andreas Åkre Solberg
Browse files

iFrame SLO: Removed some unused code. Added code for immediate redirect back... 

iFrame SLO: Removed some unused code. Added code for immediate redirect back to service when only logged into one service

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1076 44740490-163a-0410-bde0-09ae8108e29a
parent 7198475a
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
www/saml2/idp/SingleLogoutServiceiFrame.php
+ 18
40
View file @ 6e95042b
...@@ -183,34 +183,6 @@ if (isset($_GET['SAMLRequest'])) { ...@@ -183,34 +183,6 @@ if (isset($_GET['SAMLRequest'])) {
SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutService: got Logoutrequest from ' . $logoutrequest->getIssuer()); SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutService: got Logoutrequest from ' . $logoutrequest->getIssuer());
SimpleSAML_Logger::stats('saml20-idp-SLO spinit ' . $requester . ' ' . $responder); SimpleSAML_Logger::stats('saml20-idp-SLO spinit ' . $requester . ' ' . $responder);
/* Check if we have a valid session. */
if($session === NULL) {
/* Invalid session. To prevent the user from being unable to
* log out from the service provider, we should just return a
* LogoutResponse pretending that the logout was successful to
* the SP that sent the LogoutRequest.
*/
SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutService: Did not find a session here, but we are returning a LogoutResponse anyway.');
$spentityid = $logoutrequest->getIssuer();
/* Generate the response. */
$response = new SimpleSAML_XML_SAML20_LogoutResponse($config, $metadata);
$responseText = $response->generate($idpentityid, $spentityid, $logoutrequest->getRequestID(), 'IdP');
/* Retrieve the relay state from the request. */
$relayState = $logoutrequest->getRelayState();
/* Send the response using the HTTP-Redirect binding. */
$binding = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config,
$metadata);
$binding->sendMessage($responseText, $idpentityid, $spentityid, $relayState,
'SingleLogoutService', 'SAMLResponse', 'IdP');
exit;
}
$session->doLogout(); $session->doLogout();
...@@ -223,12 +195,10 @@ if (isset($_GET['SAMLRequest'])) { ...@@ -223,12 +195,10 @@ if (isset($_GET['SAMLRequest'])) {
if($relayState !== NULL) { if($relayState !== NULL) {
$logoutInfo['RelayState'] = $relayState; $logoutInfo['RelayState'] = $relayState;
} }
SimpleSAML_Logger::debug('SAML2.0 - IDP.SingleLogoutService: Setting cached request with issuer ' . $logoutrequest->getIssuer()); SimpleSAML_Logger::debug('SAML2.0 - IDP.SingleLogoutService: Setting cached request with issuer ' . $logoutrequest->getIssuer());
$session->set_sp_logout_completed($logoutrequest->getIssuer()); $session->set_sp_logout_completed($logoutrequest->getIssuer());
/* /*
...@@ -257,7 +227,7 @@ $session->dump_sp_sessions(); ...@@ -257,7 +227,7 @@ $session->dump_sp_sessions();
/* /*
* Generate a list of all service providers, and creat a LogoutRequest message for all these SPs. * Generate a list of all service providers, and create a LogoutRequest message for all these SPs.
*/ */
$listofsps = $session->get_sp_list(); $listofsps = $session->get_sp_list();
$sparray = array(); $sparray = array();
...@@ -293,6 +263,9 @@ foreach ($listofsps AS $spentityid) { ...@@ -293,6 +263,9 @@ foreach ($listofsps AS $spentityid) {
} }
SimpleSAML_Logger::debug('SAML2.0 - SP Counter. other SPs with SLO support (' . count($sparray) . ') without SLO support (' . count($sparrayNoLogout) . ')');
#print_r($sparray); #print_r($sparray);
...@@ -328,8 +301,16 @@ try { ...@@ -328,8 +301,16 @@ try {
// Find the relaystate if cached. // Find the relaystate if cached.
$relayState = isset($logoutInfo['RelayState']) ? $logoutInfo['RelayState'] : null; $relayState = isset($logoutInfo['RelayState']) ? $logoutInfo['RelayState'] : null;
// Parameters: $request, $remoteentityid, $relayState = null, $endpoint = 'SingleLogoutService', $direction = 'SAMLRequest', $mode = 'SP' $logoutresponse = NULL;
$logoutresponse = $httpredirect->getRedirectURL($logoutResponseXML, $idpentityid, $logoutInfo['Issuer'], $relayState, 'SingleLogoutService', 'SAMLResponse', 'IdP'); /*
* If the user is not logged into any other SPs, send the LogoutResponse immediately
*/
if (count($sparray) === 0) {
$httpredirect->sendMessage($logoutResponseXML, $idpentityid, $logoutInfo['Issuer'], $relayState, 'SingleLogoutService', 'SAMLResponse', 'IdP');
exit;
} else {
$logoutresponse = $httpredirect->getRedirectURL($logoutResponseXML, $idpentityid, $logoutInfo['Issuer'], $relayState, 'SingleLogoutService', 'SAMLResponse', 'IdP');
}
} elseif (array_key_exists('RelayState', $logoutInfo)) { } elseif (array_key_exists('RelayState', $logoutInfo)) {
...@@ -350,13 +331,7 @@ try { ...@@ -350,13 +331,7 @@ try {
} }
#SimpleSAML_Logger::debug('SAML2.0 - SP Counter. other SPs with SLO support (' . count($sparray) . ') without SLO support (' . count($sparrayNoLogout) . ')');
$spmeta = $metadata->getMetaData($requester, 'saml20-sp-remote');
$spname = $requester;
if (array_key_exists('name', $spmeta)) $spname = $spmeta['name'];
...@@ -364,6 +339,9 @@ if (array_key_exists('name', $spmeta)) $spname = $spmeta['name']; ...@@ -364,6 +339,9 @@ if (array_key_exists('name', $spmeta)) $spname = $spmeta['name'];
$spmeta = $metadata->getMetaData($requester, 'saml20-sp-remote');
$spname = $requester;
if (array_key_exists('name', $spmeta)) $spname = $spmeta['name'];
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment