From 7ac39cd3fc2f6a53d67d4cbce130315908cc61f5 Mon Sep 17 00:00:00 2001
From: Jacob Christiansen <jach@wayf.dk>
Date: Thu, 5 Nov 2009 15:32:49 +0000
Subject: [PATCH] Updated the consentAdmin module to support the new SAML
 module. NOTE that a parameter have been added and one has changed name in the
 config file.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1973 44740490-163a-0410-bde0-09ae8108e29a
---
 .../config-templates/module_consentAdmin.php  |  9 +++--
 .../consentAdmin/templates/consentadmin.php   |  2 +-
 modules/consentAdmin/www/consentAdmin.php     | 36 +++++++++----------
 3 files changed, 25 insertions(+), 22 deletions(-)

diff --git a/modules/consentAdmin/config-templates/module_consentAdmin.php b/modules/consentAdmin/config-templates/module_consentAdmin.php
index c40fd1399..8ed4b757c 100644
--- a/modules/consentAdmin/config-templates/module_consentAdmin.php
+++ b/modules/consentAdmin/config-templates/module_consentAdmin.php
@@ -20,9 +20,14 @@ $config = array(
 	// Hash attributes including values or not
 	'attributes.hash' => TRUE,
 
-	// Where to direct the user after logout
-	'relaystate' => 'www.wayf.dk',
+	// Where to direct the user after logout.
+    // REMEMBER to prefix with http:// otherwise the relaystate is only appended 
+    // to saml2 logout URL
+	'returnURL' => 'http://www.wayf.dk',
 
     // Shows description of the services if set to true (defaults to true)
     'showDesription' => true, 
+
+    // Set authority
+    'authority' => 'saml2',
 );
diff --git a/modules/consentAdmin/templates/consentadmin.php b/modules/consentAdmin/templates/consentadmin.php
index c1023b39b..2860b9b73 100755
--- a/modules/consentAdmin/templates/consentadmin.php
+++ b/modules/consentAdmin/templates/consentadmin.php
@@ -129,6 +129,6 @@ TRSTART;
 		
 		<h2>Logout</h2>
 
-			<p><?php echo $this->data['logout']; ?></p>
+			<p><a href="<?php echo SimpleSAML_Utilities::selfURL() . '?logout'; ?>">Logout</a></p>
 		
 <?php $this->includeAtTemplateBase('includes/footer.php'); ?>
diff --git a/modules/consentAdmin/www/consentAdmin.php b/modules/consentAdmin/www/consentAdmin.php
index 830d07163..abca499ca 100644
--- a/modules/consentAdmin/www/consentAdmin.php
+++ b/modules/consentAdmin/www/consentAdmin.php
@@ -59,24 +59,27 @@ function driveProcessingChain($idp_metadata, $source, $sp_metadata, $sp_entityid
 
 // Get config object
 $config = SimpleSAML_Configuration::getInstance();
-$cA_config = $config->copyFromBase('consentAdmin', 'module_consentAdmin.php');
+$cA_config = SimpleSAML_Configuration::getConfig('module_consentAdmin.php');
 
-$hashAttributes = $cA_config->getValue('attributes.hash');
+// If request is a logout request
+if(array_key_exists('logout', $_REQUEST)) {
+    $returnURL = $cA_config->getValue('returnURL');
+	SimpleSAML_Auth_Default::initLogout($returnURL);
+}
 
-// Get session object
-$session = SimpleSAML_Session::getInstance();
+$hashAttributes = $cA_config->getValue('attributes.hash');
+$authority = $cA_config->getValue('authority');
 
 /* Check if valid local session exists */
-if (!isset($session) || !$session->isValid('saml2') ) {
-	// Set idpentity to force a specific IdP
-	SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . '/saml2/sp/initSSO.php',
-		array('RelayState'  => SimpleSAML_Utilities::selfURL())
-	);
-}
+$as = new SimpleSAML_Auth_Simple($authority);
+$as->requireAuth();
+
+// Get released attributes
+$attributes = $as->getAttributes();
 
 // Get user ID
 $userid_attributename = $config->getValue('consent_userid', 'eduPersonPrincipalName');
-$userids = ($session->getAttribute($userid_attributename));
+$userids = $attributes[$userid_attributename];
 		
 if (empty($userids)) {
 	throw new Exception('Could not generate useridentifier for storing consent. Attribute [' .
@@ -91,9 +94,6 @@ $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
 // Get all SP metadata
 $all_sp_metadata = $metadata->getList('saml20-sp-remote');
 
-// Get released attributes
-$attributes = $session->getAttributes();
-
 // Parse action, if any
 $action = null;
 $sp_entityid = null;
@@ -109,6 +109,8 @@ SimpleSAML_Logger::critical('consentAdmin: sp: ' .$sp_entityid.' action: '.$acti
 /*
  * Get IdP id and metadata
  */
+$session = SimpleSAML_Session::getInstance();
+
 if($session->getIdP() != null) {
 	/*
 	 * From a remote idp (as bridge)
@@ -146,7 +148,7 @@ if ($action != null && $sp_entityid != null) {
 	if($action == 'true') {
 		$isStored = $consent_storage->saveConsent($hashed_user_id, $targeted_id, $attribute_hash);
 		if($isStored) {
-			$res =  "added";
+			$res = "added";
 		} else {
 			$res = "updated";
 		}
@@ -180,7 +182,6 @@ foreach ($user_consent_list as $c) {
 	$user_consent[$c[0]]=$c[1];
 }
 
-
 $template_sp_content = array();
 
 // Init template
@@ -236,10 +237,7 @@ foreach ($all_sp_metadata as $sp_entityid => $sp_values) {
 	);
 }
 
-$relaystate = $cA_config->getValue('relaystate');
-
 $et->data['header'] = 'Consent Administration';
-$et->data['logout'] = '<p>[ <a href="/' . $config->getBaseURL() . 'saml2/sp/initSLO.php?RelayState='. $relaystate .'">Logout</a> ]';
 $et->data['spList'] = $sp_list;
 $et->data['showDescription'] = $cA_config->getValue('showDescription');
 $et->show();
-- 
GitLab