From a0172271b0248f75b324cd19569e880c40c3a1e6 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 13 May 2008 11:31:30 +0000
Subject: [PATCH] Changed SP SingleLogoutService & initSLO to use IDs from
 requests and responses. This prevents the RelayState parameter from being
 passed to the IdP, and also removes the length limitation some IdPs have on
 the RelayState parameter.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@543 44740490-163a-0410-bde0-09ae8108e29a
---
 www/saml2/sp/SingleLogoutService.php | 11 ++++++++---
 www/saml2/sp/initSLO.php             | 23 +++++++++++++----------
 2 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/www/saml2/sp/SingleLogoutService.php b/www/saml2/sp/SingleLogoutService.php
index a5b230b3e..44b010183 100644
--- a/www/saml2/sp/SingleLogoutService.php
+++ b/www/saml2/sp/SingleLogoutService.php
@@ -106,12 +106,17 @@ if (isset($_GET['SAMLRequest'])) {
 
 	SimpleSAML_Logger::stats('saml20-sp-SLO spinit ' . $requester . ' ' . $responder);
 
-	if (isset($_GET['RelayState'])) {
-		SimpleSAML_Utilities::redirect($_GET['RelayState']);
-	} else {
+	$id = $logoutresponse->getInResponseTo();
+	error_log('ID: ' . strlen($id) . ':' . $id);
+	$returnTo = $session->getData('spLogoutReturnTo', $id);
+	error_log("returnTo: " . var_export($returnTo, TRUE));
+
+	if(empty($returnTo)) {
 		SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
 	}
 
+	SimpleSAML_Utilities::redirect($returnTo);
+
 } else {
 	
 	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'SLOSERVICEPARAMS');
diff --git a/www/saml2/sp/initSLO.php b/www/saml2/sp/initSLO.php
index fc7246628..238dd7a8e 100644
--- a/www/saml2/sp/initSLO.php
+++ b/www/saml2/sp/initSLO.php
@@ -19,6 +19,13 @@ SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: Accessing SAML 2.0 SP initSLO scr
 if (!$config->getValue('enable.saml20-sp', false))
 	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
 
+
+if (isset($_REQUEST['RelayState'])) {
+	$returnTo = $_REQUEST['RelayState'];
+} else {
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
+}
+
 	
 if (isset($session) ) {
 	
@@ -34,17 +41,17 @@ if (isset($session) ) {
 		 */
 		$lr = new SimpleSAML_XML_SAML20_LogoutRequest($config, $metadata);
 		$req = $lr->generate($spentityid, $idpentityid, $session->getNameID(), $session->getSessionIndex(), 'SP');
+
+		/* Save the $returnTo url until the user returns from the IdP. */
+		$session->setData('spLogoutReturnTo', $lr->getGeneratedID(), 15*60, $returnTo);
+		error_log('Saved: "' . $lr->getGeneratedID() . '" => "' . $returnTo . '"');
 		
 		$httpredirect = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata);
 		
-		$relayState = SimpleSAML_Utilities::selfURL();
-		if (isset($_REQUEST['RelayState'])) {
-			$relayState = $_REQUEST['RelayState'];
-		}
 		
 		SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: SP (' . $spentityid . ') is sending logout request to IdP (' . $idpentityid . ')');
 		
-		$httpredirect->sendMessage($req, $spentityid, $idpentityid, $relayState, 'SingleLogoutService', 'SAMLRequest', 'SP');
+		$httpredirect->sendMessage($req, $spentityid, $idpentityid, NULL, 'SingleLogoutService', 'SAMLRequest', 'SP');
 		
 
 	} catch(Exception $exception) {
@@ -53,12 +60,8 @@ if (isset($session) ) {
 
 } else {
 
-	if (!isset($_REQUEST['RelayState']))
-		SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');		
-	
-	$relaystate = $_REQUEST['RelayState'];
 	SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: User is already logged out. Go back to relaystate');
-	SimpleSAML_Utilities::redirect($relaystate);
+	SimpleSAML_Utilities::redirect($returnTo);
 	
 }
 
-- 
GitLab