From b9aa63bc448e3e7e76d3ab5da50399ee83bec7ec Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 3 Aug 2009 12:49:06 +0000
Subject: [PATCH] sp/initSLO: Use the new SAML2 library.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1614 44740490-163a-0410-bde0-09ae8108e29a
---
 www/saml2/sp/initSLO.php | 73 +++++++++++++++++++++-------------------
 1 file changed, 38 insertions(+), 35 deletions(-)

diff --git a/www/saml2/sp/initSLO.php b/www/saml2/sp/initSLO.php
index 162b26dfd..78dc8b760 100644
--- a/www/saml2/sp/initSLO.php
+++ b/www/saml2/sp/initSLO.php
@@ -18,44 +18,47 @@ if (isset($_REQUEST['RelayState'])) {
 	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
 }
 
-	
-if (isset($session) ) {
-	
-	try {
-	
-		$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-	
-		$idpentityid = $session->getIdP();
-		$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
-	
-		/**
-		 * Create a logout request
-		 */
-		$lr = new SimpleSAML_XML_SAML20_LogoutRequest($config, $metadata);
-		$req = $lr->generate($spentityid, $idpentityid, $session->getNameID(), $session->getSessionIndex(), 'SP');
-
-		/* Save the $returnTo url until the user returns from the IdP. */
-		$session->setData('spLogoutReturnTo', $lr->getGeneratedID(), $returnTo);
-		
-		$httpredirect = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata);
-		
-		
-		$session->doLogout();
-		
-		SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: SP (' . $spentityid . ') is sending logout request to IdP (' . $idpentityid . ')');
-		
-		$httpredirect->sendMessage($req, $spentityid, $idpentityid, NULL, 'SingleLogoutService', 'SAMLRequest', 'SP');
-		
-
-	} catch(Exception $exception) {
-		SimpleSAML_Utilities::fatalError($session->getTrackID(), 'CREATEREQUEST', $exception);
+
+try {
+	$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+
+	$idpEntityId = $session->getIdP();
+	if ($idpEntityId === NULL) {
+		SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: User not authenticated with an IdP.');
+		SimpleSAML_Utilities::redirect($returnTo);
+	}
+	$idpMetadata = $metadata->getMetaDataConfig($idpEntityId, 'saml20-idp-remote');
+	if (!$idpMetadata->hasValue('SingleLogoutService')) {
+		SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: No SingleLogoutService endpoint in IdP.');
+		SimpleSAML_Utilities::redirect($returnTo);
 	}
 
-} else {
+	$spEntityId = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
+	$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-hosted');
+
+	/* Convert NameId to new style. */
+	$nameId = $session->getNameId();
+	$nameId['Value'] = $nameId['value'];
+	unset($nameId['value']);
+
+	$lr = sspmod_saml2_Message::buildLogoutRequest($spMetadata, $idpMetadata);
+	$lr->setNameId($nameId);
+	$lr->setSessionIndex($session->getSessionIndex());
+
+	$session->doLogout();
+
+	/* Save the $returnTo url until the user returns from the IdP. */
+	$session->setData('spLogoutReturnTo', $lr->getId(), $returnTo);
+
+	SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: SP (' . $spEntityId . ') is sending logout request to IdP (' . $idpEntityId . ')');
+
+	$b = new SAML2_HTTPRedirect();
+	$b->setDestination(sspmod_SAML2_Message::getDebugDestination());
+	$b->send($lr);
+
 
-	SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: User is already logged out. Go back to relaystate');
-	SimpleSAML_Utilities::redirect($returnTo);
-	
+} catch(Exception $exception) {
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'CREATEREQUEST', $exception);
 }
 
 
-- 
GitLab