sp/initSLO: Use the new SAML2 library.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1614 44740490-163a-0410-bde0-09ae8108e29a

sp/initSLO: Use the new SAML2 library.
b9aa63bc · Olav Morken · 766f354a · b9aa63bc
Commit b9aa63bc authored 15 years ago by Olav Morken
--- a/www/saml2/sp/initSLO.php
+++ b/www/saml2/sp/initSLO.php
@@ -18,44 +18,47 @@ if (isset($_REQUEST['RelayState'])) {
 	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
 }

-	
-if (isset($session) ) {
-	
-	try {
-	
-		$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
-	
-		$idpentityid = $session->getIdP();
-		$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
-	
-		/**
-		 * Create a logout request
-		 */
-		$lr = new SimpleSAML_XML_SAML20_LogoutRequest($config, $metadata);
-		$req = $lr->generate($spentityid, $idpentityid, $session->getNameID(), $session->getSessionIndex(), 'SP');
-
-		/* Save the $returnTo url until the user returns from the IdP. */
-		$session->setData('spLogoutReturnTo', $lr->getGeneratedID(), $returnTo);
-		
-		$httpredirect = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata);
-		
-		
-		$session->doLogout();
-		
-		SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: SP (' . $spentityid . ') is sending logout request to IdP (' . $idpentityid . ')');
-		
-		$httpredirect->sendMessage($req, $spentityid, $idpentityid, NULL, 'SingleLogoutService', 'SAMLRequest', 'SP');
-		
-
-	} catch(Exception $exception) {
-		SimpleSAML_Utilities::fatalError($session->getTrackID(), 'CREATEREQUEST', $exception);
+
+try {
+	$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+
+	$idpEntityId = $session->getIdP();
+	if ($idpEntityId === NULL) {
+		SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: User not authenticated with an IdP.');
+		SimpleSAML_Utilities::redirect($returnTo);
+	}
+	$idpMetadata = $metadata->getMetaDataConfig($idpEntityId, 'saml20-idp-remote');
+	if (!$idpMetadata->hasValue('SingleLogoutService')) {
+		SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: No SingleLogoutService endpoint in IdP.');
+		SimpleSAML_Utilities::redirect($returnTo);
 	}

-} else {
+	$spEntityId = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
+	$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-hosted');
+
+	/* Convert NameId to new style. */
+	$nameId = $session->getNameId();
+	$nameId['Value'] = $nameId['value'];
+	unset($nameId['value']);
+
+	$lr = sspmod_saml2_Message::buildLogoutRequest($spMetadata, $idpMetadata);
+	$lr->setNameId($nameId);
+	$lr->setSessionIndex($session->getSessionIndex());
+
+	$session->doLogout();
+
+	/* Save the $returnTo url until the user returns from the IdP. */
+	$session->setData('spLogoutReturnTo', $lr->getId(), $returnTo);
+
+	SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: SP (' . $spEntityId . ') is sending logout request to IdP (' . $idpEntityId . ')');
+
+	$b = new SAML2_HTTPRedirect();
+	$b->setDestination(sspmod_SAML2_Message::getDebugDestination());
+	$b->send($lr);
+

-	SimpleSAML_Logger::info('SAML2.0 - SP.initSLO: User is already logged out. Go back to relaystate');
-	SimpleSAML_Utilities::redirect($returnTo);
-	
+} catch(Exception $exception) {
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'CREATEREQUEST', $exception);
 }