Skip to content
Snippets Groups Projects
Commit c59c12be authored by Olav Morken's avatar Olav Morken
Browse files

SAML2:SingleLogoutService - Handle logout request without a valid session. 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@126 44740490-163a-0410-bde0-09ae8108e29a
parent c426bcb4
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
www/saml2/idp/SingleLogoutService.php
+ 29
0
View file @ c59c12be
...@@ -28,6 +28,35 @@ if (isset($_GET['SAMLRequest'])) { ...@@ -28,6 +28,35 @@ if (isset($_GET['SAMLRequest'])) {
$binding = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata); $binding = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata);
$logoutrequest = $binding->decodeLogoutRequest($_GET); $logoutrequest = $binding->decodeLogoutRequest($_GET);
/* Check if we have a valid session. */
if($session === NULL) {
/* Invalid session. To prevent the user from being unable to
* log out from the service provider, we should just return a
* LogoutResponse pretending that the logout was successful to
* the SP that sent the LogoutRequest.
*/
$spentityid = $logoutrequest->getIssuer();
/* Generate the response. */
$response = new SimpleSAML_XML_SAML20_LogoutResponse($config,
$metadata);
$responseText = $response->generate($idpentityid, $spentityid,
$logoutrequest->getRequestID(), 'IdP');
/* Retrieve the relay state from the request. */
$relayState = $logoutrequest->getRelayState();
/* Send the response using the HTTP-Redirect binding. */
$binding = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config,
$metadata);
$binding->sendMessage($responseText, $spentityid, $relayState,
'SingleLogoutService', 'SAMLResponse', 'IdP');
exit;
}
$session->setAuthenticated(false); $session->setAuthenticated(false);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment