From c9eeefa468bd62ca68ca9fb2ad17443425366870 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 3 Aug 2009 12:47:11 +0000
Subject: [PATCH] saml2: Use SAML library for logout requests.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1607 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/saml2/lib/Auth/Source/SP.php | 16 ++++++++++------
 modules/saml2/lib/Message.php        | 19 +++++++++++++++++++
 modules/saml2/www/sp/acs.php         | 10 +++++++++-
 3 files changed, 38 insertions(+), 7 deletions(-)

diff --git a/modules/saml2/lib/Auth/Source/SP.php b/modules/saml2/lib/Auth/Source/SP.php
index c5730a09e..3f1726229 100644
--- a/modules/saml2/lib/Auth/Source/SP.php
+++ b/modules/saml2/lib/Auth/Source/SP.php
@@ -244,16 +244,20 @@ class sspmod_saml2_Auth_Source_SP extends SimpleSAML_Auth_Source {
 		$nameId = $state[self::LOGOUT_NAMEID];
 		$sessionIndex = $state[self::LOGOUT_SESSIONINDEX];
 
-		$config = SimpleSAML_Configuration::getInstance();
 		$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+		$spMetadata = $metadata->getMetaDataConfig($this->getEntityId(), 'saml20-sp-hosted');
+		$idpMetadata = $metadata->getMetaDataConfig($idp, 'saml20-idp-remote');
 
-		$lr = new SimpleSAML_XML_SAML20_LogoutRequest($config, $metadata);
-		$req = $lr->generate($this->entityId, $idp, $nameId, $sessionIndex, 'SP');
+		$lr = sspmod_saml2_Message::buildLogoutRequest($spMetadata, $idpMetadata);
+		$lr->setNameId($nameId);
+		$lr->setSessionIndex($sessionIndex);
+		$lr->setRelayState($id);
 
-		$httpredirect = new SimpleSAML_Bindings_SAML20_HTTPRedirect($config, $metadata);
-		$httpredirect->sendMessage($req, $this->entityId, $idp, $id, 'SingleLogoutService', 'SAMLRequest', 'SP');
+		$b = new SAML2_HTTPRedirect();
+		$b->setDestination(sspmod_SAML2_Message::getDebugDestination());
+		$b->send($lr);
 
-		exit(0);
+		assert('FALSE');
 	}
 
 
diff --git a/modules/saml2/lib/Message.php b/modules/saml2/lib/Message.php
index fd51160ca..c332a3693 100644
--- a/modules/saml2/lib/Message.php
+++ b/modules/saml2/lib/Message.php
@@ -100,6 +100,25 @@ class sspmod_saml2_Message {
 		return $ar;
 	}
 
+
+	/**
+	 * Build a logout request based on information in the metadata.
+	 *
+	 * @param SimpleSAML_Configuration $srcMetadata  The metadata of the sender.
+	 * @param SimpleSAML_Configuration $dstpMetadata  The metadata of the recipient.
+	 */
+	public static function buildLogoutRequest(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata) {
+
+		$lr = new SAML2_LogoutRequest();
+
+		$lr->setIssuer($srcMetadata->getString('entityid'));
+		$lr->setDestination($dstMetadata->getString('SingleLogoutService'));
+
+		self::addSign($srcMetadata, $dstMetadata, $lr);
+
+		return $lr;
+	}
+
 }
 
 ?>
\ No newline at end of file
diff --git a/modules/saml2/www/sp/acs.php b/modules/saml2/www/sp/acs.php
index 57d26db67..a43c70dbb 100644
--- a/modules/saml2/www/sp/acs.php
+++ b/modules/saml2/www/sp/acs.php
@@ -46,10 +46,18 @@ if (!$source->isIdPValid($idp)) {
 		'. The IdP was ' . var_export($idp, TRUE));
 }
 
+/*
+ * Retrieve the name identifier. We also convert it to the format used by the
+ * logout request handler.
+ */
+$nameId = $authnResponse->getNameID();
+$nameId['Value'] = $nameId['value'];
+unset($nameId['value']);
+
 /* We need to save the NameID and SessionIndex for logout. */
 $logoutState = array(
 	sspmod_saml2_Auth_Source_SP::LOGOUT_IDP => $idp,
-	sspmod_saml2_Auth_Source_SP::LOGOUT_NAMEID => $authnResponse->getNameID(),
+	sspmod_saml2_Auth_Source_SP::LOGOUT_NAMEID => $nameId,
 	sspmod_saml2_Auth_Source_SP::LOGOUT_SESSIONINDEX => $authnResponse->getSessionIndex(),
 	);
 $state['LogoutState'] = $logoutState;
-- 
GitLab