From cfd5906f87a42b7d0c08eedf32e24bb96e961a5c Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@surfnet.nl>
Date: Thu, 11 Dec 2008 18:45:28 +0000
Subject: [PATCH] logout support for WS-Fed

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1060 44740490-163a-0410-bde0-09ae8108e29a
---
 www/example-simple/wsfed-example.php |  2 +-
 www/wsfed/sp/initSLO.php             | 61 ++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+), 1 deletion(-)
 create mode 100644 www/wsfed/sp/initSLO.php

diff --git a/www/example-simple/wsfed-example.php b/www/example-simple/wsfed-example.php
index 883d45599..3136f61af 100644
--- a/www/example-simple/wsfed-example.php
+++ b/www/example-simple/wsfed-example.php
@@ -21,7 +21,7 @@ $t->data['remaining'] = $session->remainingTime();
 $t->data['sessionsize'] = $session->getSize();
 $t->data['attributes'] = $attributes;
 $t->data['icon'] = 'bino.png';
-$t->data['logout'] = null;
+$t->data['logouturl'] = '/' . $config->getBaseURL() . 'wsfed/sp/initSLO.php?RelayState=/' . $config->getBaseURL() . 'logout.php';
 $t->show();
 
 
diff --git a/www/wsfed/sp/initSLO.php b/www/wsfed/sp/initSLO.php
new file mode 100644
index 000000000..02b9e2f10
--- /dev/null
+++ b/www/wsfed/sp/initSLO.php
@@ -0,0 +1,61 @@
+<?php
+
+require_once('../../_include.php');
+
+$config = SimpleSAML_Configuration::getInstance();
+
+$session = SimpleSAML_Session::getInstance();
+
+SimpleSAML_Logger::info('WS-Fed - SP.initSLO: Accessing WS-Fed SP initSLO script');
+
+if (!$config->getValue('enable.wsfed-sp', false))
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NOACCESS');
+
+
+if (isset($_REQUEST['RelayState'])) {
+	$returnTo = $_REQUEST['RelayState'];
+} else {
+	SimpleSAML_Utilities::fatalError($session->getTrackID(), 'NORELAYSTATE');
+}
+
+	
+if (isset($session) ) {
+	
+	try {
+	
+		$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
+	
+		$idpentityid = $session->getIdP();
+		$spentityid = isset($_GET['spentityid']) ? $_GET['spentityid'] : $metadata->getMetaDataCurrentEntityID();
+	
+		/**
+		 * Create a logout request
+		 */		
+		
+		$session->doLogout();
+		
+		SimpleSAML_Logger::info('WS-Fed - SP.initSLO: SP (' . $spentityid . ') is sending logout request to IdP (' . $idpentityid . ')');
+			
+		$idpmeta = $metadata->getMetaData($idpentityid, 'wsfed-idp-remote');
+		
+		SimpleSAML_Utilities::redirect($idpmeta['prp'], array(
+			'wa' => 'wsignout1.0',
+			'wct' =>  gmdate('Y-m-d\TH:i:s\Z', time()),
+			'wtrealm' => $spentityid,
+			'wctx' => $returnTo
+		));
+		
+
+	} catch(Exception $exception) {
+		SimpleSAML_Utilities::fatalError($session->getTrackID(), 'CREATEREQUEST', $exception);
+	}
+
+} else {
+
+	SimpleSAML_Logger::info('WS-Fed - SP.initSLO: User is already logged out. Go back to relaystate');
+	SimpleSAML_Utilities::redirect($returnTo);
+	
+}
+
+
+?>
\ No newline at end of file
-- 
GitLab