From d9f531e63dbaf900406e56bd9f6012767a4b9ec8 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Thu, 16 Apr 2009 05:30:54 +0000
Subject: [PATCH] Make it possible to send logout responses to a different
 endpoint than logout requests.

Patch by Joakim Recht <jre@trifork.com>

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1460 44740490-163a-0410-bde0-09ae8108e29a
---
 lib/SimpleSAML/Metadata/SAMLParser.php       | 3 +++
 lib/SimpleSAML/XML/SAML20/LogoutResponse.php | 5 ++++-
 www/saml2/idp/SingleLogoutService.php        | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php
index 9f3294f31..7ea454bc7 100644
--- a/lib/SimpleSAML/Metadata/SAMLParser.php
+++ b/lib/SimpleSAML/Metadata/SAMLParser.php
@@ -609,6 +609,9 @@ class SimpleSAML_Metadata_SAMLParser {
 		$slo = $this->getDefaultEndpoint($spd['singleLogoutServices'], array(self::SAML_20_REDIRECT_BINDING));
 		if($slo !== NULL) {
 			$ret['SingleLogoutService'] = $slo['location'];
+			if (isset($slo['responseLocation']) && $slo['location'] != $slo['responseLocation']) {
+				$ret['SingleLogoutServiceResponse'] = $slo['responseLocation'];
+			}
 		}
 
 
diff --git a/lib/SimpleSAML/XML/SAML20/LogoutResponse.php b/lib/SimpleSAML/XML/SAML20/LogoutResponse.php
index c87ac65c7..0ce4586c7 100644
--- a/lib/SimpleSAML/XML/SAML20/LogoutResponse.php
+++ b/lib/SimpleSAML/XML/SAML20/LogoutResponse.php
@@ -3,7 +3,7 @@
 /**
  * Implementation of the SAML 2.0 LogoutResponse message.
  *
- * @author Andreas Ĺkre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
+ * @author Andreas Ă…kre Solberg, UNINETT AS. <andreas.solberg@uninett.no>
  * @package simpleSAMLphp
  * @version $Id$
  */
@@ -117,6 +117,9 @@ class SimpleSAML_XML_SAML20_LogoutResponse {
 		$issueInstant = SimpleSAML_Utilities::generateTimestamp();
 
 		$destination = $receivermd['SingleLogoutService'];
+		if (isset($receivermd['SingleLogoutServiceResponse'])) {
+			$destination = $receivermd['SingleLogoutServiceResponse'];
+		}
 		
 		$samlResponse = '<samlp:LogoutResponse 
     xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
diff --git a/www/saml2/idp/SingleLogoutService.php b/www/saml2/idp/SingleLogoutService.php
index 04809ac7b..e717ea62e 100644
--- a/www/saml2/idp/SingleLogoutService.php
+++ b/www/saml2/idp/SingleLogoutService.php
@@ -358,7 +358,7 @@ try {
 		$relayState = isset($logoutInfo['RelayState']) ? $logoutInfo['RelayState'] : null;
 	
 		// Parameters: $request, $remoteentityid, $relayState = null, $endpoint = 'SingleLogoutService', $direction = 'SAMLRequest', $mode = 'SP'
-		$httpredirect->sendMessage($logoutResponseXML, $idpentityid, $logoutInfo['Issuer'], $relayState, 'SingleLogoutService', 'SAMLResponse', 'IdP');
+		$httpredirect->sendMessage($logoutResponseXML, $idpentityid, $logoutInfo['Issuer'], $relayState, 'SingleLogoutServiceResponse', 'SAMLResponse', 'IdP');
 		exit;
 		
 	} elseif (array_key_exists('RelayState', $logoutInfo)) {
-- 
GitLab