Skip to content
Snippets Groups Projects
Commit ef487be6 authored by Olav Morken's avatar Olav Morken
Browse files

saml2/idp: Fix bridged logout. 

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2020 44740490-163a-0410-bde0-09ae8108e29a
parent 08385796
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
www/saml2/idp/SingleLogoutService.php
+ 36
2
View file @ ef487be6
...@@ -114,8 +114,6 @@ if (isset($_REQUEST['SAMLRequest'])) { ...@@ -114,8 +114,6 @@ if (isset($_REQUEST['SAMLRequest'])) {
SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutService: got Logoutrequest from ' . $spEntityId); SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutService: got Logoutrequest from ' . $spEntityId);
SimpleSAML_Logger::stats('saml20-idp-SLO spinit ' . $spEntityId . ' ' . $idpEntityId); SimpleSAML_Logger::stats('saml20-idp-SLO spinit ' . $spEntityId . ' ' . $idpEntityId);
$session->doLogout();
/* Fill in the $logoutInfo associative array with information about this logout request. */ /* Fill in the $logoutInfo associative array with information about this logout request. */
$logoutInfo['Issuer'] = $spEntityId; $logoutInfo['Issuer'] = $spEntityId;
$logoutInfo['RequestID'] = $logoutRequest->getId(); $logoutInfo['RequestID'] = $logoutRequest->getId();
...@@ -184,6 +182,29 @@ if (isset($_REQUEST['SAMLRequest'])) { ...@@ -184,6 +182,29 @@ if (isset($_REQUEST['SAMLRequest'])) {
SimpleSAML_Utilities::fatalError($session->getTrackID(), 'SLOSERVICEPARAMS'); SimpleSAML_Utilities::fatalError($session->getTrackID(), 'SLOSERVICEPARAMS');
} }
/* First, log out of the current authentication source. */
$authority = $session->getAuthority();
if ($authority !== NULL) {
/* We are logged in. */
$bridgedId = SimpleSAML_Utilities::generateID();
$returnTo = SimpleSAML_Utilities::selfURLNoQuery() . '?LogoutID=' . $bridgedId;
/* Save the $logoutInfo until we return from the SP. */
saveLogoutInfo($bridgedId);
if ($authority === $idpMetadata->getString('auth')) {
/* This is probably an authentication source. */
SimpleSAML_Auth_Default::initLogoutReturn($returnTo);
} elseif ($authority === 'saml2') {
/* SAML 2 SP which isn't an authentication source. */
SimpleSAML_Utilities::redirect('/' . $config->getBaseURL() . 'saml2/sp/initSLO.php',
array('RelayState' => $returnTo)
);
}
}
/* /*
* Find the next SP we should log out from. We will search through the list of * Find the next SP we should log out from. We will search through the list of
* SPs until we find a valid SP with a SingleLogoutService endpoint. * SPs until we find a valid SP with a SingleLogoutService endpoint.
...@@ -255,6 +276,19 @@ if ($config->getBoolean('debug', false)) ...@@ -255,6 +276,19 @@ if ($config->getBoolean('debug', false))
/* Check whether we should authenticate with an AuthSource. Any time the auth-option matches a
* valid AuthSource, we assume that this is the case.
*/
$auth = $idpMetadata->getString('auth');
if(SimpleSAML_Auth_Source::getById($idpMetadata->getString('auth')) !== NULL) {
/* Authenticate with an AuthSource. */
$authSource = TRUE;
$authority = $idpmetadata['auth'];
} else {
$authSource = FALSE;
$authority = SimpleSAML_Utilities::getAuthority($idpmetadata);
}
/** /**
* If there exists a local valid session with the SAML 2.0 module as an authority, * If there exists a local valid session with the SAML 2.0 module as an authority,
* initiate SAML 2.0 SP Single LogOut, with the RelayState equal this URL. * initiate SAML 2.0 SP Single LogOut, with the RelayState equal this URL.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment