From efd37879a707ffc6912033b8c757322c5aa838c9 Mon Sep 17 00:00:00 2001 From: Hans Zandbelt <hans.zandbelt@surfnet.nl> Date: Mon, 15 Feb 2010 19:18:18 +0000 Subject: [PATCH] add support in core IDP for association groups which are used to share associations between SAML 2 and ADFS IDPs, to enable cross-protocol single-logout (thanks Olav) git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2181 44740490-163a-0410-bde0-09ae8108e29a --- lib/SimpleSAML/IdP.php | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/lib/SimpleSAML/IdP.php b/lib/SimpleSAML/IdP.php index b7ab3bc1a..89b44f7e8 100644 --- a/lib/SimpleSAML/IdP.php +++ b/lib/SimpleSAML/IdP.php @@ -26,6 +26,17 @@ class SimpleSAML_IdP { private $id; + /** + * The "association group" for this IdP. + * + * We use this to support cross-protocol logout until + * we implement a cross-protocol IdP. + * + * @var string + */ + private $associationGroup; + + /** * The configuration for this IdP. * @@ -62,10 +73,23 @@ class SimpleSAML_IdP { throw new SimpleSAML_Error_Exception('enable.adfs-idp disabled in config.php.'); } $this->config = $metadata->getMetaDataConfig(substr($id, 5), 'adfs-idp-hosted'); + + try { + /* This makes the ADFS IdP use the same SP associations as the SAML 2.0 IdP. */ + $saml2EntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted'); + $this->associationGroup = 'saml2:' . $saml2EntityId; + + } catch (Exception $e) { + /* Probably no SAML 2 IdP configured for this host. Ignore the error. */ + } } else { assert(FALSE); } + if ($this->associationGroup === NULL) { + $this->associationGroup = $this->id; + } + } @@ -157,7 +181,7 @@ class SimpleSAML_IdP { assert('isset($association["Handler"])'); $session = SimpleSAML_Session::getInstance(); - $session->addAssociation($this->id, $association); + $session->addAssociation($this->associationGroup, $association); } @@ -169,7 +193,7 @@ class SimpleSAML_IdP { public function getAssociations() { $session = SimpleSAML_Session::getInstance(); - return $session->getAssociations($this->id); + return $session->getAssociations($this->associationGroup); } @@ -182,7 +206,7 @@ class SimpleSAML_IdP { assert('is_string($assocId)'); $session = SimpleSAML_Session::getInstance(); - $session->terminateAssociation($this->id, $assocId); + $session->terminateAssociation($this->associationGroup, $assocId); } -- GitLab