saml: Do not attempt to send logout request to IdP that does not support logout.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1969 44740490-163a-0410-bde0-09ae8108e29a

saml: Do not attempt to send logout request to IdP that does not support logout.
git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1969 44740490-163a-0410-bde0-09ae8108e29a
f13176c4 · Olav Morken · 941ca9a5 · f13176c4
Commit f13176c4 authored 15 years ago by Olav Morken
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -292,6 +292,12 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {

 		$idpMetadata = $this->getIdPMetadata($idp);

+		$endpoint = $idpMetadata->getDefaultEndpoint('SingleLogoutService', array(SAML2_Const::BINDING_HTTP_REDIRECT), FALSE);
+		if ($endpoint === FALSE) {
+			SimpleSAML_Logger::info('No logout endpoint for IdP ' . var_export($idp, TRUE) . '.');
+			return;
+		}
+
 		$lr = sspmod_saml2_Message::buildLogoutRequest($this->metadata, $idpMetadata);
 		$lr->setNameId($nameId);
 		$lr->setSessionIndex($sessionIndex);
@@ -321,7 +327,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
 			return;
 		case 'saml2':
 			$this->startSLO2($state);
-			assert('FALSE');
+			return;
 		default:
 			/* Should never happen. */
 			assert('FALSE');