From f13176c42c6cc1a9d6b70716a86357254658fdd4 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Thu, 5 Nov 2009 12:23:01 +0000
Subject: [PATCH] saml: Do not attempt to send logout request to IdP that does
 not support logout.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@1969 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/saml/lib/Auth/Source/SP.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index fe73e889e..8a8b58ed3 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -292,6 +292,12 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
 
 		$idpMetadata = $this->getIdPMetadata($idp);
 
+		$endpoint = $idpMetadata->getDefaultEndpoint('SingleLogoutService', array(SAML2_Const::BINDING_HTTP_REDIRECT), FALSE);
+		if ($endpoint === FALSE) {
+			SimpleSAML_Logger::info('No logout endpoint for IdP ' . var_export($idp, TRUE) . '.');
+			return;
+		}
+
 		$lr = sspmod_saml2_Message::buildLogoutRequest($this->metadata, $idpMetadata);
 		$lr->setNameId($nameId);
 		$lr->setSessionIndex($sessionIndex);
@@ -321,7 +327,7 @@ class sspmod_saml_Auth_Source_SP extends SimpleSAML_Auth_Source {
 			return;
 		case 'saml2':
 			$this->startSLO2($state);
-			assert('FALSE');
+			return;
 		default:
 			/* Should never happen. */
 			assert('FALSE');
-- 
GitLab