<?php
/**
* WARNING:
*
* THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS
*
* @deprecated
*/
require_once('../../_include.php');
$config = SimpleSAML_Configuration::getInstance();
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
SimpleSAML_Logger::warning('The file saml2/sp/SingleLogoutService.php is deprecated and will be removed in future versions.');
// Get the local session
$session = SimpleSAML_Session::getSessionFromRequest();
SimpleSAML_Logger::info('SAML2.0 - SP.SingleLogoutService: Accessing SAML 2.0 SP endpoint SingleLogoutService');
if (!$config->getBoolean('enable.saml20-sp', TRUE))
throw new SimpleSAML_Error_Error('NOACCESS');
// Destroy local session if exists.
$session->doLogout('saml2');
$binding = SAML2_Binding::getCurrentBinding();
$message = $binding->receive();
$idpEntityId = $message->getIssuer();
if ($idpEntityId === NULL) {
/* Without an issuer we have no way to respond to the message. */
throw new SimpleSAML_Error_BadRequest('Received message on logout endpoint without issuer.');
}
$spEntityId = $metadata->getMetaDataCurrentEntityId('saml20-sp-hosted');
$idpMetadata = $metadata->getMetaDataConfig($idpEntityId, 'saml20-idp-remote');
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-hosted');
sspmod_saml_Message::validateMessage($idpMetadata, $spMetadata, $message);
if ($message instanceof SAML2_LogoutRequest) {
try {
// Extract some parameters from the logout request
$requestid = $message->getId();
SimpleSAML_Logger::info('SAML2.0 - SP.SingleLogoutService: IdP (' . $idpEntityId .
') is sending logout request to me SP (' . $spEntityId . ') requestid '.$requestid);
SimpleSAML_Logger::stats('saml20-idp-SLO idpinit ' . $spEntityId . ' ' . $idpEntityId);
/* Create response. */
$lr = sspmod_saml_Message::buildLogoutResponse($spMetadata, $idpMetadata);
$lr->setRelayState($message->getRelayState());
$lr->setInResponseTo($message->getId());
SimpleSAML_Logger::info('SAML2.0 - SP.SingleLogoutService: SP me (' . $spEntityId . ') is sending logout response to IdP (' . $idpEntityId . ')');
$dst = $idpMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array(
SAML2_Const::BINDING_HTTP_REDIRECT,
SAML2_Const::BINDING_HTTP_POST)
);
if (!$binding instanceof SAML2_SOAP) {
$binding = SAML2_Binding::getBinding($dst['Binding']);
if (isset($dst['ResponseLocation'])) {
$dst = $dst['ResponseLocation'];
} else {
$dst = $dst['Location'];
}
$binding->setDestination($dst);
}
/* Send response. */
$binding->send($lr);
} catch (Exception $exception) {
throw new SimpleSAML_Error_Error('LOGOUTREQUEST', $exception);
}
} elseif ($message instanceof SAML2_LogoutResponse) {
SimpleSAML_Logger::stats('saml20-sp-SLO spinit ' . $spEntityId . ' ' . $idpEntityId);
$id = $message->getRelayState();
if (empty($id)) {
/* For backwardscompatibility. */
$id = $message->getInResponseTo();
}
// 'spLogoutReturnTo' is checked before storing it in the
// session, so we trust it here.
$returnTo = $session->getData('spLogoutReturnTo', $id);
if (empty($returnTo)) {
throw new SimpleSAML_Error_Error('LOGOUTINFOLOST');
}
SimpleSAML_Utilities::redirectTrustedURL($returnTo);
} else {
throw new SimpleSAML_Error_Error('SLOSERVICEPARAMS');
}
|
Download
