/** * Continue the logout operation. * * This function will never return. * * @param string $assocId The association that is terminated. * @param string|null $relayState The RelayState from the start of the logout. * @param \SimpleSAML_Error_Exception|null $error The error that occurred during session termination (if any). */ public function onResponse($assocId, $relayState, \SimpleSAML_Error_Exception $error = null) { assert('is_string($assocId)'); $spId = sha1($assocId); $this->idp->terminateAssociation($assocId); $header = <<<HEADER <!DOCTYPE html> <html> <head> <title>Logout response from %s</title> <script> HEADER; printf($header, htmlspecialchars(var_export($assocId, true))); if ($error) { $errorMsg = $error->getMessage(); echo 'window.parent.logoutFailed("' . $spId . '", "' . addslashes($errorMsg) . '");'; } else { echo 'window.parent.logoutCompleted("' . $spId . '");'; } echo <<<FOOTER </script> </head> <body> </body> </html> FOOTER; exit(0); }
/** * Start the logout operation. * * @param array &$state The logout state. * @param string|null $assocId The SP we are logging out from. */ public function startLogout(array &$state, $assocId) { assert('is_string($assocId) || is_null($assocId)'); $associations = $this->idp->getAssociations(); if (count($associations) === 0) { $this->idp->finishLogout($state); } foreach ($associations as $id => &$association) { $idp = SimpleSAML_IdP::getByState($association); $association['core:Logout-IFrame:Name'] = $idp->getSPName($id); $association['core:Logout-IFrame:State'] = 'onhold'; } $state['core:Logout-IFrame:Associations'] = $associations; if (!is_null($assocId)) { $spName = $this->idp->getSPName($assocId); if ($spName === null) { $spName = array('en' => $assocId); } $state['core:Logout-IFrame:From'] = $spName; } else { $state['core:Logout-IFrame:From'] = null; } $params = array('id' => SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame')); if (isset($state['core:Logout-IFrame:InitType'])) { $params['type'] = $state['core:Logout-IFrame:InitType']; } $url = SimpleSAML_Module::getModuleURL('core/idp/logout-iframe.php', $params); \SimpleSAML\Utils\HTTP::redirectTrustedURL($url); }
/** * Start the logout operation. * * @param array &$state The logout state. * @param string|NULL $assocId The SP we are logging out from. */ public function startLogout(array &$state, $assocId) { assert('is_string($assocId) || is_null($assocId)'); $associations = $this->idp->getAssociations(); if (count($associations) === 0) { $this->idp->finishLogout($state); } foreach ($associations as $id => &$association) { $idp = SimpleSAML_IdP::getByState($association); $association['core:Logout-IFrame:Name'] = $idp->getSPName($id); $association['core:Logout-IFrame:State'] = 'onhold'; } $state['core:Logout-IFrame:Associations'] = $associations; if (!is_null($assocId)) { $spName = $this->idp->getSPName($assocId); if ($spName === NULL) { $spName = array('en' => $assocId); } $state['core:Logout-IFrame:From'] = $spName; } else { $state['core:Logout-IFrame:From'] = NULL; } $id = SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame'); $url = SimpleSAML_Module::getModuleURL('core/idp/logout-iframe.php', array('id' => $id)); SimpleSAML_Utilities::redirect($url); }
public function actionSso() { $metadata = \SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted'); $idp = \SimpleSAML_IdP::getById('saml2:' . $idpEntityId); \sspmod_saml_IdP_SAML2::receiveAuthnRequest($idp); assert('FALSE'); }
public function actionSso() { //logout previous sso session \utilities\Registry::clearRegistry(); $isRequestPost = $this->_request->isPost(); if ($isRequestPost) { // check if every required parameter is set or not $username = $this->_request->getParam('username', null); $password = $this->_request->getParam('password', null); $referrer = $this->_request->getParam('spentityid', null); if (!$username) { $this->_response->renderJson(array('message' => 'Username is not set')); } if (!$password) { $this->_response->renderJson(array('message' => 'Password is not set')); } if (!$referrer) { $this->_response->renderJson(array('message' => 'Referrer not set')); } $objDbUserauth = new \models\Users(); // check if user is authenticated or not $userAuthenticationStatus = $objDbUserauth->authenticate($username, $password); // user locked due to 5 invalid attempts if (\models\Users::ERROR_USER_LOCKED === $userAuthenticationStatus) { $this->_response->renderJson(array('message' => 'Your account is locked due to 5 invalid attempts', 'authstatus' => $userAuthenticationStatus)); } //user password is expired if (\models\Users::ERROR_USER_PWD_EXPIRED === $userAuthenticationStatus) { $this->_response->renderJson(array('message' => 'Your password is expired', 'authstatus' => $userAuthenticationStatus)); } //user authentication is successfull if ($userAuthenticationStatus === true) { $metadata = \SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted'); $idp = \SimpleSAML_IdP::getById('saml2:' . $idpEntityId); \sspmod_saml_IdP_SAML2::receiveAuthnRequest($idp); assert('FALSE'); } else { //handle invalid attempts $objInvalidAttempts = new \models\UserLoginAttempts(); $loginAttemptsLeft = $objInvalidAttempts->handleInvalidLoginAttempts($username); $invalidAttempt = false; // if attempt is invalid username is wrong $message = "Invalid credentials"; if ($loginAttemptsLeft !== false) { // if last attempt was hit then show that account is locked if ($loginAttemptsLeft === 0) { $this->_response->renderJson(array('message' => 'Your account is locked due to 5 invalid attempts', 'authstatus' => \models\Users::ERROR_USER_LOCKED)); } $invalidAttempt = true; $message = "Incorrect Password.You have {$loginAttemptsLeft} attempts left"; } $this->_response->renderJson(array('message' => $message, 'invalidAttempt' => $invalidAttempt)); exit; } } $this->_response->renderJson(array('message' => 'Only post request are accepted')); }
/** * Receive an authentication request. * * @param SimpleSAML_IdP $idp The IdP we are receiving it for. */ public static function receiveAuthnRequest(SimpleSAML_IdP $idp) { if (isset($_REQUEST['cookieTime'])) { $cookieTime = (int) $_REQUEST['cookieTime']; if ($cookieTime + 5 > time()) { /* * Less than five seconds has passed since we were * here the last time. Cookies are probably disabled. */ \SimpleSAML\Utils\HTTP::checkSessionCookie(\SimpleSAML\Utils\HTTP::getSelfURL()); } } if (!isset($_REQUEST['providerId'])) { throw new SimpleSAML_Error_BadRequest('Missing providerId parameter.'); } $spEntityId = (string) $_REQUEST['providerId']; if (!isset($_REQUEST['shire'])) { throw new SimpleSAML_Error_BadRequest('Missing shire parameter.'); } $shire = (string) $_REQUEST['shire']; if (isset($_REQUEST['target'])) { $target = $_REQUEST['target']; } else { $target = NULL; } SimpleSAML\Logger::info('Shib1.3 - IdP.SSOService: Got incoming Shib authnRequest from ' . var_export($spEntityId, TRUE) . '.'); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'shib13-sp-remote'); $found = FALSE; foreach ($spMetadata->getEndpoints('AssertionConsumerService') as $ep) { if ($ep['Binding'] !== 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post') { continue; } if ($ep['Location'] !== $shire) { continue; } $found = TRUE; break; } if (!$found) { throw new Exception('Invalid AssertionConsumerService for SP ' . var_export($spEntityId, TRUE) . ': ' . var_export($shire, TRUE)); } SimpleSAML_Stats::log('saml:idp:AuthnRequest', array('spEntityID' => $spEntityId, 'protocol' => 'saml1')); $sessionLostURL = \SimpleSAML\Utils\HTTP::addURLParameters(\SimpleSAML\Utils\HTTP::getSelfURL(), array('cookieTime' => time())); $state = array('Responder' => array('sspmod_saml_IdP_SAML1', 'sendResponse'), 'SPMetadata' => $spMetadata->toArray(), SimpleSAML_Auth_State::RESTART => $sessionLostURL, 'saml:shire' => $shire, 'saml:target' => $target, 'saml:AuthnRequestReceivedAt' => microtime(TRUE)); $idp->handleAuthenticationRequest($state); }
/** * Continue the logout operation. * * This function will never return. * * @param string $assocId The association that is terminated. * @param string|null $relayState The RelayState from the start of the logout. * @param \SimpleSAML_Error_Exception|null $error The error that occurred during session termination (if any). * * @throws \SimpleSAML_Error_Exception If the RelayState was lost during logout. */ public function onResponse($assocId, $relayState, \SimpleSAML_Error_Exception $error = null) { assert('is_string($assocId)'); assert('is_string($relayState) || is_null($relayState)'); if ($relayState === null) { throw new \SimpleSAML_Error_Exception('RelayState lost during logout.'); } $state = \SimpleSAML_Auth_State::loadState($relayState, 'core:LogoutTraditional'); if ($error === null) { Logger::info('Logged out of ' . var_export($assocId, true) . '.'); $this->idp->terminateAssociation($assocId); } else { Logger::warning('Error received from ' . var_export($assocId, true) . ' during logout:'); $error->logWarning(); $state['core:Failed'] = true; } self::logoutNextSP($state); }
/** * Picks the next SP and issues a logout request. * * This function never returns. * * @param array &$state The logout state. */ private function logoutNextSP(array &$state) { $association = array_pop($state['core:LogoutTraditional:Remaining']); if ($association === NULL) { $this->idp->finishLogout($state); } $relayState = SimpleSAML_Auth_State::saveState($state, 'core:LogoutTraditional', TRUE); $id = $association['id']; SimpleSAML_Logger::info('Logging out of ' . var_export($id, TRUE) . '.'); try { $idp = SimpleSAML_IdP::getByState($association); $url = call_user_func(array($association['Handler'], 'getLogoutURL'), $idp, $association, $relayState); SimpleSAML_Utilities::redirectTrustedURL($url); } catch (Exception $e) { SimpleSAML_Logger::warning('Unable to initialize logout to ' . var_export($id, TRUE) . '.'); $this->idp->terminateAssociation($id); $state['core:Failed'] = TRUE; /* Try the next SP. */ $this->logoutNextSP($state); assert('FALSE'); } }
/** * Finish the logout operation. * * This function will never return. * * @param array &$state The logout request state. */ public function finishLogout(array &$state) { assert('isset($state["Responder"])'); $idp = SimpleSAML_IdP::getByState($state); call_user_func($state['Responder'], $idp, $state); assert('FALSE'); }
/** * Retrieve a logout URL for a given logout association. * * @param SimpleSAML_IdP $idp The IdP we are sending a logout request from. * @param array $association The association that should be terminated. * @param string|NULL $relayState An id that should be carried across the logout. */ public static function getLogoutURL(SimpleSAML_IdP $idp, array $association, $relayState) { assert('is_string($relayState) || is_null($relayState)'); SimpleSAML_Logger::info('Sending SAML 2.0 LogoutRequest to: ' . var_export($association['saml:entityID'], TRUE)); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpMetadata = $idp->getConfig(); $spMetadata = $metadata->getMetaDataConfig($association['saml:entityID'], 'saml20-sp-remote'); $bindings = array(SAML2_Const::BINDING_HTTP_REDIRECT, SAML2_Const::BINDING_HTTP_POST); $dst = $spMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', $bindings); if ($dst['Binding'] === SAML2_Const::BINDING_HTTP_POST) { $params = array('association' => $association['id'], 'idp' => $idp->getId()); if ($relayState !== NULL) { $params['RelayState'] = $relayState; } return SimpleSAML_Module::getModuleURL('core/idp/logout-iframe-post.php', $params); } $lr = self::buildLogoutRequest($idpMetadata, $spMetadata, $association, $relayState); $lr->setDestination($dst['Location']); $binding = new SAML2_HTTPRedirect(); return $binding->getRedirectURL($lr); }
<?php /** * ADFS PRP IDP protocol support for simpleSAMLphp. * * @author Hans Zandbelt, SURFnet bv, <*****@*****.**> * @package simpleSAMLphp */ SimpleSAML_Logger::info('ADFS - IdP.prp: Accessing ADFS IdP endpoint prp'); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpEntityId = $metadata->getMetaDataCurrentEntityID('adfs-idp-hosted'); $idp = SimpleSAML_IdP::getById('adfs:' . $idpEntityId); if (isset($_GET['wa'])) { if ($_GET['wa'] === 'wsignout1.0') { sspmod_adfs_IdP_ADFS::receiveLogoutMessage($idp); } else { if ($_GET['wa'] === 'wsignin1.0') { sspmod_adfs_IdP_ADFS::receiveAuthnRequest($idp); } } assert('FALSE'); } elseif (isset($_GET['assocId'])) { // logout response from ADFS SP $assocId = $_GET['assocId']; /* Association ID of the SP that sent the logout response. */ $relayState = $_GET['relayState']; /* Data that was sent in the logout request to the SP. Can be null. */ $logoutError = NULL; /* NULL on success, or an instance of a SimpleSAML_Error_Exception on failure. */ $idp->handleLogoutResponse($assocId, $relayState, $logoutError); }
/** * Retrieve a logout URL for a given logout association. * * @param SimpleSAML_IdP $idp The IdP we are sending a logout request from. * @param array $association The association that should be terminated. * @param string|NULL $relayState An id that should be carried across the logout. */ public static function getLogoutURL(SimpleSAML_IdP $idp, array $association, $relayState) { assert('is_string($relayState) || is_null($relayState)'); SimpleSAML_Logger::info('Sending SAML 2.0 LogoutRequest to: ' . var_export($association['saml:entityID'], TRUE)); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpMetadata = $idp->getConfig(); $spMetadata = $metadata->getMetaDataConfig($association['saml:entityID'], 'saml20-sp-remote'); $lr = sspmod_saml_Message::buildLogoutRequest($idpMetadata, $spMetadata); $lr->setRelayState($relayState); $lr->setSessionIndex($association['saml:SessionIndex']); $lr->setNameId($association['saml:NameID']); $assertionLifetime = $spMetadata->getInteger('assertion.lifetime', NULL); if ($assertionLifetime === NULL) { $assertionLifetime = $idpMetadata->getInteger('assertion.lifetime', 300); } $lr->setNotOnOrAfter(time() + $assertionLifetime); $encryptNameId = $spMetadata->getBoolean('nameid.encryption', NULL); if ($encryptNameId === NULL) { $encryptNameId = $idpMetadata->getBoolean('nameid.encryption', FALSE); } if ($encryptNameId) { $lr->encryptNameId(sspmod_saml_Message::getEncryptionKey($spMetadata)); } SimpleSAML_Stats::log('saml:idp:LogoutRequest:sent', array('spEntityID' => $association['saml:entityID'], 'idpEntityID' => $idpMetadata->getString('entityid'))); $binding = new SAML2_HTTPRedirect(); return $binding->getRedirectURL($lr); }
/** * Get a list of associated SAML 2 SPs. * * This function is just for backwards-compatibility. New code should * use the SimpleSAML_IdP::getAssociations()-function. * * @return array Array of SAML 2 entityIDs. * @deprecated Will be removed in the future. */ public function get_sp_list() { $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); try { $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted'); $idp = SimpleSAML_IdP::getById('saml2:' . $idpEntityId); } catch (Exception $e) { /* No SAML 2 IdP configured? */ return array(); } $ret = array(); foreach ($idp->getAssociations() as $assoc) { if (isset($assoc['saml:entityID'])) { $ret[] = $assoc['saml:entityID']; } } return $ret; }
<?php if (!isset($_REQUEST['idp'])) { throw new SimpleSAML_Error_BadRequest('Missing "idp" parameter.'); } $idp = (string) $_REQUEST['idp']; $idp = SimpleSAML_IdP::getById($idp); if (!isset($_REQUEST['association'])) { throw new SimpleSAML_Error_BadRequest('Missing "association" parameter.'); } $assocId = urldecode($_REQUEST['association']); $relayState = NULL; if (isset($_REQUEST['RelayState'])) { $relayState = (string) $_REQUEST['RelayState']; } $associations = $idp->getAssociations(); if (!isset($associations[$assocId])) { throw new SimpleSAML_Error_BadRequest('Invalid association id.'); } $association = $associations[$assocId]; $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpMetadata = $idp->getConfig(); $spMetadata = $metadata->getMetaDataConfig($association['saml:entityID'], 'saml20-sp-remote'); $lr = sspmod_saml_Message::buildLogoutRequest($idpMetadata, $spMetadata); $lr->setSessionIndex($association['saml:SessionIndex']); $lr->setNameId($association['saml:NameID']); $assertionLifetime = $spMetadata->getInteger('assertion.lifetime', NULL); if ($assertionLifetime === NULL) { $assertionLifetime = $idpMetadata->getInteger('assertion.lifetime', 300); } $lr->setNotOnOrAfter(time() + $assertionLifetime);
/** * Log the user out before logging in again. * * This method will never return. * * @param array $state The state array. */ public static function reauthLogout(array $state) { SimpleSAML\Logger::debug('Proxy: logging the user out before re-authentication.'); if (isset($state['Responder'])) { $state['saml:proxy:reauthLogout:PrevResponder'] = $state['Responder']; } $state['Responder'] = array('sspmod_saml_Auth_Source_SP', 'reauthPostLogout'); $idp = SimpleSAML_IdP::getByState($state); $idp->handleLogoutRequest($state, null); assert('false'); }
<?php /** * This is the handler for logout started from the consent page. * * @package simpleSAMLphp */ if (!array_key_exists('StateId', $_GET)) { throw new SimpleSAML_Error_BadRequest('Missing required StateId query parameter.'); } $id = (string) $_GET['StateId']; // sanitize the input $sid = SimpleSAML_Utilities::parseStateID($id); if (!is_null($sid['url'])) { SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($id, 'consent:request'); $state['Responder'] = array('sspmod_consent_Logout', 'postLogout'); $idp = SimpleSAML_IdP::getByState($state); $idp->handleLogoutRequest($state, NULL); assert('FALSE');
public static function getLogoutURL(SimpleSAML_IdP $idp, array $association, $relayState) { $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpMetadata = $idp->getConfig(); $spMetadata = $metadata->getMetaDataConfig($association['adfs:entityID'], 'adfs-sp-remote'); $returnTo = SimpleSAML\Module::getModuleURL('adfs/idp/prp.php?assocId=' . urlencode($association["id"]) . '&relayState=' . urlencode($relayState)); return $spMetadata->getValue('prp') . '?' . 'wa=wsignoutcleanup1.0&wreply=' . urlencode($returnTo); }
* @author Jaime Pérez Crespo, UNINETT AS <*****@*****.**> * * @package SimpleSAMLphp */ // retrieve the authentication state if (!array_key_exists('AuthState', $_REQUEST)) { throw new SimpleSAML_Error_BadRequest('Missing mandatory parameter: AuthState'); } try { // try to get the state $state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthState'], 'saml:proxy:invalid_idp'); } catch (Exception $e) { // the user probably hit the back button after starting the logout, try to recover the state with another stage $state = SimpleSAML_Auth_State::loadState($_REQUEST['AuthState'], 'core:Logout:afterbridge'); // success! Try to continue with reauthentication, since we no longer have a valid session here $idp = SimpleSAML_IdP::getById($state['core:IdP']); sspmod_saml_Auth_Source_SP::reauthPostLogout($idp, $state); } if (isset($_POST['cancel'])) { // the user does not want to logout, cancel login SimpleSAML_Auth_State::throwException($state, new \SimpleSAML\Module\saml\Error\NoAvailableIDP(\SAML2\Constants::STATUS_RESPONDER, 'User refused to reauthenticate with any of the IdPs requested.')); } if (isset($_POST['continue'])) { // log the user out before being able to login again $as = SimpleSAML_Auth_Source::getById($state['saml:sp:AuthId'], 'sspmod_saml_Auth_Source_SP'); /** @var sspmod_saml_Auth_Source_SP $as */ $as->reauthLogout($state); } $cfg = SimpleSAML_Configuration::getInstance(); $template = new SimpleSAML_XHTML_Template($cfg, 'saml:proxy/invalid_session.php'); $translator = $template->getTranslator();
<?php /** * This SAML 2.0 endpoint can receive incoming LogoutRequests. It will also send LogoutResponses, * and LogoutRequests and also receive LogoutResponses. It is implemeting SLO at the SAML 2.0 IdP. * * @author Andreas Åkre Solberg, UNINETT AS. <*****@*****.**> * @package SimpleSAMLphp */ require_once '../../_include.php'; SimpleSAML\Logger::info('SAML2.0 - IdP.SingleLogoutService: Accessing SAML 2.0 IdP endpoint SingleLogoutService'); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpEntityId = $metadata->getMetaDataCurrentEntityID('saml20-idp-hosted'); $idp = SimpleSAML_IdP::getById('saml2:' . $idpEntityId); if (isset($_REQUEST['ReturnTo'])) { $idp->doLogoutRedirect(\SimpleSAML\Utils\HTTP::checkURLAllowed((string) $_REQUEST['ReturnTo'])); } else { try { sspmod_saml_IdP_SAML2::receiveLogoutMessage($idp); } catch (Exception $e) { // TODO: look for a specific exception /* * This is dirty. Instead of checking the message of the exception, \SAML2\Binding::getCurrentBinding() should * throw an specific exception when the binding is unknown, and we should capture that here */ if ($e->getMessage() === 'Unable to find the current binding.') { throw new SimpleSAML_Error_Error('SLOSERVICEPARAMS', $e, 400); } else { throw $e; // do not ignore other exceptions! }
/** * Retrieve a logout URL for a given logout association. * * @param SimpleSAML_IdP $idp The IdP we are sending a logout request from. * @param array $association The association that should be terminated. * @param string|NULL $relayState An id that should be carried across the logout. */ public static function getLogoutURL(SimpleSAML_IdP $idp, array $association, $relayState) { assert('is_string($relayState) || is_null($relayState)'); SimpleSAML_Logger::info('Sending SAML 2.0 LogoutRequest to: ' . var_export($association['saml:entityID'], TRUE)); $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpMetadata = $idp->getConfig(); $spMetadata = $metadata->getMetaDataConfig($association['saml:entityID'], 'saml20-sp-remote'); $lr = sspmod_saml_Message::buildLogoutRequest($idpMetadata, $spMetadata); $lr->setRelayState($relayState); $lr->setSessionIndex($association['saml:SessionIndex']); $lr->setNameId($association['saml:NameID']); $binding = new SAML2_HTTPRedirect(); return $binding->getRedirectURL($lr); }
public static function getLogoutURL(SimpleSAML_IdP $idp, array $association, $relayState) { $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpMetadata = $idp->getConfig(); $spMetadata = $metadata->getMetaDataConfig($association['adfs:entityID'], 'adfs-sp-remote'); // 'https://adfs-test.showcase.surfnet.nl/adfs/ls/?wa=wsignoutcleanup1.0&wreply=https%3A%2F%2Flocalhost%2Fsimplesaml'); $returnTo = SimpleSAML_Module::getModuleURL('adfs/idp/prp.php?assocId=' . urlencode($association["id"]) . '&relayState=' . urlencode($relayState)); return $spMetadata->getValue('prp') . '?' . 'wa=wsignoutcleanup1.0&wreply=' . urlencode($returnTo); }
$assocConfig = call_user_func(array($sp['Handler'], 'getAssociationConfig'), $assocIdP, $sp); $sp['core:Logout-IFrame:Timeout'] = $assocConfig->getInteger('core:logout-timeout', 5) + time(); } else { $sp['core:Logout-IFrame:Timeout'] = time() + 5; } } } } if ($type === 'js' || $type === 'nojs') { foreach ($state['core:Logout-IFrame:Associations'] as $assocId => &$sp) { if ($sp['core:Logout-IFrame:State'] !== 'inprogress') { /* This SP isn't logging out. */ continue; } try { $assocIdP = SimpleSAML_IdP::getByState($sp); $url = call_user_func(array($sp['Handler'], 'getLogoutURL'), $assocIdP, $sp, NULL); $sp['core:Logout-IFrame:URL'] = $url; } catch (Exception $e) { $sp['core:Logout-IFrame:State'] = 'failed'; } } } $id = SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame'); $globalConfig = SimpleSAML_Configuration::getInstance(); if ($type === 'nojs') { $t = new SimpleSAML_XHTML_Template($globalConfig, 'core:logout-iframe-wrapper.php'); $t->data['id'] = $id; $t->data['SPs'] = $state['core:Logout-IFrame:Associations']; $t->show(); exit(0);
<?php /* TODO: Delete this file in version 1.8. */ if (!isset($_REQUEST['RequestID'])) { throw new SimpleSAML_Error_BadRequest('Missing required URL parameter.'); } /* Backwards-compatibility with old authentication pages. */ $session = SimpleSAML_Session::getSessionFromRequest(); $requestcache = $session->getAuthnRequest('saml2', (string) $_REQUEST['RequestID']); if (!$requestcache) { throw new Exception('Could not retrieve cached RequestID = ' . $authId); } if ($requestcache['ForceAuthn'] && $requestcache['core:prevSession'] === $session->getAuthnInstant()) { throw new Exception('ForceAuthn set, but timestamp not updated.'); } $state = $requestcache['State']; SimpleSAML_IdP::postAuth($state);