public static function receiveLogoutMessage(SimpleSAML_IdP $idp)
{
$state = array('Responder' => array('sspmod_adfs_IdP_ADFS', 'sendLogoutResponse'));
//$spEntityId = NULL;
//$assocId = 'adfs:' . $spEntityId;
$assocId = NULL;
// TODO: verify that this is really no problem for:
// a) SSP, because there's no caller SP...
// b) ADFS SP because caller will be called back...
$idp->handleLogoutRequest($state, $assocId);
}
/**
* Receive a logout message.
*
* @param SimpleSAML_IdP $idp The IdP we are receiving it for.
*/
public static function receiveLogoutMessage(SimpleSAML_IdP $idp)
{
$binding = SAML2_Binding::getCurrentBinding();
$message = $binding->receive();
$spEntityId = $message->getIssuer();
if ($spEntityId === NULL) {
/* Without an issuer we have no way to respond to the message. */
throw new SimpleSAML_Error_BadRequest('Received message on logout endpoint without issuer.');
}
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote');
sspmod_saml_Message::validateMessage($spMetadata, $idpMetadata, $message);
if ($message instanceof SAML2_LogoutResponse) {
SimpleSAML_Logger::info('Received SAML 2.0 LogoutResponse from: ' . var_export($spEntityId, TRUE));
$statsData = array('spEntityID' => $spEntityId, 'idpEntityID' => $idpMetadata->getString('entityid'));
if (!$message->isSuccess()) {
$statsData['error'] = $message->getStatus();
}
SimpleSAML_Stats::log('saml:idp:LogoutResponse:recv', $statsData);
$relayState = $message->getRelayState();
if (!$message->isSuccess()) {
$logoutError = sspmod_saml_Message::getResponseError($message);
SimpleSAML_Logger::warning('Unsuccessful logout. Status was: ' . $logoutError);
} else {
$logoutError = NULL;
}
$assocId = 'saml:' . $spEntityId;
$idp->handleLogoutResponse($assocId, $relayState, $logoutError);
} elseif ($message instanceof SAML2_LogoutRequest) {
SimpleSAML_Logger::info('Received SAML 2.0 LogoutRequest from: ' . var_export($spEntityId, TRUE));
SimpleSAML_Stats::log('saml:idp:LogoutRequest:recv', array('spEntityID' => $spEntityId, 'idpEntityID' => $idpMetadata->getString('entityid')));
$spStatsId = $spMetadata->getString('core:statistics-id', $spEntityId);
SimpleSAML_Logger::stats('saml20-idp-SLO spinit ' . $spStatsId . ' ' . $idpMetadata->getString('entityid'));
$state = array('Responder' => array('sspmod_saml_IdP_SAML2', 'sendLogoutResponse'), 'saml:SPEntityId' => $spEntityId, 'saml:RelayState' => $message->getRelayState(), 'saml:RequestId' => $message->getId());
$assocId = 'saml:' . $spEntityId;
$idp->handleLogoutRequest($state, $assocId);
} else {
throw new SimpleSAML_Error_BadRequest('Unknown message received on logout endpoint: ' . get_class($message));
}
}
public static function receiveLogoutMessage(SimpleSAML_IdP $idp)
{
// if a redirect is to occur based on wreply, we will redirect to url as
// this implies an override to normal sp notification.
if (isset($_GET['wreply']) && !empty($_GET['wreply'])) {
$idp->doLogoutRedirect(SimpleSAML_Utilities::checkURLAllowed($_GET['wreply']));
assert(FALSE);
}
$state = array('Responder' => array('sspmod_adfs_IdP_ADFS', 'sendLogoutResponse'));
//$spEntityId = NULL;
//$assocId = 'adfs:' . $spEntityId;
$assocId = NULL;
// TODO: verify that this is really no problem for:
// a) SSP, because there's no caller SP...
// b) ADFS SP because caller will be called back...
$idp->handleLogoutRequest($state, $assocId);
}
