/** * Start a SAML 2 logout operation. * * @param array $state The logout state. */ public function startSLO2(&$state) { assert('is_array($state)'); assert('array_key_exists("saml:logout:IdP", $state)'); assert('array_key_exists("saml:logout:NameID", $state)'); assert('array_key_exists("saml:logout:SessionIndex", $state)'); $id = SimpleSAML_Auth_State::saveState($state, 'saml:slosent'); $idp = $state['saml:logout:IdP']; $nameId = $state['saml:logout:NameID']; $sessionIndex = $state['saml:logout:SessionIndex']; $idpMetadata = $this->getIdPMetadata($idp); $endpoint = $idpMetadata->getString('SingleLogoutService', FALSE); if ($endpoint === FALSE) { SimpleSAML_Logger::info('No logout endpoint for IdP ' . var_export($idp, TRUE) . '.'); return; } $lr = sspmod_saml2_Message::buildLogoutRequest($this->metadata, $idpMetadata); $lr->setNameId($nameId); $lr->setSessionIndex($sessionIndex); $lr->setRelayState($id); $b = new SAML2_HTTPRedirect(); $b->setDestination(sspmod_SAML2_Message::getDebugDestination()); $b->send($lr); assert('FALSE'); }
$singleLogoutService = $spMetadata->getString('SingleLogoutService', NULL); if ($singleLogoutService === NULL) { SimpleSAML_Logger::info('SAML2.0 - IDP.SingleLogoutService: No SingleLogoutService for ' . $spEntityId . '; looking for more SPs.'); continue; } /* $spEntityId now contains the next SP. */ break; } if ($spEntityId) { SimpleSAML_Logger::info('SAML2.0 - IDP.SingleLogoutService: Logout next SP ' . $spEntityId); try { $nameId = $session->getSessionNameId('saml20-sp-remote', $spEntityId); if ($nameId === NULL) { $nameId = $session->getNameID(); } $lr = sspmod_saml2_Message::buildLogoutRequest($idpMetadata, $spMetadata); $lr->setSessionIndex($session->getSessionIndex()); $lr->setNameId($nameId); /* Save the $logoutInfo until we return from the SP. */ saveLogoutInfo($lr->getId()); $binding = new SAML2_HTTPRedirect(); $binding->setDestination(sspmod_SAML2_Message::getDebugDestination()); $binding->send($lr); } catch (Exception $exception) { SimpleSAML_Utilities::fatalError($session->getTrackID(), 'GENERATELOGOUTREQUEST', $exception); } } if ($config->getBoolean('debug', false)) { SimpleSAML_Logger::info('SAML2.0 - IdP.SingleLogoutService: LogoutService: All SPs done '); } /*
/** * Handle logout operation. * * @param array $state The logout state. */ public function logout(&$state) { assert('is_array($state)'); assert('array_key_exists(self::LOGOUT_IDP, $state)'); assert('array_key_exists(self::LOGOUT_NAMEID, $state)'); assert('array_key_exists(self::LOGOUT_SESSIONINDEX, $state)'); $id = SimpleSAML_Auth_State::saveState($state, self::STAGE_LOGOUTSENT); $idp = $state[self::LOGOUT_IDP]; $nameId = $state[self::LOGOUT_NAMEID]; $sessionIndex = $state[self::LOGOUT_SESSIONINDEX]; if (array_key_exists('value', $nameId)) { /* * This session was saved by an old version of simpleSAMLphp. * Convert to the new NameId format. * * TODO: Remove this conversion once every session should use the new format. */ $nameId['Value'] = $nameId['value']; unset($nameId['value']); } $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpMetadata = $metadata->getMetaDataConfig($idp, 'saml20-idp-remote'); $lr = sspmod_saml2_Message::buildLogoutRequest($this->metadata, $idpMetadata); $lr->setNameId($nameId); $lr->setSessionIndex($sessionIndex); $lr->setRelayState($id); $b = new SAML2_HTTPRedirect(); $b->setDestination(sspmod_SAML2_Message::getDebugDestination()); $b->send($lr); assert('FALSE'); }