diff options
Diffstat (limited to 'www/saml2/sp/SingleLogoutService.php')
| -rw-r--r-- | www/saml2/sp/SingleLogoutService.php | 108 |
1 files changed, 0 insertions, 108 deletions
diff --git a/www/saml2/sp/SingleLogoutService.php b/www/saml2/sp/SingleLogoutService.php deleted file mode 100644 index e21b65c..0000000 --- a/www/saml2/sp/SingleLogoutService.php +++ /dev/null @@ -1,108 +0,0 @@ -<?php - -/** - * WARNING: - * - * THIS FILE IS DEPRECATED AND WILL BE REMOVED IN FUTURE VERSIONS - * - * @deprecated - */ - -require_once('../../_include.php'); - -$config = SimpleSAML_Configuration::getInstance(); -$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); - -SimpleSAML_Logger::warning('The file saml2/sp/SingleLogoutService.php is deprecated and will be removed in future versions.'); - -// Get the local session -$session = SimpleSAML_Session::getSessionFromRequest(); - - -SimpleSAML_Logger::info('SAML2.0 - SP.SingleLogoutService: Accessing SAML 2.0 SP endpoint SingleLogoutService'); - -if (!$config->getBoolean('enable.saml20-sp', TRUE)) - throw new SimpleSAML_Error_Error('NOACCESS'); - - - -// Destroy local session if exists. -$session->doLogout('saml2'); - -$binding = SAML2_Binding::getCurrentBinding(); -$message = $binding->receive(); - -$idpEntityId = $message->getIssuer(); -if ($idpEntityId === NULL) { - /* Without an issuer we have no way to respond to the message. */ - throw new SimpleSAML_Error_BadRequest('Received message on logout endpoint without issuer.'); -} - -$spEntityId = $metadata->getMetaDataCurrentEntityId('saml20-sp-hosted'); - -$idpMetadata = $metadata->getMetaDataConfig($idpEntityId, 'saml20-idp-remote'); -$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-hosted'); - -sspmod_saml_Message::validateMessage($idpMetadata, $spMetadata, $message); - -if ($message instanceof SAML2_LogoutRequest) { - - try { - // Extract some parameters from the logout request - $requestid = $message->getId(); - - SimpleSAML_Logger::info('SAML2.0 - SP.SingleLogoutService: IdP (' . $idpEntityId . - ') is sending logout request to me SP (' . $spEntityId . ') requestid '.$requestid); - SimpleSAML_Logger::stats('saml20-idp-SLO idpinit ' . $spEntityId . ' ' . $idpEntityId); - - /* Create response. */ - $lr = sspmod_saml_Message::buildLogoutResponse($spMetadata, $idpMetadata); - $lr->setRelayState($message->getRelayState()); - $lr->setInResponseTo($message->getId()); - - SimpleSAML_Logger::info('SAML2.0 - SP.SingleLogoutService: SP me (' . $spEntityId . ') is sending logout response to IdP (' . $idpEntityId . ')'); - - $dst = $idpMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array( - SAML2_Const::BINDING_HTTP_REDIRECT, - SAML2_Const::BINDING_HTTP_POST) - ); - - if (!$binding instanceof SAML2_SOAP) { - $binding = SAML2_Binding::getBinding($dst['Binding']); - if (isset($dst['ResponseLocation'])) { - $dst = $dst['ResponseLocation']; - } else { - $dst = $dst['Location']; - } - $binding->setDestination($dst); - } - - /* Send response. */ - $binding->send($lr); - } catch (Exception $exception) { - throw new SimpleSAML_Error_Error('LOGOUTREQUEST', $exception); - } - -} elseif ($message instanceof SAML2_LogoutResponse) { - - SimpleSAML_Logger::stats('saml20-sp-SLO spinit ' . $spEntityId . ' ' . $idpEntityId); - - $id = $message->getRelayState(); - if (empty($id)) { - /* For backwardscompatibility. */ - $id = $message->getInResponseTo(); - } - - // 'spLogoutReturnTo' is checked before storing it in the - // session, so we trust it here. - $returnTo = $session->getData('spLogoutReturnTo', $id); - if (empty($returnTo)) { - throw new SimpleSAML_Error_Error('LOGOUTINFOLOST'); - } - - SimpleSAML_Utilities::redirectTrustedURL($returnTo); - -} else { - throw new SimpleSAML_Error_Error('SLOSERVICEPARAMS'); -} - |