ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
logout-iframe-post.php
Go to the documentation of this file.
1<?php
2
3if (!isset($_REQUEST['idp'])) {
4 throw new SimpleSAML_Error_BadRequest('Missing "idp" parameter.');
5}
6$idp = (string) $_REQUEST['idp'];
7$idp = SimpleSAML_IdP::getById($idp);
8
9if (!isset($_REQUEST['association'])) {
10 throw new SimpleSAML_Error_BadRequest('Missing "association" parameter.');
11}
12$assocId = urldecode($_REQUEST['association']);
13
14$relayState = null;
15if (isset($_REQUEST['RelayState'])) {
16 $relayState = (string) $_REQUEST['RelayState'];
17}
18
19$associations = $idp->getAssociations();
20if (!isset($associations[$assocId])) {
21 throw new SimpleSAML_Error_BadRequest('Invalid association id.');
22}
23$association = $associations[$assocId];
24
25$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
26$idpMetadata = $idp->getConfig();
27$spMetadata = $metadata->getMetaDataConfig($association['saml:entityID'], 'saml20-sp-remote');
28
29$lr = sspmod_saml_Message::buildLogoutRequest($idpMetadata, $spMetadata);
30$lr->setSessionIndex($association['saml:SessionIndex']);
31$lr->setNameId($association['saml:NameID']);
32
33$assertionLifetime = $spMetadata->getInteger('assertion.lifetime', null);
34if ($assertionLifetime === null) {
35 $assertionLifetime = $idpMetadata->getInteger('assertion.lifetime', 300);
36}
37$lr->setNotOnOrAfter(time() + $assertionLifetime);
38
39$encryptNameId = $spMetadata->getBoolean('nameid.encryption', null);
40if ($encryptNameId === null) {
41 $encryptNameId = $idpMetadata->getBoolean('nameid.encryption', false);
42}
43if ($encryptNameId) {
44 $lr->encryptNameId(sspmod_saml_Message::getEncryptionKey($spMetadata));
45}
46
47SimpleSAML_Stats::log('saml:idp:LogoutRequest:sent', array(
48 'spEntityID' => $association['saml:entityID'],
49 'idpEntityID' => $idpMetadata->getString('entityid'),
50));
51
52$bindings = array(\SAML2\Constants::BINDING_HTTP_POST);
53
54$dst = $spMetadata->getDefaultEndpoint('SingleLogoutService', $bindings);
55$binding = \SAML2\Binding::getBinding($dst['Binding']);
56$lr->setDestination($dst['Location']);
57$lr->setRelayState($relayState);
58
59$binding->send($lr);
php
An exception for terminatinating execution or to throw for unit testing.
SAML2\Binding\getBinding
static getBinding($urn)
Retrieve a binding with the given URN.
Definition: Binding.php:28
SimpleSAML_Error_BadRequest
Definition: BadRequest.php:12
SimpleSAML_IdP\getById
static getById($id)
Retrieve an IdP by ID.
Definition: IdP.php:131
SimpleSAML_Metadata_MetaDataStorageHandler\getMetadataHandler
static getMetadataHandler()
This function retrieves the current instance of the metadata handler.
Definition: MetaDataStorageHandler.php:40
SimpleSAML_Stats\log
static log($event, array $data=array())
Notify about an event.
Definition: Stats.php:71
sspmod_saml_Message\buildLogoutRequest
static buildLogoutRequest(SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata)
Build a logout request based on information in the metadata.
Definition: Message.php:501
sspmod_saml_Message\getEncryptionKey
static getEncryptionKey(SimpleSAML_Configuration $metadata)
Retrieve the encryption key for the given entity.
Definition: Message.php:829
$assertionLifetime
$assertionLifetime
Definition: logout-iframe-post.php:33
$associations
if(isset($_REQUEST['RelayState'])) $associations
Definition: logout-iframe-post.php:19
$lr
$lr
Definition: logout-iframe-post.php:29
$binding
$binding
Definition: logout-iframe-post.php:55
$relayState
$relayState
Definition: logout-iframe-post.php:14
$association
if(!isset($associations[$assocId])) $association
Definition: logout-iframe-post.php:23
$idp
if(!isset($_REQUEST['idp'])) $idp
Definition: logout-iframe-post.php:6
$assocId
if(!isset($_REQUEST['association'])) $assocId
Definition: logout-iframe-post.php:12
$dst
$dst
Definition: logout-iframe-post.php:54
$idpMetadata
$idpMetadata
Definition: logout-iframe-post.php:26
$encryptNameId
$encryptNameId
Definition: logout-iframe-post.php:39
$spMetadata
$spMetadata
Definition: logout-iframe-post.php:27
$bindings
$bindings
Definition: logout-iframe-post.php:52
$metadata
$metadata
Definition: logout-iframe-post.php:25