ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
logout-iframe.php
Go to the documentation of this file.
1 <?php
2 
3 if (!isset($_REQUEST['id'])) {
4  throw new SimpleSAML_Error_BadRequest('Missing required parameter: id');
5 }
6 
7 if (isset($_REQUEST['type'])) {
8  $type = (string) $_REQUEST['type'];
9  if (!in_array($type, array('init', 'js', 'nojs', 'embed'), true)) {
10  throw new SimpleSAML_Error_BadRequest('Invalid value for type.');
11  }
12 } else {
13  $type = 'init';
14 }
15 
16 if ($type !== 'embed') {
17  SimpleSAML\Logger::stats('slo-iframe '.$type);
18  SimpleSAML_Stats::log('core:idp:logout-iframe:page', array('type' => $type));
19 }
20 
21 $state = SimpleSAML_Auth_State::loadState($_REQUEST['id'], 'core:Logout-IFrame');
22 $idp = SimpleSAML_IdP::getByState($state);
23 $mdh = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
24 
25 if ($type !== 'init') { // update association state
26  foreach ($state['core:Logout-IFrame:Associations'] as $assocId => &$sp) {
27  $spId = sha1($assocId);
28 
29  // move SPs from 'onhold' to 'inprogress'
30  if ($sp['core:Logout-IFrame:State'] === 'onhold') {
31  $sp['core:Logout-IFrame:State'] = 'inprogress';
32  }
33 
34  // check for update through request
35  if (isset($_REQUEST[$spId])) {
36  $s = $_REQUEST[$spId];
37  if ($s == 'completed' || $s == 'failed') {
38  $sp['core:Logout-IFrame:State'] = $s;
39  }
40  }
41 
42  // check for timeout
43  if (isset($sp['core:Logout-IFrame:Timeout']) && $sp['core:Logout-IFrame:Timeout'] < time()) {
44  if ($sp['core:Logout-IFrame:State'] === 'inprogress') {
45  $sp['core:Logout-IFrame:State'] = 'failed';
46  }
47  }
48 
49  // update the IdP
50  if ($sp['core:Logout-IFrame:State'] === 'completed') {
51  $idp->terminateAssociation($assocId);
52  }
53 
54  if (!isset($sp['core:Logout-IFrame:Timeout'])) {
55  if (method_exists($sp['Handler'], 'getAssociationConfig')) {
56  $assocIdP = SimpleSAML_IdP::getByState($sp);
57  $assocConfig = call_user_func(array($sp['Handler'], 'getAssociationConfig'), $assocIdP, $sp);
58  $sp['core:Logout-IFrame:Timeout'] = $assocConfig->getInteger('core:logout-timeout', 5) + time();
59  } else {
60  $sp['core:Logout-IFrame:Timeout'] = time() + 5;
61  }
62  }
63  }
64 }
65 
66 $associations = $idp->getAssociations();
67 foreach ($state['core:Logout-IFrame:Associations'] as $assocId => &$sp) {
68  // in case we are refreshing a page
69  if (!isset($associations[$assocId])) {
70  $sp['core:Logout-IFrame:State'] = 'completed';
71  }
72 
73  try {
74  $assocIdP = SimpleSAML_IdP::getByState($sp);
75  $url = call_user_func(array($sp['Handler'], 'getLogoutURL'), $assocIdP, $sp, null);
76  $sp['core:Logout-IFrame:URL'] = $url;
77  } catch (Exception $e) {
78  $sp['core:Logout-IFrame:State'] = 'failed';
79  }
80 }
81 
82 // get the metadata of the service that initiated logout, if any
83 $terminated = null;
84 if ($state['core:TerminatedAssocId'] !== null) {
85  $mdset = 'saml20-sp-remote';
86  if (substr($state['core:TerminatedAssocId'], 0, 4) === 'adfs') {
87  $mdset = 'adfs-sp-remote';
88  }
89  $terminated = $mdh->getMetaDataConfig($state['saml:SPEntityId'], $mdset)->toArray();
90 }
91 
92 // build an array with information about all services currently logged in
93 $remaining = array();
94 foreach ($state['core:Logout-IFrame:Associations'] as $association) {
95  $key = sha1($association['id']);
96  $mdset = 'saml20-sp-remote';
97  if (substr($association['id'], 0, 4) === 'adfs') {
98  $mdset = 'adfs-sp-remote';
99  }
100 
101  $remaining[$key] = array(
102  'id' => $association['id'],
103  'expires_on' => $association['Expires'],
104  'entityID' => $association['saml:entityID'],
105  'subject' => $association['saml:NameID'],
106  'status' => $association['core:Logout-IFrame:State'],
107  'logoutURL' => $association['core:Logout-IFrame:URL'],
108  'metadata' => $mdh->getMetaDataConfig($association['saml:entityID'], $mdset)->toArray(),
109  );
110  if (isset($association['core:Logout-IFrame:Timeout'])) {
111  $remaining[$key]['timeout'] = $association['core:Logout-IFrame:Timeout'];
112  }
113 }
114 
115 $id = SimpleSAML_Auth_State::saveState($state, 'core:Logout-IFrame');
116 $globalConfig = SimpleSAML_Configuration::getInstance();
117 
118 $template_id = 'core:logout-iframe.php';
119 if ($type === 'nojs') {
120  $template_id = 'core:logout-iframe-wrapper.php';
121 }
122 
123 $t = new SimpleSAML_XHTML_Template($globalConfig, $template_id);
124 $t->data['auth_state'] = $id;
128 $t->data['id'] = $id;
129 $t->data['type'] = $type;
130 $t->data['terminated_service'] = $terminated;
131 $t->data['remaining_services'] = $remaining;
132 
134 $t->data['from'] = $state['core:Logout-IFrame:From'];
135 
137 $t->data['SPs'] = $state['core:Logout-IFrame:Associations'];
138 
139 if ($type !== 'nojs') {
141  $t->data['jquery'] = array('core' => true, 'ui' => false, 'css' => false);
142 }
143 
144 $t->show();
$idp
$idp
Definition: logout-iframe.php:22
string
Add rich text string
Definition: 05featuredemo.inc.php:117
SimpleSAML_Metadata_MetaDataStorageHandler\getMetadataHandler
static getMetadataHandler()
This function retrieves the current instance of the metadata handler.
Definition: MetaDataStorageHandler.php:40
SimpleSAML_IdP\getByState
static getByState(array &$state)
Retrieve the IdP "owning" the state.
Definition: IdP.php:152
$s
$s
Definition: pwgen.php:45
$remaining
if($state['core:TerminatedAssocId'] !==null) $remaining
Definition: logout-iframe.php:93
$mdh
$mdh
Definition: logout-iframe.php:23
SimpleSAML\Logger\stats
static stats($string)
Definition: Logger.php:224
$t
if($type==='nojs') $t
Definition: logout-iframe.php:123
SimpleSAML_Error_BadRequest
Definition: BadRequest.php:12
$id
$id
Definition: logout-iframe.php:3
SimpleSAML_Auth_State\loadState
static loadState($id, $stage, $allowMissing=false)
Retrieve saved state.
Definition: State.php:259
array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19
$globalConfig
$globalConfig
Definition: logout-iframe.php:116
SimpleSAML_XHTML_Template
Definition: Template.php:16
$association
if(!isset($associations[$assocId])) $association
Definition: logout-iframe-post.php:23
$type
$type
Definition: logout-iframe.php:4
$associations
if($type !=='init') $associations
Definition: logout-iframe.php:66
$assocId
if(!isset($_REQUEST['association'])) $assocId
Definition: logout-iframe-post.php:12
$url
$url
Definition: proxy_ylocal.php:28
time
Add data(end) time
Method that wraps PHPs time in order to allow simulations with the workflow.
Definition: 40duplicateStyle.php:39
$terminated
foreach($state['core:Logout-IFrame:Associations'] as $assocId=> &$sp) $terminated
Definition: logout-iframe.php:83
$key
$key
Definition: croninfo.php:18
$template_id
$template_id
Definition: logout-iframe.php:118
SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194
SimpleSAML_Configuration\getInstance
static getInstance($instancename='simplesaml')
Get a configuration file by its instance name.
Definition: Configuration.php:297
$state
if($type !=='embed') $state
Definition: logout-iframe.php:21
SimpleSAML_Stats\log
static log($event, array $data=array())
Notify about an event.
Definition: Stats.php:71