File: logout-iframe-post.php

package info (click to toggle)
simplesamlphp 1.19.7-2
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 42,920 kB
  • sloc: php: 202,044; javascript: 14,867; xml: 2,700; sh: 225; perl: 82; makefile: 70; python: 5
file content (60 lines) | stat: -rw-r--r-- 2,064 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
<?php

if (!isset($_REQUEST['idp'])) {
    throw new \SimpleSAML\Error\BadRequest('Missing "idp" parameter.');
}
$idp = (string) $_REQUEST['idp'];
$idp = \SimpleSAML\IdP::getById($idp);

if (!isset($_REQUEST['association'])) {
    throw new \SimpleSAML\Error\BadRequest('Missing "association" parameter.');
}
$assocId = urldecode($_REQUEST['association']);

$relayState = null;
if (isset($_REQUEST['RelayState'])) {
    $relayState = (string) $_REQUEST['RelayState'];
}

$associations = $idp->getAssociations();
if (!isset($associations[$assocId])) {
    throw new \SimpleSAML\Error\BadRequest('Invalid association id.');
}
$association = $associations[$assocId];

$metadata = \SimpleSAML\Metadata\MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
$spMetadata = $metadata->getMetaDataConfig($association['saml:entityID'], 'saml20-sp-remote');

$lr = \SimpleSAML\Module\saml\Message::buildLogoutRequest($idpMetadata, $spMetadata);
$lr->setSessionIndex($association['saml:SessionIndex']);
$lr->setNameId($association['saml:NameID']);

$assertionLifetime = $spMetadata->getInteger('assertion.lifetime', null);
if ($assertionLifetime === null) {
    $assertionLifetime = $idpMetadata->getInteger('assertion.lifetime', 300);
}
$lr->setNotOnOrAfter(time() + $assertionLifetime);

$encryptNameId = $spMetadata->getBoolean('nameid.encryption', null);
if ($encryptNameId === null) {
    $encryptNameId = $idpMetadata->getBoolean('nameid.encryption', false);
}
if ($encryptNameId) {
    $lr->encryptNameId(\SimpleSAML\Module\saml\Message::getEncryptionKey($spMetadata));
}

\SimpleSAML\Stats::log('saml:idp:LogoutRequest:sent', [
    'spEntityID'  => $association['saml:entityID'],
    'idpEntityID' => $idpMetadata->getString('entityid'),
]);

$bindings = [\SAML2\Constants::BINDING_HTTP_POST];

/** @var array $dst */
$dst = $spMetadata->getDefaultEndpoint('SingleLogoutService', $bindings);
$binding = \SAML2\Binding::getBinding($dst['Binding']);
$lr->setDestination($dst['Location']);
$lr->setRelayState($relayState);

$binding->send($lr);