single logout initiated by IdP; not yet implemented

doc/manual.txt

@@ -20,7 +20,7 @@ of several CGI C programs.
 It supports the following IDFF-1.2 profiles:
 
 - Single Sign-On and Federation
-- Single Logout
+- Single Logout (SOAP, initiated by SP)
 - Federation Termination
 - Liberty-Enabled Client and Proxy
 

src/.cvsignore

@@ -1,6 +1,8 @@
 Makefile
 Makefile.in
-idpc
 .deps
 soapEndpoint
 singleSignOn
+singleLogout
+federationTermination
+

src/Makefile.am

@@ -1,4 +1,4 @@
-noinst_PROGRAMS = singleSignOn soapEndpoint federationTermination
+noinst_PROGRAMS = singleSignOn singleLogout soapEndpoint federationTermination
 
 INCLUDES = $(IDPC_CFLAGS) $(DB_CFLAGS) \
 	-DSYSCONFDIR=\"${sysconfdir}/${PACKAGE}/\"
@@ -6,10 +6,12 @@ INCLUDES = $(IDPC_CFLAGS) $(DB_CFLAGS) \
 COMMONFILES = idpc.h config.c db_postgresql.c db_mysql.c utils.c soap.c auth.c
 
 singleSignOn_SOURCES = single_sign_on.c $(COMMONFILES)
+singleLogout_SOURCES = single_logout.c $(COMMONFILES)
 soapEndpoint_SOURCES = soap_end_point.c $(COMMONFILES)
 federationTermination_SOURCES = federation_termination.c $(COMMONFILES)
 
 singleSignOn_LDADD = $(IDPC_LIBS)
+singleLogout_LDADD = $(IDPC_LIBS)
 soapEndpoint_LDADD = $(IDPC_LIBS)
 federationTermination_LDADD = $(IDPC_LIBS)
 

src/federation_termination.c

@@ -185,7 +185,6 @@ int federation_termination()
 		return error_page("lasso_federation_termination_new failed");
 	}
 
-
 	if (spId) {
 		/* service provider specified means the termination is
 		 * initiated now, on the idp */

src/single_logout.c

@@ -0,0 +1,77 @@
+/*
+ *  idpc - IDP as a C CGI program
+ *  Copyright (C) 2004 Entr'ouvert
+ * 
+ *  Author: Frederic Peters <fpeters@entrouvert.com>
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 2 of the License, or
+ *  (at your option) any later version.
+ * 
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ * 
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+#include "idpc.h"
+
+/* the Single Log-Out service URL handles several cases:
+ *  1a. initiated by IdP, HTTP-Redirect (fig12, page46)
+ *  1b. initiated by IdP, HTTP-GET (fig13, page48)
+ *  1c. initiated by IdP, SOAP (fig14, page50)
+ *  2a. initiated by SP, HTTP-Redirect (fig15, page52)
+ *  [!2b. initiated by SP, SOAP is handled in soapEndpoint!]
+ */
+
+int single_logout()
+{
+	int rc;
+	LassoLogout *logout;
+	LassoServer *server;
+
+	server = get_config_server();
+	if (server == NULL) {
+		lasso_server_destroy(server);
+		return error_page("Failed to get server configuration");
+	}
+
+	logout = lasso_logout_new(server, lassoProviderTypeIdp);
+
+	rc = lasso_logout_process_request_msg(logout,
+			getenv("QUERY_STRING"), lassoHttpMethodRedirect);
+	if (rc) {
+		lasso_logout_destroy(logout);
+	}
+}
+
+int main(int argc, char *argv[])
+{
+	int rc;
+
+	if (argc > 1 && handle_args(argc, argv) ) {
+		return 0;
+	}
+		
+	rc = init_config();
+	if (rc != 0) {
+		return error_page("Failed to init configuration");
+	}
+	lasso_init();
+	rc = db_init();
+	if (rc != 0) {
+		error_page("Failed to init database access");
+		goto shutdown;
+	}
+	rc = single_logout();
+shutdown:
+	db_finish();
+	lasso_shutdown();
+	return rc;
+}
+

src/single_sign_on.c

@@ -165,6 +165,7 @@ int single_sign_on()
 			msg[clen] = 0;
 			fgets(msg, clen+1, stdin);
 			response_method = lassoHttpMethodPost;
+			/* XXX not supported by Lasso yet */
 
 			res = urlencoded_to_strings(msg);
 			for (i=0; res[i]; i++) {