lasso/branches/branch-0-6-0/docs/lasso-book/single-logout.process

Single Log Out
    SP
        /singleLogout (* normative, Single Logout Service URL *)
            logout = lasso_logout_new(server, lassoProviderTypeSp)

            IF NOT lasso_is_liberty_query(query)
                # Logout initiated by SP, now
                lasso_profile_set_identity_from_dump(LASSO_PROFILE(logout), identity_dump)
                lasso_profile_set_session_from_dump(LASSO_PROFILE(logout), session_dump)
                lasso_logout_init_request(logout, idpProviderId, lassoHttpMethodAny)
                    # if idpProviderId is NULL the first one defined in the metadata will be picked
                    # if third param http method is lassoHttpMethodAny, then lasso retrieves
                    # the first http mehtod supported by both providers, else check
                    # the passed http method is supported.
                request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(logout)->request)
                lasso_lib_authn_request_set_relayState(request, relayState)
                    # relayState is an optional value set by the SP
                lasso_logout_build_request_msg(logout)

                IF LASSO_PROFILE(logout)->msg_body != NULL
                    SOAP CALL
                        TO LASSO_PROFILE(logout)->msg_url
                        BODY LASSO_PROFILE(logout)->msg_body
                    lasso_logout_process_response_msg(logout, soap_answer_message)
                    IF error AND error != LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE
                        BOOM
                
                /* ??? there is something here about identity and sessions ??? */

                IF LASSO_PROFILE(logout)->msg_body == NULL
                    REDIRECT TO LASSO_PROFILE(logout)->msg_url

                DISPLAY HTML PAGE
                    <h1>OK</h1>
                END

            # Logout initiated by IdP
            lasso_logout_process_request_msg(logout, /query string/)

            # use LASSO_PROFILE(logout)->nameIdentifier->content to get identity and session
            lasso_profile_set_identity_from_dump(LASSO_PROFILE(logout), identity_dump)
            lasso_profile_set_session_from_dump(LASSO_PROFILE(logout), session_dump)
            lasso_logout_validate_request(logout)

            IF lasso_profile_is_identity_dirty(LASSO_PROFILE(login))
                identity = lasso_profile_get_identity(LASSO_PROFILE(login))
                # save identity;
                #   serialization with lasso_identity_dump(identity)

            IF lasso_profile_is_session_dirty(LASSO_PROFILE(login))
                session = lasso_profile_get_session(LASSO_PROFILE(login))
                # save session;
                #   serialization with lasso_session_dump(session)
            
            lasso_logout_build_response_msg(logout)

            IF LASSO_PROFILE(logout)->msg_body
                ANSWER SOAP REQUEST WITH: LASSO_PROFILE(logout)->msg_body)
            ELSE
                REDIRECT TO LASSO_PROFILE(logout)->msg_url
         
    IdP
        /singleLogout (* normative, Single Log-Out service URL *)
            logout = lasso_logout_new(server, lassoProviderTypeIdp)

            IF lasso_is_liberty_query(query)
                lasso_logout_process_request_msg(logout, /query string/)
                # get identity and session from LASSO_PROFILE(logout)->nameIdentifier
            ELSE
                # initiate logout
                # get identity and session from user authentication

            lasso_profile_set_identity_from_dump(LASSO_PROFILE(logout), identity_dump)
            lasso_profile_set_session_from_dump(LASSO_PROFILE(logout), session_dump)

            other_sp = lasso_logout_get_next_providerID(logout)
            WHILE other_sp
                lasso_logout_init_request(logout, other_sp, lassoHttpMethodAny)
                lasso_logout_build_request_msg(logout)
                IF LASSO_PROFILE(logout)->msg_body
                    SOAP CALL
                        TO LASSO_PROFILE(logout)->msg_url
                        BODY LASSO_PROFILE(logout)->msg_body
                    lasso_logout_process_response_msg(logout, soap_answer_message)
                other_sp = lasso_logout_get_next_providerID(logout)

            lasso_logout_reset_providerID_index(logout)
            other_sp = lasso_logout_get_next_providerID(logout)
            IF other_sp
                lasso_logout_init_request(logout, other_sp, lassoHttpMethodRedirect)
                lasso_logout_build_request_msg(logout)
                REDIRECT TO LASSO_PROFILE(logout)->msg_url

           
            DISPLAY HTML PAGE
                <h1>OK</h1>

    IdP
        /soapEndPoint (* normative, SOAP endpoint *)
            soap_msg # is the received SOAP message body
            request_type = lasso_profile_get_request_type_from_soap_msg(soap_msg);

            IF request_type IS lassoRequestTypeLogout
                logout = lasso_logout_new(server);
                lasso_logout_process_request_msg(logout, soap_msg);

                # get identity and session from LASSO_PROFILE(logout)->nameIdentifier
                lasso_profile_set_identity_from_dump(LASSO_PROFILE(logout), identity_dump)
                lasso_profile_set_session_from_dump(LASSO_PROFILE(logout), session_dump)

                lasso_logout_validate_request(logout)
                if error LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE
                    lasso_logout_build_request_msg(logout)
                    ANSWER SOAP REQUEST WITH: LASSO_PROFILE(logout)->msg_body

                # write down identity and session here

                other_sp = lasso_logout_get_next_providerID(logout)

                WHILE other_sp
                    lasso_logout_init_request(logout, other_sp, lassoHttpMethodAny)
                    lasso_logout_build_request_msg(logout)
                    SOAP CALL
                        TO LASSO_PROFILE(logout)->msg_url
                        BODY LASSO_PROFILE(logout)->msg_body
                    lasso_logout_process_response_msg(logout, soap_answer_message)
                    other_sp = lasso_logout_get_next_providerID(logout)

                lasso_logout_build_response_msg(logout)
                ANSWER SOAP REQUEST WITH: LASSO_PROFILE(logout)->msg_body

    SP
        /soapEndPoint (* normative, SOAP endpoint *)

            soap_msg # is the received SOAP message body
            request_type = lasso_profile_get_request_type_from_soap_msg(soap_msg);

            IF request_type IS lassoRequestTypeLogout
                logout = lasso_logout_new(server);
                lasso_logout_process_request_msg(logout, soap_msg);

                # sth to do with identity and session around here
                lasso_logout_validate_request(logout)

                lasso_logout_build_response_msg(logout)
                ANSWER SOAP REQUEST WITH: LASSO_PROFILE(logout)->msg_body