149 lines
6.8 KiB
Plaintext
149 lines
6.8 KiB
Plaintext
Single Log Out
|
|
SP
|
|
/singleLogout (* normative, Single Logout Service URL *)
|
|
logout = lasso_logout_new(server, lassoProviderTypeSp)
|
|
|
|
IF NOT lasso_is_liberty_query(query)
|
|
# Logout initiated by SP, now
|
|
lasso_profile_set_identity_from_dump(LASSO_PROFILE(logout), identity_dump)
|
|
lasso_profile_set_session_from_dump(LASSO_PROFILE(logout), session_dump)
|
|
lasso_logout_init_request(logout, idpProviderId, lassoHttpMethodAny)
|
|
# if idpProviderId is NULL the first one defined in the metadata will be picked
|
|
# if third param http method is lassoHttpMethodAny, then lasso retrieves
|
|
# the first http mehtod supported by both providers, else check
|
|
# the passed http method is supported.
|
|
request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(logout)->request)
|
|
lasso_lib_authn_request_set_relayState(request, relayState)
|
|
# relayState is an optional value set by the SP
|
|
lasso_logout_build_request_msg(logout)
|
|
|
|
IF LASSO_PROFILE(logout)->msg_body != NULL
|
|
SOAP CALL
|
|
TO LASSO_PROFILE(logout)->msg_url
|
|
BODY LASSO_PROFILE(logout)->msg_body
|
|
lasso_logout_process_response_msg(logout, soap_answer_message)
|
|
IF error AND error != LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE
|
|
BOOM
|
|
|
|
/* ??? there is something here about identity and sessions ??? */
|
|
|
|
IF LASSO_PROFILE(logout)->msg_body == NULL
|
|
REDIRECT TO LASSO_PROFILE(logout)->msg_url
|
|
|
|
DISPLAY HTML PAGE
|
|
<h1>OK</h1>
|
|
END
|
|
|
|
# Logout initiated by IdP
|
|
lasso_logout_process_request_msg(logout, /query string/)
|
|
|
|
# use LASSO_PROFILE(logout)->nameIdentifier->content to get identity and session
|
|
lasso_profile_set_identity_from_dump(LASSO_PROFILE(logout), identity_dump)
|
|
lasso_profile_set_session_from_dump(LASSO_PROFILE(logout), session_dump)
|
|
lasso_logout_validate_request(logout)
|
|
|
|
IF lasso_profile_is_identity_dirty(LASSO_PROFILE(login))
|
|
identity = lasso_profile_get_identity(LASSO_PROFILE(login))
|
|
# save identity;
|
|
# serialization with lasso_identity_dump(identity)
|
|
|
|
IF lasso_profile_is_session_dirty(LASSO_PROFILE(login))
|
|
session = lasso_profile_get_session(LASSO_PROFILE(login))
|
|
# save session;
|
|
# serialization with lasso_session_dump(session)
|
|
|
|
lasso_logout_build_response_msg(logout)
|
|
|
|
IF LASSO_PROFILE(logout)->msg_body
|
|
ANSWER SOAP REQUEST WITH: LASSO_PROFILE(logout)->msg_body)
|
|
ELSE
|
|
REDIRECT TO LASSO_PROFILE(logout)->msg_url
|
|
|
|
IdP
|
|
/singleLogout (* normative, Single Log-Out service URL *)
|
|
logout = lasso_logout_new(server, lassoProviderTypeIdp)
|
|
|
|
IF lasso_is_liberty_query(query)
|
|
lasso_logout_process_request_msg(logout, /query string/)
|
|
# get identity and session from LASSO_PROFILE(logout)->nameIdentifier
|
|
ELSE
|
|
# initiate logout
|
|
# get identity and session from user authentication
|
|
|
|
lasso_profile_set_identity_from_dump(LASSO_PROFILE(logout), identity_dump)
|
|
lasso_profile_set_session_from_dump(LASSO_PROFILE(logout), session_dump)
|
|
|
|
other_sp = lasso_logout_get_next_providerID(logout)
|
|
WHILE other_sp
|
|
lasso_logout_init_request(logout, other_sp, lassoHttpMethodAny)
|
|
lasso_logout_build_request_msg(logout)
|
|
IF LASSO_PROFILE(logout)->msg_body
|
|
SOAP CALL
|
|
TO LASSO_PROFILE(logout)->msg_url
|
|
BODY LASSO_PROFILE(logout)->msg_body
|
|
lasso_logout_process_response_msg(logout, soap_answer_message)
|
|
other_sp = lasso_logout_get_next_providerID(logout)
|
|
|
|
lasso_logout_reset_providerID_index(logout)
|
|
other_sp = lasso_logout_get_next_providerID(logout)
|
|
IF other_sp
|
|
lasso_logout_init_request(logout, other_sp, lassoHttpMethodRedirect)
|
|
lasso_logout_build_request_msg(logout)
|
|
REDIRECT TO LASSO_PROFILE(logout)->msg_url
|
|
|
|
|
|
DISPLAY HTML PAGE
|
|
<h1>OK</h1>
|
|
|
|
IdP
|
|
/soapEndPoint (* normative, SOAP endpoint *)
|
|
soap_msg # is the received SOAP message body
|
|
request_type = lasso_profile_get_request_type_from_soap_msg(soap_msg);
|
|
|
|
IF request_type IS lassoRequestTypeLogout
|
|
logout = lasso_logout_new(server);
|
|
lasso_logout_process_request_msg(logout, soap_msg);
|
|
|
|
# get identity and session from LASSO_PROFILE(logout)->nameIdentifier
|
|
lasso_profile_set_identity_from_dump(LASSO_PROFILE(logout), identity_dump)
|
|
lasso_profile_set_session_from_dump(LASSO_PROFILE(logout), session_dump)
|
|
|
|
lasso_logout_validate_request(logout)
|
|
if error LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE
|
|
lasso_logout_build_request_msg(logout)
|
|
ANSWER SOAP REQUEST WITH: LASSO_PROFILE(logout)->msg_body
|
|
|
|
# write down identity and session here
|
|
|
|
other_sp = lasso_logout_get_next_providerID(logout)
|
|
|
|
WHILE other_sp
|
|
lasso_logout_init_request(logout, other_sp, lassoHttpMethodAny)
|
|
lasso_logout_build_request_msg(logout)
|
|
SOAP CALL
|
|
TO LASSO_PROFILE(logout)->msg_url
|
|
BODY LASSO_PROFILE(logout)->msg_body
|
|
lasso_logout_process_response_msg(logout, soap_answer_message)
|
|
other_sp = lasso_logout_get_next_providerID(logout)
|
|
|
|
lasso_logout_build_response_msg(logout)
|
|
ANSWER SOAP REQUEST WITH: LASSO_PROFILE(logout)->msg_body
|
|
|
|
SP
|
|
/soapEndPoint (* normative, SOAP endpoint *)
|
|
|
|
soap_msg # is the received SOAP message body
|
|
request_type = lasso_profile_get_request_type_from_soap_msg(soap_msg);
|
|
|
|
IF request_type IS lassoRequestTypeLogout
|
|
logout = lasso_logout_new(server);
|
|
lasso_logout_process_request_msg(logout, soap_msg);
|
|
|
|
# sth to do with identity and session around here
|
|
lasso_logout_validate_request(logout)
|
|
|
|
lasso_logout_build_response_msg(logout)
|
|
ANSWER SOAP REQUEST WITH: LASSO_PROFILE(logout)->msg_body
|
|
|
|
|