From f53f95381afc8e6b80535cb97aa8e9a41ad320cb Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Fri, 19 Nov 2010 14:32:59 +0100
Subject: [PATCH] Fix login and logout

---
 start.php | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/start.php b/start.php
index 31c215e..4026932 100644
--- a/start.php
+++ b/start.php
@@ -28,9 +28,11 @@
         $elgg_user = saml_map_attributes($attributes);
         if ($isAuth && ! isloggedin() && $elgg_user)
         {
-            if ($user = get_entities_from_metadata('ldapDN', $dn, 'user')) {
+
+            if ($user = get_entities_from_metadata('ldapDN', $elgg_user['ldapDN'], 'user')) {
                 $user = $user[0];
             }
+            error_log('SAMLAuth found user "' . $user . '" for ldapDN "' . $elgg_user['ldapDN'] . '"');
             if (! $user)
             {
                 try {
@@ -45,10 +47,17 @@
             }
             else
                 saml_sync_user($user, $elgg_user);
-            if ($user)
-                return login($user);
+            if ($user) {
+                $result = login($user);
+                $_SESSION['saml_user'] = TRUE;
+                return $result;
+            }
             // XXX: else return an error ?
         }
+        if (! $isAuth && isloggedin() && $_SESSION['saml_user']) {
+            // unlogged from simplesamlphp but not from elgg
+            return logout();
+        }
     }
 
     function init_config()
@@ -100,7 +109,9 @@
         $elgg_user['username'] = $attributes[$config->username][0];
         $elgg_user['password'] = gen_rand_pwd();
         $elgg_user['name'] = '';
-        $elgg_user['ldapDN'] = $attributes['dn'];
+        if ($attributes['dn']) {
+            $elgg_user['ldapDN'] = $attributes['dn'][0];
+        }
         if ($attributes[$config->surname] || $attributes[$config->firstname])
         {
             if ($attributes[$config->firstname])