entrouvert
/
spkitlasso
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

* fixed default usage of DummySession ind endpoints/saml2/login and federate. 

* improve AutoPersistent->findFederation(..): try all the possible source
   of federation inline: first the nameId in the profile object,
   then the userId if present, finally the nameIDs extracted from the dump.
 * add i/o error handling to LassoSPKitConfig and comments
 * add a promp for the config key 'default_return_url' in LassoSPKitConfigGen
 * add new loggin functions: lassospkit_errlog and lassospkit_infolog.
   Positive error code from lasso should result in an infolog message.
 * import an error handler from php.net but don't use it by default.
 * LassoSPKitSaml2: handle SOAP nidmanagement request, move keep/restoreProfile
   to common class.
 * multi federation works, slo soap works (but signature verification is wrong)
   and defederation soap also.
This commit is contained in:
<bdauvergne@entrouvert.com> 1206981455 +0200 0001-01-01 00:00:00 +00:00
parent 055fb75096
commit 3b026c8610
11 changed files with 236 additions and 182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
endpoints/saml2.php
View File

@ -91,7 +91,8 @@ function getSession() {
function login() {
verifyReferer();
$saml2 = new LassoSPKitSAML2(new LassoSPKitDummySession());
$session = getSession();
$saml2 = new LassoSPKitSAML2($session);
$persistent = TRUE;
if (isset($_GET['persistent'])) {
switch ($_GET['persistent']) {
@ -113,7 +114,8 @@ function login() {
}
function federate() {
verifyReferer();
$saml2 = new LassoSPKitSAML2(new LassoSPKitDummySession());
$session = getSession();
$saml2 = new LassoSPKitSAML2($session);
// Allow creation
// Only persistent federation
$saml2->sso(TRUE, TRUE);

27
include/lassospkit_autopersistentsession.inc.php
View File

@ -16,18 +16,29 @@ class LassoSPKitAutoPersistentSession extends LassoSPKitDummySession {
}
}
function findFederation($nameID) {
if (! $nameID) {
$nameID = @array_pop(LassoSPKitUtilsSession::getNameID());
if (! $nameID) {
$userID = LassoSPKitUtilsSession::getUserID();
if ($userID) {
$nameID = md5($userID);
$federation = null;
if ($nameID) {
lassospkit_debuglog("looking for session using nameID from profile: $nameID");
$federation = $this->storage->get($nameID);
}
if (! $federation) {
$userID = LassoSPKitUtilsSession::getUserID();
if ($userID) {
lassospkit_debuglog("looking for session using userID: $userID");
$federation = $this->storage->get(md5($userID));
}
}
if (! $federation) {
$nameIDs = LassoSPKitUtilsSession::getNameID();
if (is_array($nameIDs)) {
foreach (LassoSPKitUtilsSession::getNameID() as $nameID) {
lassospkit_debuglog("looking for session using nameID in session: $userID");
$federation = $this->storage->get($nameID);
}
}
}
lassospkit_debuglog("looking for session for $nameID");
$federation = $this->storage->get($nameID);
if ($federation == null) {
lassospkit_debuglog('did not found any session file...');
return 0;
}
$this->explodeFederation($federation);

26
include/lassospkit_config.inc.php
View File

@ -31,6 +31,9 @@ class LassoSPKitConfig {
function __construct() {
}
/** Explode the array $table into an inifile, do not
try to encode values, they must be strings or null.
*/
static function writeIni($path, $table) {
$content = "";
foreach ($table as $k => $v) {
@ -40,14 +43,20 @@ class LassoSPKitConfig {
$content .= "$k=$v\n";
}
}
file_put_contents($path, $content);
$ret = @file_put_contents($path, $content);
if ($ret === FALSE) {
lassospkit_errlog("Config: loadIni cannot write configuration file $path");
throw new Exception("Cannot write $path");
}
}
/** Load and parse file at $path. The file must an .ini file,
i.e key value pairs separated by a '=' character, and pairs separated
by a '\n' character. */
static function loadIni($path) {
$table = array();
$content = file_get_contents($path);
$content = @file_get_contents($path);
if ($content === FALSE) {
lassospkit_debuglog("Cannot read $path");
lassospkit_errlog("Config: loadIni cannot read configuration file $path");
throw new Exception("Cannot read $path");
}
$lines = split("\n", $content);
@ -62,6 +71,7 @@ class LassoSPKitConfig {
}
return $table;
}
/** If not existent load the .ini config file and fill the singleton table. */
static function init() {
if (! self::$instance) {
/* Where is lasso PHP binding ? */
@ -70,9 +80,12 @@ class LassoSPKitConfig {
self::$instance = self::loadIni(self::$file);
}
}
/** Commit the content of the singleton table to the .ini file */
static function commit() {
self::writeIni(self::$file, self::$instance);
}
/** Remove a key fromt the config file. Future 'get' will
return the default value. */
function setDefault($name) {
self::init();
unset(self::$instance[$name]);
@ -80,17 +93,16 @@ class LassoSPKitConfig {
static function get($name) {
self::init();
if (! array_key_exists($name, self::$default_values)) {
lassospkit_debuglog("Config: Reading value $name");
throw new Exception('Try to read an unknown config field');
}
if (isset(self::$instance[$name])) {
if (array_key_exists($name, self::$instance)) {
return self::$instance[$name];
}
return self::$default_values[$name];
}
static function set($name, $value) {
self::init();
if (! isset(self::$default_values[$name])) {
if (! array_key_exists($name, self::$default_values)) {
throw new Exception('Try to write an unknown config field');
}
self::$instance[$name] = $value;

15
include/lassospkit_configgen.inc.php
View File

@ -49,7 +49,8 @@ class LassoSPKitConfigUIGen
'mysql_database' => array('Nom de la base'),
'mysql_table' => array('Nom de la table'),
'lasso_lib' => array('Emplacement de la bibliothèque Lasso PHP'),
'cookiename' => array('Cookiename', 'text'));
'cookiename' => array('Cookiename', 'text'),
'default_return_url' => array('URL de retour par défaut', 'text'));
}
function itype($name) {
if (isset($this->special_input[$name][1])) {
@ -70,10 +71,16 @@ class LassoSPKitConfigUIGen
case 'baseUrl':
return LassoSPKitUtils::mydir();
}
if (isset(LassoSPKitConfig::$default_values[$name])) {
return LassoSPKitConfig::get($name);
$val = null;
try {
$val = LassoSPKitConfig::get($name);
} catch (Exception $e) {
}
if ($val) {
return $val;
} else {
return '';
}
return '';
}
function msg($mess) {

3
include/lassospkit_datadir.inc.php
View File

@ -4,9 +4,8 @@
* in an unique directory with you application, you can just make it return "../data".
*/
function lassospkit_datadir() {
throw new Exception('You need to configure the datadir path');
// $path = '/var/lib/spkitlasso/' . $_SERVER['HTTP_HOST'];
// $path = "/home/bdauvergne/public_html/data";
$path = "/home/bdauvergne/public_html/data";
// $path = $_SERVER['DOCUMENT_ROOT'] . '/data';
if (! file_exists($path)) {
@mkdir($path,755,1);

85
include/lassospkit_debug.inc.php
View File

@ -11,6 +11,16 @@ function lassospkit_debuglog($msg, $level = 0) {
closelog();
}
}
function lassospkit_errlog($msg) {
openlog("LassoPHP.SP.Kit", LOG_PID, LOG_AUTHPRIV);
syslog(LOG_ERR, $msg);
closelog();
}
function lassospkit_infolog($msg) {
openlog("LassoPHP.SP.Kit", LOG_PID, LOG_AUTHPRIV);
syslog(LOG_INFO, $msg);
closelog();
}
function lassospkit_showCode($code) {
echo '<pre class="code">';
@ -18,40 +28,41 @@ function lassospkit_showCode($code) {
echo '</pre>';
}
// function lassospkit_errorhandler($errno, $errstr, $errfile, $errline)
//{
// if (error_reporting()==0) {
// return false;
// }
// switch ($errno) {
// case E_USER_ERROR:
// bigdebug("Mon ERREUR [$errno] $errstr\n".
// "\n" . var_export(debug_backtrace(),1) .
// " Erreur fatale sur la ligne $errline dans le fichier $errfile".
// ", PHP " . PHP_VERSION . " (" . PHP_OS . ")\n".
// "Arrêt...");
// exit(1);
// break;
//
// case E_USER_WARNING:
// bigdebug("Mon ALERTE [$errno] $errstr"
// . "\n" . var_export(debug_backtrace(),1)
// . " Erreur fatale sur la ligne $errline dans le fichier $errfile");
// break;
//
// case E_USER_NOTICE:
// bigdebug("Mon AVERTISSEMENT [$errno] $errstr"
// . "\n" . var_export(debug_backtrace(),1)
// . " Erreur fatale sur la ligne $errline dans le fichier $errfile");
// break;
//
// default:
// bigdebug("Type d'erreur inconnu : [$errno] $errstr"
// . "\n" . var_export(debug_backtrace(),1)
// . " Erreur fatale sur la ligne $errline dans le fichier $errfile");
// break;
// }
//
// /* Ne pas exécuter le gestionnaire interne de PHP */
// return true;
//}
//set_error_handler("my_error_handler", E_ALL);
function my_error_handler($errno, $errstr, $errfile, $errline){
$errno = $errno & error_reporting();
if($errno == 0) return;
if(!defined('E_STRICT')) define('E_STRICT', 2048);
if(!defined('E_RECOVERABLE_ERROR')) define('E_RECOVERABLE_ERROR', 4096);
switch($errno){
case E_ERROR: lassospkit_debuglog( "Error"); break;
case E_WARNING: lassospkit_debuglog( "Warning"); break;
case E_PARSE: lassospkit_debuglog( "Parse Error"); break;
case E_NOTICE: lassospkit_debuglog( "Notice"); break;
case E_CORE_ERROR: lassospkit_debuglog( "Core Error"); break;
case E_CORE_WARNING: lassospkit_debuglog( "Core Warning"); break;
case E_COMPILE_ERROR: lassospkit_debuglog( "Compile Error"); break;
case E_COMPILE_WARNING: lassospkit_debuglog( "Compile Warning"); break;
case E_USER_ERROR: lassospkit_debuglog( "User Error"); break;
case E_USER_WARNING: lassospkit_debuglog( "User Warning"); break;
case E_USER_NOTICE: lassospkit_debuglog( "User Notice"); break;
case E_STRICT: lassospkit_debuglog( "Strict Notice"); break;
case E_RECOVERABLE_ERROR: lassospkit_debuglog( "Recoverable Error"); break;
default: lassospkit_debuglog( "Unknown error ($errno)"); break;
}
lassospkit_debuglog( ": $errstr in $errfile on line $errline\n");
if(function_exists('debug_backtrace')){
$backtrace = debug_backtrace();
array_shift($backtrace);
foreach($backtrace as $i=>$l){
lassospkit_debuglog( "[$i] in function {$l['class']}{$l['type']}{$l['function']}");
if($l['file']) lassospkit_debuglog( " in {$l['file']}");
if($l['line']) lassospkit_debuglog( " on line {$l['line']}");
lassospkit_debuglog( "\n");
}
}
if(isset($GLOBALS['error_fatal'])){
if($GLOBALS['error_fatal'] & $errno) die('fatal');
}
}

4
include/lassospkit_file.inc.php
View File

@ -35,11 +35,11 @@ class LassoSPKitFileStore implements LassoSPKitStore {
@unlink($this->filepath($key));
}
function alias($key,$alias) {
$target = $this->filename($key);
$target = $this->filepath($key);
$sym = $this->filepath($alias);
@unlink($sym);
$ret = @link($target,$sym);
$this->debug($ret, "could not alias key $key => $alias");
$this->debug($ret, "could not alias key $target => $sym");
return $ret;
}
function rename($old,$new) {

1
include/lassospkit_generic_session.inc.php
View File

@ -16,6 +16,7 @@ class LassoSPKitGenericSession {
header("Location: $url");
}
function doResponse($mimeType, $content) {
lassospkit_debuglog("Renvoi la réponse de type $mimeType et contenu $content");
header("Content-type: $mimeType");
echo $content;
}

130
include/lassospkit_helper.inc.php
View File

@ -1,4 +1,4 @@
<?
<?php
require_once('lassospkit_datadir.inc.php');
require_once('lassospkit_config.inc.php');
require_once('lassospkit_lib.inc.php');
@ -7,9 +7,9 @@ require_once('lassospkit_debug.inc.php');
class LassoSPKitHelper {
/** If session_dump and identity_dump are present in the
session object, use then to initialize the profile */
session object, use then to initialize the profile */
static function restoreDumps(LassoProfile $profile,
LassoSPKitGenericSession $session) {
LassoSPKitGenericSession $session) {
$sessionDump = $session->getSessionDump();
$identityDump = $session->getIdentityDump();
@ -17,19 +17,21 @@ class LassoSPKitHelper {
$profile->setSessionFromDump($sessionDump);
}
if ($identityDump) {
lassospkit_debuglog("load dump " . $identityDump);
$profile->setIdentityFromDump($identityDump);
}
}
/** If identity or session is dirty save them in the session
object using setIdentyDump and setSessionDump.
object using setIdentyDump and setSessionDump.
Returns the dirtiness statute ('or' of the two dirty flag).
Returns the dirtiness statute ('or' of the two dirty flag).
*/
static function saveDumps(LassoProfile $profile,
LassoSPKitGenericSession $session) {
LassoSPKitGenericSession $session) {
$ok = 0;
if ($profile->hasDirtyIdentity()) {
if ($profile->identity) {
lassospkit_debuglog("save " . $profile->identity->dump());
$session->setIdentityDump($profile->identity->dump());
} else {
$session->setIdentityDump(null);
@ -47,7 +49,7 @@ class LassoSPKitHelper {
return $ok;
}
/** Extract attributes values and keys from an assertion,
and copy them into array $arr. */
and copy them into array $arr. */
static function assertionExtractAttributes(LassoAssertion $assertion, &$attributes) {
foreach ($assertion->attributeStatement[0]->attribute
as $attribute) {
@ -71,79 +73,72 @@ class LassoSPKitHelper {
return $content;
}
/** This should handle removing of federation, identity == null, ask
for federation termination on the session. */
for federation termination on the session. */
static function saveFederation(LassoProfile $profile,
LassoSPKitGenericSession $session) {
$nameID = self::profileGetNameID($profile);
if (self::saveDumps($profile,$session)) {
$session->saveFederation();
}
LassoSPKitGenericSession $session) {
self::saveDumps($profile,$session);
$session->saveFederation();
}
/** Contract is that if NewID is null, session should forget about
the current federation, if it is not then the link between local id
and nameID should be changed to point to NewID. */
the current federation, if it is not then the link between local id
and nameID should be changed to point to NewID. */
static function changeFederation(LassoProfile $profile,
LassoSPKitGenericSession $session,
$NewID) {
LassoSPKitGenericSession $session,
$NewID) {
$nameID = self::profileGetNameID($profile);
self::saveDumps($profile,$session);
$session->changeFederation($nameID, $NewID);
}
/** Try to restore the federation informations from the profile.
* The contract with the session object is that after findFederation
* if it returned TRUE, then $session->identity_dump et
* $session->session_dump contains valid dumps.
*/
* The contract with the session object is that after findFederation
* if it returned TRUE, then $session->identity_dump et
* $session->session_dump contains valid dumps.
*/
static function findFederation(LassoProfile $profile,
LassoSPKitGenericSession $session) {
LassoSPKitGenericSession $session) {
$nameID = self::profileGetNameID($profile);
if ($session->findFederation($nameID) == 0) {
if ($nameID) {
lassospkit_debuglog("fed not found");
throw new LassoProfileFederationNotFoundError();
} else {
lassospkit_debuglog("nameid not found");
throw new LassoProfileNameIdentifierNotFoundError($profile->dump());
}
return 0;
}
self::restoreDumps($profile,$session);
return 1;
}
static function postToHost($host, $path, $data_to_send, $ssl = false) {
if ($ssl) {
$fp = fsockopen('tls://' . $host, 443);
} else {
$fp = fsockopen($host, 80);
}
fputs($fp, "POST $path HTTP/1.1\n");
fputs($fp, "Host: $host\n");
fputs($fp, "Content-type: text/xml\n");
fputs($fp, "Content-length: ".strlen($data_to_send)."\n");
fputs($fp, "Connection: close\n\n");
fputs($fp, "$data_to_send\n");
$res = '';
while(!feof($fp)) {
$res .= fgets($fp, 128);
}
fclose($fp);
/** Post some datas to given host */
static function postToHost($host, $path, $data_to_send, $ssl = false) {
if ($ssl) {
$fp = fsockopen('tls://' . $host, 443);
} else {
$fp = fsockopen($host, 80);
}
fputs($fp, "POST $path HTTP/1.1\n");
fputs($fp, "Host: $host\n");
fputs($fp, "Content-type: text/xml\n");
fputs($fp, "Content-length: ".strlen($data_to_send)."\n");
fputs($fp, "Connection: close\n\n");
fputs($fp, "$data_to_send\n");
$res = '';
while(!feof($fp)) {
$res .= fgets($fp, 128);
}
fclose($fp);
$res = substr(strstr($res, "\r\n\r\n"), 4);
$res = substr(strstr($res, "\r\n\r\n"), 4);
return $res;
}
static public function soapCall($url, $msg) {
if (strstr($url, 'http://') != $url)
return "";
$short_url = substr($url, 7);
$url_tokens = explode("/", $short_url);
$host = $url_tokens[0];
unset($url_tokens[0]);
$query = implode("/", $url_tokens);
$query = "/" . $query;
return $res;
}
static public function soapCall($url, $msg) {
if (strstr($url, 'http://') != $url)
return "";
$short_url = substr($url, 7);
$url_tokens = explode("/", $short_url);
$host = $url_tokens[0];
unset($url_tokens[0]);
$query = implode("/", $url_tokens);
$query = "/" . $query;
$response = self::postToHost($host, $query, $msg);
$response = self::postToHost($host, $query, $msg);
return $response;
return $response;
}
@ -186,7 +181,7 @@ class LassoSPKitHelper {
}
static function getIdpMetadataFile() {
return lassospkit_datadir() . "/" . IDP_METADATA;
}
static function getNameIDsFromDump($dump) {
$identity = LassoIdentity::newFromDump($dump);
@ -197,13 +192,12 @@ class LassoSPKitHelper {
return $nameIDs;
}
static function getNameIDs(LassoIdentity $identity) {
$nameIDs = array();
foreach ($identity->federations as $rid => $federation) {
if ($federation) {
$nameIDs[$rid] = $federation->remoteNameIdentifier->content;
}
$nameIDs = array();
foreach ($identity->federations as $rid => $federation) {
if ($federation) {
$nameIDs[$rid] = $federation->remoteNameIdentifier->content;
}
return $nameIDs;
}
return $nameIDs;
}
}
?>

56
include/lassospkit_saml2.inc.php
View File

@ -108,48 +108,44 @@ class LassoSPKitSaml2 extends LassoSPKitSAMLCommon {
return processRequestNameIdManagement(LASSO_HTTP_METHOD_REDIRECT,
$_SERVER['QUERY_STRING']);
}
public function processSOAPRequestNameIdManagement() {
$contents = $this->receiveSoapMessage();
return $this->processRequestNameIdManagement(LASSO_HTTP_METHOD_SOAP,
$contents);
}
public function processRequestNameIdManagement($method, $message)
{
lassospkit_debuglog("NameIdManagement request handling");
$ret = 0;
$ok = 1;
$ok = $ok && $nidmanagement = new LassoNameIdManagement($this->server);
$ok = $ok && ! $ret = $nidmanagement->processRequestMsg($message);
$this->findFederation($nidmanagement);
$ok = $ok && ! $ret = $nidmanagement->validateRequest();
if ($ok) {
LassoSPKitHelper::changeFederation($nidmanagement, $this->session, $nidmanagement->request->NewID);
if (! $ok) {
lassospkit_debuglog("Cannot build nameidManagement profile");
return;
}
$this->finishResponse($method, $nidmanagement, $ret, $ok);
lassospkit_debuglog("NID Request init ok: $ok ret: $ret " . strError($ret));
$ok = $ok && ! $ret = $nidmanagement->processRequestMsg($message);
lassospkit_debuglog("NID Request processRequestMsg ok: $ok ret: $ret " . strError($ret));
if ($ok) {
$this->findFederation($nidmanagement);
}
$ok = $ok && ! $ret = $nidmanagement->validateRequest();
lassospkit_debuglog("NID Request validateRequest ok: $ok ret: $ret " . strError($ret));
lassospkit_debuglog("NID request type: " . var_export($nidmanagement, 1));
// if ($ok) {
// $newid = null;
// if (isset($nidmanagement->request) && isset($nidmanagement->request->NewID)) {
// $newid = $nidmanagement->request->NewID;
// }
//// LassoSPKitHelper::changeFederation($nidmanagement, $this->session, $newid);
// }
lassospkit_debuglog("NID request just before finishResponse");
$this->finishResponse($nidmanagement, $method, $ret, $ok);
if (! $ok) {
$this->status = gettext('La requête de défédération a échoué');
}
return $ok;
}
function keepProfile(LassoProfile $profile) {
$fed = @unserialize(LassoSPKitUtilsSession::getFederation());
if ($fed == null) {
$fed = array();
}
$fed['profile'] = $profile->dump();
LassoSPKitUtilsSession::setFederation(serialize($fed));
}
function restoreProfile() {
$fed = LassoSPKitUtilsSession::getFederation();
if ($fed == null)
return null;
$fed = @unserialize($fed);
if ($fed == null)
return null;
if (isset($fed['profile'])) {
$profile = @$fed['profile'];
unset($fed['profile']);
} else {
return null;
}
LassoSPKitUtilsSession::setFederation(serialize($fed));
return $profile;
}
function changeFederation(LassoNameIdManagement $nidmanagement) {
LassoSPKitHelper::changeFederation($nidmanagement, $this->session, $nidmanagement->request->NewID);
}

65
include/lassospkit_saml_common.inc.php
View File

@ -84,6 +84,8 @@ class LassoSPKitSAMLCommon {
}
/** Return a normal HTTP response, for SOAP Response binding */
public function doResponse(LassoProfile $profile) {
lassospkit_debuglog("doResponse for profile");
lassospkit_debuglog("with content " . $profile->msgBody);
$this->session->doResponse('text/xml', $profile->msgBody);
}
/** Read a soap message from stdin */
@ -126,17 +128,19 @@ class LassoSPKitSAMLCommon {
}
public function finishResponse(LassoProfile $profile, $method, &$ret, &$ok) {
$ok = $ok && ! $ret = $profile->buildResponse();
$ret = $profile->buildResponseMsg();
switch ($method) {
case LASSO_HTTP_METHOD_REDIRECT:
$this->doRedirect($profile);
break;
case LASSO_HTTP_METHOD_SOAP:
lassospkit_debuglog("Finishing response with method SOAP");
$this->doResponse($profile);
break;
default:
LassoSPKitHelper::notImplemented();
}
return $ret;
}
/** Web SSO protocol */
@ -154,6 +158,7 @@ class LassoSPKitSAMLCommon {
$blob) {
lassospkit_debuglog("SSO request initiated RID: $remoteID Meth: $method Consent: $isConsentObtained ForceAuthn: $forceAuthn Passive: $isPassive " . var_export($blob,1) );
$ok = 1 && $login = new LassoLogin($this->server);
$this->findFederation($login);
$ok = $ok && ! $ret = $login->initAuthnRequest($remoteID,$method);
$ok = $ok && $request = $login->request;
$ok = $ok && $nameidpolicy = $request->NameIDPolicy;
@ -324,43 +329,59 @@ class LassoSPKitSAMLCommon {
$contents);
}
public function processRequestSLO($method, $message) {
lassospkit_debuglog("SLO request IDP initiated");
$ret = 0;
$ok = 1 && $logout = new LassoLogout($this->server);
if (! $ok) {
lassospkit_debuglog("Cannot build logout profile");
lassospkit_errlog("processRequestSLO: Cannot build logout profile");
return;
}
$ok = $ok && ! $ret = $logout->processRequestMsg($message);
$ok = $ok && $this->findFederation($logout);
$ok = $ok && ! $ret = $logout->validateRequest();
if ($ok) {
if ($method == LASSO_HTTP_METHOD_ANY) {
$method = $logout->http_request_method;
} else {
$ok = ($method == $logout->http_request_method);
}
} else {
lassospkit_debuglog("SLO Request validate failed ErrCode: $ret " . strError($ret));
}
$this->finishResponse($logout, $method, $ret, $ok);
if (! $ok) {
lassospkit_debuglog($message);
} else {
lassospkit_debuglog("SLO request handling validated for nameid " . LassoSPKitHelper::profileGetNameID($logout));
$this->session->logout();
$retPRM = $logout->processRequestMsg($message);
if ($ret != 0) {
lassospkit_warnlog("processResquestSLO: processRequestMsg returned non-0: " . strError($ret) . "($ret)");
}
$this->findFederation($logout);
$retVR = $logout->validateRequest();
$retBR = $this->finishResponse($logout, $logout->http_request_method, $ret, $ok);
// if ($retBR != 0) {
$this->session->logout();
// }
return $ok;
}
public function saveFederation(LassoProfile $profile) {
LassoSPKitHelper::saveFederation($profile, $this->session);
}
public function findFederation(LassoProfile $profile) {
lassospkit_debuglog("SLO request IDP initiated4");
LassoSPKitHelper::findFederation($profile, $this->session);
}
/** Federation termination **/
public function initiateFTNotification($method = LASSO_HTTP_METHOD_SOAP, $remoteID = null) {
$this->session->changeFederation(null, null);
}
/** Store the given profile in the current session to restore it in the
response endpoint handler. */
function keepProfile(LassoProfile $profile) {
$fed = @unserialize(LassoSPKitUtilsSession::getFederation());
if ($fed == null) {
$fed = array();
}
$fed['profile'] = $profile->dump();
LassoSPKitUtilsSession::setFederation(serialize($fed));
}
/** Get the stored profile */
function restoreProfile() {
$fed = LassoSPKitUtilsSession::getFederation();
if ($fed == null)
return null;
$fed = @unserialize($fed);
if ($fed == null)
return null;
if (isset($fed['profile'])) {
$profile = @$fed['profile'];
unset($fed['profile']);
} else {
return null;
}
LassoSPKitUtilsSession::setFederation(serialize($fed));
return $profile;
}
}