more on single logout
This commit is contained in:
parent
09ce1abcb5
commit
247d900c46
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0"?>
|
||||
<EntityDescriptor
|
||||
ProviderID="https://localhost/cgi-bin/idpc"
|
||||
providerID="https://localhost/cgi-bin/idpc"
|
||||
xmlns="urn:liberty:metadata:2003-08">
|
||||
<IDPDescriptor>
|
||||
<SingleLogoutServiceURL>https://localhost/cgi-bin/idpc/auth/singleLogout</SingleLogoutServiceURL>
|
||||
|
@ -8,8 +8,11 @@
|
|||
<SoapEndpoint>https://localhost/cgi-bin/idpc/soapEndpoint</SoapEndpoint>
|
||||
<SingleSignOnServiceURL>https://localhost/cgi-bin/idpc/auth/singleSignOn</SingleSignOnServiceURL>
|
||||
<SingleSignOnProtocolProfile>http://projectliberty.org/profiles/sso-get</SingleSignOnProtocolProfile>
|
||||
<SingleLogoutServiceURL>https://localhost/cgi-bin/idpc/auth/singleLogout</SingleSignOnServiceURL>
|
||||
<SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
|
||||
<!--
|
||||
<RegisterNameIdentifierServiceURL>https://localhost/cgi-bin/idpc/registerNameIdentifier</RegisterNameIdentifierServiceURL>
|
||||
-->
|
||||
<FederationTerminationServiceURL>https://localhost/cgi-bin/idpc/auth/federationTermination</FederationTerminationServiceURL>
|
||||
<FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/rni-idp-soap</FederationTerminationNotificationProtocolProfile>
|
||||
</IDPDescriptor>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0"?>
|
||||
<EntityDescriptor
|
||||
ProviderID="https://service-provider:2003/liberty-alliance/metadata"
|
||||
providerID="https://service-provider:2003/liberty-alliance/metadata"
|
||||
xmlns="urn:liberty:metadata:2003-08">
|
||||
<SPDescriptor>
|
||||
<SingleLogoutServiceURL>https://service-provider:2003/liberty-alliance/liberty-alliance/singleLogout</SingleLogoutServiceURL>
|
||||
|
@ -8,8 +8,9 @@
|
|||
<SoapEndpoint>https://service-provider:2003/liberty-alliance/liberty-alliance/soapEndpoint</SoapEndpoint>
|
||||
<SingleLogoutProtocolProfile>http://projectliberty.org/profiles/slo-idp-soap</SingleLogoutProtocolProfile>
|
||||
<RegisterNameIdentifierServiceURL>https://service-provider:2003/liberty-alliance/liberty-alliance/registerNameIdentifier</RegisterNameIdentifierServiceURL>
|
||||
<AssertionConsumerServiceURL id="AssertionConsumerServiceURL1" isDefault="true">https://service-provider:2003/liberty-alliance/liberty-alliance/assertionConsumer</AssertionConsumerServiceURL>
|
||||
<AssertionConsumerServiceURL id="AssertionConsumerServiceURL1" isDefault="true">
|
||||
https://service-provider:2003/liberty-alliance/liberty-alliance/assertionConsumer
|
||||
</AssertionConsumerServiceURL>
|
||||
<AuthnRequestsSigned>true</AuthnRequestsSigned>
|
||||
<FederationTerminationNotificationProtocolProfile>http://projectliberty.org/profiles/fedterm-sp-http</FederationTerminationNotificationProtocolProfile>
|
||||
</SPDescriptor>
|
||||
</EntityDescriptor>
|
||||
|
|
|
@ -7,7 +7,7 @@ doc_DATA = manual.txt
|
|||
endif
|
||||
|
||||
idpc-manual.html: manual.txt ../INSTALL
|
||||
rest2html manual.txt > idpc-manual.html
|
||||
$(REST2HTML) manual.txt > idpc-manual.html
|
||||
|
||||
EXTRA_DIST = manual.txt default.css
|
||||
|
||||
|
|
|
@ -13,6 +13,7 @@ pre.literal-block {
|
|||
border: 1px inset black;
|
||||
padding: 2px;
|
||||
margin: auto 10px;
|
||||
overflow: auto;
|
||||
}
|
||||
|
||||
h1.title {
|
||||
|
@ -35,6 +36,12 @@ div#table-of-contents {
|
|||
max-width: 33%;
|
||||
}
|
||||
|
||||
div#building-liberty-services-with-lasso div#table-of-contents {
|
||||
max-width: inherit;
|
||||
float: none;
|
||||
background: white url(lasso.png) bottom right no-repeat;
|
||||
}
|
||||
|
||||
div#table-of-contents ul {
|
||||
padding-left: 1em;
|
||||
list-style: none;
|
||||
|
@ -100,3 +107,13 @@ div.document {
|
|||
background: white url(lasso.png) bottom right no-repeat;
|
||||
}
|
||||
|
||||
div.figure {
|
||||
margin: 0 auto;
|
||||
width: 70%;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
p.caption {
|
||||
border: 1px solid black;
|
||||
border-top: 0px;
|
||||
}
|
||||
|
|
|
@ -22,18 +22,156 @@
|
|||
#include "idpc.h"
|
||||
|
||||
/* the Single Log-Out service URL handles several cases:
|
||||
* 1a. initiated by IdP, HTTP-Redirect (fig12, page46)
|
||||
* 1b. initiated by IdP, HTTP-GET (fig13, page48)
|
||||
* 1c. initiated by IdP, SOAP (fig14, page50)
|
||||
* 2a. initiated by SP, HTTP-Redirect (fig15, page52)
|
||||
* 1a. initiated by IdP, HTTP-Redirect (fig12, page47)
|
||||
* 1b. initiated by IdP, HTTP-GET (fig13, page50)
|
||||
* 1c. initiated by IdP, SOAP (fig14, page52)
|
||||
* 2a. initiated by SP, HTTP-Redirect (fig15, page53)
|
||||
* [!2b. initiated by SP, SOAP is handled in soapEndpoint!]
|
||||
*/
|
||||
|
||||
int single_logout()
|
||||
|
||||
int soap_loop(LassoLogout *logout)
|
||||
{
|
||||
other_sp = lasso_logout_get_next_providerID(logout);
|
||||
while (other_sp) {
|
||||
fprintf(stderr, "Other SP: %s\n", other_sp);
|
||||
rc = lasso_logout_init_request(logout, other_sp,
|
||||
lassoHttpMethodAny);
|
||||
if (rc) {
|
||||
fprintf(stderr, "init_request failed\n");
|
||||
goto cleanup;
|
||||
}
|
||||
rc = lasso_logout_build_request_msg(logout);
|
||||
if (rc) {
|
||||
fprintf(stderr, "build_request failed\n");
|
||||
goto cleanup;
|
||||
}
|
||||
if (LASSO_PROFILE(logout)->msg_body) {
|
||||
soap_answer = soap_request(
|
||||
LASSO_PROFILE(logout)->msg_url,
|
||||
LASSO_PROFILE(logout)->msg_body, NULL);
|
||||
if (soap_answer == NULL) {
|
||||
fprintf(stderr, "soap_request failed\n");
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
rc = lasso_logout_process_response_msg(logout,
|
||||
soap_answer, lassoHttpMethodSoap);
|
||||
if (rc) {
|
||||
free(soap_answer);
|
||||
fprintf(stderr, "logout_process_response_msg failed\n");
|
||||
goto cleanup;
|
||||
}
|
||||
free(soap_answer);
|
||||
} else {
|
||||
/* LASSO_PROFILE(logout)->msg_body == NULL
|
||||
* that means it didn't support SOAP; ignore it for
|
||||
* now.
|
||||
*/
|
||||
}
|
||||
|
||||
other_sp = lasso_logout_get_next_providerID(logout);
|
||||
}
|
||||
|
||||
lasso_logout_reset_providerID_index(logout);
|
||||
other_sp = lasso_logout_get_next_providerID(logout);
|
||||
if (other_sp) {
|
||||
/* remaining service provider; redirect */
|
||||
rc = lasso_logout_init_request(logout, other_sp,
|
||||
lassoHttpMethodRedirect);
|
||||
rc = lasso_logout_build_request_msg(logout);
|
||||
|
||||
printf("Location: %s\n\nRedirected",
|
||||
LASSO_PROFILE(logout)->msg_url);
|
||||
} else {
|
||||
/* we're done */
|
||||
rc = lasso_logout_build_request_msg(logout);
|
||||
if (rc == LASSO_PROFILE_ERROR_MISSING_REQUEST) {
|
||||
/* initiated from IdP */
|
||||
printf("Content-type: text/plain\n\nLogged out");
|
||||
return 0;
|
||||
}
|
||||
if (rc) {
|
||||
printf("Location: %s\n\nRedirected",
|
||||
LASSO_PROFILE(logout)->msg_url);
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
int logout_http(LassoLogout *logout)
|
||||
{
|
||||
/* SP-initiated; HTTP-Redirect-Based Profile */
|
||||
int rc;
|
||||
LassoIdentity *identity;
|
||||
|
||||
rc = lasso_logout_process_notification_msg(
|
||||
logout, getenv("QUERY_STRING"),
|
||||
lassoHttpMethodRedirect);
|
||||
if (rc) {
|
||||
return error_page("process_notification_msg failed");
|
||||
}
|
||||
|
||||
rc = set_profile_auto(LASSO_PROFILE(logout));
|
||||
if (rc) {
|
||||
return error_page("set_profile_auto failed");
|
||||
}
|
||||
|
||||
/* alternate soap/redirect profile; could use HTTP-GET here */
|
||||
return soap_loop(logout);
|
||||
}
|
||||
|
||||
|
||||
int logout_init(LassoLogout *logout)
|
||||
{
|
||||
/* IdP-initiated */
|
||||
int rc;
|
||||
LassoIdentity *identity;
|
||||
struct authentication *auth;
|
||||
char *user_id;
|
||||
char *user_dump, *session_dump;
|
||||
|
||||
auth = get_authentication(
|
||||
get_config_string("//idpc:authenticationMethod"));
|
||||
if (auth == NULL) {
|
||||
return error_page("Wrong authentication");
|
||||
}
|
||||
|
||||
user_id = auth->auth_function();
|
||||
|
||||
if (user_id == NULL) {
|
||||
/* anyway */
|
||||
return error_page("Error authenticating");
|
||||
}
|
||||
|
||||
/* retrieve user_dump and session_dump */
|
||||
rc = db_get_dumps(user_id, &user_dump, &session_dump);
|
||||
if (rc) {
|
||||
return error_page("Error getting dumps from db");
|
||||
}
|
||||
rc = set_profile_from_dumps(LASSO_PROFILE(logout),
|
||||
user_dump, session_dump);
|
||||
free(user_dump);
|
||||
free(session_dump);
|
||||
if (rc) {
|
||||
return error_page("Error setting dumps");
|
||||
}
|
||||
|
||||
return soap_loop(logout);
|
||||
}
|
||||
|
||||
|
||||
int logout_req()
|
||||
{
|
||||
int i;
|
||||
char **params;
|
||||
char *spId = NULL;
|
||||
LassoLogout *logout;
|
||||
LassoServer *server;
|
||||
int rc;
|
||||
|
||||
server = get_config_server();
|
||||
if (server == NULL) {
|
||||
|
@ -42,18 +180,33 @@ int single_logout()
|
|||
}
|
||||
|
||||
logout = lasso_logout_new(server, lassoProviderTypeIdp);
|
||||
if (logout == NULL) {
|
||||
lasso_server_destroy(server);
|
||||
return error_page("lasso_logout_new failed");
|
||||
}
|
||||
|
||||
rc = lasso_logout_process_request_msg(logout,
|
||||
getenv("QUERY_STRING"), lassoHttpMethodRedirect);
|
||||
if (rc) {
|
||||
lasso_logout_destroy(logout);
|
||||
if (rc == LASSO_PROFILE_ERROR_INVALID_QUERY) {
|
||||
/* unknown query string; initiate logout now */
|
||||
rc = logout_init(logout);
|
||||
} else {
|
||||
if (rc) {
|
||||
fprintf(stderr,
|
||||
"lasso_logout_process_request_msg failed\n");
|
||||
} else {
|
||||
/* this is http-redirect profile; coming from SP */
|
||||
rc = logout_http(logout);
|
||||
}
|
||||
}
|
||||
|
||||
/* XXX to be continued */
|
||||
lasso_logout_destroy(logout);
|
||||
lasso_server_destroy(server);
|
||||
|
||||
return 1;
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
int rc;
|
||||
|
@ -61,7 +214,7 @@ int main(int argc, char *argv[])
|
|||
if (argc > 1 && handle_args(argc, argv) ) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
rc = init_config();
|
||||
if (rc != 0) {
|
||||
return error_page("Failed to init configuration");
|
||||
|
@ -72,7 +225,7 @@ int main(int argc, char *argv[])
|
|||
error_page("Failed to init database access");
|
||||
goto shutdown;
|
||||
}
|
||||
rc = single_logout();
|
||||
rc = logout_req();
|
||||
shutdown:
|
||||
db_finish();
|
||||
lasso_shutdown();
|
||||
|
|
Reference in New Issue