X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=shibsp%2Fhandler%2Fimpl%2FSAML2Logout.cpp;h=be80cb100cc21305271fc2dbf09694dd4b002119;hb=392d1448deb48beb75f219532ac248b4776f16db;hp=9dbedd931b45978ba1a6f42c0d70c4451f218221;hpb=5d6931bae74cae9c8c2b0883121e5cac66444c01;p=shibboleth%2Fsp.git

diff --git a/shibsp/handler/impl/SAML2Logout.cpp b/shibsp/handler/impl/SAML2Logout.cpp
index 9dbedd9..be80cb1 100644
--- a/shibsp/handler/impl/SAML2Logout.cpp
+++ b/shibsp/handler/impl/SAML2Logout.cpp
@@ -373,7 +373,13 @@ pair<bool,long> SAML2Logout::doRequest(const Application& application, const HTT
                         policy.getIssuerMetadata() ? new MetadataCredentialCriteria(*policy.getIssuerMetadata()) : NULL
                         );
                     try {
-                        auto_ptr<XMLObject> decryptedID(encname->decrypt(*cr,application.getXMLString("entityID").second,mcc.get()));
+                        auto_ptr<XMLObject> decryptedID(
+                            encname->decrypt(
+                                *cr,
+                                application.getRelyingParty(policy.getIssuerMetadata() ? dynamic_cast<EntityDescriptor*>(policy.getIssuerMetadata()->getParent()) : NULL)->getXMLString("entityID").second,
+                                mcc.get()
+                                )
+                            );
                         nameid = dynamic_cast<NameID*>(decryptedID.get());
                         if (nameid) {
                             ownedName = true;
@@ -514,8 +520,14 @@ pair<bool,long> SAML2Logout::doRequest(const Application& application, const HTT
         }
         checkError(logoutResponse, policy.getIssuerMetadata()); // throws if Status doesn't look good...
 
+        // If relay state is set, recover the original return URL.
+        if (!relayState.empty())
+            recoverRelayState(application, request, response, relayState);
+        if (!relayState.empty())
+            return make_pair(true, response.sendRedirect(relayState.c_str()));
+
         // Return template for completion of global logout, or redirect to homeURL.
-        return sendLogoutPage(application, response, false, "Global logout completed.");
+        return sendLogoutPage(application, request, response, false, "Global logout completed.");
     }
 
     FatalProfileException ex("Incoming message was not a samlp:LogoutRequest or samlp:LogoutResponse.");
@@ -577,7 +589,7 @@ pair<bool,long> SAML2Logout::sendResponse(
     }
     Issuer* issuer = IssuerBuilder::buildIssuer();
     logout->setIssuer(issuer);
-    issuer->setName(application.getXMLString("entityID").second);
+    issuer->setName(application.getRelyingParty(dynamic_cast<EntityDescriptor*>(role->getParent()))->getXMLString("entityID").second);
     fillStatus(*logout.get(), code, subcode, msg);
 
     auto_ptr_char dest(logout->getDestination());