X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=shibsp%2Fhandler%2Fimpl%2FSAML2LogoutInitiator.cpp;h=bb5efd1e10448f9b6005b78f63629c0a26cf63d4;hb=a7da711268b228d8751a45213c6596ec2a7c1240;hp=9896d3adb187b000d48f20b7fdd5b656cb96dc09;hpb=d64891004e50ae1fd41eb0ca94fe0eb6acde15d8;p=shibboleth%2Fcpp-sp.git diff --git a/shibsp/handler/impl/SAML2LogoutInitiator.cpp b/shibsp/handler/impl/SAML2LogoutInitiator.cpp index 9896d3a..bb5efd1 100644 --- a/shibsp/handler/impl/SAML2LogoutInitiator.cpp +++ b/shibsp/handler/impl/SAML2LogoutInitiator.cpp @@ -53,8 +53,6 @@ using namespace opensaml; # include "lite/SAMLConstants.h" #endif -#include - using namespace shibsp; using namespace xmltooling; using namespace boost; @@ -89,6 +87,7 @@ namespace shibsp { ) const; string m_appId; + auto_ptr_char m_protocol; #ifndef SHIBSP_LITE auto_ptr buildRequest( const Application& application, const Session& session, const RoleDescriptor& role, const MessageEncoder* encoder=nullptr @@ -103,10 +102,10 @@ namespace shibsp { return e; } + bool m_async; vector m_bindings; map< string,boost::shared_ptr > m_encoders; #endif - auto_ptr_char m_protocol; }; #if defined (_MSC_VER) @@ -121,6 +120,9 @@ namespace shibsp { SAML2LogoutInitiator::SAML2LogoutInitiator(const DOMElement* e, const char* appId) : AbstractHandler(e, Category::getInstance(SHIBSP_LOGCAT".LogoutInitiator.SAML2")), m_appId(appId), m_protocol(samlconstants::SAML20P_NS) +#ifndef SHIBSP_LITE + ,m_async(true) +#endif { // If Location isn't set, defer initialization until the setParent call. pair loc = getString("Location"); @@ -148,6 +150,9 @@ void SAML2LogoutInitiator::init(const char* location) #ifndef SHIBSP_LITE if (SPConfig::getConfig().isEnabled(SPConfig::OutOfProcess)) { + pair async = getBool("asynchronous"); + m_async = !async.first || async.second; + string dupBindings; pair outgoing = getString("outgoingBindings"); if (outgoing.first) { @@ -358,6 +363,7 @@ pair SAML2LogoutInitiator::doRequest( logout_event->m_logoutType = LogoutEvent::LOGOUT_EVENT_UNKNOWN; logout_event->m_saml2Request = msg.get(); application.getServiceProvider().getTransactionLog()->write(*logout_event); + logout_event->m_saml2Request = nullptr; } auto_ptr_char dest(epit->getLocation()); @@ -410,11 +416,21 @@ pair SAML2LogoutInitiator::doRequest( else { const char* returnloc = httpRequest.getParameter("return"); if (returnloc) { - limitRelayState(m_log, application, httpRequest, returnloc); - ret.second = httpResponse.sendRedirect(returnloc); + // Relative URLs get promoted, absolutes get validated. + if (*returnloc == '/') { + string loc(returnloc); + httpRequest.absolutize(loc); + ret.second = httpResponse.sendRedirect(loc.c_str()); + } + else { + application.limitRedirect(httpRequest, returnloc); + ret.second = httpResponse.sendRedirect(returnloc); + } ret.first = true; } - ret = sendLogoutPage(application, httpRequest, httpResponse, "global"); + else { + ret = sendLogoutPage(application, httpRequest, httpResponse, "global"); + } } } @@ -431,8 +447,10 @@ pair SAML2LogoutInitiator::doRequest( string relayState; const char* returnloc = httpRequest.getParameter("return"); if (returnloc) { - limitRelayState(m_log, application, httpRequest, returnloc); + application.limitRedirect(httpRequest, returnloc); relayState = returnloc; + httpRequest.absolutize(relayState); + cleanRelayState(application, httpRequest, httpResponse); preserveRelayState(application, httpResponse, relayState); } @@ -510,9 +528,16 @@ auto_ptr SAML2LogoutInitiator::buildRequest( msg->setNameID(nameid->cloneNameID()); } - msg->setID(SAMLConfig::getConfig().generateIdentifier()); + XMLCh* msgid = SAMLConfig::getConfig().generateIdentifier(); + msg->setID(msgid); + XMLString::release(&msgid); msg->setIssueInstant(time(nullptr)); + if (m_async && encoder) { + msg->setExtensions(saml2p::ExtensionsBuilder::buildExtensions()); + msg->getExtensions()->getUnknownXMLObjects().push_back(AsynchronousBuilder::buildAsynchronous()); + } + return msg; }