From: Scott Cantor <cantor.2@osu.edu>
Date: Fri, 29 Jan 2016 18:43:04 +0000 (-0500)
Subject: SSPCPP-671 - Handling of partial success in LogoutResponse needs work
X-Git-Tag: 2.5.6~2
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-sp.git;a=commitdiff_plain;h=65103184271b43bb6732c4994ae7503a44b7b3db

SSPCPP-671 - Handling of partial success in LogoutResponse needs work

https://issues.shibboleth.net/jira/browse/SSPCPP-671

Tweak final stage of response handling to always check relay state
and only use the templates if there is none.
---

diff --git a/shibsp/handler/impl/SAML2Logout.cpp b/shibsp/handler/impl/SAML2Logout.cpp
index cde5cbb..c3318b5 100644
--- a/shibsp/handler/impl/SAML2Logout.cpp
+++ b/shibsp/handler/impl/SAML2Logout.cpp
@@ -587,20 +587,20 @@ pair<bool,long> SAML2Logout::doRequest(const Application& application, const HTT
         }
 
         // If relay state is set, recover the original return URL.
-        if (!relayState.empty())
+        if (!relayState.empty()) {
             recoverRelayState(application, request, response, relayState);
+        }
 
         // Check for partial logout.
+        bool wasPartial = false;
         const StatusCode* sc = logoutResponse->getStatus() ? logoutResponse->getStatus()->getStatusCode() : nullptr;
         sc = sc ? sc->getStatusCode() : nullptr;
         if (sc && XMLString::equals(sc->getValue(), StatusCode::PARTIAL_LOGOUT)) {
-            if (logout_event)
-                application.getServiceProvider().getTransactionLog()->write(*logout_event);
-            return sendLogoutPage(application, request, response, "partial");
+            wasPartial = true;
         }
 
         if (logout_event) {
-            logout_event->m_logoutType = LogoutEvent::LOGOUT_EVENT_GLOBAL;
+            logout_event->m_logoutType = wasPartial ? LogoutEvent::LOGOUT_EVENT_PARTIAL : LogoutEvent::LOGOUT_EVENT_GLOBAL;
             application.getServiceProvider().getTransactionLog()->write(*logout_event);
         }
 
@@ -610,7 +610,7 @@ pair<bool,long> SAML2Logout::doRequest(const Application& application, const HTT
         }
 
         // Return template for completion of logout.
-        return sendLogoutPage(application, request, response, "global");
+        return sendLogoutPage(application, request, response, wasPartial ? "partial" : "global");
     }
 
     FatalProfileException ex("Incoming message was not a samlp:LogoutRequest or samlp:LogoutResponse.");