projects / shibboleth / sp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Change audience handling and validators to separate out entityID.
[shibboleth/sp.git] / shibsp / handler / impl / SAML2Logout.cpp
diff --git a/shibsp/handler/impl/SAML2Logout.cpp b/shibsp/handler/impl/SAML2Logout.cpp
index 9dbedd9..be80cb1 100644 (file)
--- a/shibsp/handler/impl/SAML2Logout.cpp
+++ b/shibsp/handler/impl/SAML2Logout.cpp
@@ -373,7 +373,13 @@ pair<bool,long> SAML2Logout::doRequest(const Application& application, const HTT
                         policy.getIssuerMetadata() ? new MetadataCredentialCriteria(*policy.getIssuerMetadata()) : NULL
                         );
                     try {
-                        auto_ptr<XMLObject> decryptedID(encname->decrypt(*cr,application.getXMLString("entityID").second,mcc.get()));
+                        auto_ptr<XMLObject> decryptedID(
+                            encname->decrypt(
+                                *cr,
+                                application.getRelyingParty(policy.getIssuerMetadata() ? dynamic_cast<EntityDescriptor*>(policy.getIssuerMetadata()->getParent()) : NULL)->getXMLString("entityID").second,
+                                mcc.get()
+                                )
+                            );
                         nameid = dynamic_cast<NameID*>(decryptedID.get());
                         if (nameid) {
                             ownedName = true;
@@ -514,8 +520,14 @@ pair<bool,long> SAML2Logout::doRequest(const Application& application, const HTT
         }
         checkError(logoutResponse, policy.getIssuerMetadata()); // throws if Status doesn't look good...
 
+        // If relay state is set, recover the original return URL.
+        if (!relayState.empty())
+            recoverRelayState(application, request, response, relayState);
+        if (!relayState.empty())
+            return make_pair(true, response.sendRedirect(relayState.c_str()));
+
         // Return template for completion of global logout, or redirect to homeURL.
-        return sendLogoutPage(application, response, false, "Global logout completed.");
+        return sendLogoutPage(application, request, response, false, "Global logout completed.");
     }
 
     FatalProfileException ex("Incoming message was not a samlp:LogoutRequest or samlp:LogoutResponse.");
@@ -577,7 +589,7 @@ pair<bool,long> SAML2Logout::sendResponse(
     }
     Issuer* issuer = IssuerBuilder::buildIssuer();
     logout->setIssuer(issuer);
-    issuer->setName(application.getXMLString("entityID").second);
+    issuer->setName(application.getRelyingParty(dynamic_cast<EntityDescriptor*>(role->getParent()))->getXMLString("entityID").second);
     fillStatus(*logout.get(), code, subcode, msg);
 
     auto_ptr_char dest(logout->getDestination());
Shibboleth SP