Add support for logout over SOAP

As each login session comes in, store the supported logout
mechanisms in the SP metadata.

Upon a logout request, loop through all of those SP's that
support SOAP and log those out first, then log out any
remaining sessions using HTTP Redirect.

https://fedorahosted.org/ipsilon/ticket/59

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>

1 files changed, 7 insertions, 1 deletions

diff --git a/ipsilon/util/data.py b/ipsilon/util/data.py
index 53a1756..e0cd6e1 100644
--- a/ipsilon/util/data.py
+++ b/ipsilon/util/data.py
@@ -551,6 +551,10 @@ class SAML2SessionStore(Store):
         return self.get_unique_data(self.table, idval, name, value)
 
     def new_session(self, datum):
+        if 'supported_logout_mechs' in datum:
+            datum['supported_logout_mechs'] = ','.join(
+                datum['supported_logout_mechs']
+            )
         return self.new_unique_data(self.table, datum)
 
     def get_session(self, session_id=None, request_id=None):
@@ -567,7 +571,7 @@ class SAML2SessionStore(Store):
 
     def get_user_sessions(self, user):
         """
-        Retrun a list of all sessions for a given user.
+        Return a list of all sessions for a given user.
         """
         rows = self.get_unique_data(self.table, name='user', value=user)
 
@@ -575,6 +579,8 @@ class SAML2SessionStore(Store):
         logged_in = []
         for r in rows:
             data = self.get_unique_data(self.table, uuidval=r)
+            data[r]['supported_logout_mechs'] = data[r].get(
+                'supported_logout_mechs', '').split(',')
             logged_in.append(data)
 
         return logged_in