[saml2] add proper error code for partial logout status code

3 files changed, 12 insertions, 0 deletions

diff --git a/lasso/errors.c b/lasso/errors.c
index 6ee5cc13..af772c14 100644
--- a/lasso/errors.c
+++ b/lasso/errors.c
@@ -173,6 +173,8 @@ lasso_strerror(int error_code)
 			return "An unsigned authn request was received but the metadata specify that they must be signed.";
 		case LASSO_LOGOUT_ERROR_FEDERATION_NOT_FOUND:
 			return "Federation not found on logout";
+		case LASSO_LOGOUT_ERROR_PARTIAL_LOGOUT:
+			return "Logout could not be propagated to every service provider in the current session.";
 		case LASSO_LOGOUT_ERROR_REQUEST_DENIED:
 			return "Request denied by identity provider";
 		case LASSO_LOGOUT_ERROR_UNKNOWN_PRINCIPAL:
diff --git a/lasso/errors.h b/lasso/errors.h
index a0f2a22e..8cc114fb 100644
--- a/lasso/errors.h
+++ b/lasso/errors.h
@@ -298,6 +298,12 @@ LASSO_EXPORT const char* lasso_strerror(int error_code);
  * Unknown principal on logout
  */
 #define LASSO_LOGOUT_ERROR_UNKNOWN_PRINCIPAL 304
+/**
+ * LASSO_LOGOUT_ERROR_PARTIAL_LOGOUT:
+ *
+ * Logout could not be propagated to every service provider in the current session.
+ */
+#define LASSO_LOGOUT_ERROR_PARTIAL_LOGOUT 305
 
 /* Profile */
 /**
diff --git a/lasso/saml-2.0/logout.c b/lasso/saml-2.0/logout.c
index 3d8859f0..b613aaa7 100644
--- a/lasso/saml-2.0/logout.c
+++ b/lasso/saml-2.0/logout.c
@@ -396,6 +396,10 @@ cleanup:
 
 		value = sub_status_code->Value;
 
+		if (lasso_strisequal(value,LASSO_SAML2_STATUS_CODE_PARTIAL_LOGOUT)) {
+			rc = LASSO_LOGOUT_ERROR_PARTIAL_LOGOUT;
+			break;
+		}
 		if (lasso_strisequal(value,LASSO_SAML2_STATUS_CODE_REQUEST_DENIED)) {
 			rc = LASSO_LOGOUT_ERROR_REQUEST_DENIED;
 			break;