SAML 2.0 Logout: when in an SP initiated logout, lasso_logout_build_response_msg is the finishing call

 * lasso/saml-2.0/logout.c:
   when calling lasso_logout_build_response_msg(), if we known that we
   are in the middle of an SP initiated logout, i.e. if
   initial_remote_providerID is not NULL, then we can restore the intial
   response.

1 files changed, 19 insertions, 0 deletions

diff --git a/lasso/saml-2.0/logout.c b/lasso/saml-2.0/logout.c
index 5fb310a8..5ee1bc1c 100644
--- a/lasso/saml-2.0/logout.c
+++ b/lasso/saml-2.0/logout.c
@@ -324,6 +324,25 @@ lasso_saml20_logout_build_response_msg(LassoLogout *logout)
 	LassoSamlp2StatusResponse *response = NULL;
 	int rc = 0;
 
+	/* SP initiated logout */
+	if (logout->initial_remote_providerID) {
+		remote_provider = lasso_server_get_provider(profile->server, profile->remote_providerID);
+		if (remote_provider->role & LASSO_PROVIDER_ROLE_SP) {
+			lasso_transfer_string(profile->remote_providerID,
+					logout->initial_remote_providerID);
+			lasso_transfer_gobject(profile->request, logout->initial_request);
+			lasso_transfer_gobject(profile->response, logout->initial_response);
+			/* if some of the logout failed, set a partial logout status code */
+			if (logout->private_data->partial_logout) {
+				/* reset the partial logout status */
+				logout->private_data->partial_logout = FALSE;
+				lasso_saml20_profile_set_response_status(profile,
+						LASSO_SAML2_STATUS_CODE_SUCCESS,
+						LASSO_SAML2_STATUS_CODE_PARTIAL_LOGOUT);
+			}
+		}
+	}
+
 	if (profile->response == NULL) {
 		/* no response set here means request denied */
 		response = (LassoSamlp2StatusResponse*) lasso_samlp2_logout_response_new();