Single Log Out
SP
/singleLogout (* normative, Single Logout Service URL *)
logout = lasso_logout_new(server, lassoProviderTypeSp)
IF NOT lasso_is_liberty_query(query)
# Logout initiated by SP, now
lasso_profile_set_identity_from_dump(LASSO_PROFILE(logout), identity_dump)
lasso_profile_set_session_from_dump(LASSO_PROFILE(logout), session_dump)
lasso_logout_init_request(logout, idpProviderId, lassoHttpMethodAny)
# if idpProviderId is NULL the first one defined in the metadata will be picked
# if third param http method is lassoHttpMethodAny, then lasso retrieves
# the first http mehtod supported by both providers, else check
# the passed http method is supported.
request = LASSO_LIB_AUTHN_REQUEST(LASSO_PROFILE(logout)->request)
lasso_lib_authn_request_set_relayState(request, relayState)
# relayState is an optional value set by the SP
lasso_logout_build_request_msg(logout)
IF LASSO_PROFILE(logout)->msg_body != NULL
SOAP CALL
TO LASSO_PROFILE(logout)->msg_url
BODY LASSO_PROFILE(logout)->msg_body
lasso_logout_process_response_msg(logout, soap_answer_message)
IF error AND error != LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE
BOOM
/* ??? there is something here about identity and sessions ??? */
IF LASSO_PROFILE(logout)->msg_body == NULL
REDIRECT TO LASSO_PROFILE(logout)->msg_url
DISPLAY HTML PAGE
OK
END
# Logout initiated by IdP
lasso_logout_process_request_msg(logout, /query string/)
# use LASSO_PROFILE(logout)->nameIdentifier->content to get identity and session
lasso_profile_set_identity_from_dump(LASSO_PROFILE(logout), identity_dump)
lasso_profile_set_session_from_dump(LASSO_PROFILE(logout), session_dump)
lasso_logout_validate_request(logout)
IF lasso_profile_is_identity_dirty(LASSO_PROFILE(login))
identity = lasso_profile_get_identity(LASSO_PROFILE(login))
# save identity;
# serialization with lasso_identity_dump(identity)
IF lasso_profile_is_session_dirty(LASSO_PROFILE(login))
session = lasso_profile_get_session(LASSO_PROFILE(login))
# save session;
# serialization with lasso_session_dump(session)
lasso_logout_build_response_msg(logout)
IF LASSO_PROFILE(logout)->msg_body
ANSWER SOAP REQUEST WITH: LASSO_PROFILE(logout)->msg_body)
ELSE
REDIRECT TO LASSO_PROFILE(logout)->msg_url
IdP
/singleLogout (* normative, Single Log-Out service URL *)
logout = lasso_logout_new(server, lassoProviderTypeIdp)
IF lasso_is_liberty_query(query)
lasso_logout_process_request_msg(logout, /query string/)
# get identity and session from LASSO_PROFILE(logout)->nameIdentifier
ELSE
# initiate logout
# get identity and session from user authentication
lasso_profile_set_identity_from_dump(LASSO_PROFILE(logout), identity_dump)
lasso_profile_set_session_from_dump(LASSO_PROFILE(logout), session_dump)
other_sp = lasso_logout_get_next_providerID(logout)
WHILE other_sp
lasso_logout_init_request(logout, other_sp, lassoHttpMethodAny)
lasso_logout_build_request_msg(logout)
IF LASSO_PROFILE(logout)->msg_body
SOAP CALL
TO LASSO_PROFILE(logout)->msg_url
BODY LASSO_PROFILE(logout)->msg_body
lasso_logout_process_response_msg(logout, soap_answer_message)
other_sp = lasso_logout_get_next_providerID(logout)
lasso_logout_reset_providerID_index(logout)
other_sp = lasso_logout_get_next_providerID(logout)
IF other_sp
lasso_logout_init_request(logout, other_sp, lassoHttpMethodRedirect)
lasso_logout_build_request_msg(logout)
REDIRECT TO LASSO_PROFILE(logout)->msg_url
DISPLAY HTML PAGE
OK
IdP
/soapEndPoint (* normative, SOAP endpoint *)
soap_msg # is the received SOAP message body
request_type = lasso_profile_get_request_type_from_soap_msg(soap_msg);
IF request_type IS lassoRequestTypeLogout
logout = lasso_logout_new(server);
lasso_logout_process_request_msg(logout, soap_msg);
# get identity and session from LASSO_PROFILE(logout)->nameIdentifier
lasso_profile_set_identity_from_dump(LASSO_PROFILE(logout), identity_dump)
lasso_profile_set_session_from_dump(LASSO_PROFILE(logout), session_dump)
lasso_logout_validate_request(logout)
if error LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE
lasso_logout_build_request_msg(logout)
ANSWER SOAP REQUEST WITH: LASSO_PROFILE(logout)->msg_body
# write down identity and session here
other_sp = lasso_logout_get_next_providerID(logout)
WHILE other_sp
lasso_logout_init_request(logout, other_sp, lassoHttpMethodAny)
lasso_logout_build_request_msg(logout)
SOAP CALL
TO LASSO_PROFILE(logout)->msg_url
BODY LASSO_PROFILE(logout)->msg_body
lasso_logout_process_response_msg(logout, soap_answer_message)
other_sp = lasso_logout_get_next_providerID(logout)
lasso_logout_build_response_msg(logout)
ANSWER SOAP REQUEST WITH: LASSO_PROFILE(logout)->msg_body
SP
/soapEndPoint (* normative, SOAP endpoint *)
soap_msg # is the received SOAP message body
request_type = lasso_profile_get_request_type_from_soap_msg(soap_msg);
IF request_type IS lassoRequestTypeLogout
logout = lasso_logout_new(server);
lasso_logout_process_request_msg(logout, soap_msg);
# sth to do with identity and session around here
lasso_logout_validate_request(logout)
lasso_logout_build_response_msg(logout)
ANSWER SOAP REQUEST WITH: LASSO_PROFILE(logout)->msg_body