docs/lasso-book/defederation.process


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

Federation Termination Notification

(apply for both IdP and SP)

/federationTermination (* normative, Federation Termination Notification service URL *)
    defederation = lasos_defederation_new(server)
    IF lasso_is_liberty_query(query)
        # query is a valid liberty message, then process it

        lasso_defederation_process_notification_msg(defederation, query)

        nameIdentifier = LASSO_PROFILE(defederation)->nameIdentifier
        # Retrieve session and user using name identifier.
        lasso_profile_set_identity_from_dump(LASSO_PROFILE(defederation), identityDump)
        lasso_profile_set_session_from_dump(LASSO_PROFILE(defederation), sessionDump)

        lasso_defederation_validate_notification(defederation)
        # Close the federation locally.
        # The user is no more authenticated on any identity provider, Log him out.

        REDIRECT TO LASSO_PROFILE(defederation)->msg_url

    ELSE
        # query is not a valid liberty message, then initiates profile

        # identity and session from logged in user
        lasso_profile_set_identity_from_dump(LASSO_PROFILE(defederation), identityDump)
        lasso_profile_set_session_from_dump(LASSO_PROFILE(defederation), sessionDump)

        lasso_defederation_build_notification_msg(defederation)

        # close the local user account (session, index...)

        IF LASSO_PROFILE(defederation)->msg_body:
            SOAP CALL -----------------------------------------------------------------\
                TO LASSO_PROFILE(defederation)->msg_url                                |
                BODY LASSO_PROFILE(defederation)->msg_body

        ELSE
            REDIRECT TO LASSO_PROFILE(defederation)->msg_url


/federationTerminationReturn  (* normative, Federation Termination service Return URL *)

    # get the relay state if exists in query response


/soapEndPoint (* normative, SOAP endpoint *)                                      <----/
    defederation = lasso_defederation_new(server)
    lasso_defederation_process_notification_msg(defederation, soapRequestMsg)
    
    nameIdentifier = LASSO_PROFILE(defederation)->nameIdentifier
    # Retrieve session and user using name identifier.

    lasso_defederation_validate_notification(defederation)
    # Close the federation locally.
    # The user is no more authenticated on any identity provider. Log him out.
    # Return OK (204), even when the defederation validation fails.
        ANSWER SOAP REQUEST WITH 204 (No content)