<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>LassoLogout: Lasso Reference Manual</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
<link rel="home" href="index.html" title="Lasso Reference Manual">
<link rel="up" href="idff.html" title="Identity Federation Framework - ID-FF 1.2 profiles">
<link rel="prev" href="lasso-LassoLogin.html" title="LassoLogin">
<link rel="next" href="lasso-LassoDefederation.html" title="LassoDefederation">
<meta name="generator" content="GTK-Doc V1.28 (XML mode)">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="5"><tr valign="middle">
<td width="100%" align="left" class="shortcuts">
<a href="#" class="shortcut">Top</a><span id="nav_description"> <span class="dim">|</span>
<a href="#lasso-LassoLogout.description" class="shortcut">Description</a></span>
</td>
<td><a accesskey="h" href="index.html"><img src="home.png" width="16" height="16" border="0" alt="Home"></a></td>
<td><a accesskey="u" href="idff.html"><img src="up.png" width="16" height="16" border="0" alt="Up"></a></td>
<td><a accesskey="p" href="lasso-LassoLogin.html"><img src="left.png" width="16" height="16" border="0" alt="Prev"></a></td>
<td><a accesskey="n" href="lasso-LassoDefederation.html"><img src="right.png" width="16" height="16" border="0" alt="Next"></a></td>
</tr></table>
<div class="refentry">
<a name="lasso-LassoLogout"></a><div class="titlepage"></div>
<div class="refnamediv"><table width="100%"><tr>
<td valign="top">
<h2><span class="refentrytitle"><a name="lasso-LassoLogout.top_of_page"></a>LassoLogout</span></h2>
<p>LassoLogout — Single Logout Profile</p>
</td>
<td class="gallery_image" valign="top" align="right"></td>
</tr></table></div>
<div class="refsect1">
<a name="lasso-LassoLogout.functions"></a><h2>Functions</h2>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="functions_return">
<col class="functions_name">
</colgroup>
<tbody>
<tr>
<td class="function_type">
<a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="returnvalue">LassoLogout</span></a> *
</td>
<td class="function_name">
<a class="link" href="lasso-LassoLogout.html#lasso-logout-new" title="lasso_logout_new ()">lasso_logout_new</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="returnvalue">LassoLogout</span></a> *
</td>
<td class="function_name">
<a class="link" href="lasso-LassoLogout.html#lasso-logout-new-from-dump" title="lasso_logout_new_from_dump ()">lasso_logout_new_from_dump</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<span class="returnvalue">lasso_error_t</span>
</td>
<td class="function_name">
<a class="link" href="lasso-LassoLogout.html#lasso-logout-build-request-msg" title="lasso_logout_build_request_msg ()">lasso_logout_build_request_msg</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<span class="returnvalue">lasso_error_t</span>
</td>
<td class="function_name">
<a class="link" href="lasso-LassoLogout.html#lasso-logout-build-response-msg" title="lasso_logout_build_response_msg ()">lasso_logout_build_response_msg</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<span class="returnvalue">void</span>
</td>
<td class="function_name">
<a class="link" href="lasso-LassoLogout.html#lasso-logout-destroy" title="lasso_logout_destroy ()">lasso_logout_destroy</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<span class="returnvalue">gchar</span> *
</td>
<td class="function_name">
<a class="link" href="lasso-LassoLogout.html#lasso-logout-dump" title="lasso_logout_dump ()">lasso_logout_dump</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<span class="returnvalue">gchar</span> *
</td>
<td class="function_name">
<a class="link" href="lasso-LassoLogout.html#lasso-logout-get-next-providerID" title="lasso_logout_get_next_providerID ()">lasso_logout_get_next_providerID</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<span class="returnvalue">lasso_error_t</span>
</td>
<td class="function_name">
<a class="link" href="lasso-LassoLogout.html#lasso-logout-init-request" title="lasso_logout_init_request ()">lasso_logout_init_request</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<span class="returnvalue">lasso_error_t</span>
</td>
<td class="function_name">
<a class="link" href="lasso-LassoLogout.html#lasso-logout-process-request-msg" title="lasso_logout_process_request_msg ()">lasso_logout_process_request_msg</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<span class="returnvalue">lasso_error_t</span>
</td>
<td class="function_name">
<a class="link" href="lasso-LassoLogout.html#lasso-logout-process-response-msg" title="lasso_logout_process_response_msg ()">lasso_logout_process_response_msg</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<span class="returnvalue">lasso_error_t</span>
</td>
<td class="function_name">
<a class="link" href="lasso-LassoLogout.html#lasso-logout-reset-providerID-index" title="lasso_logout_reset_providerID_index ()">lasso_logout_reset_providerID_index</a> <span class="c_punctuation">()</span>
</td>
</tr>
<tr>
<td class="function_type">
<span class="returnvalue">lasso_error_t</span>
</td>
<td class="function_name">
<a class="link" href="lasso-LassoLogout.html#lasso-logout-validate-request" title="lasso_logout_validate_request ()">lasso_logout_validate_request</a> <span class="c_punctuation">()</span>
</td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect1">
<a name="lasso-LassoLogout.other"></a><h2>Types and Values</h2>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="name">
<col class="description">
</colgroup>
<tbody><tr>
<td class="datatype_keyword">struct</td>
<td class="function_name"><a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout">LassoLogout</a></td>
</tr></tbody>
</table></div>
</div>
<div class="refsect1">
<a name="lasso-LassoLogout.description"></a><h2>Description</h2>
<p>This profile Send logout notifications between providers. Any receiving provider must retransmit
the notification to any other providers with which it shares the current identity by any means
supported by the two, that is any provider federated with the current provider. There can be
partial failures if no binding can be found to notify a federating partner or if a partner fails
to respond.</p>
<p>It is generally advised to apply the local logout transaction before sending a logout request to
a partner. In short:
</p>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>an identity provider receiving a logout request should kill the local
session before sending logout request to other service provider and proxyied identity
providers.</p></li>
<li class="listitem"><p>a service provider intitiating a logout request must first kill its local session,
then proceeds with the logout exchange with its identity provider</p></li>
</ul></div>
<p>The following examples must not be used 'as-is' they lack most of the error checking code
that is needed for a secured and robust program, but they give an idea of how to use the
API</p>
<div class="example">
<a name="id-1.3.3.3.5.5"></a><p class="title"><b>Example 5. Service Provider Initiated Logout</b></p>
<div class="example-contents">
<table class="listing_frame" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td class="listing_lines" align="right"><pre>1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68</pre></td>
<td class="listing_code"><pre class="programlisting">LassoLogout <span class="gtkdoc opt">*</span>logout<span class="gtkdoc opt">;</span>
<span class="gtkdoc kwb">char</span> <span class="gtkdoc opt">*</span>session_dump<span class="gtkdoc opt">;</span> <span class="gtkdoc slc">// must contain the session dump</span>
<span class="gtkdoc slc">// for the current user</span>
<span class="gtkdoc kwb">int</span> rc<span class="gtkdoc opt">;</span> <span class="gtkdoc slc">// hold return codes</span>
<span class="gtkdoc kwb">char</span> <span class="gtkdoc opt">*</span>soap_response<span class="gtkdoc opt">;</span>
LassoHttpMethod method<span class="gtkdoc opt">;</span> <span class="gtkdoc slc">// method to use, LASSO_HTTP_METHOD_REDIRECT, </span>
<span class="gtkdoc slc">// LASSO_HTTP_METHOD_POST or LASSO_HTTP_METHOD_SOAP,</span>
<span class="gtkdoc slc">// other methods are rarely supported</span>
logout <span class="gtkdoc opt">=</span> <span class="function"><a href="lasso-LassoLogout.html#lasso-logout-new">lasso_logout_new</a></span><span class="gtkdoc opt">(</span>server<span class="gtkdoc opt">);</span>
<span class="function"><a href="lasso-LassoProfile.html#lasso-profile-set-session-from-dump">lasso_profile_set_session_from_dump</a></span><span class="gtkdoc opt">(&</span>logout<span class="gtkdoc opt">-></span>parent<span class="gtkdoc opt">,</span> session_dump<span class="gtkdoc opt">);</span>
<span class="gtkdoc slc">// the second argument can be NULL, lasso_logout_init_request() will automatically choose the</span>
<span class="gtkdoc slc">// identity provider from the first assertion int the session</span>
rc <span class="gtkdoc opt">=</span> <span class="function"><a href="lasso-LassoLogout.html#lasso-logout-init-request">lasso_logout_init_request</a></span><span class="gtkdoc opt">(</span>logout<span class="gtkdoc opt">,</span> <span class="string">"http://identity-provider-id/"</span><span class="gtkdoc opt">,</span>
method<span class="gtkdoc opt">);</span>
<span class="keyword">if</span> <span class="gtkdoc opt">(</span>rc <span class="gtkdoc opt">!=</span> <span class="number">0</span><span class="gtkdoc opt">) {</span>
<span class="gtkdoc opt">...</span> <span class="gtkdoc slc">// handle errors, most of them are related to bad initialization</span>
<span class="gtkdoc slc">// or unsupported binding</span>
<span class="gtkdoc opt">}</span>
rc <span class="gtkdoc opt">=</span> <span class="function"><a href="lasso-LassoLogout.html#lasso-logout-build-request-msg">lasso_logout_build_request_msg</a></span><span class="gtkdoc opt">(</span>logout<span class="gtkdoc opt">);</span>
<span class="keyword">if</span> <span class="gtkdoc opt">(</span>rc <span class="gtkdoc opt">!=</span> <span class="number">0</span><span class="gtkdoc opt">) {</span>
<span class="gtkdoc opt">...</span> <span class="gtkdoc slc">// handle errors, most of them are related to bad initialization</span>
<span class="gtkdoc slc">// or impossibility to build the query string (missing private keys for signing)</span>
<span class="gtkdoc opt">}</span>
<span class="gtkdoc slc">// now send the request</span>
<span class="keyword">switch</span> <span class="gtkdoc opt">(</span>method<span class="gtkdoc opt">) {</span>
<span class="keyword">case</span> LASSO_HTTP_METHOD_REDIRECT<span class="gtkdoc opt">:</span>
<span class="gtkdoc slc">// LASSO_PROFILE(logout)->msg_url contains the URL where the </span>
<span class="gtkdoc slc">// User Agent must be redirected</span>
<span class="gtkdoc opt">...</span>
<span class="gtkdoc slc">// save the session and logout object, and store them attached to the RequestID of the</span>
<span class="gtkdoc slc">// request, you will need them for handling the response</span>
session_dump <span class="gtkdoc opt">=</span> <span class="function"><a href="lasso-node.html#lasso-node-dump">lasso_node_dump</a></span><span class="gtkdoc opt">((</span>LassoNode<span class="gtkdoc opt">*)</span>logout<span class="gtkdoc opt">-></span>parent<span class="gtkdoc opt">.</span>session<span class="gtkdoc opt">);</span>
logout_dump <span class="gtkdoc opt">=</span> <span class="function"><a href="lasso-node.html#lasso-node-dump">lasso_node_dump</a></span><span class="gtkdoc opt">((</span>LassoNode<span class="gtkdoc opt">*)</span>logout<span class="gtkdoc opt">);</span>
<span class="keyword">break</span><span class="gtkdoc opt">;</span>
<span class="keyword">case</span> LASSO_HTTP_METHOD_POST<span class="gtkdoc opt">:</span>
<span class="gtkdoc slc">// you must build a form with a field name SAMLRequest (SAML 2.0) or LAREQ (ID-FF 1.2)</span>
<span class="gtkdoc slc">// with the content of LASSO_PROFILE(logout)->msg_body</span>
<span class="gtkdoc slc">// posting to the address LASSO_PROFILE(logout)->msg_url</span>
<span class="gtkdoc opt">...</span>
<span class="gtkdoc slc">// save the session and logout object, and store them attached to the RequestID of the</span>
<span class="gtkdoc slc">// request, you will need them for handling the response</span>
session_dump <span class="gtkdoc opt">=</span> <span class="function"><a href="lasso-node.html#lasso-node-dump">lasso_node_dump</a></span><span class="gtkdoc opt">((</span>LassoNode<span class="gtkdoc opt">*)</span>logout<span class="gtkdoc opt">-></span>parent<span class="gtkdoc opt">.</span>session<span class="gtkdoc opt">);</span>
logout_dump <span class="gtkdoc opt">=</span> <span class="function"><a href="lasso-node.html#lasso-node-dump">lasso_node_dump</a></span><span class="gtkdoc opt">((</span>LassoNode<span class="gtkdoc opt">*)</span>logout<span class="gtkdoc opt">);</span>
<span class="keyword">break</span><span class="gtkdoc opt">;</span>
<span class="keyword">case</span> LASSO_HTTP_SOAP<span class="gtkdoc opt">:</span>
<span class="gtkdoc slc">// makes a SOAP call, soap_call is NOT a Lasso function</span>
soap_response <span class="gtkdoc opt">=</span> <span class="function">soap_call</span><span class="gtkdoc opt">(</span>login<span class="gtkdoc opt">-></span>parent<span class="gtkdoc opt">.</span>msg_url<span class="gtkdoc opt">,</span> login<span class="gtkdoc opt">-></span>parent<span class="gtkdoc opt">.</span>msg_body<span class="gtkdoc opt">);</span>
rc <span class="gtkdoc opt">=</span> <span class="function"><a href="lasso-LassoLogout.html#lasso-logout-process-response-msg">lasso_logout_process_response_msg</a></span><span class="gtkdoc opt">(</span>logout<span class="gtkdoc opt">,</span> soap_response<span class="gtkdoc opt">);</span>
<span class="keyword">if</span> <span class="gtkdoc opt">(</span>rc <span class="gtkdoc opt">!=</span> <span class="number">0</span><span class="gtkdoc opt">) {</span>
<span class="gtkdoc slc">// handle errors, important ones are LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE meaning</span>
<span class="gtkdoc slc">// that one other service provider of the current session cannot be contacted by the</span>
<span class="gtkdoc slc">// identity provider with the current binding, for example it only accept REDIRECT</span>
<span class="gtkdoc opt">(</span>asynchronous<span class="gtkdoc opt">-</span>binding<span class="gtkdoc opt">)</span> <span class="keyword">or</span>
<span class="gtkdoc slc">// POST an we are using SOAP (synchronous-binding).</span>
<span class="gtkdoc opt">...</span>
<span class="gtkdoc opt">}</span>
<span class="gtkdoc slc">// everything is ok save the session</span>
session_dump <span class="gtkdoc opt">=</span> <span class="function"><a href="lasso-node.html#lasso-node-dump">lasso_node_dump</a></span><span class="gtkdoc opt">(</span>logout<span class="gtkdoc opt">-></span>parent<span class="gtkdoc opt">.</span>session<span class="gtkdoc opt">);</span>
<span class="gtkdoc slc">// nothing to save because you killed the local session already</span>
<span class="keyword">break</span><span class="gtkdoc opt">;</span>
<span class="keyword">default</span><span class="gtkdoc opt">:</span>
<span class="gtkdoc slc">// other binding neither are frequent or largely supported</span>
<span class="gtkdoc slc">// so report an error</span>
<span class="keyword">break</span><span class="gtkdoc opt">;</span>
<span class="gtkdoc opt">}</span></pre></td>
</tr>
</tbody>
</table>
</div>
</div>
<br class="example-break"><p>The next example show the endpoint for handling response to request with asynchronous
binding (POST and Redirect).</p>
<div class="example">
<a name="id-1.3.3.3.5.7"></a><p class="title"><b>Example 6. Service Provider Logout Request Endpoint</b></p>
<div class="example-contents">
<table class="listing_frame" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td class="listing_lines" align="right"><pre>1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20</pre></td>
<td class="listing_code"><pre class="programlisting">LassoLogout <span class="gtkdoc opt">*</span>logout<span class="gtkdoc opt">;</span>
<span class="gtkdoc kwb">char</span> <span class="gtkdoc opt">*</span>request_method <span class="gtkdoc opt">=</span> <span class="function">getenv</span><span class="gtkdoc opt">(</span><span class="string">"REQUEST_METHOD"</span><span class="gtkdoc opt">);</span>
logout <span class="gtkdoc opt">=</span> <span class="function"><a href="lasso-LassoLogout.html#lasso-logout-new">lasso_logout_new</a></span><span class="gtkdoc opt">(</span>server<span class="gtkdoc opt">);</span>
<span class="keyword">if</span> <span class="gtkdoc opt">(</span><span class="function">strcmp</span><span class="gtkdoc opt">(</span>request_method<span class="gtkdoc opt">,</span> <span class="string">"GET"</span><span class="gtkdoc opt">) ==</span> <span class="number">0</span><span class="gtkdoc opt">) {</span>
<span class="gtkdoc kwb">char</span> query_string <span class="gtkdoc opt">=</span> <span class="function">getenv</span><span class="gtkdoc opt">(</span><span class="string">"QUERY_STRING"</span><span class="gtkdoc opt">);</span>
rc <span class="gtkdoc opt">=</span> <span class="function"><a href="lasso-LassoLogout.html#lasso-logout-process-response-msg">lasso_logout_process_response_msg</a></span><span class="gtkdoc opt">(</span>logout<span class="gtkdoc opt">,</span> query_string<span class="gtkdoc opt">);</span>
<span class="gtkdoc opt">}</span> <span class="function">elif</span> <span class="gtkdoc opt">(</span><span class="function">strcmp</span><span class="gtkdoc opt">(</span>request_method<span class="gtkdoc opt">,</span> <span class="string">"POST"</span><span class="gtkdoc opt">) ==</span> <span class="number">0</span><span class="gtkdoc opt">) {</span>
<span class="gtkdoc kwb">char</span> <span class="gtkdoc opt">*</span>message<span class="gtkdoc opt">;</span>
<span class="gtkdoc slc">// message should contain the content of LARES or SAMLResponse fied, depending if this is an</span>
<span class="gtkdoc slc">// ID-FF 1.2 or SAML 2.0 service.</span>
rc <span class="gtkdoc opt">=</span> <span class="function"><a href="lasso-LassoLogout.html#lasso-logout-process-response-msg">lasso_logout_process_response_msg</a></span><span class="gtkdoc opt">(</span>logout<span class="gtkdoc opt">,</span> message<span class="gtkdoc opt">);</span>
<span class="gtkdoc opt">}</span>
<span class="keyword">if</span> <span class="gtkdoc opt">(</span>rc <span class="gtkdoc opt">!=</span> <span class="number">0</span><span class="gtkdoc opt">) {</span>
<span class="gtkdoc slc">// handle errors, as we are already unlogged, those must go to a log file or audit trail,</span>
<span class="gtkdoc slc">// because at this time the user do not care anymore. A report about a failure to logout to</span>
<span class="gtkdoc slc">// the IdP can be eventually shown.</span>
<span class="gtkdoc opt">...</span>
<span class="gtkdoc opt">}</span></pre></td>
</tr>
</tbody>
</table>
</div>
</div>
<br class="example-break"><p>The next snippet show how to implement a logout endpoint, to receive a logout request and
respond.</p>
<div class="example">
<a name="id-1.3.3.3.5.9"></a><p class="title"><b>Example 7. Service Provider Logout Request Endpoint</b></p>
<div class="example-contents">
<table class="listing_frame" border="0" cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td class="listing_lines" align="right"><pre>1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75</pre></td>
<td class="listing_code"><pre class="programlisting">LassoLogout <span class="gtkdoc opt">*</span>logout<span class="gtkdoc opt">;</span>
<span class="gtkdoc kwb">char</span> <span class="gtkdoc opt">*</span>session_dump<span class="gtkdoc opt">;</span>
<span class="gtkdoc kwb">char</span> <span class="gtkdoc opt">*</span>request_method <span class="gtkdoc opt">=</span> <span class="function">getenv</span><span class="gtkdoc opt">(</span><span class="string">"REQUEST_METHOD"</span><span class="gtkdoc opt">);</span>
<span class="gtkdoc kwb">int</span> rc<span class="gtkdoc opt">;</span>
<span class="gtkdoc kwb">int</span> method<span class="gtkdoc opt">;</span>
logout <span class="gtkdoc opt">=</span> <span class="function"><a href="lasso-LassoLogout.html#lasso-logout-new">lasso_logout_new</a></span><span class="gtkdoc opt">(</span>server<span class="gtkdoc opt">);</span>
<span class="gtkdoc slc">// server must be previously initialized, it can be kept around</span>
<span class="gtkdoc slc">// and used for many transaction, it is never modified by any profile</span>
<span class="keyword">if</span> <span class="gtkdoc opt">(</span><span class="function">strcmp</span><span class="gtkdoc opt">(</span>request_method<span class="gtkdoc opt">.</span> <span class="string">"GET"</span><span class="gtkdoc opt">) ==</span> <span class="number">0</span><span class="gtkdoc opt">) {</span>
method <span class="gtkdoc opt">=</span> LASSO_HTTP_METHOD_REDIRECT<span class="gtkdoc opt">;</span>
<span class="gtkdoc kwb">char</span> query_string <span class="gtkdoc opt">=</span> <span class="function">getenv</span><span class="gtkdoc opt">(</span><span class="string">"QUERY_STRING"</span><span class="gtkdoc opt">);</span>
rc <span class="gtkdoc opt">=</span> <span class="function"><a href="lasso-LassoLogout.html#lasso-logout-process-request-msg">lasso_logout_process_request_msg</a></span><span class="gtkdoc opt">(</span>logout<span class="gtkdoc opt">,</span> query_string<span class="gtkdoc opt">);</span>
<span class="keyword">if</span> <span class="gtkdoc opt">(</span>rc <span class="gtkdoc opt">!=</span> <span class="number">0</span><span class="gtkdoc opt">) {</span>
<span class="gtkdoc slc">// handle errors</span>
<span class="gtkdoc opt">...</span>
<span class="gtkdoc opt">}</span>
<span class="gtkdoc opt">}</span> <span class="keyword">else if</span> <span class="gtkdoc opt">(</span><span class="function">strcmp</span><span class="gtkdoc opt">(</span>request_method<span class="gtkdoc opt">,</span> <span class="string">"POST"</span><span class="gtkdoc opt">) ==</span> <span class="number">0</span><span class="gtkdoc opt">) {</span>
<span class="gtkdoc kwb">char</span> <span class="gtkdoc opt">*</span>message<span class="gtkdoc opt">;</span>
<span class="gtkdoc slc">// read submitted content if this is a form, put LAREQ or SAMLRequest field into message and</span>
set method to LASSO_HTTP_METHOD_POST
<span class="gtkdoc slc">// if content type is application/xml then put the full body of the POST inside message and</span>
<span class="gtkdoc slc">// set method to LASSO_HTTP_METHOD_SOAP</span>
rc <span class="gtkdoc opt">=</span> <span class="function"><a href="lasso-LassoLogout.html#lasso-logout-process-request-msg">lasso_logout_process_request_msg</a></span><span class="gtkdoc opt">(</span>logout<span class="gtkdoc opt">,</span> message<span class="gtkdoc opt">);</span>
<span class="keyword">if</span> <span class="gtkdoc opt">(</span>rc <span class="gtkdoc opt">!=</span> <span class="number">0</span><span class="gtkdoc opt">) {</span>
<span class="gtkdoc slc">// handle errors</span>
<span class="gtkdoc opt">...</span>
<span class="gtkdoc opt">}</span>
<span class="gtkdoc opt">}</span>
protocolProfile <span class="gtkdoc opt">=</span> <span class="function"><a href="lasso-LassoProvider.html#lasso-provider-get-protocol-conformance">lasso_provider_get_protocol_conformance</a></span><span class="gtkdoc opt">(</span><span class="function">LASSO_PROVIDER</span><span class="gtkdoc opt">(</span>server<span class="gtkdoc opt">));</span>
<span class="keyword">if</span> <span class="gtkdoc opt">(</span>protocolProfile <span class="gtkdoc opt">==</span> LASSO_LIBERTY_1_2<span class="gtkdoc opt">) {</span>
<span class="gtkdoc kwb">char</span> <span class="gtkdoc opt">*</span>session_index<span class="gtkdoc opt">;</span>
LassoSamlNameIdentifier <span class="gtkdoc opt">*</span>name_id<span class="gtkdoc opt">;</span>
LibLogoutRequest <span class="gtkdoc opt">*</span>logout_request<span class="gtkdoc opt">;</span>
logout_request <span class="gtkdoc opt">=</span> <span class="function">LIB_LOGOUT_REQUEST</span><span class="gtkdoc opt">(</span><span class="function">LASSO_PROFILE</span><span class="gtkdoc opt">(</span>logout<span class="gtkdoc opt">)-></span>request<span class="gtkdoc opt">);</span>
session_index <span class="gtkdoc opt">=</span> logout_request<span class="gtkdoc opt">-></span>SessionIndex<span class="gtkdoc opt">;</span>
name_id <span class="gtkdoc opt">=</span> logout_request<span class="gtkdoc opt">-></span>NameIdentifier<span class="gtkdoc opt">;</span>
<span class="gtkdoc slc">// lookup the session dump using session_index and name_id</span>
<span class="gtkdoc opt">}</span> <span class="keyword">else if</span> <span class="gtkdoc opt">(</span>protocolProfile <span class="gtkdoc opt">==</span> LASSO_SAML_2_0<span class="gtkdoc opt">) {</span>
<span class="gtkdoc kwb">char</span> <span class="gtkdoc opt">*</span>session_index<span class="gtkdoc opt">;</span>
LassoSaml2NameID <span class="gtkdoc opt">*</span>name_id<span class="gtkdoc opt">;</span>
LassoSamlp2LogoutRequest <span class="gtkdoc opt">*</span>logout_request<span class="gtkdoc opt">;</span>
logout_request <span class="gtkdoc opt">=</span> <span class="function">LASSO_SAMLP2_LOGOUT_REQUEST</span><span class="gtkdoc opt">(</span><span class="function">LASSO_PROFILE</span><span class="gtkdoc opt">(</span>logout<span class="gtkdoc opt">)-></span>request<span class="gtkdoc opt">);</span>
session_index <span class="gtkdoc opt">=</span> logout_request<span class="gtkdoc opt">-></span>SessionIndex<span class="gtkdoc opt">;</span>
name_id <span class="gtkdoc opt">=</span> logout_request<span class="gtkdoc opt">-></span>NameID<span class="gtkdoc opt">;</span>
<span class="gtkdoc slc">// lookup the session dump using session_index and name_id</span>
<span class="gtkdoc opt">}</span>
<span class="function"><a href="lasso-LassoProfile.html#lasso-profile-set-session-from-dump">lasso_profile_set_session_from_dump</a></span><span class="gtkdoc opt">(</span><span class="function">LASSO_PROFILE</span><span class="gtkdoc opt">(</span>logout<span class="gtkdoc opt">),</span> session_dump<span class="gtkdoc opt">);</span>
<span class="gtkdoc slc">// you can check other property of the request here if you want</span>
<span class="gtkdoc slc">// </span>
<span class="keyword">if</span> <span class="gtkdoc opt">(</span>request is accepted<span class="gtkdoc opt">) {</span>
rc <span class="gtkdoc opt">=</span> <span class="function"><a href="lasso-LassoLogout.html#lasso-logout-validate-request">lasso_logout_validate_request</a></span><span class="gtkdoc opt">(</span>logout<span class="gtkdoc opt">);</span>
<span class="keyword">if</span> <span class="gtkdoc opt">(</span>rc <span class="gtkdoc opt">!=</span> <span class="number">0</span><span class="gtkdoc opt">) {</span>
<span class="gtkdoc slc">// handle errors..</span>
<span class="gtkdoc opt">...</span>
<span class="gtkdoc opt">}</span> <span class="keyword">else</span> <span class="gtkdoc opt">{</span>
<span class="gtkdoc opt">....</span> <span class="gtkdoc slc">// kill the local session</span>
<span class="gtkdoc slc">// if local server is an identity provider, then traverse the session using</span>
<span class="gtkdoc slc">// lasso_logout_get_next_providerID() and send logout request to all logged </span>
<span class="gtkdoc slc">// service providers.</span>
<span class="gtkdoc opt">}</span>
<span class="gtkdoc opt">}</span>
<span class="gtkdoc slc">// if lasso_logout_validate_request() was not called this will automatically create a Failure</span>
<span class="gtkdoc slc">// response.</span>
rc <span class="gtkdoc opt">=</span> <span class="function"><a href="lasso-LassoLogout.html#lasso-logout-build-response-msg">lasso_logout_build_response_msg</a></span><span class="gtkdoc opt">(</span>logout<span class="gtkdoc opt">);</span>
<span class="keyword">if</span> <span class="gtkdoc opt">(</span>rc <span class="gtkdoc opt">!=</span> <span class="number">0</span><span class="gtkdoc opt">) {</span>
<span class="gtkdoc slc">// handle errors..</span>
<span class="gtkdoc opt">...</span>
<span class="gtkdoc opt">}</span>
<span class="gtkdoc slc">// the response is produced with the same binding as the request</span>
<span class="gtkdoc slc">// see the previous request example for how to send the response</span>
<span class="gtkdoc slc">// the only change is for SOAP, you just need to print the msg_body as page content with a</span>
<span class="gtkdoc slc">// Content-type of application/xml.</span></pre></td>
</tr>
</tbody>
</table>
</div>
</div>
<br class="example-break">
</div>
<div class="refsect1">
<a name="lasso-LassoLogout.functions_details"></a><h2>Functions</h2>
<div class="refsect2">
<a name="lasso-logout-new"></a><h3>lasso_logout_new ()</h3>
<pre class="programlisting"><a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="returnvalue">LassoLogout</span></a> *
lasso_logout_new (<em class="parameter"><code><a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a> *server</code></em>);</pre>
<p>Creates a new <a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a>.</p>
<div class="refsect3">
<a name="lasso-logout-new.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody><tr>
<td class="parameter_name"><p>server</p></td>
<td class="parameter_description"><p>the <a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr></tbody>
</table></div>
</div>
<div class="refsect3">
<a name="lasso-logout-new.returns"></a><h4>Returns</h4>
<p> a newly created <a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a> object; or NULL if an error
occured</p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="lasso-logout-new-from-dump"></a><h3>lasso_logout_new_from_dump ()</h3>
<pre class="programlisting"><a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="returnvalue">LassoLogout</span></a> *
lasso_logout_new_from_dump (<em class="parameter"><code><a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a> *server</code></em>,
<em class="parameter"><code>const <span class="type">gchar</span> *dump</code></em>);</pre>
<p>Restores the <em class="parameter"><code>dump</code></em>
to a new <a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a>.</p>
<div class="refsect3">
<a name="lasso-logout-new-from-dump.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody>
<tr>
<td class="parameter_name"><p>server</p></td>
<td class="parameter_description"><p>the <a class="link" href="lasso-LassoServer.html#LassoServer" title="struct LassoServer"><span class="type">LassoServer</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>dump</p></td>
<td class="parameter_description"><p>XML logout dump</p></td>
<td class="parameter_annotations"> </td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect3">
<a name="lasso-logout-new-from-dump.returns"></a><h4>Returns</h4>
<p> a newly created <a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a>; or NULL if an error occured</p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="lasso-logout-build-request-msg"></a><h3>lasso_logout_build_request_msg ()</h3>
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span>
lasso_logout_build_request_msg (<em class="parameter"><code><a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a> *logout</code></em>);</pre>
<p>Builds the logout request message.</p>
<p>It gets the HTTP method retrieved to send the request and:</p>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
if it is a SOAP method, then it builds the logout request SOAP message,
sets the msg_body attribute, gets the single logout service url and sets
<em class="parameter"><code>msg_url</code></em> in the logout object.
</p></li>
<li class="listitem"><p>
if it is a HTTP-Redirect method, then it builds the logout request QUERY
message, builds the logout request url, sets <em class="parameter"><code>msg_url</code></em> in the logout
request url, sets <em class="parameter"><code>msg_body</code></em> to NULL.
</p></li>
</ul></div>
<p>If private key and certificate are set in server object it will also signs
the message (either with X509 if SOAP or with a simple signature for query
strings).</p>
<div class="refsect3">
<a name="lasso-logout-build-request-msg.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody><tr>
<td class="parameter_name"><p>logout</p></td>
<td class="parameter_description"><p>a <a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr></tbody>
</table></div>
</div>
<div class="refsect3">
<a name="lasso-logout-build-request-msg.returns"></a><h4>Returns</h4>
<p> 0 on success; or a negative value otherwise.</p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="lasso-logout-build-response-msg"></a><h3>lasso_logout_build_response_msg ()</h3>
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span>
lasso_logout_build_response_msg (<em class="parameter"><code><a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a> *logout</code></em>);</pre>
<p>Builds the logout response message.</p>
<p>It gets the request message method and:</p>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
if it is a SOAP method, then it builds the logout response SOAP message,
sets the msg_body attribute, gets the single logout service return url
and sets <em class="parameter"><code>msg_url</code></em> in the logout object.
</p></li>
<li class="listitem"><p>
if it is a HTTP-Redirect method, then it builds the logout response QUERY message,
builds the logout response url, sets <em class="parameter"><code>msg_url</code></em> with the logout response url,
sets <em class="parameter"><code>msg_body</code></em> to NULL
</p></li>
</ul></div>
<p>If private key and certificate are set in server object it will also signs
the message (either with X509 if SOAP or with a simple signature for query
strings).</p>
<div class="refsect3">
<a name="lasso-logout-build-response-msg.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody><tr>
<td class="parameter_name"><p>logout</p></td>
<td class="parameter_description"><p>a <a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr></tbody>
</table></div>
</div>
<div class="refsect3">
<a name="lasso-logout-build-response-msg.returns"></a><h4>Returns</h4>
<p> 0 on success; or a negative value otherwise.</p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="lasso-logout-destroy"></a><h3>lasso_logout_destroy ()</h3>
<pre class="programlisting"><span class="returnvalue">void</span>
lasso_logout_destroy (<em class="parameter"><code><a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a> *logout</code></em>);</pre>
<p>Destroys a logout object.</p>
<div class="refsect3">
<a name="lasso-logout-destroy.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody><tr>
<td class="parameter_name"><p>logout</p></td>
<td class="parameter_description"><p>a <a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr></tbody>
</table></div>
</div>
</div>
<hr>
<div class="refsect2">
<a name="lasso-logout-dump"></a><h3>lasso_logout_dump ()</h3>
<pre class="programlisting"><span class="returnvalue">gchar</span> *
lasso_logout_dump (<em class="parameter"><code><a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a> *logout</code></em>);</pre>
<p>Dumps <em class="parameter"><code>logout</code></em>
content to an XML string.</p>
<div class="refsect3">
<a name="lasso-logout-dump.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody><tr>
<td class="parameter_name"><p>logout</p></td>
<td class="parameter_description"><p>a <a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr></tbody>
</table></div>
</div>
<div class="refsect3">
<a name="lasso-logout-dump.returns"></a><h4>Returns</h4>
<p>the dump string. It must be freed by the caller. </p>
<p><span class="annotation">[<acronym title="Free data after the code is done."><span class="acronym">transfer full</span></acronym>]</span></p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="lasso-logout-get-next-providerID"></a><h3>lasso_logout_get_next_providerID ()</h3>
<pre class="programlisting"><span class="returnvalue">gchar</span> *
lasso_logout_get_next_providerID (<em class="parameter"><code><a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a> *logout</code></em>);</pre>
<p>Returns the provider id from providerID_index in list of providerIDs in
principal session with the exception of initial service provider ID.</p>
<div class="refsect3">
<a name="lasso-logout-get-next-providerID.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody><tr>
<td class="parameter_name"><p>logout</p></td>
<td class="parameter_description"><p>a <a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr></tbody>
</table></div>
</div>
<div class="refsect3">
<a name="lasso-logout-get-next-providerID.returns"></a><h4>Returns</h4>
<p>a newly allocated string or NULL. </p>
<p><span class="annotation">[<acronym title="Free data after the code is done."><span class="acronym">transfer full</span></acronym>]</span></p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="lasso-logout-init-request"></a><h3>lasso_logout_init_request ()</h3>
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span>
lasso_logout_init_request (<em class="parameter"><code><a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a> *logout</code></em>,
<em class="parameter"><code><span class="type">gchar</span> *remote_providerID</code></em>,
<em class="parameter"><code><a class="link" href="lasso-LassoProvider.html#LassoHttpMethod" title="enum LassoHttpMethod"><span class="type">LassoHttpMethod</span></a> request_method</code></em>);</pre>
<p>Initializes a new SLO request.</p>
<div class="refsect3">
<a name="lasso-logout-init-request.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody>
<tr>
<td class="parameter_name"><p>logout</p></td>
<td class="parameter_description"><p>a <a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>remote_providerID</p></td>
<td class="parameter_description"><p>the providerID of the identity provider. If NULL the
first identity provider is used.</p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>request_method</p></td>
<td class="parameter_description"><p>if set, then it get the protocol profile in metadata
corresponding of this HTTP request method.</p></td>
<td class="parameter_annotations"> </td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect3">
<a name="lasso-logout-init-request.returns"></a><h4>Returns</h4>
<p> 0 on success; or a negative value otherwise.</p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="lasso-logout-process-request-msg"></a><h3>lasso_logout_process_request_msg ()</h3>
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span>
lasso_logout_process_request_msg (<em class="parameter"><code><a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a> *logout</code></em>,
<em class="parameter"><code><span class="type">gchar</span> *request_msg</code></em>);</pre>
<p>Processes a SLO LogoutRequest message. Rebuilds a request object from the
message and optionally verifies its signature.</p>
<div class="refsect3">
<a name="lasso-logout-process-request-msg.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody>
<tr>
<td class="parameter_name"><p>logout</p></td>
<td class="parameter_description"><p>a <a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>request_msg</p></td>
<td class="parameter_description"><p>the logout request message</p></td>
<td class="parameter_annotations"> </td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect3">
<a name="lasso-logout-process-request-msg.returns"></a><h4>Returns</h4>
<p> 0 on success; or a negative value otherwise.</p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="lasso-logout-process-response-msg"></a><h3>lasso_logout_process_response_msg ()</h3>
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span>
lasso_logout_process_response_msg (<em class="parameter"><code><a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a> *logout</code></em>,
<em class="parameter"><code><span class="type">gchar</span> *response_msg</code></em>);</pre>
<p>Parses the response message and builds the response object.</p>
<p>Checks the status code value and if it is not success, then if the local
provider is a Service Provider and response method is SOAP, then builds a
new logout request message for HTTP Redirect / GET method and returns the
error code LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE.</p>
<p>If it is a SOAP method or, IDP type and http method is Redirect/GET,
then removes assertion.</p>
<p>If local server is an Identity Provider and if there is no more assertion
(Identity Provider has logged out every Service Providers), then restores
the initial response.</p>
<div class="refsect3">
<a name="lasso-logout-process-response-msg.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody>
<tr>
<td class="parameter_name"><p>logout</p></td>
<td class="parameter_description"><p>a <a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr>
<tr>
<td class="parameter_name"><p>response_msg</p></td>
<td class="parameter_description"><p>the response message</p></td>
<td class="parameter_annotations"> </td>
</tr>
</tbody>
</table></div>
</div>
<div class="refsect3">
<a name="lasso-logout-process-response-msg.returns"></a><h4>Returns</h4>
<p> 0 on success; or a negative value otherwise.</p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="lasso-logout-reset-providerID-index"></a><h3>lasso_logout_reset_providerID_index ()</h3>
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span>
lasso_logout_reset_providerID_index (<em class="parameter"><code><a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a> *logout</code></em>);</pre>
<p>Reset the providerID_index attribute (set to 0).</p>
<div class="refsect3">
<a name="lasso-logout-reset-providerID-index.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody><tr>
<td class="parameter_name"><p>logout</p></td>
<td class="parameter_description"><p>a <a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr></tbody>
</table></div>
</div>
<div class="refsect3">
<a name="lasso-logout-reset-providerID-index.returns"></a><h4>Returns</h4>
<p> 0 on success; or a negative value otherwise.</p>
</div>
</div>
<hr>
<div class="refsect2">
<a name="lasso-logout-validate-request"></a><h3>lasso_logout_validate_request ()</h3>
<pre class="programlisting"><span class="returnvalue">lasso_error_t</span>
lasso_logout_validate_request (<em class="parameter"><code><a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a> *logout</code></em>);</pre>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>
Sets the remote provider id
</p></li>
<li class="listitem"><p>
Sets a logout response with status code value to success.
</p></li>
<li class="listitem"><p>
Checks current signature status, if verification failed, stop processing
and set the status code value to failure.
</p></li>
<li class="listitem"><p>
Verifies federation and authentication.
</p></li>
<li class="listitem"><p>
If the request http method is a SOAP method, then verifies every other
Service Providers supports SOAP method : if not, then sets status code
value to UnsupportedProfile and returns a code error with
LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE.
</p></li>
<li class="listitem"><p>
Every tests are ok, then removes assertion.
</p></li>
<li class="listitem"><p>
If local server is an Identity Provider and if there is more than one
Service Provider (except the initial Service Provider), then saves the
initial request, response and remote provider id.
</p></li>
</ul></div>
<div class="refsect3">
<a name="lasso-logout-validate-request.parameters"></a><h4>Parameters</h4>
<div class="informaltable"><table class="informaltable" width="100%" border="0">
<colgroup>
<col width="150px" class="parameters_name">
<col class="parameters_description">
<col width="200px" class="parameters_annotations">
</colgroup>
<tbody><tr>
<td class="parameter_name"><p>logout</p></td>
<td class="parameter_description"><p>a <a class="link" href="lasso-LassoLogout.html#LassoLogout" title="struct LassoLogout"><span class="type">LassoLogout</span></a></p></td>
<td class="parameter_annotations"> </td>
</tr></tbody>
</table></div>
</div>
<div class="refsect3">
<a name="lasso-logout-validate-request.returns"></a><h4>Returns</h4>
<p> 0 on success; or
LASSO_PROFILE_ERROR_MISSING_REQUEST if no request has been found -- usually means that
lasso_logout_process_request_msg was not called,
LASSO_SERVER_ERROR_PROVIDER_NOT_FOUND if the requesting provider is not known to the server object,
LASSO_PROFILE_ERROR_BUILDING_RESPONSE_FAILED if creation of the response object failed,
LASSO_PROFILE_ERROR_NAME_IDENTIFIER_NOT_FOUND if the request do not contain a NameID element,
LASSO_PROFILE_ERROR_SESSION_NOT_FOUND if the logout profile object do not contain a session
object,
LASSO_PROFILE_ERROR_MISSING_ASSERTION if no assertion from the requesting provider was found,
LASSO_PROFILE_ERROR_IDENTITY_NOT_FOUND if the logout profile object do not contain an identity
object,
LASSO_PROFILE_ERROR_FEDERATION_NOT_FOUND if no federation for the requesting provider was found,
LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE if the requested HTTP method is not supported by all the
remote provider of the current session.</p>
</div>
</div>
</div>
<div class="refsect1">
<a name="lasso-LassoLogout.other_details"></a><h2>Types and Values</h2>
<div class="refsect2">
<a name="LassoLogout"></a><h3>struct LassoLogout</h3>
<pre class="programlisting">struct LassoLogout {
LassoProfile parent;
};
</pre>
</div>
</div>
</div>
<div class="footer">
<hr>Generated by GTK-Doc V1.28</div>
</body>
</html>