Merge pull request #40 from pitbulk/logout-fix

Logout fix

README.md

@@ -238,14 +238,15 @@ This extension provides 4 actions:
                 ...
                 'logout' => [
                     'class' => 'asasmoyo\yii2saml\actions\LogoutAction',
-                    'logoutIdP' => false, // if you don't want to logout on idp
                     'returnTo' => Url::to('site/bye'),
+                    'parameters' => [],
                     'nameId' => $session->get('nameId'),
                     'sessionIndex' => $session->get('sessionIndex'),
                     'stay' => false,
                     'nameIdFormat' => null,
                     'nameIdNameQualifier' => $session->get('nameIdNameQualifier'),
                     'nameIdSPNameQualifier' => $session->get('nameIdSPNameQualifier'),
+                    'logoutIdP' => false, // if you don't want to logout on idp
                 ]
             ];
         }
@@ -266,6 +267,7 @@ This extension provides 4 actions:
                 'sls' => [
                     'class' => 'asasmoyo\yii2saml\actions\SlsAction',
                     'successUrl' => Url::to('site/bye'),
+                    'logoutIdP' => false, // if you don't want to logout on idp
                 ]
             ]
         }

src/actions/SlsAction.php

@@ -20,25 +20,37 @@ class SlsAction extends BaseAction
     public $successUrl;
 
     /**
-     * It handles sls logout request/response from Identity Provider. It will check whether is valid or not. If it isn't, an Exception will be thrown. If is valid,  user will be redirected to successUrl.     * @return $this|mixed
+     * true if you want to logout on Identity Provider too.
+     * @param bool        $logoutIdP
+     */
+    public $logoutIdP = true;
+
+    /**
+     * It handles sls logout request/response from Identity Provider. It will check whether is valid or not. If it isn't, an Exception will be thrown. If is valid,  user will be redirected to successUrl.
+     * @return $this|mixed
      * @throws Exception
      * @throws InvalidConfigException
      */
     public function run()
     {
-        $this->samlInstance->processSLO();
-
-        $errors = $this->samlInstance->getErrors();
-        if (!empty($errors)) {
-            $message = 'Logout error: ' . implode(",", $errors);
-            if ($this->samlInstance->isDebugActive()) {
-                $reason = $this->samlInstance->getLastErrorReason();
-                if (!empty($reason)) {
-                    $message .= "\n".$reason;
+        // and logout user on Identity Provider
+        if ($this->logoutIdP == true) {
+            $this->samlInstance->processSLO();
+
+            $errors = $this->samlInstance->getErrors();
+            if (!empty($errors)) {
+                $message = 'Logout error: ' . implode(",", $errors);
+                if ($this->samlInstance->isDebugActive()) {
+                    $reason = $this->samlInstance->getLastErrorReason();
+                    if (!empty($reason)) {
+                        $message .= "\n".$reason;
+                    }
                 }
+                throw new Exception($message);
             }
-            throw new Exception($message);
+            return \Yii::$app->response->redirect($this->successUrl);
+        } else {
+            throw new Exception("SLO is disabled");
         }
-        return \Yii::$app->response->redirect($this->successUrl);
     }
 }