/**
* Retrieve a logout URL for a given logout association.
*
* @param SimpleSAML_IdP $idp The IdP we are sending a logout request from.
* @param array $association The association that should be terminated.
* @param string|NULL $relayState An id that should be carried across the logout.
*/
public static function getLogoutURL(SimpleSAML_IdP $idp, array $association, $relayState)
{
assert('is_string($relayState) || is_null($relayState)');
SimpleSAML_Logger::info('Sending SAML 2.0 LogoutRequest to: ' . var_export($association['saml:entityID'], TRUE));
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
$spMetadata = $metadata->getMetaDataConfig($association['saml:entityID'], 'saml20-sp-remote');
$bindings = array(SAML2_Const::BINDING_HTTP_REDIRECT, SAML2_Const::BINDING_HTTP_POST);
$dst = $spMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', $bindings);
if ($dst['Binding'] === SAML2_Const::BINDING_HTTP_POST) {
$params = array('association' => $association['id'], 'idp' => $idp->getId());
if ($relayState !== NULL) {
$params['RelayState'] = $relayState;
}
return SimpleSAML_Module::getModuleURL('core/idp/logout-iframe-post.php', $params);
}
$lr = self::buildLogoutRequest($idpMetadata, $spMetadata, $association, $relayState);
$lr->setDestination($dst['Location']);
$binding = new SAML2_HTTPRedirect();
return $binding->getRedirectURL($lr);
}