adding returnUrl parameter to singleLogoutService of IdP

BeritJanssen · BeritJanssen · commit 082dfc75cead · 2020-12-03T12:45:13.000+01:00
diff --git a/README.md b/README.md
@@ -304,6 +304,9 @@ This is the ``settings.json`` file:
         "singleLogoutService": {
             // URL Location of the IdP where SLO Request will be sent.
             "url": "https://app.onelogin.com/trust/saml2/http-redirect/slo/<onelogin_connector_id>",
+            // URL Location where the <Response> from the SP will returned (after IdP-initiated logout)
+            // OPTIONAL: only specify if different from url parameter 
+            "returnUrl": "<idp-domain>/slo_return/"
             // SAML protocol binding to be used when returning the <Response>
             // message. OneLogin Toolkit supports the HTTP-Redirect binding
             // only for this endpoint.
diff --git a/src/onelogin/saml2/auth.py b/src/onelogin/saml2/auth.py
@@ -190,7 +190,7 @@ def process_slo(self, keep_local_session=False, request_id=None, delete_session_
                 if security['logoutResponseSigned']:
                     self.add_response_signature(parameters, security['signatureAlgorithm'])
 
-                return self.redirect_to(self.get_slo_url(), parameters)
+                return self.redirect_to(self.get_slo_return_url(), parameters)
         else:
             self.__errors.append('invalid_binding')
             raise OneLogin_Saml2_Error(
@@ -468,6 +468,16 @@ def get_slo_url(self):
         if 'url' in idp_data['singleLogoutService']:
             return idp_data['singleLogoutService']['url']
 
+    def get_return_slo_url(self):
+        """
+        Gets the SLO return URL for IdP-initiated logout.
+
+        :returns: an URL, the SLO return endpoint of the IdP
+        :rtype: string
+        """
+        slo_data = self.__settings.get_idp_data()['singeLogoutService']
+        return slo_data.get('returnUrl', self.get_slo_url())
+
     def add_request_signature(self, request_data, sign_algorithm=OneLogin_Saml2_Constants.RSA_SHA1):
         """
         Builds the Signature of the SAML Request.
diff --git a/src/onelogin/saml2/logout_response.py b/src/onelogin/saml2/logout_response.py
@@ -162,12 +162,13 @@ def build(self, in_response_to):
 
         uid = OneLogin_Saml2_Utils.generate_unique_id()
         issue_instant = OneLogin_Saml2_Utils.parse_time_to_SAML(OneLogin_Saml2_Utils.now())
+        destination = idp_data['singeLogoutService'].get('returnUrl', idp_data['singeLogoutService']['url'])
 
         logout_response = OneLogin_Saml2_Templates.LOGOUT_RESPONSE % \
             {
                 'id': uid,
                 'issue_instant': issue_instant,
-                'destination': idp_data['singleLogoutService']['url'],
+                'destination': destination,
                 'in_response_to': in_response_to,
                 'entity_id': sp_data['entityId'],
                 'status': "urn:oasis:names:tc:SAML:2.0:status:Success"
