+ def _not_logged_in(self, logout, message):
+ """
+ The user requested a logout but isn't logged in, or we can't
+ find a session for the user. Try to be nice and redirect them
+ back to the RelayState in the logout request.
+
+ We are only nice in the case of a valid logout request. If the
+ request is invalid (not signed, unknown SP, etc) then an
+ exception is raised.
+ """
+ self.error('Logout attempt without being logged in.')
+
+ if logout.msgRelayState is not None:
+ raise cherrypy.HTTPRedirect(logout.msgRelayState)
+
+ try:
+ logout.processRequestMsg(message)
+ except (lasso.ServerProviderNotFoundError,
+ lasso.ProfileUnknownProviderError) as e:
+ msg = 'Invalid SP [%s] (%r [%r])' % (logout.remoteProviderId,
+ e, message)
+ self.error(msg)
+ raise UnknownProvider(msg)
+ except (lasso.ProfileInvalidProtocolprofileError,
+ lasso.DsError), e:
+ msg = 'Invalid SAML Request: %r (%r [%r])' % (logout.request,
+ e, message)
+ self.error(msg)
+ raise InvalidRequest(msg)
+ except lasso.Error, e:
+ self.error('SLO unknown error: %s' % message)
+ raise cherrypy.HTTPError(400, 'Invalid logout request')
+
+ if logout.msgRelayState:
+ raise cherrypy.HTTPRedirect(logout.msgRelayState)
+ else:
+ raise cherrypy.HTTPError(400, 'Not logged in')
+