$NetBSD: patch-ah,v 1.1 2011/05/07 05:15:21 manu Exp $

Unbreak SP initiated SLO with lasso >= 2.3.5

--- auth_mellon_handler.c.orig	2011-05-07 06:31:46.000000000 +0200
+++ auth_mellon_handler.c	2011-05-07 06:57:03.000000000 +0200
@@ -774,8 +774,9 @@
     gint res;
     char *redirect_to;
     LassoProfile *profile;
     LassoSession *session;
+    GList *assertion_list;
     LassoNode *assertion_n;
     LassoSaml2Assertion *assertion;
     LassoSaml2AuthnStatement *authnStatement;
     LassoSamlp2LogoutRequest *request;
@@ -822,42 +823,46 @@
         return HTTP_INTERNAL_SERVER_ERROR;
     }
 
 
-    /* We need to set the SessionIndex in the LogoutRequest to the
-     * SessionIndex we received during the login operation.
-     */
-
     profile = LASSO_PROFILE(logout);
-    session = lasso_profile_get_session(profile);
 
-    /* We currently only look at the first assertion in the list
-     * lasso_session_get_assertions returns.
+    /* We need to set the SessionIndex in the LogoutRequest to the SessionIndex
+     * we received during the login operation. This is not needed since release
+     * 2.3.0.
      */
-    assertion_n = lasso_session_get_assertions(
-        session, profile->remote_providerID)->data;
-    if(LASSO_IS_SAML2_ASSERTION(assertion_n) == FALSE) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                      "No assertions found for the current session.");
-        lasso_logout_destroy(logout);
-        return HTTP_INTERNAL_SERVER_ERROR;
-    }
-
-    assertion = LASSO_SAML2_ASSERTION(assertion_n);
+    if (lasso_check_version(2, 3, 0, LASSO_CHECK_VERSION_NUMERIC) == 0) {
+        session = lasso_profile_get_session(profile);
+        assertion_list = lasso_session_get_assertions(
+            session, profile->remote_providerID);
+        if(! assertion_list ||
+                        LASSO_IS_SAML2_ASSERTION(assertion_list->data) == FALSE) {
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                          "No assertions found for the current session.");
+            lasso_logout_destroy(logout);
+            return HTTP_INTERNAL_SERVER_ERROR;
+        }
+        /* We currently only look at the first assertion in the list
+         * lasso_session_get_assertions returns.
+         */
+        assertion_n = assertion_list->data;
 
-    /* We assume that the first authnStatement contains the data we want. */
-    authnStatement = LASSO_SAML2_AUTHN_STATEMENT(assertion->AuthnStatement->data);
+        assertion = LASSO_SAML2_ASSERTION(assertion_n);
 
-    if(!authnStatement) {
-        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
-                      "No AuthnStatement found in the current assertion.");
-        lasso_logout_destroy(logout);
-        return HTTP_INTERNAL_SERVER_ERROR;
-    }
+        /* We assume that the first authnStatement contains the data we want. */
+        authnStatement = LASSO_SAML2_AUTHN_STATEMENT(assertion->AuthnStatement->data);
 
-    if(authnStatement->SessionIndex) {
-        request = LASSO_SAMLP2_LOGOUT_REQUEST(profile->request);
-        request->SessionIndex = g_strdup(authnStatement->SessionIndex);
+        if(!authnStatement) {
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+                          "No AuthnStatement found in the current assertion.");
+            lasso_logout_destroy(logout);
+            return HTTP_INTERNAL_SERVER_ERROR;
+        }
+    
+        if(authnStatement->SessionIndex) {
+            request = LASSO_SAMLP2_LOGOUT_REQUEST(profile->request);
+            request->SessionIndex = g_strdup(authnStatement->SessionIndex);
+        }
     }
 
 
     /* Set the RelayState parameter to the return url (if we have one). */
