From ee8e9fcf30f981fa0d94e1a36b2c122ba72af3d2 Mon Sep 17 00:00:00 2001
From: Mark Kaulertz <mkaulertz@googlemail.com>
Date: Wed, 12 Nov 2025 08:51:31 +0100
Subject: [PATCH] Update getLogoutURL to accept nullable relayState parameter
 to fix iframe logout scenarios where no relayState is available

---
 src/IdP/ADFS.php | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/IdP/ADFS.php b/src/IdP/ADFS.php
index 1e6daa1..13515b7 100644
--- a/src/IdP/ADFS.php
+++ b/src/IdP/ADFS.php
@@ -668,15 +668,19 @@ public static function receiveLogoutMessage(IdP $idp): void
      *
      * @param \SimpleSAML\IdP $idp
      * @param array<mixed> $association
-     * @param string $relayState
+     * @param string|null $relayState
      * @return string
      */
-    public static function getLogoutURL(IdP $idp, array $association, string $relayState): string
+    public static function getLogoutURL(IdP $idp, array $association, ?string $relayState = null): string
     {
         $metadata = MetaDataStorageHandler::getMetadataHandler();
         $spMetadata = $metadata->getMetaDataConfig($association['adfs:entityID'], 'adfs-sp-remote');
+        $params = ['assocId' => urlencode($association['id'])];
+        if ($relayState !== null) {
+            $params['relayState'] = urlencode($relayState);
+        }
         $returnTo = Module::getModuleURL(
-            'adfs/idp/prp.php?assocId=' . urlencode($association["id"]) . '&relayState=' . urlencode($relayState),
+            'adfs/idp/prp.php', $params
         );
         return $spMetadata->getValue('prp') . '?wa=wsignoutcleanup1.0&wreply=' . urlencode($returnTo);
     }