Process the SAML Logout Response / Logout Request sent by the IdP.
public processSLO ( boolean $keepLocalSession = false, string | null $requestId = null, boolean $retrieveParametersFromServer = false, callable $cbDeleteSession = null, boolean $stay = false ) : string | void | ||
$keepLocalSession | boolean | When false will destroy the local session, otherwise will keep it |
$requestId | string | null | The ID of the LogoutRequest sent by this SP to the IdP |
$retrieveParametersFromServer | boolean | |
$cbDeleteSession | callable | |
$stay | boolean | True if we want to stay (returns the url string) False to redirect |
return | string | void |
} $_SESSION['samlUserdata'] = $auth->getAttributes(); $_SESSION['samlNameId'] = $auth->getNameId(); $_SESSION['samlSessionIndex'] = $auth->getSessionIndex(); unset($_SESSION['AuthNRequestID']); if (isset($_POST['RelayState']) && OneLogin_Saml2_Utils::getSelfURL() != $_POST['RelayState']) { $auth->redirectTo($_POST['RelayState']); } } else { if (isset($_GET['sls'])) { if (isset($_SESSION) && isset($_SESSION['LogoutRequestID'])) { $requestID = $_SESSION['LogoutRequestID']; } else { $requestID = null; } $auth->processSLO(false, $requestID); $errors = $auth->getErrors(); if (empty($errors)) { print_r('<p>Sucessfully logged out</p>'); } else { print_r('<p>' . implode(', ', $errors) . '</p>'); } } } } } } if (isset($_SESSION['samlUserdata'])) { if (!empty($_SESSION['samlUserdata'])) { $attributes = $_SESSION['samlUserdata']; echo 'You have the following attributes:<br>';
/** * Tests the processSLO method of the OneLogin_Saml2_Auth class * Case Valid Logout Request, validating the relayState, * a signed LogoutResponse is created and a redirection executed * * @covers OneLogin_Saml2_Auth::processSLO * @runInSeparateProcess */ public function testProcessSLORequestSignedResponse() { $settingsDir = TEST_ROOT . '/settings/'; include $settingsDir . 'settings1.php'; $settingsInfo['security']['logoutResponseSigned'] = true; $auth = new OneLogin_Saml2_Auth($settingsInfo); $message = file_get_contents(TEST_ROOT . '/data/logout_requests/logout_request_deflated.xml.base64'); // In order to avoid the destination problem $plainMessage = gzinflate(base64_decode($message)); $currentURL = OneLogin_Saml2_Utils::getSelfURLNoQuery(); $plainMessage = str_replace('http://stuff.com/endpoints/endpoints/sls.php', $currentURL, $plainMessage); $message = base64_encode(gzdeflate($plainMessage)); $_GET['SAMLRequest'] = $message; $_GET['RelayState'] = 'http://relaystate.com'; try { $auth->setStrict(true); $auth->processSLO(false); $this->assertFalse(true); } catch (Exception $e) { $this->assertContains('Cannot modify header information', $e->getMessage()); $trace = $e->getTrace(); $targetUrl = getUrlFromRedirect($trace); $parsedQuery = getParamsFromUrl($targetUrl); $sloUrl = $settingsInfo['idp']['singleLogoutService']['url']; $this->assertContains($sloUrl, $targetUrl); $this->assertArrayHasKey('SAMLResponse', $parsedQuery); $this->assertArrayHasKey('RelayState', $parsedQuery); $this->assertArrayHasKey('SigAlg', $parsedQuery); $this->assertArrayHasKey('Signature', $parsedQuery); $this->assertEquals('http://relaystate.com', $parsedQuery['RelayState']); $this->assertEquals(XMLSecurityKey::RSA_SHA1, $parsedQuery['SigAlg']); } }
<?php /** * SP Single Logout Service Endpoint */ session_start(); require_once dirname(dirname(__FILE__)) . '/_toolkit_loader.php'; $auth = new OneLogin_Saml2_Auth(); $auth->processSLO(); $errors = $auth->getErrors(); if (empty($errors)) { print_r('Sucessfully logged out'); } else { print_r(implode(', ', $errors)); }
private function procesar_logout(OneLogin_Saml2_Auth $auth) { if (!is_null(toba::memoria()->get_parametro('sls'))) { $auth->processSLO(); } elseif (isset($_GET['slo'])) { $auth->logout(); } $this->verificar_errores_onelogin($auth); }