Retrieve the decryption keys from metadata.
public static getDecryptionKeys ( SimpleSAML_Configuration $srcMetadata, SimpleSAML_Configuration $dstMetadata ) : array | ||
$srcMetadata | SimpleSAML_Configuration | The metadata of the sender (IdP). |
$dstMetadata | SimpleSAML_Configuration | The metadata of the recipient (SP). |
Résultat | array | Array of decryption keys. |
$relayState = $message->getRelayState(); if ($relayState === NULL) { /* Somehow, our RelayState has been lost. */ throw new SimpleSAML_Error_BadRequest('Missing RelayState in logout response.'); } if (!$message->isSuccess()) { SimpleSAML_Logger::warning('Unsuccessful logout. Status was: ' . sspmod_saml_Message::getResponseError($message)); } $state = SimpleSAML_Auth_State::loadState($relayState, 'saml:slosent'); SimpleSAML_Auth_Source::completeLogout($state); } elseif ($message instanceof SAML2_LogoutRequest) { SimpleSAML_Logger::debug('module/saml2/sp/logout: Request from ' . $idpEntityId); SimpleSAML_Logger::stats('saml20-idp-SLO idpinit ' . $spEntityId . ' ' . $idpEntityId); if ($message->isNameIdEncrypted()) { try { $keys = sspmod_saml_Message::getDecryptionKeys($srcMetadata, $dstMetadata); } catch (Exception $e) { throw new SimpleSAML_Error_Exception('Error decrypting NameID: ' . $e->getMessage()); } $lastException = NULL; foreach ($keys as $i => $key) { try { $message->decryptNameId($key); SimpleSAML_Logger::debug('Decryption with key #' . $i . ' succeeded.'); } catch (Exception $e) { SimpleSAML_Logger::debug('Decryption with key #' . $i . ' failed with exception: ' . $e->getMessage()); $lastException = $e; } } throw $lastException; }
SimpleSAML_Logger::warning('Unsuccessful logout. Status was: ' . sspmod_saml_Message::getResponseError($message)); } // sanitize the input $sid = SimpleSAML_Utilities::parseStateID($relayState); if (!is_null($sid['url'])) { SimpleSAML_Utilities::checkURLAllowed($sid['url']); } $state = SimpleSAML_Auth_State::loadState($relayState, 'saml:slosent'); $state['saml:sp:LogoutStatus'] = $message->getStatus(); SimpleSAML_Auth_Source::completeLogout($state); } elseif ($message instanceof SAML2_LogoutRequest) { SimpleSAML_Logger::debug('module/saml2/sp/logout: Request from ' . $idpEntityId); SimpleSAML_Logger::stats('saml20-idp-SLO idpinit ' . $spEntityId . ' ' . $idpEntityId); if ($message->isNameIdEncrypted()) { try { $keys = sspmod_saml_Message::getDecryptionKeys($idpMetadata, $spMetadata); } catch (Exception $e) { throw new SimpleSAML_Error_Exception('Error decrypting NameID: ' . $e->getMessage()); } $blacklist = sspmod_saml_Message::getBlacklistedAlgorithms($idpMetadata, $spMetadata); $lastException = NULL; foreach ($keys as $i => $key) { try { $message->decryptNameId($key, $blacklist); SimpleSAML_Logger::debug('Decryption with key #' . $i . ' succeeded.'); $lastException = NULL; break; } catch (Exception $e) { SimpleSAML_Logger::debug('Decryption with key #' . $i . ' failed with exception: ' . $e->getMessage()); $lastException = $e; }