/** * Process the SAML Logout Response / Logout Request sent by the IdP. * * @param boolean $keepLocalSession When false will destroy the local session, otherwise will keep it * @param string $requestId The ID of the LogoutRequest sent by this SP to the IdP */ public function processSLO($keepLocalSession = false, $requestId = null, $retrieveParametersFromServer = false) { $this->_errors = array(); $samlResponse = null; if (isset($_GET) && isset($_GET['SAMLResponse'])) { $samlResponse = $_GET['SAMLResponse']; } else { if (isset($_POST) && isset($_POST['SAMLResponse'])) { $samlResponse = $_POST['SAMLResponse']; } } $relayState = null; if (isset($_GET['RelayState'])) { $relayState = $_GET['RelayState']; } else { if ($_POST['RelayState']) { $relayState = $_POST['RelayState']; } } $samlRequest = null; if (isset($_GET) && isset($_GET['SAMLRequest'])) { $samlRequest = $_GET['SAMLRequest']; } else { if (isset($_POST) && isset($_POST['SAMLRequest'])) { $samlRequest = $_POST['SAMLRequest']; } } if ($samlResponse) { $logoutResponse = new OneLogin_Saml2_LogoutResponse($this->_settings, $samlResponse); if (!$logoutResponse->isValid($requestId, $retrieveParametersFromServer)) { $this->_errors[] = 'invalid_logout_response'; $this->_errorReason = $logoutResponse->getError(); } else { if ($logoutResponse->getStatus() !== OneLogin_Saml2_Constants::STATUS_SUCCESS) { $this->_errors[] = 'logout_not_success'; } else { if (!$keepLocalSession) { OneLogin_Saml2_Utils::deleteLocalSession(); } } } } else { if ($samlRequest) { $logoutRequest = new OneLogin_Saml2_LogoutRequest($this->_settings, $samlRequest); if (!$logoutRequest->isValid($retrieveParametersFromServer)) { $this->_errors[] = 'invalid_logout_request'; $this->_errorReason = $logoutRequest->getError(); } else { if (!$keepLocalSession) { OneLogin_Saml2_Utils::deleteLocalSession(); } $inResponseTo = $logoutRequest->id; $responseBuilder = new OneLogin_Saml2_LogoutResponse($this->_settings); $responseBuilder->build($inResponseTo); $logoutResponse = $responseBuilder->getResponse(); $parameters = array('SAMLResponse' => $logoutResponse); if ($relayState) { $parameters['RelayState'] = $relayState; } $security = $this->_settings->getSecurityData(); if (isset($security['logoutResponseSigned']) && $security['logoutResponseSigned']) { $signature = $this->buildResponseSignature($logoutResponse, $parameters['RelayState']); $parameters['SigAlg'] = XMLSecurityKey::RSA_SHA1; $parameters['Signature'] = $signature; } $sloUrlWithParameters = $this->redirectTo($this->getSLOurl(), $parameters, true); } } else { $this->_errors[] = 'invalid_binding'; throw new OneLogin_Saml2_Error('SAML LogoutRequest/LogoutResponse not found. Only supported HTTP_REDIRECT Binding', OneLogin_Saml2_Error::SAML_LOGOUTMESSAGE_NOT_FOUND); } } }
/** * Tests the isValid method of the OneLogin_Saml2_LogoutResponse * * @covers OneLogin_Saml2_LogoutResponse::isValid */ public function testIsValid() { $message = file_get_contents(TEST_ROOT . '/data/logout_responses/logout_response_deflated.xml.base64'); $response = new OneLogin_Saml2_LogoutResponse($this->_settings, $message); $this->assertTrue($response->isValid()); $this->_settings->setStrict(true); $response2 = new OneLogin_Saml2_LogoutResponse($this->_settings, $message); $this->assertFalse($response2->isValid()); $this->assertContains('The LogoutResponse was received at', $response2->getError()); $plainMessage = gzinflate(base64_decode($message)); $currentURL = OneLogin_Saml2_Utils::getSelfURLNoQuery(); $plainMessage = str_replace('http://stuff.com/endpoints/endpoints/sls.php', $currentURL, $plainMessage); $message3 = base64_encode(gzdeflate($plainMessage)); $response3 = new OneLogin_Saml2_LogoutResponse($this->_settings, $message3); $this->assertTrue($response3->isValid()); }
/** * Process the SAML Logout Response / Logout Request sent by the IdP. * * @param boolean $keepLocalSession When false will destroy the local session, otherwise will destroy it * @param string $requestId The ID of the LogoutRequest sent by this SP to the IdP */ public function processSLO($keepLocalSession = false, $requestId = null) { $this->_errors = array(); if (isset($_GET) && isset($_GET['SAMLResponse'])) { $logoutResponse = new OneLogin_Saml2_LogoutResponse($this->_settings, $_GET['SAMLResponse']); if (!$logoutResponse->isValid($requestId)) { $this->_errors[] = 'invalid_logout_response'; } else { if ($logoutResponse->getStatus() !== OneLogin_Saml2_Constants::STATUS_SUCCESS) { $this->_errors[] = 'logout_not_success'; } else { if (!$keepLocalSession) { OneLogin_Saml2_Utils::deleteLocalSession(); } } } } else { if (isset($_GET) && isset($_GET['SAMLRequest'])) { $decoded = base64_decode($_GET['SAMLRequest']); $request = gzinflate($decoded); if (!OneLogin_Saml2_LogoutRequest::isValid($this->_settings, $request)) { $this->_errors[] = 'invalid_logout_request'; } else { if (!$keepLocalSession) { OneLogin_Saml2_Utils::deleteLocalSession(); } $inResponseTo = OneLogin_Saml2_LogoutRequest::getID($request); $responseBuilder = new OneLogin_Saml2_LogoutResponse($this->_settings); $responseBuilder->build($inResponseTo); $logoutResponse = $responseBuilder->getResponse(); $parameters = array('SAMLResponse' => $logoutResponse); if (isset($_GET['RelayState'])) { $parameters['RelayState'] = $_GET['RelayState']; } $security = $this->_settings->getSecurityData(); if (isset($security['logoutResponseSigned']) && $security['logoutResponseSigned']) { $signature = $this->buildResponseSignature($logoutResponse, $parameters['RelayState']); $parameters['SigAlg'] = XMLSecurityKey::RSA_SHA1; $parameters['Signature'] = $signature; } $this->redirectTo($this->getSLOurl(), $parameters); } } else { $this->_errors[] = 'invalid_binding'; throw new OneLogin_Saml2_Error('SAML LogoutRequest/LogoutResponse not found. Only supported HTTP_REDIRECT Binding', OneLogin_Saml2_Error::SAML_LOGOUTMESSAGE_NOT_FOUND); } } }