/** * Tests the getID method of the OneLogin_Saml2_LogoutRequest * * @covers OneLogin_Saml2_LogoutRequest::getID */ public function testGetIDFromDeflatedSAMLLogoutRequest() { $deflatedLogoutRequest = file_get_contents(TEST_ROOT . '/data/logout_requests/logout_request_deflated.xml.base64'); $decoded = base64_decode($deflatedLogoutRequest); $logoutRequest = gzinflate($decoded); $id = OneLogin_Saml2_LogoutRequest::getID($logoutRequest); $this->assertEquals('ONELOGIN_21584ccdfaca36a145ae990442dcd96bfe60151e', $id); }
/** * Process the SAML Logout Response / Logout Request sent by the IdP. * * @param boolean $keepLocalSession When false will destroy the local session, otherwise will keep it * @param string $requestId The ID of the LogoutRequest sent by this SP to the IdP */ public function processSLO($keepLocalSession = false, $requestId = null) { $this->_errors = array(); if (isset($_GET) && isset($_GET['SAMLResponse'])) { $logoutResponse = new OneLogin_Saml2_LogoutResponse($this->_settings, $_GET['SAMLResponse']); if (!$logoutResponse->isValid($requestId)) { $this->_errors[] = 'invalid_logout_response'; } else { if ($logoutResponse->getStatus() !== OneLogin_Saml2_Constants::STATUS_SUCCESS) { $this->_errors[] = 'logout_not_success'; } else { if (!$keepLocalSession) { OneLogin_Saml2_Utils::deleteLocalSession(); } } } } else { if (isset($_GET) && isset($_GET['SAMLRequest'])) { $logoutRequest = new OneLogin_Saml2_LogoutRequest($this->_settings, $_GET['SAMLRequest']); if (!$logoutRequest->isValid()) { $this->_errors[] = 'invalid_logout_request'; } else { if (!$keepLocalSession) { OneLogin_Saml2_Utils::deleteLocalSession(); } $inResponseTo = OneLogin_Saml2_LogoutRequest::getID(gzinflate(base64_decode($_GET['SAMLRequest']))); $responseBuilder = new OneLogin_Saml2_LogoutResponse($this->_settings); $responseBuilder->build($inResponseTo); $logoutResponse = $responseBuilder->getResponse(); $parameters = array('SAMLResponse' => $logoutResponse); if (isset($_GET['RelayState'])) { $parameters['RelayState'] = $_GET['RelayState']; } $security = $this->_settings->getSecurityData(); if (isset($security['logoutResponseSigned']) && $security['logoutResponseSigned']) { $signature = $this->buildResponseSignature($logoutResponse, $parameters['RelayState']); $parameters['SigAlg'] = XMLSecurityKey::RSA_SHA1; $parameters['Signature'] = $signature; } $this->redirectTo($this->getSLOurl(), $parameters); } } else { $this->_errors[] = 'invalid_binding'; throw new OneLogin_Saml2_Error('SAML LogoutRequest/LogoutResponse not found. Only supported HTTP_REDIRECT Binding', OneLogin_Saml2_Error::SAML_LOGOUTMESSAGE_NOT_FOUND); } } }