예제 #1
0
        }
        $lastException = NULL;
        foreach ($keys as $i => $key) {
            try {
                $message->decryptNameId($key);
                SimpleSAML_Logger::debug('Decryption with key #' . $i . ' succeeded.');
            } catch (Exception $e) {
                SimpleSAML_Logger::debug('Decryption with key #' . $i . ' failed with exception: ' . $e->getMessage());
                $lastException = $e;
            }
        }
        throw $lastException;
    }
    $nameId = $message->getNameId();
    $sessionIndexes = $message->getSessionIndexes();
    $numLoggedOut = sspmod_saml_SP_LogoutStore::logoutSessions($sourceId, $nameId, $sessionIndexes);
    if ($numLoggedOut === FALSE) {
        /* This type of logout was unsupported. Use the old method. */
        $source->handleLogout($idpEntityId);
        $numLoggedOut = count($sessionIndexes);
    }
    /* Create an send response. */
    $lr = sspmod_saml_Message::buildLogoutResponse($spMetadata, $idpMetadata);
    $lr->setRelayState($message->getRelayState());
    $lr->setInResponseTo($message->getId());
    /* We should return a partial logout if we were unable to log out of all the given session(s). */
    if ($numLoggedOut < count($sessionIndexes)) {
        $lr->setStatus(array('Code' => SAML2_Const::STATUS_SUCCESS, 'SubCode' => SAML2_Const::STATUS_PARTIAL_LOGOUT, 'Message' => 'Logged out of ' . $numLoggedOut . ' of ' . count($sessionIndexes) . ' sessions.'));
    }
    $binding->send($lr);
} else {
예제 #2
0
        /* Assertion contains AuthnStatement, since AuthnInstant is a required attribute. */
        $foundAuthnStatement = TRUE;
    }
}
if (!$foundAuthnStatement) {
    $e = new SimpleSAML_Error_Exception('No AuthnStatement found in assertion(s).');
    SimpleSAML_Auth_State::throwException($state, $e);
}
if ($expire !== NULL) {
    $logoutExpire = $expire;
} else {
    /* Just expire the logout associtaion 24 hours into the future. */
    $logoutExpire = time() + 24 * 60 * 60;
}
/* Register this session in the logout store. */
sspmod_saml_SP_LogoutStore::addSession($sourceId, $nameId, $sessionIndex, $logoutExpire);
/* We need to save the NameID and SessionIndex for logout. */
$logoutState = array('saml:logout:Type' => 'saml2', 'saml:logout:IdP' => $idp, 'saml:logout:NameID' => $nameId, 'saml:logout:SessionIndex' => $sessionIndex);
$state['LogoutState'] = $logoutState;
$state['saml:AuthenticatingAuthority'] = $authenticatingAuthority;
$state['saml:AuthenticatingAuthority'][] = $idp;
$state['PersistentAuthData'][] = 'saml:AuthenticatingAuthority';
$state['saml:sp:IdP'] = $idp;
$state['PersistentAuthData'][] = 'saml:sp:IdP';
$state['saml:sp:NameID'] = $nameId;
$state['PersistentAuthData'][] = 'saml:sp:NameID';
$state['saml:sp:SessionIndex'] = $sessionIndex;
$state['PersistentAuthData'][] = 'saml:sp:SessionIndex';
$state['saml:sp:AuthnContext'] = $assertion->getAuthnContext();
$state['PersistentAuthData'][] = 'saml:sp:AuthnContext';
if ($expire !== NULL) {