Process the SAML Logout Response / Logout Request sent by the IdP.
| public processSLO ( boolean $keepLocalSession = false, string | null $requestId = null, boolean $retrieveParametersFromServer = false, callable $cbDeleteSession = null, boolean $stay = false ) : string | void | ||
| $keepLocalSession | boolean | When false will destroy the local session, otherwise will keep it |
| $requestId | string | null | The ID of the LogoutRequest sent by this SP to the IdP |
| $retrieveParametersFromServer | boolean | |
| $cbDeleteSession | callable | |
| $stay | boolean | True if we want to stay (returns the url string) False to redirect |
| Результат | string | void | |
}
$_SESSION['samlUserdata'] = $auth->getAttributes();
$_SESSION['samlNameId'] = $auth->getNameId();
$_SESSION['samlSessionIndex'] = $auth->getSessionIndex();
unset($_SESSION['AuthNRequestID']);
if (isset($_POST['RelayState']) && OneLogin_Saml2_Utils::getSelfURL() != $_POST['RelayState']) {
$auth->redirectTo($_POST['RelayState']);
}
} else {
if (isset($_GET['sls'])) {
if (isset($_SESSION) && isset($_SESSION['LogoutRequestID'])) {
$requestID = $_SESSION['LogoutRequestID'];
} else {
$requestID = null;
}
$auth->processSLO(false, $requestID);
$errors = $auth->getErrors();
if (empty($errors)) {
print_r('<p>Sucessfully logged out</p>');
} else {
print_r('<p>' . implode(', ', $errors) . '</p>');
}
}
}
}
}
}
if (isset($_SESSION['samlUserdata'])) {
if (!empty($_SESSION['samlUserdata'])) {
$attributes = $_SESSION['samlUserdata'];
echo 'You have the following attributes:<br>';
/**
* Tests the processSLO method of the OneLogin_Saml2_Auth class
* Case Valid Logout Request, validating the relayState,
* a signed LogoutResponse is created and a redirection executed
*
* @covers OneLogin_Saml2_Auth::processSLO
* @runInSeparateProcess
*/
public function testProcessSLORequestSignedResponse()
{
$settingsDir = TEST_ROOT . '/settings/';
include $settingsDir . 'settings1.php';
$settingsInfo['security']['logoutResponseSigned'] = true;
$auth = new OneLogin_Saml2_Auth($settingsInfo);
$message = file_get_contents(TEST_ROOT . '/data/logout_requests/logout_request_deflated.xml.base64');
// In order to avoid the destination problem
$plainMessage = gzinflate(base64_decode($message));
$currentURL = OneLogin_Saml2_Utils::getSelfURLNoQuery();
$plainMessage = str_replace('http://stuff.com/endpoints/endpoints/sls.php', $currentURL, $plainMessage);
$message = base64_encode(gzdeflate($plainMessage));
$_GET['SAMLRequest'] = $message;
$_GET['RelayState'] = 'http://relaystate.com';
try {
$auth->setStrict(true);
$auth->processSLO(false);
$this->assertFalse(true);
} catch (Exception $e) {
$this->assertContains('Cannot modify header information', $e->getMessage());
$trace = $e->getTrace();
$targetUrl = getUrlFromRedirect($trace);
$parsedQuery = getParamsFromUrl($targetUrl);
$sloUrl = $settingsInfo['idp']['singleLogoutService']['url'];
$this->assertContains($sloUrl, $targetUrl);
$this->assertArrayHasKey('SAMLResponse', $parsedQuery);
$this->assertArrayHasKey('RelayState', $parsedQuery);
$this->assertArrayHasKey('SigAlg', $parsedQuery);
$this->assertArrayHasKey('Signature', $parsedQuery);
$this->assertEquals('http://relaystate.com', $parsedQuery['RelayState']);
$this->assertEquals(XMLSecurityKey::RSA_SHA1, $parsedQuery['SigAlg']);
}
}
<?php
/**
* SP Single Logout Service Endpoint
*/
session_start();
require_once dirname(dirname(__FILE__)) . '/_toolkit_loader.php';
$auth = new OneLogin_Saml2_Auth();
$auth->processSLO();
$errors = $auth->getErrors();
if (empty($errors)) {
print_r('Sucessfully logged out');
} else {
print_r(implode(', ', $errors));
}
private function procesar_logout(OneLogin_Saml2_Auth $auth)
{
if (!is_null(toba::memoria()->get_parametro('sls'))) {
$auth->processSLO();
} elseif (isset($_GET['slo'])) {
$auth->logout();
}
$this->verificar_errores_onelogin($auth);
}
