Returns the Logout Request defated, base64encoded, unsigned
/** * Get URL to follow to get logged out * @return string */ public function getLogoutUrl() { if (empty($GLOBALS['sugar_config']['SAML_SLO'])) { return; } $auth = new OneLogin_Saml2_Auth(SAMLAuthenticate::loadSettings()); $req = new OneLogin_Saml2_LogoutRequest($auth->getSettings()); return $GLOBALS['sugar_config']['SAML_SLO'] . "?SAMLRequest=" . urlencode($req->getRequest()); }
/** * Tests the OneLogin_Saml2_LogoutRequest Constructor. * The creation of a deflated SAML Logout Request * * @covers OneLogin_Saml2_LogoutRequest */ public function testCreateDeflatedSAMLLogoutRequestURLParameter() { $logoutRequest = new OneLogin_Saml2_LogoutRequest($this->_settings); $parameters = array('SAMLRequest' => $logoutRequest->getRequest()); $logoutUrl = OneLogin_Saml2_Utils::redirect('http://idp.example.com/SingleLogoutService.php', $parameters, true); $this->assertRegExp('#^http://idp\\.example\\.com\\/SingleLogoutService\\.php\\?SAMLRequest=#', $logoutUrl); parse_str(parse_url($logoutUrl, PHP_URL_QUERY), $exploded); // parse_url already urldecode de params so is not required. $payload = $exploded['SAMLRequest']; $decoded = base64_decode($payload); $inflated = gzinflate($decoded); $this->assertRegExp('#^<samlp:LogoutRequest#', $inflated); }
/** * Initiates the SLO process. * * @param string $returnTo The target URL the user should be returned to after logout. * @param array $parameters Extra parameters to be added to the GET * @param string $nameId The NameID that will be set in the LogoutRequest. * @param string $sessionIndex The SessionIndex (taken from the SAML Response in the SSO process). */ public function logout($returnTo = null, $parameters = array(), $nameId = null, $sessionIndex = null) { assert('is_array($parameters)'); $sloUrl = $this->getSLOurl(); if (empty($sloUrl)) { throw new OneLogin_Saml2_Error('The IdP does not support Single Log Out', OneLogin_Saml2_Error::SAML_SINGLE_LOGOUT_NOT_SUPPORTED); } if (empty($nameId) && !empty($this->_nameid)) { $nameId = $this->_nameid; } $logoutRequest = new OneLogin_Saml2_LogoutRequest($this->_settings, null, $nameId, $sessionIndex); $samlRequest = $logoutRequest->getRequest(); $parameters['SAMLRequest'] = $samlRequest; if (!empty($returnTo)) { $parameters['RelayState'] = $returnTo; } else { $parameters['RelayState'] = OneLogin_Saml2_Utils::getSelfRoutedURLNoQuery(); } $security = $this->_settings->getSecurityData(); if (isset($security['logoutRequestSigned']) && $security['logoutRequestSigned']) { $signature = $this->buildRequestSignature($samlRequest, $parameters['RelayState'], $security['signatureAlgorithm']); $parameters['SigAlg'] = $security['signatureAlgorithm']; $parameters['Signature'] = $signature; } return $this->redirectTo($sloUrl, $parameters); }
* additional information regarding copyright ownership. * The Apereo Foundation licenses this file to you under the Apache License, * Version 2.0 (the "License"); you may not use this file except in * compliance with the License. You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ session_start(); require_once '_toolkit_loader.php'; $samlSettings = new OneLogin_Saml2_Settings(); $idpData = $samlSettings->getIdPData(); if (isset($idpData['singleLogoutService']) && isset($idpData['singleLogoutService']['url'])) { $sloUrl = $idpData['singleLogoutService']['url']; } else { throw new Exception("The IdP does not support Single Log Out"); } if (isset($_SESSION['IdPSessionIndex']) && !empty($_SESSION['IdPSessionIndex'])) { $logoutRequest = new OneLogin_Saml2_LogoutRequest($samlSettings, null, $_SESSION['IdPSessionIndex']); } else { $logoutRequest = new OneLogin_Saml2_LogoutRequest($samlSettings); } $samlRequest = $logoutRequest->getRequest(); $parameters = array('SAMLRequest' => $samlRequest); $url = OneLogin_Saml2_Utils::redirect($sloUrl, $parameters, true); header("Location: {$url}");
/** * Tests that we can pass a boolean value to the getRequest() * method to choose whether it should 'gzdeflate' the body * of the request. * * @covers OneLogin_Saml2_LogoutRequest::getRequest() */ public function testWeCanChooseToDeflateARequestBody() { //Test that we can choose not to compress the request payload. $settingsDir = TEST_ROOT . '/settings/'; include $settingsDir . 'settings1.php'; //Compression is currently turned on in settings. $settings = new OneLogin_Saml2_Settings($settingsInfo); $logoutRequest = new OneLogin_Saml2_LogoutRequest($settings); $payload = $logoutRequest->getRequest(false); $decoded = base64_decode($payload); $this->assertRegExp('#^<samlp:LogoutRequest#', $decoded); //Test that we can choose not to compress the request payload. $settingsDir = TEST_ROOT . '/settings/'; include $settingsDir . 'settings2.php'; //Compression is currently turned off in settings. $settings = new OneLogin_Saml2_Settings($settingsInfo); $logoutRequest = new OneLogin_Saml2_LogoutRequest($settings); $payload = $logoutRequest->getRequest(true); $decoded = base64_decode($payload); $decompressed = gzinflate($decoded); $this->assertRegExp('#^<samlp:LogoutRequest#', $decompressed); }
/** * Initiates the SLO process. * * @param string $returnTo The target URL the user should be returned to after logout. */ public function logout($returnTo = null) { $sloUrl = $this->getSLOurl(); if (!isset($sloUrl)) { throw new OneLogin_Saml2_Error('The IdP does not support Single Log Out', OneLogin_Saml2_Error::SAML_SINGLE_LOGOUT_NOT_SUPPORTED); } $logoutRequest = new OneLogin_Saml2_LogoutRequest($this->_settings); $samlRequest = $logoutRequest->getRequest(); $parameters = array('SAMLRequest' => $samlRequest); if (!empty($returnTo)) { $parameters['RelayState'] = $returnTo; } else { $parameters['RelayState'] = OneLogin_Saml2_Utils::getSelfURLNoQuery(); } $security = $this->_settings->getSecurityData(); if (isset($security['logoutRequestSigned']) && $security['logoutRequestSigned']) { $signature = $this->buildRequestSignature($samlRequest, $parameters['RelayState']); $parameters['SigAlg'] = XMLSecurityKey::RSA_SHA1; $parameters['Signature'] = $signature; } $this->redirectTo($sloUrl, $parameters); }