getRequest() public method

Returns the Logout Request defated, base64encoded, unsigned
public getRequest ( boolean | null $deflate = null ) : string
$deflate boolean | null Whether or not we should 'gzdeflate' the request body before we return it.
return string Deflated base64 encoded Logout Request
OneLogin_Saml2_LogoutRequest Class Documentation
示例#1
0
 /**
  * Get URL to follow to get logged out
  * @return string
  */
 public function getLogoutUrl()
 {
     if (empty($GLOBALS['sugar_config']['SAML_SLO'])) {
         return;
     }
     $auth = new OneLogin_Saml2_Auth(SAMLAuthenticate::loadSettings());
     $req = new OneLogin_Saml2_LogoutRequest($auth->getSettings());
     return $GLOBALS['sugar_config']['SAML_SLO'] . "?SAMLRequest=" . urlencode($req->getRequest());
 }
示例#2
0
 /**
  * Tests the OneLogin_Saml2_LogoutRequest Constructor. 
  * The creation of a deflated SAML Logout Request
  *
  * @covers OneLogin_Saml2_LogoutRequest
  */
 public function testCreateDeflatedSAMLLogoutRequestURLParameter()
 {
     $logoutRequest = new OneLogin_Saml2_LogoutRequest($this->_settings);
     $parameters = array('SAMLRequest' => $logoutRequest->getRequest());
     $logoutUrl = OneLogin_Saml2_Utils::redirect('http://idp.example.com/SingleLogoutService.php', $parameters, true);
     $this->assertRegExp('#^http://idp\\.example\\.com\\/SingleLogoutService\\.php\\?SAMLRequest=#', $logoutUrl);
     parse_str(parse_url($logoutUrl, PHP_URL_QUERY), $exploded);
     // parse_url already urldecode de params so is not required.
     $payload = $exploded['SAMLRequest'];
     $decoded = base64_decode($payload);
     $inflated = gzinflate($decoded);
     $this->assertRegExp('#^<samlp:LogoutRequest#', $inflated);
 }
示例#3
0
 /**
  * Initiates the SLO process.
  *
  * @param string $returnTo      The target URL the user should be returned to after logout.
  * @param array  $parameters    Extra parameters to be added to the GET
  * @param string $nameId        The NameID that will be set in the LogoutRequest.
  * @param string $sessionIndex  The SessionIndex (taken from the SAML Response in the SSO process).
  */
 public function logout($returnTo = null, $parameters = array(), $nameId = null, $sessionIndex = null)
 {
     assert('is_array($parameters)');
     $sloUrl = $this->getSLOurl();
     if (empty($sloUrl)) {
         throw new OneLogin_Saml2_Error('The IdP does not support Single Log Out', OneLogin_Saml2_Error::SAML_SINGLE_LOGOUT_NOT_SUPPORTED);
     }
     if (empty($nameId) && !empty($this->_nameid)) {
         $nameId = $this->_nameid;
     }
     $logoutRequest = new OneLogin_Saml2_LogoutRequest($this->_settings, null, $nameId, $sessionIndex);
     $samlRequest = $logoutRequest->getRequest();
     $parameters['SAMLRequest'] = $samlRequest;
     if (!empty($returnTo)) {
         $parameters['RelayState'] = $returnTo;
     } else {
         $parameters['RelayState'] = OneLogin_Saml2_Utils::getSelfRoutedURLNoQuery();
     }
     $security = $this->_settings->getSecurityData();
     if (isset($security['logoutRequestSigned']) && $security['logoutRequestSigned']) {
         $signature = $this->buildRequestSignature($samlRequest, $parameters['RelayState'], $security['signatureAlgorithm']);
         $parameters['SigAlg'] = $security['signatureAlgorithm'];
         $parameters['Signature'] = $signature;
     }
     return $this->redirectTo($sloUrl, $parameters);
 }
示例#4
0
 * additional information regarding copyright ownership.
 * The Apereo Foundation licenses this file to you under the Apache License,
 * Version 2.0 (the "License"); you may not use this file except in
 * compliance with the License. You may obtain a copy of the License at:
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
session_start();
require_once '_toolkit_loader.php';
$samlSettings = new OneLogin_Saml2_Settings();
$idpData = $samlSettings->getIdPData();
if (isset($idpData['singleLogoutService']) && isset($idpData['singleLogoutService']['url'])) {
    $sloUrl = $idpData['singleLogoutService']['url'];
} else {
    throw new Exception("The IdP does not support Single Log Out");
}
if (isset($_SESSION['IdPSessionIndex']) && !empty($_SESSION['IdPSessionIndex'])) {
    $logoutRequest = new OneLogin_Saml2_LogoutRequest($samlSettings, null, $_SESSION['IdPSessionIndex']);
} else {
    $logoutRequest = new OneLogin_Saml2_LogoutRequest($samlSettings);
}
$samlRequest = $logoutRequest->getRequest();
$parameters = array('SAMLRequest' => $samlRequest);
$url = OneLogin_Saml2_Utils::redirect($sloUrl, $parameters, true);
header("Location: {$url}");
示例#5
0
 /**
  * Tests that we can pass a boolean value to the getRequest()
  * method to choose whether it should 'gzdeflate' the body
  * of the request.
  *
  * @covers OneLogin_Saml2_LogoutRequest::getRequest()
  */
 public function testWeCanChooseToDeflateARequestBody()
 {
     //Test that we can choose not to compress the request payload.
     $settingsDir = TEST_ROOT . '/settings/';
     include $settingsDir . 'settings1.php';
     //Compression is currently turned on in settings.
     $settings = new OneLogin_Saml2_Settings($settingsInfo);
     $logoutRequest = new OneLogin_Saml2_LogoutRequest($settings);
     $payload = $logoutRequest->getRequest(false);
     $decoded = base64_decode($payload);
     $this->assertRegExp('#^<samlp:LogoutRequest#', $decoded);
     //Test that we can choose not to compress the request payload.
     $settingsDir = TEST_ROOT . '/settings/';
     include $settingsDir . 'settings2.php';
     //Compression is currently turned off in settings.
     $settings = new OneLogin_Saml2_Settings($settingsInfo);
     $logoutRequest = new OneLogin_Saml2_LogoutRequest($settings);
     $payload = $logoutRequest->getRequest(true);
     $decoded = base64_decode($payload);
     $decompressed = gzinflate($decoded);
     $this->assertRegExp('#^<samlp:LogoutRequest#', $decompressed);
 }
示例#6
0
 /**
  * Initiates the SLO process.
  *
  * @param string $returnTo The target URL the user should be returned to after logout.
  */
 public function logout($returnTo = null)
 {
     $sloUrl = $this->getSLOurl();
     if (!isset($sloUrl)) {
         throw new OneLogin_Saml2_Error('The IdP does not support Single Log Out', OneLogin_Saml2_Error::SAML_SINGLE_LOGOUT_NOT_SUPPORTED);
     }
     $logoutRequest = new OneLogin_Saml2_LogoutRequest($this->_settings);
     $samlRequest = $logoutRequest->getRequest();
     $parameters = array('SAMLRequest' => $samlRequest);
     if (!empty($returnTo)) {
         $parameters['RelayState'] = $returnTo;
     } else {
         $parameters['RelayState'] = OneLogin_Saml2_Utils::getSelfURLNoQuery();
     }
     $security = $this->_settings->getSecurityData();
     if (isset($security['logoutRequestSigned']) && $security['logoutRequestSigned']) {
         $signature = $this->buildRequestSignature($samlRequest, $parameters['RelayState']);
         $parameters['SigAlg'] = XMLSecurityKey::RSA_SHA1;
         $parameters['Signature'] = $signature;
     }
     $this->redirectTo($sloUrl, $parameters);
 }