Notice: Our Constructor only support 1 SessionIndex but this parser
extracts an array of all the SessionIndex found on a
Logout Request, that could be many.
public static getSessionIndexes ( string | DOMDocument $request ) : array | ||
$request | string | DOMDocument | Logout Request Message |
return | array | The SessionIndex value |
/** * Single Logout Service */ public function slsAction() { if ($this->getRequest()->getPost('RelayState')) { $this->_redirectUrl($this->getRequest()->getPost('RelayState')); return; } $samlRequest = $this->getRequest()->getPost('SAMLRequest'); $oneLoginSettings = new OneLogin_Saml2_Settings(Mage::helper('hukmedia_wso2/config')->getWso2SamlConfig()); $logoutRequest = new OneLogin_Saml2_LogoutRequest($oneLoginSettings, $samlRequest); $logoutRequestRaw = $logoutRequest->getRequestRaw(); $sessionIndex = current($logoutRequest->getSessionIndexes($logoutRequestRaw)); $sessionIndexModel = Mage::getModel('hukmedia_wso2/sessionindex'); $sessionIndexModel->loadBySessionIndex($sessionIndex); /* destroy the session from incomming wso2 logout request */ session_destroy(); /* load the magento customer session and destroy */ /* this is a ugly solution, how can a session be loaded by id or somtheing else? */ /* someting like ... /* $session = Mage::getSingleton('core/session')->loadByAnyId($sessionIndexModel->getMagentoSessionId()) */ /* $session->logout()->renew() */ /* i'm not happy with this solution :'-( */ session_id($sessionIndexModel->getMagentoSessionId()); session_start(); session_destroy(); $sessionIndexModel->delete(); }
/** * Tests the getSessionIndexes of the OneLogin_Saml2_LogoutRequest * * @covers OneLogin_Saml2_LogoutRequest::getSessionIndexes */ public function testGetSessionIndexes() { $request = file_get_contents(TEST_ROOT . '/data/logout_requests/logout_request.xml'); $sessionIndexes = OneLogin_Saml2_LogoutRequest::getSessionIndexes($request); $this->assertEmpty($sessionIndexes); $dom = new DOMDocument(); $dom->loadXML($request); $sessionIndexes = OneLogin_Saml2_LogoutRequest::getSessionIndexes($dom); $this->assertEmpty($sessionIndexes); $request2 = file_get_contents(TEST_ROOT . '/data/logout_requests/logout_request_with_sessionindex.xml'); $sessionIndexes2 = OneLogin_Saml2_LogoutRequest::getSessionIndexes($request2); $this->assertEquals(array('_ac72a76526cb6ca19f8438e73879a0e6c8ae5131'), $sessionIndexes2); }