/* Assertion contains AuthnStatement, since AuthnInstant is a required attribute. */ $foundAuthnStatement = TRUE; } } if (!$foundAuthnStatement) { $e = new SimpleSAML_Error_Exception('No AuthnStatement found in assertion(s).'); SimpleSAML_Auth_State::throwException($state, $e); } if ($expire !== NULL) { $logoutExpire = $expire; } else { /* Just expire the logout associtaion 24 hours into the future. */ $logoutExpire = time() + 24 * 60 * 60; } /* Register this session in the logout store. */ sspmod_saml_SP_LogoutStore::addSession($sourceId, $nameId, $sessionIndex, $logoutExpire); /* We need to save the NameID and SessionIndex for logout. */ $logoutState = array('saml:logout:Type' => 'saml2', 'saml:logout:IdP' => $idp, 'saml:logout:NameID' => $nameId, 'saml:logout:SessionIndex' => $sessionIndex); $state['LogoutState'] = $logoutState; $state['saml:AuthenticatingAuthority'] = $authenticatingAuthority; $state['saml:AuthenticatingAuthority'][] = $idp; $state['PersistentAuthData'][] = 'saml:AuthenticatingAuthority'; $state['saml:sp:IdP'] = $idp; $state['PersistentAuthData'][] = 'saml:sp:IdP'; $state['saml:sp:NameID'] = $nameId; $state['PersistentAuthData'][] = 'saml:sp:NameID'; $state['saml:sp:SessionIndex'] = $sessionIndex; $state['PersistentAuthData'][] = 'saml:sp:SessionIndex'; $state['saml:sp:AuthnContext'] = $assertion->getAuthnContext(); $state['PersistentAuthData'][] = 'saml:sp:AuthnContext'; if ($expire !== NULL) {