/** * @param LogoutResponse $logoutResponse * @throws \RuntimeException */ protected function validateRequestState(LogoutResponse $logoutResponse) { $state = $this->requestStore->get($logoutResponse->getInResponseTo()); if (!$state) { throw new \RuntimeException('Got response to a request that was not made'); } if ($state->getDestination() != $logoutResponse->getIssuer()) { throw new \RuntimeException('Got response from different issuer'); } $this->requestStore->remove($state); }