/**
* test destination getter and setter.
*/
public function testGetSetDestination()
{
$bind = Binding::getBinding(Constants::BINDING_HTTP_POST);
$dest = $bind->getDestination();
$this->assertNull($dest);
$bind->setDestination('http://example.org/example');
$dest = $bind->getDestination();
$this->assertEquals($dest, 'http://example.org/example');
}
}
$associations = $idp->getAssociations();
if (!isset($associations[$assocId])) {
throw new SimpleSAML_Error_BadRequest('Invalid association id.');
}
$association = $associations[$assocId];
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
$spMetadata = $metadata->getMetaDataConfig($association['saml:entityID'], 'saml20-sp-remote');
$lr = sspmod_saml_Message::buildLogoutRequest($idpMetadata, $spMetadata);
$lr->setSessionIndex($association['saml:SessionIndex']);
$lr->setNameId($association['saml:NameID']);
$assertionLifetime = $spMetadata->getInteger('assertion.lifetime', NULL);
if ($assertionLifetime === NULL) {
$assertionLifetime = $idpMetadata->getInteger('assertion.lifetime', 300);
}
$lr->setNotOnOrAfter(time() + $assertionLifetime);
$encryptNameId = $spMetadata->getBoolean('nameid.encryption', NULL);
if ($encryptNameId === NULL) {
$encryptNameId = $idpMetadata->getBoolean('nameid.encryption', FALSE);
}
if ($encryptNameId) {
$lr->encryptNameId(sspmod_saml_Message::getEncryptionKey($spMetadata));
}
SimpleSAML_Stats::log('saml:idp:LogoutRequest:sent', array('spEntityID' => $association['saml:entityID'], 'idpEntityID' => $idpMetadata->getString('entityid')));
$bindings = array(\SAML2\Constants::BINDING_HTTP_POST);
$dst = $spMetadata->getDefaultEndpoint('SingleLogoutService', $bindings);
$binding = \SAML2\Binding::getBinding($dst['Binding']);
$lr->setDestination($dst['Location']);
$lr->setRelayState($relayState);
$binding->send($lr);
/**
* Start a SAML 2 logout operation.
*
* @param array $state The logout state.
*/
public function startSLO2(&$state)
{
assert('is_array($state)');
assert('array_key_exists("saml:logout:IdP", $state)');
assert('array_key_exists("saml:logout:NameID", $state)');
assert('array_key_exists("saml:logout:SessionIndex", $state)');
$id = SimpleSAML_Auth_State::saveState($state, 'saml:slosent');
$idp = $state['saml:logout:IdP'];
$nameId = $state['saml:logout:NameID'];
$sessionIndex = $state['saml:logout:SessionIndex'];
$idpMetadata = $this->getIdPMetadata($idp);
$endpoint = $idpMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array(\SAML2\Constants::BINDING_HTTP_REDIRECT, \SAML2\Constants::BINDING_HTTP_POST), FALSE);
if ($endpoint === FALSE) {
SimpleSAML\Logger::info('No logout endpoint for IdP ' . var_export($idp, TRUE) . '.');
return;
}
$lr = sspmod_saml_Message::buildLogoutRequest($this->metadata, $idpMetadata);
$lr->setNameId($nameId);
$lr->setSessionIndex($sessionIndex);
$lr->setRelayState($id);
$lr->setDestination($endpoint['Location']);
$encryptNameId = $idpMetadata->getBoolean('nameid.encryption', NULL);
if ($encryptNameId === NULL) {
$encryptNameId = $this->metadata->getBoolean('nameid.encryption', FALSE);
}
if ($encryptNameId) {
$lr->encryptNameId(sspmod_saml_Message::getEncryptionKey($idpMetadata));
}
$b = \SAML2\Binding::getBinding($endpoint['Binding']);
$b->send($lr);
assert('FALSE');
}
/**
* Send a logout response.
*
* @param SimpleSAML_IdP $idp The IdP we are sending a logout request from.
* @param array &$state The logout state array.
*/
public static function sendLogoutResponse(SimpleSAML_IdP $idp, array $state)
{
assert('isset($state["saml:SPEntityId"])');
assert('isset($state["saml:RequestId"])');
assert('array_key_exists("saml:RelayState", $state)');
// Can be NULL.
$spEntityId = $state['saml:SPEntityId'];
$metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler();
$idpMetadata = $idp->getConfig();
$spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote');
$lr = sspmod_saml_Message::buildLogoutResponse($idpMetadata, $spMetadata);
$lr->setInResponseTo($state['saml:RequestId']);
$lr->setRelayState($state['saml:RelayState']);
if (isset($state['core:Failed']) && $state['core:Failed']) {
$partial = true;
$lr->setStatus(array('Code' => \SAML2\Constants::STATUS_SUCCESS, 'SubCode' => \SAML2\Constants::STATUS_PARTIAL_LOGOUT));
SimpleSAML\Logger::info('Sending logout response for partial logout to SP ' . var_export($spEntityId, true));
} else {
$partial = false;
SimpleSAML\Logger::debug('Sending logout response to SP ' . var_export($spEntityId, true));
}
SimpleSAML_Stats::log('saml:idp:LogoutResponse:sent', array('spEntityID' => $spEntityId, 'idpEntityID' => $idpMetadata->getString('entityid'), 'partial' => $partial));
$dst = $spMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array(\SAML2\Constants::BINDING_HTTP_REDIRECT, \SAML2\Constants::BINDING_HTTP_POST));
$binding = \SAML2\Binding::getBinding($dst['Binding']);
if (isset($dst['ResponseLocation'])) {
$dst = $dst['ResponseLocation'];
} else {
$dst = $dst['Location'];
}
$lr->setDestination($dst);
$binding->send($lr);
}
