/** * test destination getter and setter. */ public function testGetSetDestination() { $bind = Binding::getBinding(Constants::BINDING_HTTP_POST); $dest = $bind->getDestination(); $this->assertNull($dest); $bind->setDestination('http://example.org/example'); $dest = $bind->getDestination(); $this->assertEquals($dest, 'http://example.org/example'); }
} $associations = $idp->getAssociations(); if (!isset($associations[$assocId])) { throw new SimpleSAML_Error_BadRequest('Invalid association id.'); } $association = $associations[$assocId]; $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpMetadata = $idp->getConfig(); $spMetadata = $metadata->getMetaDataConfig($association['saml:entityID'], 'saml20-sp-remote'); $lr = sspmod_saml_Message::buildLogoutRequest($idpMetadata, $spMetadata); $lr->setSessionIndex($association['saml:SessionIndex']); $lr->setNameId($association['saml:NameID']); $assertionLifetime = $spMetadata->getInteger('assertion.lifetime', NULL); if ($assertionLifetime === NULL) { $assertionLifetime = $idpMetadata->getInteger('assertion.lifetime', 300); } $lr->setNotOnOrAfter(time() + $assertionLifetime); $encryptNameId = $spMetadata->getBoolean('nameid.encryption', NULL); if ($encryptNameId === NULL) { $encryptNameId = $idpMetadata->getBoolean('nameid.encryption', FALSE); } if ($encryptNameId) { $lr->encryptNameId(sspmod_saml_Message::getEncryptionKey($spMetadata)); } SimpleSAML_Stats::log('saml:idp:LogoutRequest:sent', array('spEntityID' => $association['saml:entityID'], 'idpEntityID' => $idpMetadata->getString('entityid'))); $bindings = array(\SAML2\Constants::BINDING_HTTP_POST); $dst = $spMetadata->getDefaultEndpoint('SingleLogoutService', $bindings); $binding = \SAML2\Binding::getBinding($dst['Binding']); $lr->setDestination($dst['Location']); $lr->setRelayState($relayState); $binding->send($lr);
/** * Start a SAML 2 logout operation. * * @param array $state The logout state. */ public function startSLO2(&$state) { assert('is_array($state)'); assert('array_key_exists("saml:logout:IdP", $state)'); assert('array_key_exists("saml:logout:NameID", $state)'); assert('array_key_exists("saml:logout:SessionIndex", $state)'); $id = SimpleSAML_Auth_State::saveState($state, 'saml:slosent'); $idp = $state['saml:logout:IdP']; $nameId = $state['saml:logout:NameID']; $sessionIndex = $state['saml:logout:SessionIndex']; $idpMetadata = $this->getIdPMetadata($idp); $endpoint = $idpMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array(\SAML2\Constants::BINDING_HTTP_REDIRECT, \SAML2\Constants::BINDING_HTTP_POST), FALSE); if ($endpoint === FALSE) { SimpleSAML\Logger::info('No logout endpoint for IdP ' . var_export($idp, TRUE) . '.'); return; } $lr = sspmod_saml_Message::buildLogoutRequest($this->metadata, $idpMetadata); $lr->setNameId($nameId); $lr->setSessionIndex($sessionIndex); $lr->setRelayState($id); $lr->setDestination($endpoint['Location']); $encryptNameId = $idpMetadata->getBoolean('nameid.encryption', NULL); if ($encryptNameId === NULL) { $encryptNameId = $this->metadata->getBoolean('nameid.encryption', FALSE); } if ($encryptNameId) { $lr->encryptNameId(sspmod_saml_Message::getEncryptionKey($idpMetadata)); } $b = \SAML2\Binding::getBinding($endpoint['Binding']); $b->send($lr); assert('FALSE'); }
/** * Send a logout response. * * @param SimpleSAML_IdP $idp The IdP we are sending a logout request from. * @param array &$state The logout state array. */ public static function sendLogoutResponse(SimpleSAML_IdP $idp, array $state) { assert('isset($state["saml:SPEntityId"])'); assert('isset($state["saml:RequestId"])'); assert('array_key_exists("saml:RelayState", $state)'); // Can be NULL. $spEntityId = $state['saml:SPEntityId']; $metadata = SimpleSAML_Metadata_MetaDataStorageHandler::getMetadataHandler(); $idpMetadata = $idp->getConfig(); $spMetadata = $metadata->getMetaDataConfig($spEntityId, 'saml20-sp-remote'); $lr = sspmod_saml_Message::buildLogoutResponse($idpMetadata, $spMetadata); $lr->setInResponseTo($state['saml:RequestId']); $lr->setRelayState($state['saml:RelayState']); if (isset($state['core:Failed']) && $state['core:Failed']) { $partial = true; $lr->setStatus(array('Code' => \SAML2\Constants::STATUS_SUCCESS, 'SubCode' => \SAML2\Constants::STATUS_PARTIAL_LOGOUT)); SimpleSAML\Logger::info('Sending logout response for partial logout to SP ' . var_export($spEntityId, true)); } else { $partial = false; SimpleSAML\Logger::debug('Sending logout response to SP ' . var_export($spEntityId, true)); } SimpleSAML_Stats::log('saml:idp:LogoutResponse:sent', array('spEntityID' => $spEntityId, 'idpEntityID' => $idpMetadata->getString('entityid'), 'partial' => $partial)); $dst = $spMetadata->getEndpointPrioritizedByBinding('SingleLogoutService', array(\SAML2\Constants::BINDING_HTTP_REDIRECT, \SAML2\Constants::BINDING_HTTP_POST)); $binding = \SAML2\Binding::getBinding($dst['Binding']); if (isset($dst['ResponseLocation'])) { $dst = $dst['ResponseLocation']; } else { $dst = $dst['Location']; } $lr->setDestination($dst); $binding->send($lr); }