Added sessionindex to SAML2 single logout request to idp

related to  #3936
This commit is contained in:
Dan Brown 2023-04-28 13:54:51 +01:00
parent f64ce71afc
commit 8c738aedee
No known key found for this signature in database
GPG key ID: 46D9F943C24A2EF9
2 changed files with 12 additions and 3 deletions

View file

@ -67,7 +67,7 @@ class Saml2Service
$returnRoute,
[],
$user->email,
null,
session()->get('saml2_session_index'),
true,
Constants::NAMEID_EMAIL_ADDRESS
);
@ -118,6 +118,7 @@ class Saml2Service
$attrs = $toolkit->getAttributes();
$id = $toolkit->getNameId();
session()->put('saml2_session_index', $toolkit->getSessionIndex());
return $this->processLoginCallback($id, $attrs);
}

View file

@ -193,6 +193,9 @@ class Saml2Test extends TestCase
$req = $this->post('/saml2/logout');
$redirect = $req->headers->get('location');
$this->assertStringStartsWith('http://saml.local/saml2/idp/SingleLogoutService.php', $redirect);
$sloData = $this->parseSamlDataFromUrl($redirect, 'SAMLRequest');
$this->assertStringContainsString('<samlp:SessionIndex>_4fe7c0d1572d64b27f930aa6f236a6f42e930901cc</samlp:SessionIndex>', $sloData);
$this->withGet(['SAMLResponse' => $this->sloResponseData], $handleLogoutResponse);
}
@ -379,11 +382,16 @@ class Saml2Test extends TestCase
{
$req = $this->post('/saml2/login');
$location = $req->headers->get('Location');
$query = explode('?', $location)[1];
return $this->parseSamlDataFromUrl($location, 'SAMLRequest');
}
protected function parseSamlDataFromUrl(string $url, string $paramName): string
{
$query = explode('?', $url)[1];
$params = [];
parse_str($query, $params);
return gzinflate(base64_decode($params['SAMLRequest']));
return gzinflate(base64_decode($params[$paramName]));
}
protected function withGet(array $options, callable $callback)