diff --git a/app/Auth/Access/Saml2Service.php b/app/Auth/Access/Saml2Service.php index a95e3b1d2..24efd7f64 100644 --- a/app/Auth/Access/Saml2Service.php +++ b/app/Auth/Access/Saml2Service.php @@ -67,7 +67,7 @@ class Saml2Service $returnRoute, [], $user->email, - null, + session()->get('saml2_session_index'), true, Constants::NAMEID_EMAIL_ADDRESS ); @@ -118,6 +118,7 @@ class Saml2Service $attrs = $toolkit->getAttributes(); $id = $toolkit->getNameId(); + session()->put('saml2_session_index', $toolkit->getSessionIndex()); return $this->processLoginCallback($id, $attrs); } diff --git a/tests/Auth/Saml2Test.php b/tests/Auth/Saml2Test.php index 0ee419610..1a3e4abbe 100644 --- a/tests/Auth/Saml2Test.php +++ b/tests/Auth/Saml2Test.php @@ -193,6 +193,9 @@ class Saml2Test extends TestCase $req = $this->post('/saml2/logout'); $redirect = $req->headers->get('location'); $this->assertStringStartsWith('http://saml.local/saml2/idp/SingleLogoutService.php', $redirect); + $sloData = $this->parseSamlDataFromUrl($redirect, 'SAMLRequest'); + $this->assertStringContainsString('_4fe7c0d1572d64b27f930aa6f236a6f42e930901cc', $sloData); + $this->withGet(['SAMLResponse' => $this->sloResponseData], $handleLogoutResponse); } @@ -379,11 +382,16 @@ class Saml2Test extends TestCase { $req = $this->post('/saml2/login'); $location = $req->headers->get('Location'); - $query = explode('?', $location)[1]; + return $this->parseSamlDataFromUrl($location, 'SAMLRequest'); + } + + protected function parseSamlDataFromUrl(string $url, string $paramName): string + { + $query = explode('?', $url)[1]; $params = []; parse_str($query, $params); - return gzinflate(base64_decode($params['SAMLRequest'])); + return gzinflate(base64_decode($params[$paramName])); } protected function withGet(array $options, callable $callback)