Skip to content

Commit 122d4f6

Browse files
committed
Fix #443. Incorrect Destination in LogoutResponse when using responseUrl. Add IdP value getters to the Settings class
1 parent ba56c07 commit 122d4f6

7 files changed

Lines changed: 120 additions & 28 deletions

File tree

src/Saml2/Auth.php

Lines changed: 11 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -618,46 +618,37 @@ public function logout($returnTo = null, array $parameters = array(), $nameId =
618618
return $this->redirectTo($sloUrl, $parameters, $stay);
619619
}
620620

621-
/**
622-
* Gets the SSO url.
621+
/**
622+
* Gets the IdP SSO url.
623623
*
624-
* @return string The url of the Single Sign On Service
624+
* @return string The url of the IdP Single Sign On Service
625625
*/
626626
public function getSSOurl()
627627
{
628-
$idpData = $this->_settings->getIdPData();
629-
return $idpData['singleSignOnService']['url'];
628+
return $this->_settings->getIdPSSOUrl();
630629
}
631630

632631
/**
633-
* Gets the SLO url.
632+
* Gets the IdP SLO url.
634633
*
635-
* @return string|null The url of the Single Logout Service
634+
* @return string|null The url of the IdP Single Logout Service
636635
*/
637636
public function getSLOurl()
638637
{
639-
$url = null;
640-
$idpData = $this->_settings->getIdPData();
641-
if (isset($idpData['singleLogoutService']) && isset($idpData['singleLogoutService']['url'])) {
642-
$url = $idpData['singleLogoutService']['url'];
643-
}
644-
return $url;
638+
return $this->_settings->getIdPSLOUrl();
645639
}
646640

647641
/**
648-
* Gets the SLO response url.
642+
* Gets the IdP SLO response url.
649643
*
650-
* @return string|null The response url of the Single Logout Service
644+
* @return string|null The response url of the IdP Single Logout Service
651645
*/
652646
public function getSLOResponseUrl()
653647
{
654-
$idpData = $this->_settings->getIdPData();
655-
if (isset($idpData['singleLogoutService']) && isset($idpData['singleLogoutService']['responseUrl'])) {
656-
return $idpData['singleLogoutService']['responseUrl'];
657-
}
658-
return $this->getSLOurl();
648+
return $this->_settings->getIdPSLOResponseUrl();
659649
}
660650

651+
661652
/**
662653
* Gets the ID of the last AuthNRequest or LogoutRequest generated by the Service Provider.
663654
*

src/Saml2/AuthnRequest.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,6 @@ public function __construct(\OneLogin\Saml2\Settings $settings, $forceAuthn = fa
5555
$this->_settings = $settings;
5656

5757
$spData = $this->_settings->getSPData();
58-
$idpData = $this->_settings->getIdPData();
5958
$security = $this->_settings->getSecurityData();
6059

6160
$id = Utils::generateUniqueID();
@@ -150,15 +149,16 @@ public function __construct(\OneLogin\Saml2\Settings $settings, $forceAuthn = fa
150149

151150
$spEntityId = htmlspecialchars($spData['entityId'], ENT_QUOTES);
152151
$acsUrl = htmlspecialchars($spData['assertionConsumerService']['url'], ENT_QUOTES);
152+
$destination = $this->_settings->getIdPSSOUrl();
153153
$request = <<<AUTHNREQUEST
154154
<samlp:AuthnRequest
155155
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
156156
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
157157
ID="$id"
158158
Version="2.0"
159159
{$providerNameStr}{$forceAuthnStr}{$isPassiveStr}
160-
IssueInstant="$issueInstant"
161-
Destination="{$idpData['singleSignOnService']['url']}"
160+
IssueInstant="{$issueInstant}"
161+
Destination="{$destination}"
162162
ProtocolBinding="{$spData['assertionConsumerService']['binding']}"
163163
AssertionConsumerServiceURL="{$acsUrl}">
164164
<saml:Issuer>{$spEntityId}</saml:Issuer>{$subjectStr}{$nameIdPolicyStr}{$requestedAuthnStr}

src/Saml2/LogoutRequest.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -128,14 +128,15 @@ public function __construct(\OneLogin\Saml2\Settings $settings, $request = null,
128128
$sessionIndexStr = isset($sessionIndex) ? "<samlp:SessionIndex>{$sessionIndex}</samlp:SessionIndex>" : "";
129129

130130
$spEntityId = htmlspecialchars($spData['entityId'], ENT_QUOTES);
131+
$destination = $this->_settings->getIdPSLOUrl();
131132
$logoutRequest = <<<LOGOUTREQUEST
132133
<samlp:LogoutRequest
133134
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
134135
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
135136
ID="{$id}"
136137
Version="2.0"
137138
IssueInstant="{$issueInstant}"
138-
Destination="{$idpData['singleLogoutService']['url']}">
139+
Destination="{$destination}">
139140
<saml:Issuer>{$spEntityId}</saml:Issuer>
140141
{$nameIdObj}
141142
{$sessionIndexStr}

src/Saml2/LogoutResponse.php

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -258,19 +258,18 @@ public function build($inResponseTo)
258258
{
259259

260260
$spData = $this->_settings->getSPData();
261-
$idpData = $this->_settings->getIdPData();
262261

263262
$this->id = Utils::generateUniqueID();
264263
$issueInstant = Utils::parseTime2SAML(time());
265-
266264
$spEntityId = htmlspecialchars($spData['entityId'], ENT_QUOTES);
265+
$destination = $this->_settings->getIdPSLOResponseUrl();
267266
$logoutResponse = <<<LOGOUTRESPONSE
268267
<samlp:LogoutResponse xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
269268
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
270269
ID="{$this->id}"
271270
Version="2.0"
272271
IssueInstant="{$issueInstant}"
273-
Destination="{$idpData['singleLogoutService']['url']}"
272+
Destination="{$destination}"
274273
InResponseTo="{$inResponseTo}"
275274
>
276275
<saml:Issuer>{$spEntityId}</saml:Issuer>

src/Saml2/Settings.php

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -825,6 +825,47 @@ public function shouldCompressResponses()
825825
return $this->_compress['responses'];
826826
}
827827

828+
/**
829+
* Gets the IdP SSO url.
830+
*
831+
* @return string|null The url of the IdP Single Sign On Service
832+
*/
833+
public function getIdPSSOUrl()
834+
{
835+
$ssoUrl = null;
836+
if (isset($this->_idp['singleSignOnService']) && isset($this->_idp['singleSignOnService']['url'])) {
837+
$ssoUrl = $this->_idp['singleSignOnService']['url'];
838+
}
839+
return $ssoUrl;
840+
}
841+
842+
/**
843+
* Gets the IdP SLO url.
844+
*
845+
* @return string|null The request url of the IdP Single Logout Service
846+
*/
847+
public function getIdPSLOUrl()
848+
{
849+
$sloUrl = null;
850+
if (isset($this->_idp['singleLogoutService']) && isset($this->_idp['singleLogoutService']['url'])) {
851+
$sloUrl = $this->_idp['singleLogoutService']['url'];
852+
}
853+
return $sloUrl;
854+
}
855+
856+
/**
857+
* Gets the IdP SLO response url.
858+
*
859+
* @return string|null The response url of the IdP Single Logout Service
860+
*/
861+
public function getIdPSLOResponseUrl()
862+
{
863+
if (isset($this->_idp['singleLogoutService']) && isset($this->_idp['singleLogoutService']['responseUrl'])) {
864+
return $this->_idp['singleLogoutService']['responseUrl'];
865+
}
866+
return $this->getIdPSLOUrl();
867+
}
868+
828869
/**
829870
* Gets the SP metadata. The XML representation.
830871
*

tests/src/OneLogin/Saml2/AuthTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -95,7 +95,7 @@ public function testGetSLOurl()
9595
/**
9696
* Tests the getSLOResponseUrl method of the Auth class
9797
*
98-
* @covers OneLogin\Saml2\Auth::getSLOurl
98+
* @covers OneLogin\Saml2\Auth::getSLOResponseUrl
9999
*/
100100
public function testGetSLOResponseUrl()
101101
{

tests/src/OneLogin/Saml2/SettingsTest.php

Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -403,6 +403,66 @@ public function testCheckSettings()
403403
}
404404
}
405405

406+
/**
407+
* Tests the getIdPSSOurl method of the Settings class
408+
*
409+
* @covers OneLogin\Saml2\Settings::getIdPSSOurl
410+
*/
411+
public function testGetIdPSSOurl()
412+
{
413+
$settingsDir = TEST_ROOT .'/settings/';
414+
include $settingsDir.'settings1.php';
415+
416+
$settings = new Settings($settingsInfo);
417+
418+
$ssoUrl = "http://idp.example.com/SSOService.php";
419+
$this->assertEquals($settings->getIdPSSOUrl(), $ssoUrl);
420+
}
421+
422+
/**
423+
* Tests the getIdPSLOurl method of the Settings class
424+
*
425+
* @covers OneLogin\Saml2\Settings::getIdPSLOurl
426+
*/
427+
public function testGetIdPSLOurl()
428+
{
429+
$settingsDir = TEST_ROOT .'/settings/';
430+
include $settingsDir.'settings1.php';
431+
432+
$settings = new Settings($settingsInfo);
433+
434+
$sloUrl = "http://idp.example.com/SingleLogoutService.php";
435+
$this->assertEquals($settings->getIdPSLOUrl(), $sloUrl);
436+
437+
include $settingsDir.'settings2.php';
438+
$settings2 = new Settings($settingsInfo);
439+
440+
$sloUrl = "http://idp.example.com/SingleLogoutService.php";
441+
$this->assertEquals($settings2->getIdPSLOUrl(), $sloUrl);
442+
}
443+
444+
/**
445+
* Tests the getIdPSLOResponseUrl method of the Settings class
446+
*
447+
* @covers OneLogin\Saml2\Settings::getIdPSLOResponseUrl
448+
*/
449+
public function testGetIdPSLOResponseUrl()
450+
{
451+
$settingsDir = TEST_ROOT .'/settings/';
452+
include $settingsDir.'settings1.php';
453+
454+
$settings = new Settings($settingsInfo);
455+
456+
$sloUrl = "http://idp.example.com/SingleLogoutServiceResponse.php";
457+
$this->assertEquals($settings->getIdPSLOResponseUrl(), $sloUrl);
458+
459+
include $settingsDir.'settings2.php';
460+
$settings2 = new Settings($settingsInfo);
461+
462+
$sloUrl = "http://idp.example.com/SingleLogoutService.php";
463+
$this->assertEquals($settings2->getIdPSLOUrl(), $sloUrl);
464+
}
465+
406466
/**
407467
* Tests the getSPMetadata method of the Settings
408468
* Case unsigned metadata

0 commit comments

Comments
 (0)