Sync commits from 2.X branch

Author: pitbulk

README.md

@@ -472,7 +472,7 @@ $advancedSettings = array(
         // Set to false and no AuthContext will be sent in the AuthNRequest.
         // Set true or don't present this parameter and you will get an AuthContext 'exact' 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'.
         // Set an array with the possible auth context values: array('urn:oasis:names:tc:SAML:2.0:ac:classes:Password', 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509').
-        'requestedAuthnContext' => true,
+        'requestedAuthnContext' => false,
 
         // Indicates if the SP will validate all received xmls.
         // (In order to validate the xml, 'strict' and 'wantXMLValidation' must be true).
@@ -1206,7 +1206,7 @@ Main class of OneLogin PHP Toolkit
  * `getNameId` - Returns the nameID
  * `getNameIdFormat` - Gets the NameID Format provided by the SAML response from the IdP.
  * `getNameIdNameQualifier` - Gets the NameID NameQualifier provided from the SAML Response String.
- * `getNameIdNameSPQualifier` - Gets the NameID SP NameQualifier provided from the SAML Response String.
+ * `getNameIdSPNameQualifier` - Gets the NameID SP NameQualifier provided from the SAML Response String.
  * `getSessionIndex` - Gets the SessionIndex from the AuthnStatement.
  * `getErrors` - Returns if there were any error
  * `getSSOurl` - Gets the SSO url.
@@ -1244,7 +1244,7 @@ SAML 2 Authentication Response class
  * `getNameId` - Gets the NameID provided by the SAML response from the IdP.
  * `getNameIdFormat` - Gets the NameID Format provided by the SAML response from the IdP.
  * `getNameIdNameQualifier` - Gets the NameID NameQualifier provided from the SAML Response String.
- * `getNameIdNameSPQualifier` - Gets the NameID SP NameQualifier provided from the SAML Response String.
+ * `getNameIdSPNameQualifier` - Gets the NameID SP NameQualifier provided from the SAML Response String.
  * `getSessionNotOnOrAfter` - Gets the SessionNotOnOrAfter from the
    AuthnStatement
  * `getSessionIndex` - Gets the SessionIndex from the AuthnStatement.

composer.json

@@ -16,7 +16,7 @@
     },
     "require": {
         "php": ">=5.4",
-        "robrichards/xmlseclibs": ">=3.1.0"
+        "robrichards/xmlseclibs": ">=3.1.1"
     },
     "require-dev": {
         "php-coveralls/php-coveralls": "^1.0.2 || ^2.0",

src/Saml2/Constants.php

@@ -64,9 +64,11 @@ class Constants
     const AC_PASSWORD_PROTECTED = 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport';
     const AC_X509 = 'urn:oasis:names:tc:SAML:2.0:ac:classes:X509';
     const AC_SMARTCARD = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Smartcard';
+    const AC_SMARTCARD_PKI = 'urn:oasis:names:tc:SAML:2.0:ac:classes:SmartcardPKI';
     const AC_KERBEROS = 'urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos';
     const AC_WINDOWS = 'urn:federation:authentication:windows';
     const AC_TLS = 'urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient';
+    const AC_RSATOKEN = 'urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken';
 
     // Subject Confirmation
     const CM_BEARER = 'urn:oasis:names:tc:SAML:2.0:cm:bearer';

src/Saml2/Utils.php

@@ -964,12 +964,12 @@ public static function isSessionStarted()
      */
     public static function deleteLocalSession()
     {
-
         if (Utils::isSessionStarted()) {
+            session_unset();
             session_destroy();
+        } else {
+            $_SESSION = array();
         }
-
-        unset($_SESSION);
     }
 
     /**
@@ -1390,7 +1390,7 @@ public static function addSign($xml, $key, $cert, $signAlgorithm = XMLSecurityKe
      * Validates a signature (Message or Assertion).
      *
      * @param string|\DomNode   $xml            The element we should validate
-     * @param string|null       $cert           The pubic cert
+     * @param string|null       $cert           The public cert
      * @param string|null       $fingerprint    The fingerprint of the public cert
      * @param string|null       $fingerprintalg The algorithm used to get the fingerprint
      * @param string|null       $xpath          The xpath of the signed element

src/Saml2/version.json

@@ -1,7 +1,7 @@
 {
     "php-saml": {
-        "version": "3.4.1",
-        "released": "25/11/2019"
+        "version": "3.5.0",
+        "released": "26/11/2020"
     }
 }
 

tests/src/OneLogin/Saml2/UtilsTest.php

@@ -370,10 +370,10 @@ public function testGetselfhost()
     public function testisHTTPS()
     {
         $this->assertFalse(Utils::isHTTPS());
-        
+
         $_SERVER['HTTPS'] = 'on';
         $this->assertTrue(Utils::isHTTPS());
-    
+
         unset($_SERVER['HTTPS']);
         $this->assertFalse(Utils::isHTTPS());
         $_SERVER['HTTP_HOST'] = 'example.com:443';
@@ -497,7 +497,7 @@ public function testSetBaseURL()
         $expectedUrlNQ2 = 'http://anothersp.example.com:81/example2/route.php';
         $expectedRoutedUrlNQ2 = 'http://anothersp.example.com:81/example2/route.php';
         $expectedUrl2 = 'http://anothersp.example.com:81/example2/route.php?x=test';
-        
+
         $this->assertEquals('http', Utils::getSelfProtocol());
         $this->assertEquals('anothersp.example.com', Utils::getSelfHost());
         $this->assertEquals('81', Utils::getSelfPort());
@@ -933,7 +933,7 @@ public function testDeleteLocalSession()
             $this->assertTrue($_SESSION['samltest']);
 
             Utils::deleteLocalSession();
-            $this->assertFalse(isset($_SESSION));
+            $this->assertEmpty($_SESSION);
             $this->assertFalse(isset($_SESSION['samltest']));
 
             $prev = error_reporting(0);
@@ -942,7 +942,7 @@ public function testDeleteLocalSession()
 
             $_SESSION['samltest'] = true;
             Utils::deleteLocalSession();
-            $this->assertFalse(isset($_SESSION));
+            $this->assertEmpty($_SESSION);
             $this->assertFalse(isset($_SESSION['samltest']));
         }
     }