Fix url decode logout issues with ADFS server

Kn4ppster · Kn4ppster · commit 365ee49c8116 · 2016-07-06T11:51:10.000+01:00
diff --git a/composer.json b/composer.json
@@ -13,7 +13,7 @@
     "require": {
         "php": ">=5.4.0",
         "illuminate/support": "4.2.*",
-        "onelogin/php-saml": "2.3"
+        "onelogin/php-saml": "2.7.0"
     },
     "autoload": {
         "classmap": [
diff --git a/src/Aacotroneo/Saml2/Saml2Auth.php b/src/Aacotroneo/Saml2/Saml2Auth.php
@@ -7,6 +7,7 @@
 use OneLogin_Saml2_Utils;
 
 use Log;
+use Event;
 use Psr\Log\InvalidArgumentException;
 
 class Saml2Auth
@@ -96,20 +97,19 @@ function acs()
      * Process a Saml response (assertion consumer service)
      * @throws \Exception
      */
-    function sls()
+    function sls($retrieveParametersFromServer = false)
     {
         $auth = $this->auth;
 
         $keep_local_session = true; //we don't touch session here
-        $auth->processSLO($keep_local_session);
+        $session_callback = function () {
+            Event::fire('saml2.logoutRequestReceived');
+        };
+        $auth->processSLO($keep_local_session, null, $retrieveParametersFromServer, $session_callback);
 
         $errors = $auth->getErrors();
 
-        if (!empty($errors)) {
-            Log::error("Could not log out", $errors);
-            throw new \Exception("Could not log out");
-        }
-
+        return $errors;
     }
 
     /**
diff --git a/src/config/saml_settings.php b/src/config/saml_settings.php
@@ -162,6 +162,8 @@
         ),
     ),
 
+    'retrieveParametersFromServer' => false,
+
 /* Interoperable SAML 2.0 Web Browser SSO Profile [saml2int]   http://saml2int.org/profile/current
 
    'authnRequestsSigned' => false,    // SP SHOULD NOT sign the <samlp:AuthnRequest>,
diff --git a/src/controllers/Saml2Controller.php b/src/controllers/Saml2Controller.php
@@ -8,6 +8,7 @@
 use Saml2Auth;
 use Controller;
 use Response;
+use Log;
 
 
 class Saml2Controller extends Controller
@@ -54,8 +55,11 @@ public function acs()
      */
     public function sls()
     {
-        Saml2Auth::sls();
-        Event::fire('saml2.logoutRequestReceived');
+        $errors = Saml2Auth::sls(Config::get('saml2::settings.retrieveParametersFromServer'));
+        if (!empty($errors)) {
+            Log::error("Could not log out", $errors);
+            throw new \Exception("Could not log out");
+        }
         return Redirect::to(Config::get('saml2::settings.logoutRoute')); //may be set a configurable default
     }
 
