ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Private Attributes
SAML2\LogoutRequest Class Reference
+ Inheritance diagram for SAML2\LogoutRequest:
+ Collaboration diagram for SAML2\LogoutRequest:

Public Member Functions

 __construct (\DOMElement $xml=null)
 Constructor for SAML 2 logout request messages. More...
 
 getNotOnOrAfter ()
 Retrieve the expiration time of this request. More...
 
 setNotOnOrAfter ($notOnOrAfter)
 Set the expiration time of this request. More...
 
 isNameIdEncrypted ()
 Check whether the NameId is encrypted. More...
 
 encryptNameId (XMLSecurityKey $key)
 Encrypt the NameID in the LogoutRequest. More...
 
 decryptNameId (XMLSecurityKey $key, array $blacklist=array())
 Decrypt the NameID in the LogoutRequest. More...
 
 getNameId ()
 Retrieve the name identifier of the session that should be terminated. More...
 
 setNameId ($nameId)
 Set the name identifier of the session that should be terminated. More...
 
 getSessionIndexes ()
 Retrieve the SessionIndexes of the sessions that should be terminated. More...
 
 setSessionIndexes (array $sessionIndexes)
 Set the SessionIndexes of the sessions that should be terminated. More...
 
 getSessionIndex ()
 Retrieve the sesion index of the session that should be terminated. More...
 
 setSessionIndex ($sessionIndex)
 Set the sesion index of the session that should be terminated. More...
 
 toUnsignedXML ()
 Convert this logout request message to an XML element. More...
 
- Public Member Functions inherited from SAML2\Message
 addValidator ($function, $data)
 Add a method for validating this message. More...
 
 validate (XMLSecurityKey $key)
 Validate this message against a public key. More...
 
 getId ()
 Retrieve the identifier of this message. More...
 
 setId ($id)
 Set the identifier of this message. More...
 
 getIssueInstant ()
 Retrieve the issue timestamp of this message. More...
 
 setIssueInstant ($issueInstant)
 Set the issue timestamp of this message. More...
 
 getDestination ()
 Retrieve the destination of this message. More...
 
 setDestination ($destination)
 Set the destination of this message. More...
 
 setConsent ($consent)
 Set the given consent for this message. More...
 
 getConsent ()
 Set the given consent for this message. More...
 
 getIssuer ()
 Retrieve the issuer if this message. More...
 
 setIssuer ($issuer)
 Set the issuer of this message. More...
 
 isMessageConstructedWithSignature ()
 Query whether or not the message contained a signature at the root level when the object was constructed. More...
 
 getRelayState ()
 Retrieve the RelayState associated with this message. More...
 
 setRelayState ($relayState)
 Set the RelayState associated with this message. More...
 
 toUnsignedXML ()
 Convert this message to an unsigned XML document. More...
 
 toSignedXML ()
 Convert this message to a signed XML document. More...
 
 getSignatureKey ()
 Retrieve the private key we should use to sign the message. More...
 
 setSignatureKey (XMLSecurityKey $signatureKey=null)
 Set the private key we should use to sign the message. More...
 
 setCertificates (array $certificates)
 Set the certificates that should be included in the message. More...
 
 getCertificates ()
 Retrieve the certificates that are included in the message. More...
 
 getExtensions ()
 Retrieve the Extensions. More...
 
 setExtensions ($extensions)
 Set the Extensions. More...
 
 getSignatureMethod ()
 
 validate (XMLSecurityKey $key)
 Validate this element against a public key. More...
 
 setCertificates (array $certificates)
 Set the certificates that should be included in the element. More...
 
 getCertificates ()
 Retrieve the certificates that are included in the element (if any). More...
 
 getSignatureKey ()
 Retrieve the private key we should use to sign the element. More...
 
 setSignatureKey (XMLSecurityKey $signatureKey=null)
 Set the private key we should use to sign the element. More...
 

Private Attributes

 $notOnOrAfter
 
 $encryptedNameId
 
 $nameId
 
 $sessionIndexes
 

Additional Inherited Members

- Static Public Member Functions inherited from SAML2\Message
static fromXML (\DOMElement $xml)
 Convert an XML element into a message. More...
 
- Protected Member Functions inherited from SAML2\Message
 __construct ($tagName, \DOMElement $xml=null)
 Initialize a message. More...
 
- Protected Attributes inherited from SAML2\Message
 $extensions
 
 $document
 
 $messageContainedSignatureUponConstruction = false
 

Detailed Description

Definition at line 13 of file LogoutRequest.php.

Constructor & Destructor Documentation

◆ __construct()

SAML2\LogoutRequest::__construct ( \DOMElement  $xml = null)

Constructor for SAML 2 logout request messages.

Parameters
\DOMElement | null$xmlThe input message.
Exceptions

Exception

Definition at line 51 of file LogoutRequest.php.

52 {
53 parent::__construct('LogoutRequest', $xml);
54
55 $this->sessionIndexes = array();
56
57 if ($xml === null) {
58 return;
59 }
60
61 if ($xml->hasAttribute('NotOnOrAfter')) {
62 $this->notOnOrAfter = Utils::xsDateTimeToTimestamp($xml->getAttribute('NotOnOrAfter'));
63 }
64
65 $nameId = Utils::xpQuery($xml, './saml_assertion:NameID | ./saml_assertion:EncryptedID/xenc:EncryptedData');
66 if (empty($nameId)) {
67 throw new \Exception('Missing <saml:NameID> or <saml:EncryptedID> in <samlp:LogoutRequest>.');
68 } elseif (count($nameId) > 1) {
69 throw new \Exception('More than one <saml:NameID> or <saml:EncryptedD> in <samlp:LogoutRequest>.');
70 }
71 $nameId = $nameId[0];
72 if ($nameId->localName === 'EncryptedData') {
73 /* The NameID element is encrypted. */
74 $this->encryptedNameId = $nameId;
75 } else {
76 $this->nameId = new XML\saml\NameID($nameId);
77 }
78
79 $sessionIndexes = Utils::xpQuery($xml, './saml_protocol:SessionIndex');
80 foreach ($sessionIndexes as $sessionIndex) {
81 $this->sessionIndexes[] = trim($sessionIndex->textContent);
82 }
83 }
SAML2\Utils\xpQuery
static xpQuery(\DOMNode $node, $query)
Do an XPath query on an XML node.
Definition: Utils.php:191
SAML2\Utils\xsDateTimeToTimestamp
static xsDateTimeToTimestamp($time)
This function converts a SAML2 timestamp on the form yyyy-mm-ddThh:mm:ss(.s+)?Z to a UNIX timestamp.
Definition: Utils.php:721
$xml
$xml
Definition: metadata.php:240
$sessionIndex
$sessionIndex
Definition: saml2-acs.php:139

References $nameId, $sessionIndex, and $xml.

Member Function Documentation

◆ decryptNameId()

SAML2\LogoutRequest::decryptNameId ( XMLSecurityKey  $key,
array  $blacklist = array() 
)

Decrypt the NameID in the LogoutRequest.

Parameters
XMLSecurityKey$keyThe decryption key.
array$blacklistBlacklisted decryption algorithms.

Definition at line 156 of file LogoutRequest.php.

157 {
158 if ($this->encryptedNameId === null) {
159 /* No NameID to decrypt. */
160
161 return;
162 }
163
164 $nameId = Utils::decryptElement($this->encryptedNameId, $key, $blacklist);
165 Utils::getContainer()->debugMessage($nameId, 'decrypt');
166 $this->nameId = new XML\saml\NameID($nameId);
167
168 $this->encryptedNameId = null;
169 }
SAML2\Utils\decryptElement
static decryptElement(\DOMElement $encryptedData, XMLSecurityKey $inputKey, array $blacklist=array())
Decrypt an encrypted element.
Definition: Utils.php:558
SAML2\Utils\getContainer
static getContainer()
Definition: Utils.php:752
$key
$key
Definition: croninfo.php:18

References $key, and $nameId.

◆ encryptNameId()

SAML2\LogoutRequest::encryptNameId ( XMLSecurityKey  $key)

Encrypt the NameID in the LogoutRequest.

Parameters
XMLSecurityKey$keyThe encryption key.

Definition at line 126 of file LogoutRequest.php.

127 {
128 /* First create a XML representation of the NameID. */
129 $doc = DOMDocumentFactory::create();
130 $root = $doc->createElement('root');
131 $doc->appendChild($root);
132 $this->nameId->toXML($root);
133 $nameId = $root->firstChild;
134
135 Utils::getContainer()->debugMessage($nameId, 'encrypt');
136
137 /* Encrypt the NameID. */
138 $enc = new XMLSecEnc();
139 $enc->setNode($nameId);
140 $enc->type = XMLSecEnc::Element;
141
142 $symmetricKey = new XMLSecurityKey(XMLSecurityKey::AES128_CBC);
143 $symmetricKey->generateSessionKey();
144 $enc->encryptKey($key, $symmetricKey);
145
146 $this->encryptedNameId = $enc->encryptNode($symmetricKey);
147 $this->nameId = null;
148 }

References $key, and $nameId.

◆ getNameId()

SAML2\LogoutRequest::getNameId ( )

Retrieve the name identifier of the session that should be terminated.

Returns
\SAML2\XML\saml\NameID The name identifier of the session that should be terminated.
Exceptions

Exception

Definition at line 177 of file LogoutRequest.php.

178 {
179 if ($this->encryptedNameId !== null) {
180 throw new \Exception('Attempted to retrieve encrypted NameID without decrypting it first.');
181 }
182
183 return $this->nameId;
184 }

References $nameId.

◆ getNotOnOrAfter()

SAML2\LogoutRequest::getNotOnOrAfter ( )

Retrieve the expiration time of this request.

Returns
int|null The expiration time of this request.

Definition at line 90 of file LogoutRequest.php.

91 {
92 return $this->notOnOrAfter;
93 }

◆ getSessionIndex()

SAML2\LogoutRequest::getSessionIndex ( )

Retrieve the sesion index of the session that should be terminated.

Returns
string|null The sesion index of the session that should be terminated.

Definition at line 226 of file LogoutRequest.php.

227 {
228 if (empty($this->sessionIndexes)) {
229 return null;
230 }
231
232 return $this->sessionIndexes[0];
233 }

◆ getSessionIndexes()

SAML2\LogoutRequest::getSessionIndexes ( )

Retrieve the SessionIndexes of the sessions that should be terminated.

Returns
array The SessionIndexes, or an empty array if all sessions should be terminated.

Definition at line 206 of file LogoutRequest.php.

207 {
208 return $this->sessionIndexes;
209 }

◆ isNameIdEncrypted()

SAML2\LogoutRequest::isNameIdEncrypted ( )

Check whether the NameId is encrypted.

Returns
true if the NameId is encrypted, false if not.

Definition at line 112 of file LogoutRequest.php.

113 {
114 if ($this->encryptedNameId !== null) {
115 return true;
116 }
117
118 return false;
119 }

◆ setNameId()

SAML2\LogoutRequest::setNameId (   $nameId)

Set the name identifier of the session that should be terminated.

Parameters
\SAML2\XML\saml\NameID | array | null$nameIdThe name identifier of the session that should be terminated.

Definition at line 191 of file LogoutRequest.php.

192 {
193 assert(is_array($nameId) || $nameId instanceof XML\saml\NameID);
194
195 if (is_array($nameId)) {
196 $nameId = XML\saml\NameID::fromArray($nameId);
197 }
198 $this->nameId = $nameId;
199 }
SAML2\XML\saml\NameIDType\fromArray
static fromArray(array $nameId)
Create a \SAML2\XML\saml\NameID object from an array with its contents.
Definition: NameIDType.php:87

References $nameId.

◆ setNotOnOrAfter()

SAML2\LogoutRequest::setNotOnOrAfter (   $notOnOrAfter)

Set the expiration time of this request.

Parameters
int | null$notOnOrAfterThe expiration time of this request.

Definition at line 100 of file LogoutRequest.php.

101 {
102 assert(is_int($notOnOrAfter) || is_null($notOnOrAfter));
103
104 $this->notOnOrAfter = $notOnOrAfter;
105 }

◆ setSessionIndex()

SAML2\LogoutRequest::setSessionIndex (   $sessionIndex)

Set the sesion index of the session that should be terminated.

Parameters
string | null$sessionIndexThe sesion index of the session that should be terminated.

Definition at line 240 of file LogoutRequest.php.

241 {
242 assert(is_string($sessionIndex) || is_null($sessionIndex));
243
244 if (is_null($sessionIndex)) {
245 $this->sessionIndexes = array();
246 } else {
247 $this->sessionIndexes = array($sessionIndex);
248 }
249 }

References $sessionIndex.

◆ setSessionIndexes()

SAML2\LogoutRequest::setSessionIndexes ( array  $sessionIndexes)

Set the SessionIndexes of the sessions that should be terminated.

Parameters
array$sessionIndexesThe SessionIndexes, or an empty array if all sessions should be terminated.

Definition at line 216 of file LogoutRequest.php.

217 {
218 $this->sessionIndexes = $sessionIndexes;
219 }

◆ toUnsignedXML()

SAML2\LogoutRequest::toUnsignedXML ( )

Convert this logout request message to an XML element.

Returns
\DOMElement This logout request.

Reimplemented from SAML2\Message.

Definition at line 256 of file LogoutRequest.php.

257 {
258 $root = parent::toUnsignedXML();
259
260 if ($this->notOnOrAfter !== null) {
261 $root->setAttribute('NotOnOrAfter', gmdate('Y-m-d\TH:i:s\Z', $this->notOnOrAfter));
262 }
263
264 if ($this->encryptedNameId === null) {
265 $this->nameId->toXML($root);
266 } else {
267 $eid = $root->ownerDocument->createElementNS(Constants::NS_SAML, 'saml:' . 'EncryptedID');
268 $root->appendChild($eid);
269 $eid->appendChild($root->ownerDocument->importNode($this->encryptedNameId, true));
270 }
271
272 foreach ($this->sessionIndexes as $sessionIndex) {
273 Utils::addString($root, Constants::NS_SAMLP, 'SessionIndex', $sessionIndex);
274 }
275
276 return $root;
277 }
SAML2\Constants\NS_SAML
const NS_SAML
The namespace for the SAML 2 assertions.
Definition: Constants.php:220
SAML2\Constants\NS_SAMLP
const NS_SAMLP
The namespace for the SAML 2 protocol.
Definition: Constants.php:215
SAML2\Utils\addString
static addString(\DOMElement $parent, $namespace, $name, $value)
Append string element.
Definition: Utils.php:635

References $sessionIndex.

Field Documentation

◆ $encryptedNameId

SAML2\LogoutRequest::$encryptedNameId
private

Definition at line 29 of file LogoutRequest.php.

◆ $nameId

SAML2\LogoutRequest::$nameId
private

Definition at line 36 of file LogoutRequest.php.

◆ $notOnOrAfter

SAML2\LogoutRequest::$notOnOrAfter
private

Definition at line 20 of file LogoutRequest.php.

◆ $sessionIndexes

SAML2\LogoutRequest::$sessionIndexes
private

Definition at line 43 of file LogoutRequest.php.

The documentation for this class was generated from the following file: