sspmod_saml_SP_LogoutStore Class Reference

Collaboration diagram for sspmod_saml_SP_LogoutStore:

Static Public Member Functions
static	addSession ($authId, $nameId, $sessionIndex, $expire)
	Register a new session in the datastore. More...

Static Private Member Functions
static	createLogoutTable (\SimpleSAML\Store\SQL $store)
	Create logout table in SQL, if it is missing. More...
static	cleanLogoutStore (\SimpleSAML\Store\SQL $store)
	Clean the logout table of expired entries. More...
static	addSessionSQL (\SimpleSAML\Store\SQL $store, $authId, $nameId, $sessionIndex, $expire, $sessionId)
	Register a session in the SQL datastore. More...
static	getSessionsSQL (\SimpleSAML\Store\SQL $store, $authId, $nameId)
	Retrieve sessions from the SQL datastore. More...
static	getSessionsStore (\SimpleSAML\Store $store, $authId, $nameId, array $sessionIndexes)
	Retrieve all session IDs from a key-value store. More...

Detailed Description

Definition at line 8 of file LogoutStore.php.

Member Function Documentation

addSession()

static sspmod_saml_SP_LogoutStore::addSession (   $authId,   $nameId,   $sessionIndex,   $expire  )

static

Register a new session in the datastore.

Please observe the change of the signature in this method. Previously, the second parameter ($nameId) was forced to be an array. However, it has no type restriction now, and the documentation states it must be a object. Currently, this function still accepts an array passed as $nameId, and will silently convert it to a object. This is done to keep backwards-compatibility, though will no longer be possible in the future as the $nameId parameter will be required to be an object.

Parameters

string	$authId	The authsource ID.
\SAML2\XML\saml\NameID	$nameId	The NameID of the user.
string | NULL	$sessionIndex	The SessionIndex of the user.

Definition at line 177 of file LogoutStore.php.

References $expire, $nameId, $session, $sessionIndex, $store, array, SAML2\XML\saml\NameIDType\fromArray(), SimpleSAML\Utils\Random\generateID(), SimpleSAML\Store\getInstance(), SimpleSAML_Session\getSession(), SimpleSAML_Session\getSessionFromRequest(), SimpleSAML\SessionHandler\getSessionHandler(), and SimpleSAML\Logger\info().

                                                                                    {
                assert('is_string($authId)');
                assert('is_string($sessionIndex) || is_null($sessionIndex)');
                assert('is_int($expire)');

                if ($sessionIndex === NULL) {
                        /* This IdP apparently did not include a SessionIndex, and thus probably does not
                         * support SLO. We still want to add the session to the data store just in case
                         * it supports SLO, but we don't want an LogoutRequest with a specific
                         * SessionIndex to match this session. We therefore generate our own session index.
                         */
                        $sessionIndex = SimpleSAML\Utils\Random::generateID();
                }

                $store = \SimpleSAML\Store::getInstance();
                if ($store === FALSE) {
                        // We don't have a datastore.
                        return;
                }

                // serialize and anonymize the NameID
        // TODO: remove this conditional statement
                if (is_array($nameId)) {
                        $nameId = \SAML2\XML\saml\NameID::fromArray($nameId);
                }
                $strNameId = serialize($nameId);
                $strNameId = sha1($strNameId);

                /* Normalize SessionIndex. */
                if (strlen($sessionIndex) > 50) {
                        $sessionIndex = sha1($sessionIndex);
                }

                $session = SimpleSAML_Session::getSessionFromRequest();
                $sessionId = $session->getSessionId();

                if ($store instanceof \SimpleSAML\Store\SQL) {
                        self::addSessionSQL($store, $authId, $strNameId, $sessionIndex, $expire, $sessionId);
                } else {
                        $store->set('saml.LogoutStore', $strNameId . ':' . $sessionIndex, $sessionId, $expire);
                }
        }

Here is the call graph for this function:

addSessionSQL()

static sspmod_saml_SP_LogoutStore::addSessionSQL ( \SimpleSAML\Store\SQL  $store,   $authId,   $nameId,   $sessionIndex,   $expire,   $sessionId  )

staticprivate

Register a session in the SQL datastore.

Parameters

\SimpleSAML\Store\SQL	$store	The datastore.
string	$authId	The authsource ID.
string	$nameId	The hash of the users NameID.
string	$sessionIndex	The SessionIndex of the user.

Definition at line 78 of file LogoutStore.php.

References $data, $expire, $nameId, $sessionIndex, and array.

                                                                                                                                  {
                assert('is_string($authId)');
                assert('is_string($nameId)');
                assert('is_string($sessionIndex)');
                assert('is_string($sessionId)');
                assert('is_int($expire)');

                self::createLogoutTable($store);

                if (rand(0, 1000) < 10) {
                        self::cleanLogoutStore($store);
                }

                $data = array(
                        '_authSource' => $authId,
                        '_nameId' => $nameId,
                        '_sessionIndex' => $sessionIndex,
                        '_expire' => gmdate('Y-m-d H:i:s', $expire),
                        '_sessionId' => $sessionId,
                );
                $store->insertOrUpdate($store->prefix . '_saml_LogoutStore', array('_authSource', '_nameId', '_sessionIndex'), $data);
        }

cleanLogoutStore()

static sspmod_saml_SP_LogoutStore::cleanLogoutStore ( \SimpleSAML\Store\SQL  $store )

staticprivate

Clean the logout table of expired entries.

Parameters

\SimpleSAML\Store\SQL

$store

The datastore.

Definition at line 58 of file LogoutStore.php.

References $params, $query, array, and SimpleSAML\Logger\debug().

                                                                               {

                SimpleSAML\Logger::debug('saml.LogoutStore: Cleaning logout store.');

                $query = 'DELETE FROM ' . $store->prefix . '_saml_LogoutStore WHERE _expire < :now';
                $params = array('now' => gmdate('Y-m-d H:i:s'));

                $query = $store->pdo->prepare($query);
                $query->execute($params);
        }

Here is the call graph for this function:

createLogoutTable()

static sspmod_saml_SP_LogoutStore::createLogoutTable ( \SimpleSAML\Store\SQL  $store )

staticprivate

Create logout table in SQL, if it is missing.

Parameters

\SimpleSAML\Store\SQL

$store

The datastore.

Definition at line 15 of file LogoutStore.php.

References $query, $ret, and SimpleSAML\Logger\warning().

                                                                                {

                $tableVer = $store->getTableVersion('saml_LogoutStore');
                if ($tableVer === 2) {
                        return;
                } elseif ($tableVer === 1) {
                        /* TableVersion 2 increased the column size to 255 which is the maximum length of a FQDN. */
                        $query = 'ALTER TABLE ' . $store->prefix . '_saml_LogoutStore MODIFY _authSource VARCHAR(255) NOT NULL';
                        try {
                                $ret = $store->pdo->exec($query);
                        } catch (Exception $e) {
                                SimpleSAML\Logger::warning($store->pdo->errorInfo());
                                return;
                        }
                        $store->setTableVersion('saml_LogoutStore', 2);
                        return;
                }

                $query = 'CREATE TABLE ' . $store->prefix . '_saml_LogoutStore (
                        _authSource VARCHAR(255) NOT NULL,
                        _nameId VARCHAR(40) NOT NULL,
                        _sessionIndex VARCHAR(50) NOT NULL,
                        _expire TIMESTAMP NOT NULL,
                        _sessionId VARCHAR(50) NOT NULL,
                        UNIQUE (_authSource, _nameID, _sessionIndex)
                )';
                $store->pdo->exec($query);

                $query = 'CREATE INDEX ' . $store->prefix . '_saml_LogoutStore_expire ON '  . $store->prefix . '_saml_LogoutStore (_expire)';
                $store->pdo->exec($query);

                $query = 'CREATE INDEX ' . $store->prefix . '_saml_LogoutStore_nameId ON '  . $store->prefix . '_saml_LogoutStore (_authSource, _nameId)';
                $store->pdo->exec($query);

                $store->setTableVersion('saml_LogoutStore', 2);
        }

Here is the call graph for this function:

getSessionsSQL()

static sspmod_saml_SP_LogoutStore::getSessionsSQL ( \SimpleSAML\Store\SQL  $store,   $authId,   $nameId  )

staticprivate

Retrieve sessions from the SQL datastore.

Parameters

\SimpleSAML\Store\SQL	$store	The datastore.
string	$authId	The authsource ID.
string	$nameId	The hash of the users NameID.

Returns

array Associative array of SessionIndex => SessionId.

Definition at line 110 of file LogoutStore.php.

References $nameId, $params, $query, $res, $row, and array.

                                                                                               {
                assert('is_string($authId)');
                assert('is_string($nameId)');

                self::createLogoutTable($store);

                $params = array(
                        '_authSource' => $authId,
                        '_nameId' => $nameId,
                        'now' => gmdate('Y-m-d H:i:s'),
                );

                // We request the columns in lowercase in order to be compatible with PostgreSQL
                $query = 'SELECT _sessionIndex AS _sessionindex, _sessionId AS _sessionid FROM ' . $store->prefix . '_saml_LogoutStore' .
                        ' WHERE _authSource = :_authSource AND _nameId = :_nameId AND _expire >= :now';
                $query = $store->pdo->prepare($query);
                $query->execute($params);

                $res = array();
                while ( ($row = $query->fetch(PDO::FETCH_ASSOC)) !== FALSE) {
                        $res[$row['_sessionindex']] = $row['_sessionid'];
                }

                return $res;
        }

getSessionsStore()

static sspmod_saml_SP_LogoutStore::getSessionsStore ( \SimpleSAML\Store  $store,   $authId,   $nameId, array  $sessionIndexes  )

staticprivate

Retrieve all session IDs from a key-value store.

Parameters

\SimpleSAML\Store	$store	The datastore.
string	$authId	The authsource ID.
string	$nameId	The hash of the users NameID.
array	$sessionIndexes	The session indexes.

Returns

array Associative array of SessionIndex => SessionId.

Definition at line 146 of file LogoutStore.php.

References $nameId, $res, $sessionIndex, and array.

                                                                                                                    {
                assert('is_string($authId)');
                assert('is_string($nameId)');

                $res = array();
                foreach ($sessionIndexes as $sessionIndex) {
                        $sessionId = $store->get('saml.LogoutStore', $nameId . ':' . $sessionIndex);
                        if ($sessionId === NULL) {
                                continue;
                        }
                        assert('is_string($sessionId)');
                        $res[$sessionIndex] = $sessionId;
                }

                return $res;
        }

---

The documentation for this class was generated from the following file:

• libs/composer/vendor/simplesamlphp/simplesamlphp/modules/saml/lib/SP/LogoutStore.php