From 11e3e43b896e08be4b08a0ce295a12653e0a659f Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tvdijen@gmail.com>
Date: Tue, 24 Aug 2021 23:08:38 +0200
Subject: [PATCH] Process logout Extensions

---
 modules/saml/docs/sp.md             | 4 ++++
 modules/saml/lib/Auth/Source/SP.php | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/modules/saml/docs/sp.md b/modules/saml/docs/sp.md
index 2d6271d77..afc106302 100644
--- a/modules/saml/docs/sp.md
+++ b/modules/saml/docs/sp.md
@@ -53,6 +53,10 @@ All these parameters override the equivalent option from the configuration.
 :   The samlp:Extensions that will be sent in the login request.
 
 
+`saml:logout:Extensions`
+:   The samlp:Extensions that will be sent in the logout request.
+
+
 `saml:NameID`
 :   Add a Subject element with a NameID to the SAML AuthnRequest for the IdP.
     This must be a \SAML2\XML\saml\NameID object.
diff --git a/modules/saml/lib/Auth/Source/SP.php b/modules/saml/lib/Auth/Source/SP.php
index a9e4c89b2..95ac6c55f 100644
--- a/modules/saml/lib/Auth/Source/SP.php
+++ b/modules/saml/lib/Auth/Source/SP.php
@@ -977,6 +977,12 @@ class SP extends \SimpleSAML\Auth\Source
         $lr->setRelayState($id);
         $lr->setDestination($endpoint['Location']);
 
+        if (isset($state['saml:logout:Extensions']) && count($state['saml:logout:Extensions']) > 0) {
+            $lr->setExtensions($state['saml:logout:Extensions']);
+        } elseif ($this->metadata->getArray('saml:logout:Extensions', null) !== null) {
+            $lr->setExtensions($this->metadata->getArray('saml:logout:Extensions'));
+        }
+
         $encryptNameId = $idpMetadata->getBoolean('nameid.encryption', null);
         if ($encryptNameId === null) {
             $encryptNameId = $this->metadata->getBoolean('nameid.encryption', false);
-- 
GitLab