From 4abc73be3cde2b4eda496982f6ceee5a7d7c54b3 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Mon, 9 Aug 2010 08:52:48 +0000
Subject: [PATCH] saml/logout: Support encrypted NameID.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2503 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/saml/www/sp/saml2-logout.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/modules/saml/www/sp/saml2-logout.php b/modules/saml/www/sp/saml2-logout.php
index 5f968a0aa..d1cc4dc5d 100644
--- a/modules/saml/www/sp/saml2-logout.php
+++ b/modules/saml/www/sp/saml2-logout.php
@@ -57,6 +57,15 @@ if ($message instanceof SAML2_LogoutResponse) {
 	SimpleSAML_Logger::debug('module/saml2/sp/logout: Request from ' . $idpEntityId);
 	SimpleSAML_Logger::stats('saml20-idp-SLO idpinit ' . $spEntityId . ' ' . $idpEntityId);
 
+	if ($message->isNameIdEncrypted()) {
+		try {
+			$key = self::getDecryptionKey($idpMetadata, $spMetadata);
+		} catch (Exception $e) {
+			throw new SimpleSAML_Error_Exception('Error decrypting NameID: ' . $e->getMessage());
+		}
+		$message->decryptNameId($key);
+	}
+
 	$nameId = $message->getNameId();
 	$sessionIndexes = $message->getSessionIndexes();
 
-- 
GitLab