diff --git a/modules/saml/docs/sp.md b/modules/saml/docs/sp.md
index 808fd7237f8ae3b8715c83c150c8df448611a1e3..499b46231535f171f5c823b40fe011fadc91377c 100644
--- a/modules/saml/docs/sp.md
+++ b/modules/saml/docs/sp.md
@@ -50,11 +50,11 @@ All these parameters override the equivalent option from the configuration.
`saml:Extensions`
-: The samlp:Extensions that will be sent in the login request.
+: The samlp:Extensions (an XML chunk) that will be sent in the login request.
`saml:logout:Extensions`
-: The samlp:Extensions that will be sent in the logout request.
+: The samlp:Extensions (an XML chunk) that will be sent in the logout request.
`saml:NameID`
diff --git a/tests/lib/SimpleSAML/Metadata/MetaDataStorageSourceTest.php b/tests/lib/SimpleSAML/Metadata/MetaDataStorageSourceTest.php
index e7ab19347fcc0fac385cd7ce7b4e353d144e5216..7408ca592016553f80d604d9e9d55fc9f4682a79 100644
--- a/tests/lib/SimpleSAML/Metadata/MetaDataStorageSourceTest.php
+++ b/tests/lib/SimpleSAML/Metadata/MetaDataStorageSourceTest.php
@@ -117,6 +117,7 @@ xmlns:fed=\"http://docs.oasis-open.org/wsfed/federation/200706\">
</RoleDescriptor>
<IDPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">
<SingleSignOnService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://saml.idp/sso/\"/>
+<SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://saml.idp/logout/\"/>
</IDPSSODescriptor>
</EntityDescriptor>
";
diff --git a/tests/modules/saml/lib/Auth/Source/SPTest.php b/tests/modules/saml/lib/Auth/Source/SPTest.php
index 2a048dd074c1517cdb69556098a5d147d26546f1..3b51b3a572e0a99a057c9daf74dab7ade96a447e 100644
--- a/tests/modules/saml/lib/Auth/Source/SPTest.php
+++ b/tests/modules/saml/lib/Auth/Source/SPTest.php
@@ -8,7 +8,9 @@ use InvalidArgumentException;
use PHPUnit\Framework\TestCase;
use SAML2\AuthnRequest;
use SAML2\Constants;
+use SAML2\LogoutRequest;
use SAML2\Utils;
+use SAML2\XML\saml\NameID;
use SimpleSAML\Configuration;
use SimpleSAML\Error\Exception;
use SimpleSAML\Module\saml\Error\NoAvailableIDP;
@@ -1280,7 +1282,16 @@ class SPTest extends ClearStateTestCase
*/
public function testLogoutExtensions(): void
{
- $entityId = "https://example.com";
+ $nameId = new NameID();
+ $nameId->setValue('someone@example.com');
+
+ $dom = \SAML2\DOMDocumentFactory::create();
+ $republishRequest = $dom->createElementNS('http://eduid.cz/schema/metadata/1.0', 'eduidmd:RepublishRequest');
+ $republishTarget = $dom->createElementNS('http://eduid.cz/schema/metadata/1.0', 'eduidmd:RepublishTarget', 'http://edugain.org/');
+ $republishRequest->appendChild($republishTarget);
+ $ext = [new \SAML2\XML\Chunk($republishRequest)];
+
+ $entityId = "https://engine.surfconext.nl/authentication/idp/metadata";
$xml = MetaDataStorageSourceTest::generateIdpMetadataXml($entityId);
$c = [
'metadata.sources' => [
@@ -1290,24 +1301,22 @@ class SPTest extends ClearStateTestCase
Configuration::loadFromArray($c, '', 'simplesaml');
$state = [
- 'saml:logout:IdP' => 'https://engine.surfconext.nl/authentication/idp/metadata',
- 'saml:logout:NameID' => 'someone@example.com',
+ 'saml:logout:IdP' => $entityId,
+ 'saml:logout:NameID' => $nameId,
'saml:logout:SessionIndex' => 'abc123',
- 'saml:logout:Extensions' => [
- 'some extention'
- ]
+ 'saml:logout:Extensions' => $ext,
];
$lr = $this->createLogoutRequest($state);
/** @var \SAML2\XML\samlp\Extensions $extentions */
$extensions = $lr->getExtensions();
- $this->assertcount(1, $state['saml:logout:Extionsions']);
+ $this->assertcount(1, $state['saml:logout:Extensions']);
$xml = $lr->toSignedXML();
/** @var \DOMNode[] $q */
- $q = Utils::xpQuery($xml, '/samlp:AuthnRequest/samlp:Extentions');
+ $q = Utils::xpQuery($xml, '/samlp:LogoutRequest/samlp:Extensions');
$this->assertCount(1, $q);
}
}