From b23bb374bfcaaceb57ca979297604d6678acd9fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Pe=CC=81rez=20Crespo?= <jaime.perez@uninett.no>
Date: Tue, 31 Jan 2017 14:38:46 +0100
Subject: [PATCH] bugfix: SLO was broken due to incorrect handling of NameID
 objects.

The sspmod_saml_SP_Logout_Store::logoutSessions() method was still expecting the NameID to be an array.
---
 modules/saml/lib/SP/LogoutStore.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/modules/saml/lib/SP/LogoutStore.php b/modules/saml/lib/SP/LogoutStore.php
index 94ffe467c..020c62597 100644
--- a/modules/saml/lib/SP/LogoutStore.php
+++ b/modules/saml/lib/SP/LogoutStore.php
@@ -210,11 +210,11 @@ class sspmod_saml_SP_LogoutStore {
 	 * Log out of the given sessions.
 	 *
 	 * @param string $authId  The authsource ID.
-	 * @param array $nameId  The NameID of the user.
+	 * @param \SAML2\XML\saml\NameID $nameId The NameID of the user.
 	 * @param array $sessionIndexes  The SessionIndexes we should log out of. Logs out of all if this is empty.
 	 * @returns int|FALSE  Number of sessions logged out, or FALSE if not supported.
 	 */
-	public static function logoutSessions($authId, array $nameId, array $sessionIndexes) {
+	public static function logoutSessions($authId, $nameId, array $sessionIndexes) {
 		assert('is_string($authId)');
 
 		$store = \SimpleSAML\Store::getInstance();
@@ -223,8 +223,11 @@ class sspmod_saml_SP_LogoutStore {
 			return FALSE;
 		}
 
-		/* Normalize NameID. */
-		ksort($nameId);
+		// serialize and anonymize the NameID
+		// TODO: remove this conditional statement
+		if (is_array($nameId)) {
+			$nameId = \SAML2\XML\saml\NameID::fromArray($nameId);
+		}
 		$strNameId = serialize($nameId);
 		$strNameId = sha1($strNameId);
 
-- 
GitLab