From d41294268a5886c2fcb264f6ecef64743f9ee091 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Fri, 28 Jan 2011 15:13:40 +0000
Subject: [PATCH] saml: Support AuthnStatement without SessionIndex.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2727 44740490-163a-0410-bde0-09ae8108e29a
---
 modules/saml/lib/SP/LogoutStore.php | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/modules/saml/lib/SP/LogoutStore.php b/modules/saml/lib/SP/LogoutStore.php
index ee47c2df3..8ef5aa213 100644
--- a/modules/saml/lib/SP/LogoutStore.php
+++ b/modules/saml/lib/SP/LogoutStore.php
@@ -158,9 +158,18 @@ class sspmod_saml_SP_LogoutStore {
 	 */
 	public static function addSession($authId, array $nameId, $sessionIndex, $expire) {
 		assert('is_string($authId)');
-		assert('is_string($sessionIndex)');
+		assert('is_string($sessionIndex) || is_null($sessionIndex)');
 		assert('is_int($expire)');
 
+		if ($sessionIndex === NULL) {
+			/* This IdP apparently did not include a SessionIndex, and thus probably does not
+			 * support SLO. We still want to add the session to the data store just in case
+			 * it supports SLO, but we don't want an LogoutRequest with a specific
+			 * SessionIndex to match this session. We therefore generate our own session index.
+			 */
+			$sessionIndex = SimpleSAML_Utilities::generateID();
+		}
+
 		$store = SimpleSAML_Store::getInstance();
 		if ($store === FALSE) {
 			/* We don't have a datastore. */
-- 
GitLab