Hi, first of all, thank you for this high-level package!
I tried to migrate my existing low-level SAML code and noticed what looks like a small mismatch in the cookbook.
The logout request documentation shows that sendLogoutRequest() accepts a sessionIndex parameter, which should be taken from the “original AuthnResponse” (see https://litesaml.github.io/cookbook/docs/single-logout/logout-request/#send-a-logout-request).
However, when handling an authentication response with ServiceProviderWrapper::handleAuthnResponse(), the returned high-level AuthnResponse does not seem to expose the SessionIndex from the AuthnStatement (see https://litesaml.github.io/cookbook/docs/authentication/authn-response#reading-attributes).
So, when using the high-level API, I currently need to grab the SessionIndex the “old” low-level way by reading the assertion manually.
I suggest exposing the SessionIndex on the high-level AuthnResponse, for example as $authnResponse->sessionIndex.The value should already be available after LightSAML has parsed or decrypted the assertion, because AuthnStatement::deserialize() reads the SessionIndex attribute via attributesFromXml(), which ultimately calls setSessionIndex() through AbstractSamlModel::singleAttributeFromXml().
I hope this makes sense. I am still getting familiar with the high-level API, so I might be missing something. If there is already a recommended way to obtain the SessionIndex, I would be happy to learn about it. I can provide more details or test a possible change if that would be helpful.
Have a nice week!
Hi, first of all, thank you for this high-level package!
I tried to migrate my existing low-level SAML code and noticed what looks like a small mismatch in the cookbook.
The logout request documentation shows that
sendLogoutRequest()accepts asessionIndexparameter, which should be taken from the “original AuthnResponse” (see https://litesaml.github.io/cookbook/docs/single-logout/logout-request/#send-a-logout-request).However, when handling an authentication response with
ServiceProviderWrapper::handleAuthnResponse(), the returned high-levelAuthnResponsedoes not seem to expose theSessionIndexfrom theAuthnStatement(see https://litesaml.github.io/cookbook/docs/authentication/authn-response#reading-attributes).So, when using the high-level API, I currently need to grab the
SessionIndexthe “old” low-level way by reading the assertion manually.I suggest exposing the
SessionIndexon the high-levelAuthnResponse, for example as$authnResponse->sessionIndex.The value should already be available after LightSAML has parsed or decrypted the assertion, becauseAuthnStatement::deserialize()reads theSessionIndexattribute viaattributesFromXml(), which ultimately callssetSessionIndex()throughAbstractSamlModel::singleAttributeFromXml().I hope this makes sense. I am still getting familiar with the high-level API, so I might be missing something. If there is already a recommended way to obtain the
SessionIndex, I would be happy to learn about it. I can provide more details or test a possible change if that would be helpful.Have a nice week!