Saml2LogoutEvent never get fired

[dusandevic]

I can't establish Single Sign-Out anyhow with this library. As IdP I'm using WSO2 Identity Server which will POST the sign-out request to /saml2/sls endpoint. As the library isn't supposed to work with POSTed data and expecting to have some values in $_GET (bad engineering by the way), I have the following work around:

`public function slsProxy()
{
Log::info(\Request::all());

    if(\Request::get('SAMLResponse')){
        $encodedResponse = \Request::get('SAMLResponse');    
        $_GET['SAMLResponse'] = $encodedResponse;
    
    }elseif(\Request::get('SAMLRequest')){
        $encodedRequest = \Request::get('SAMLRequest');    
        $_GET['SAMLRequest'] = $encodedRequest;
    }        
    
    return parent::sls();
    
}`

In this controller I'm extending Aacotroneo\Saml2\Http\Controllers\Saml2Controller.

Then I had error with gzinflate in this line:
$inResponseTo = OneLogin_Saml2_LogoutRequest::getID(gzinflate(base64_decode($_GET['SAMLRequest'])));

... but solved it just by removing that function call.

Now everything works well, no errors in log, but still the library doesn't fire that epic event.

In Saml2Auth.php in function sls(...) there is that event call.

You call:

$auth->processSLO($keep_local_session, null, $retrieveParametersFromServer, $session_callback);

... and the last one will actually raise the event. BUT the method is actually accepting only 3 parameters, so I guess that's the reason why this event never get fired:

public function processSLO($keepLocalSession = false, $requestId = null, $retrieveParametersFromServer = false)

[danmichaelo]

I ran into the same issue. The callback parameter was added to processSLO() in 2.6.1 (release notes), but composer show | grep saml showed that an older version had got installed:

aacotroneo/laravel-saml2              0.8.1   A Laravel package for Saml2 integration as a SP (service provider) based on OneLogin toolkit, which is much lightweight than sim...
onelogin/php-saml                     2.4.0   OneLogin PHP SAML Toolkit

This is a bit weird since aacotroneo/laravel-saml2 0.8.1 is supposed to require onelogin/php-saml 2.10.

Anyways, trying to just install onelogin/php-saml alone, I found the reason why 2.10 couldn't be installed for me:

onelogin/php-saml 2.10.5 requires ext-mcrypt * -> the requested PHP extension mcrypt is missing from your system

Since I don't want to install mcrypt, and I don't need encrypted saml messages, I did

composer install --ignore-platform-reqs

to get the correct versions:

aacotroneo/laravel-saml2              0.8.1   A Laravel package for Saml2 integration as a SP (service provider) based on OneLogin toolkit, which is much lightweight than sim...
onelogin/php-saml                     2.10.5   OneLogin PHP SAML Toolkit