sessionIndex should not be mandatory (throw error on SP logout)

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Use simpleSAMLphp as SAML 2 Service Provider
2. Use an SAML 2 IDP that does not provide sessionIndex in AuthnStatement
3. Try to logout from simpleSAMLphp

What is the expected output? What do you see instead?

Logout does not occurs, here is the debug output:

Assertion failed: 'is_string($sessionIndex)'

0:
/home/clement/Programmes/simplesamlphp-1.5.1/lib/SimpleSAML/Error/Assertion.php:
74
(SimpleSAML_Error_Assertion::onAssertion)
1: [builtin] (assert)
2:
/home/clement/Programmes/simplesamlphp-1.5.1/lib/SAML2/LogoutRequest.php:94
(SAML2_LogoutRequest::setSessionIndex)
3:
/home/clement/Programmes/simplesamlphp-1.5.1/modules/saml/lib/Auth/Source/SP.php
:303
(sspmod_saml_Auth_Source_SP::startSLO2)
4:
/home/clement/Programmes/simplesamlphp-1.5.1/modules/saml/lib/Auth/Source/SP.php
:329
(sspmod_saml_Auth_Source_SP::logout)
5:
/home/clement/Programmes/simplesamlphp-1.5.1/lib/SimpleSAML/Auth/Default.php:140
(SimpleSAML_Auth_Default::initLogoutReturn)
6:
/home/clement/Programmes/simplesamlphp-1.5.1/lib/SimpleSAML/Auth/Default.php:155
(SimpleSAML_Auth_Default::initLogout)
7:
/home/clement/Programmes/simplesamlphp-1.5.1/modules/core/www/authenticate.php:1
0
(require)
8: /home/clement/Programmes/simplesamlphp-1.5.1/www/module.php:137 (N/A)

What version of the product are you using? On what operating system?

simpleSAMLphp 1.5.1
Ubuntu GNU/Linux Karmic

IDP : LemonLDAP::NG (http://lemonldap.ow2.org)

Please provide any additional information below.

SAML2 core specification says that sessionIndex is optional
(saml-core-2.0-os, line 1058)

Original issue reported on code.google.com by clem.ou...@gmail.com on 26 Apr 2010 at 2:46

[GoogleCodeExporter]

Thanks for reporting this bug! It should be fixed in r2271.

Original comment by olavmrk@gmail.com on 27 Apr 2010 at 6:05

• Changed state: Fixed
• Added labels: Type-Defect