SAML2 Logout: initialize SessionIndex from the assertion

 * lasso/saml-2.0/logout.c:
   when creating a logout request message initialize the SessionIndex
   element with the correponding content in the stored assertion for
   this session.

1 files changed, 15 insertions, 0 deletions

diff --git a/lasso/saml-2.0/logout.c b/lasso/saml-2.0/logout.c
index 7d4955a9..386a1f3e 100644
--- a/lasso/saml-2.0/logout.c
+++ b/lasso/saml-2.0/logout.c
@@ -56,6 +56,7 @@ lasso_saml20_logout_init_request(LassoLogout *logout, LassoProvider *remote_prov
 	LassoSession *session;
 	LassoSamlp2RequestAbstract *request;
 	LassoSaml2EncryptedElement *encrypted_element = NULL;
+	char *assertion_SessionIndex = NULL;
 
 	/* session existence has been checked in id-ff/ */
 	session = lasso_profile_get_session(profile);
@@ -125,6 +126,20 @@ lasso_saml20_logout_init_request(LassoLogout *logout, LassoProvider *remote_prov
 
 	lasso_assign_gobject(LASSO_SAMLP2_LOGOUT_REQUEST(request)->NameID, profile->nameIdentifier);
 
+	/* set the session index */
+	if (assertion->AuthnStatement) {
+		if (! LASSO_IS_SAML2_AUTHN_STATEMENT(assertion->AuthnStatement->data)) {
+
+			return LASSO_PROFILE_ERROR_BAD_SESSION_DUMP;
+		}
+		assertion_SessionIndex =
+			((LassoSaml2AuthnStatement*)assertion->AuthnStatement->data)->SessionIndex;
+		if (assertion_SessionIndex) {
+			lasso_assign_string(LASSO_SAMLP2_LOGOUT_REQUEST(request)->SessionIndex, assertion_SessionIndex);
+		}
+	}
+
+
 	/* Encrypt NameID */
 	if (remote_provider &&
 		remote_provider->private_data->encryption_mode & LASSO_ENCRYPTION_MODE_NAMEID