From 844a8807b027b6dc38bc1965ad61ffbb2131d9bc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= <clement@oodo.net>
Date: Mon, 26 Apr 2010 15:47:09 +0000
Subject: [PATCH] SAML: set sessionIndex in assertion, to be compliant with
 simpleSAMLphp logout

---
 .../lib/Lemonldap/NG/Portal/IssuerDBSAML.pm                | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm
index 9819e7c07..3712c2f1a 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm
@@ -508,6 +508,13 @@ sub issuerForAuthUser {
             my @attributes_statement = ($attribute_statement);
             $response_assertions[0]->AttributeStatement(@attributes_statement);
 
+            # Set sessionIndex
+            # sessionIndex is the 4 first characters of session_id
+            my $sessionIndex = substr $session_id, 0, 4;
+            my @authn_statements = $response_assertions[0]->AuthnStatement();
+            $authn_statements[0]->SessionIndex($sessionIndex);
+            $response_assertions[0]->AuthnStatement(@authn_statements);
+
             # Set response assertion
             $login->response->Assertion(@response_assertions);