Fix SAML-Toolkits#84. Retrieve Session Timeout after processResponse

Author: pitbulk

lib/Saml2/Auth.php

@@ -37,11 +37,21 @@ class OneLogin_Saml2_Auth
 
 
     /**
-     * SessionIndex. When the user is logged, this stored the 
+     * SessionIndex. When the user is logged, this stored it 
      * from the AuthnStatement of the SAML Response
+     * 
+     * @var string
      */
     private $_sessionIndex;
 
+    /**
+     * SessionNotOnOrAfter. When the user is logged, this stored it 
+     * from the AuthnStatement of the SAML Response
+     *
+     * @var DateTime
+     */
+    private $_sessionExpiration;
+
     /**
      * If any error.
      *
@@ -106,6 +116,7 @@ public function processResponse($requestId = null)
                 $this->_nameid = $response->getNameId();
                 $this->_authenticated = true;
                 $this->_sessionIndex = $response->getSessionIndex();
+                $this->_sessionExpiration = $response->getSessionNotOnOrAfter();
             } else {
                 $this->_errors[] = 'invalid_response';
                 $this->_errorReason = $response->getError();
@@ -236,6 +247,16 @@ public function getSessionIndex()
         return $this->_sessionIndex;
     }
 
+    /**
+     * Returns the SessionNotOnOrAfter
+     *
+     * @return DateTime|null  The SessionNotOnOrAfter of the assertion
+     */
+    public function getSessionExpiration()
+    {
+        return $this->_sessionExpiration;
+    }
+
     /**
      * Returns if there were any error
      *

tests/src/OneLogin/Saml2/AuthTest.php

@@ -92,6 +92,7 @@ public function testProcessNoResponse()
     * @covers OneLogin_Saml2_Auth::getNameId
     * @covers OneLogin_Saml2_Auth::getErrors
     * @covers OneLogin_Saml2_Auth::getSessionIndex
+    * @covers OneLogin_Saml2_Auth::getSessionExpiration
     * @covers OneLogin_Saml2_Auth::getLastErrorReason    
     */
     public function testProcessResponseInvalid()
@@ -105,6 +106,7 @@ public function testProcessResponseInvalid()
         $this->assertEmpty($this->_auth->getAttributes());
         $this->assertNull($this->_auth->getNameId());
         $this->assertNull($this->_auth->getSessionIndex());
+        $this->assertNull($this->_auth->getSessionExpiration());
         $this->assertNull($this->_auth->getAttribute('uid'));
         $this->assertEquals($this->_auth->getErrors(), array('invalid_response'));
         $this->assertEquals($this->_auth->getLastErrorReason(), "Reference validation failed");
@@ -152,6 +154,7 @@ public function testProcessResponseInvalidRequestId()
     * @covers OneLogin_Saml2_Auth::getAttribute
     * @covers OneLogin_Saml2_Auth::getNameId
     * @covers OneLogin_Saml2_Auth::getSessionIndex
+    * @covers OneLogin_Saml2_Auth::getSessionExpiration
     * @covers OneLogin_Saml2_Auth::getErrors
     */
     public function testProcessResponseValid()
@@ -168,6 +171,9 @@ public function testProcessResponseValid()
         $sessionIndex = $this->_auth->getSessionIndex();
         $this->assertNotNull($sessionIndex);
         $this->assertEquals('_6273d77b8cde0c333ec79d22a9fa0003b9fe2d75cb', $sessionIndex);
+        $sessionExpiration = $this->_auth->getSessionExpiration();
+        $this->assertNotNull($sessionExpiration);
+        $this->assertEquals('1392802621', $sessionExpiration);
     }
 
     /**