Upse singleLogout by redirect with sessionIndex usage

* larpe/saml2.ptl:
   use sessionIndex to find a session when logout by redirect does not
   give the right session.

git-svn-id: svn+ssh://labs.libre-entreprise.org/svnroot/larpe@479 3ed937ae-f919-0410-9a43-8e6f19e4ba6e

larpe/trunk/larpe/saml2.ptl

@@ -338,14 +338,20 @@ class Saml2(Saml2Directory):
             # its browser configured so that cookies are not sent for
             # remote queries and IdP is using image-based SLO.
             # so we look up a session with the appropriate name identifier
-            name_identifier = logout.nameIdentifier.content
+            # find a matching 
             for session in get_session_manager().values():
-                # This block differs from qommon
-                user = session.get_user(logout.server.providerId)
-                if user and logout.nameIdentifier.content in user.name_identifiers:
+                session_index = session.lasso_session_indexes.get(providerId)
+                name_identifier = session.lasso_session_name_identifiers.get(providerId)
+                request_name_identifier = logout.nameIdentifier.content
+                request_session_index = logout.request.sessionIndex
+                if request_name_identifier == name_identifier and \
+                        (not session_index or request_session_index == session_index):
+                    get_logger().info('SLO/SOAP from %s' % logout.remoteProviderId)
                     break
             else:
-                session = get_session()
+                # no session, build straight failure answer
+                logout.buildResponseMsg()
+                return logout.msgBody
 
         return self.slo_idp(logout, session)