if you reproduce #2 (comment) then your $_SESSION has a LogoutRequestID
now visit /login.php and you'll get error 500:
Sat Aug 11 09:05:03 2018] PHP Fatal error: Uncaught OneLogin\Saml2\Error: SAML LogoutRequest/LogoutResponse not found. Only supported HTTP_REDIRECT Binding in /srv/spid-php2/vendor/onelogin/php-saml/src/Saml2/Auth.php:317
Stack trace:
#0 /srv/spid-php2/src/Strategy/SpOneLogin.php(106): OneLogin\Saml2\Auth->processSLO(false, 'ONELOGIN_4dc8cc...')
#1 /srv/spid-php2/src/Sp.php(48): Italia\Spid2\Strategy\SpOneLogin->isAuthenticated()
#2 /srv/spid-php2/example/login.php(8): Italia\Spid2\Sp->isAuthenticated()
#3 {main}
thrown in /srv/spid-php2/vendor/onelogin/php-saml/src/Saml2/Auth.php on line 317
the reason is that at this line it is looking for LogoutRequest or LogoutResponse in the headers but nothing is found
if you reproduce #2 (comment) then your
$_SESSIONhas aLogoutRequestIDnow visit
/login.phpand you'll get error 500:the reason is that at this line it is looking for
LogoutRequestorLogoutResponsein the headers but nothing is found