From d83525262ec7f573abc852c7a0d33a968caaddd5 Mon Sep 17 00:00:00 2001
From: Andrew Wason <rectalogic@rectalogic.com>
Date: Fri, 10 Sep 2021 17:24:29 -0400
Subject: Handle KeyError when retrieving SessionIndex

This was broken in commit b69e92585
Fixes https://github.com/IdentityPython/pysaml2/issues/826
---
 src/saml2/client.py     |  9 ++++++---
 tests/test_51_client.py | 24 ++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/src/saml2/client.py b/src/saml2/client.py
index 61d81502..aa0bd0c9 100644
--- a/src/saml2/client.py
+++ b/src/saml2/client.py
@@ -294,9 +294,12 @@ class Saml2Client(Base):
                 )
                 continue
 
-            session_info = self.users.get_info_from(name_id, entity_id, False)
-            session_index = session_info.get('session_index')
-            session_indexes = [session_index] if session_index else None
+            try:
+                session_info = self.users.get_info_from(name_id, entity_id, False)
+                session_index = session_info.get('session_index')
+                session_indexes = [session_index] if session_index else None
+            except KeyError:
+                session_indexes = None
 
             sign = sign if sign is not None else self.logout_requests_signed
             sign_post = sign and (
diff --git a/tests/test_51_client.py b/tests/test_51_client.py
index c82917cd..0fbf63f8 100644
--- a/tests/test_51_client.py
+++ b/tests/test_51_client.py
@@ -1594,6 +1594,30 @@ class TestClient:
                                                BINDING_HTTP_POST)
         assert b'<ns0:SessionIndex>_foo</ns0:SessionIndex>' in res.xmlstr
 
+    def test_do_logout_redirect_no_cache(self):
+        conf = config.SPConfig()
+        conf.load_file("sp_slo_redirect_conf")
+        client = Saml2Client(conf)
+
+        entity_ids = ["urn:mace:example.com:saml:roland:idp"]
+        resp = client.do_logout(nid, entity_ids, "urn:oasis:names:tc:SAML:2.0:logout:user",
+                                in_a_while(minutes=5),
+                                expected_binding=BINDING_HTTP_REDIRECT)
+        assert resp
+        assert len(resp) == 1
+        assert list(resp.keys()) == entity_ids
+        binding, info = resp[entity_ids[0]]
+        assert binding == BINDING_HTTP_REDIRECT
+
+        loc = info["headers"][0][1]
+        _, _, _, _, qs, _ = parse.urlparse(loc)
+        qs = parse.parse_qs(qs)
+        assert _leq(qs.keys(), ['SAMLRequest', 'RelayState'])
+
+        res = self.server.parse_logout_request(qs["SAMLRequest"][0],
+                                               BINDING_HTTP_REDIRECT)
+        assert res.subject_id() == nid
+
     def test_do_logout_session_expired(self):
         # information about the user from an IdP
         session_info = {
-- 
cgit v1.2.1