Single Log Out Fix

[izderadicka]

I had problem with IdP from Oracle - SSO worked fine, but SLO had two problems with LogoutRequest:

• nameID in request was different from nameID authenticated with IdP (actually nameID in Logout request is generated randomly).
• SessionIndex was missing in LogoutRequest

I added two parameters to logout method, so current name_id and session_index can be passed to LogoutRequest.

As per SAML v2 profile
4.4.4.1 Usage
The element MUST be present and MUST contain the unique identifier of the requesting entity;
the Format attribute MUST be omitted or have a value of urn:oasis:names:tc:SAML:2.0:nameidformat:
entity.
The requester MUST authenticate itself to the responder and ensure message integrity, either by signing
the message or using a binding-specific mechanism.
The principal MUST be identified in the request using an identifier that strongly matches the identifier in
the authentication assertion the requester issued or received regarding the session being terminated, per
the matching rules defined in Section 3.3.4 of [SAMLCore].
If the requester is a session participant, it MUST include at least one element in the
request. If the requester is a session authority (or acting on its behalf), then it MAY omit any such
elements to indicate the termination of all of the principal's applicable sessions.

It looks like these changes are necessary to match standard requirements.

[pitbulk]

@izderadicka, I will take a look on this issue. Thanks for the PR, but I will code a new solution and add test.

[izderadicka]

Thanks - I tested with out IdP (OIF) and now it works fine.