Do not confuse Settings::getIdPSLOResponseUrl() with bad example

[RoSk0]

When IdP configuration has the responseUrl set to an empty string, as it is currently in the example config file, during the single log out flow when LogoutRequest is received, that could lead to the attempt to respond to the IdP using a RelayState value, rather than singleLogoutService.url value, because unlike Settings::checkIdPSettings(), Settings::getIdPSLOResponseUrl() only checks if responseUrl isset() like is it demonstrated here https://3v4l.org/VhEdl .

In my opinion, Settings::checkIdPSettings() should be improved to error on an empty string in the responseUrl value which is implemented in a separate commit.

[RoSk0]

I've checked the failures and both cases appear legitimate to me, if I understand this correctly, and suggest that \OneLogin_Saml_Settings::$idpSingleLogOutUrl should be made nullable.

[pitbulk]

In the example config file, all parameters are empty.

getIdPSLOResponseUrl works in the same way than getIdPSSOUrl and getIdPSLOUrl.

The same redirectTo behavior happens on the login, that's why is important to validate the IdP settings.

An empty value on any 'url' parameter is considered wrong and will raise an error.
You can set null or avoid to include the parameter, if that parameter is optional, like singleLogoutService.responseUrl

OneLogin_Saml_Settings is a deprecated class, you should not be using it an use instead OneLogin_Saml2_Settings