From 3ad495f824b1f93ae29b9a049643dee7dd90a5bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= Date: Fri, 3 Apr 2015 13:00:30 +0000 Subject: [PATCH] Call endsession point in authLogout (#183) --- .../Lemonldap/NG/Portal/AuthOpenIDConnect.pm | 30 ++++++++++++++-- .../lib/Lemonldap/NG/Portal/_OpenIDConnect.pm | 36 +++++++++++++++++++ 2 files changed, 63 insertions(+), 3 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenIDConnect.pm index 8e2dea37b..0565d0069 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthOpenIDConnect.pm @@ -36,7 +36,7 @@ sub setAuthSessionInfo { $self->{sessionInfo}->{OpenIDConnect_OP} = $self->{_oidcOPCurrent}; $self->{sessionInfo}->{OpenIDConnect_access_token} = $self->{tmp}->{access_token}; - $self->{sessionInfo}->{OpenIDConnect_IDToken} = $self->{tmp}->{IDToken}; + $self->{sessionInfo}->{OpenIDConnect_IDToken} = $self->{tmp}->{id_token}; PE_OK; } @@ -180,7 +180,7 @@ sub extractFormInfo { # Remember tokens $self->{tmp}->{access_token} = $access_token; - $self->{tmp}->{id_token} = $id_token_payload_hash; + $self->{tmp}->{id_token} = $id_token; $self->lmLog( "Found user_id: " . $user_id, 'debug' ); $self->{user} = $user_id; @@ -267,9 +267,33 @@ sub authFinish { } ## @apmethod int authLogout() -# Does nothing +# Send request to endsession endpoint # @return Lemonldap::NG::Portal constant sub authLogout { + my $self = shift; + + my $op = $self->{sessionInfo}->{OpenIDConnect_OP}; + + # Find endession endpoint + my $endsession_endpoint = + $self->{_oidcOPList}->{$op}->{conf}->{end_session_endpoint}; + + if ($endsession_endpoint) { + my $logout_url = $self->{portal} . "/?logout=1"; + my $logout_request = + $self->buildLogoutRequest( $endsession_endpoint, + $self->{sessionInfo}->{OpenIDConnect_IDToken}, $logout_url ); + + $self->lmLog( + "OpenID Connect logout to $op will be done on $logout_request", + 'debug' ); + + $self->{urldc} = $logout_request; + } + else { + $self->lmLog( "No end session endpoint found for $op", 'debug' ); + } + PE_OK; } diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm index fbcf38df3..1d6528673 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_OpenIDConnect.pm @@ -1296,6 +1296,38 @@ sub key2jwks { return $hash; } +## @method String buildLogoutRequest(String redirect_uri, String id_token_hint, String post_logout_redirect_uri, String state) +# Build Logout Request URI +# @param redirect_uri Redirect URI +# @param id_token_hint ID Token +# @param post_logout_redirect_uri Callback URI +# @param state State +# return String Logout URI +sub buildLogoutRequest { + my ( $self, $redirect_uri, $id_token_hint, $post_logout_redirect_uri, + $state ) + = splice @_; + + my $response_url = $redirect_uri; + + if ($id_token_hint) { + $response_url .= ( $response_url =~ /\?/ ? '&' : '?' ); + $response_url .= "id_token_hint=" . uri_escape($id_token_hint); + } + + if ($post_logout_redirect_uri) { + $response_url .= ( $response_url =~ /\?/ ? '&' : '?' ); + $response_url .= + "post_logout_redirect_uri=" . uri_escape($post_logout_redirect_uri); + } + + if ($state) { + $response_url .= ( $response_url =~ /\?/ ? '&' : '?' ); + $response_url .= "state=" . uri_escape($state); + } + + return $response_url; +} ## @method String buildLogoutResponse(String redirect_uri, String state) # Build Logout Response URI @@ -1464,6 +1496,10 @@ Return sub field of an ID Token Return JWKS representation of a key +=head2 buildLogoutRequest + +Build Logout Request URI + =head2 buildLogoutResponse Build Logout Response URI