From 495401756cc6dd4d71e609d7932c04ebc2a7f956 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois-Xavier=20Deltombe?= <fxdeltombe@gmail.com>
Date: Thu, 6 Sep 2012 10:25:41 +0000
Subject: [PATCH] Delete SAML relaystate data after it is read (Lemonldap-524)

---
 lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
index ed22a67bf..741663ead 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
@@ -1212,7 +1212,13 @@ sub extractRelayState {
         $self->{$_} = $samlSessionInfo->{$_};
     }
 
-    untie %$samlSessionInfo;
+    # delete relaystate session
+    eval { tied(%$samlSessionInfo)->delete(); };
+    if ($@) {
+        $self->lmLog( "Unable to delete relaystate $relaystate", 'error' );
+    } else {
+        $self->lmLog( "Relaystate $relaystate was deleted", 'debug' );
+    }
 
     return 1;
 }