Work on implementation of OIDC logout (#184)
This commit is contained in:
parent
7bc3c8efff
commit
841f057c25
|
@ -12,6 +12,7 @@ my $token_uri = $portal->{oidcServiceMetaDataTokenURI};
|
|||
my $userinfo_uri = $portal->{oidcServiceMetaDataUserInfoURI};
|
||||
my $jwks_uri = $portal->{oidcServiceMetaDataJWKSURI};
|
||||
my $registration_uri = $portal->{oidcServiceMetaDataRegistrationURI};
|
||||
my $endsession_uri = $portal->{oidcServiceMetaDataEndSessionURI};
|
||||
|
||||
my ($path) = ( $issuerDBOpenIDConnectPath =~ /(\w+)/ );
|
||||
my $issuer = $portal->{oidcServiceMetaDataIssuer};
|
||||
|
@ -27,6 +28,8 @@ $configuration->{userinfo_endpoint} = $issuer . $path . "/" . $userinfo_uri;
|
|||
$configuration->{jwks_uri} = $issuer . $path . "/" . $jwks_uri;
|
||||
$configuration->{registration_endpoint} =
|
||||
$issuer . $path . "/" . $registration_uri;
|
||||
$configuration->{end_session_endpoint} =
|
||||
$issuer . $path . "/" . $endsession_uri;
|
||||
$configuration->{scopes_supported} = [qw/openid profile email address phone/];
|
||||
$configuration->{response_types_supported} = [
|
||||
"code",
|
||||
|
|
|
@ -430,32 +430,24 @@ sub issuerForUnAuthUser {
|
|||
$self->lmLog( "URL $url detected as an OpenID Connect END SESSION URL",
|
||||
'debug' );
|
||||
|
||||
# Check that we are in an inactive session
|
||||
unless ( $self->{id} ) {
|
||||
$self->lmLog( "User is already logged out", 'debug' );
|
||||
|
||||
$self->lmLog( "User is already logged out", 'debug' );
|
||||
my $post_logout_redirect_uri = $self->param('post_logout_redirect_uri');
|
||||
my $state = $self->param('state');
|
||||
|
||||
my $post_logout_redirect_uri =
|
||||
$self->param('post_logout_redirect_uri');
|
||||
my $state = $self->param('state');
|
||||
if ($post_logout_redirect_uri) {
|
||||
|
||||
if ($post_logout_redirect_uri) {
|
||||
# Build Response
|
||||
my $response_url =
|
||||
$self->buildLogoutResponse( $post_logout_redirect_uri, $state );
|
||||
|
||||
# Build Response
|
||||
my $response_url =
|
||||
$self->buildLogoutResponse( $post_logout_redirect_uri,
|
||||
$state );
|
||||
$self->lmLog( "Redirect user to $response_url", 'debug' );
|
||||
$self->{'urldc'} = $response_url;
|
||||
|
||||
$self->lmLog( "Redirect user to $response_url", 'debug' );
|
||||
$self->{'urldc'} = $response_url;
|
||||
|
||||
$self->_sub('autoRedirect');
|
||||
}
|
||||
|
||||
return PE_LOGOUT_OK;
|
||||
$self->_sub('autoRedirect');
|
||||
}
|
||||
|
||||
return PE_OK;
|
||||
return PE_LOGOUT_OK;
|
||||
}
|
||||
|
||||
PE_OK;
|
||||
|
@ -469,11 +461,12 @@ sub issuerForAuthUser {
|
|||
my $self = shift;
|
||||
|
||||
my $issuerDBOpenIDConnectPath = $self->{issuerDBOpenIDConnectPath};
|
||||
my $authorize_uri = $self->{issuerDBOpenIDConnectAuthorizeURI};
|
||||
my $token_uri = $self->{issuerDBOpenIDConnectTokenURI};
|
||||
my $userinfo_uri = $self->{issuerDBOpenIDConnectUserInfoURI};
|
||||
my $authorize_uri = $self->{oidcServiceMetaDataAuthorizeURI};
|
||||
my $token_uri = $self->{oidcServiceMetaDataTokenURI};
|
||||
my $userinfo_uri = $self->{oidcServiceMetaDataUserInfoURI};
|
||||
my $jwks_uri = $self->{oidcServiceMetaDataJWKSURI};
|
||||
my $registration_uri = $self->{oidcServiceMetaDataRegistrationURI};
|
||||
my $endsession_uri = $self->{oidcServiceMetaDataEndSessionURI};
|
||||
my $issuer = $self->{oidcServiceMetaDataIssuer};
|
||||
|
||||
# Session ID
|
||||
|
@ -1120,6 +1113,58 @@ sub issuerForAuthUser {
|
|||
$self->quit;
|
||||
}
|
||||
|
||||
# END SESSION
|
||||
if ( $url_path =~ m#${issuerDBOpenIDConnectPath}${endsession_uri}# ) {
|
||||
|
||||
$self->lmLog( "URL $url detected as an OpenID Connect END SESSION URL",
|
||||
'debug' );
|
||||
|
||||
# Set hidden fields
|
||||
my $oidc_request = {};
|
||||
foreach my $param (qw/id_token_hint post_logout_redirect_uri state/) {
|
||||
$oidc_request->{$param} = $self->getHiddenFormValue($param)
|
||||
|| $self->param($param);
|
||||
$self->lmLog(
|
||||
"OIDC request parameter $param: " . $oidc_request->{$param},
|
||||
'debug' );
|
||||
$self->setHiddenFormValue( $param, $oidc_request->{$param} );
|
||||
}
|
||||
|
||||
my $post_logout_redirect_uri =
|
||||
$oidc_request->{'post_logout_redirect_uri'};
|
||||
my $state = $oidc_request->{'state'};
|
||||
|
||||
# Ask consent for logout
|
||||
if ( $self->param('confirm') == 1 or $self->param('confirm') == 1 ) {
|
||||
if ( $self->param('confirm') == 1 ) {
|
||||
my $apacheSession = $self->getApacheSession($session_id);
|
||||
$self->_deleteSession($apacheSession);
|
||||
}
|
||||
|
||||
if ($post_logout_redirect_uri) {
|
||||
|
||||
# Build Response
|
||||
my $response_url =
|
||||
$self->buildLogoutResponse( $post_logout_redirect_uri,
|
||||
$state );
|
||||
|
||||
$self->lmLog( "Redirect user to $response_url", 'debug' );
|
||||
$self->{'urldc'} = $response_url;
|
||||
|
||||
$self->_sub('autoRedirect');
|
||||
}
|
||||
|
||||
return PE_LOGOUT_OK if $self->param('confirm') == 1;
|
||||
return PE_OK;
|
||||
}
|
||||
|
||||
$self->info('<div>');
|
||||
$self->info("Logout ?");
|
||||
$self->info('</div>');
|
||||
$self->{activeTimer} = 0;
|
||||
return PE_CONFIRM;
|
||||
}
|
||||
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user