Support from logout services: they are deconnected with a GET request after portal logout (#121)
This commit is contained in:
parent
611d252ebc
commit
92352246ee
|
@ -102,7 +102,7 @@ sub unserialize {
|
|||
|
||||
# Manage hashes
|
||||
if ( $k =~
|
||||
/^(?:exportedVars|locationRules|groups|exportedHeaders|macros|globalStorageOptions|remoteGlobalStorageOptions|notificationStorageOptions|samlIDPMetaDataXML|samlIDPMetaDataExportedAttributes|samlIDPMetaDataOptions|samlSPMetaDataXML|samlSPMetaDataExportedAttributes|samlSPMetaDataOptions|samlStorageOptions|CAS_proxiedServices)$/
|
||||
/^(?:exportedVars|locationRules|groups|exportedHeaders|macros|globalStorageOptions|remoteGlobalStorageOptions|notificationStorageOptions|samlIDPMetaDataXML|samlIDPMetaDataExportedAttributes|samlIDPMetaDataOptions|samlSPMetaDataXML|samlSPMetaDataExportedAttributes|samlSPMetaDataOptions|samlStorageOptions|CAS_proxiedServices|logoutServices)$/
|
||||
and $v ||= {}
|
||||
and not ref($v) )
|
||||
{
|
||||
|
|
|
@ -98,6 +98,10 @@ sub confUpload {
|
|||
# Manage new keys
|
||||
if ($NK) {
|
||||
|
||||
# If a strange '5' appears at the end of value, remove it
|
||||
# -> javascript base64 bug?
|
||||
$id =~ s/5$//;
|
||||
|
||||
# Special case: avoid bug with node created from parent node
|
||||
if ( $id =~
|
||||
/^(virtualHosts|samlIDPMetaDataExportedAttributes|samlSPMetaDataExportedAttributes)/
|
||||
|
@ -106,9 +110,6 @@ sub confUpload {
|
|||
$self->lmLog( "Special trigger for $id (attribute $name)",
|
||||
'debug' );
|
||||
|
||||
# A strange '5' appears at the end of value, remove it
|
||||
$id =~ s/5$//;
|
||||
|
||||
# Virtual Host header
|
||||
$id =~
|
||||
s/^virtualHosts\/([^\/]*)?\/header.*/exportedHeaders\/$1\/$name/;
|
||||
|
|
|
@ -584,7 +584,7 @@ sub struct {
|
|||
# OTHER PARAMETERS
|
||||
advancedParams => {
|
||||
_nodes => [
|
||||
qw(customFunctions n:soap n:notifications n:passwordManagement n:security n:redirection n:specialHandlers)
|
||||
qw(customFunctions n:soap n:notifications n:passwordManagement n:security n:redirection n:specialHandlers cn:logoutServices)
|
||||
],
|
||||
|
||||
customFunctions => 'text:/customFunctions',
|
||||
|
@ -662,6 +662,12 @@ sub struct {
|
|||
},
|
||||
},
|
||||
|
||||
logoutServices => {
|
||||
_nodes => ['hash:/logoutServices:default:btext'],
|
||||
_js => 'hashRoot',
|
||||
_help => 'default',
|
||||
},
|
||||
|
||||
},
|
||||
},
|
||||
|
||||
|
@ -1149,6 +1155,10 @@ sub testStruct {
|
|||
},
|
||||
},
|
||||
},
|
||||
logoutServices => {
|
||||
keyTest => qr/^\w+$/,
|
||||
keyMsgFail => 'Bad name',
|
||||
},
|
||||
macros => {
|
||||
keyTest => qr/^[_a-zA-Z]\w*$/,
|
||||
keyMsgFail => 'Bad macro name',
|
||||
|
|
|
@ -136,6 +136,7 @@ sub en {
|
|||
ldapSetPassword => 'Password modify extended operation',
|
||||
ldapTimeout => 'Timeout',
|
||||
ldapVersion => 'Version',
|
||||
logoutServices => 'Logout forward',
|
||||
logParams => 'Logs',
|
||||
macros => 'Macros',
|
||||
mailBody => 'Success mail content',
|
||||
|
@ -434,6 +435,7 @@ sub fr {
|
|||
ldapSetPassword => 'Opération étendue password modify',
|
||||
ldapTimeout => 'Temps maximum d\'inactivité',
|
||||
ldapVersion => 'Version',
|
||||
logoutServices => 'Transfert de la déconnexion',
|
||||
logParams => 'Journalisation',
|
||||
macros => 'Macros',
|
||||
mailBody => 'Contenu du message de succès',
|
||||
|
|
|
@ -126,6 +126,7 @@ use constant {
|
|||
PM_REDIRECTION => 12,
|
||||
PM_BACKTOSP => 13,
|
||||
PM_BACKTOCASURL => 14,
|
||||
PM_LOGOUT => 15,
|
||||
};
|
||||
|
||||
# EXPORTER PARAMETERS
|
||||
|
@ -148,7 +149,7 @@ our @EXPORT = qw( PE_IMG_NOK PE_IMG_OK PE_INFO PE_REDIRECT PE_DONE PE_OK
|
|||
PM_USER PM_DATE PM_IP PM_SESSIONS_DELETED PM_OTHER_SESSIONS
|
||||
PM_REMOVE_OTHER_SESSIONS PM_PP_GRACE PM_PP_EXP_WARNING
|
||||
PM_SAML_IDPSELECT PM_SAML_IDPCHOOSEN PM_REMEMBERCHOICE PM_SAML_SPLOGOUT
|
||||
PM_REDIRECTION PM_BACKTOSP PM_BACKTOCASURL
|
||||
PM_REDIRECTION PM_BACKTOSP PM_BACKTOCASURL PM_LOGOUT
|
||||
);
|
||||
our %EXPORT_TAGS = ( 'all' => [ @EXPORT, 'import' ], );
|
||||
|
||||
|
@ -1186,7 +1187,9 @@ sub controlExistingSession {
|
|||
and $id = $cookies{ $self->{cookieName} }->value )
|
||||
)
|
||||
{
|
||||
my $h = $self->getApacheSession($id) or return PE_OK;
|
||||
my $h = $self->getApacheSession($id);
|
||||
|
||||
if ( defined $h ) {
|
||||
%{ $self->{sessionInfo} } = %$h;
|
||||
|
||||
# Logout if required
|
||||
|
@ -1202,7 +1205,10 @@ sub controlExistingSession {
|
|||
my $issuerDBList = $self->{sessionInfo}->{_issuerDB};
|
||||
if ( defined $issuerDBList ) {
|
||||
foreach my $issuerDBtype (
|
||||
split( /\Q$self->{multiValuesSeparator}\E/, $issuerDBList )
|
||||
split(
|
||||
/\Q$self->{multiValuesSeparator}\E/,
|
||||
$issuerDBList
|
||||
)
|
||||
)
|
||||
{
|
||||
my $module_name =
|
||||
|
@ -1210,11 +1216,13 @@ sub controlExistingSession {
|
|||
|
||||
$self->lmLog(
|
||||
"Process logout for issuerDB module $issuerDBtype",
|
||||
'debug' );
|
||||
'debug'
|
||||
);
|
||||
|
||||
# Load current IssuerDB module
|
||||
unless ( $self->loadModule($module_name) ) {
|
||||
$self->lmLog( "Unable to load $module_name", 'error' );
|
||||
$self->lmLog( "Unable to load $module_name",
|
||||
'error' );
|
||||
next;
|
||||
}
|
||||
|
||||
|
@ -1228,10 +1236,52 @@ sub controlExistingSession {
|
|||
# Call authentication logout
|
||||
eval { $self->{error} = $self->_sub('authLogout'); };
|
||||
if ($@) {
|
||||
$self->lmLog( "Error when calling authLogout: $@", 'debug' );
|
||||
$self->lmLog( "Error when calling authLogout: $@",
|
||||
'debug' );
|
||||
}
|
||||
return $self->{error} if $self->{error} > 0;
|
||||
|
||||
# Collect logout services and build hidden iFrames
|
||||
if ( defined $self->{logoutServices} ) {
|
||||
|
||||
$self->lmLog(
|
||||
"Create iFrames to forward logout to services",
|
||||
'debug' );
|
||||
|
||||
$self->info(
|
||||
"<h3>"
|
||||
. &Lemonldap::NG::Portal::_i18n::msg
|
||||
( Lemonldap::NG::Portal::Simple::PM_LOGOUT,
|
||||
$ENV{HTTP_ACCEPT_LANGUAGE} )
|
||||
. "</h3>"
|
||||
);
|
||||
|
||||
foreach ( keys %{ $self->{logoutServices} } ) {
|
||||
my $logoutServiceName = $_;
|
||||
my $logoutServiceUrl =
|
||||
$self->{logoutServices}->{$logoutServiceName};
|
||||
|
||||
$self->lmLog(
|
||||
"Find logout service $logoutServiceName ($logoutServiceUrl)",
|
||||
'debug'
|
||||
);
|
||||
|
||||
my $iframe =
|
||||
"<iframe src=\"$logoutServiceUrl\""
|
||||
. " alt=\"$logoutServiceName\" marginwidth=\"0\""
|
||||
. " marginheight=\"0\" scrolling=\"no\" style=\"border: none;display: hidden;margin: 0\""
|
||||
. " width=\"0\" height=\"0\" frameborder=\"0\">"
|
||||
. "</iframe>";
|
||||
|
||||
$self->info($iframe);
|
||||
}
|
||||
|
||||
# Redirect on logout page if no other target defined
|
||||
if ( !$self->{urldc} and !$self->{postUrl} ) {
|
||||
$self->{urldc} = $ENV{SCRIPT_NAME} . "?logout=1";
|
||||
}
|
||||
}
|
||||
|
||||
# Redirect or Post if asked by authLogout
|
||||
$self->_subProcess(qw(autoRedirect))
|
||||
if ( $self->{urldc} and $self->{urldc} ne $self->{portal} );
|
||||
|
@ -1262,6 +1312,13 @@ sub controlExistingSession {
|
|||
return $r;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# Display logout success if logout asked
|
||||
# and we do not have valid session
|
||||
return PE_LOGOUT_OK if $self->param('logout');
|
||||
|
||||
# Else continue authentication process
|
||||
PE_OK;
|
||||
}
|
||||
|
||||
|
|
|
@ -2612,11 +2612,11 @@ sub sendLogoutRequestToProviders {
|
|||
$self->resetProviderIdIndex($logout);
|
||||
|
||||
# Header of the block which will be displayed to the user, if needed.
|
||||
$info .= '<h2>'
|
||||
$info .= '<h3>'
|
||||
. &Lemonldap::NG::Portal::_i18n::msg
|
||||
( Lemonldap::NG::Portal::Simple::PM_SAML_SPLOGOUT,
|
||||
$ENV{HTTP_ACCEPT_LANGUAGE} )
|
||||
. '</h2>'
|
||||
. '</h3>'
|
||||
. '<table class="sloState">';
|
||||
|
||||
# Foreach SP found in session, get it from configuration, and send the
|
||||
|
|
|
@ -353,6 +353,7 @@ sub error_ro {
|
|||
# * PM_REDIRECTION 12
|
||||
# * PM_BACKTOSP 13
|
||||
# * PM_BACKTOCASURL 14
|
||||
# * PM_LOGOUT 15
|
||||
|
||||
sub msg_en {
|
||||
use utf8;
|
||||
|
@ -372,6 +373,7 @@ sub msg_en {
|
|||
'Redirection in progress...',
|
||||
'Go back to service provider',
|
||||
'The application you just logged out of has provided a link it would like you to follow',
|
||||
'Logout from other applications...',
|
||||
];
|
||||
}
|
||||
|
||||
|
@ -393,6 +395,7 @@ sub msg_fr {
|
|||
'Redirection en cours...',
|
||||
'Retourner sur le fournisseur de service',
|
||||
'Le service duquel vous arrivez a fourni un lien que vous êtes invité à suivre',
|
||||
'Déconnexion des autres applications...'
|
||||
];
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user