dani/lemonldap-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Support from logout services: they are deconnected with a GET request after portal logout (#121)

Browse Source
This commit is contained in:
Clément Oudot 2010-08-30 15:46:26 +00:00
parent 611d252ebc
commit 92352246ee
7 changed files with 86 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
modules/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Serializer.pm
View File

@ -102,7 +102,7 @@ sub unserialize {
# Manage hashes
if ( $k =~
/^(?:exportedVars|locationRules|groups|exportedHeaders|macros|globalStorageOptions|remoteGlobalStorageOptions|notificationStorageOptions|samlIDPMetaDataXML|samlIDPMetaDataExportedAttributes|samlIDPMetaDataOptions|samlSPMetaDataXML|samlSPMetaDataExportedAttributes|samlSPMetaDataOptions|samlStorageOptions|CAS_proxiedServices)$/
/^(?:exportedVars|locationRules|groups|exportedHeaders|macros|globalStorageOptions|remoteGlobalStorageOptions|notificationStorageOptions|samlIDPMetaDataXML|samlIDPMetaDataExportedAttributes|samlIDPMetaDataOptions|samlSPMetaDataXML|samlSPMetaDataExportedAttributes|samlSPMetaDataOptions|samlStorageOptions|CAS_proxiedServices|logoutServices)$/
and $v ||= {}
and not ref($v) )
{

7
modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Uploader.pm
View File

@ -98,6 +98,10 @@ sub confUpload {
# Manage new keys
if ($NK) {
# If a strange '5' appears at the end of value, remove it
# -> javascript base64 bug?
$id =~ s/5$//;
# Special case: avoid bug with node created from parent node
if ( $id =~
/^(virtualHosts|samlIDPMetaDataExportedAttributes|samlSPMetaDataExportedAttributes)/
@ -106,9 +110,6 @@ sub confUpload {
$self->lmLog( "Special trigger for $id (attribute $name)",
'debug' );
# A strange '5' appears at the end of value, remove it
$id =~ s/5$//;
# Virtual Host header
$id =~
s/^virtualHosts\/([^\/]*)?\/header.*/exportedHeaders\/$1\/$name/;

12
modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
View File

@ -584,7 +584,7 @@ sub struct {
# OTHER PARAMETERS
advancedParams => {
_nodes => [
qw(customFunctions n:soap n:notifications n:passwordManagement n:security n:redirection n:specialHandlers)
qw(customFunctions n:soap n:notifications n:passwordManagement n:security n:redirection n:specialHandlers cn:logoutServices)
],
customFunctions => 'text:/customFunctions',
@ -662,6 +662,12 @@ sub struct {
},
},
logoutServices => {
_nodes => ['hash:/logoutServices:default:btext'],
_js => 'hashRoot',
_help => 'default',
},
},
},
@ -1149,6 +1155,10 @@ sub testStruct {
},
},
},
logoutServices => {
keyTest => qr/^\w+$/,
keyMsgFail => 'Bad name',
},
macros => {
keyTest => qr/^[_a-zA-Z]\w*$/,
keyMsgFail => 'Bad macro name',

2
modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
View File

@ -136,6 +136,7 @@ sub en {
ldapSetPassword => 'Password modify extended operation',
ldapTimeout => 'Timeout',
ldapVersion => 'Version',
logoutServices => 'Logout forward',
logParams => 'Logs',
macros => 'Macros',
mailBody => 'Success mail content',
@ -434,6 +435,7 @@ sub fr {
ldapSetPassword => 'Opération étendue password modify',
ldapTimeout => 'Temps maximum d\'inactivité',
ldapVersion => 'Version',
logoutServices => 'Transfert de la déconnexion',
logParams => 'Journalisation',
macros => 'Macros',
mailBody => 'Contenu du message de succès',

69
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
View File

@ -126,6 +126,7 @@ use constant {
PM_REDIRECTION => 12,
PM_BACKTOSP => 13,
PM_BACKTOCASURL => 14,
PM_LOGOUT => 15,
};
# EXPORTER PARAMETERS
@ -148,7 +149,7 @@ our @EXPORT = qw( PE_IMG_NOK PE_IMG_OK PE_INFO PE_REDIRECT PE_DONE PE_OK
PM_USER PM_DATE PM_IP PM_SESSIONS_DELETED PM_OTHER_SESSIONS
PM_REMOVE_OTHER_SESSIONS PM_PP_GRACE PM_PP_EXP_WARNING
PM_SAML_IDPSELECT PM_SAML_IDPCHOOSEN PM_REMEMBERCHOICE PM_SAML_SPLOGOUT
PM_REDIRECTION PM_BACKTOSP PM_BACKTOCASURL
PM_REDIRECTION PM_BACKTOSP PM_BACKTOCASURL PM_LOGOUT
);
our %EXPORT_TAGS = ( 'all' => [ @EXPORT, 'import' ], );
@ -1186,7 +1187,9 @@ sub controlExistingSession {
and $id = $cookies{ $self->{cookieName} }->value )
)
{
my $h = $self->getApacheSession($id) or return PE_OK;
my $h = $self->getApacheSession($id);
if ( defined $h ) {
%{ $self->{sessionInfo} } = %$h;
# Logout if required
@ -1202,7 +1205,10 @@ sub controlExistingSession {
my $issuerDBList = $self->{sessionInfo}->{_issuerDB};
if ( defined $issuerDBList ) {
foreach my $issuerDBtype (
split( /\Q$self->{multiValuesSeparator}\E/, $issuerDBList )
split(
/\Q$self->{multiValuesSeparator}\E/,
$issuerDBList
)
)
{
my $module_name =
@ -1210,11 +1216,13 @@ sub controlExistingSession {
$self->lmLog(
"Process logout for issuerDB module $issuerDBtype",
'debug' );
'debug'
);
# Load current IssuerDB module
unless ( $self->loadModule($module_name) ) {
$self->lmLog( "Unable to load $module_name", 'error' );
$self->lmLog( "Unable to load $module_name",
'error' );
next;
}
@ -1228,10 +1236,52 @@ sub controlExistingSession {
# Call authentication logout
eval { $self->{error} = $self->_sub('authLogout'); };
if ($@) {
$self->lmLog( "Error when calling authLogout: $@", 'debug' );
$self->lmLog( "Error when calling authLogout: $@",
'debug' );
}
return $self->{error} if $self->{error} > 0;
# Collect logout services and build hidden iFrames
if ( defined $self->{logoutServices} ) {
$self->lmLog(
"Create iFrames to forward logout to services",
'debug' );
$self->info(
"<h3>"
. &Lemonldap::NG::Portal::_i18n::msg
( Lemonldap::NG::Portal::Simple::PM_LOGOUT,
$ENV{HTTP_ACCEPT_LANGUAGE} )
. "</h3>"
);
foreach ( keys %{ $self->{logoutServices} } ) {
my $logoutServiceName = $_;
my $logoutServiceUrl =
$self->{logoutServices}->{$logoutServiceName};
$self->lmLog(
"Find logout service $logoutServiceName ($logoutServiceUrl)",
'debug'
);
my $iframe =
"<iframe src=\"$logoutServiceUrl\""
. " alt=\"$logoutServiceName\" marginwidth=\"0\""
. " marginheight=\"0\" scrolling=\"no\" style=\"border: none;display: hidden;margin: 0\""
. " width=\"0\" height=\"0\" frameborder=\"0\">"
. "</iframe>";
$self->info($iframe);
}
# Redirect on logout page if no other target defined
if ( !$self->{urldc} and !$self->{postUrl} ) {
$self->{urldc} = $ENV{SCRIPT_NAME} . "?logout=1";
}
}
# Redirect or Post if asked by authLogout
$self->_subProcess(qw(autoRedirect))
if ( $self->{urldc} and $self->{urldc} ne $self->{portal} );
@ -1262,6 +1312,13 @@ sub controlExistingSession {
return $r;
}
}
}
# Display logout success if logout asked
# and we do not have valid session
return PE_LOGOUT_OK if $self->param('logout');
# Else continue authentication process
PE_OK;
}

4
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
View File

@ -2612,11 +2612,11 @@ sub sendLogoutRequestToProviders {
$self->resetProviderIdIndex($logout);
# Header of the block which will be displayed to the user, if needed.
$info .= '<h2>'
$info .= '<h3>'
. &Lemonldap::NG::Portal::_i18n::msg
( Lemonldap::NG::Portal::Simple::PM_SAML_SPLOGOUT,
$ENV{HTTP_ACCEPT_LANGUAGE} )
. '</h2>'
. '</h3>'
. '<table class="sloState">';
# Foreach SP found in session, get it from configuration, and send the

3
modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm
View File

@ -353,6 +353,7 @@ sub error_ro {
# * PM_REDIRECTION 12
# * PM_BACKTOSP 13
# * PM_BACKTOCASURL 14
# * PM_LOGOUT 15
sub msg_en {
use utf8;
@ -372,6 +373,7 @@ sub msg_en {
'Redirection in progress...',
'Go back to service provider',
'The application you just logged out of has provided a link it would like you to follow',
'Logout from other applications...',
];
}
@ -393,6 +395,7 @@ sub msg_fr {
'Redirection en cours...',
'Retourner sur le fournisseur de service',
'Le service duquel vous arrivez a fourni un lien que vous êtes invité à suivre',
'Déconnexion des autres applications...'
];
}