diff --git a/modules/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Serializer.pm b/modules/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Serializer.pm
index 6ad57f394..9e0a1ccae 100644
--- a/modules/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Serializer.pm
+++ b/modules/lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/Serializer.pm
@@ -102,7 +102,7 @@ sub unserialize {
# Manage hashes
if ( $k =~
-/^(?:exportedVars|locationRules|groups|exportedHeaders|macros|globalStorageOptions|remoteGlobalStorageOptions|notificationStorageOptions|samlIDPMetaDataXML|samlIDPMetaDataExportedAttributes|samlIDPMetaDataOptions|samlSPMetaDataXML|samlSPMetaDataExportedAttributes|samlSPMetaDataOptions|samlStorageOptions|CAS_proxiedServices)$/
+/^(?:exportedVars|locationRules|groups|exportedHeaders|macros|globalStorageOptions|remoteGlobalStorageOptions|notificationStorageOptions|samlIDPMetaDataXML|samlIDPMetaDataExportedAttributes|samlIDPMetaDataOptions|samlSPMetaDataXML|samlSPMetaDataExportedAttributes|samlSPMetaDataOptions|samlStorageOptions|CAS_proxiedServices|logoutServices)$/
and $v ||= {}
and not ref($v) )
{
diff --git a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Uploader.pm b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Uploader.pm
index 1666aaf68..bbe5c4b60 100644
--- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Uploader.pm
+++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Uploader.pm
@@ -98,6 +98,10 @@ sub confUpload {
# Manage new keys
if ($NK) {
+ # If a strange '5' appears at the end of value, remove it
+ # -> javascript base64 bug?
+ $id =~ s/5$//;
+
# Special case: avoid bug with node created from parent node
if ( $id =~
/^(virtualHosts|samlIDPMetaDataExportedAttributes|samlSPMetaDataExportedAttributes)/
@@ -106,9 +110,6 @@ sub confUpload {
$self->lmLog( "Special trigger for $id (attribute $name)",
'debug' );
- # A strange '5' appears at the end of value, remove it
- $id =~ s/5$//;
-
# Virtual Host header
$id =~
s/^virtualHosts\/([^\/]*)?\/header.*/exportedHeaders\/$1\/$name/;
diff --git a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
index eaf0f72bb..ae080e16e 100644
--- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
+++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm
@@ -584,7 +584,7 @@ sub struct {
# OTHER PARAMETERS
advancedParams => {
_nodes => [
- qw(customFunctions n:soap n:notifications n:passwordManagement n:security n:redirection n:specialHandlers)
+ qw(customFunctions n:soap n:notifications n:passwordManagement n:security n:redirection n:specialHandlers cn:logoutServices)
],
customFunctions => 'text:/customFunctions',
@@ -662,6 +662,12 @@ sub struct {
},
},
+ logoutServices => {
+ _nodes => ['hash:/logoutServices:default:btext'],
+ _js => 'hashRoot',
+ _help => 'default',
+ },
+
},
},
@@ -1149,6 +1155,10 @@ sub testStruct {
},
},
},
+ logoutServices => {
+ keyTest => qr/^\w+$/,
+ keyMsgFail => 'Bad name',
+ },
macros => {
keyTest => qr/^[_a-zA-Z]\w*$/,
keyMsgFail => 'Bad macro name',
diff --git a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
index c8247106a..13feae683 100644
--- a/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
+++ b/modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm
@@ -136,6 +136,7 @@ sub en {
ldapSetPassword => 'Password modify extended operation',
ldapTimeout => 'Timeout',
ldapVersion => 'Version',
+ logoutServices => 'Logout forward',
logParams => 'Logs',
macros => 'Macros',
mailBody => 'Success mail content',
@@ -434,6 +435,7 @@ sub fr {
ldapSetPassword => 'Opération étendue password modify',
ldapTimeout => 'Temps maximum d\'inactivité',
ldapVersion => 'Version',
+ logoutServices => 'Transfert de la déconnexion',
logParams => 'Journalisation',
macros => 'Macros',
mailBody => 'Contenu du message de succès',
diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
index dbf05a8d7..10512eed4 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Simple.pm
@@ -126,6 +126,7 @@ use constant {
PM_REDIRECTION => 12,
PM_BACKTOSP => 13,
PM_BACKTOCASURL => 14,
+ PM_LOGOUT => 15,
};
# EXPORTER PARAMETERS
@@ -148,7 +149,7 @@ our @EXPORT = qw( PE_IMG_NOK PE_IMG_OK PE_INFO PE_REDIRECT PE_DONE PE_OK
PM_USER PM_DATE PM_IP PM_SESSIONS_DELETED PM_OTHER_SESSIONS
PM_REMOVE_OTHER_SESSIONS PM_PP_GRACE PM_PP_EXP_WARNING
PM_SAML_IDPSELECT PM_SAML_IDPCHOOSEN PM_REMEMBERCHOICE PM_SAML_SPLOGOUT
- PM_REDIRECTION PM_BACKTOSP PM_BACKTOCASURL
+ PM_REDIRECTION PM_BACKTOSP PM_BACKTOCASURL PM_LOGOUT
);
our %EXPORT_TAGS = ( 'all' => [ @EXPORT, 'import' ], );
@@ -1186,7 +1187,9 @@ sub controlExistingSession {
and $id = $cookies{ $self->{cookieName} }->value )
)
{
- my $h = $self->getApacheSession($id) or return PE_OK;
+ my $h = $self->getApacheSession($id);
+
+ if ( defined $h ) {
%{ $self->{sessionInfo} } = %$h;
# Logout if required
@@ -1202,7 +1205,10 @@ sub controlExistingSession {
my $issuerDBList = $self->{sessionInfo}->{_issuerDB};
if ( defined $issuerDBList ) {
foreach my $issuerDBtype (
- split( /\Q$self->{multiValuesSeparator}\E/, $issuerDBList )
+ split(
+ /\Q$self->{multiValuesSeparator}\E/,
+ $issuerDBList
+ )
)
{
my $module_name =
@@ -1210,11 +1216,13 @@ sub controlExistingSession {
$self->lmLog(
"Process logout for issuerDB module $issuerDBtype",
- 'debug' );
+ 'debug'
+ );
# Load current IssuerDB module
unless ( $self->loadModule($module_name) ) {
- $self->lmLog( "Unable to load $module_name", 'error' );
+ $self->lmLog( "Unable to load $module_name",
+ 'error' );
next;
}
@@ -1228,10 +1236,52 @@ sub controlExistingSession {
# Call authentication logout
eval { $self->{error} = $self->_sub('authLogout'); };
if ($@) {
- $self->lmLog( "Error when calling authLogout: $@", 'debug' );
+ $self->lmLog( "Error when calling authLogout: $@",
+ 'debug' );
}
return $self->{error} if $self->{error} > 0;
+ # Collect logout services and build hidden iFrames
+ if ( defined $self->{logoutServices} ) {
+
+ $self->lmLog(
+ "Create iFrames to forward logout to services",
+ 'debug' );
+
+ $self->info(
+ ""
+ . &Lemonldap::NG::Portal::_i18n::msg
+ ( Lemonldap::NG::Portal::Simple::PM_LOGOUT,
+ $ENV{HTTP_ACCEPT_LANGUAGE} )
+ . "
"
+ );
+
+ foreach ( keys %{ $self->{logoutServices} } ) {
+ my $logoutServiceName = $_;
+ my $logoutServiceUrl =
+ $self->{logoutServices}->{$logoutServiceName};
+
+ $self->lmLog(
+"Find logout service $logoutServiceName ($logoutServiceUrl)",
+ 'debug'
+ );
+
+ my $iframe =
+ "";
+
+ $self->info($iframe);
+ }
+
+ # Redirect on logout page if no other target defined
+ if ( !$self->{urldc} and !$self->{postUrl} ) {
+ $self->{urldc} = $ENV{SCRIPT_NAME} . "?logout=1";
+ }
+ }
+
# Redirect or Post if asked by authLogout
$self->_subProcess(qw(autoRedirect))
if ( $self->{urldc} and $self->{urldc} ne $self->{portal} );
@@ -1262,6 +1312,13 @@ sub controlExistingSession {
return $r;
}
}
+ }
+
+ # Display logout success if logout asked
+ # and we do not have valid session
+ return PE_LOGOUT_OK if $self->param('logout');
+
+ # Else continue authentication process
PE_OK;
}
diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
index e1c558319..d7a16617d 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_SAML.pm
@@ -2612,11 +2612,11 @@ sub sendLogoutRequestToProviders {
$self->resetProviderIdIndex($logout);
# Header of the block which will be displayed to the user, if needed.
- $info .= ''
+ $info .= ''
. &Lemonldap::NG::Portal::_i18n::msg
( Lemonldap::NG::Portal::Simple::PM_SAML_SPLOGOUT,
$ENV{HTTP_ACCEPT_LANGUAGE} )
- . '
'
+ . ''
. '';
# Foreach SP found in session, get it from configuration, and send the
diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm
index 1db0327d8..cd45bfbb5 100644
--- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm
+++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/_i18n.pm
@@ -353,6 +353,7 @@ sub error_ro {
# * PM_REDIRECTION 12
# * PM_BACKTOSP 13
# * PM_BACKTOCASURL 14
+# * PM_LOGOUT 15
sub msg_en {
use utf8;
@@ -372,6 +373,7 @@ sub msg_en {
'Redirection in progress...',
'Go back to service provider',
'The application you just logged out of has provided a link it would like you to follow',
+ 'Logout from other applications...',
];
}
@@ -393,6 +395,7 @@ sub msg_fr {
'Redirection en cours...',
'Retourner sur le fournisseur de service',
'Le service duquel vous arrivez a fourni un lien que vous êtes invité à suivre',
+ 'Déconnexion des autres applications...'
];
}