Support from logout services: they are deconnected with a GET request after portal logout (#121)
This commit is contained in:
parent
611d252ebc
commit
92352246ee
@ -102,7 +102,7 @@ sub unserialize {
|
|||||||
|
|
||||||
# Manage hashes
|
# Manage hashes
|
||||||
if ( $k =~
|
if ( $k =~
|
||||||
/^(?:exportedVars|locationRules|groups|exportedHeaders|macros|globalStorageOptions|remoteGlobalStorageOptions|notificationStorageOptions|samlIDPMetaDataXML|samlIDPMetaDataExportedAttributes|samlIDPMetaDataOptions|samlSPMetaDataXML|samlSPMetaDataExportedAttributes|samlSPMetaDataOptions|samlStorageOptions|CAS_proxiedServices)$/
|
/^(?:exportedVars|locationRules|groups|exportedHeaders|macros|globalStorageOptions|remoteGlobalStorageOptions|notificationStorageOptions|samlIDPMetaDataXML|samlIDPMetaDataExportedAttributes|samlIDPMetaDataOptions|samlSPMetaDataXML|samlSPMetaDataExportedAttributes|samlSPMetaDataOptions|samlStorageOptions|CAS_proxiedServices|logoutServices)$/
|
||||||
and $v ||= {}
|
and $v ||= {}
|
||||||
and not ref($v) )
|
and not ref($v) )
|
||||||
{
|
{
|
||||||
|
@ -98,6 +98,10 @@ sub confUpload {
|
|||||||
# Manage new keys
|
# Manage new keys
|
||||||
if ($NK) {
|
if ($NK) {
|
||||||
|
|
||||||
|
# If a strange '5' appears at the end of value, remove it
|
||||||
|
# -> javascript base64 bug?
|
||||||
|
$id =~ s/5$//;
|
||||||
|
|
||||||
# Special case: avoid bug with node created from parent node
|
# Special case: avoid bug with node created from parent node
|
||||||
if ( $id =~
|
if ( $id =~
|
||||||
/^(virtualHosts|samlIDPMetaDataExportedAttributes|samlSPMetaDataExportedAttributes)/
|
/^(virtualHosts|samlIDPMetaDataExportedAttributes|samlSPMetaDataExportedAttributes)/
|
||||||
@ -106,9 +110,6 @@ sub confUpload {
|
|||||||
$self->lmLog( "Special trigger for $id (attribute $name)",
|
$self->lmLog( "Special trigger for $id (attribute $name)",
|
||||||
'debug' );
|
'debug' );
|
||||||
|
|
||||||
# A strange '5' appears at the end of value, remove it
|
|
||||||
$id =~ s/5$//;
|
|
||||||
|
|
||||||
# Virtual Host header
|
# Virtual Host header
|
||||||
$id =~
|
$id =~
|
||||||
s/^virtualHosts\/([^\/]*)?\/header.*/exportedHeaders\/$1\/$name/;
|
s/^virtualHosts\/([^\/]*)?\/header.*/exportedHeaders\/$1\/$name/;
|
||||||
|
@ -584,7 +584,7 @@ sub struct {
|
|||||||
# OTHER PARAMETERS
|
# OTHER PARAMETERS
|
||||||
advancedParams => {
|
advancedParams => {
|
||||||
_nodes => [
|
_nodes => [
|
||||||
qw(customFunctions n:soap n:notifications n:passwordManagement n:security n:redirection n:specialHandlers)
|
qw(customFunctions n:soap n:notifications n:passwordManagement n:security n:redirection n:specialHandlers cn:logoutServices)
|
||||||
],
|
],
|
||||||
|
|
||||||
customFunctions => 'text:/customFunctions',
|
customFunctions => 'text:/customFunctions',
|
||||||
@ -662,6 +662,12 @@ sub struct {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
|
logoutServices => {
|
||||||
|
_nodes => ['hash:/logoutServices:default:btext'],
|
||||||
|
_js => 'hashRoot',
|
||||||
|
_help => 'default',
|
||||||
|
},
|
||||||
|
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
||||||
@ -1149,6 +1155,10 @@ sub testStruct {
|
|||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
logoutServices => {
|
||||||
|
keyTest => qr/^\w+$/,
|
||||||
|
keyMsgFail => 'Bad name',
|
||||||
|
},
|
||||||
macros => {
|
macros => {
|
||||||
keyTest => qr/^[_a-zA-Z]\w*$/,
|
keyTest => qr/^[_a-zA-Z]\w*$/,
|
||||||
keyMsgFail => 'Bad macro name',
|
keyMsgFail => 'Bad macro name',
|
||||||
|
@ -136,6 +136,7 @@ sub en {
|
|||||||
ldapSetPassword => 'Password modify extended operation',
|
ldapSetPassword => 'Password modify extended operation',
|
||||||
ldapTimeout => 'Timeout',
|
ldapTimeout => 'Timeout',
|
||||||
ldapVersion => 'Version',
|
ldapVersion => 'Version',
|
||||||
|
logoutServices => 'Logout forward',
|
||||||
logParams => 'Logs',
|
logParams => 'Logs',
|
||||||
macros => 'Macros',
|
macros => 'Macros',
|
||||||
mailBody => 'Success mail content',
|
mailBody => 'Success mail content',
|
||||||
@ -434,6 +435,7 @@ sub fr {
|
|||||||
ldapSetPassword => 'Opération étendue password modify',
|
ldapSetPassword => 'Opération étendue password modify',
|
||||||
ldapTimeout => 'Temps maximum d\'inactivité',
|
ldapTimeout => 'Temps maximum d\'inactivité',
|
||||||
ldapVersion => 'Version',
|
ldapVersion => 'Version',
|
||||||
|
logoutServices => 'Transfert de la déconnexion',
|
||||||
logParams => 'Journalisation',
|
logParams => 'Journalisation',
|
||||||
macros => 'Macros',
|
macros => 'Macros',
|
||||||
mailBody => 'Contenu du message de succès',
|
mailBody => 'Contenu du message de succès',
|
||||||
|
@ -126,6 +126,7 @@ use constant {
|
|||||||
PM_REDIRECTION => 12,
|
PM_REDIRECTION => 12,
|
||||||
PM_BACKTOSP => 13,
|
PM_BACKTOSP => 13,
|
||||||
PM_BACKTOCASURL => 14,
|
PM_BACKTOCASURL => 14,
|
||||||
|
PM_LOGOUT => 15,
|
||||||
};
|
};
|
||||||
|
|
||||||
# EXPORTER PARAMETERS
|
# EXPORTER PARAMETERS
|
||||||
@ -148,7 +149,7 @@ our @EXPORT = qw( PE_IMG_NOK PE_IMG_OK PE_INFO PE_REDIRECT PE_DONE PE_OK
|
|||||||
PM_USER PM_DATE PM_IP PM_SESSIONS_DELETED PM_OTHER_SESSIONS
|
PM_USER PM_DATE PM_IP PM_SESSIONS_DELETED PM_OTHER_SESSIONS
|
||||||
PM_REMOVE_OTHER_SESSIONS PM_PP_GRACE PM_PP_EXP_WARNING
|
PM_REMOVE_OTHER_SESSIONS PM_PP_GRACE PM_PP_EXP_WARNING
|
||||||
PM_SAML_IDPSELECT PM_SAML_IDPCHOOSEN PM_REMEMBERCHOICE PM_SAML_SPLOGOUT
|
PM_SAML_IDPSELECT PM_SAML_IDPCHOOSEN PM_REMEMBERCHOICE PM_SAML_SPLOGOUT
|
||||||
PM_REDIRECTION PM_BACKTOSP PM_BACKTOCASURL
|
PM_REDIRECTION PM_BACKTOSP PM_BACKTOCASURL PM_LOGOUT
|
||||||
);
|
);
|
||||||
our %EXPORT_TAGS = ( 'all' => [ @EXPORT, 'import' ], );
|
our %EXPORT_TAGS = ( 'all' => [ @EXPORT, 'import' ], );
|
||||||
|
|
||||||
@ -1186,7 +1187,9 @@ sub controlExistingSession {
|
|||||||
and $id = $cookies{ $self->{cookieName} }->value )
|
and $id = $cookies{ $self->{cookieName} }->value )
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
my $h = $self->getApacheSession($id) or return PE_OK;
|
my $h = $self->getApacheSession($id);
|
||||||
|
|
||||||
|
if ( defined $h ) {
|
||||||
%{ $self->{sessionInfo} } = %$h;
|
%{ $self->{sessionInfo} } = %$h;
|
||||||
|
|
||||||
# Logout if required
|
# Logout if required
|
||||||
@ -1202,7 +1205,10 @@ sub controlExistingSession {
|
|||||||
my $issuerDBList = $self->{sessionInfo}->{_issuerDB};
|
my $issuerDBList = $self->{sessionInfo}->{_issuerDB};
|
||||||
if ( defined $issuerDBList ) {
|
if ( defined $issuerDBList ) {
|
||||||
foreach my $issuerDBtype (
|
foreach my $issuerDBtype (
|
||||||
split( /\Q$self->{multiValuesSeparator}\E/, $issuerDBList )
|
split(
|
||||||
|
/\Q$self->{multiValuesSeparator}\E/,
|
||||||
|
$issuerDBList
|
||||||
|
)
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
my $module_name =
|
my $module_name =
|
||||||
@ -1210,11 +1216,13 @@ sub controlExistingSession {
|
|||||||
|
|
||||||
$self->lmLog(
|
$self->lmLog(
|
||||||
"Process logout for issuerDB module $issuerDBtype",
|
"Process logout for issuerDB module $issuerDBtype",
|
||||||
'debug' );
|
'debug'
|
||||||
|
);
|
||||||
|
|
||||||
# Load current IssuerDB module
|
# Load current IssuerDB module
|
||||||
unless ( $self->loadModule($module_name) ) {
|
unless ( $self->loadModule($module_name) ) {
|
||||||
$self->lmLog( "Unable to load $module_name", 'error' );
|
$self->lmLog( "Unable to load $module_name",
|
||||||
|
'error' );
|
||||||
next;
|
next;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1228,10 +1236,52 @@ sub controlExistingSession {
|
|||||||
# Call authentication logout
|
# Call authentication logout
|
||||||
eval { $self->{error} = $self->_sub('authLogout'); };
|
eval { $self->{error} = $self->_sub('authLogout'); };
|
||||||
if ($@) {
|
if ($@) {
|
||||||
$self->lmLog( "Error when calling authLogout: $@", 'debug' );
|
$self->lmLog( "Error when calling authLogout: $@",
|
||||||
|
'debug' );
|
||||||
}
|
}
|
||||||
return $self->{error} if $self->{error} > 0;
|
return $self->{error} if $self->{error} > 0;
|
||||||
|
|
||||||
|
# Collect logout services and build hidden iFrames
|
||||||
|
if ( defined $self->{logoutServices} ) {
|
||||||
|
|
||||||
|
$self->lmLog(
|
||||||
|
"Create iFrames to forward logout to services",
|
||||||
|
'debug' );
|
||||||
|
|
||||||
|
$self->info(
|
||||||
|
"<h3>"
|
||||||
|
. &Lemonldap::NG::Portal::_i18n::msg
|
||||||
|
( Lemonldap::NG::Portal::Simple::PM_LOGOUT,
|
||||||
|
$ENV{HTTP_ACCEPT_LANGUAGE} )
|
||||||
|
. "</h3>"
|
||||||
|
);
|
||||||
|
|
||||||
|
foreach ( keys %{ $self->{logoutServices} } ) {
|
||||||
|
my $logoutServiceName = $_;
|
||||||
|
my $logoutServiceUrl =
|
||||||
|
$self->{logoutServices}->{$logoutServiceName};
|
||||||
|
|
||||||
|
$self->lmLog(
|
||||||
|
"Find logout service $logoutServiceName ($logoutServiceUrl)",
|
||||||
|
'debug'
|
||||||
|
);
|
||||||
|
|
||||||
|
my $iframe =
|
||||||
|
"<iframe src=\"$logoutServiceUrl\""
|
||||||
|
. " alt=\"$logoutServiceName\" marginwidth=\"0\""
|
||||||
|
. " marginheight=\"0\" scrolling=\"no\" style=\"border: none;display: hidden;margin: 0\""
|
||||||
|
. " width=\"0\" height=\"0\" frameborder=\"0\">"
|
||||||
|
. "</iframe>";
|
||||||
|
|
||||||
|
$self->info($iframe);
|
||||||
|
}
|
||||||
|
|
||||||
|
# Redirect on logout page if no other target defined
|
||||||
|
if ( !$self->{urldc} and !$self->{postUrl} ) {
|
||||||
|
$self->{urldc} = $ENV{SCRIPT_NAME} . "?logout=1";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
# Redirect or Post if asked by authLogout
|
# Redirect or Post if asked by authLogout
|
||||||
$self->_subProcess(qw(autoRedirect))
|
$self->_subProcess(qw(autoRedirect))
|
||||||
if ( $self->{urldc} and $self->{urldc} ne $self->{portal} );
|
if ( $self->{urldc} and $self->{urldc} ne $self->{portal} );
|
||||||
@ -1262,6 +1312,13 @@ sub controlExistingSession {
|
|||||||
return $r;
|
return $r;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Display logout success if logout asked
|
||||||
|
# and we do not have valid session
|
||||||
|
return PE_LOGOUT_OK if $self->param('logout');
|
||||||
|
|
||||||
|
# Else continue authentication process
|
||||||
PE_OK;
|
PE_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2612,11 +2612,11 @@ sub sendLogoutRequestToProviders {
|
|||||||
$self->resetProviderIdIndex($logout);
|
$self->resetProviderIdIndex($logout);
|
||||||
|
|
||||||
# Header of the block which will be displayed to the user, if needed.
|
# Header of the block which will be displayed to the user, if needed.
|
||||||
$info .= '<h2>'
|
$info .= '<h3>'
|
||||||
. &Lemonldap::NG::Portal::_i18n::msg
|
. &Lemonldap::NG::Portal::_i18n::msg
|
||||||
( Lemonldap::NG::Portal::Simple::PM_SAML_SPLOGOUT,
|
( Lemonldap::NG::Portal::Simple::PM_SAML_SPLOGOUT,
|
||||||
$ENV{HTTP_ACCEPT_LANGUAGE} )
|
$ENV{HTTP_ACCEPT_LANGUAGE} )
|
||||||
. '</h2>'
|
. '</h3>'
|
||||||
. '<table class="sloState">';
|
. '<table class="sloState">';
|
||||||
|
|
||||||
# Foreach SP found in session, get it from configuration, and send the
|
# Foreach SP found in session, get it from configuration, and send the
|
||||||
|
@ -353,6 +353,7 @@ sub error_ro {
|
|||||||
# * PM_REDIRECTION 12
|
# * PM_REDIRECTION 12
|
||||||
# * PM_BACKTOSP 13
|
# * PM_BACKTOSP 13
|
||||||
# * PM_BACKTOCASURL 14
|
# * PM_BACKTOCASURL 14
|
||||||
|
# * PM_LOGOUT 15
|
||||||
|
|
||||||
sub msg_en {
|
sub msg_en {
|
||||||
use utf8;
|
use utf8;
|
||||||
@ -372,6 +373,7 @@ sub msg_en {
|
|||||||
'Redirection in progress...',
|
'Redirection in progress...',
|
||||||
'Go back to service provider',
|
'Go back to service provider',
|
||||||
'The application you just logged out of has provided a link it would like you to follow',
|
'The application you just logged out of has provided a link it would like you to follow',
|
||||||
|
'Logout from other applications...',
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -393,6 +395,7 @@ sub msg_fr {
|
|||||||
'Redirection en cours...',
|
'Redirection en cours...',
|
||||||
'Retourner sur le fournisseur de service',
|
'Retourner sur le fournisseur de service',
|
||||||
'Le service duquel vous arrivez a fourni un lien que vous êtes invité à suivre',
|
'Le service duquel vous arrivez a fourni un lien que vous êtes invité à suivre',
|
||||||
|
'Déconnexion des autres applications...'
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user