SAML: manage SOAP logout request send by IDP to SP
This commit is contained in:
parent
6aac834de7
commit
c236505f45
@ -2069,7 +2069,7 @@ sub sendLogoutResponseToServiceProvider {
|
|||||||
}
|
}
|
||||||
|
|
||||||
## @pmethod int sendLogoutRequestToServiceProvider(Lasso::Logout $logout, string $providerID, int $method)
|
## @pmethod int sendLogoutRequestToServiceProvider(Lasso::Logout $logout, string $providerID, int $method)
|
||||||
# Send logout response issue from a logout request to a service provider
|
# Send a logout request to a service provider
|
||||||
# If information have to be displayed to users, such as iframe to send
|
# If information have to be displayed to users, such as iframe to send
|
||||||
# HTTP-Redirect or HTTP-POST logout request, then $self->{_info} will be
|
# HTTP-Redirect or HTTP-POST logout request, then $self->{_info} will be
|
||||||
# updated.
|
# updated.
|
||||||
@ -2104,7 +2104,6 @@ sub sendLogoutRequestToServiceProvider {
|
|||||||
if ( !$method ) {
|
if ( !$method ) {
|
||||||
$method =
|
$method =
|
||||||
$self->getFirstHttpMethod( $server, $providerID, $protocolType );
|
$self->getFirstHttpMethod( $server, $providerID, $protocolType );
|
||||||
#$method = Lasso::Constants::HTTP_METHOD_REDIRECT;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Initiate the logout request
|
# Initiate the logout request
|
||||||
@ -2120,12 +2119,13 @@ sub sendLogoutRequestToServiceProvider {
|
|||||||
return ( 0, $method, undef );
|
return ( 0, $method, undef );
|
||||||
}
|
}
|
||||||
|
|
||||||
$self->lmLog( "Send logout request to $providerID", 'debug' );
|
|
||||||
|
|
||||||
# Send logout request to the provider depending of the request method
|
# Send logout request to the provider depending of the request method
|
||||||
# HTTP-REDIRECT
|
# HTTP-REDIRECT
|
||||||
if ( $method == Lasso::Constants::HTTP_METHOD_REDIRECT ) {
|
if ( $method == Lasso::Constants::HTTP_METHOD_REDIRECT ) {
|
||||||
|
|
||||||
|
$self->lmLog( "Send HTTP-REDIRECT logout request to $providerID",
|
||||||
|
'debug' );
|
||||||
|
|
||||||
# Redirect user to response URL
|
# Redirect user to response URL
|
||||||
my $slo_url = $logout->msg_url;
|
my $slo_url = $logout->msg_url;
|
||||||
|
|
||||||
@ -2146,6 +2146,8 @@ sub sendLogoutRequestToServiceProvider {
|
|||||||
# HTTP-POST
|
# HTTP-POST
|
||||||
if ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
|
if ( $method == Lasso::Constants::HTTP_METHOD_POST ) {
|
||||||
|
|
||||||
|
$self->lmLog( "Send POST logout request to $providerID", 'debug' );
|
||||||
|
|
||||||
# Use autosubmit form
|
# Use autosubmit form
|
||||||
my $slo_url = $logout->msg_url;
|
my $slo_url = $logout->msg_url;
|
||||||
my $slo_body = $logout->msg_body;
|
my $slo_body = $logout->msg_body;
|
||||||
@ -2164,6 +2166,8 @@ sub sendLogoutRequestToServiceProvider {
|
|||||||
# HTTP-SOAP
|
# HTTP-SOAP
|
||||||
if ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) {
|
if ( $method == Lasso::Constants::HTTP_METHOD_SOAP ) {
|
||||||
|
|
||||||
|
$self->lmLog( "Send SOAP logout request to $providerID", 'debug' );
|
||||||
|
|
||||||
my $slo_url = $logout->msg_url;
|
my $slo_url = $logout->msg_url;
|
||||||
my $slo_body = $logout->msg_body;
|
my $slo_body = $logout->msg_body;
|
||||||
|
|
||||||
@ -2175,12 +2179,9 @@ sub sendLogoutRequestToServiceProvider {
|
|||||||
return ( 0, $method, undef );
|
return ( 0, $method, undef );
|
||||||
}
|
}
|
||||||
|
|
||||||
# Create Logout object
|
|
||||||
my $sp_logout = $self->createLogout($server);
|
|
||||||
|
|
||||||
# Process logout response
|
# Process logout response
|
||||||
my $sp_result =
|
my $sp_result =
|
||||||
$self->processLogoutResponseMsg( $sp_logout, $sp_response );
|
$self->processLogoutResponseMsg( $logout, $sp_response );
|
||||||
|
|
||||||
unless ( $sp_result ) {
|
unless ( $sp_result ) {
|
||||||
$self->lmLog( "Fail to process logout response", 'error' );
|
$self->lmLog( "Fail to process logout response", 'error' );
|
||||||
@ -2189,15 +2190,6 @@ sub sendLogoutRequestToServiceProvider {
|
|||||||
|
|
||||||
$self->lmLog( "Logout response is valid", 'debug' );
|
$self->lmLog( "Logout response is valid", 'debug' );
|
||||||
|
|
||||||
# Replay protection
|
|
||||||
my $samlID = $sp_logout->response()->InResponseTo;
|
|
||||||
|
|
||||||
unless ( $self->replayProtection($samlID) ) {
|
|
||||||
# Logout request was already consumed or is expired
|
|
||||||
$self->lmLog( "Message $samlID already used or expired", 'error' );
|
|
||||||
return ( 0, $method, undef );
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return ( 1, $method, $info );
|
return ( 1, $method, $info );
|
||||||
@ -2474,6 +2466,14 @@ Convert timestamp into SAML2 date format
|
|||||||
|
|
||||||
Convert SAML2 date format into timestamp
|
Convert SAML2 date format into timestamp
|
||||||
|
|
||||||
|
=head2 sendLogoutResponseToServiceProvider
|
||||||
|
|
||||||
|
Send logout response issue from a logout request
|
||||||
|
|
||||||
|
=head2 sendLogoutRequestToServiceProvider
|
||||||
|
|
||||||
|
Send logout request to a service provider
|
||||||
|
|
||||||
=head1 SEE ALSO
|
=head1 SEE ALSO
|
||||||
|
|
||||||
L<Lemonldap::NG::Portal::AuthSAML>, L<Lemonldap::NG::Portal::UserDBSAML>
|
L<Lemonldap::NG::Portal::AuthSAML>, L<Lemonldap::NG::Portal::UserDBSAML>
|
||||||
|
Loading…
Reference in New Issue
Block a user