From c2b642f172974b1b7f30d94f20e0db9f92887a3e Mon Sep 17 00:00:00 2001 From: Thomas CHEMINEAU Date: Fri, 23 Apr 2010 15:18:08 +0000 Subject: [PATCH] SAML: continue work on sending logout request for all SP when an SP initiate a logout request --- .../lib/Lemonldap/NG/Portal/IssuerDBSAML.pm | 49 ++++++++++++++----- 1 file changed, 38 insertions(+), 11 deletions(-) diff --git a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm index 6ac0a7026..9a6592fe9 100644 --- a/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm +++ b/modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm @@ -163,7 +163,7 @@ sub issuerForUnAuthUser { # Send logout response return PE_ERROR unless ($self->sendLogoutResponseAfterLogoutRequest( - $logout, $method, $relaystate)); + $logout, $method, $relaystate, 0)); } @@ -672,7 +672,12 @@ sub issuerForAuthUser { $self->lmLog( "SLO: Logout request is valid", 'debug' ); + # Proceed to logout on all others SP + my $logout_dump = $logout->dump; $self->sendLogoutRequestToServiceProviders($logout); + $logout = Lasso::Logout::new_from_dump($server, $logout_dump); + $self->setSessionFromDump( $logout, $session ); + $self->setIdentityFromDump( $logout, $identity ); # Validate request if no previous error unless ( $self->validateLogoutRequest($logout) ) { @@ -707,7 +712,7 @@ sub issuerForAuthUser { # Send logout response return PE_ERROR unless ($self->sendLogoutResponseAfterLogoutRequest( - $logout, $method, $relaystate)); + $logout, $method, $relaystate, 1)); } @@ -739,6 +744,7 @@ sub sendLogoutResponseAfterLogoutRequest { my $logout = shift; my $method = shift; my $relaystate = shift; + my $wait = shift; # Send response depending on request method # HTTP-REDIRECT @@ -748,16 +754,34 @@ sub sendLogoutResponseAfterLogoutRequest { my $slo_url = $logout->msg_url; $self->lmLog( "Redirect user to $slo_url", 'debug' ); - $self->{urldc} = $slo_url; + # Redirect immediately + if (!$wait) { + $self->{urldc} = $slo_url; $self->_subProcess(qw(autoRedirect)); - - # If we are here, there was a problem with GET request $self->lmLog( "Logout response was not sent trough GET", 'error' ); return 0; } + # Redirect in few second + else { + + print ' + '; + + print $self->end_html(); + + exit; + } + + } + # HTTP-POST if ( $method == Lasso::Constants::HTTP_METHOD_POST ) { @@ -831,8 +855,9 @@ sub sendLogoutRequestToServiceProviders { # Get first HTTP method my $protocolType = Lasso::Constants::MD_PROTOCOL_TYPE_SINGLE_LOGOUT; - my $method = - $self->getFirstHttpMethod( $server, $providerID, $protocolType ); + #my $method = + # $self->getFirstHttpMethod( $server, $providerID, $protocolType ); + my $method = Lasso::Constants::HTTP_METHOD_REDIRECT; # Initiate the logout request unless ( $self->initLogoutRequest( $logout, $providerID, $method ) ) @@ -850,6 +875,8 @@ sub sendLogoutRequestToServiceProviders { next; } + $self->lmLog( "Send logout request to $providerID", 'debug' ); + # Send logout request to the provider depending of the request method # HTTP-REDIRECT if ( $method == Lasso::Constants::HTTP_METHOD_REDIRECT ) { @@ -859,10 +886,11 @@ sub sendLogoutRequestToServiceProviders { print '
  • ' . $providerID . '...' . '
    • '; + } # HTTP-POST @@ -927,7 +955,6 @@ sub sendLogoutRequestToServiceProviders { # End page print ''; - print $self->end_html(); }