Manage CAS logout service (#1298)

2017-09-11 15:26:44 +00:00 · 2017-09-11 15:26:44 +00:00 · c5368caac2
parent 19cbbe4372
commit c5368caac2
5 changed files with 14 additions and 8 deletions
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Auth/CAS.pm
@ -250,11 +250,9 @@ sub authLogout {
    my ( $self, $req ) = @_;

    # Build CAS logout URL
-    my $logout_url = $self->getServerLogoutURL(
-        uri_escape( $self->p->fullUrl($req) ),
+    my $logout_url = $self->getServerLogoutURL( $self->p->fullUrl($req),
        $self->conf->{casSrvMetaDataOptions}->{ $req->userData->{_casSrv} }
-          ->{casSrvMetaDataOptionsUrl}
-    );
+          ->{casSrvMetaDataOptionsUrl} );

    $self->logger->debug("Build CAS logout URL: $logout_url");

--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Issuer/CAS.pm
@ -212,7 +212,8 @@ sub run {
        $req->frame(1);

        # GET parameters
-        my $logout_url = $req->param('url');
+        my $logout_url     = $req->param('url');        # CAS 2.0
+        my $logout_service = $req->param('service');    # CAS 3.0

        # Delete linked CAS sessions
        $self->deleteCasSecondarySessions($session_id);
@ -237,6 +238,13 @@ sub run {

                return PE_CONFIRM;
            }
+
+            if ($logout_service) {
+                $self->logger->debug("User will be redirected to $logout_service");
+                $req->{urldc} = $logout_service;
+                $req->steps( [] );
+                return PE_OK;
+            }
        }
        else {
            $self->logger->info("Unknown session $session_id");
--- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t
+++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-declared-app.t
@ -129,7 +129,7 @@ ok(
    'Get iframe from IdP'
 );
 count(1);
-expectOK($res);
+expectRedirection( $res, 'http://auth.sp.com/?logout' );
 ok( getHeader( $res, 'Content-Security-Policy' ) !~ /frame-ancestors/,
    ' Frame can be embedded' )
  or explain( $res->[1],
--- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-default.t
+++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-default.t
@ -139,7 +139,7 @@ ok(
    'Get iframe from IdP'
 );
 count(1);
-expectOK($res);
+expectRedirection( $res, 'http://auth.sp.com/?logout' );
 ok( getHeader( $res, 'Content-Security-Policy' ) !~ /frame-ancestors/,
    ' Frame can be embedded' )
  or explain( $res->[1],
--- a/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-proxied.t
+++ b/lemonldap-ng-portal/t/31-Auth-and-issuer-CAS-proxied.t
@ -139,7 +139,7 @@ ok(
    'Get iframe from IdP'
 );
 count(1);
-expectOK($res);
+expectRedirection( $res, 'http://auth.sp.com/?logout' );
 ok( getHeader( $res, 'Content-Security-Policy' ) !~ /frame-ancestors/,
    ' Frame can be embedded' )
  or explain( $res->[1],