From d44a042fd597aa7894f2d05d9ea4aeda6e796ea6 Mon Sep 17 00:00:00 2001 From: Maxime Besson Date: Tue, 2 Apr 2019 22:38:24 +0200 Subject: [PATCH] Revert 8f5fbb077e and change the way logout errors are handled Relating to issue #1668, the proposed fix works when there is only one service provider to logout of. Now that multiple service provider logout is starting to work again on 2.0, we cannot read the remote_ProviderID from the logout object because it is only filled by lasso when actually building the response. Instead, we ignore any error that could occur when building the response, log a warning and show the portal instead. Still better than an internal server error. --- .../lib/Lemonldap/NG/Portal/Lib/SAML.pm | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm index e27040120..2260cd402 100644 --- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm +++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm @@ -2385,21 +2385,12 @@ sub samldate2timestamp { sub sendLogoutResponseToServiceProvider { my ( $self, $req, $logout, $method ) = @_; - my $httpmethod = $self->getFirstHttpMethod( - $self->lassoServer, - $logout->remote_providerID, - Lasso::Constants::MD_PROTOCOL_TYPE_SINGLE_LOGOUT - ); - if ( $httpmethod == Lasso::Constants::HTTP_METHOD_NONE ) { - $self->logger->warn( "Provider " - . $logout->remote_providerID - . " has no SingleLogoutService in metadata, staying on portal" ); - return $self->p->do( $req, [] ); - } - # Logout response unless ( $self->buildLogoutResponseMsg($logout) ) { - return $self->p->sendError( $req, "Unable to build SLO response", 500 ); + $self->logger->warn( "Could not build a logout response for provider " + . $logout->remote_providerID + . ", staying on portal" ); + return $self->p->do( $req, [] ); } # Send response depending on request method