mirror of
https://github.com/netzbegruenung/user_saml.git
synced 2024-05-02 09:14:50 +02:00
Redirect to /
if CSRF check does not pass
Some IDPs redirect to the SLS page after pressing the logout link. While this is a questionable behaviour it is unlikely we can change that, so let's work around this by forcing a proper redirect. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
parent
45e52c97c3
commit
082ae7ffd7
|
@ -250,15 +250,24 @@ class SAMLController extends Controller {
|
|||
|
||||
/**
|
||||
* @NoAdminRequired
|
||||
* @NoCSRFRequired
|
||||
*
|
||||
* @return Http\RedirectResponse
|
||||
*/
|
||||
public function singleLogoutService() {
|
||||
$auth = new \OneLogin_Saml2_Auth($this->SAMLSettings->getOneLoginSettingsArray());
|
||||
$returnTo = null;
|
||||
$parameters = array();
|
||||
$nameId = $this->session->get('user_saml.samlNameId');
|
||||
$sessionIndex = $this->session->get('user_saml.samlSessionIndex');
|
||||
$this->userSession->logout();
|
||||
$auth->logout($returnTo, $parameters, $nameId, $sessionIndex);
|
||||
if($this->request->passesCSRFCheck()) {
|
||||
$auth = new \OneLogin_Saml2_Auth($this->SAMLSettings->getOneLoginSettingsArray());
|
||||
$returnTo = null;
|
||||
$parameters = array();
|
||||
$nameId = $this->session->get('user_saml.samlNameId');
|
||||
$sessionIndex = $this->session->get('user_saml.samlSessionIndex');
|
||||
$this->userSession->logout();
|
||||
$targetUrl = $auth->logout($returnTo, $parameters, $nameId, $sessionIndex, true);
|
||||
} else {
|
||||
$targetUrl = $this->urlGenerator->getAbsoluteURL('/');
|
||||
}
|
||||
|
||||
return new Http\RedirectResponse($targetUrl);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in a new issue