NB-Public/user_saml
14
0
Fork 0
mirror of https://github.com/netzbegruenung/user_saml.git synced 2024-05-03 09:33:46 +02:00
Code Issues Projects Releases Wiki Activity

Merge pull request #340 from fri-sch/issue_161_and_82

Browse source 
Handle SLO logout requests from IdP via POST
This commit is contained in:
Roeland Jago Douma 2019-06-24 16:52:32 +02:00 committed by GitHub
parent e5e2cf5390 413c7a9239
commit 858316d6c0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
appinfo/routes.php
View file

@ -48,6 +48,12 @@ return [
'url' => '/saml/sls',
'verb' => 'GET',
],
[
'name' => 'SAML#singleLogoutService',
'url' => '/saml/sls',
'verb' => 'POST',
'postfix' => 'slspost',
],
[
'name' => 'SAML#notProvisioned',
'url' => '/saml/notProvisioned',

7
lib/Controller/SAMLController.php
View file

@ -319,6 +319,13 @@ class SAMLController extends Controller {
public function singleLogoutService() {
$isFromGS = ($this->config->getSystemValue('gs.enabled', false) &&
$this->config->getSystemValue('gss.mode', '') === 'master');
// Some IDPs send the SLO request via POST, but OneLogin php-saml only handles GET.
// To hack around this issue we copy the request from _POST to _GET.
if(!empty($_POST['SAMLRequest'])) {
$_GET['SAMLRequest'] = $_POST['SAMLRequest'];
}
$isFromIDP = !$isFromGS && !empty($_GET['SAMLRequest']);
if($isFromIDP) {

6
tests/unit/AppInfo/RoutesTest.php
View file

@ -54,6 +54,12 @@ class Test extends TestCase {
'url' => '/saml/sls',
'verb' => 'GET',
],
[
'name' => 'SAML#singleLogoutService',
'url' => '/saml/sls',
'verb' => 'POST',
'postfix' => 'slspost',
],
[
'name' => 'SAML#notProvisioned',
'url' => '/saml/notProvisioned',