mirror of
https://github.com/netzbegruenung/user_saml.git
synced 2024-05-03 09:33:46 +02:00
Merge pull request #340 from fri-sch/issue_161_and_82
Handle SLO logout requests from IdP via POST
This commit is contained in:
commit
858316d6c0
|
@ -48,6 +48,12 @@ return [
|
|||
'url' => '/saml/sls',
|
||||
'verb' => 'GET',
|
||||
],
|
||||
[
|
||||
'name' => 'SAML#singleLogoutService',
|
||||
'url' => '/saml/sls',
|
||||
'verb' => 'POST',
|
||||
'postfix' => 'slspost',
|
||||
],
|
||||
[
|
||||
'name' => 'SAML#notProvisioned',
|
||||
'url' => '/saml/notProvisioned',
|
||||
|
|
|
@ -319,6 +319,13 @@ class SAMLController extends Controller {
|
|||
public function singleLogoutService() {
|
||||
$isFromGS = ($this->config->getSystemValue('gs.enabled', false) &&
|
||||
$this->config->getSystemValue('gss.mode', '') === 'master');
|
||||
|
||||
// Some IDPs send the SLO request via POST, but OneLogin php-saml only handles GET.
|
||||
// To hack around this issue we copy the request from _POST to _GET.
|
||||
if(!empty($_POST['SAMLRequest'])) {
|
||||
$_GET['SAMLRequest'] = $_POST['SAMLRequest'];
|
||||
}
|
||||
|
||||
$isFromIDP = !$isFromGS && !empty($_GET['SAMLRequest']);
|
||||
|
||||
if($isFromIDP) {
|
||||
|
|
|
@ -54,6 +54,12 @@ class Test extends TestCase {
|
|||
'url' => '/saml/sls',
|
||||
'verb' => 'GET',
|
||||
],
|
||||
[
|
||||
'name' => 'SAML#singleLogoutService',
|
||||
'url' => '/saml/sls',
|
||||
'verb' => 'POST',
|
||||
'postfix' => 'slspost',
|
||||
],
|
||||
[
|
||||
'name' => 'SAML#notProvisioned',
|
||||
'url' => '/saml/notProvisioned',
|
||||
|
|
Loading…
Reference in a new issue