mirror of
https://github.com/netzbegruenung/user_saml.git
synced 2024-05-03 09:33:46 +02:00
Allow setting of "retrieveParametersFromServer"
Some SAML servers require this type of decoding, otherwise the SLO request fails. Ideally the library would perform both verifications (https://github.com/onelogin/php-saml/issues/466), but it seems upstream doesn't want to perform this change. Until we have considered a better solution for this, this adds a new checkbox that one can configure. Ref https://github.com/nextcloud/user_saml/issues/403 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This commit is contained in:
parent
6f51a9223d
commit
8afcb434dc
|
@ -418,8 +418,14 @@ class SAMLController extends Controller {
|
||||||
$stay = true ; // $auth will return the redirect URL but won't perform the redirect himself
|
$stay = true ; // $auth will return the redirect URL but won't perform the redirect himself
|
||||||
if ($isFromIDP) {
|
if ($isFromIDP) {
|
||||||
$keepLocalSession = true ; // do not let processSLO to delete the entire session. Let userSession->logout do the job
|
$keepLocalSession = true ; // do not let processSLO to delete the entire session. Let userSession->logout do the job
|
||||||
$targetUrl = $auth->processSLO($keepLocalSession, null, false, null, $stay);
|
$targetUrl = $auth->processSLO(
|
||||||
|
$this->SAMLSettings->usesSloWebServerDecode(),
|
||||||
|
null,
|
||||||
|
false,
|
||||||
|
null,
|
||||||
|
$stay
|
||||||
|
);
|
||||||
|
|
||||||
$errors = $auth->getErrors();
|
$errors = $auth->getErrors();
|
||||||
if (!empty($errors)) {
|
if (!empty($errors)) {
|
||||||
foreach($errors as $error) {
|
foreach($errors as $error) {
|
||||||
|
|
|
@ -88,6 +88,10 @@ class SAMLSettings {
|
||||||
return ($setting === '1' && $type === 'saml');
|
return ($setting === '1' && $type === 'saml');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function usesSloWebServerDecode() : bool {
|
||||||
|
return $this->config->getAppValue('user_saml', 'security-sloWebServerDecode', '0') === '1';
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* get config for given IDP
|
* get config for given IDP
|
||||||
*
|
*
|
||||||
|
|
|
@ -90,7 +90,8 @@ class Admin implements ISettings {
|
||||||
'signatureAlgorithm' => [
|
'signatureAlgorithm' => [
|
||||||
'type' => 'line',
|
'type' => 'line',
|
||||||
'text' => $this->l10n->t('Algorithm that the toolkit will use on signing process.')
|
'text' => $this->l10n->t('Algorithm that the toolkit will use on signing process.')
|
||||||
]
|
],
|
||||||
|
'sloWebServerDecode' => $this->l10n->t('Retrieve query parameters from $_SERVER. Some SAML servers require this on SLO requests.'),
|
||||||
];
|
];
|
||||||
$generalSettings = [
|
$generalSettings = [
|
||||||
'uid_mapping' => [
|
'uid_mapping' => [
|
||||||
|
|
Loading…
Reference in a new issue