Commit 22380759 authored by Clément OUDOT's avatar Clément OUDOT
Browse files

SAML: SP SLO validate request

parent bd2c92f2
......@@ -468,6 +468,8 @@ sub extractFormInfo {
$session_dump = $sessionInfo->{_lassoSessionDump}
if $sessionInfo->{_lassoSessionDump};
# TODO test SessionIndex to be sure to select the correct session
# Delete Session
$self->lmLog(
"Delete session $local_session for user $user",
......@@ -480,6 +482,12 @@ sub extractFormInfo {
# Set session from dump
$self->setSessionFromDump( $logout, $session_dump );
# Validate request
unless ( $self->validateLogoutRequest($logout) ) {
$self->lmLog( "SLO request is not valid", 'error' );
$logout_error = 1;
}
}
else {
......@@ -487,13 +495,12 @@ sub extractFormInfo {
$self->lmLog( "No local session found for user $user",
'debug' );
# TODO
$logout_error = 1;
}
#
# Logout response
# TODO
}
else {
......
......@@ -18,6 +18,7 @@ our @EXPORT = qw(
getAssertion getAttributeValue validateConditions
createLogoutRequest createLogout initLogoutRequest buildLogoutRequestMsg
setSessionFromDump getMetaDataURL processLogoutResponseMsg processLogoutRequestMsg
validateLogoutRequest
);
our $VERSION = '0.01';
......@@ -674,6 +675,18 @@ sub processLogoutRequestMsg {
return $self->checkLassoError($@);
}
## @method boolean validateLogoutRequest(Lasso::Logout logout)
# Validate logout request
# @param logout Lasso::Logout object
# @return result
sub validateLogoutRequest {
my ( $self, $logout ) = splice @_;
eval { Lasso::Logout::validate_request($logout); };
return $self->checkLassoError($@);
}
1;
__END__
......@@ -808,6 +821,10 @@ Process logout response message
Process logout request message
=head2 validateLogoutRequest
Validate logout request
=head1 SEE ALSO
L<Lemonldap::NG::Portal::AuthSAML>, L<Lemonldap::NG::Portal::UserDBSAML>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment