searchOn* does not work when a portal uses REST session backend
Concerned version
Version: %2.0.0
Platform: Nginx, CentOS, REST session backend
Summary
- Set up two LLNG portals, one using the other as a REST session backend
- Enable CAS issuer on the "external" node (the one using LemonLDAP::NG::Common::Apache::Session::REST as a session backend)
- Don't forget to make them have the same "key" in config
- Log in => it works
- Log out => internal server error
Logs
...
Launching ::Issuer::CAS::logout
Not implemented at /usr/share/perl5/vendor_perl/Lemonldap/NG/Common/Apache/Session/REST.pm line 268
The CAS logout processes tries to deleteCasSecondarySessions (service tickets and proxy tickets) which in turn calls searchOn (REST backend doesn't have it), which in turns calls the following code from Common/Apache/Session/REST.pm:
## @method get_key_from_all_sessions()
# Not documented.
sub get_key_from_all_sessions() {
die "Not implemented";
I have not tested with SAML, but I suspect it will die at exactly the same place for the same reason
Possible fixes
We should probably extend the REST portal session server to provide /searchon (and /gkfas ?) endpoints, and make Common::Apache::Session::REST aware of them, if we want to support configurations in which one portal uses the other as a backend.
Some of our users who are using LLNG as mainly a CAS/SAML/OIDC issuer have a need for an "external" portal in a DMZ with no direct access to the session database.