Commit 174026f4 authored by Clément OUDOT's avatar Clément OUDOT
Browse files

SAML: validate SLO request before building other SP SLO request (#111)

parent aa190c7f
......@@ -329,14 +329,16 @@ sub issuerForUnAuthUser {
$self->returnSOAPMessage();
}
# Validate request if no previous error
unless ( $self->validateLogoutRequest($logout) ) {
$self->lmLog( "SLO request is not valid", 'error' );
$self->returnSOAPMessage();
}
# Try to send SLO request trough SOAP
my $logout_dump = $logout->dump;
$self->resetProviderIdIndex($logout);
while ( my $providerID = $self->getNextProviderId($logout) ) {
# Do not process logout on SP that initiate the logout request
next if ( $sp =~ /^$providerID$/ );
# Send logout request
my ( $rstatus, $rmethod, $rinfo ) =
$self->sendLogoutRequestToServiceProvider( $logout,
......@@ -351,21 +353,6 @@ sub issuerForUnAuthUser {
}
}
# Rebuild Lasso::Logout object. All data have already been checked.
$logout = $self->createLogout( $server, $logout_dump );
if ($session) {
$self->setSessionFromDump( $logout, $session );
}
if ($identity) {
$self->setIdentityFromDump( $logout, $identity );
}
# Validate request if no previous error
unless ( $self->validateLogoutRequest($logout) ) {
$self->lmLog( "SLO request is not valid", 'error' );
$self->returnSOAPMessage();
}
# Set RelayState
if ($relaystate) {
$logout->msg_relayState($relaystate);
......@@ -1664,36 +1651,26 @@ sub issuerForAuthUser {
return PE_ERROR
unless ( $self->checkDestination( $logout->request, $url ) );
# Get session index
my $session_index;
eval { $session_index = $logout->request()->SessionIndex; };
# Proceed to logout on all others SP
my $logout_dump = $logout->dump;
my $provider_nb =
$self->sendLogoutRequestToServiceProviders($logout);
# Rebuild Lasso::Logout object. All data have already been checked.
$logout = $self->createLogout( $server, $logout_dump );
if ($session) {
$self->setSessionFromDump( $logout, $session );
}
if ($identity) {
$self->setIdentityFromDump( $logout, $identity );
}
# Validate request if no previous error
unless ( $self->validateLogoutRequest($logout) ) {
$self->lmLog( "SLO request is not valid", 'error' );
return PE_ERROR;
}
# Prepare logout on all others SP
my $provider_nb =
$self->sendLogoutRequestToServiceProviders($logout);
# Set RelayState
if ($relaystate) {
$logout->msg_relayState($relaystate);
$self->lmLog( "Set $relaystate in RelayState", 'debug' );
}
# Get session index
my $session_index;
eval { $session_index = $logout->request()->SessionIndex; };
# SLO requests without session index are not accepted
if ( $@ or !defined $session_index ) {
$self->lmLog(
......
......@@ -2464,9 +2464,6 @@ sub sendLogoutRequestToServiceProviders {
my $providersCount = 0;
my $info = '';
# Get EntityID
my $entityID = $logout->remote_providerID();
# Reset providerID into Lasso::Logout object
$self->resetProviderIdIndex($logout);
......@@ -2488,9 +2485,6 @@ sub sendLogoutRequestToServiceProviders {
# appropriate logout request (HTTP,POST,SOAP).
while ( my $providerID = $self->getNextProviderId($logout) ) {
# Do not process logout on SP that initiate the logout request
next if ( $entityID && $entityID =~ /^$providerID$/ );
# Send logout request
my ( $rstatus, $rmethod, $rinfo ) =
$self->sendLogoutRequestToServiceProvider( $logout, $providerID,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment