diff options
| author | Sigmund Augdal <sigmund.augdal@uninett.no> | 2013-06-14 20:43:46 +0400 |
|---|---|---|
| committer | Sigmund Augdal <sigmund.augdal@uninett.no> | 2013-06-14 20:43:46 +0400 |
| commit | 78c3c356e3868c4318c46535d780d8a114d76f2e (patch) | |
| tree | f6ceac7fdb2d56935ff16de37ec25cf7c6ae1407 /user_saml | |
| parent | 5aa911c916bb01c5e0861c9e823ff944469ccf5a (diff) | |
Fixed support for IdP initiated logout
Works by saving whether a user has been logged in using saml in a
cookie and later on checking if this cookie is set but simplesamlphp
reports the user as unauthenticated. If this is the case trigger a
logout. Due to a design limitation in owncloud this check is performed
in the constructor of the saml user backend which is called for every
request.
Diffstat (limited to 'user_saml')
| -rw-r--r-- | user_saml/user_saml.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/user_saml/user_saml.php b/user_saml/user_saml.php index b014ec9ab..c52619747 100644 --- a/user_saml/user_saml.php +++ b/user_saml/user_saml.php @@ -51,6 +51,12 @@ class OC_USER_SAML extends OC_User_Backend { include_once $this->sspPath."/lib/_autoload.php"; $this->auth = new SimpleSAML_Auth_Simple($this->spSource); + + if (isset($_COOKIE["user_saml_logged_in"]) AND $_COOKIE["user_saml_logged_in"] AND !$this->auth->isAuthenticated()) { + unset($_COOKIE["user_saml_logged_in"]); + setcookie("user_saml_logged_in", null, -1); + OCP\User::logout(); + } } } @@ -71,6 +77,10 @@ class OC_USER_SAML extends OC_User_Backend { OC_Log::write('saml','Not found attribute used to get the username ("'.$this->usernameMapping.'") at the requested saml attribute assertion',OC_Log::DEBUG); } + $secure_cookie = OC_Config::getValue("forcessl", false); + $expires = time() + OC_Config::getValue('remember_login_cookie_lifetime', 60*60*24*15); + setcookie("user_saml_logged_in", "1", $expires, '', '', $secure_cookie); + return $uid; } } |