diff options
| author | Frieder Schrempf <frieder.schrempf@online.de> | 2019-06-08 20:13:00 +0300 |
|---|---|---|
| committer | Frieder Schrempf <frieder.schrempf@online.de> | 2019-06-17 19:56:55 +0300 |
| commit | 413c7a92390c27100f0abf1641562b27485dea1b (patch) | |
| tree | 8a5905931e9f665b1df7a64127dd6ade38e7f616 /lib/Controller | |
| parent | 3f64725f268e6e6f7ca2c6a74d9fb4897b613386 (diff) | |
Handle SLO logout requests from IdP via POST
Some IdPs send their SLO logout requests via POST. To handle
them we need to add an entry in the routing table.
Further, we need to hack around the issue, that php-saml only
handles GET by copying the request from $_POST to $_GET.
This solves #82.
Signed-off-by: Frieder Schrempf <frieder.schrempf@online.de>
Diffstat (limited to 'lib/Controller')
| -rw-r--r-- | lib/Controller/SAMLController.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/lib/Controller/SAMLController.php b/lib/Controller/SAMLController.php index 50bec666..e2898409 100644 --- a/lib/Controller/SAMLController.php +++ b/lib/Controller/SAMLController.php @@ -319,6 +319,13 @@ class SAMLController extends Controller { public function singleLogoutService() { $isFromGS = ($this->config->getSystemValue('gs.enabled', false) && $this->config->getSystemValue('gss.mode', '') === 'master'); + + // Some IDPs send the SLO request via POST, but OneLogin php-saml only handles GET. + // To hack around this issue we copy the request from _POST to _GET. + if(!empty($_POST['SAMLRequest'])) { + $_GET['SAMLRequest'] = $_POST['SAMLRequest']; + } + $isFromIDP = !$isFromGS && !empty($_GET['SAMLRequest']); if($isFromIDP) { |