Allow setting of "retrieveParametersFromServer"

Some SAML servers require this type of decoding, otherwise the SLO request fails. Ideally the library would perform both verifications (https://github.com/onelogin/php-saml/issues/466), but it seems upstream doesn't want to perform this change. Until we have considered a better solution for this, this adds a new checkbox that one can configure. Ref https://github.com/nextcloud/user_saml/issues/403 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
author: Lukas Reschke <lukas@statuscode.ch> 2021-05-04 18:28:58 +0300
committer: Lukas Reschke <lukas@statuscode.ch> 2021-05-04 18:28:58 +0300
commit: 8afcb434dcfcc88ac2d3317aa686c7c21d52ffff (patch)
tree: 4e89ad6994a35069290e25c41c30bf3176cf363a /lib/Controller
parent: 6f51a9223d27ea7288b9efbddbc5043d8ac51907 (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/lib/Controller/SAMLController.php b/lib/Controller/SAMLController.php
index 61c4cc5b..dc8b5b80 100644
--- a/lib/Controller/SAMLController.php
+++ b/lib/Controller/SAMLController.php
@@ -418,8 +418,14 @@ class SAMLController extends Controller {
 			$stay = true ; // $auth will return the redirect URL but won't perform the redirect himself
 			if ($isFromIDP) {
 				$keepLocalSession = true ; // do not let processSLO to delete the entire session. Let userSession->logout do the job
-				$targetUrl = $auth->processSLO($keepLocalSession, null, false, null, $stay);
-				
+				$targetUrl = $auth->processSLO(
+					$this->SAMLSettings->usesSloWebServerDecode(),
+					null,
+					false,
+					null,
+					$stay
+				);
+
 				$errors = $auth->getErrors();
 				if (!empty($errors)) {
 					foreach($errors as $error) {
author	Lukas Reschke <lukas@statuscode.ch>	2021-05-04 18:28:58 +0300
committer	Lukas Reschke <lukas@statuscode.ch>	2021-05-04 18:28:58 +0300
commit	8afcb434dcfcc88ac2d3317aa686c7c21d52ffff (patch)
tree	4e89ad6994a35069290e25c41c30bf3176cf363a /lib/Controller
parent	6f51a9223d27ea7288b9efbddbc5043d8ac51907 (diff)