Skip to content

Commit

Permalink
Allow setting of "retrieveParametersFromServer"
Browse files Browse the repository at this point in the history
Some SAML servers require this type of decoding, otherwise the SLO request fails. Ideally the library would perform both verifications (SAML-Toolkits/php-saml#466), but it seems upstream doesn't want to perform this change.

Until we have considered a better solution for this, this adds a new checkbox that one can configure.

Ref #403

Signed-off-by: Lukas Reschke <[email protected]>
  • Loading branch information
LukasReschke committed May 5, 2021
1 parent f889399 commit 0bb4bcf
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 2 deletions.
8 changes: 7 additions & 1 deletion lib/Controller/SAMLController.php
Original file line number Diff line number Diff line change
Expand Up @@ -418,7 +418,13 @@ public function singleLogoutService() {
$stay = true ; // $auth will return the redirect URL but won't perform the redirect himself
if($isFromIDP){
$keepLocalSession = true ; // do not let processSLO to delete the entire session. Let userSession->logout do the job
$targetUrl = $auth->processSLO($keepLocalSession, null, false, null, $stay);
$targetUrl = $auth->processSLO(
$this->SAMLSettings->usesSloWebServerDecode(),
null,
false,
null,
$stay
);
} else {
// If request is not from IDP, we must send him the logout request
$parameters = array();
Expand Down
4 changes: 4 additions & 0 deletions lib/SAMLSettings.php
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,10 @@ public function allowMultipleUserBackEnds() {
return ($setting === '1' && $type === 'saml');
}

public function usesSloWebServerDecode() : bool {
return $this->config->getAppValue('user_saml', 'security-sloWebServerDecode', '0') === '1';
}

/**
* get config for given IDP
*
Expand Down
3 changes: 2 additions & 1 deletion lib/Settings/Admin.php
Original file line number Diff line number Diff line change
Expand Up @@ -90,7 +90,8 @@ public function getForm() {
'signatureAlgorithm' => [
'type' => 'line',
'text' => $this->l10n->t('Algorithm that the toolkit will use on signing process.')
]
],
'sloWebServerDecode' => $this->l10n->t('Retrieve query parameters from $_SERVER. Some SAML servers require this on SLO requests.'),
];
$generalSettings = [
'uid_mapping' => [
Expand Down

0 comments on commit 0bb4bcf

Please sign in to comment.