diff options
Diffstat (limited to 'ipsilon/providers/saml2/sessions.py')
-rw-r--r-- | ipsilon/providers/saml2/sessions.py | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/ipsilon/providers/saml2/sessions.py b/ipsilon/providers/saml2/sessions.py index 50b9a14..fb1f646 100644 --- a/ipsilon/providers/saml2/sessions.py +++ b/ipsilon/providers/saml2/sessions.py @@ -26,6 +26,13 @@ class SAMLSession(Log): provider_id - ID of the SP session - the Login session object logoutstate - dict containing logout state info + session_indexes - the IDs of any login session we've seen + for this user + + When a new session is seen for the same user any existing session + is thrown away. We keep the original session_id though and send + all that we've seen to the SP when performing a logout to ensure + that all sessions get logged out. logout state is a dictionary containing (potentially) these attributes: @@ -41,6 +48,7 @@ class SAMLSession(Log): self.provider_id = provider_id self.session = session self.logoutstate = logoutstate + self.session_indexes = [session_id] def set_logoutstate(self, relaystate, request_id, request=None): self.logoutstate = dict(relaystate=relaystate, @@ -49,6 +57,7 @@ class SAMLSession(Log): def dump(self): self.debug('session_id %s' % self.session_id) + self.debug('session_index %s' % self.session_indexes) self.debug('provider_id %s' % self.provider_id) self.debug('session %s' % self.session) self.debug('logoutstate %s' % self.logoutstate) @@ -80,10 +89,19 @@ class SAMLSessionsContainer(Log): Drop any existing sessions that might exist for this provider. We have no control over the SP's so if it sends us another login, accept it. + + If an existing session exists drop it but keep a copy of + its session index. When we logout we send ALL session indexes + we've received to ensure that they are all logged out. """ samlsession = SAMLSession(session_id, provider_id, session) - self.remove_session_by_provider(provider_id) + old_session = self.find_session_by_provider(provider_id) + if old_session is not None: + samlsession.session_indexes.extend(old_session.session_indexes) + self.debug("old session: %s" % old_session.session_indexes) + self.debug("new session: %s" % samlsession.session_indexes) + self.remove_session_by_provider(provider_id) self.sessions[provider_id] = samlsession self.dump() |