diff options
author | benjamin.dauvergne <benjamin.dauvergne@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2012-10-09 08:41:40 +0000 |
---|---|---|
committer | benjamin.dauvergne <benjamin.dauvergne@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2012-10-09 08:41:40 +0000 |
commit | 9081ebffabfbb281ad77fb365e7273f5fcab4604 (patch) | |
tree | d5c99fca7701ca6467029f3cd9628cf6863193c1 | |
parent | c9ad6f9822a38b37ef15414a20291491ec7efa98 (diff) | |
download | mod_auth_mellon-9081ebffabfbb281ad77fb365e7273f5fcab4604.tar.gz mod_auth_mellon-9081ebffabfbb281ad77fb365e7273f5fcab4604.tar.xz mod_auth_mellon-9081ebffabfbb281ad77fb365e7273f5fcab4604.zip |
Add a local logout only possibility when IdP does not support logout
Handle the case of an IdP not handling SLO as a normal situation, not an
internal error, so that the HTTP flow can get back to the ReturnURL
without interruption.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@167 a716ebb1-153a-0410-b759-cfb97c6a1b53
-rw-r--r-- | auth_mellon_handler.c | 31 |
1 files changed, 17 insertions, 14 deletions
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index 15a4275..4877aa8 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -842,32 +842,35 @@ static int am_init_logout_request(request_rec *r, LassoLogout *logout) /* Create the logout request message. */ res = lasso_logout_init_request(logout, NULL, LASSO_HTTP_METHOD_REDIRECT); - if(res == LASSO_PROFILE_ERROR_SESSION_NOT_FOUND) { - ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, - "User attempted to initiate logout without being" - " loggged in."); + /* Early non failing return. */ + if (res != 0) { + if(res == LASSO_PROFILE_ERROR_SESSION_NOT_FOUND) { + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, + "User attempted to initiate logout without being" + " loggged in."); + } else if (res == LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE || res == LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE) { + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "Current identity provider " + "does not support single logout. Destroying local session only."); - lasso_logout_destroy(logout); + } else if(res != 0) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, + "Unable to create logout request." + " Lasso error: [%i] %s", res, lasso_strerror(res)); + lasso_logout_destroy(logout); + return HTTP_INTERNAL_SERVER_ERROR; + } + lasso_logout_destroy(logout); /* Check for bad characters in ReturnTo. */ rc = am_check_url(r, return_to); if (rc != OK) { return rc; } - /* Redirect to the page the user should be sent to after logout. */ apr_table_setn(r->headers_out, "Location", return_to); return HTTP_SEE_OTHER; - } else if(res != 0) { - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "Unable to create logout request." - " Lasso error: [%i] %s", res, lasso_strerror(res)); - - lasso_logout_destroy(logout); - return HTTP_INTERNAL_SERVER_ERROR; } - profile = LASSO_PROFILE(logout); /* We need to set the SessionIndex in the LogoutRequest to the SessionIndex |