summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbenjamin.dauvergne <benjamin.dauvergne@a716ebb1-153a-0410-b759-cfb97c6a1b53>2012-10-09 08:41:40 +0000
committerbenjamin.dauvergne <benjamin.dauvergne@a716ebb1-153a-0410-b759-cfb97c6a1b53>2012-10-09 08:41:40 +0000
commit9081ebffabfbb281ad77fb365e7273f5fcab4604 (patch)
treed5c99fca7701ca6467029f3cd9628cf6863193c1
parentc9ad6f9822a38b37ef15414a20291491ec7efa98 (diff)
downloadmod_auth_mellon-9081ebffabfbb281ad77fb365e7273f5fcab4604.tar.gz
mod_auth_mellon-9081ebffabfbb281ad77fb365e7273f5fcab4604.tar.xz
mod_auth_mellon-9081ebffabfbb281ad77fb365e7273f5fcab4604.zip
Add a local logout only possibility when IdP does not support logout
Handle the case of an IdP not handling SLO as a normal situation, not an internal error, so that the HTTP flow can get back to the ReturnURL without interruption. git-svn-id: https://modmellon.googlecode.com/svn/trunk@167 a716ebb1-153a-0410-b759-cfb97c6a1b53
-rw-r--r--auth_mellon_handler.c31
1 files changed, 17 insertions, 14 deletions
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c
index 15a4275..4877aa8 100644
--- a/auth_mellon_handler.c
+++ b/auth_mellon_handler.c
@@ -842,32 +842,35 @@ static int am_init_logout_request(request_rec *r, LassoLogout *logout)
/* Create the logout request message. */
res = lasso_logout_init_request(logout, NULL, LASSO_HTTP_METHOD_REDIRECT);
- if(res == LASSO_PROFILE_ERROR_SESSION_NOT_FOUND) {
- ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
- "User attempted to initiate logout without being"
- " loggged in.");
+ /* Early non failing return. */
+ if (res != 0) {
+ if(res == LASSO_PROFILE_ERROR_SESSION_NOT_FOUND) {
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r,
+ "User attempted to initiate logout without being"
+ " loggged in.");
+ } else if (res == LASSO_LOGOUT_ERROR_UNSUPPORTED_PROFILE || res == LASSO_PROFILE_ERROR_UNSUPPORTED_PROFILE) {
+ ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, "Current identity provider "
+ "does not support single logout. Destroying local session only.");
- lasso_logout_destroy(logout);
+ } else if(res != 0) {
+ ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
+ "Unable to create logout request."
+ " Lasso error: [%i] %s", res, lasso_strerror(res));
+ lasso_logout_destroy(logout);
+ return HTTP_INTERNAL_SERVER_ERROR;
+ }
+ lasso_logout_destroy(logout);
/* Check for bad characters in ReturnTo. */
rc = am_check_url(r, return_to);
if (rc != OK) {
return rc;
}
-
/* Redirect to the page the user should be sent to after logout. */
apr_table_setn(r->headers_out, "Location", return_to);
return HTTP_SEE_OTHER;
- } else if(res != 0) {
- ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
- "Unable to create logout request."
- " Lasso error: [%i] %s", res, lasso_strerror(res));
-
- lasso_logout_destroy(logout);
- return HTTP_INTERNAL_SERVER_ERROR;
}
-
profile = LASSO_PROFILE(logout);
/* We need to set the SessionIndex in the LogoutRequest to the SessionIndex