diff options
author | olavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2007-09-28 14:08:09 +0000 |
---|---|---|
committer | olavmrk <olavmrk@a716ebb1-153a-0410-b759-cfb97c6a1b53> | 2007-09-28 14:08:09 +0000 |
commit | 56c198ec6e23d738582fa867f4a67166bc8c2251 (patch) | |
tree | d2ef7c6fec42ae2641f8e761d47c97eb279a35de /auth_mellon_handler.c | |
parent | 3c088e2124d61d7266da24553da975324e87c94f (diff) | |
download | mod_auth_mellon-56c198ec6e23d738582fa867f4a67166bc8c2251.tar.gz mod_auth_mellon-56c198ec6e23d738582fa867f4a67166bc8c2251.tar.xz mod_auth_mellon-56c198ec6e23d738582fa867f4a67166bc8c2251.zip |
Added RedirectTo parameter to logout response.
git-svn-id: https://modmellon.googlecode.com/svn/trunk@13 a716ebb1-153a-0410-b759-cfb97c6a1b53
Diffstat (limited to 'auth_mellon_handler.c')
-rw-r--r-- | auth_mellon_handler.c | 47 |
1 files changed, 43 insertions, 4 deletions
diff --git a/auth_mellon_handler.c b/auth_mellon_handler.c index a551344..89ff420 100644 --- a/auth_mellon_handler.c +++ b/auth_mellon_handler.c @@ -294,7 +294,9 @@ static int am_handle_logout_request(request_rec *r, LassoLogout *logout) static int am_handle_logout_response(request_rec *r, LassoLogout *logout) { gint res; + int rc; am_cache_entry_t *session; + char *return_to; res = lasso_logout_process_response_msg(logout, r->args); if(res != 0) { @@ -314,8 +316,23 @@ static int am_handle_logout_response(request_rec *r, LassoLogout *logout) am_delete_request_session(r, session); } - /* TODO: Customizable logout location. */ - apr_table_setn(r->headers_out, "Location", "/"); + return_to = am_extract_query_parameter(r->pool, r->args, "RelayState"); + if(return_to != NULL) { + rc = am_urldecode(return_to); + if(rc != OK) { + ap_log_rerror(APLOG_MARK, APLOG_ERR, rc, r, + "Could not urldecode RelayState value in logout" + " response."); + return HTTP_BAD_REQUEST; + } + } else { + /* No RelayState in - redirect to default location. */ + + /* TODO: Customizable default logout location. */ + return_to = "/"; + } + + apr_table_setn(r->headers_out, "Location", return_to); return HTTP_SEE_OTHER; } @@ -332,6 +349,7 @@ static int am_handle_logout_response(request_rec *r, LassoLogout *logout) */ static int am_init_logout_request(request_rec *r, LassoLogout *logout) { + char *return_to; gint res; char *redirect_to; LassoProfile *profile; @@ -341,6 +359,8 @@ static int am_init_logout_request(request_rec *r, LassoLogout *logout) LassoSaml2AuthnStatement *authnStatement; LassoSamlp2LogoutRequest *request; + return_to = am_extract_query_parameter(r->pool, r->args, "ReturnTo"); + /* Create the logout request message. */ res = lasso_logout_init_request(logout, NULL, LASSO_HTTP_METHOD_REDIRECT); if(res == LASSO_PROFILE_ERROR_SESSION_NOT_FOUND) { @@ -397,6 +417,12 @@ static int am_init_logout_request(request_rec *r, LassoLogout *logout) request->SessionIndex = g_strdup(authnStatement->SessionIndex); } + + /* Set the RelayState parameter to the return url (if we have one). */ + if(return_to) { + profile->msg_relayState = g_strdup(return_to); + } + /* Serialize the request message into a url which we can redirect to. */ res = lasso_logout_build_request_msg(logout); if(res != 0) { @@ -410,8 +436,21 @@ static int am_init_logout_request(request_rec *r, LassoLogout *logout) /* Set the redirect url. */ redirect_to = apr_pstrdup(r->pool, LASSO_PROFILE(logout)->msg_url); - ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, - "Redirect to: %s", redirect_to); + + /* Check if the lasso library added the RelayState. If lasso didn't add + * a RelayState parameter, then we add one ourself. This should hopefully + * be removed in the future. + */ + if(strstr(redirect_to, "&RelayState=") == NULL + && strstr(redirect_to, "?RelayState=") == NULL) { + /* The url didn't contain the relaystate parameter. */ + redirect_to = apr_pstrcat( + r->pool, redirect_to, "&RelayState=", + am_urlencode(r->pool, return_to), + NULL + ); + } + apr_table_setn(r->headers_out, "Location", redirect_to); lasso_logout_destroy(logout); |